Gen.Variant.Strictor.114492_730b319636

by malwarelabrobot on February 5th, 2017 in Malware Descriptions.

Gen:Variant.Strictor.114492 (B) (Emsisoft), Gen:Variant.Strictor.114492 (AdAware), Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Trojan


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 730b3196366aeda9356dc19f9a3c608d
SHA1: c08ec8f7dbfa0767747c9874d27f94d74801cb67
SHA256: 844def308a2060bccf858e3c3aa5f0c5fea2ba29bdca94131cdef9be751344d8
SSDeep: 49152:ptib6XRnWPi7oO8xgvf4eLFmWssJUFucRdOaH/XYR:ptiiWiN8ysrsJxkwaHAR
Size: 2165691 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2011-09-26 16:21:33
Analyzed on: Windows7 SP1 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

Baidu.exe:2596
Baidu.exe:1640
Baidu.exe:2876
Baidu.exe:2592
Baidu.exe:1772
Baidu.exe:2548
Baidu.exe:3604
Baidu.exe:3820
Baidu.exe:1916
brp.exe:2276
Baidu_Setup_3.1.200.2978_ftn_1050123723.exe:2544
BaiduUpdate.exe:940

The Trojan injects its code into the following process(es):

%original file name%.exe:1904
Baidu.exe:2160
BaiduRenderClient.exe:2828
BaiduRenderClient.exe:3112

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:1904 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\Baidu_Setup_3.1.200.2978_ftn_1050123723[1].exe (2206750 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshA2C4.tmp (75405 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\2.ico (5520 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Baidu_Setup_3.1.200.2978_ftn_1050123723.exe (1974641 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshA2C5.tmp\System.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\FEP54WXI.txt (111 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshA2C5.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssA2B4.tmp (0 bytes)

The process Baidu.exe:2596 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\CommonWorker.dll (61 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\bdlog.dll (40 bytes)

The process Baidu.exe:2876 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Hermes.dll (159 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Heartbeat.dll (221 bytes)

The process Baidu.exe:2592 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\百度\百度.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\百度.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\百度\卸载百度.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\Desktop\百度.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\百度.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\uninst.exe (221 bytes)

The process Baidu.exe:2548 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduReport.dll (376 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Utils.dll (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Report.dll (118 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\msvcr100.dll (774 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\msvcp100.dll (421 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Base.dll (806 bytes)

The process Baidu.exe:3820 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\complete.txt (248 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\icudtl.dat (780 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\chrome_100_percent.pak (963 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\locales\en-US.pak (214 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin_pack\4f03c9f6263fa20679b486a9424243c8.7z.bdl (192392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin_pack\InstallingPlugins.xml (243 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\PepperFlash\pepflashplayer.dll (2721 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\resources.pak (2721 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\LocalPluginInfo.xml (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\libexif.dll (309 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin_pack\UninstalledPlugins.xml (261 bytes)
C:\ProgramData\Baidu\Desktop\Global.db (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\chrome_200_percent.pak (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\libGLESv2.dll (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\d3dcompiler_47.dll (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\complete_check_list.pb (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\chromecore.dll (7427 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\PepperFlash\manifest.json (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\locales\zh-CN.pak (213 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\libEGL.dll (80 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\manifest.json (749 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin_pack\PackCache.xml (239 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\completelist.txt (263 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\PluginSetup.xml (762 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin_pack\InstallingPlugins.xml (0 bytes)

The process Baidu.exe:2160 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\chrome_100_percent.pak (7345 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_ipc.dll (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_message.dll (409 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\searchbar_in_tips\searchbar_in_tips.pb (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\icudtl.dat (76782 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_common.dll (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\settings\custom_setting.db (2334 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\complete.txt (248 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_common.dll (663 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\pb\103.pb (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\resources.pak (131213 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\Upd.dat (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\UIFrame.dll (131 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\libEGL.dll (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\CloudJSInject\CloudJSInject.xml (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\lapuda\appstorage_user.db-journal (512 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\lapuda\appstorage_user.db (337 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Protocol.dll (372 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\libGLESv2.dll (10177 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\config\searchbar_in_tips.dat (50 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDDocker.exe (45 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\chromecore.dll (392052 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\resourceSug.pb (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\MainUIHandler.dll (49 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\completelist.txt (263 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LogicModel.dll (291 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\manifest.json (749 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\chrome_200_percent.pak (8281 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\d3dcompiler_47.dll (23811 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BrowserUIHandler.dll (49 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\PepperFlash\pepflashplayer.dll (132143 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BrowserUI.dll (806 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\histroy\history.db (145 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\libexif.dll (1425 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\complete_check_list.pb (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BrowserCore.dll (360 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDMSkin.dll (49 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\lapuda\appstorage_nonuser.db-journal (512 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\PepperFlash\manifest.json (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\ZerbaReport.pb (29 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\force_sug\taskbar_force_sug_backup.pb (21 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Peseus.dll (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_proxy.dll (299 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\PluginSetup.xml (762 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\locales\en-US.pak (1281 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\pb\100.pb (920 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\lapuda\appstorage_nonuser.db (337 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\account\user_cert_id.cert.bk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\cloud_games.pb (36 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\UICommonHandler.dll (159 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\locales\zh-CN.pak (1281 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\UICommon.dll (151 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\MainUI.dll (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\force_sug\medusa_navigateinfo.pb (562 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\histroy\history.db-journal (512 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\lapuda\appstorage_user.db-journal (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\lapuda\appstorage_user.db (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\lapuda\appstorage_nonuser.db (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\histroy\history.db-journal (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\lapuda\appstorage_nonuser.db-journal (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\AppPluginState_Install.xml (0 bytes)

The process BaiduRenderClient.exe:2828 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_browser_chrome.dll (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Extension State\000003.log (221 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\5A9D.tmp (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Extension State\LOG (153 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Cache\data_1 (17840 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Cache\data_0 (49052 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Cache\data_3 (7832 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Cache\data_2 (968 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Extension State\000001.dbtmp (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Cache\index (368 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Extension State\MANIFEST-000001 (75 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_protocol.dll (49 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_stub.dll (589 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_browser_trident.dll (692 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Cache\f_000001 (36 bytes)

The process Baidu_Setup_3.1.200.2978_ftn_1050123723.exe:2544 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\history.html (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_message.dll (13584 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\youxijiasuqi\2.0.800.1325\skinres.rdb (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\weixin\1.0.0.8\completelist.txt (30 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\CommonWorker.dll (3712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\general.png (379 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\button-search-input.png (332 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Baidu.exe (48588 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_common.dll (22552 bytes)
C:\ProgramData\Baidu\Common\Global.db (100 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\weixin\1.0.0.8\complete_check_list.pb (192 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\font\open-sans\OpenSans-Light-webfont.woff (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\CommonRes_win10.rdb (3104 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDDocker.exe (3104 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\request.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-checkbox-unchecked.png (361 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\DD_belatedPNG_0.0.8a-min.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\res\js\api.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\bookmarks.css (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\BaiduRenderClient.exe (2392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\game\1.0.0.3\skinres.rdb (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\icon-tree-search-ie8.png (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\history_mods.js (6360 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\LocalPluginInfo.xml (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-bottom-center.png (179 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\fe\fe.html (498 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\msvcp120.dll (15536 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\UsualNames.pb (421 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\ie-fix.css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\Base.dll (28310 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\box-shadow.css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\arrow-png8.png (260 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\msvcr100.dll (26598 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\icon-clear-new.png (451 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BrowserUIHandler.dll (70002 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\search-button.png (299 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\youxijiasuqi\2.0.800.1325\completelist.txt (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\img\1px.png (947 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Tips_win10.rdb (1568 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\fe\js_cmd(start_request).html (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-radio-tooltip-png8.png (329 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-center-right.png (162 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\bdlog.dll (3104 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\webkit-404.html (9 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\test\res\test.js (197 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_proxy.dll (11048 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\map.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Utils.dll (66526 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\mb_setup.log (44236 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LogicModel.dll (221518 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Base.dll (55008 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\BDSearchBar_win7.rdb (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\core.css (662 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\MsgPush.rdb (14384 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\button-refresh.png (562 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDDockerX64.exe (12720 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\ImportBookmark.rdb (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\BaiduReport.dll (12912 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\pack_z.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\folder-arrow-hover-png8.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\Utils.dll (33264 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\fe\js_cmd.html (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-top-center.png (158 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\MsgPush.dll (32848 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\Software.pb (9984 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduBugRpt.exe (33888 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\atl100.dll (10128 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\screensnapshot.exe (29256 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\bdminiopenssl.dll (30336 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\history.css (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\icon-clear-general-png8.png (841 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\global.js (6360 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\font\open-sans\OpenSans-Light-webfont.eot (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Heartbeat.dll (16368 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\BrowserFrame_win10.rdb (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-button-search.png (382 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-top-right.png (260 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\game\1.0.0.3\JoystickService.dll (6360 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\res\css\img\200x\item-arrow.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\browsershowcut.ico (24048 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\MainUIHandler.dll (67494 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\crash.html (9 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-radio-unchecked.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\utils\ua.html (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\png8-dialog-close.png (386 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\BrowserFrame_win7.rdb (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\BDSearchBar_win10.rdb (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Tips_win7.rdb (1568 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\UIFrame.dll (9984 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-radio-checked.png (1 bytes)
C:\Windows\System32\drivers\bbnetdriver.sys (230 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Update_win10.rdb (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BrowserCore.dll (24176 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\connection-error.html (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDMSkin.dll (120372 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\dialog-button-png8.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduAssistant.exe (27168 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\test\res\test.css (646 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\crash.html (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\BDSearchBar.rdb (14384 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\msgconfig.pb (142 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\game\1.0.0.3\complete_check_list.pb (300 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Protocol.dll (25072 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduReport.dll (25072 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\game\1.0.0.3\completelist.txt (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\DeskGuide.exe (26736 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduUpdate.exe (35696 bytes)
C:\Windows\System32\bbnetservice.dll (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDDockerX64.dll (13168 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\connection-fail.html (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\CommonRes_win7.rdb (3104 bytes)
C:\Windows\System32\bbugreport.exe (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\AppPluginState_Install.xml (201 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\game\1.0.0.3\PluginSetup.xml (502 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\test\icon\test.png (1856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\font\open-sans\OpenSans-Light-webfont.ttf (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-bottom-left.png (301 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Setting_win10.rdb (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\error-pages.css (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\appBlackList.dat (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_browser_chrome.dll (6584 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\app-error.html (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\DetectVm.dll (4784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\bp\brp.exe (7345 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\favicon.ico (5 bytes)
C:\Windows\System32\bbnethlp64.dll (169 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\test\test.html (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\MsgPush_win10.rdb (1568 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-button-new.png (977 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\brp.exe (61936 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_protocol.dll (37368 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_stub.dll (19592 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\res\css\img\150x\icon-crash.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-bottom-right.png (299 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\img\logo_blank.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\mod.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\skinres.rdb (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\auto_complete\top_site.db (10128 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-top-left.png (245 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\res\css\img\125x\icon-crash.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Report.dll (9984 bytes)
C:\ProgramData\Baidu\XCommon\verify.db (100 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\img\default-icon.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\font\open-sans\OpenSans-Light-webfont.svg (4992 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsnC6D8.tmp (848881 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\completelist.txt (64 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\icon-clear-new-8.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\CommonRes.rdb (28368 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Setting.rdb (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Update.rdb (4784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\bookmark\bookmark.db (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BIDULocationService.dll (40832 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\GlobalPluginInfo.xml (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Tips.rdb (1568 bytes)
C:\Windows\System32\bbnethlp.dll (203 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\popwindow.rdb (3104 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\youxijiasuqi\2.0.800.1325\PluginSetup.xml (523 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\config\136.dat (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\msvcp100.dll (28368 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\button-baidu-search.png (379 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduService.exe (18640 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\minibaiduscheme.pb (1512 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\msvcr120.dll (32128 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDZebraSDK.dll (362791 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\ssl-error.html (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\youxijiasuqi\2.0.800.1325\complete_check_list.pb (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\MsgCenter_96.rdb (30 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\msvcp100.dll (14605 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Peseus.dll (1568 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\folder-arrow-png8.png (292 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\connection-error.html (9 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\bookmarks_z.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\json2.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-checkbox-checked.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-center-left.png (161 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\history_z.png (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\PluginSetup.xml (637 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Download.rdb (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\System.dll (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\UICommonHandler.dll (11040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\jssdk-v2.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Hermes.dll (11040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\res\css\img\200x\history_icon.png (743 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\BrowserFrame.rdb (3712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\res\img\loading.gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_ipc.dll (2392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\weixin\1.0.0.8\skinres.rdb (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_common.dll (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\res\css\img\125x\history_icon.png (466 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\InstallHelper.dll (9573 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\error.html (734 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\res\css\img\200x\icon-crash.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\png8-dialog.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-button.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Update_win7.rdb (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\BDMSkin.dll (60235 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\folder.png (276 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\xml.rdb (20272 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_browser_trident.dll (23424 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\favicon.ico (9 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Download.dll (4784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\reset.css (826 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\msvcr100.dll (51648 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\complete_check_list.pb (392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_stub_child.dll (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\res\css\img\150x\history_icon.png (566 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\MsgPush_win7.rdb (1568 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\popup.html (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\pack.css (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDDocker.dll (11040 bytes)
C:\Windows\System32\plugins\config.xml (59 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\dl.dll (65648 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\PluginMgr.dll (35696 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BrowserUI.dll (55008 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\SuggestionWnd.rdb (1568 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\uninst.exe (16368 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\ExternalMgr.dll (13168 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\icon-clear-general.png (866 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\ssl-error.html (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\Report.dll (5110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\res\js\common.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\head-star-png8.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\connection-fail.html (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\res\InstallWnd.zip (6584 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_base.dll (10136 bytes)
C:\Users\Public\Documents\bbnetservice\bbconfig.dat (164 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\holderpage\holderpage.html (133 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-button-search-large.png (408 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\default.ico (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\404.html (1856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\bookmarks.html (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\UICommon.dll (11040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Setting_win7.rdb (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\bookmarks_mods.js (1856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\Protocol.dll (12908 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\icon-connect.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-textbox.png (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\complete-png8.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\MainUI.dll (66526 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Update.dll (11040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\game.ico (24048 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\respond.min.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\jietuDll.dll (2392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\res\css\img\150x\item-arrow.png (794 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\icon-404.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\res\js\common.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_browser_trident_plugin.dll (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\weixin\1.0.0.8\PluginSetup.xml (638 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\s2fg (0 bytes)
C:\Users\"%CurrentUserName%"\s2fg.2 (0 bytes)
C:\s2fg.1 (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC6B8.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\s2fg.1 (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\s2fg (0 bytes)
C:\Users\s2fg (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\s2fg (0 bytes)
C:\Users\s2fg.1 (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\s2fg.1 (0 bytes)
C:\s2fg.2 (0 bytes)
C:\Users\s2fg.2 (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\s2fg.2 (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\s2fg.1 (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\s2fg.2 (0 bytes)
C:\s2fg (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp (0 bytes)

The process BaiduUpdate.exe:940 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\InstallerUpdate\Baidu_Setup_3.2.200.3069_Full.exe.bdl (516232 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\BDDownload\3518413350\Setting\host.dat (260 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\Upd.dat (23 bytes)

Registry activity

The process %original file name%.exe:1904 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Tracing\730b3196366aeda9356dc19f9a3c608d_RASMANCS]
"FileDirectory" = "%windir%\tracing"
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\730b3196366aeda9356dc19f9a3c608d_RASAPI32]
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\730b3196366aeda9356dc19f9a3c608d_RASMANCS]
"EnableFileTracing" = "0"
"FileTracingMask" = "4294901760"
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Tracing\730b3196366aeda9356dc19f9a3c608d_RASAPI32]
"EnableConsoleTracing" = "0"
"FileTracingMask" = "4294901760"
"MaxFileSize" = "1048576"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\730b3196366aeda9356dc19f9a3c608d_RASAPI32]
"FileDirectory" = "%windir%\tracing"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3C 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Tracing\730b3196366aeda9356dc19f9a3c608d_RASMANCS]
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\730b3196366aeda9356dc19f9a3c608d_RASAPI32]
"EnableFileTracing" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process Baidu.exe:2592 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband]
"Favorites" = "00 7C 01 00 00 14 00 1F 80 C8 27 34 1F 10 5C 10"

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@C:\Windows\system32]
"msinfo32.exe,-100" = "System Information"
"AccessibilityCpl.dll,-10" = "Ease of Access Center"
"gameux.dll,-10082" = "Games Explorer"
"gameux.dll,-10061" = "Spider Solitaire"
"pmcsnap.dll,-700" = "Print Management"
"wdc.dll,-10021" = "Performance Monitor"
"mblctr.exe,-1008" = "Windows Mobility Center"

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E]
"LanguageList" = "en-US, en"

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@C:\Windows\system32]
"mycomput.dll,-300" = "Computer Management"
"SyncCenter.dll,-3000" = "Sync Center"
"miguiresource.dll,-101" = "Event Viewer"

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@C:\Windows\system32\WindowsPowerShell\v1.0]
"powershell.exe,-101" = "Windows PowerShell ISE"

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@C:\Windows\system32]
"gameux.dll,-10060" = "Solitaire"
"ie4uinit.exe,-737" = "Internet Explorer (No Add-ons)"
"odbcint.dll,-1310" = "Data Sources (ODBC)"
"gameux.dll,-10103" = "Internet Spades"
"MdSched.exe,-4001" = "Windows Memory Diagnostic"
"gameux.dll,-10059" = "Mahjong Titans"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband]
"FavoritesVersion" = "2"

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@C:\Windows\system32]
"wucltux.dll,-1" = "Windows Update"
"dfrgui.exe,-103" = "Disk Defragmenter"
"filemgmt.dll,-2204" = "Services"
"gameux.dll,-10102" = "Internet Backgammon"

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@C:\Windows\system32\migwiz]
"wet.dll,-588" = "Windows Easy Transfer"

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@C:\Windows\system32]
"NetProjW.dll,-501" = "Connect to a Network Projector"
"rstrui.exe,-100" = "System Restore"
"SoundRecorder.exe,-100" = "Sound Recorder"
"gameux.dll,-10055" = "FreeCell"
"gameux.dll,-10209" = "More Games from Microsoft"
"wsecedit.dll,-718" = "Local Security Policy"
"gameux.dll,-10056" = "Hearts"
"gameux.dll,-10057" = "Minesweeper"
"gameux.dll,-10054" = "Chess Titans"
"comres.dll,-3410" = "Component Services"
"msra.exe,-100" = "Windows Remote Assistance"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband]
"FavoritesChanges" = "9"

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@C:\Windows\system32]
"wdc.dll,-10030" = "Resource Monitor"

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@%Program Files%\Common Files\Microsoft Shared\Ink]
"ShapeCollector.exe,-298" = "Personalize Handwriting Recognition"

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@%Program Files%\Windows Journal]
"Journal.exe,-3074" = "Windows Journal"

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@C:\Windows\system32]
"FXSRESM.dll,-114" = "Windows Fax and Scan"

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@%Program Files%\DVD Maker]
"DVDMaker.exe,-61403" = "Windows DVD Maker"

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@C:\Windows\system32\Speech\SpeechUX]
"sapi.cpl,-5555" = "Windows Speech Recognition"

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@C:\Windows\system32]
"displayswitch.exe,-320" = "Connect to a Projector"
"iscsicpl.dll,-5001" = "iSCSI Initiator"
"sdcpl.dll,-101" = "Backup and Restore"
"msconfig.exe,-126" = "System Configuration"
"recdisc.exe,-2000" = "Create a System Repair Disc"

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@%Program Files%\Common Files\Microsoft Shared\Ink]
"mip.exe,-291" = "Math Input Panel"

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@%Program Files%\Windows Sidebar]
"sidebar.exe,-1005" = "Desktop Gadget Gallery"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband]
"FavoritesResolve" = "CC 02 00 00 4C 00 00 00 01 14 02 00 00 00 00 00"

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@C:\Windows\system32]
"gameux.dll,-10058" = "Purble Place"
"AuthFWGP.dll,-20" = "Windows Firewall with Advanced Security"
"XpsRchVw.exe,-102" = "XPS Viewer"
"miguiresource.dll,-201" = "Task Scheduler"

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@C:\Windows\system32\migwiz]
"wet.dll,-591" = "Windows Easy Transfer Reports"

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@C:\Windows\system32]
"gameux.dll,-10101" = "Internet Checkers"

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@%Program Files%\Common Files\Microsoft Shared\Ink]
"TipTsf.dll,-80" = "Tablet PC Input Panel"

The process Baidu.exe:3604 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Baidu.exe]
"(Default)" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Baidu.exe"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\Capabilities]
"ApplicationIcon" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Baidu.exe,0"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\Capabilities\FileAssociations]
".xhtml" = "BaiduClientBrowserHTML"

[HKLM\SOFTWARE\Clients\StartMenuInternet]
"(Default)" = "Baidu.exe"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe]
"(Default)" = "Baidu.exe"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\Capabilities]
"ApplicationName" = "桌面百度浏览器"

[HKCR\BaiduClientBrowserHTML]
"AppUserModelID" = "BaiduClient.Default"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe]
"LocalizedString" = "桌面百度浏览器"

[HKCU\Software\Classes\BaiduClientBrowserHTML]
"AppUserModelID" = "BaiduClient.Default"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\Capabilities\FileAssociations]
".shtm" = "BaiduClientBrowserHTML"

[HKLM\SOFTWARE\RegisteredApplications]
"baidu.exe" = "Software\Clients\StartMenuInternet\baidubrowser.exe\Capabilities"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\Capabilities\FileAssociations]
".xht" = "BaiduClientBrowserHTML"

[HKCU\Software\Classes\BaiduClientBrowserHTML]
"URL Protocol" = ""

[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\DefaultIcon]
"(Default)" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Baidu.exe,0"

[HKCR\BaiduClient.Default\.exe\shell\run\command]
"(Default)" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Baidu.exe %*"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\Capabilities\FileAssociations]
".html" = "BaiduClientBrowserHTML"

[HKCR\BaiduClient.Default\.exe\shell\open\command]
"(Default)" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Baidu.exe %*"

[HKCR\BaiduClientBrowserHTML\shell\open\command]
"(Default)" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Baidu.exe -- %1 --main-frame 3"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\Capabilities\Startmenu]
"StartMenuInternet" = "Baidu.exe"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\Capabilities\FileAssociations]
".shtml" = "BaiduClientBrowserHTML"
".mhtml" = "BaiduClientBrowserHTML"
".mht" = "BaiduClientBrowserHTML"

[HKCR\BaiduClientBrowserHTML]
"URL Protocol" = ""

[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\Capabilities]
"ApplicationDescription" = "桌面百度是一款极速浏览器,打开网页快、下载文件快,并极富设计感。"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\Capabilities\URLAssociations]
"ftp" = "BaiduClientBrowserHTML"

[HKCU\Software\Classes\BaiduClientBrowserHTML\DefaultIcon]
"(Default)" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\FileAssoc.ico"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\Capabilities\FileAssociations]
".XML" = "BaiduClientBrowserHTML"

[HKCR\BaiduClientBrowserHTML\DefaultIcon]
"(Default)" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\FileAssoc.ico"

[HKCU\Software\Classes\BaiduClientBrowserHTML\shell\open\command]
"(Default)" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Baidu.exe -- %1 --main-frame 3"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\Capabilities\FileAssociations]
".htm" = "BaiduClientBrowserHTML"
".mhtm" = "BaiduClientBrowserHTML"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\Capabilities\URLAssociations]
"https" = "BaiduClientBrowserHTML"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Baidu.exe]
"Path" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\"

[HKCR\BaiduClientBrowserHTML]
"(Default)" = "BaiduClient HTML Document"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\shell\open\command]
"(Default)" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Baidu.exe --main-frame 1"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\Capabilities\URLAssociations]
"http" = "BaiduClientBrowserHTML"

[HKCU\Software\Classes\BaiduClientBrowserHTML]
"(Default)" = "BaiduClient HTML Document"

The process Baidu.exe:3820 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\metnsd\clsid]
"SequenceID" = "44 62 2D FE 9C 7A B1 46 AE 62 76 FA 7F 22 D3 4B"

The process Baidu.exe:2160 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Tracing\Baidu_RASMANCS]
"FileTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\Baidu_RASMANCS]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Tracing\Baidu_RASAPI32]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Tracing\Baidu_RASMANCS]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\Baidu_RASAPI32]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\Tracing\Baidu_RASMANCS]
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\Baidu_RASAPI32]
"ConsoleTracingMask" = "4294901760"

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@""%systemroot%\system32\windowspowershell\v1.0]
"powershell.exe"",-111" = "Performs object-based (command-line) functions"

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E]
"LanguageList" = "en-US, en"

[HKLM\SOFTWARE\Microsoft\Tracing\Baidu_RASAPI32]
"EnableConsoleTracing" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3D 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Tracing\Baidu_RASMANCS]
"FileDirectory" = "%windir%\tracing"

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@""%windir%\System32]
"ie4uinit.exe"",-738" = "Start Internet Explorer without ActiveX controls or browser extensions."

[HKLM\SOFTWARE\Microsoft\Tracing\Baidu_RASAPI32]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\Baidu_RASMANCS]
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\Baidu_RASAPI32]
"FileTracingMask" = "4294901760"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process brp.exe:2276 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Baidu\BaiduBrowser]
"InstallDate" = "20170204014750539"

The process BaiduRenderClient.exe:2828 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E]
"LanguageList" = "en-US, en"

The process Baidu_Setup_3.1.200.2978_ftn_1050123723.exe:2544 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}]
"Policy" = "3"

[HKLM\SOFTWARE\Baidu\Baidu]
"TNBin" = "F7 8A 80 8C AA 68 4B B6 CE DA E8 87 AE C0 C7 9E"
"TN" = "SE_Baiduclient_9vpgkwv8"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"bbnetservice" = "bbnetservice"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}]
"AppPath" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度]
"UninstallString" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\uninst.exe"

[HKLM\System\CurrentControlSet\services\bbnetservice\Parameters]
"ServiceDll" = "C:\Windows\system32\bbnetservice.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartButtonDock\1]
"ButtonClassName" = "Baidu_Desk_Client_SearchBar_Widget_Docked"

[HKLM\SOFTWARE\Baidu\Baidu]
"CustomID" = "40"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度]
"DisplayName" = "百度"

[HKLM\SOFTWARE\Baidu\Baidu]
"SupplyID" = "1050123723"

[HKCU\Software\Baidu\Baidu\ConStatus]
"AutoRun" = "1"

[HKLM\SOFTWARE\Baidu\Baidu]
"BrowserSelected" = "0"
"INSTLANG" = "2052"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度]
"Publisher" = "百度在线网络技术(北京)有限公司"

[HKLM\SOFTWARE\Baidu\Baidu]
"InstallDir" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient"
"Version" = "3.1.200.2978"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}]
"AppName" = "Baidu.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度]
"DisplayVersion" = "3.1.200.2978"

[HKLM\SOFTWARE\Baidu\Baidu]
"InstallDate" = "20170204014743215"
"channel" = "--main-frame 0 --search-bar 2 --tray 1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度]
"DisplayIcon" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Baidu.exe,0"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"BaiduClient" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Baidu.exe --auto-run"

Dropped PE files

MD5 File path
ffaf44731dd8b5315ed5a19f3cb5660f c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDDocker.dll
3bb5644481df013cac28d955ffc3accc c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDDocker.exe
90047f36bdb91e2098f00b13999bbe82 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDDockerX64.dll
f6831ffe1b0f1fe5547c851a0cb30c21 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDDockerX64.exe
3df3896b3efb9f3458012b9dc3d1350e c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDMSkin.dll
abde77548b3fcd52a8900c484ab3714c c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDZebraSDK.dll
b89190c3bdf20d4b471b9acaaddb8d1b c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BIDULocationService.dll
203c718698db22a7b7b43cb3d08964cc c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Baidu.exe
3e718e354507b3625008218bfc810c2b c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduAssistant.exe
71982c70e6bcde303f55edd8de2e55de c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduBugRpt.exe
addde3cfec6bc6f2d7031766c4562c5e c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduReport.dll
15ef6b1ed8ff51fa8c59246fd53a4010 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduService.exe
6dcd40d39d2c55d7fc637a11f2c56d2f c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduUpdate.exe
4c00ae6b616feb3230ac58ed38118108 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Base.dll
6d0f45bbca42a21086f62d49352bde9d c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BrowserCore.dll
4809e75492a0168e7a912028df997ed2 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BrowserUI.dll
5f2133b8872ce76fc5b0dbf029440f32 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BrowserUIHandler.dll
7af9e5ecf271f7ee028073e0c9a6bd37 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\CommonWorker.dll
10f64e9af47a83e30805a84c14dd9ae3 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\DeskGuide.exe
322169e9cd984c9dca6fcada4e648c5b c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\DetectVm.dll
c8993640a5b23c8b04339ba364e8da1c c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Download.dll
a693cc487604974b0ff12892b4a70dfd c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\ExternalMgr.dll
7997af49c1738abf2c225ef25565d51a c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Heartbeat.dll
4c422c1fe9d617164dc01cdbd81a19cf c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Hermes.dll
1224f6268da4a58f03f1adfb148ba475 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LogicModel.dll
c0d93ca7f38db6fb1afe31a21c6c96a7 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\MainUI.dll
561f530b4c73606e4a6a776bef6b1183 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\MainUIHandler.dll
299009813c0d618c0fcabcdfb163372a c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\MsgPush.dll
ba5291ba5bb4706692d9a4b83cfdc67d c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Peseus.dll
e7c36f7b2ff7135042736eec013168dc c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\PluginMgr.dll
d60e63d27cd6ce04826a308ea676c794 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Protocol.dll
87c55a374258b2aa7fda6d3e4abf23db c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Report.dll
0cf141f90efd787a71f0b1046c501d44 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\UICommon.dll
6f18bbfed4f5af9fd0a483e885e5d5f0 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\UICommonHandler.dll
5e6909fa82c78d5e3bdd44e2d0cf4285 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\UIFrame.dll
5a705abccd0ec37c41aff4c325723c51 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Update.dll
0626441d2acf836eb7aec7f77078c844 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Utils.dll
00d2c06a552f782c1f16acf77db765a5 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\atl100.dll
56d1d9be11aec8560139c779f353155c c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\bdlog.dll
f3dffab219f3386c46f814a11a91a086 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\bdminiopenssl.dll
f3482cb7643db3dfe3e78dd32514277c c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\brp.exe
c327feba5d062b00acd08c78b2bb3c21 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\dl.dll
bc83108b18756547013ed443b8cdb31b c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\msvcp100.dll
0e37fbfa79d349d672456923ec5fbbe3 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\msvcr100.dll
979a352ff0c59284fc90ee5bb9620b28 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\uninst.exe
3d4f4d3451eacef53af6e433a7ec4560 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\BaiduRenderClient.exe
b8099eb74caf12f6a8fb68bcc09ebf9a c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\msvcp120.dll
9f8c9ca055c00b6a3ea07f408cf991e1 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\msvcr120.dll
62392671e5c14616d7405e8c5e62661b c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_base.dll
0a4969536befa10ac3f8a8bb0442cd2e c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_browser_chrome.dll
edbc6f04e8f70e5fa95f406946ebf6af c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_browser_trident.dll
54b401bfb4370985bd7f73de9ff73747 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_browser_trident_plugin.dll
5f193025e120e8f08d215c7a3c6d5a13 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_common.dll
762b300983a61438fbb1917640638dd4 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_ipc.dll
8311af3a48a5d817632c08f3cdab3bee c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_protocol.dll
48edf98bf70f40e0cf9a87250f4d2600 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_common.dll
5021f51f649ab61057759958821c8029 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_message.dll
bccfc4edc2057f7fda1ff8c2d1a5858a c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_proxy.dll
f28a1352c6674382473225abc9271576 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_stub.dll
5a769ecb91f48ec914ec474c1bc3d8b8 c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_stub_child.dll
8e53bb649fe3abb87be4f417a70fa88d c:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\Baidu_Setup_3.1.200.2978_ftn_1050123723[1].exe
8e53bb649fe3abb87be4f417a70fa88d c:\Users\"%CurrentUserName%"\AppData\Local\Temp\Baidu_Setup_3.1.200.2978_ftn_1050123723.exe
4cf3a81ab4579b30117c8a39a489d51d c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshA2C5.tmp\System.dll
3df3896b3efb9f3458012b9dc3d1350e c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\BDMSkin.dll
addde3cfec6bc6f2d7031766c4562c5e c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\BaiduReport.dll
4c00ae6b616feb3230ac58ed38118108 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\Base.dll
363e75e60191837216db858b3d2e1774 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\InstallHelper.dll
d60e63d27cd6ce04826a308ea676c794 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\Protocol.dll
87c55a374258b2aa7fda6d3e4abf23db c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\Report.dll
bdb492684b7a99ee0aa1d10c1f8bf702 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\System.dll
0626441d2acf836eb7aec7f77078c844 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\Utils.dll
bc83108b18756547013ed443b8cdb31b c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\msvcp100.dll
0e37fbfa79d349d672456923ec5fbbe3 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\msvcr100.dll
066ea82c62ca83270edfdd415cede04b c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\InstallerUpdate\Baidu_Setup_3.2.200.3069_Full.exe
f3482cb7643db3dfe3e78dd32514277c c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\bp\brp.exe
6e04e5ec6821ee06edfc74daf94cec54 c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\PepperFlash\pepflashplayer.dll
498cd8d19a4213aacc2b3e0e4fbea20f c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\chromecore.dll
b6b2d880470dbe4c8e044b2c0c820358 c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\d3dcompiler_47.dll
373976a773030219ade9561f0a5c1d75 c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\libEGL.dll
44a3377d52919bc8d757e53aa269b302 c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\libGLESv2.dll
e22ded5f00722f881b85afbf8b3f9f97 c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\libexif.dll
6e04e5ec6821ee06edfc74daf94cec54 c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\PepperFlash\pepflashplayer.dll
498cd8d19a4213aacc2b3e0e4fbea20f c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\chromecore.dll
b6b2d880470dbe4c8e044b2c0c820358 c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\d3dcompiler_47.dll
373976a773030219ade9561f0a5c1d75 c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\libEGL.dll
44a3377d52919bc8d757e53aa269b302 c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\libGLESv2.dll
e22ded5f00722f881b85afbf8b3f9f97 c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\libexif.dll
e658ff0dcf3df710575c08148fe8b476 c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\game\1.0.0.3\JoystickService.dll
cb2890bd544ecc0d442bc09429e2099a c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\jietuDll.dll
0d6565a576325305206d93f153ad908a c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\screensnapshot.exe
1e277e0c146c33c85abe47a79b5cddd0 c:\Windows\System32\bbnethlp.dll
5f3098b66c42616bcd96b5b5fbaa56bc c:\Windows\System32\bbnethlp64.dll
c3795e74b87959d3d2875643ff1bac93 c:\Windows\System32\bbnetservice.dll
fb890a62c0e0b969c71d0485d36f1ce5 c:\Windows\System32\bbnetservice_1.dll
2c2605b6946d5c579f1d16baa70227bd c:\Windows\System32\bbugreport.exe
5d68f77523e42eef10a9beada1a6f482 c:\Windows\System32\drivers\bbnetdriver.sys
7e805ee4cc4b619e45512c018c9f1e75 c:\Windows\Temp\Dr70da6_1.drt
c3795e74b87959d3d2875643ff1bac93 c:\Windows\Temp\Dr720b9.drt

HOSTS file anomalies

No changes have been detected.

Rootkit activity

Using the driver "%System%\drivers\bbnetdriver.sys" the Trojan controls creation and closing of processes by installing the process notifier.
Using the driver "%System%\drivers\bbnetdriver.sys" the Trojan controls creation and closing of threads by installing the thread notifier.
Using the driver "%System%\drivers\bbnetdriver.sys" the Trojan controls loading executable images into a memory by installing the Load image notifier.
Using the driver "%System%\drivers\bbnetdriver.sys" the Trojan controls operations with a system registry by installing the registry notifier.
Using the driver " %System%\drivers\bbnetdriver.sys" the Trojan attaches its filter-device object to the Volume Device Object (VDO) of the file system driver.

Propagation

VersionInfo

No information is available.

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 28432 28672 4.50399 f569e353af0ed51bf4c216faa9bed4e7
.rdata 32768 10898 11264 3.04561 91eee43954e068e650f7b73a8b0e6915
.data 45056 425660 512 1.02085 db9f7acbf1c3ddfe255077b699955dfa
.ndata 471040 610304 0 0 d41d8cd98f00b204e9800998ecf8427e
.rsrc 1081344 60952 61440 5.19437 b021294f39d09f2fa0d4b087fe7505ab
.reloc 1142784 3978 4096 5.49152 4a8958bf0c86981c0e27f5ef1bd574f0

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 24
c3665bd2e0dbc429782ed0da55589504
7aac6010bafef98ab7c807bac887029c
a84a8b5d625d7c216b9b8ab3f3dc35c5
a2c759f1211588d687f0abc0d02f90c0
7c39571c11ca9e885b30d06737df40a3
450ba8e1bd0c883bad857a3524c62455
de5ff56d29eb0e0c68819a2ecd460361
4cb8694d034b829ccff0ddf0273ba291
e6d044aeb739fb7a8265143b4a36a361
8e82b539b639d89567620994694908cd
2efb19b44c6be9c06df60a1604c9e8a5
ab14db7f28cef40efd729b5dd7e9cf12
220bd2fcd9cc037d6427f139c9d1db44
6968ca45e88810d875c188542fd41462
405cf90862b5f07d16a1e506c8758840
bc6064ddf031e71b2a3d8a62ff7442ed
2b80079b849f64064928ad3d3055ddfd
aa1047258cbd6fcc392fc5cee56bdf32
6e388117cf47bd19caffdc3d7f706764
f34e2279c8c9bd41cbbf804a6425dbf8
4a981c49556d8c8549396f4b03b1b398
1513addc6bb094b982ac8bf3e57ed4b3
d6751f44df067f9fcff9d0281106f13c
458d561f85a4de0028fd88237026715b

URLs

URL IP
hxxp://scloud-dlsw.br.baidu.com.cname.yunjiasu-cdn.net/ditui/zujian/Baidu_Setup_3.1.200.2978_ftn_1050123723.exe 162.159.211.62
hxxp://north-mb.n.shifen.com/
hxxp://hbup.mini.n.shifen.com/
hxxp://brwebimg.jomodns.com/pb/201610/f0282f7cf506b8807c78423d06a249d6.pb
hxxp://brlocation.n.shifen.com/
hxxp://scloud-dlsw.br.baidu.com.cname.yunjiasu-cdn.net/odin/201610/4f03c9f6263fa20679b486a9424243c8.7z 162.159.211.62
hxxp://scloud-dlsw.br.baidu.com.cname.yunjiasu-cdn.net/odin/201607/0260783600ae78ce0dbeabf59a8d873c.xml 162.159.211.62
hxxp://brdlsw.jomodns.com/odin/201504/38012d1ec93b2df99434b63e6dd4c6ae.e
hxxp://drzc.n.shifen.com/
hxxp://scloud-dlsw.br.baidu.com.cname.yunjiasu-cdn.net/odin/201612/7e805ee4cc4b619e45512c018c9f1e75.dll 162.159.211.62
hxxp://scloud-dlsw.br.baidu.com.cname.yunjiasu-cdn.net/odin/201701/066ea82c62ca83270edfdd415cede04b.exe 162.159.211.62
hxxp://mbredirect.n.shifen.com/app/101/start_page
hxxp://dr.mb.baidu.com/ 61.135.186.213
hxxp://scloud-dlsw.br.baidu.com/odin/201610/4f03c9f6263fa20679b486a9424243c8.7z 162.159.211.62
hxxp://redirect.mb.baidu.com/app/101/start_page 111.206.37.114
hxxp://hb.mb.baidu.com/ 123.125.114.232
hxxp://scloud-dlsw.br.baidu.com/odin/201701/066ea82c62ca83270edfdd415cede04b.exe 162.159.211.62
hxxp://dr.zc.baidu.com/ 61.135.186.100
hxxp://ibr5.bdstatic.com/pb/201610/f0282f7cf506b8807c78423d06a249d6.pb 118.123.210.48
hxxp://location.br.baidu.com/ 61.135.186.93
hxxp://dlsw.br.baidu.com/odin/201504/38012d1ec93b2df99434b63e6dd4c6ae.e 119.84.42.46
hxxp://scloud-dlsw.br.baidu.com/ditui/zujian/Baidu_Setup_3.1.200.2978_ftn_1050123723.exe 162.159.211.62
hxxp://scloud-dlsw.br.baidu.com/odin/201607/0260783600ae78ce0dbeabf59a8d873c.xml 162.159.211.62
hxxp://scloud-dlsw.br.baidu.com/odin/201612/7e805ee4cc4b619e45512c018c9f1e75.dll 162.159.211.62
hxxp://cr.zc.baidu.com/ 61.135.186.100
msc.br.baidu.com 61.135.186.96
dtrp.download.iyuntian.com 123.125.65.150
f.i1236.com 219.238.237.210
cfg.download.iyuntian.com 123.125.65.132
ibr9.bdstatic.com 118.123.210.48
hb.zc.baidu.com 61.135.186.100
dr.humming.baidu.com 111.206.223.163
p2s.download.baidu.com 61.135.186.153
www.baidu.com 14.215.177.37
cdnmbapi.baidu.com 118.123.210.48
rc.download.iyuntian.com 123.125.65.153
sys.webapi.br.baidu.com 111.206.223.133
utk.download.iyuntian.com 123.125.65.147


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY PE EXE or DLL Windows file download HTTP

Traffic

POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 262
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...b........" 1deeea43e07fba973e9d83e58918d424(.2.8..@.H.P.X.` ........ 1deeea43e07fba973e9d83e58918d424......h...C}.K~K..YS.@."F.cye5....-!..VD....p...... &....M....... ....t........\>G.......!S......_....h.A..".4..bZ>..dDB.>Z..Y<a...pt..u.Fx.B7.h;h.Frw.Z..Z...
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 126
...b........" 1deeea43e07fba973e9d83e58918d424(.2.8..@.H.P.X.` .......
. 1deeea43e07fba973e9d83e58918d424...........i!....|p..E....


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 254
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...b........" 1deeea43e07fba973e9d83e58918d424(.2.8..@.H.P.X.` ........ 1deeea43e07fba973e9d83e58918d424.......>..Pg.U.V...<.Q..H~mr3{.E...{...`..azvD..........QO.y..V.yZ.O.-L..h..97.....)CLduP2c..../.....r6.^....n#....A.-/..f<..F-..F...Y .R..fR...<d.S.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 126
...b........" 1deeea43e07fba973e9d83e58918d424(.2.8..@.H.P.X.` .......
. 1deeea43e07fba973e9d83e58918d424..........<.y...s...~.HTTP/1.1 20
0 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..
Connection: Keep-Alive..Content-Length: 126.....b........" 1deeea43e07
fba973e9d83e58918d424(.2.8..@.H.P.X.` ........ 1deeea43e07fba973e9d83e
58918d424..........<.y...s...~.....


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 270
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...b........" 1deeea43e07fba973e9d83e58918d424(.2.8..@.H.P.X.` ........ 1deeea43e07fba973e9d83e58918d424..........k.I7S9lF...o.I..W|.V.....$60...D.......|.dBn.l..lYn.I*.`P.Z...yC*o0.PU.ZP...I....s0 <.*>...I.....,Ko.w<QM>..K.idn...9&.K(.0]6....3.~.}........1.Y/..of[.N.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 126
...b........" 1deeea43e07fba973e9d83e58918d424(.2.8..@.H.P.X.` .......
. 1deeea43e07fba973e9d83e58918d424......I...../c5r.P.Y..HTTP/1.1 200 O
K..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Con
nection: Keep-Alive..Content-Length: 126.....b........" 1deeea43e07fba
973e9d83e58918d424(.2.8..@.H.P.X.` ........ 1deeea43e07fba973e9d83e589
18d424......I...../c5r.P.Y......


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 270
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...b........" 1deeea43e07fba973e9d83e58918d424(.2.8..@.H.P.X.` ........ 1deeea43e07fba973e9d83e58918d424......k....Vr...2..x..5|..<.#...0.a..S . ...hK?.d.9?<;.p..}.g.........!O@...,/.....e......s..i.......B....A(..N.t].q|.{..l..=.T.....!..e.............. U....C..)..(..
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 126
...b........" 1deeea43e07fba973e9d83e58918d424(.2.8..@.H.P.X.` .......
. 1deeea43e07fba973e9d83e58918d424......>N.0.....6:.T.......


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 262
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...b........" 1deeea43e07fba973e9d83e58918d424(.2.8..@.H.P.X.` ........ 1deeea43e07fba973e9d83e58918d424.........@.0...D...1.fM..P...@b.{...Nu..E.K.b~.4.c...,.\m.2...P.K0?..^..w......(.g>..> B..}.O|r.....a..............A.,[.;N.^....%.......B....g..i.eO..bh.c.;.u
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 126
...b........" 1deeea43e07fba973e9d83e58918d424(.2.8..@.H.P.X.` .......
. 1deeea43e07fba973e9d83e58918d424........8@q@.s(..2.a#.HTTP/1.1 200 O
K..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Con
nection: Keep-Alive..Content-Length: 126.....b........" 1deeea43e07fba
973e9d83e58918d424(.2.8..@.H.P.X.` ........ 1deeea43e07fba973e9d83e589
18d424........8@q@.s(..2.a#...



POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 284
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.........&..X#o3f.f .i.Wy.;;...7G2`{....3b.? 3.m.......dJ.WoD.Z<a.}...6....$=.].z.V ......z.CD..X1Y.....N..<V.`...@ml(...z]..?..p.hyVT.>..{R.......A5..y.V.F.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 148
...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424..........k...
..9.A;.)HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-
Alive: timeout=30..Connection: Keep-Alive..Content-Length: 148.....x..
......" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` .
.(...1050123723.. 1deeea43e07fba973e9d83e58918d424..........k.....9.A;
.)..



POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 316
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....-..m.oZ.9.x6 `q........!~{D].9.T.$..4).~....Hm..............
.,......e....R....O^..........P...
.{........).=<.C..@.w[c.....{..^E.K.n.S.u.B.gkgOD.-2*...2..S.......Q- .9.-a..../B..]PN
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 148
...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....-...Y.'.S
.s9..=.gHTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-
Alive: timeout=30..Connection: Keep-Alive..Content-Length: 148.....x..
......" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` .
.(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....-...Y.'.S.s9..=
.g..



GET /odin/201701/066ea82c62ca83270edfdd415cede04b.exe HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: scloud-dlsw.br.baidu.com
Range: bytes=36700160-
Referer: hXXp://scloud-dlsw.br.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)


HTTP/1.1 206 Partial Content
Date: Fri, 03 Feb 2017 23:48:06 GMT
Content-Type: application/octet-stream
Content-Length: 12090632
Connection: keep-alive
Set-Cookie: __cfduid=d90e07aff4681ee28566f13253d47d9d71486165686; expires=Sat, 03-Feb-18 23:48:06 GMT; path=/; domain=.baidu.com; HttpOnly
Last-Modified: Tue, 24 Jan 2017 04:49:25 GMT
ETag: "5886dcd5-2e87d08"
Expires: Sun, 19 Jan 2020 23:48:06 GMT
Cache-Control: public, max-age=93312000
CF-Cache-Status: HIT
Content-Range: bytes 36700160-48790791/48790792
Server: yunjiasu-nginx
CF-RAY: 32b9c592d5905a02-VIE
.[(..!..r....t<...4~.....*...0%..BH..*..5.{.H<....l.5)L^L!.N.w.c
..^2V7.'VMdt.}.....)E Y51.SvZ,Sa...h......e&w.bdEr....Z.!..c..Gb...QP.
Q/..k5.wX...:.f...aT.......4.E..*..9%..W.}.?.>.....V..:.h.L...^A.K.
-....u5`F6e.k......}.......G;,I...9H$....x.//....qP.2!..........w'.2..
../.....LN.....Oe.\.....9C.k..Ry...&.Q>...`6f.f.......r...~..ld..0.
...... .-=...........<^........"..U.........z.......b.....LXw.|o...
.ig. .......`M/.....s.-A.F.E<.AH.......%..X...._).N.c..A.=Q.g=...C/
..Q..W,c.$z.......e.zKB Ol.69.d...$...=...U>...'........",h........
9'....{o\.1...VML=...kj}...c.B.&..6.&.).}....L...l......K,..a..j...`..
....Je>n........`.t...W......~....>;...qPEK.,..`........dk.Q*..D
.3..1z..-.LG....~J`....d.x1.u9...A?..e.f.ee=..E.k..R3.......Fi.;..<
..u.k..).....Ht..x..n..cD..L..U._....a.*k........`\dk..]....*s..0T3...
R....W....c....2...\L)...?".u..4..)...W.......$H.t..............jh.rH-
G....4......$P8.#....9.1.li`.3../..T...T..}m.(.....1sJo~.3....._^....&
lt;Y........~....o.;............B....y5.$f..}..........6.......x....d.
M........G...t2..U_..e...(.K..y;......F;...y9...".qz..t.....#......K|.
 .mv.j....=........z*7..Y.=..6...$...n.....=.^...M......b.J1l{.."9W..X
)Oz.x...~W.....0..p$.w...w.@..."bJBLa.w"X..f;..]..u..........%...!y...
s....$...Y..N.k|e..13N.hT.=U]=.......5I..sZ .4P..,!A....o_..bdv.~..., 
t........t...I]P..y..VI.x....\/......C..D..k=.K.p....q...o5.C...r.....
y?.}'Cg ./.kx..@..k.."..T..;H....Pw@\..$....<..=4.H.L......C.......
.C.1"t..cq#Q&x1B...5.F....v.........9o.......!....$..We...@.J.k..s
<<< skipped >>>


GET /ditui/zujian/Baidu_Setup_3.1.200.2978_ftn_1050123723.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: scloud-dlsw.br.baidu.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Fri, 03 Feb 2017 23:47:34 GMT
Content-Type: application/octet-stream
Content-Length: 11371752
Connection: keep-alive
Set-Cookie: __cfduid=d3696279ae20a880bb85d6c2515d1d6c31486165653; expires=Sat, 03-Feb-18 23:47:33 GMT; path=/; domain=.baidu.com; HttpOnly
Last-Modified: Wed, 09 Nov 2016 03:26:21 GMT
ETag: "5822975d-ad84e8"
Expires: Sun, 14 May 2017 23:47:34 GMT
Cache-Control: public, max-age=8640000
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Server: yunjiasu-nginx
CF-RAY: 32b9c4c8f218597e-VIE
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8
...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8.......
.PE..L.....GO.................p.......B...9............@..............
...................v.....@.................................d........@.
..~...........l.. ....................................................
........................................text....o.......p.............
..... ..`.rdata...*.......,...t..............@..@.data....~...........
...............@....ndata.......0...........................rsrc....~.
..@......................@..@.reloc..............................@..B.
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t .}.F.E.u..H
.....-G..H.P.u..u..u.....@..K...SV.5.-G.W.E.P.u.....@..e...E..E.P.u...
..@..}..e....D.@........FR..VV..U... M..........M........E...FQ.....NU
..M.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E..E.
P.u.....@..u....E..9}...n....~X.te.v4..L.@..E...tU.}.j.W.E......E.....
..P.@..vXW..T.@..u..5X.@.W..h ....E..E.Pj.h..F.W....@..u.W...u....E.P.
u.....@._^3.[.....L$...-G...i. @...T.....tUVW.q.3.;5.-G.sD..i. @...D..
S.....t.G.....t...O..t .....u...3....3...F. @..;5.-G.r.[_^...U..QQ
<<< skipped >>>


POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 290
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2W....v..s..O.@..l`q.=|....kdQ..Ma.......?......n...B..*B............,Bw8....!...78P..Z..~..G3[....J...B...B.Wzx3..2\m......g.EJ...X..#.. ".....e..j.@...
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2.C
7!N......*..;.....


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 290
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2X.$f.b..8Jo2i..........$.....q.f....}.'pB....Go.yI-.....0...I..4ekZ...r.G...E.......-&@n..x~..Y........].4..}....I.TJ..D.b..b..t....W~:.'..j....dg"...
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2..
0..=_....eN.......


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 298
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2r.t*9.@.....n.s2.cy.._
C.F.rK.......xFH....... ....a>..(.y..`..:.P.F...?.1G...kV...Y...Ho/t...u..oZ.H? z..Au8#q....[...<%...t..k/p.G.........O.R....e..@...% ..
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2.~
..si.='...........


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 290
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2..~........i...Nku.2r.?.....O.(....5..L.....r.&....l....5%JV..d.v;).;.{.[....-.>*}/.2.......8.......U..y.8....."pT.....\P..c.i..........!..$f....h..g...
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2..
%.J........3......


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 354
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2.@Aq....g....<.q.AS....u..].B`*.S..=wZ...
./}[.r.-.~.ge.C....CA...^.........'J}e..^.y.....h..BK.0.N.."..@1`./
7G.......e.....W.[o,t@@...z...o..c...!..*!p%.;.wH......,._..*...*R.......O.[.....@..C....
...J.v.......
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2d.
..QQ...0.....c....


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 298
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2.K..paije.r...o....Z/hq. ....w....| ..Xi..... ..-.v:..~#.8.M<s..3...2....GI.'^..@3..0..t...(0..K.A.[4F.......&0.(...x.`
..-.6.?<G..9.
D.Y.[...!|.:...\.."..^.z.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2{.
K.g...F..H.b......


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 298
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....23.....},..O....u9.w...o.I&......5....$....1..9.i.A."...w.=...i`..)..K....j..U....F1.|W ...w..qZ..Y....D.g.. a(WZ.T.G...Z.S...|...R.....i....Nz.'G.....0rF(>$...
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2..
D..].w"..U...$....


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 298
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2..Kg....B:.-@...K.2......K......T.Am.P....g.SX..c ........FQ./..1.-9......n.{..&I......6e..4...*..o..D?5q....~.0..E.|.....c...C..., ...(#.E!.D2.2iJ..........PV<
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2`.
.\T...76..tA......


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 298
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2....O,G..Y&\H*q.....g..u..u.=|......x... ...1%.w..d..K..I...g6..,=T...j..26x`@x...n@...........F.P.J.m...F.]A.. ..e.l......m..0a...B..........O..]e.H.cpY...;.%.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2'.
..Yh..\...../.....


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 298
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~....... " 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2..\....V..4.R.h..G.r....iqU..|.K.|...M.ga.ew.v.a.V9.......>..:Z..&.Y.C..u.
cN].....J.F.
..@....~{.....I....p.NdXVK... Q..I.d.......?..;....*....T..%.e....8-..i
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~....... " 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2H.
r=.c>Z....6i......


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 290
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~.......!" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2..F^..Qc&...3U.....$^`f.\.I.......#....`.Q.-.mg]..X..%#!.t..Mb..L..7.."...:p.6!..O./....?._N.....Y.drk@w.z..VMX........8]......<.....;.j,...............POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 258
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~......."" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...x.4{..w..S..:D...i....s...._..#.9..=h.|....H.........,.
.H.Wj...3
..<q..5V..[O.k..W.j.._...r...m....G... ...B...t...6\....POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 290
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~.......#" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2Fs...b..........V.Y...K.w...p.j.z..........A.{k.!.0S..V.n....R..3N.....\M.P..$.f...Q..6.9..........Y'.].........o.H...$.~.....a....tQ.]..N.....H./...-$POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 314
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~.......$" 1deeea43e07fba973e9d83e58918d424(.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~......."" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....4%.
...A.D..jg,...HTTP/1.1 200 OK..Content-Type: application/octet-stream.
.Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 154..
...~.......!" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....27s
.>.;..2.y.P...HTTP/1.1 200 OK..Content-Type: application/octet-stre
am..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 15
4.....~.......#" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.
X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....
2...>a..e.M$[a.....



GET /odin/201701/066ea82c62ca83270edfdd415cede04b.exe HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: scloud-dlsw.br.baidu.com
Range: bytes=34734080-
Referer: hXXp://scloud-dlsw.br.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)


HTTP/1.1 206 Partial Content
Date: Fri, 03 Feb 2017 23:48:06 GMT
Content-Type: application/octet-stream
Content-Length: 14056712
Connection: keep-alive
Set-Cookie: __cfduid=d59d87ec513297d749fcf62a8099c7f4d1486165686; expires=Sat, 03-Feb-18 23:48:06 GMT; path=/; domain=.baidu.com; HttpOnly
Last-Modified: Tue, 24 Jan 2017 04:49:25 GMT
ETag: "5886dcd5-2e87d08"
Expires: Sun, 19 Jan 2020 23:48:06 GMT
Cache-Control: public, max-age=93312000
CF-Cache-Status: HIT
Content-Range: bytes 34734080-48790791/48790792
Server: yunjiasu-nginx
CF-RAY: 32b9c592d10859cc-VIE
bJ...x...;.....G....'.&TqG.,.*Gq.*8.......{X....`#4.=.#....'Xh...n<
M.....I.F..2H....3aFk2.N.s.R..Q.....f...)...l..vN..4..{h....v..(.N.FS.
......$T.`......Tz.V......* ..E8.$h.zj....2.Y.[k..ei./........).....'.
....k.B.7..,..)W.....hJ.?......h.:....Mk.....},....}F.i.A..."......{..
..%,...r........%..'24...V..#..Z.Y.U..<f.)....q...9#......,.A..F...
F2.G..@...P..../.T:...U.X.c8.UP.Q|.Ed.......q..`....'.W..d7..x6.q.|.z.
.."......j.....e9;... ..)$.....Q.^.......w.;..\.F..bv.A..!B?`.j..D.tj.
r..t..zH/...F.2/}.........4$...QhA.P..p%....{pF......k..z......Mo.V...
.......#.Z.t.0w..P.....<. ......qW4..5\.....X..x.{........S...~.M..
....N?.A.1.....5...o..S......../.m.K.....:.d.....\..2.=..p.=.(.x..za#D
q.E..t..&.L@..S....S*.V.....S>...V..^.zN...J...:..s.f...B.....B9/..
..FF.p.P.....Nm?....wZQ.Z..(......A|c..CQ.....;l....WT.iC/.K^......y..
.K.m....P.IN.e..........f....]9...zm.;.#8..T.x...s.;.Lv(I...(....%..w.
eh...I.h.a.&5X..8..@.S.....S.f.. V.c.Q&........ .....0PO%c.R....P<.
c]t._7..(....w....._.}.....L...2>-...z..lF.....AE..Fd&...D9.K. ....
[......&....6.(.<...c..T[C....<..*..L ...vM..6...q.o2...n].-.=..
...:.........;7.?7...^.,.a....8.K.. ....Q.n...@c......NE.9..sjJNmG...s
...'.. ......4.[..$...?8.....}.k..Kx. R../....Vq...?......I.qn...a.8&l
t;4....S..[$....N.|.....Ncvv.}yQ...T.O..g.ZZ.....Hpk.i_,.Mh..].7g...(.
w.....F,.)G5.M...E..y../..!;......&Yl5..-.......0T'.Z.H.1|.C/Of.c..*.j
4.d*...)..q...z...r",..u...R.J.......D........r....mN.^..&...Q..q.~M_.
u..p............I..[u|.5"....5.y."~.......S.]....rE(^.3*,fq...e'2.
<<< skipped >>>


GET /odin/201610/4f03c9f6263fa20679b486a9424243c8.7z HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: scloud-dlsw.br.baidu.com
Range: bytes=1572864-
Referer: hXXp://scloud-dlsw.br.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)


HTTP/1.1 206 Partial Content
Date: Fri, 03 Feb 2017 23:47:51 GMT
Content-Type: application/x-7z-compressed
Content-Length: 30635785
Connection: keep-alive
Set-Cookie: __cfduid=dd18da332e8a3d06d2f9f928526d969f51486165671; expires=Sat, 03-Feb-18 23:47:51 GMT; path=/; domain=.baidu.com; HttpOnly
Last-Modified: Wed, 26 Oct 2016 03:11:29 GMT
ETag: "58101ee1-1eb7709"
Expires: Fri, 22 Nov 2030 23:47:51 GMT
Cache-Control: public, max-age=435456000
CF-Cache-Status: HIT
Content-Range: bytes 1572864-32208648/32208649
Server: yunjiasu-nginx
CF-RAY: 32b9c53954cb599c-VIE
...Q_b....9#..6. ...[..`..@.V]W.. .....}.....QB..,j....T..=(......Ns.&
....NR.#.a@.'....NR....u.d).T.e.)G.......-$..~ .%F..?^L.......T.......
..p...}A..\.....S.....o...o.$.V....C.4....x=.o.f....PW.G.v'...........
.'..9ea..$B......\..v.@...D...\q/....e..[..|quZ.....|w........x.3...g.
.1 6.m.?........y5....."......<.b...R....9u."s.l.vd...~P<....7n.
E...K.....=..<...5..s...q..s.J..b.k....k...[X~.h.o.q!,0...1z...d...
d)Z.....^b....N.....?....(.sI.v......Xad.....55.e(......-.EY....3..q..
.I...6.AY...3&....g:...eU....~.J....@..ay.Y#......L..2^q.|..#{.#nV.].&
.].u3X.xfv#.t]-.2.........._...p:.4xD..,...6n.......A3..Z...@...9=... 
.._>.V...b7].1c...Z..i';.p0.w..,.,.........x.D...y..gIt{.v.m... I.[
...T..... ..f..f.....ZZ(.l.H....=,....@..!.;`@:}..../.#.<.T...l..._
.].1f.f..g..UN.....BMa.n...(si.zx.S.LU.|3...>.......F...TM...'...w.
.A%u.:.OI.6..6"..=wI.w..5..C.'.........u.C.....2..6........?....,..f..
...-..HT.....6Ea.X........f...c2A.T..|...,......Z.Jx...m...lboT...Wx.$
7J.....Sx.p.\T....B.W..t&.eyw.._8......OHT..R.......N...0.0..... ..&~.
I.C..t}.....p...,..[Wlx!.=].J<M.....Aw"R.....p...._.X..C...n4.U....
.r[....^.t.... fS....m....U.G.....]o.......#........."..6.^}.......c..
z...Hw.v...W...A..~jJ..u fq....#...FgP....lx(..t*..... ...r7g..G...S. 
.<s.QJ...S5..y3(p...y...0r"*.Uk...|...v.1.vd.X..jn."`.e...-".......
..;...S..%.......z..#.9O=BT.T}...(..O^....nU..w.t.....Y....0...@#..U.6
.:.......H.......%...S..$-...c.W ....=J.....Z...S.}.......[.....u...8]
.Bo.g.,J.F.B..,.;.........n).E...uy.P/XC.@)c.m......#.=.# RT....7.
<<< skipped >>>


POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 213
Content-Type: application/octet-stream
Host: hb.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...y....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...P....^.>b&d..y.I.......GV......^.....y.wM.......NW..b..u|.......)).@...')&5.....
.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 173
...y....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.
....` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424...(.........
.K....Z..`..q`...BeY..=U.q2.....LHTTP/1.1 200 OK..Content-Type: applic
ation/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Co
ntent-Length: 173.....y....N...." 1deeea43e07fba973e9d83e58918d424(...
......2.8..@.H.P.X.....` ..(...1050123723.. 1deeea43e07fba973e9d83e589
18d424...(..........K....Z..`..q`...BeY..=U.q2.....L..



GET /pb/201610/f0282f7cf506b8807c78423d06a249d6.pb HTTP/1.1
Cache-Control: max-age=0
Connection: Keep-Alive
Accept: */*;
Accept-Language: zh-CN,zh;q=0.8,en;q=0.6
User-Agent: Mozilla/5.0 (Windows; U; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Host: ibr5.bdstatic.com


HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Fri, 03 Feb 2017 23:47:50 GMT
Content-Type: application/octet-stream
Content-Length: 1167
Connection: keep-alive
ETag: "580d6f35-48f"
Last-Modified: Mon, 24 Oct 2016 02:17:25 GMT
Expires: Wed, 22 Feb 2017 15:42:39 GMT
Age: 979495
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Ohc-Response-Time: 1 0 0 0 0 0
.....            <div class="switchBox" data-show="1">.         
       <div class="moduleBox php-module" data-position="2">.    
                <div class="main">.                        <d
iv class="title">...............</div>.                      
  <ul class="list">.                            <li class="it
em" data-type=""><span class="inputString">..................
...</span></li><li class="item" data-type=""><spa
n class="inputString">............5</span></li><li c
lass="item" data-type=""><span class="inputString">..........
...........</span></li><li class="item" data-type="">
;<span class="inputString">............</span></li>&
lt;li class="item" data-type=""><span class="inputString">...
......</span></li><li class="item" data-type="tip">&
lt;span class="inputString">........................</span>&l
t;/li><li class="item" data-type=""><span class="inputStri
ng">..................</span></li><li class="item" d
ata-type="tip"><span class="inputString">............</spa
n></li><li class="item" data-type="tip"><span class=
"inputString">..................3</span></li>.         
               </ul>.                    </div>.          
      </div>.            </div>..
<<< skipped >>>


GET /app/101/start_page HTTP/1.1
Host: redirect.mb.baidu.com
Connection: keep-alive
Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36 BaiduClient/3.1.200.2978
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
DNT: 1


HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Fri, 03 Feb 2017 23:48:12 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: hXXps://cdnmbapi.baidu.com/api_res/apps/switch_pandora/index.html
<html>..<head><title>302 Found</title></hea
d>..<body bgcolor="white">..<center><h1>302 Found
</h1></center>..<hr><center>nginx</center&g
t;..</body>..</html>..HTTP/1.1 302 Moved Temporarily..Serv
er: nginx..Date: Fri, 03 Feb 2017 23:48:12 GMT..Content-Type: text/htm
l..Content-Length: 154..Connection: keep-alive..Location: hXXps://cdnm
bapi.baidu.com/api_res/apps/switch_pandora/index.html..<html>..&
lt;head><title>302 Found</title></head>..<body
 bgcolor="white">..<center><h1>302 Found</h1><
/center>..<hr><center>nginx</center>..</body&g
t;..</html>....



POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 111
Content-Type: application/octet-stream
Host: dr.zc.baidu.com
Keep-Alive: timeout=600,max=1000

...C........" 1deeea43e07fba973e9d83e58918d424(.........2.
@.H.P.X.` ...... .uCM..Pr.....i..b...)..i)...!U...
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 95
...C........" 1deeea43e07fba973e9d83e58918d424(.........2.8.@.H.P.X.` 
........uu....v.H.....c..HTTP/1.1 200 OK..Content-Type: application/oc
tet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Le
ngth: 95.....C........" 1deeea43e07fba973e9d83e58918d424(.........2.8.
@.H.P.X.` ........uu....v.H.....c....



GET /odin/201610/4f03c9f6263fa20679b486a9424243c8.7z HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: scloud-dlsw.br.baidu.com
Range: bytes=16908288-
Referer: hXXp://scloud-dlsw.br.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)


HTTP/1.1 206 Partial Content
Date: Fri, 03 Feb 2017 23:47:51 GMT
Content-Type: application/x-7z-compressed
Content-Length: 15300361
Connection: keep-alive
Set-Cookie: __cfduid=d5e14fcd6bc380fd8bb02d3df76a34e3e1486165671; expires=Sat, 03-Feb-18 23:47:51 GMT; path=/; domain=.baidu.com; HttpOnly
Last-Modified: Wed, 26 Oct 2016 03:11:29 GMT
ETag: "58101ee1-1eb7709"
Expires: Fri, 22 Nov 2030 23:47:51 GMT
Cache-Control: public, max-age=435456000
CF-Cache-Status: HIT
Content-Range: bytes 16908288-32208648/32208649
Server: yunjiasu-nginx
CF-RAY: 32b9c539552159f0-VIE
6...29NO......}:.......f.........J..Au#j....D |...u.-.Z./..}P..m......
1......F.....:.Qw..r..../x....O./-(.x.e....\m^!v| .!B....r[.b~8."..h.#
),o.T3.y.(..JE.b.u]..V...-.%....b..........i..T......A.......G\7..R...
..;.s.Qg..... ....f......4R...........O._.Cm...(.8...3.R9ij.....Q.32s.
;GO.,K..K=..)....)q.lz..d.]#..&0.7......]h....V.9....#.d.7.....X......
...I....Y..bI..'..I. &`..].~.W...O..e6.h[...Z7/...... >..T..k....(.
.I..`*..Z....'(.5~7......K. ....$.f....-..{p\r...cv.O.~_:  ...r.......
.......=o.wD.Ra.;.z..Y%x....)%.#..........Q.).......,v..`.....H({v..X.
.f..S^...<.....L.....=,_k.s..e.....).....Y. ;;.....z.9k.3f..0A.....
;..Z.....yD.{...p5;[.l..`..!.-.(........g._......1.vvQk..q=..X.......g
.ber)g.j.}.k..2?.M..Z...2.|..*......$\...H.=... ..fxo'z.......*A..T...
..tl..Jq...~eC.O~.\Ndd..?x.].................I0..M0.s.U*....8.....T.~f
.@.7.j<a.wC......o.2#~.c..c....v...@u.|.....<.8.!........-....4r
2..F.F..i.s.Y.tr.......;Ud.Q_/..S#...^)G...K...2.....<,.....c......
..!Y9z.5..QOnj.U&.r&.........lj..d._^9.x......../.....p..N..........?*
N%F..fT.........b5.....]a.........c=.7"D.nXN........:..../.l..x]..=..a
&.......D.&.5m...zD@....[...C...2T".V.#....<.......V..N..k.T.#..h.[
.@Z...u.z...4..=...(..3.n..opW.2..8g..a.\GU) n:.U...V........p.b(.|`..
B%...%_M.....Y..t.~A.!:4kx..{S.)B^......k.R..F........y5......Q.).....
...B.'...~....#.H..s...N..A.......2.f.2.2..!..Z....xq......QT........&
.-.....O..l._.|...D....l.....t<.M.d..I..;_v......(.54..j.iJm. f...3
.......*...a6.l..w.v._..~.Z..rp. ......U[.`.p...........Q`E.:o..C.
<<< skipped >>>


POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 189
Content-Type: application/octet-stream
Host: hb.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...y....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...8...Y..95( 1...8.fN...
...T..%.t..V5.Y.;.}f...2e.../s....'
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 173
...y....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.
....` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424...(..CG..zfD
..y....N6.........~....U...h..Xh.HTTP/1.1 200 OK..Content-Type: applic
ation/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Co
ntent-Length: 173.....y....N...." 1deeea43e07fba973e9d83e58918d424(...
......2.8..@.H.P.X.....` ..(...1050123723.. 1deeea43e07fba973e9d83e589
18d424...(..CG..zfD..y....N6.........~....U...h..Xh...



POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 271
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...k........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.. 1deeea43e07fba973e9d83e58918d424.......Y..95( ..UW...b..u..].z.f..M...wR.l...]..W2'.V.'-..
..Q...A^..N.3;.:..Q?.O.<..i.J>...N..EU..R............. s.Q.......t..."........<:d8.p....Z..L./.[..
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 135
...k........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` ..(.. 1deeea43e07fba973e9d83e58918d424...........U.S.#.!-..Dt>....


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 263
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...k........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.. 1deeea43e07fba973e9d83e58918d424........R*5......i.d.....;..>.D.g...M....;t......v.Y/...f.../Y.W...G..4..K$..=....I.%.(..0..b&.x....^.[I#.Q$..b...pz...6..C....... /....-..b....j.c.b.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 135
...k........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` ..(.. 1deeea43e07fba973e9d83e58918d424........~.).w.....|..=HTTP/
1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeou
t=30..Connection: Keep-Alive..Content-Length: 135.....k........" 1deee
a43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.. 1deeea43
e07fba973e9d83e58918d424........~.).w.....|..=....


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 207
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...k........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.. 1deeea43e07fba973e9d83e58918d424...X....v...1.<..e.H.|....).<.F.4fP.=.....Y...a(JH
z.........R....i..;vHW....n.q..P..p..e|...
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 135
...k........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` ..(.. 1deeea43e07fba973e9d83e58918d424......H..$...L.....z....



POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 316
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....-.~..m...5d...y.r...X*....qLq.a....u..'G...^..#u....?...?g....)I......EQ......;.o...%H..U..........=...~..~r..;......!1S..V.6.
..r#.,.y.[....i%........z.(......,1H.Y.i.....jA.....B.A.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 148
...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....-.BY.2...
...../B.HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-
Alive: timeout=30..Connection: Keep-Alive..Content-Length: 148.....x..
......" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` .
.(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....-.BY.2......../
B.....


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 316
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....-....M.2..!...'..2....X ..lb<.r.Ry.-P...s.0O.Z..$.P.R.W..K...b.r...(...[6........Z(...UE.=.H?..Ka\.X.B.Y.0....!@S.Z6S[..%4.?8`....-n..D....}....LL..(.m..g...*rV.."kpK`/.%...?...H."....POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 316
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....-v51GDA....cVDB...HN..A..!:};....4.......QW
U..&
?...Z.:.e>...k.j..<Q.....OK...d....V|Q3r`.#\..^...``.(..v.`z..d(.y...Vw.T..A.aJ...9....Q@..<"...iH.....6.9.$.SI..w...X.Z..y.D.<.,c..C^~POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 316
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....-`}.gc<.&...yV.l...j........g.B....q..N.5.......M.Ip;z...?%...}..Y..2....)...Cu..w}:....w.*....5..@....r...Tv.........P.E........D....>...c v..!9...P..V..7q..N1..yH.`......|V..2b#.O.>..
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 148
...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....-Fl......
.~.....lHTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-
Alive: timeout=30..Connection: Keep-Alive..Content-Length: 148.....x..
......" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` .
.(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....-..PRSR.....{3.
..HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive:
 timeout=30..Connection: Keep-Alive..Content-Length: 148.....x........
" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(...1
050123723.. 1deeea43e07fba973e9d83e58918d424.....-..8.c[..... ....HTTP
/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeo
ut=30..Connection: Keep-Alive..Content-Length: 148.....x........" 1dee
ea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(...1050123
723.. 1deeea43e07fba973e9d83e58918d424.....-.......xt...M.....



GET /app/101/start_page HTTP/1.1
Host: redirect.mb.baidu.com
Connection: keep-alive
Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36 BaiduClient/3.1.200.2978
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
DNT: 1


HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Fri, 03 Feb 2017 23:48:12 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: hXXps://cdnmbapi.baidu.com/api_res/apps/switch_pandora/index.html
<html>..<head><title>302 Found</title></hea
d>..<body bgcolor="white">..<center><h1>302 Found
</h1></center>..<hr><center>nginx</center&g
t;..</body>..</html>..HTTP/1.1 302 Moved Temporarily..Serv
er: nginx..Date: Fri, 03 Feb 2017 23:48:12 GMT..Content-Type: text/htm
l..Content-Length: 154..Connection: keep-alive..Location: hXXps://cdnm
bapi.baidu.com/api_res/apps/switch_pandora/index.html..<html>..&
lt;head><title>302 Found</title></head>..<body
 bgcolor="white">..<center><h1>302 Found</h1><
/center>..<hr><center>nginx</center>..</body&g
t;..</html>....



GET /odin/201610/4f03c9f6263fa20679b486a9424243c8.7z HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: scloud-dlsw.br.baidu.com
Range: bytes=24510464-
Referer: hXXp://scloud-dlsw.br.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)


HTTP/1.1 206 Partial Content
Date: Fri, 03 Feb 2017 23:47:51 GMT
Content-Type: application/x-7z-compressed
Content-Length: 7698185
Connection: keep-alive
Set-Cookie: __cfduid=d326756cb3aa809de7d0354c33b17a6f41486165671; expires=Sat, 03-Feb-18 23:47:51 GMT; path=/; domain=.baidu.com; HttpOnly
Last-Modified: Wed, 26 Oct 2016 03:11:29 GMT
ETag: "58101ee1-1eb7709"
Expires: Fri, 22 Nov 2030 23:47:51 GMT
Cache-Control: public, max-age=435456000
CF-Cache-Status: HIT
Content-Range: bytes 24510464-32208648/32208649
Server: yunjiasu-nginx
CF-RAY: 32b9c539663e598a-VIE
?.w.3D....)OuD.|.....kQz\MW.....I.I.?/.x.....j..m\No.xw".z.3..D".-....
.II...5@.5.N.;P..&.u...D-.....n'....x@rKS.0.u.q.....^oS..........%...q
pm.....#..[.N|.eu./P.....X.;.s..s$..Q%..iW ...4).2i9~. ..~_...........
......p.lO.s*F .....$.y....^.C.g1....;Ea...p...\.L|9.h.>l.6..m..r.N
..>.~...=.>k....b.`AH........r!....%@.....[.._.fJ.....gi........
~.....gM....]*~...E..f.b..>.......f.u.....y.`.....7.........B....qU
..M.#.5g...J....g.$[H.x.&..w..f..`....TZ......%.`*.36b..u.....&:.9m.6.
.G4h..*R#`.*.'.....k_&3.[..>5_lt-...._..X...$h.^/..0....u9.Hw..G...
..7.\@=m......~.&)..../.D3..c_A....Q..D..~..5.:.x.. ...4.......50.....
#.# }.....@..'G.....5..k*/.".[H..C.M.#.5\1.(.'d....P4?..q&....XK.H ..R
.....S..9s.z.0...e2X..yY..2$.I...B....;R*..H.....G=.....y.Dd..E0.[...Z
"..Y/ 9.......yG.{..1.t..B........p...&..e.YA.....B[..K.Uew..p.....3r.
A-M...,k%......G..n.B.@..@S.wE}...0..}....@;....}.|...........R#..f...
......&Y....4.*........7I]Yad..S[..f.=....ve..5...!u!X..........DyC.:.
.9.y....#( ..6kp.cz|..l..c...........Y...&u..wZ@...N}...LN.7....}..a..
..O...x......l.Q.q .........~.i.....:....4.z($.......(......]....70H.M
{:M.v.CV.....7?bG\.....O..ID..... ?.A.fsf.(s......;0E.......5z..K~AZ3.
..6.....r..9..f....[...d/.n..I<h_.]...2V.Ks..T..(,.;.H$.x.*........
..n.G.h2'9~.q........... ....=*.'}.1/..."..H.xmK<.......... G...J..
...'.Q.........._h...7*tv.&....^e..!-.@x..i..p.;..t..X(/*......C.._...
9q..H2h..q..'X.r.....5.7o..'.._zU;.Mu....i...&Y$..2za.<.@..`..'ay.v
@.<bG....*.d.6{)..R; .u.._..T .6,.:vG.....3...-K..a. .U ..1.[..
<<< skipped >>>


GET /odin/201607/0260783600ae78ce0dbeabf59a8d873c.xml HTTP/1.1
Cache-Control: max-age=0
Connection: Keep-Alive
Accept: */*;
Accept-Language: zh-CN,zh;q=0.8,en;q=0.6
User-Agent: Mozilla/5.0 (Windows; U; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Host: scloud-dlsw.br.baidu.com


HTTP/1.1 200 OK
Date: Fri, 03 Feb 2017 23:47:50 GMT
Content-Type: text/xml
Content-Length: 5643
Connection: keep-alive
Set-Cookie: __cfduid=d6b66e536b4730f49884bc370f0421aec1486165670; expires=Sat, 03-Feb-18 23:47:50 GMT; path=/; domain=.baidu.com; HttpOnly
Last-Modified: Mon, 18 Jul 2016 05:00:05 GMT
ETag: "578c6255-160b"
Expires: Sun, 19 Jan 2020 23:47:50 GMT
Cache-Control: public, max-age=93312000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: yunjiasu-nginx
CF-RAY: 32b9c532b6d659fc-VIE
<?xml version="1.0" encoding="UTF-8"?>.<Rules Version="1.0"&g
t;.    <Rule CoreEvent="0" URL="(.*)www\.baidu\.com/(.*)" Referer="
(.*)" StartTime="0" EndTime="0" CCType="3" CoreType="0">.        &l
t;![CDATA[.            !function(){var n=window.bdc||(window.bdc={}),e
="lapuda_api_hub_v2",t="2.0.0";n.version=t;var r=function(){return fun
ction(n,e){for(var t=0;t<n.length&&e.call(n[t],n[t],t,n)!==!1;t  );
}}(),a=function(n){return Object.prototype.toString.call(n).match(/(\w
 )\]/)[1].toLowerCase()},i=function(){},o=function(n){n=n||{};for(var 
e,t=[].slice.call(arguments,1),r=0,a=t.length;a>r;r  ){e=t[r];for(v
ar i in e)n[i]=e[i]}return n};n.external=o(n.external,function(){var t
="_BDC_CALLBACK_" (Math.random() "").slice(2),r={};window[t]=function(
n,e){var t=r[n];return t&&t(a(e||"")),n};var a=function(n){var e={erro
r:-999999,msg:"response data cannot be serialized as an object",body:{
origin:n}};try{e=JSON.parse(n)}catch(t){}return e};return{send:functio
n(n,e,a){var i=arguments,o=0;return 1==i.length?(o=n,n=""):o=window.ex
ternal.GetNextReqID(),e&&(e=JSON.stringify(e)),a&&(r[o]=a),o=o||"",n=n
||"",e=e||"[]",window.external.StartRequest(o,n,t,e,""),o},appSend:fun
ction(t,r,a){return n.external.send(e,{app_id:n.app.getId(),api_str:t,
args:r},function(n){a&&a(n)})},appListener:function(t,r,a){r=r||{};var
 i="." (r.operation||r.operator||"add") "Listener";return n.external.s
end(e i,{app_id:n.app.getId(),api_str:t,args:r},function(n){a&&a(n)})}
}}()),n.app=o(n.app,function(){var e=null;return{init:function(n){
<<< skipped >>>


GET /odin/201612/7e805ee4cc4b619e45512c018c9f1e75.dll HTTP/1.1
Host: scloud-dlsw.br.baidu.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0



....j.hP.........RhP.........Ph.!"..M.....................Q.U.R.3....0
j.hP.........PhP.........Qh.!"..M.....w................u..............
..................T........U.R.M..e....}.....u............}..t..W.....
...hP...j...X...P._........X.........\...P....M...t....}..t..U...D....
...D...\.....D...Ph`.....x...Q..P.......U........E P.M.Q......R.;.....
..E .......}.....tT.}.....tK.}.....tB.}.....t9.}.P...t0.}.`...t'.}....
.t..}.....t..}.....t...@...........@.........@....tw..P...Qj.j.j..U.R.
E.P.U.....T.....T....uL..P.....t...j.hP.....X...RhP.....X...Ph.!"..M..
.........T.....P...Q.U.R.*....0j.hP.....X...PhP.....X...Qh.!"..M.....n
.....T.....T....u...p.........T.....]............U....8.E...H.........
.E......E......}..u..}..t..} .u..W.........U.R.M..%....}..t,.E.P.:....
..=....v..E.o....M.Q..h....E.......} .t..U ...E..M...P...Q.........E..
U...P...Rj..E.P.........M........U...P....E..P..M..U..Q..}..t..E..E...
.E.h....M.Qhl....U... R..P.......E..M...4....}.....tQ.}.....tH.}.....t
?.}.....t6.}.P...t-.}.`...t$.}.....t..}.....t..}.....t..E........E....
..}..th.U.Rj.j.j..E.P.M.Q......E..}..uF.U..E..B.j..M...P...Q.U.R.E..P.
..P.M.Qh.!"..M.....p....E..U.R.E.P......0j..M...P...Q.U.R.E..P...P.M.Q
h.!"..M.....1....E..}.........U..B..E..}..uf.}..t..M..U...0......}..t8
.M .U...;.4...r!.M...4...R.E..8...P.M.Q...........E......} .t..U .E...
4......U.R.........E..|....w.}.....t..}.zuT.}..t..} .t..E .M...4......
E........} .t..E .M...4......E......E.P.d.......E.........M.......}..t
..U..........} .t9.}$.t).M..T...E$9.r..M...Q......R.E P...........
<<< skipped >>>


POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 293
Content-Type: application/octet-stream
Host: hb.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...y....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.
1050123723.. 1deeea43e07fba973e9d83e58918d424......D)..-...J.o<.`...V........o.W.....g...i4S.4.X]Tro...8 ....\.
...o.*.W....EHbb..c.y5@..=m...A....8..Q...7.;...9Kk..$...B
..a......!.
....N-..]!|.._.E.w@Z..R...POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 197
Content-Type: application/octet-stream
Host: hb.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...y....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...@..^r..
v..n...IO.z.J..i\....N..#.B.. .ec..Gk.J.QP.'..
...X@L.mH..POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/octet-stream
Host: hb.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...y....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...0..&w"..x..z..8A..3.,..\A1..x.
C|....W.M....;,u...POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: hb.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...y....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.
1050123723.. 1deeea43e07fba973e9d83e58918d424......bx...N..=.2 }Q..K#.NK"....8..Z....D...!..Q......}*E...:.>..0.P.....V.........j.s.E
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 277
...y....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.
....` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424.......#.c..6
?...H#....p\....i.vo..dm.B./.....yN&..].M.C.......B%X1.X..."-...1.h...
.....lW..........I?@..mF.p.V\.....sc./'..A}.>.p...9tNM..{......C...
HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: t
imeout=30..Connection: Keep-Alive..Content-Length: 173.....y....N...."
 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(...10
50123723.. 1deeea43e07fba973e9d83e58918d424...(...A....5....-..;8=....
&t..a[.../.A..U....HTTP/1.1 200 OK..Content-Type: application/octet-st
ream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 
293.....y....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H
.P.X.....` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424........
.....@\.R........{...L/..pq.4].....h.,..yk<.....bsl..Ed.).....ZF..&
gt;..m......4.C.`w.X....G.KS.,..'.}....Ws.k..P .2..... ....L.^?r....q.
?...../pm.K}.%.....ce.Q.HTTP/1.1 200 OK..Content-Type: application/oct
et-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Len
gth: 173.....y....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8
..@.H.P.X.....` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424...
(....8e.sI.6...-..u....."......#.P....O....HTTP/1.1 200 OK..Content-Ty
pe: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep
-Alive..Content-Length: 173.....y....N...." 1deeea43e07fba973e9d83e589
18d424(.........2.8..@.H.P.X.....` ..(...1050123723.. 1deeea43e07f
<<< skipped >>>

POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 195
Content-Type: application/octet-stream
Host: hb.mb.baidu.com
Keep-Alive: timeout=600,max=1000

........N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...8... ..3.}_.. 6.u..q..s.[.xd']]S......_G.z.h.B.)......Kb...POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 195
Content-Type: application/octet-stream
Host: hb.mb.baidu.com
Keep-Alive: timeout=600,max=1000

........N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...8...:?\.:.......E.U[......x MA..~..K...l8......w21.b..K...|POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 195
Content-Type: application/octet-stream
Host: hb.mb.baidu.com
Keep-Alive: timeout=600,max=1000

........N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...8...O..q......R.L.B..........jJ...F..,%....V...z.....uU..].POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 195
Content-Type: application/octet-stream
Host: hb.mb.baidu.com
Keep-Alive: timeout=600,max=1000

........N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...8.....G...r\...T=tG..Rs.V.D."VB>....[.Bp.B..i.p..F.......!.POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 195
Content-Type: application/octet-stream
Host: h

y.^y.\.".X....A.S8.N=......?..I....h..* ..;.j'..A[~,?....q....kk......
....E(... .#3=q.G..l.!.9.w.LL..7....=~8u*..Z'wgM.?QA.7[b.... ....K.N..
b..~._.>.T......c.............?[2...5.,.q......E...=.rv',.O..I.p`..
1.....t.......0.5.....E.2.V......Ff..n.j...y....;.C..........%..t....z
..w..).......z.e...~.H1...3...?V#.....|},(.O"...".E.\.]- [bZ......1{O&
lt;. ;...|.....3a....`.v...o....`.....F...2...W.....y7}.....:.Q..P.L..
l#.Iu...> . /..&H<.r....^....,...[1........p......hoz ...O......
.?..h.[@1u.......Qc."..c.C..t.....Xhn....l..}.... .............%....A.
..>?t/d.R....3.. .pF|M\g.}..^%.[..?.</.X../.k=@.....%.RXA.=`Aifv
s../"..Sr....dBx...M....R.....mp..R"ED@..-..........$N"......,..=.,d9p
D....@V......<4..e,.?...D.HYu...n..#.h0}.2....eL.B`....:.x.,.......
~....f..[E.8.VS.;P:...\1k?...../.......b-<..<..w...#.zE...Q. "..
...H-...Jl...D.S....]#T..=S..0..z..v>.P.E?o.!.......I.F...i....HWu.
...F.B..]....N2O.q.=......b..qc...k........&z...... K.6.r..s-1.3f.....
.F..d....^u.R.KD.......r8Z}....$6T....m..fpvb.C.-.......Fz.....34.....
.R.......YF..=....G.j.N.K.{b...7.1Cf|t..K...D.._.......  *s3.e..<..
q..YZ)...% ..~..]......b$....P1....>..E....d...5...#.....]...?.....
d...k...FV.|.&{V..'...j.L.P...A.3.>...{..-....>...X...$..Q=..F..
K[.~.^..y..G.>.FT.*.......N.V.r.?.7..Ps...../.$.X.1P..:g.....8.|...
.....G.Uw....]?.3..L.....g.^..m.%b......."-?....w.}...g.X|5..4........
.....Ur......b&M,.......V......K........0.L...r%...(^....m...D...Z....
..X..K6.....p..:sL....N:....?....V.}....5i..*....s.2.]...Q(..J0...
<<< skipped >>>

POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 211
Content-Type: application/octet-stream
Host: hb.mb.baidu.com
Keep-Alive: timeout=600,max=1000

........N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...H......$'f8
....T.a.&e...u .'rx...u.@...&.j......;'c.../\...Ig..OA[..=./.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 179
........N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.
....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...(..K
qb.......D.(!?ak.lW0j.R.B.YF.....7U_Mj.....


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 915
Content-Type: application/octet-stream
Host: hb.mb.baidu.com
Keep-Alive: timeout=600,max=1000

........N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.......#..^M.^)M....
&.h.|....P.K%..$..4.{.Llq.%.t...h.....7. ...9..S.^.:..J....z...T..OF....*.?.#.(.ye.A..o......2c.E...!.....,#.IT../.Qk....].3{*.0.6(/.zs............>%.TV.;.......q.A.U0.....=."...*p..[O..J?A49..M....k...X...^h...u&w....l..r.,IU............$....?...>r../...e|..B............&..?..`.4..X..U.-......:.uy........n.>..(....7)..3e..w..Z$T6D....,....H..EZ....(............:o..
..3LVC.hf.".'....Q.L\b2.J..;}.L@y2@.....CCvwi...p.$...Jz...=u^..fg..mh...........?.C..5.b.....P5S.#...7).h......../|.wL.t/..f..3h.B..wH......W.7..y.J...%.3:....b66j?`.vp.5...n..&.v.k.v5.....T...c.>.e4.BB.9...-...s..uvr.Z.M>..X;.r(6...Mg.....-.}K.s..v.;.2.^s.V/..vl=$ww..O%k3}p..".....|&..........HU..[...Rh8?...j..6.,0".WS|.\3n.....-.*]..;.._n...i
k.m^......7t./....i:.3.....}1'...6.z..
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 195
........N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.
....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...8...
..w..../[S....../....._..MlM...\.6_FoI.E...v.43.....'k/..



POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 332
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.
1050123723.. 1deeea43e07fba973e9d83e58918d424......h...C}.K....D......~-..C..n........'0.}u...K.......{j..H|.x.d.t.`;..........xe.1.7..YRfB..-..${W*C..\.$.h>......^..a..cr...|.o.........d.e.f....8......
X.^._[9.....Q#...N.h.....?.U...l9J.....W.....[..
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 148
...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424......G.v...0.
...7.~7MHTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-
Alive: timeout=30..Connection: Keep-Alive..Content-Length: 148.....x..
......" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` .
.(...1050123723.. 1deeea43e07fba973e9d83e58918d424......G.v...0....7.~
7M..



POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 252
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...x.....{j.JM.N....*.x. .?]......?.9.^ .....He.A.6!)3j\.
/t.....o..E.J....K..*R......WF..........Ot!..V.....).;R..0;.........
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 148
...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424......S.....?.
..G.p.......


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 266
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....,t9.E...`.$^A.....}-oZ......sp.h....M.:.|'.$.h.t.)K.. ...o.M.W.ZA=`.G..k../W....!......Gof..&-Ir..^.bN..^...g.0....s........]..ll
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....,..
....-.......&.....


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 330
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424......eUOK.q.t=.......[z.C......^)......~K..t.G........t"....0..\.S..i......D...Bh..(.....jS..iE.d.EQ ....m..A..8.........R.!S...m.]../h.C_..B}N^i>..
....J./.|`;6..|.#..h#u.9v..zF.X*\'.........]x..j
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424........
f. 7X...._^ ......


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 258
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...x....e.GS..7.q.....k@.y!L1m...{.....O2...c.aI4.2'.2K...;....P.8....Y&nPL.../....3mww..k...m..`.I..U$1...lg.....b.z...a..J..
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424......b&
lt;.H....^..}NG>F....


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 258
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...x...%h.6..M..Ww..z.1...*".28M....-.A$;......[S..e..&||..Tu|\.'..9.,...T.o.z......J.z7..Lz..h4%..8C|:.i..7.?8'3_NbI.....;*=
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424........
IY....u.K..Ls.....


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 306
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424........).........Y~.4V..J..@g.-..
}{....D.O%N...s\.-|..).}.v8..W.......y~....p-.....d%.%.[.P^..:; ......".......&0..uT..r9U/.....^*....=.g|...y`.=.......#...S..e/...U...3a
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424......'.
`..R..^..$........


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 290
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2...v.G.aE?x;52.~.dc. ...#...4/..m.o4..Y.H....R.7R..z.539....z....
....v*.&`,...<..7.4.<..<.8.....t.T.-..".`Q;....5..1M..#.....K.mx.....;.......NGc....E3
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2\9
..~..,............


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 306
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2..E............ .-...k?.E..v.....]......K.......<.k.....wTb.s..j.~....x.....)K.N5!......y,.W
$..[.....(.Ro...7..
w\.&..9 "...........z.....9Ap..y.!
.{>.?...Jo.Z.|.z.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2.T
1..i2.v ..........


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 274
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~......
" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424......:.. .Qt.................5h...
~..W...Ms..c.....[c.. Pw...p../.*.......W*(|.....M@.... .....e(......3.|.`<Q].H..1.sMH.5.iU.[..(S..T.O...POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 290
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2.~]...p.*;....#..Aa.l.D...x..'..D#..9#.Se.".vdj....../.ZG..._....
...
.?M..... ..#.HLV.. ...I'..i[.fA.%:.SK?~,^M.g.er:.\.]...O(......3.......&2-Y..d.:G
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2..
,t.G..`...2S......


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 290
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2..to....V............W{.DG%?.{...R.r:g=...N..-73...........$..Gg....G.WL.!a%/..Y..D.D=.6
.....]..Z.B..t8a8..6.%.z^....S.{.4A .....3...:NKeN..|v.2H.:.s..
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2..
..YCc.w0..,fY8....


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 290
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2..O..w..t...Km.O.v.4r.d..u..bG.Q.b"!. ......,.....g.........9...S......d.qa.{.....4y....K...!%...G........Y...u.\...w....
..........
.......u.........POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 290
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2 .....>.....jQ.6&..M.u..>.0..F....6...HR..b.~..2.T....,....p..2..V..AG...U...zdz2un......Y....y...k..@>..A.]...k......=....~.U...*..e...h...~.s$.c.jka.POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 298
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2E....0........QY...<~.dr;...gdB.......y....\.]..."...bF
&>h .....@.}.R..`...
.s(....5~, ...p-\.ER_.....T...C.........i&.T..s&~...u..ye._........u.. .t..zD..
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2..
.Zw#...dT.)...HTTP/1.1 200 OK..Content-Type: application/octet-stream.
.Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 154..
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2.b
..?......Im...HTTP/1.1 200 OK..Content-Type: application/octet-stream.
.Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 154..
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2$.
T(....6Q[...s.HTTP/1.1 200 OK..Content-Type: application/octet-stream.
.Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 154..
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2P.
..X,........U ..



POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 312
Content-Type: application/octet-stream
Host: cr.zc.baidu.com
Keep-Alive: timeout=600,max=1000

...D....N...." 1deeea43e07fba973e9d83e58918d424(.........2.
@.H.P.X.` .......(=O...Z..j...bcv..V..%.m..4.>.p..W.A...;...T&........A%..{....._.X..O..|.....?..H...<.8X@.3...T V..h@.Giv.aP.WB.i.o.c8"Fu. u.r'.....j[.........o...~Q.
...ZR..E.....
....xi57.|v...*.#I....Uo...Q.....3. .t .%..,....;.....Q:...u.. ._..[
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 1680
...D....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8.@.H.P.X.`
 ......@(=.h.L..yJ.&|n.>.....H.2..T.j~...s......n.[.).sd..]y..x.. ,
......l.M...X.U...5..|W ..?.1...n.....z.;{U...xo))l.(.s...>..jn....
rJ.........~.7.L....qn...0 vD.;4Mr@7...D...._(}TZ,."......... .0.g...Q
a6....a.K...Py.;..W-TT1.....,....Pc.yFJ......3...F.......qf..<=....
c...............;..m....P.........D.l......l'..J..A..^r..".. .....D99.
i.j..{..T...[Z..;..N.i.!.Y........*..e...D"5..........W.!..5}4X...e...
.......Q...g..C.....a.}.:.'. ..m....=..t.?..b.o...n.zP'....};.M....H..
b..G./......i..X'.E,xSr...}v.#.....>...B._....)...v...}_....cLS>
..b.......d.....{.\...S.4.i....(...u.....#...T:?...[K<...; ........
.J"#!`...G...Z1D...Ia=w.E.Z...[.d..-G5.;........U.4...'..U.7.v..^....K
..9T2-w_.......=x..e.K<...]..Am.A.3.es.>...Qk)G.....k!.......4..
.i....T. sJ.(s.L@2..$QL.NmmL...y..I._..UKOEC.k....Z..0M....wp...V.....
......iD.Brx.......g...J.....{TPI.........]:..r..ZH.p..d.....&..G..t^.
p..m.[.i..S.S...|.eHF.."V....a"fX.r....r... .{.R.,...==YcP.....c6Y..,.
(;}..Q...A...!r.-.c..Y.T7....Ni..OJ.~b...P.jx........?(:.X.R..0....apA
..H.~.W&a..ad...>.QC.h:...CQ.|.V.....0..(fS.....p....".....6....cV.
.W...^`.d....T..`.O..?..v...0.t..|.-"..v......I..cb....x. C9.b.>.Y.
... ...k=..V<r.URPk!Q...g...'..=...=...K...z.v.Q....pW9..c.p1...l..
.....^.JrYC..r..Qr....A|7.dQu..w..O.2(0..c.".|*d2|O..b...........B$...
....I.Q ....Y...X.......v..g....0..9q..u\d...,^..6i....m...?..d..Vbf.Y
.m.|...R..@......Z[BY.....m.o ......6U....]m...S....../W.......e,.
<<< skipped >>>


GET /odin/201610/4f03c9f6263fa20679b486a9424243c8.7z HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: scloud-dlsw.br.baidu.com
Range: bytes=9175040-
Referer: hXXp://scloud-dlsw.br.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)


HTTP/1.1 206 Partial Content
Date: Fri, 03 Feb 2017 23:47:51 GMT
Content-Type: application/x-7z-compressed
Content-Length: 23033609
Connection: keep-alive
Set-Cookie: __cfduid=d0d6b9c009fd02bf68e3234fc4393daf21486165671; expires=Sat, 03-Feb-18 23:47:51 GMT; path=/; domain=.baidu.com; HttpOnly
Last-Modified: Wed, 26 Oct 2016 03:11:29 GMT
ETag: "58101ee1-1eb7709"
Expires: Fri, 22 Nov 2030 23:47:51 GMT
Cache-Control: public, max-age=435456000
CF-Cache-Status: HIT
Content-Range: bytes 9175040-32208648/32208649
Server: yunjiasu-nginx
CF-RAY: 32b9c539613c593c-VIE
j.%...G.....NC.vH%q...A.lE.1..&{..y.%{o......B.......'Fr .k...u...;...
c.....X.~paH.../.p...B0.J..>...[../..... .Y.{.8.T2.............w..F
I....,j.\......G{HY..~..,..W..M...XIZ3............AF)V...c.gy.~..j..Y.
je..u.h..D.2.s.V..-r..ks.... .......S..5.C?..N..K...9...F..1..F..X..|.
.\3oj.x3A...}X.'D....W}{..I@.4...:^..u...3.p......(..J....R....>...
k#.tH.............w....lq..=..QS...6......R..$..6.5T..v.....I`]......r
..D..38...!.....I.....t......r...iG.... "..?.3.....?&.u.`..H??.`.=.( |
.....a-.@.......|H.....<:.=.bi...P...v......l..gn..L..........Y.r..
......6.....j..x...m ...h|.......[X...2._..UB.R.....Sd.E..&..t..G.;..o
.Z..N_....d...o@F...eZ.i.i:.h.....QkJC..r.'x.x.LzD.Q....C..=.......u..
7...h.......Z..Yp......uG..b....w....YdD..>(.......}....K..[.W.w...
......HReL;k..a.FAi..o..*$W..Y./.M......-.E..c....C=X......;.xF.Q...a 
.pd...E6E..].....~....x..H!..Y..]M......Nsg..{8..nU.E.......|..BP....S
..`V.j...c.W.....J..T..pM..m..A.M....Qd.......?../.e.=..;..\.a. .>.
\`X.t......0G.`.m.....#&..P...._ .GK....3.c..=.t.P........Yw<R ....
.,...".:w.....[........(......d...%....D"/....z.!p&.-y...9............
......|...Z..~....O.7..M.;....w...p..pri.>....?...W.ve..C.A..].o.a.
...ke[.j.^.....{-....}.:>0.^X.P[./.M......t..pw.....3.2..UD.%.N.._.
...]...o.$..i...].......?..-'.').\.....=.......y.P".R/.'..<.%...}u.
.Q.3.....Q .....O5........O<(....a..V.........X...X.......[ ..q.i..
1.L-.y?.i.....n.Aj.......3.\....l..K..D...5....*7..l....ZM.........{).
T..l.*...,.,0..w..2D...<j.t.ox1.T..............HY#.7{......h.\*
<<< skipped >>>


POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 308
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....5...J[@j.R_..{... [.\..s..%.Jucr|.n.\........Km.!m..D._.ZV..T.#P...].!..3W..
..i\..e.....|..^v....9...F.t ...~.s...m\.E..&.~2...e.I......@.u...........h..PK.z...D..n..@.. I...
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 148
...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....5..bN1.E.
.Vt.......



GET /odin/201610/4f03c9f6263fa20679b486a9424243c8.7z HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: scloud-dlsw.br.baidu.com
Range: bytes=10354688-
Referer: hXXp://scloud-dlsw.br.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)


HTTP/1.1 206 Partial Content
Date: Fri, 03 Feb 2017 23:47:53 GMT
Content-Type: application/x-7z-compressed
Content-Length: 21853961
Connection: keep-alive
Set-Cookie: __cfduid=d73cf911ae1acdd764accf3120a5f06ea1486165673; expires=Sat, 03-Feb-18 23:47:53 GMT; path=/; domain=.baidu.com; HttpOnly
Last-Modified: Wed, 26 Oct 2016 03:11:29 GMT
ETag: "58101ee1-1eb7709"
Expires: Fri, 22 Nov 2030 23:47:53 GMT
Cache-Control: public, max-age=435456000
CF-Cache-Status: HIT
Content-Range: bytes 10354688-32208648/32208649
Server: yunjiasu-nginx
CF-RAY: 32b9c5403016595a-VIE
..X..3'...E.r..oo.t9.....G-.........(E.&....J.DfC.......sL..R}6...v...
.1(..1e..H.........>.O.Mt..N..X.&...qn..B...w.X..L..7.PN.....@}.~.P
.>I.o.s..,.........gO..p...5n^..P...?.7...r.m.E`..'&...x/..F.Cu...U
..\........7.d^<....b..v....\....H&U..H.E.6..#..;...#...q..iV......
.FY....,Q.$...K.\Z....e`j..r&.Z...0.I.Ha.g......98...K:..v.[V,...../..
d|.M......8.jr..g.#...."[.=.....;..<......C>...w..>F.l......`
.1].[.D.En....x7..u..........2..}|...r..U.L..u......_.q.1...P.,..v#1..
....i...Z>............l.5..w..........;.]}D...<..5.U.Ip...K...T.
...-9T.!.#....,......Z*..P...Y$....7.l;]e.[....&9......|.%..........d:
O.c.A.3.G.....coa........%.....:J..X.0G...i..U..A&.t{3P..jT.H......jd.
...M....=..B`V.F.QE.U"*D...j...~...~. ...G..e43._...=3.&|Kx.x...&..J..
_...J;..i2K . .>j....v.t`*x(........!..lY*....5uVo.{`...P..fs@.].-.
=F<.P..|oD.VP..'..>...cN)...K.|B...1Q..XA.N..D....U~.@5.B0.}...V
......"U..Tc1.6..R4.;......T..X..@...c.3..&.....g..z..g_....M,.....gK.
........K!.x..gc...........M.h}.l.H&.a.7|.....q.~./#.r....{ ........*)
.......:hi.B[Du.%-C...k.<U#...3.;.-.k!........`.....l.............0
t@|La.TW..I..S..^ ..Wq.R....A...t`.nYM]..|I..$.<H.a..?..........u..
..83_....*K.9../.I.....4P7.....]%D...g.0`!.:.............{..A9..*...\;
...|<..*.......:D..^".sz".WY.s;..-6.o.b.oa.K5.......SCL..j...."'...
W.eKf.Q\.}.?Y...S..X~..ro.......b..%....{.M R.vL(5k=V.......Z..g3^B.u.
\..H.&x.6c.ds`...t...Bo.....".Q.....N..Z..A..*.|.......S....G.(.V.....
9...iX..*.$....6N...i...XD..s...u.....0...8.x.....r.....{..5..=..|
<<< skipped >>>


GET /odin/201504/38012d1ec93b2df99434b63e6dd4c6ae.e HTTP/1.1
Cache-Control: max-age=0
Connection: Keep-Alive
Accept: */*;
Accept-Language: zh-CN,zh;q=0.8,en;q=0.6
User-Agent: Mozilla/5.0 (Windows; U; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Host: dlsw.br.baidu.com



;.V..6.7x.S..n.v|...<rX.....Xr.q..?o....^...P......;W.&...4e.5;...j
..'..8c.......#....|....l..b........<.t..&..I.E[.x.... ......w.q..4
I.wPP.v.:.&...(..XR.N..yX#"E.<(...7...f......~-.YS.T@9Pd.s...s..yWS
.cy....5..t,........6r....5....P..'.......9.}>....4.O...l.>._.2j
H.L.X.a....r..u_...v..eV....._^..M`......d..<}..s3.gs.Hh.3..d.XQ...
}...b5.7..H...x....|i.. 9o`g..u......d...I/.FI....?.*K.:=cR.....a.q..S
M.......G.-....l...a3W;..).:.f........)...."r...0.%......'I:.y...&8j2.
.?W.~..?z..>gn$..,.=.. ....]....0.;.m.'c..3U.>6...../<U......
.C.%..t..>.& ~..c..>....)-..N..u.WG.9..I......-.d.p.R)t[....c...
JN@........]..h.3v.(.T[..rjrJe ?D...B....U.`..[.l.....G*.a.Q.........4
.#...twB.....|JT:h.G..\.....Q.a...S...-.!...c..@.#.R...'O.....)3...$..
....8...5...8.K...MG...a.>.Z.........,r%F..#CgK[..6.....u..YS......
....D.c........Yn........`|Q(mY..0.). .(..w.0'..n.i.H.^c%..PQNt\.|n..&
lt;.eNy.....XPV..V."........L$:..../. ....,...K.o..=.v.}.I..u(..|...5.
..F...^x.<q.].".Y..iAt..AgJLv/.3..eAl.pg.A.......A....wf.E.@fM0I.l.
R.7...1.....(.Z.}.z4yQ..nb..%1.".....?0..l...`..~..1S).?P........VR.\.
...o....K&.<..4[..._R|.....9.....UL4....LN..?X......b!...%.....?...
..OW.;..e.yu.p.*..{H..`'..........c...`b....j.'..-...|....<_.S.n..=
.d...^.....x*.............$(Ju....;.....F.q..6.)7<.t...........<
@...Ez..7.uv...e..h.]I....TG..z......62c.^E.......s.........K.1[...l.;
.I.s....0.&...9....k.*...@.}..$...X..u...)..."9......B5(."6V..(...{Z.x
.Z..,.~>..!.B.S.5I.p:s/.bf..#[..Q.^.......E......1.......g..$..
<<< skipped >>>


POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 159
Content-Type: application/octet-stream
Host: dr.zc.baidu.com
Keep-Alive: timeout=600,max=1000

...C........" 1deeea43e07fba973e9d83e58918d424(.........2.
@.H.P.X.` ......P8.s......l..V.U.8.e1...{...U.
...h...`.CW..^u..G.(?M.:.j/..:Ae...^NO$.!8{a....#.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 95
...C........" 1deeea43e07fba973e9d83e58918d424(.........2.8.@.H.P.X.` 
........8R.[,|...`%.2.c/.....


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 271
Content-Type: application/octet-stream
Host: dr.zc.baidu.com
Keep-Alive: timeout=600,max=1000

...C........" 1deeea43e07fba973e9d83e58918d424(.........2.
@.H.P.X.` .......3.........&..g......O.m.I....E..H9.....x..dD..nf.*.h...3.pp.xph....2.........2..{.....M$ ..A....V....)...g....M.Cr.rr....I.Q.I.D......._!.....1.z.....1T.E4jD.AK.......l......]f..u.)P...,$2....
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 95
...C........" 1deeea43e07fba973e9d83e58918d424(.........2.8.@.H.P.X.` 
........3...Tq.."$@&.....HTTP/1.1 200 OK..Content-Type: application/oc
tet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Le
ngth: 95.....C........" 1deeea43e07fba973e9d83e58918d424(.........2.8.
@.H.P.X.` ........3...Tq.."$@&.......



POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 239
Content-Type: application/octet-stream
Host: dr.zc.baidu.com
Keep-Alive: timeout=600,max=1000

...C........" 1deeea43e07fba973e9d83e58918d424(.........2.
@.H.P.X.` ........qt&.......0......r..r.'93..I1Z.K...Z. 
.p..)I.\.....e#...h...2....v...T..-l...V..d..ud....
......a.0.v.. ....Yl".V../=-.B8..VPy...c1$7....yv.?&"x*.....t@v.....
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 95
...C........" 1deeea43e07fba973e9d83e58918d424(.........2.8.@.H.P.X.` 
........q..<.{(..V.....y.HTTP/1.1 200 OK..Content-Type: application
/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content
-Length: 95.....C........" 1deeea43e07fba973e9d83e58918d424(.........2
.8.@.H.P.X.` ........q..<.{(..V.....y...



POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 167
Content-Type: application/octet-stream
Host: location.br.baidu.com
Keep-Alive: timeout=600,max=1000

...S....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` .
1050123723...H..!..!&.....D..
.....;....p...m.\....?.9<....7...${.....zG.K....V.8..8Q.~
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 239
...S....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.
....` ...1050123723.......4......qq'......v..V....?;.J.........b.R....
.s...X,..&)J....D.j3:..l...?..7...yh.$k..N.0S....o.f.....4..,.o.....U.
...t.[.....s.[...~1P..m.<...A....


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 231
Content-Type: application/octet-stream
Host: location.br.baidu.com
Keep-Alive: timeout=600,max=1000

...S....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` .
1050123723......3..d. l..H..F.....<K.',s....L^$Z.'7..C.>g.<.=..V.er..F..p.!..i....tr.h..;.S...!.|....1w
.7D.$.m.(:...<.!.s.m..y0..8.....Q........z]..8.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 127
...S....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.
....` ...1050123723... ....j5<..v.Uz...Wb.S.............(HTTP/1.1 2
00 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30.
.Connection: Keep-Alive..Content-Length: 127.....S....N...." 1deeea43e
07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ...1050123723... .
...j5<..v.Uz...Wb.S.............(..



POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 211
Content-Type: application/octet-stream
Host: hb.mb.baidu.com
Keep-Alive: timeout=600,max=1000

........N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...H..^...^..2..")g...C.....M..6.1)......{..G[.J-........g.y.......E........zAPOST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 211
Content-Type: application/octet-stream
Host: hb.mb.baidu.com
Keep-Alive: timeout=600,max=1000

........N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...H..)6......d..Q...u...E~....(.........Fo.O...C.4#.'......a^j.9=.Oi...y...=b
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 291
........N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.
....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.......
>.!X/E.H._.t..p.N..UM..B.....Y..h....\M...VM..v..c../B.{D,F.".H=.K.
.^f.........E.U.O@...p...Ug....2..F.m.%....C.RK....)....!...........8 
F.P$...K*...2.HTTP/1.1 200 OK..Content-Type: application/octet-stream.
.Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 291..
........N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.
....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.......
>.!X/E.H._.t..p.N..UM..B.....Y..h....\M...VM..v..c../B.{D,F.".H=.K.
.^f.........E.U.O@...p...Ug....2..F.m.%....C.RK....)....!...........8 
F.P$...K*...2.HTTP/1.1 200 OK..Content-Type: application/octet-stream.
.Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 243..
........N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.
....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...h...
..OOK.../x...L...z...../:..o..I..I...KV...[..Ra.S{\......L.....b..%B|3
....v.......o..C......b.n#m..'...HTTP/1.1 200 OK..Content-Type: applic
ation/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Co
ntent-Length: 243..........N...." 1deeea43e07fba973e9d83e58918d424(...
......2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d
83e58918d424...h.....OOK.../x...L...z...../:..o..I..I...KV...[..Ra.S{\
......L.....b..%B|3....v.......o..C......b.n#m..'.....
<<< skipped >>>


GET /odin/201610/4f03c9f6263fa20679b486a9424243c8.7z HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: scloud-dlsw.br.baidu.com
Referer: hXXp://scloud-dlsw.br.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)


HTTP/1.1 200 OK
Date: Fri, 03 Feb 2017 23:47:50 GMT
Content-Type: application/x-7z-compressed
Content-Length: 32208649
Connection: keep-alive
Set-Cookie: __cfduid=dbd74255ea419ee2e733cd2e95dd245701486165670; expires=Sat, 03-Feb-18 23:47:50 GMT; path=/; domain=.baidu.com; HttpOnly
Last-Modified: Wed, 26 Oct 2016 03:11:29 GMT
ETag: "58101ee1-1eb7709"
Expires: Fri, 22 Nov 2030 23:47:50 GMT
Cache-Control: public, max-age=435456000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: yunjiasu-nginx
CF-RAY: 32b9c53162885a14-VIE
7z..'......S.v......%........3.K.j...]...6...&|u..R.t....:%..8*....3{B
IA......c.%.f....1."..N.=...G...k$W6`.\..tKHgj..9.i..[.A.~B.5..q.....N
 .x...h|<`.p?..oY.....A...E......#=$...#.......; "u.i..........XF.t
VqPV....W^..:.... J.&B......KP..K....g...sV.H9UH..vB..;8 ...'.G..q...F
.L.T.#....T....!.O."g...k.....j.P.&HU.Y..*.%....C lY......c.&.......X.
.u.r.Z.T...@.b).......l...70....2,/...1..r.p.x./T8_.?,p....!....|d..Z.
x..e..pb.......y...X....up8|4..h.)XX=..%E.gw ....j..t...s.....p:..%{V4
.!5..Pw..NzgoU.,..f.....g...`..M z....;..S.L.`p.....0.#s.SsTH?VA?BwqW.
...71.1...Z{x|i..._... ......m..0..:PF.1v.,d..dg|.D.......F.2....GK...
....#%$.W.........s...^.#`...b..........>B}.......:7...Z.N=..Y..w.}
(B.{.."......!....&.*..>. ..V8.^wN.6...Pa.B..A"....f./v%...`.A'.0.U
D.].k/..$..H..a.......q.....K....i........ADre.4..=.......>&.cp;...
.d......A...[...DXy0..Ih.X%9@.U?.Q...$..m.&...8.......tR..!..... ....z
.8MC .....4..7k.1.A$..^./Gy.>..L'..>b.E..M...hh.........oO..C.Z?
..G.l _...(=O.:......r.....;>&..3.4..e..WO.....h~.^L IR7...Hv.@./..
.*.....\.T.1.........SF..*|Ac...H..kwg...AY.N.R.R...`G..E...2o.&@DwB..
....mh...mS.._.Obd.DKB.g&l.T......'...Jb.X....Ik'..R....v[a..}..).;.r.
y...^.....=..k..].,O...X@..M...u.j..d ......K..|..].ch{K..'O.v1.......
acM4|.p..M...`t.=.......1AU ...I..q...^.....g..g..QS...}.l..w........c
br....S.tw..d!...U..y.l.V..f..gl.T;..5..EH.S_xz....\..4.....@u.......u
..G...h.~x.....J'....c..N* .M.n.V..atu1....\a.....,TBmjU..a..0.o?...vA
.H.|....-<0.z....B.M.....b:.....p..F..&........&#...=..bQn..3..
<<< skipped >>>


POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 314
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~.......%" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....,...G.~...<4c..U......k....&m
.......N.u..l...5...u.Ph.........^....!..U......H..j..ONlxa..w
_..6Vr...m....Z..........&u....^RR......1AT&H..._.#.]Te~.p=.:\.r9....P...f.....6..5
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~.......%" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....,0`
f.ik.......gz.....


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 290
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~.......&" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2.BC.....W= $|^g..I"ww...d..5
c
....;>-......t.!.Pp...z;L...y...s..8,.1:.:.z............h5nA..%........z0.........`=.vuU.....R.P........uXO._.)N.......
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~.......&" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2..
.mtX..............


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 282
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~.......'" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...../....6....G..duN......m...\@...........}.. ....
.."<......
......|2[.t.M......... [.{L.l.kj..MVB..&r.y.
.T.....G ..._...%......p...~..1..!.Y..<
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~.......'" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...../.H
....?RD....B.>....


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 282
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~.......(" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...../.3.!o8..E)..Z.:..4K.Q....*.....3..K..4...M.{s.A...9|..(A...Rv.tO8.x.0.....o.JG.ip...@0c.vZ..WG.m..s../L...........[.;k..3...9.....O.nV.R.3...?.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~.......(" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...../..
.M?Rwy ./.@.......


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 282
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~.......)" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...../..Q(.......!S...y.,r\K_S>.`...U.<.J`.{.G.`82.......V]..b5..}T........@.F..8r.H/3!?OS.=2........."R.#.....D).... ......rW...S.^....hx.:...q...J..
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~.......)" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...../..
..iT.:...G..8p....


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 282
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~.......*" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...../..*!.G".X!m]..`.0.....4w.o.j...........{..}..._..._D
.&~v.s.Wl,..3\...4...0.l.@7$'S.Gq.3.P...$..8/..h.o.7....X.H`......M......MTU...Vy.9..cI.*p.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~.......*" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...../..
Q%&.z....8.B.d....


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 282
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~....... " 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...../......@D............M..7..d..e.....9..)~.'l....~........8e.......hQ.D.`<.....C....wLw.dJ.....?*....W.&.. '.[....|.Ut..k.WO.j..r_....].k..zk.k...
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~....... " 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...../@.
.p*.....{...yN....


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 282
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~.......," 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...../l..W.8...2N.0w........Kzd....0.c.g..>..^.q..7[..........6.....I.}p...D....J".o1..<....(-..&.(o.Crn......#..G..WP. ........|.;.4?z2
...[^..'LI...
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~.......," 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...../..
H......u.u.e......


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 282
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~.......-" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...../.:.... ...y?....@.#.G.Gt>_eT....O..8.G......e...t.t*.c.?40...b.........0wu$@..V.dT..>.@>._.#\..k.f..\..q..QX~....".J..G.?.B=...GTwfw.......Hr}

HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~.......-" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...../..
.9Am.S2p...`_.....


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 282
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...../...R.E.D.`.....:.3y. i ..1...-...B...........4:@y....u.5..q.....[..z.L.S..(.w.y.Qt.s..%..S.........{..%..,.s........|...*n....q.Jeq..../].bpc..M
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~......./" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...../._
....C.?.g>.().....


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 282
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~.......0" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...../w<...6....$\....\L.Z.>].[.K.[....,.....Y.M=.F$a.=h..'*Z...T7.n..|n..8.*9.l....G.jG.Y= .s...1...K.......Z.i&ZG...(;......Oiz...Ro. ...sD.Y.B...e.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~.......0" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...../&g
t;...7.G...iz.i......


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 282
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~.......1" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...../../.^..I...^
.d. ...u..hr...0.r..(k.P..p...v.03......u.....A....../h.SA.V...W].\.B5_/X.O.s.... U.lv...U]>....S...{H....HG.Oh..9kO..nU0..`dj^H;
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~.......2" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...../..
F..I,1......h:....


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 282
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~.......3" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...../-W.....`.@..%.w|."V.."....JD.'..=.)WK...'...H.........._.x....t...y...F.W.F..q.# ek.-.2`v
.>.TA.J.:X.......y..y......y`s.....4..[..V.E..Z..  ...
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~.......4" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...../m.
qCO..R'.....w)....


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 282
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~.......5" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...../............u.S(TEv.... lW.....5.g..D.....9....p.....M..@F.........!.........;J..0..XP.3(....<.#...ybE.E.E.<.w......=T.?AD.&jV9]...j_C...t...U..
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~.......5" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...../..
..{)..k.6.........


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 282
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~.......6" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...../U..^TH. ...O..Z1.
...<....Q.r. ..f..a...N.k.w..Q......`D.j...:..l...f....)..N...iEL4.!P%..|.K.t....B.9....)2...ms.lq...5..Q^..._...F....%...W..
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~.......6" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...../..
...XUL....P..\....


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 282
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~.......7" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...../..?..Aa].@#.Q.>.$.....,W.H.\.*...k"...,..#l"..&......
....A.v<.....s..b.{..>..8...h...#,2D..........a..:..X.3.a./.-..8..3....&...9D..[m.7......
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~.......7" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...../..
.Z...p...U.2......


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 282
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

...~.......8" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...../.L....X....y..#.-3..t.D.f......F.Y.**...S7......,/...2.E. .6....B.**.o .....8..>5,....B.R`.oM0W.X.NGjQJ. .....ya.o.B._{......#eC.g..>..v.s.F..h\
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~.......8" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X..
...` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...../..
.%%..E._g.ftD.....

The Trojan connects to the servers at the folowing location(s):

%original file name%.exe_1904:

.text
`.rdata
@.data
.ndata
.rsrc
@.reloc
RegDeleteKeyExW
Kernel32.DLL
PSAPI.DLL
%s=%s
GetWindowsDirectoryW
KERNEL32.dll
ExitWindowsEx
GetAsyncKeyState
USER32.dll
GDI32.dll
SHFileOperationW
ShellExecuteW
SHELL32.dll
RegDeleteKeyW
RegCloseKey
RegEnumKeyW
RegOpenKeyExW
RegCreateKeyExW
ADVAPI32.dll
COMCTL32.dll
ole32.dll
VERSION.dll
9oj@XD%u
g.mLf=
ORL.SL/
<edit name="edit_choose_url" pos="2,0,-0,-0" readonly="1" enable="1"/>
<check name="chk_finish_1" pos="37,205" skin="_skin.sys.checkbox" checked="1">chk_finish_1</check>
<check name="chk_finish_2" pos="266,205" skin="_skin.sys.checkbox" >chk_finish_2</check>
<check name="chk_finish_3" pos="37,235" skin="_skin.sys.checkbox" >chk_finish_3</check>
<check name="chk_finish_4" pos="266,235" skin="_skin.sys.checkbox" >chk_finish_4</check>
<check name="chk_finish_5" pos="37,265" skin="_skin.sys.checkbox" >chk_finish_5</check>
<check name="chk_finish_6" pos="266,265" skin="_skin.sys.checkbox" >chk_finish_6</check>
<edit name="edit_unstallchoose_url" pos="2,0,-0,-0" mouseRelay="1" enable="0"/>
<check name="chk_unstallchoose_delete" pos="20,105" skin="_skin.sys.checkbox" checked="0">delete info</check>
[K.On
W.eQYT
gB7%U
9~ui.QBv@
J.pEu
\.MdB
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46.3-Unicode</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/></application></compatibility></assembly>
logging set to %d
settings logging to %d
created uninstaller: %d, "%s"
WriteReg: error creating key "%s\%s"
WriteReg: error writing into "%s\%s" "%s"
WriteRegBin: "%s\%s" "%s"="%s"
WriteRegDWORD: "%s\%s" "%s"="0xx"
WriteRegExpandStr: "%s\%s" "%s"="%s"
WriteRegStr: "%s\%s" "%s"="%s"
DeleteRegKey: "%s\%s"
DeleteRegValue: "%s\%s" "%s"
WriteINIStr: wrote [%s] %s=%s in %s
CopyFiles "%s"->"%s"
CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
Error registering DLL: Could not load %s
Error registering DLL: %s not found in %s
GetTTFFontName(%s) returned %s
GetTTFVersionString(%s) returned %s
Exec: failed createprocess ("%s")
Exec: success ("%s")
Exec: command="%s"
ExecShell: success ("%s": file:"%s" params:"%s")
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
Exch: stack < %d elements
RMDir: "%s"
MessageBox: %d,"%s"
Delete: "%s"
File: wrote %d to "%s"
File: skipped: "%s" (overwriteflag=%d)
File: error creating "%s"
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
Rename failed: %s
Rename on reboot: %s
Rename: %s
IfFileExists: file "%s" does not exist, jumping %d
IfFileExists: file "%s" exists, jumping %d
CreateDirectory: "%s" created
CreateDirectory: can't create "%s" - a file already exists
CreateDirectory: can't create "%s" (err=%d)
CreateDirectory: "%s" (%d)
SetFileAttributes: "%s":X
Sleep(%d)
detailprint: %s
Call: %d
Aborting: "%s"
Jump: %d
verifying installer: %d%%
unpacking data: %d%%
... %d%%
hXXp://nsis.sf.net/NSIS_Error
~nsu.tmp
install.log
%u.%u%s%s
Skipping section: "%s"
Section: "%s"
New install of "%s" to "%s"
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
*?|<>/":
invalid registry key
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
x%c
RMDir: RemoveDirectory failed("%s")
RMDir: RemoveDirectory on Reboot("%s")
RMDir: RemoveDirectory("%s")
RMDir: RemoveDirectory invalid input("%s")
Delete: DeleteFile failed("%s")
Delete: DeleteFile on Reboot("%s")
Delete: DeleteFile("%s")
%s: failed opening file "%s"
ers\"%CurrentUserName%"\AppData\Local\Temp\nshA2C5.tmp\System.dll
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshA2C5.tmp\System.dll
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshA2C5.tmp
nshA2C5.tmp
File: skipped: "C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshA2C5.tmp\System.dll" (overwriteflag=1)
.tmp\System.dll"
avnt20161025/rav3490022.exe", t"rav3490022.exe", i0,i0)i.s
123723.exe", t"Baidu_Setup_3.1.200.2978_ftn_1050123723.exe", i0,i0)i.s
:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshA2C5.tmp
hXXp://114.55.153.119/
2371592
PTF://f.i1236.com/ravnt20161025/rav3490022.exe
idu_Setup_3.1.200.2978_ftn_1050123723.exe
rav3490022.exe
.200.2978_ftn_1050123723.exe
tware\Microsoft\Windows\CurrentVersion\Uninstall\360
c:\%original file name%.exe
%Program Files%\soui-nsis demo
C:\Users\"%CurrentUserName%"\AppData\Local\Temp
%original file name%.exe
ers\"%CurrentUserName%"\AppData\Local\Temp\nssA2B4.tmp
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\

Baidu.exe_2160:

.text
`.rdata
@.data
.rsrc
@.reloc
SSSSh
VSSSSh
WSSSSh
Base.dll
Utils.dll
[libprotobuf %s %s:%d] %s
%d.%d.%d
..\src\google\protobuf\stubs\common.cc
CHECK failed: value.size() <= kint32max:
..\src\google\protobuf\wire_format_lite.cc
..\src\google\protobuf\message_lite.cc
CHECK failed: !coded_out.HadError():
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
WS2_32.dll
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
unsupported version
..\..\..\minibaidu_basic_proj\Include\CommonInclude\Heartbeat\zeus.pb.cc
sw.zeus.ExtendedInfo
sw.zeus.KeyVersion
sw.zeus.BasicInfo
sw.zeus.SubRequest
sw.zeus.CCRequest
sw.zeus.KeyValue
sw.zeus.FileItem
sw.zeus.FileGroup
sw.zeus.KVConfig
sw.zeus.Action
sw.zeus.ActionMap
sw.zeus.NetInfo
sw.zeus.CCResponse
sw.zeus.HBRequest
sw.zeus.HBResponse
asio.misc
asio.misc error
BaiduShell.cpp
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_stable_proj\Include\boost/exception/detail/exception_ptr.hpp
BaiduShellMain.cpp
thread.entry_event
thread.exit_event
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Utils/Process/IPCMessager.h
CChildProcess::HandleMsg() invalid message id.
Utils::Process::CChildProcess::HandleMsg
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Utils/Process/ChildProcess.h
CommonWorkerProcess.cpp
CCommonWorkerProcess::HandleMsg Fail to handle %d message.
CCommonWorkerProcess::HandleMsg
CCommonWorkerProcess::GetInstance Fail to get %d instance
Report %d data
CCommonWorkerProcess::HandleReportJob
CCommonWorkerProcess::HandleReportJob Fail to handle %d message
GetReportMgr
ReleaseReportMgr
CCommonWorkerProcess::HandleProtocolJob Fail to handle %d message
DecodeMsgContent() serialization error
DecodeMsgContent
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Utils/Process/IPCMessageDef.h
EncodeMsgContent() serialization error
EncodeMsgContent
boost thread: trying joining itself
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Base/AsyncTask/AsyncTask.h
ExternalMgrProcess.cpp
c:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_safecenter\minibaidu_client_proj\source\baidushell\UpdateAction.h
HBTipsListData:%s
NeedInstallNewVersion:%d
c:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_safecenter\minibaidu_client_proj\source\baidushell\ConfigAction.h
key = %s, value = %s
MainProcess.cpp
PluginMgrProcess.cpp
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Output\BinRelease\Baidu.pdb
?Is64BitWindows@CWin64Helper@Win64Helper@Base@@QAEHXZ
?QueryKeyValue@Register@Base@@YAHPAUHKEY__@@PB_W1PA_WPAK@Z
?CreateRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@PAK@Z
?OpenRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@@Z
?SetStringValue@Register@Base@@YAHPAUHKEY__@@PB_W11@Z
??1CURL@URLMisc@Utils@@QAE@XZ
??0CURL@URLMisc@Utils@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetExeFolderNotWithSlash@ProductInfo@Utils@@YAPB_WXZ
?ReportInjectFailed@CDataReport1324DockWindow@BaiduReport@@QAEXH@Z
?ReportInjectSuccess@CDataReport1324DockWindow@BaiduReport@@QAEX_J@Z
?Get1324DockWindow@BaiduReport@@YA?AV?$shared_ptr@VCDataReport1324DockWindow@BaiduReport@@@boost@@XZ
BaiduReport.dll
MSVCP100.dll
MSVCR100.dll
_amsg_exit
_acmdln
_crt_debugger_hook
CreateIoCompletionPort
GetProcessHeap
KERNEL32.dll
USER32.dll
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
ole32.dll
ShellExecuteW
ShellExecuteExW
SHELL32.dll
SHLWAPI.dll
WINMM.dll
Baidu.exe
.?AVKeyValue@zeus@sw@@
.?AVKeyVersion@zeus@sw@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@
.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@
.?AUSLaunchDone@ControlMsg@@
.?AUSRunDone@ControlMsg@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@
.?AV?$bind_t@_NV?$mf1@_NVCChildProcess@Process@Utils@@ABUSIPCMsg@IPCMessager@3@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCChildProcess@Process@Utils@@@boost@@@_bi@boost@@U?$arg@$00@3@@_bi@3@@_bi@boost@@
.?AV?$bind_t@XV?$mf1@XVCCommonWorkerProcess@@ABUSIPCMsg@IPCMessager@Utils@@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCCommonWorkerProcess@@@boost@@@_bi@boost@@V?$value@USIPCMsg@IPCMessager@Utils@@@23@@_bi@3@@_bi@boost@@
.?AUSHostDoReport@CommonServiceMsg@@
.?AUSHostLoginNotification@CommonServiceMsg@@
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
9 9$9(9,909
; ;.;?;^;
1-131:1_1
1-161Q1X1v1}1
5$6*6=667
7%8U8
1 1$1(1,1014181
3(343<3|3
--newexe
Protocol.dll
Report.dll
Accout_Login
Pop_Windows
Browser_ImportBookMark
BugReport
Report
[performance]1 enter CBaiduShell::Run : %u
-eurl:
bdlog.dll
BrowserCore.dll
BrowserUIHandler.dll
BrowserUI.dll
PluginMgr.dll
Skins\BrowserFrame.rdb
Skins\BDSearchBar.rdb
Skins\CommonRes.rdb
Skins\xml.rdb
LogicModel.dll
BDMSkin.dll
MainUIHandler.dll
MainUI.dll
--newexe 1
--newexe 0
A8706990-9490-4106-8033-12E64714B86B
\CommonWorker.dll
Failed in init CommonWorker.dll instance.
pCCommonWorkerProcess::Run installationTask = %s
CCommonWorkerProcess::Run customid = %d shmoffset = %d
CCommonWorkerProcess::HandleInstallationTask() strTaskType=%s strTaskParam=%s
BaiduClientRender.exe
BaiduUpdate.exe
BaiduBugRpt.exe
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
uninst.exe
\game.ico
--newexe 1 --lnkname game --open-app 1013:show
\browsershowcut.ico
--newexe 1 --main-frame 1
RecoverRegs::ReadConfig key=%s, bResult=%d
RecoverRegs::WriteRegInstallArg key=%s
RecoverRegs vcKey=%s, ReadConfigString=%d
WriteRegInstallArg vcKey=%s
GetRegInstallArg Start key=%s
GetRegInstallArg RegOpenKeyEx Success key=%s
GetRegInstallArg RegQueryValueEx Success key=%s
WriteRegInstallArg key=%s, value=%s
RegOpenKeyEx ret=%d
WriteRegInstallArg key=%s, result=%d
WriteRegInstallArg::RegOpenKeyEx key=%s,ret=%d
HandleSCNotifyTask ItemID = %d shmoffset = %d
HandleSCNotifyTask wszSrcFileName = %s
HandleSCNotifyTask monitorid = %d
HandleSCNotifyTask eventType = %d
ShellExecute result = %d
sBDClientProxy.dll
Software\Microsoft\Windows\CurrentVersion\Run
ClientRegAddValueToList result = %d
nClientRegSetValueEx result = %d
CCommonWorkerProcess::RecoveProgramLink:: Directory is exist, create baidu.link shortcut link
CCommonWorkerProcess::RecoveProgramLink:: Directory is exist, create uinist.link shortcut link
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
Baidu.exe,0
CCommonWorkerProcess::RecoveUnistReg Read DisplayIcon reg failed create it displayIconValue=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayIcon reg success DisplayIcon=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayVersion reg failed create it InstallVer=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayVersion reg success version=%s
CCommonWorkerProcess::RecoveUnistReg Read UninstallString reg failed create it uinst path =%s
CCommonWorkerProcess::RecoveUnistReg Read UninstallString reg success uinst path =%s
GetDefenseSwitch value = %s
GetDefenseSwitch Read Reg failed! err = %d
GetDefenseSwitch result=%d
\ExternalMgr.dll
Failed in init ExternalMgr.dll instance.
hermes.dll
HBTipsListSize:%d
Upd.dat
CheckFileHash OK %s
hCheckFileHash Md5 error !! %s
Cmd = %d, Action size = %d
Cloud kV Config %d (Action %d), name = %s, version = %I64u, size = %d
user32.dll
\LogicModel.dll
[performance]3 enter CMainProcess::RunUIMessageLoop : %u
p\MainUI.dll
\Heartbeat.dll
e[performance]2 enter CMainProcess::Run : %u
CBrowserProcess::Run ActiveExistAppWindow navigaet_url=%s
BDDockerX64.exe
BDDocker.exe
Start exe Failed
\PluginMgr.dll
3.1.200.2978

BaiduService.exe_3816:

.text
`.rdata
@.data
.rsrc
@.reloc
PSShd
..\src\google\protobuf\message_lite.cc
CHECK failed: !coded_out.HadError():
[libprotobuf %s %s:%d] %s
%d.%d.%d
..\src\google\protobuf\stubs\common.cc
CHECK failed: value.size() <= kint32max:
..\src\google\protobuf\wire_format_lite.cc
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
asio.misc
asio.misc error
\\.\Pipe\BaiduService
CCommander::SendMsg failed(%d, %d, %x)!
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_stable_proj\Include\boost/exception/detail/exception_ptr.hpp
CFileSearchService::HandleChannel(%d,%s,%d).
CFileSearchService::HandleSearch(%s, %d).
.jpeg
.tiff
.exif
.flac
.navi
.mpeg4
.docx
.pptx
.xlsx
.vsdx
.java
Keywords
$RECYCLE.BIN
windows
Windows
FileSearch\FileSearchResult.pb.cc
BaiduService.FileSearch.SearchFileInfo
BaiduService.FileSearch.SearchResultInfo
boost thread: trying joining itself
Add, %s
Del %s error!
Del, %s
%c:\%s
CIndexManager::ChangeState (%s -> %s).
CMisc::RecoveUnistReg Read DisplayIcon reg failed create it displayIconValue=%s
CMisc::RecoveUnistReg Read DisplayIcon reg success DisplayIcon=%s
CMisc::RecoveUnistReg Read DisplayVersion reg failed create it InstallVer=%s
CMisc::RecoveUnistReg Read DisplayVersion reg success version=%s
CMisc::RecoveUnistReg Read UninstallString reg failed create it uinst path =%s
CMisc::RecoveUnistReg Read UninstallString reg success uinst path =%s
CMisc::HandleChannel(%d,%s).
BaiduService!%s
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Output\BinRelease\BaiduService.pdb
?Is64BitWindows@CWin64Helper@Win64Helper@Base@@QAEHXZ
?QueryKeyValue@Register@Base@@YAHPAUHKEY__@@PB_W1PA_WPAK@Z
?CreateRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@PAK@Z
?OpenRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@@Z
?SetStringValue@Register@Base@@YAHPAUHKEY__@@PB_W11@Z
Base.dll
Utils.dll
ConnectNamedPipe
GetProcessHeap
DisconnectNamedPipe
CreateNamedPipeA
CreateIoCompletionPort
KERNEL32.dll
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
MSVCP100.dll
WS2_32.dll
MSVCR100.dll
_amsg_exit
_crt_debugger_hook
SHLWAPI.dll
.?AV?$service_base@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@
.?AV?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@
.?AV?$typeid_wrapper@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@
h.exe
ail.exe
:\Windows\System32\RmClient.exe
RmClient.exe.mui
C:\Windows\winsxs\x86_microsoft-windows-r..rtmanager.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2c18175139d79a22\RmClient.exe.mui
VMwareHgfsClient.exe
9%Program Files%\VMware\VMware Tools\VMwareHgfsClient.exe
BaiduRenderClient.exe
SC:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\BaiduRenderClient.exe
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
293F3r3
5,5054585
FileIndex.db
FileIndexSecondary.db
.Secondary
Global\BD_Service_0F24E59F-6A16-4B47-80C6-399440224DE7
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
Baidu.exe,0
tuninst.exe
1.0.0.0
BaiduService.exe

svchost.exe_3468:

.text
`.data
.rsrc
@.reloc
msvcrt.dll
API-MS-Win-Core-ProcessThreads-L1-1-0.dll
KERNEL32.dll
NTDLL.DLL
API-MS-Win-Security-Base-L1-1-0.dll
API-MS-WIN-Service-Core-L1-1-0.dll
API-MS-WIN-Service-winsvc-L1-1-0.dll
RPCRT4.dll
ole32.dll
ntdll.dll
_amsg_exit
RegCloseKey
RegOpenKeyExW
GetProcessHeap
svchost.pdb
version="5.1.0.0"
name="Microsoft.Windows.Services.SvcHost"
<description>Host Process for Windows Services</description>
<requestedExecutionLevel
Software\Microsoft\Windows NT\CurrentVersion\Svchost
Software\Microsoft\Windows NT\CurrentVersion\MgdSvchost
\PIPE\
Host Process for Windows Services
6.1.7600.16385 (win7_rtm.090713-1255)
svchost.exe
Windows
Operating System
6.1.7600.16385

SearchProtocolHost.exe_1460:

.text
`.data
.rsrc
@.reloc
ADVAPI32.dll
ntdll.DLL
KERNEL32.dll
msvcrt.dll
USER32.dll
ole32.dll
OLEAUT32.dll
TQUERY.DLL
MSSHooks.dll
IMM32.dll
SHLWAPI.dll
SrchCollatorCatalogInfo
SrchDSSLogin
SrchDSSPortManager
SrchPHHttp
SrchIndexerQuery
SrchIndexerProperties
SrchIndexerPlugin
SrchIndexerClient
SrchIndexerSchema
Msidle.dll
Failed to get REGKEY_FLTRDMN_MS_TO_IDLE, using default
pfps->psProperty.ulKind is LPWSTR but psProperty.lpwstr is NULL or empty
d:\win7sp1_gdr\enduser\mssearch2\common\utils\crchash.cxx
d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrdmn\fltrdaemon.cxx
d:\win7sp1_gdr\enduser\mssearch2\search\common\include\secutil.hxx
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracerhelpers.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp
d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx
RegDeleteKeyW
RegDeleteKeyExW
8%uiP
Invalid parameter passed to C runtime function.
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp
-d-d-d-d-d-d-d-%d
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h
</MSG></TRC>
<MSG>
<ERR> 0xx=
<LOC> %s(%d) </LOC>
tid="0x%x"
pid="0x%x"
tagname="%s"
tagid="0x%x"
el="0x%x"
time="d/d/d d:d:d.d"
logname="%s"
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx
SHELL32.dll
PROPSYS.dll
ntdll.dll
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
ReportEventW
_amsg_exit
MsgWaitForMultipleObjects
SearchProtocolHost.pdb
2 2(20282|2
4%5S5
Software\Microsoft\Windows Search
https
kernel32.dll
msTracer.dll
msfte.dll
lX-X-X-XX-XXXXXX
SOFTWARE\Microsoft\Windows Search
tquery.dll
%s\%s
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
Windows Search Service
<Exception><HR>0xx</HR><eip>%p</eip><module>%S</module><line>%d</line></Exception>
advapi32.dll
WAPI-MS-Win-Core-LocalRegistry-L1-1-0.dll
winhttp.dll
Software\Microsoft\Windows Search\Tracing
Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported
Software\Microsoft\Windows Search\Tracing\EventThrottleState
<MSG>
<LOC> %S(%d) </LOC>
tagname="%S"
logname="%S"
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}
.\%s.mui
.\%s\%s.mui
%s\%s.mui
%s\%s\%s.mui
Microsoft Windows Search Protocol Host
7.00.7601.17610 (win7sp1_gdr.110503-1502)
SearchProtocolHost.exe
Windows
7.00.7601.17610

BaiduRenderClient.exe_2828:

.text
`.rdata
@.data
.rsrc
@.reloc
CreateWebRender
RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegDeleteKeyTransactedW
RegDeleteKeyExW
N:\web_render_sdk\out\release\web_render_service.exe.pdb
web_base.dll
GetProcessHeap
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
KERNEL32.dll
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
ADVAPI32.dll
ole32.dll
OLEAUT32.dll
USER32.dll
MSVCP120.dll
MSVCR120.dll
_calloc_crt
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtGetShowWindowMode
_amsg_exit
_wcmdln
__crtSetUnhandledExceptionFilter
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
3"3)343\3|3
7 7(7,74787
Advapi32.dll
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
bdlog.dll
%d Instances,%s
pipe
web_render_service.exe
service-exe
chrome
chromecore-dir
Web Render Service
%s [%s] {
} %s [%s] [%d ms]
} %s [%d ms]
web_render_stub.dll
web_render_stub_child.dll
web_render::WebRenderFactory::CreateWebRender
Framework.Stub;
LoadLibrary,Last Error %d,%s
;HTTP\Engine.dll
8.5.10241.224\TSWebMon.dat
\atiu9pag.dll
\WebPlugin\IscNsp.dll
kswebshield.dll
kspcore.dll
kswbc.dll
kwsui.dll
WebMon.dll
BDWebGuard.dll
WebMonHook.dll
QvodWebBase.dll
XIAOCHENPY.IME
adsNet32.dll
adsPop32.dll
EDPWinsockSpi.dll
TortoiseSVN32.dll
TortoiseStub32.dll
libsvn_tsvn32.dll
libsasl32.dll
libaprutil_tsvn32.dll
libapr_tsvn32.dll
intl3_tsvn32.dll
TortoiseOverlays.dll
ntdll.dll
AcGenral.dll
nvd3d9wrap.dll
%s\..\web_browser_trident_plugin.dll
web_browser_trident_plugin.dll
ekernel32.dll
\\.\pipe\crashservice.%d.%d.%d
AddVectoredExceptionHandler %x
SetUnhandledExceptionFilter %x
kernelbase.dll
start breakpad client %s
dbghelp.dll
rpcrt4.dll
%s\%s.dmp
x-x-x-xx-xxxxxx
1.2.201.132

Baidu.exe_3820:

.text
`.rdata
@.data
.rsrc
@.reloc
SSSSh
VSSSSh
WSSSSh
Base.dll
Utils.dll
[libprotobuf %s %s:%d] %s
%d.%d.%d
..\src\google\protobuf\stubs\common.cc
CHECK failed: value.size() <= kint32max:
..\src\google\protobuf\wire_format_lite.cc
..\src\google\protobuf\message_lite.cc
CHECK failed: !coded_out.HadError():
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
WS2_32.dll
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
unsupported version
..\..\..\minibaidu_basic_proj\Include\CommonInclude\Heartbeat\zeus.pb.cc
sw.zeus.ExtendedInfo
sw.zeus.KeyVersion
sw.zeus.BasicInfo
sw.zeus.SubRequest
sw.zeus.CCRequest
sw.zeus.KeyValue
sw.zeus.FileItem
sw.zeus.FileGroup
sw.zeus.KVConfig
sw.zeus.Action
sw.zeus.ActionMap
sw.zeus.NetInfo
sw.zeus.CCResponse
sw.zeus.HBRequest
sw.zeus.HBResponse
asio.misc
asio.misc error
BaiduShell.cpp
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_stable_proj\Include\boost/exception/detail/exception_ptr.hpp
BaiduShellMain.cpp
thread.entry_event
thread.exit_event
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Utils/Process/IPCMessager.h
CChildProcess::HandleMsg() invalid message id.
Utils::Process::CChildProcess::HandleMsg
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Utils/Process/ChildProcess.h
CommonWorkerProcess.cpp
CCommonWorkerProcess::HandleMsg Fail to handle %d message.
CCommonWorkerProcess::HandleMsg
CCommonWorkerProcess::GetInstance Fail to get %d instance
Report %d data
CCommonWorkerProcess::HandleReportJob
CCommonWorkerProcess::HandleReportJob Fail to handle %d message
GetReportMgr
ReleaseReportMgr
CCommonWorkerProcess::HandleProtocolJob Fail to handle %d message
DecodeMsgContent() serialization error
DecodeMsgContent
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Utils/Process/IPCMessageDef.h
EncodeMsgContent() serialization error
EncodeMsgContent
boost thread: trying joining itself
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Base/AsyncTask/AsyncTask.h
ExternalMgrProcess.cpp
c:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_safecenter\minibaidu_client_proj\source\baidushell\UpdateAction.h
HBTipsListData:%s
NeedInstallNewVersion:%d
c:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_safecenter\minibaidu_client_proj\source\baidushell\ConfigAction.h
key = %s, value = %s
MainProcess.cpp
PluginMgrProcess.cpp
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Output\BinRelease\Baidu.pdb
?Is64BitWindows@CWin64Helper@Win64Helper@Base@@QAEHXZ
?QueryKeyValue@Register@Base@@YAHPAUHKEY__@@PB_W1PA_WPAK@Z
?CreateRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@PAK@Z
?OpenRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@@Z
?SetStringValue@Register@Base@@YAHPAUHKEY__@@PB_W11@Z
??1CURL@URLMisc@Utils@@QAE@XZ
??0CURL@URLMisc@Utils@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetExeFolderNotWithSlash@ProductInfo@Utils@@YAPB_WXZ
?ReportInjectFailed@CDataReport1324DockWindow@BaiduReport@@QAEXH@Z
?ReportInjectSuccess@CDataReport1324DockWindow@BaiduReport@@QAEX_J@Z
?Get1324DockWindow@BaiduReport@@YA?AV?$shared_ptr@VCDataReport1324DockWindow@BaiduReport@@@boost@@XZ
BaiduReport.dll
MSVCP100.dll
MSVCR100.dll
_amsg_exit
_acmdln
_crt_debugger_hook
CreateIoCompletionPort
GetProcessHeap
KERNEL32.dll
USER32.dll
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
ole32.dll
ShellExecuteW
ShellExecuteExW
SHELL32.dll
SHLWAPI.dll
WINMM.dll
Baidu.exe
.?AVKeyValue@zeus@sw@@
.?AVKeyVersion@zeus@sw@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@
.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@
.?AUSLaunchDone@ControlMsg@@
.?AUSRunDone@ControlMsg@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@
.?AV?$bind_t@_NV?$mf1@_NVCChildProcess@Process@Utils@@ABUSIPCMsg@IPCMessager@3@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCChildProcess@Process@Utils@@@boost@@@_bi@boost@@U?$arg@$00@3@@_bi@3@@_bi@boost@@
.?AV?$bind_t@XV?$mf1@XVCCommonWorkerProcess@@ABUSIPCMsg@IPCMessager@Utils@@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCCommonWorkerProcess@@@boost@@@_bi@boost@@V?$value@USIPCMsg@IPCMessager@Utils@@@23@@_bi@3@@_bi@boost@@
.?AUSHostDoReport@CommonServiceMsg@@
.?AUSHostLoginNotification@CommonServiceMsg@@
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
9 9$9(9,909
; ;.;?;^;
1-131:1_1
1-161Q1X1v1}1
5$6*6=667
7%8U8
1 1$1(1,1014181
3(343<3|3
--newexe
Protocol.dll
Report.dll
Accout_Login
Pop_Windows
Browser_ImportBookMark
BugReport
Report
[performance]1 enter CBaiduShell::Run : %u
-eurl:
bdlog.dll
BrowserCore.dll
BrowserUIHandler.dll
BrowserUI.dll
PluginMgr.dll
Skins\BrowserFrame.rdb
Skins\BDSearchBar.rdb
Skins\CommonRes.rdb
Skins\xml.rdb
LogicModel.dll
BDMSkin.dll
MainUIHandler.dll
MainUI.dll
--newexe 1
--newexe 0
A8706990-9490-4106-8033-12E64714B86B
\CommonWorker.dll
Failed in init CommonWorker.dll instance.
pCCommonWorkerProcess::Run installationTask = %s
CCommonWorkerProcess::Run customid = %d shmoffset = %d
CCommonWorkerProcess::HandleInstallationTask() strTaskType=%s strTaskParam=%s
BaiduClientRender.exe
BaiduUpdate.exe
BaiduBugRpt.exe
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
uninst.exe
\game.ico
--newexe 1 --lnkname game --open-app 1013:show
\browsershowcut.ico
--newexe 1 --main-frame 1
RecoverRegs::ReadConfig key=%s, bResult=%d
RecoverRegs::WriteRegInstallArg key=%s
RecoverRegs vcKey=%s, ReadConfigString=%d
WriteRegInstallArg vcKey=%s
GetRegInstallArg Start key=%s
GetRegInstallArg RegOpenKeyEx Success key=%s
GetRegInstallArg RegQueryValueEx Success key=%s
WriteRegInstallArg key=%s, value=%s
RegOpenKeyEx ret=%d
WriteRegInstallArg key=%s, result=%d
WriteRegInstallArg::RegOpenKeyEx key=%s,ret=%d
HandleSCNotifyTask ItemID = %d shmoffset = %d
HandleSCNotifyTask wszSrcFileName = %s
HandleSCNotifyTask monitorid = %d
HandleSCNotifyTask eventType = %d
ShellExecute result = %d
sBDClientProxy.dll
Software\Microsoft\Windows\CurrentVersion\Run
ClientRegAddValueToList result = %d
nClientRegSetValueEx result = %d
CCommonWorkerProcess::RecoveProgramLink:: Directory is exist, create baidu.link shortcut link
CCommonWorkerProcess::RecoveProgramLink:: Directory is exist, create uinist.link shortcut link
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
Baidu.exe,0
CCommonWorkerProcess::RecoveUnistReg Read DisplayIcon reg failed create it displayIconValue=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayIcon reg success DisplayIcon=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayVersion reg failed create it InstallVer=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayVersion reg success version=%s
CCommonWorkerProcess::RecoveUnistReg Read UninstallString reg failed create it uinst path =%s
CCommonWorkerProcess::RecoveUnistReg Read UninstallString reg success uinst path =%s
GetDefenseSwitch value = %s
GetDefenseSwitch Read Reg failed! err = %d
GetDefenseSwitch result=%d
\ExternalMgr.dll
Failed in init ExternalMgr.dll instance.
hermes.dll
HBTipsListSize:%d
Upd.dat
CheckFileHash OK %s
hCheckFileHash Md5 error !! %s
Cmd = %d, Action size = %d
Cloud kV Config %d (Action %d), name = %s, version = %I64u, size = %d
user32.dll
\LogicModel.dll
[performance]3 enter CMainProcess::RunUIMessageLoop : %u
p\MainUI.dll
\Heartbeat.dll
e[performance]2 enter CMainProcess::Run : %u
CBrowserProcess::Run ActiveExistAppWindow navigaet_url=%s
BDDockerX64.exe
BDDocker.exe
Start exe Failed
\PluginMgr.dll
3.1.200.2978

BaiduRenderClient.exe_2828_rwx_6CEC0000_00001000:

.text
`.data
.rsrc
@.reloc
msvcrt.dll
KERNEL32.dll
NTDLL.DLL
USER32.dll
ADVAPI32.dll
ole32.dll
WINMM.dll
POWRPROF.dll

Baidu.exe_1640:

.text
`.rdata
@.data
.rsrc
@.reloc
SSSSh
VSSSSh
WSSSSh
Base.dll
Utils.dll
[libprotobuf %s %s:%d] %s
%d.%d.%d
..\src\google\protobuf\stubs\common.cc
CHECK failed: value.size() <= kint32max:
..\src\google\protobuf\wire_format_lite.cc
..\src\google\protobuf\message_lite.cc
CHECK failed: !coded_out.HadError():
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
WS2_32.dll
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
unsupported version
..\..\..\minibaidu_basic_proj\Include\CommonInclude\Heartbeat\zeus.pb.cc
sw.zeus.ExtendedInfo
sw.zeus.KeyVersion
sw.zeus.BasicInfo
sw.zeus.SubRequest
sw.zeus.CCRequest
sw.zeus.KeyValue
sw.zeus.FileItem
sw.zeus.FileGroup
sw.zeus.KVConfig
sw.zeus.Action
sw.zeus.ActionMap
sw.zeus.NetInfo
sw.zeus.CCResponse
sw.zeus.HBRequest
sw.zeus.HBResponse
asio.misc
asio.misc error
BaiduShell.cpp
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_stable_proj\Include\boost/exception/detail/exception_ptr.hpp
BaiduShellMain.cpp
thread.entry_event
thread.exit_event
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Utils/Process/IPCMessager.h
CChildProcess::HandleMsg() invalid message id.
Utils::Process::CChildProcess::HandleMsg
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Utils/Process/ChildProcess.h
CommonWorkerProcess.cpp
CCommonWorkerProcess::HandleMsg Fail to handle %d message.
CCommonWorkerProcess::HandleMsg
CCommonWorkerProcess::GetInstance Fail to get %d instance
Report %d data
CCommonWorkerProcess::HandleReportJob
CCommonWorkerProcess::HandleReportJob Fail to handle %d message
GetReportMgr
ReleaseReportMgr
CCommonWorkerProcess::HandleProtocolJob Fail to handle %d message
DecodeMsgContent() serialization error
DecodeMsgContent
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Utils/Process/IPCMessageDef.h
EncodeMsgContent() serialization error
EncodeMsgContent
boost thread: trying joining itself
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Base/AsyncTask/AsyncTask.h
ExternalMgrProcess.cpp
c:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_safecenter\minibaidu_client_proj\source\baidushell\UpdateAction.h
HBTipsListData:%s
NeedInstallNewVersion:%d
c:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_safecenter\minibaidu_client_proj\source\baidushell\ConfigAction.h
key = %s, value = %s
MainProcess.cpp
PluginMgrProcess.cpp
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Output\BinRelease\Baidu.pdb
?Is64BitWindows@CWin64Helper@Win64Helper@Base@@QAEHXZ
?QueryKeyValue@Register@Base@@YAHPAUHKEY__@@PB_W1PA_WPAK@Z
?CreateRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@PAK@Z
?OpenRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@@Z
?SetStringValue@Register@Base@@YAHPAUHKEY__@@PB_W11@Z
??1CURL@URLMisc@Utils@@QAE@XZ
??0CURL@URLMisc@Utils@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetExeFolderNotWithSlash@ProductInfo@Utils@@YAPB_WXZ
?ReportInjectFailed@CDataReport1324DockWindow@BaiduReport@@QAEXH@Z
?ReportInjectSuccess@CDataReport1324DockWindow@BaiduReport@@QAEX_J@Z
?Get1324DockWindow@BaiduReport@@YA?AV?$shared_ptr@VCDataReport1324DockWindow@BaiduReport@@@boost@@XZ
BaiduReport.dll
MSVCP100.dll
MSVCR100.dll
_amsg_exit
_acmdln
_crt_debugger_hook
CreateIoCompletionPort
GetProcessHeap
KERNEL32.dll
USER32.dll
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
ole32.dll
ShellExecuteW
ShellExecuteExW
SHELL32.dll
SHLWAPI.dll
WINMM.dll
Baidu.exe
.?AVKeyValue@zeus@sw@@
.?AVKeyVersion@zeus@sw@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@
.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@
.?AUSLaunchDone@ControlMsg@@
.?AUSRunDone@ControlMsg@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@
.?AV?$bind_t@_NV?$mf1@_NVCChildProcess@Process@Utils@@ABUSIPCMsg@IPCMessager@3@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCChildProcess@Process@Utils@@@boost@@@_bi@boost@@U?$arg@$00@3@@_bi@3@@_bi@boost@@
.?AV?$bind_t@XV?$mf1@XVCCommonWorkerProcess@@ABUSIPCMsg@IPCMessager@Utils@@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCCommonWorkerProcess@@@boost@@@_bi@boost@@V?$value@USIPCMsg@IPCMessager@Utils@@@23@@_bi@3@@_bi@boost@@
.?AUSHostDoReport@CommonServiceMsg@@
.?AUSHostLoginNotification@CommonServiceMsg@@
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
9 9$9(9,909
; ;.;?;^;
1-131:1_1
1-161Q1X1v1}1
5$6*6=667
7%8U8
1 1$1(1,1014181
3(343<3|3
--newexe
Protocol.dll
Report.dll
Accout_Login
Pop_Windows
Browser_ImportBookMark
BugReport
Report
[performance]1 enter CBaiduShell::Run : %u
-eurl:
bdlog.dll
BrowserCore.dll
BrowserUIHandler.dll
BrowserUI.dll
PluginMgr.dll
Skins\BrowserFrame.rdb
Skins\BDSearchBar.rdb
Skins\CommonRes.rdb
Skins\xml.rdb
LogicModel.dll
BDMSkin.dll
MainUIHandler.dll
MainUI.dll
--newexe 1
--newexe 0
A8706990-9490-4106-8033-12E64714B86B
\CommonWorker.dll
Failed in init CommonWorker.dll instance.
pCCommonWorkerProcess::Run installationTask = %s
CCommonWorkerProcess::Run customid = %d shmoffset = %d
CCommonWorkerProcess::HandleInstallationTask() strTaskType=%s strTaskParam=%s
BaiduClientRender.exe
BaiduUpdate.exe
BaiduBugRpt.exe
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
uninst.exe
\game.ico
--newexe 1 --lnkname game --open-app 1013:show
\browsershowcut.ico
--newexe 1 --main-frame 1
RecoverRegs::ReadConfig key=%s, bResult=%d
RecoverRegs::WriteRegInstallArg key=%s
RecoverRegs vcKey=%s, ReadConfigString=%d
WriteRegInstallArg vcKey=%s
GetRegInstallArg Start key=%s
GetRegInstallArg RegOpenKeyEx Success key=%s
GetRegInstallArg RegQueryValueEx Success key=%s
WriteRegInstallArg key=%s, value=%s
RegOpenKeyEx ret=%d
WriteRegInstallArg key=%s, result=%d
WriteRegInstallArg::RegOpenKeyEx key=%s,ret=%d
HandleSCNotifyTask ItemID = %d shmoffset = %d
HandleSCNotifyTask wszSrcFileName = %s
HandleSCNotifyTask monitorid = %d
HandleSCNotifyTask eventType = %d
ShellExecute result = %d
sBDClientProxy.dll
Software\Microsoft\Windows\CurrentVersion\Run
ClientRegAddValueToList result = %d
nClientRegSetValueEx result = %d
CCommonWorkerProcess::RecoveProgramLink:: Directory is exist, create baidu.link shortcut link
CCommonWorkerProcess::RecoveProgramLink:: Directory is exist, create uinist.link shortcut link
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
Baidu.exe,0
CCommonWorkerProcess::RecoveUnistReg Read DisplayIcon reg failed create it displayIconValue=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayIcon reg success DisplayIcon=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayVersion reg failed create it InstallVer=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayVersion reg success version=%s
CCommonWorkerProcess::RecoveUnistReg Read UninstallString reg failed create it uinst path =%s
CCommonWorkerProcess::RecoveUnistReg Read UninstallString reg success uinst path =%s
GetDefenseSwitch value = %s
GetDefenseSwitch Read Reg failed! err = %d
GetDefenseSwitch result=%d
\ExternalMgr.dll
Failed in init ExternalMgr.dll instance.
hermes.dll
HBTipsListSize:%d
Upd.dat
CheckFileHash OK %s
hCheckFileHash Md5 error !! %s
Cmd = %d, Action size = %d
Cloud kV Config %d (Action %d), name = %s, version = %I64u, size = %d
user32.dll
\LogicModel.dll
[performance]3 enter CMainProcess::RunUIMessageLoop : %u
p\MainUI.dll
\Heartbeat.dll
e[performance]2 enter CMainProcess::Run : %u
CBrowserProcess::Run ActiveExistAppWindow navigaet_url=%s
BDDockerX64.exe
BDDocker.exe
Start exe Failed
\PluginMgr.dll
3.1.200.2978

brp.exe_2276:

.text
`.rdata
@.data
.rsrc
@.reloc
jwj.SWj
PSSh019
PSSSSSSh
PSSh,S9
RSSh<S9
j.Zf;
<0%u<;
xSSSh
FTPjKS
FtPj;S
C.PjRV
DEwY$Ew.AEw
kCv.SCv%
{984F2052-5475-4CD7-887A-726BFFCF1798}
..\Utils\Config\Config.cpp
-_.!~*'()
..\Utils\Config\CompoundDoc\CompoundDoc.cpp
255.255.168.192
0.0.168.192
255.255.31.172
0.0.16.172
255.255.255.10
0.0.0.10
255.255.255.255
[libprotobuf %s %s:%d] %s
%d.%d.%d
..\src\google\protobuf\stubs\common.cc
CHECK failed: value.size() <= kint32max:
..\src\google\protobuf\wire_format_lite.cc
..\src\google\protobuf\message_lite.cc
CHECK failed: !coded_out.HadError():
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
Visual C   CRT: Not enough memory to complete call to strerror.
portuguese-brazilian
Broken pipe
Inappropriate I/O control operation
Operation not permitted
GetProcessWindowStation
operator
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
inflate 1.2.5 Copyright 1995-2010 Mark Adler
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
1.2.5
zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
- unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
..\..\Include\BaiduRepair\ReportInfo.pb.cc
BaiduRepair.ReportInfo
BrpCloudData.cpp
hXXp://up.mb.baidu.com
BaiduRepair::CBrpReport::ReportNoRepair
BrpReport.cpp
BaiduRepair::CBrpReport::ReportRepairFailed
BaiduRepair::CBrpReport::ReportRepairSuccess
BaiduRepair::CBrpReport::ReportNoPullUpCloudData
BaiduRepair::CBrpReport::ReportPullUpCloudDataFailed
BaiduRepair::CBrpReport::ReportPullUpCloudDataSuccess
main.cpp
RepairWorker.cpp
Utils\PbFileOperation.cpp
Fzeus.pb.cc
sw.zeus.ExtendedInfo
sw.zeus.KeyVersion
sw.zeus.BasicInfo
sw.zeus.SubRequest
sw.zeus.CCRequest
sw.zeus.KeyValue
sw.zeus.FileItem
sw.zeus.FileGroup
sw.zeus.KVConfig
sw.zeus.Action
sw.zeus.ActionMap
sw.zeus.NetInfo
sw.zeus.CCResponse
sw.zeus.HBRequest
sw.zeus.HBResponse
D:\project\reconstruct_branch\minibaidu_stable_proj\Include\boost/exception/detail/exception_ptr.hpp
asio.misc
asio.misc error
SetCrypt service_id=%d url=%s
InitProductParam ver=%s soft_id=%d supply_id=%d
\NetService.ini
ServiceUrl.%d
D:\project\reconstruct_branch\minibaidu_stable_proj\Include\boost/property_tree/ini_parser.hpp
key expected
duplicate key name
D:\project\reconstruct_branch\minibaidu_stable_proj\Include\boost/property_tree/string_path.hpp
thread.entry_event
thread.exit_event
..\Protocol\src\Protocol\RpcClient.cpp
..\Protocol\src\Protocol\AuroraProtocol.cpp
1234567890111111
bena::protocol::ProtobufPack::UpdateSoftParam
boost thread: trying joining itself
Unsupported Media Type
HTTP Version not supported
HTTP/1.0
HTTP/1.1
127.0.0.1
bena::http::client::do_async_request
D:\project\reconstruct_branch\minibaidu_common_proj\Source\Protocol\bena/http/client.h
bena::http::client::~client
..\Protocol\src\http\client.cpp
bena::http::client::close_for_destruct
bena::http::client::close
bena::http::client::async_connect_coro
async_connect_coro connect error !! error: %s
bena::http::client::async_request_coro
bena::http::client::hanle_timeout
error_happened error: %s
bena::http::client::error_happened
..\Protocol\bena\Protocol\proto\header.pb.cc
https
ftpes
ftps
tftp
% ;?:@=&,$/-_!.~*()
..\Report\ReportMgr.cpp
Report::CReportData::PackToProtoDataItem
val(%s):
Report::CReportData::PackReportData
DataReport --- Server Disable Report !!
DataReport --- ReportID %u Banned !!
DataReport --- AsyncReport : Not Allowed !!
DataReport --- AsyncReport : AddPacketToQueue cmdid=%u length=%u
DataReport --- AsyncReport : End
DataReport --- SyncReport : Not Allowed !!
DataReport --- SyncReport : begin
DataReport --- SyncReport : CreateEvent
DataReport --- SyncReport : AddPacketToQueue cmdid=%u length=%u
DataReport --- SyncReport : WaitForSingleObject wait=%u
DataReport --- SyncReport : WaitForSingleObject result=%d
DataReport --- SyncReport : End
..\Report\msg.pb.cc
datapkg.FieldsList
datapkg.DataType
datapkg.ResPonse
DataReport::AddPacketToQueue
DataReport::AddPacketToQueue %u records
Report::TransportMgr::TransportMgr
..\Report\TransportMgr.cpp
DataReport::StopTransportThread 1, uiWaitTime=%u
DataReport::StopTransportThread 2
TransportMgr::OnResponse errorcode = %d
Report::TransportMgr::LoadPacketData
DataReport::LoadPacketData Change file success, new filesize = %u
DataReport::LoadPacketData Change file failed! Clear file
DataReport::LoadPacketData Clear file
DataReport::SaveAndErasePacket cache file is full!
DataReport::SaveAndErasePacket save %d records
DataReport::SaveAndEraseQueuePacket save %d records
DataReport::start!
DataReport::TransportPacket success
DataReport::TransportPacket failed[%d], buffer is full, try save [%u] records to file!
DataReport::TransportPacket failed[%d], save it to buffer! buffer size = %u
DataReport::TransportPacket failed becouse of server error, we abandon it!
DataReport::TransportPacket Deal Cache !!
DataReport::TransportPacket DealCacheLimit=%u LastCacheNum=%u NewCacheNum=%u
DataReport::TransportPacket Decrease Limit !! DealCacheLimit=%u
DataReport::TransportPacket Increase Limit !! DealCacheLimit=%u
DataReport::TransportPacket buffer size = %u
DataReport::TransportPacket Load [%u] buffer Packet to Queue!
DataReport::stop!
DataReport::TransportPacket Begin!
DataReport::TransportPacket SendPacket error = %d tryCount = %d
DataReport::SendPacket Error: %d, Wait %u seconds, then try again
DataReport::SendPacket Error: %d, MAX_TRY_COUNT return
DataReport::SendPacket Connect error: lost %u ms, sleep 10 s!
DataReport::SendPacket success: use %u ms!
DataReport::SendPacket Get Svr Response: use %u ms! errcode = %u
HandleResponse Static response cnt = %d MsgType = %d errorCode = %d
..\Report\ReportNetComm.cpp
Report::CReportNetComm::CReportNetComm
hXXp://dr.mb.baidu.com
CBDMReportNetComm::RpcRequestData CmdID=%u Length=%u
CBDMReportNetComm::RpcRequestData Fail !!
\\.\PhysicalDrive%d
XXX
\\.\%c:
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
%s\Connection
D:\project\reconstruct_branch\minibaidu_basic_proj\Output\BinRelease\brp.pdb
SHLWAPI.dll
InternetCrackUrlW
WININET.dll
WS2_32.dll
PSAPI.DLL
GetProcessHeap
GetCPInfo
CreateIoCompletionPort
KERNEL32.dll
USER32.dll
RegOpenKeyExW
RegCloseKey
RegOpenKeyW
RegEnumKeyW
ADVAPI32.dll
ShellExecuteW
SHELL32.dll
ole32.dll
OLEAUT32.dll
VERSION.dll
SETUPAPI.dll
IPHLPAPI.DLL
WINMM.dll
PeekNamedPipe
GetSystemWindowsDirectoryW
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExA
NETAPI32.dll
.?AV?$CRefObject@UIUrlParts@URLMisc@Utils@@@@
.?AUIUrlParts@URLMisc@Utils@@
.?AVCUrlParts@@
.?AVCURL@URLMisc@Utils@@
.?AV?$EnableIntrusive@VCURL@URLMisc@Utils@@@@
zcÁ
.?AVReportInfo@BaiduRepair@@
*.yUW
.?AVKeyValue@zeus@sw@@
.?AVKeyVersion@zeus@sw@@
.?AV?$enable_shared_from_this@Vclient@http@bena@@@boost@@
.?AVclient@http@bena@@
.?AVrequest@http@bena@@
.?AVheader@http@bena@@
.?AV?$bind_t@XV?$mf5@XVRpcClient@protocol@bena@@ABVresponse@http@3@Vconst_buffer@asio@boost@@IVerror_code@system@8@H@_mfi@boost@@V?$list6@V?$value@V?$shared_ptr@VRpcClient@protocol@bena@@@boost@@@_bi@boost@@U?$arg@$00@3@U?$arg@$01@3@U?$arg@$02@3@U?$arg@$03@3@V?$value@H@23@@_bi@3@@_bi@boost@@
.?AV?$_Ref_count@V?$vector@V?$basic_resolver_entry@Vtcp@ip@asio@boost@@@ip@asio@boost@@V?$allocator@V?$basic_resolver_entry@Vtcp@ip@asio@boost@@@ip@asio@boost@@@std@@@std@@@tr1@std@@
.?AV?$service_base@V?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@@detail@asio@boost@@
.?AV?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@
.?AV?$service_base@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@
.?AV?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@
.?AV?$typeid_wrapper@V?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@@detail@asio@boost@@
.?AV?$typeid_wrapper@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@
.?AVresponse@http@bena@@
.?AV?$Singleton@VCReportMgr@Report@@$00@@
.?AVCReportMgr@Report@@
.?AVCReportData@Report@@
.?AVIReportMgr@Report@@
.?AVIReportData@Report@@
.?AV?$sp_counted_impl_p@VTransportMgr@Report@@@detail@boost@@
.?AV?$sp_counted_impl_p@VCReportEvent@Report@@@detail@boost@@
.?AVCReportClient@Report@@
.?AV?$Thread@U?$BindMember0@VTransportMgr@Report@@P812@AEXPAX@Z@fund@@@fund@@
.?AV?$EnableIntrusive@VCReportResponseHandler@Report@@@@
.?AVCReportResponseHandler@Report@@
.?AVCReportNetComm@Report@@
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
7 7}7L7z7
<'<<<]<{<
4O4j6
3 424=4\4
0q0
2o:t:
02D2
5 5$5(5,5054585
<&=7=&>4>
8 8$8(8,8
"0'0.040
4 4$4(4%9
0$131<1`1
'0.070>0
1 1$1(1,10141
2 2$2(2,2024282<2
5 5$5(5,50545
? ?<?@?`?
Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
%sAccount\%I64u\
%sAccount\Default\
Utils.dll
hXXp://
hXXps://
89F3CC4B-0091-49B0-81A6-188CFF582735
login
webkit-404
url-safe
res://LocalPages.dll/
://login/
://webkit-404/
4%d.dat
Global\{EB19B4E1-D804-4FF6-B8B2-61530127D102}
edu.cn
gov.cn
org.cn
net.cn
com.cn
.travel
.name
.museum
.mobi
.jobs
.info
.coop
.asia
.arpa
.aero
Msgrs:
webcal://
sPTF://
ssh://
keyparc://
chrome://
https:\\
http:\\
/%ProgramFiles%\Internet Explorer\IExplore.exe
01234567890
0123456789
wVVV.
URL Protocol
https:
http:
---COMPOUDDOC---pStream->SetSize error %x
---COMPOUDDOC---pStream->Write error %x
---COMPOUDDOC---pStream->Stat error %x
.site
app-error.html
restore-page.html
ssl-error.html
crash.html
webkit-404.html
404.html
connection-error.html
connection-fail.html
login.html
aladdin.html
index.html
bookmarks.html
history.html
settings.html
40.0.0.1
0.0.0.0
0123456789:
.blank
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
mscoree.dll
KERNEL32.DLL
WUSER32.DLL
HKEY_LOCAL_MACHINE\Software
HKEY_CURRENT_USER\Software\Classes\CLSID
HKEY_CURRENT_USER\Software\Classes\DirectShow
HKEY_CURRENT_USER\Software\Classes\Interface
HKEY_CURRENT_USER\Software\Classes\Media Type
HKEY_CURRENT_USER\Software\Classes\MediaFoundation
HKEY_CLASSES_ROOT\CLSID
HKEY_CLASSES_ROOT\DirectShow
HKEY_CLASSES_ROOT\Interface
HKEY_CLASSES_ROOT\Media Type
HKEY_CLASSES_ROOT\MediaFoundation
HKEY_LOCAL_MACHINE\Software\Wow6432Node
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\CLSID
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\DirectShow
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Interface
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Media Type
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\MediaFoundation
HKEY_CLASSES_ROOT\Wow6432Node\CLSID
HKEY_CLASSES_ROOT\Wow6432Node\DirectShow
HKEY_CLASSES_ROOT\Wow6432Node\Interface
HKEY_CLASSES_ROOT\Wow6432Node\Media Type
HKEY_CLASSES_ROOT\Wow6432Node\MediaFoundation
.[Zebra::CPathCloudControl::Init] InitProductParam(ver:%s, supplyid:%d)
HB_CMD_ZEBRA_CONFIG Version String = %d
HB_CMD_ZEBRA_CONFIG Version 0
[Zebra::CRepairCloudData::StartRequest] req.IsNotInitialized
[Zebra::CRepairCloudData::HandleResponse] errcode=%d
Zebra::Start Request because request failed, time interval = %d
[Zebra::CRepairCloudData::OnResponse] cc_resp.result() != ERROR_SUCCESS
[Zebra::CRepairCloudData::OnResponse] cc_resp.action_map_size() == 0
[Zebra::CRepairCloudData::OnResponse] oActionMap.actions_size() <= 0
[Zebra::CRepairCloudData::ParseAction] oAction.kv_configs_size() <= 0
[Zebra::CRepairCloudData::ParseAction] oAction.kv_configs_size() = %d
[Zebra::CRepairCloudData::ParseAction] oKVConfig.configs_size() <= 0
sZebra::Repair cloud data RepairTimes =%d
Zebra::Repair cloud data repairInterval =%d
Zebra::Repair cloud data repairForce =%d
Zebra::Update cloud version ver=%d
.Zebra::CBrpReport***ReportNoRepair Start
Zebra::CBrpReport***ReportRepairFailed Start
dZebra::CBrpReport***ReportRepairSuccess Start
Zebra::CBrpReport***ReportNoPullUpCloudData Start
Zebra::CBrpReport***ReportPullUpCloudDataFailed Start
Zebra::CBrpReport***ReportPullUpCloudDataSuccess Start
Zebra::Launch=%d
Baidu.exe
Zebra::DoWork Get Repair Info repairTime=%d, intervaly=%d, forceRepair=%d
Zebra::DoWork Check exe No Repair
Zebra::DoWork Start repair zebraPath=%s
Zebra::DoWork no get cloud data, start baidu exe
Zebra::DoWork Start baidu's exe
Zebra::RepairTool No repair dataReport, reason=%d
Zebra::RepairTool repair failed dataReport, reason=%d
Zebra::RepairTool repair success dataReport
Software\Microsoft\Windows\CurrentVersion\Run
Zebra::CPbFileUtils::SetPbFileContent repair time=%d
Zebra::CPbFileUtils::SetPbFileContent get file failed error=%d
common\ZerbaReport.pb
\BDZebraSDK.dll
\Baidu.exe
shlwapi.dll
.ntdll.dll
\StringFileInfo\xx\FileVersion
%u.%u.%u.%u
bdlog.dll
pipe
GID_REPORT
GID_BAIDU_MSGPUSH
~RpcClient request_times=%d timeout_times=%d internal_req_times=%d
tRpcClient request_times=%d
AsyncRpcRequest serviceID=%d msgType=%d seq=%d
HandleRecv UnpackOK !! serviceID=%d msgType=%d seq=%d error=%d transfer_costtime=%d
HandleRecv Unpack Error !! serviceID=%d error=%d
HandleRecv CallBack !! serviceID=%d msgType=%d seq=%d error=%d callback_costtime=%d
SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
\\.\Scsi%d:
\verify.db
Pack addr=%p split_value=%d uid=%I64u
Init SoftParam local_ver=%d g_ver=%d
Init AccountParam local_ver=%d g_ver=%d
InitRequestPortoHeader sig_len=%d split_value=%d uid=%I64u
InitRequestPortoHeader Clear AccountParam
Update AccountParam local_ver=%d g_ver=%d
UpdateAccountParam sig_len=%d split_value=%d uid=%I64u
UpdateSoftParam local_ver=%d g_ver=%d
client internal_req_times=%d
pclose_for_destruct session=%d
close session=%d
async_request_coro send request !! seqno=%d
psubkey(%d):
key(%d):
val(%d):
<--- Pack(%d) Begin--->
a<----Pack(%d) End--->
2CanReport
BanReportID
2TransportMgr create
rpt.dat
TransportMgr CacheFileName=%s
DataReport::LoadPacketData Read %s failed, error=%u!
DataReport::LoadPacketData Read %s success, but the file is empty!
DataReport::LoadPacketData Read %s success, filesize = %u
DataReport::LoadPacketData Read %s success, get %d records!
pCReportNetComm create
kernel32.dll
.html
ddddddd
19000000000000000
Software\Microsoft\Windows NT\CurrentVersion\Time Zones\
Software\Microsoft\Windows NT\CurrentVersion\ProfileList\
Software\Microsoft\Windows NT\CurrentVersion\Print\
Software\Microsoft\Windows NT\CurrentVersion\Ports\
Software\Microsoft\Windows NT\CurrentVersion\Perflib\
Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\
Software\Microsoft\Windows NT\CurrentVersion\Language Pack\
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Software\Microsoft\Windows NT\CurrentVersion\Gre_Initialize\
Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\
Software\Microsoft\Windows NT\CurrentVersion\Fonts\
Software\Microsoft\Windows NT\CurrentVersion\FontMapper\
Software\Microsoft\Windows NT\CurrentVersion\FontLink\
Software\Microsoft\Windows NT\CurrentVersion\FontDpi\
Software\Microsoft\Windows NT\CurrentVersion\Console\
Software\Microsoft\Windows\CurrentVersion\Telephony\Locations\
Software\Microsoft\Windows\CurrentVersion\Setup\
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\
Software\Microsoft\Windows\CurrentVersion\Policies\
Software\Microsoft\Windows\CurrentVersion\Group Policy\
Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap\
Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\
Software\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes\
Software\Microsoft\Windows\CurrentVersion\App Paths\
Software\Microsoft\SystemCertificates\
Software\Microsoft\EnterpriseCertificates\
system32\winlogon.exe
\Global.db
3HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
iphlpapi.dll
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\config\
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\bp\brp.exe
1.0.0.1
BaiduRepair.exe

SearchFilterHost.exe_2228:

.text
`.data
.rsrc
@.reloc
ADVAPI32.dll
ntdll.DLL
KERNEL32.dll
msvcrt.dll
USER32.dll
ole32.dll
OLEAUT32.dll
TQUERY.DLL
IMM32.dll
MSSHooks.dll
mscoree.dll
SHLWAPI.dll
d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrhost\bufstm.cxx
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp
RegDeleteKeyW
RegDeleteKeyExW
8%uiP
d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx
Invalid parameter passed to C runtime function.
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp
-d-d-d-d-d-d-d-%d
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
ReportEventW
_amsg_exit
SearchFilterHost.pdb
version="5.1.0.0"
name="Microsoft.Windows.Search.MSSFH"
<requestedExecutionLevel
3 3(30383|3
kernel32.dll
Software\Microsoft\Windows Search
SOFTWARE\Microsoft\Windows Search
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
Windows Search Service
tquery.dll
advapi32.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
<Exception><HR>0xx</HR><eip>%p</eip><module>%S</module><line>%d</line></Exception>
Software\Microsoft\Windows Search\Tracing
Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported
Software\Microsoft\Windows Search\Tracing\EventThrottleState
<MSG>
<ERR> 0xx=
<LOC> %S(%d) </LOC>
tid="0x%x"
pid="0x%x"
tagname="%S"
tagid="0x%x"
el="0x%x"
time="d/d/d d:d:d.d"
logname="%S"
</MSG></TRC>
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}
.\%s.mui
.\%s\%s.mui
%s\%s.mui
%s\%s\%s.mui
%s\%s
winhttp.dll
Microsoft Windows Search Filter Host
7.00.7601.17610 (win7sp1_gdr.110503-1502)
SearchFilterHost.exe
Windows
7.00.7601.17610

BaiduRenderClient.exe_3112:

.text
`.rdata
@.data
.rsrc
@.reloc
CreateWebRender
RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegDeleteKeyTransactedW
RegDeleteKeyExW
N:\web_render_sdk\out\release\web_render_service.exe.pdb
web_base.dll
GetProcessHeap
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
KERNEL32.dll
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
ADVAPI32.dll
ole32.dll
OLEAUT32.dll
USER32.dll
MSVCP120.dll
MSVCR120.dll
_calloc_crt
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtGetShowWindowMode
_amsg_exit
_wcmdln
__crtSetUnhandledExceptionFilter
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
3"3)343\3|3
7 7(7,74787
Advapi32.dll
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
bdlog.dll
%d Instances,%s
pipe
web_render_service.exe
service-exe
chrome
chromecore-dir
Web Render Service
%s [%s] {
} %s [%s] [%d ms]
} %s [%d ms]
web_render_stub.dll
web_render_stub_child.dll
web_render::WebRenderFactory::CreateWebRender
Framework.Stub;
LoadLibrary,Last Error %d,%s
;HTTP\Engine.dll
8.5.10241.224\TSWebMon.dat
\atiu9pag.dll
\WebPlugin\IscNsp.dll
kswebshield.dll
kspcore.dll
kswbc.dll
kwsui.dll
WebMon.dll
BDWebGuard.dll
WebMonHook.dll
QvodWebBase.dll
XIAOCHENPY.IME
adsNet32.dll
adsPop32.dll
EDPWinsockSpi.dll
TortoiseSVN32.dll
TortoiseStub32.dll
libsvn_tsvn32.dll
libsasl32.dll
libaprutil_tsvn32.dll
libapr_tsvn32.dll
intl3_tsvn32.dll
TortoiseOverlays.dll
ntdll.dll
AcGenral.dll
nvd3d9wrap.dll
%s\..\web_browser_trident_plugin.dll
web_browser_trident_plugin.dll
ekernel32.dll
\\.\pipe\crashservice.%d.%d.%d
AddVectoredExceptionHandler %x
SetUnhandledExceptionFilter %x
kernelbase.dll
start breakpad client %s
dbghelp.dll
rpcrt4.dll
%s\%s.dmp
x-x-x-xx-xxxxxx
1.2.201.132

BaiduRenderClient.exe_3112_rwx_00060000_00001000:

C:\Windows\system32\bbnethlp.dll

BaiduRenderClient.exe_3112_rwx_00090000_00001000:

ntdll_ZwOpenKeyEx
;.WSH;.MSC

BaiduRenderClient.exe_3112_rwx_00092000_00001000:

PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
SystemRoot=C:\Windows
windir=C:\Windows
windows_tracing_flags=3
windows_tracing_logfile=C:\BVTBin\Tests\installpackage\csilogfile.log
OCIATIONS\HTTP\USERCHOICE
WARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTPS\USERCHOICE
ware\microsoft\windows\shell\associations\urlassociations\https\userchoice

BaiduRenderClient.exe_3112_rwx_17A0A000_000F5000:

Ph%2u


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Scan a system with an anti-rootkit tool.
  2. Terminate malicious process(es) (How to End a Process With the Task Manager):

    Baidu.exe:2596
    Baidu.exe:1640
    Baidu.exe:2876
    Baidu.exe:2592
    Baidu.exe:1772
    Baidu.exe:2548
    Baidu.exe:3604
    Baidu.exe:3820
    Baidu.exe:1916
    brp.exe:2276
    Baidu_Setup_3.1.200.2978_ftn_1050123723.exe:2544
    BaiduUpdate.exe:940

  3. Delete the original Trojan file.
  4. Delete or disinfect the following files created/modified by the Trojan:

    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\Baidu_Setup_3.1.200.2978_ftn_1050123723[1].exe (2206750 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshA2C4.tmp (75405 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\2.ico (5520 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Baidu_Setup_3.1.200.2978_ftn_1050123723.exe (1974641 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshA2C5.tmp\System.dll (23 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\FEP54WXI.txt (111 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\CommonWorker.dll (61 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\bdlog.dll (40 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Hermes.dll (159 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Heartbeat.dll (221 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\百度\百度.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\百度.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\百度\卸载百度.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\Desktop\百度.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\百度.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\uninst.exe (221 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduReport.dll (376 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Utils.dll (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Report.dll (118 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\msvcr100.dll (774 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\msvcp100.dll (421 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Base.dll (806 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\complete.txt (248 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\icudtl.dat (780 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\chrome_100_percent.pak (963 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\locales\en-US.pak (214 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin_pack\4f03c9f6263fa20679b486a9424243c8.7z.bdl (192392 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin_pack\InstallingPlugins.xml (243 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\PepperFlash\pepflashplayer.dll (2721 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\resources.pak (2721 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\LocalPluginInfo.xml (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\libexif.dll (309 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin_pack\UninstalledPlugins.xml (261 bytes)
    C:\ProgramData\Baidu\Desktop\Global.db (16 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\chrome_200_percent.pak (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\libGLESv2.dll (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\d3dcompiler_47.dll (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\complete_check_list.pb (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\chromecore.dll (7427 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\PepperFlash\manifest.json (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\locales\zh-CN.pak (213 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\libEGL.dll (80 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\manifest.json (749 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin_pack\PackCache.xml (239 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\completelist.txt (263 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\PluginSetup.xml (762 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\chrome_100_percent.pak (7345 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_ipc.dll (77 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_message.dll (409 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\searchbar_in_tips\searchbar_in_tips.pb (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\icudtl.dat (76782 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_common.dll (20 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\settings\custom_setting.db (2334 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\complete.txt (248 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_common.dll (663 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\pb\103.pb (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\resources.pak (131213 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\Upd.dat (23 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\UIFrame.dll (131 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\libEGL.dll (601 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\CloudJSInject\CloudJSInject.xml (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\lapuda\appstorage_user.db-journal (512 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Protocol.dll (372 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\libGLESv2.dll (10177 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\config\searchbar_in_tips.dat (50 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDDocker.exe (45 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\chromecore.dll (392052 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\resourceSug.pb (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\MainUIHandler.dll (49 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\completelist.txt (263 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LogicModel.dll (291 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\manifest.json (749 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\chrome_200_percent.pak (8281 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\d3dcompiler_47.dll (23811 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BrowserUIHandler.dll (49 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\PepperFlash\pepflashplayer.dll (132143 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BrowserUI.dll (806 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\histroy\history.db (145 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\libexif.dll (1425 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\complete_check_list.pb (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BrowserCore.dll (360 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDMSkin.dll (49 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\lapuda\appstorage_nonuser.db-journal (512 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\PepperFlash\manifest.json (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\ZerbaReport.pb (29 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\force_sug\taskbar_force_sug_backup.pb (21 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Peseus.dll (20 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_proxy.dll (299 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\PluginSetup.xml (762 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\locales\en-US.pak (1281 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\pb\100.pb (920 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\account\user_cert_id.cert.bk (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\cloud_games.pb (36 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\UICommonHandler.dll (159 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\locales\zh-CN.pak (1281 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\UICommon.dll (151 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\MainUI.dll (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\force_sug\medusa_navigateinfo.pb (562 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\histroy\history.db-journal (512 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_browser_chrome.dll (196 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Extension State\000003.log (221 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\5A9D.tmp (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Extension State\LOG (153 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Cache\data_1 (17840 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Cache\data_0 (49052 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Cache\data_3 (7832 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Cache\data_2 (968 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Extension State\000001.dbtmp (20 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Cache\index (368 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Extension State\MANIFEST-000001 (75 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_protocol.dll (49 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_stub.dll (589 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_browser_trident.dll (692 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Cache\f_000001 (36 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\history.html (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\youxijiasuqi\2.0.800.1325\skinres.rdb (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\weixin\1.0.0.8\completelist.txt (30 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\general.png (379 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\button-search-input.png (332 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Baidu.exe (48588 bytes)
    C:\ProgramData\Baidu\Common\Global.db (100 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\weixin\1.0.0.8\complete_check_list.pb (192 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\font\open-sans\OpenSans-Light-webfont.woff (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\CommonRes_win10.rdb (3104 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\request.js (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-checkbox-unchecked.png (361 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\DD_belatedPNG_0.0.8a-min.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\res\js\api.js (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\bookmarks.css (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\BaiduRenderClient.exe (2392 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\game\1.0.0.3\skinres.rdb (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\icon-tree-search-ie8.png (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\history_mods.js (6360 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-bottom-center.png (179 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\fe\fe.html (498 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\msvcp120.dll (15536 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\UsualNames.pb (421 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\ie-fix.css (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\Base.dll (28310 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\box-shadow.css (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\arrow-png8.png (260 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\msvcr100.dll (26598 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\icon-clear-new.png (451 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\search-button.png (299 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\youxijiasuqi\2.0.800.1325\completelist.txt (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\img\1px.png (947 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Tips_win10.rdb (1568 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\fe\js_cmd(start_request).html (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-radio-tooltip-png8.png (329 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-center-right.png (162 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\webkit-404.html (9 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\test\res\test.js (197 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\map.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\mb_setup.log (44236 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\BDSearchBar_win7.rdb (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\core.css (662 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\MsgPush.rdb (14384 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\button-refresh.png (562 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDDockerX64.exe (12720 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\ImportBookmark.rdb (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\BaiduReport.dll (12912 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\pack_z.png (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\folder-arrow-hover-png8.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\Utils.dll (33264 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\fe\js_cmd.html (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-top-center.png (158 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\MsgPush.dll (32848 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\Software.pb (9984 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduBugRpt.exe (33888 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\atl100.dll (10128 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\screensnapshot.exe (29256 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\bdminiopenssl.dll (30336 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\history.css (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\icon-clear-general-png8.png (841 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\global.js (6360 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\font\open-sans\OpenSans-Light-webfont.eot (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\BrowserFrame_win10.rdb (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-button-search.png (382 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-top-right.png (260 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\game\1.0.0.3\JoystickService.dll (6360 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\res\css\img\200x\item-arrow.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\browsershowcut.ico (24048 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\crash.html (9 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-radio-unchecked.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\utils\ua.html (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\png8-dialog-close.png (386 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\BrowserFrame_win7.rdb (10 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\BDSearchBar_win10.rdb (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Tips_win7.rdb (1568 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-radio-checked.png (1 bytes)
    C:\Windows\System32\drivers\bbnetdriver.sys (230 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Update_win10.rdb (10 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\connection-error.html (1552 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\dialog-button-png8.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduAssistant.exe (27168 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\test\res\test.css (646 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\crash.html (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\BDSearchBar.rdb (14384 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\msgconfig.pb (142 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\game\1.0.0.3\complete_check_list.pb (300 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\game\1.0.0.3\completelist.txt (51 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\DeskGuide.exe (26736 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduUpdate.exe (35696 bytes)
    C:\Windows\System32\bbnetservice.dll (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDDockerX64.dll (13168 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\connection-fail.html (10 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\CommonRes_win7.rdb (3104 bytes)
    C:\Windows\System32\bbugreport.exe (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\AppPluginState_Install.xml (201 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\game\1.0.0.3\PluginSetup.xml (502 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\test\icon\test.png (1856 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\font\open-sans\OpenSans-Light-webfont.ttf (1552 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-bottom-left.png (301 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Setting_win10.rdb (12 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\error-pages.css (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\appBlackList.dat (10 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\app-error.html (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\DetectVm.dll (4784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\bp\brp.exe (7345 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\favicon.ico (5 bytes)
    C:\Windows\System32\bbnethlp64.dll (169 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\test\test.html (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\MsgPush_win10.rdb (1568 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-button-new.png (977 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\brp.exe (61936 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\res\css\img\150x\icon-crash.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-bottom-right.png (299 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\img\logo_blank.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\mod.js (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\skinres.rdb (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\auto_complete\top_site.db (10128 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-top-left.png (245 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\res\css\img\125x\icon-crash.png (2 bytes)
    C:\ProgramData\Baidu\XCommon\verify.db (100 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\img\default-icon.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\font\open-sans\OpenSans-Light-webfont.svg (4992 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsnC6D8.tmp (848881 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\completelist.txt (64 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\icon-clear-new-8.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\CommonRes.rdb (28368 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Setting.rdb (20 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Update.rdb (4784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\bookmark\bookmark.db (20 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BIDULocationService.dll (40832 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\GlobalPluginInfo.xml (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Tips.rdb (1568 bytes)
    C:\Windows\System32\bbnethlp.dll (203 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\popwindow.rdb (3104 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\youxijiasuqi\2.0.800.1325\PluginSetup.xml (523 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\config\136.dat (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\button-baidu-search.png (379 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduService.exe (18640 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\minibaiduscheme.pb (1512 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\msvcr120.dll (32128 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDZebraSDK.dll (362791 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\ssl-error.html (1552 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\youxijiasuqi\2.0.800.1325\complete_check_list.pb (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\MsgCenter_96.rdb (30 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\msvcp100.dll (14605 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\folder-arrow-png8.png (292 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\connection-error.html (9 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\bookmarks_z.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\json2.js (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-checkbox-checked.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-center-left.png (161 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\history_z.png (11 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\PluginSetup.xml (637 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Download.rdb (12 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\System.dll (804 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\jssdk-v2.js (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\res\css\img\200x\history_icon.png (743 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\BrowserFrame.rdb (3712 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\res\img\loading.gif (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\weixin\1.0.0.8\skinres.rdb (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\res\css\img\125x\history_icon.png (466 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\InstallHelper.dll (9573 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\error.html (734 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\res\css\img\200x\icon-crash.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\png8-dialog.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-button.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Update_win7.rdb (12 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\BDMSkin.dll (60235 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\folder.png (276 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\xml.rdb (20272 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\favicon.ico (9 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Download.dll (4784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\reset.css (826 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\complete_check_list.pb (392 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_stub_child.dll (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\res\css\img\150x\history_icon.png (566 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\MsgPush_win7.rdb (1568 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\popup.html (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\pack.css (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDDocker.dll (11040 bytes)
    C:\Windows\System32\plugins\config.xml (59 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\dl.dll (65648 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\PluginMgr.dll (35696 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\SuggestionWnd.rdb (1568 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\ExternalMgr.dll (13168 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\icon-clear-general.png (866 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\ssl-error.html (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\Report.dll (5110 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\res\js\common.js (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\head-star-png8.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\connection-fail.html (1552 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\res\InstallWnd.zip (6584 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_base.dll (10136 bytes)
    C:\Users\Public\Documents\bbnetservice\bbconfig.dat (164 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\holderpage\holderpage.html (133 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-button-search-large.png (408 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\default.ico (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\404.html (1856 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\bookmarks.html (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Setting_win7.rdb (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\bookmarks_mods.js (1856 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\Protocol.dll (12908 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\icon-connect.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-textbox.png (601 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\complete-png8.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Update.dll (11040 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\game.ico (24048 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\respond.min.js (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\jietuDll.dll (2392 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\res\css\img\150x\item-arrow.png (794 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\icon-404.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\res\js\common.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_browser_trident_plugin.dll (1552 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\weixin\1.0.0.8\PluginSetup.xml (638 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\InstallerUpdate\Baidu_Setup_3.2.200.3069_Full.exe.bdl (516232 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\BDDownload\3518413350\Setting\host.dat (260 bytes)

  5. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "BaiduClient" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Baidu.exe --auto-run"

  6. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  7. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2025 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now