Sample_344387b34f

by malwarelabrobot on September 25th, 2014 in Malware Descriptions.

mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Malware

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: 344387b34f1ba91163b99a48e6b6deba
SHA1: d300bfa42dfdcc80252e31a5d376004e8a2405ee
SHA256: 5196c4f5226d32bb8df294568cacd4df4cdb4e7236beaa1ca91f805f3377f6e3
SSDeep: 24576:AOeohf6Uf7cHcgoRg2vs66b1U90isTu74prMRe6PL7IY8cX2HisNFbyFgVKCM:mAiUfI8nu2E66bgR3L7r8iZuP2
Size: 1906424 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2012-02-24 21:19:59
Analyzed on: WindowsXPESX SP3 32-bit

Summary:

Malware. Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.

Payload

No specific payload has been found.

Process activity

The Malware creates the following process(es):

BaiduSd.exe:1376
regsvr32.exe:2632
BaiduHips.exe:1164
BaiduHips.exe:1888
BaiduSdSvc.exe:1600
BaiduSdSvc.exe:1112
BDSGBugRpt.exe:1112
BaiduProtect.exe:2980
RegSvr32.exe:452
RegSvr32.exe:1528
RegSvr32.exe:1440
%original file name%.exe:632
netsh.exe:2588
BDKVWsc.exe:2680
BDKVWsc.exe:1980
mscorsvw.exe:172
bddownloader.exe:2172
MsiExec.exe:1760
MsiExec.exe:948

The Malware injects its code into the following process(es):

bddownloader.exe:2932
services.exe:764
svchost.exe:1088
Explorer.EXE:2032

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process BaiduHips.exe:1164 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.1.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.7.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduAn_HipsClient_2.1.xml (2 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (18 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.6.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.8.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\hips_customer.xml (220 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.7.dll (3897 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.3.dll (6347 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\MANIFEST-000002 (4 bytes)
%WinDir%\Temp\TarC8.tmp (2784 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.6.dll (3897 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduAn_HipsClient_2.2.xml (2 bytes)
%WinDir%\Temp\CabC7.tmp (56 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduAn_HipsClient_2.3.dll (6841 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.8.dll (2321 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.3.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.2.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\smr.dat (37839 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduAn_HipsClient_2.3.xml (2 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (56 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.6.dll (5873 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.6.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.2.dll (7972 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduAn_HipsClient_2.2.dll (9098 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduAn_HipsClient_2.1.dll (9098 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.7.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.8.dll (1728 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (408 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.8.xml (17 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\MANIFEST-000002 (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.1.dll (7972 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.5.dll (7972 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.5.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.5.dll (8657 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.7.dll (5873 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (408 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.5.xml (17 bytes)

The Malware deletes the following file(s):

%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.1.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.7.xml (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\CURRENT (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.6.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.8.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.7.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.3.dll (0 bytes)
%WinDir%\Temp\TarC8.tmp (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.6.dll (0 bytes)
%WinDir%\Temp\CabC7.tmp (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.3.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.2.xml (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\CURRENT (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.2.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.8.dll (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\MANIFEST-000001 (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.1.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.5.dll (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\MANIFEST-000001 (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.5.xml (0 bytes)

The process BaiduHips.exe:1888 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMUpdate.dll (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMReport.dll (1425 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\hips_customer.xml (75 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMNet.dll (5873 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDConfig.dll (3073 bytes)
%System%\drivers\bd0002.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\bd0002.dll (3073 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMFrameWork.dll (1425 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch.7z (7433 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMAVEng.dll (4545 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\systemfile.dat (3 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMDownload.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMBase.dll (7345 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDLogicUtils.dll (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\x64\bd0001.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMPatchAgent.dll (41 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\hips_product.xml (291 bytes)
%System%\drivers\bd0001.sys (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\NetService.ini (615 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BaiduHips.exe (8657 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\x86\bd0001.sys (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\hips_self_enc.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\DriverManager.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\x86\bd0002.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMMsg.dll (49 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMTinyXml.dll (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMLog.dll (45 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\bd0001.dll (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\bd0002.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\blacksign.dat (852 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDPerflog.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\TrustAndIso.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BaiduHipsUpdate.exe (39 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\cache_config.dat (469 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMStringUtils.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BaiduHipsBugRpt.exe (3361 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\bd0001.sys (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\x64\bd0002.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\placeholder_tmp (11 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\InstallCfg.xml (177 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMAVCached.dll (1425 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\wverify.dat (15019 bytes)

The Malware deletes the following file(s):

%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\x64\bd0001.sys (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\x86 (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\x86\bd0001.sys (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\x64 (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\x64\bd0002.sys (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\x86\bd0002.sys (0 bytes)

The process BaiduSdSvc.exe:1600 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Application Data\Baidu\baidusd\FileSignDB\MANIFEST-000002 (4 bytes)
%System%\config\SYSTEM.LOG (15411 bytes)
%System%\config\software (38871 bytes)
%System%\config\SOFTWARE.LOG (39198 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\IsolationDB.db-journal (532 bytes)
%System%\drivers\BDMWrench.sys (601 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\privacy.db-journal (532 bytes)
%System%\config\system (7919 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\white_list.db (145 bytes)
C:\$Directory (688 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\CachedDB_1\MANIFEST-000002 (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\privacy.db (149 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\IsolationDB.db (149 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\white_list.db-journal (512 bytes)

The Malware deletes the following file(s):

%Documents and Settings%\All Users\Application Data\Baidu\baidusd\FileSignDB\MANIFEST-000001 (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\FileSignDB\CURRENT (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\IsolationDB.db-journal (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\privacy.db-journal (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\CachedDB_1\CURRENT (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\CachedDB_1\MANIFEST-000001 (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\white_list.db-journal (0 bytes)

The process BaiduProtect.exe:2980 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Data\cache.db (149 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Data\kv.db-journal (532 bytes)
%System%\drivers\BDSafeBrowser.sys (54 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Data\kv.db (149 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Data\apps.db-journal (10908 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Data\apps.db (3134 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Data\cache.db-journal (532 bytes)

The Malware deletes the following file(s):

%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Data\kv.db-journal (0 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Data\apps.db (0 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Data\cache.db-journal (0 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Data\apps.db-journal (0 bytes)

The process %original file name%.exe:632 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDSGBugRpt.exe (5441 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\drivers\BDArKit.sys (673 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdRepair.exe (1744 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\app.ico (34 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\BaiduProtect.exe (12288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\SafeBrowserDll.dll (287 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\websafe\WebMonBHO.dll (1609 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMSkin.dll (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\699a753a89cb10ec8ba7f17426d84102.bdt (4 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\vcrt.msi (3742 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDShellExt.dll (1707 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdSvc1.exe (3889 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDCooly.dll (90 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\Config\806.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\GCCommunicate.dll (41 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\ad.dll (1859 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\BDMNet.dll.bdl (29010 bytes)
%System%\drivers\bd0004.sys (673 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (32 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\Config\804.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsClient.xml (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\BDLogicUtils.dll (30968 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMUpdate.dll (160 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Budv.dll (95 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMDownload.dll (1625 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMUpdate.dll (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.crt\msvcr80.dll (3705 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\patch\placeholder_tmp (11 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\TrayPlugin.rdb (268 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvtrayplugins\UserDetectionPlugin.dll (156 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDMNet.dll (7726 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkv\BDKVVirusPlugins.dll (1625 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\websafe\user_trusted_list.dat (125 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdTray1.exe (12289 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\plugins\BDSGRtp_PluginConfig.xml (680 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\cache_config.dat (469 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x64\win7\bd0003.map (34 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMMsg.dll (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.crt\microsoft.vc80.crt.manifest (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmsysrepair\BDMSREng.dll (291 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\7z.dll (2105 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\DriverManager.dll (673 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™.lnk (770 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe (9605 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\bd64_x86.dll (39 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\iexplore.exe.xml (528 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\virus_type.dat (1 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.ATL\microsoft.vc80.atl.manifest (466 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.CRT\msvcp80.dll (3361 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\KVCommonRes.rdb (28502 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDConfig.dll (1781 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\kav_verify.dat (677 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x86\win7\bd0003.sys (56 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\TrustAndIso.dll (312 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\BDMRepBase.dll (6371 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvrtpplugins\PrivacyProtect.dll (172 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\BavScanV.dll (66 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMAVCached.dll (303 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDPerflog.dll (123 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Download\7z.dll (1652 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\SafeExplorer.dll (176 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\tuopan.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\tmpx9occh.dll (71670 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\uninst.exe (1685 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.crt\msvcm80.dll (1760 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDMReport.dll (7433 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\app.ico (1623 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\bd0003.sys (55 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\LKHelper.7z (22433 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x86\winxp\bd0003.sys (55 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSd1.exe (1658 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.crt (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86\bd0004.sys (182 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDKVDownloadProtect_x64.dll (178 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\cache_config.dat (469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\bd0001.sys (104 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMAVEng.dll (3733 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\DriverManager.dll (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86\bd0001.sys (73 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\FTSysFixer\SysFixerConfig1.dat (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\BDArKit.sys (673 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\blacksign.dat (852 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\Config\810.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\monitor_config.dat (559 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDKitUtils.dll (601 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (1237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\hips.xml (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMDownload.dll (99 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.CRT\msvcr80.dll (4185 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\websafe\white_list.dat (1636 bytes)
%Documents and Settings%\All Users\Desktop\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™.lnk (758 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\DriverManager.dll (174 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMLog.dll (45 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\BavFrame.dll (66 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.CRT\msvcp80.dll (3361 bytes)
%System%\drivers\bd0003.sys (55 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\bduf.dll (1691 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvtrayplugins\BDKVRmvDevPlugin.dll (242 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.CRT\msvcm80.dll (3073 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\SafeExplorer_x64.dll (2321 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\hips_self_enc.xml (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKVUpdate.rdb (1674 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\drivers\BDMWrench.sys (1281 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\wverify.dat (12289 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\BavScanS.dll (66 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\drivers\x86\bd0002.sys (196 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\KVMainframe_PluginConfig1.xml (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMFrameWork.dll (283 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\BDMSkin.dll (38495 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\explugin\ieBaiduSDDetectPlug.dll (115 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\bdsg0002.dll (1708 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKV1.rdb (89 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMTinyXml.dll (181 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDKVDeskBand64.dll (125 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\hips.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\BDMDownload.dll (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\bd0004.sys (168 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\websafe\WebSafePlugin.dll (226 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™\Ã¥ÂÂ¸Ã¨Â½Â½Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™.lnk (743 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\BDMNet.dll (30 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.ATL\microsoft.vc80.atl.manifest (466 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\Pizmdb.7z (132160 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BP.dll (30058 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\33f59beac1c942dd19f41a7fd30f3f9b.bdt (647 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\TrayDldProtect.rdb (113 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\websafe\DllInject.dll (45 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\System.dll (784 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\scan_mgr_config.dat (5 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\licenses\directui license.txt (593 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\809.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\806.dat (3 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\baiduRepair.dll (673 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\drivers\x64\bd0002.sys (190 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\BDSGRtp_PluginConfig.xml (680 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\BDMAVEng.dll (3786 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\hips_customer.xml (75 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca (3626 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\BDMDownload.dll (108 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\NetService.ini (615 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\repairplugins\RepairPluginContainerConfig.xml (228 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\BDMRepMgr.dll (1634 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86 (4 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x64\win7\bd0003.sys (65 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\Config\811.dat (8 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\systemfile.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\BDKitUtils.dll (66 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\DesktopToast.exe (103 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.CRT\microsoft.vc80.crt.manifest (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\BDMReport.dll (5442 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Download\bddownloader.exe (7972 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\ad.dll (1746 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMNet.dll (6351 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\plugins\baiduRepair.dll (178 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMStringUtils.dll (66 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkv\KVMainframePluginContainerConfig.xml (384 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMReport.dll (287 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\BavEngine.dll (82 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64 (4 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKVQuarantine.rdb (10 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDLogicUtils.dll (316 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\bdcomproxy.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\SafeExplorer.dll (673 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDConfig.dll (1867 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\Database\bdmp.dat (32 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvtrayplugins\BDDownLoadProtectPlugin.dll (1752 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\SafeBrowserDll.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\plugins\BDSGRtp_ContainerConfig.xml (347 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\BDSGRtp_ContainerConfig.xml (347 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BaiduProtect.exe (14022 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\plugins\HIPS.dll (12288 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKVTray\TrayPlugin.rdb (1812 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.CRT\msvcr80.dll (4185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\SafeExplorer_x64.dll (1710 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDKVWsc1.exe (1671 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\bd0001.dll (131 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\FTSysFixer\SysFixerXMLScript.dat (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.atl\atl80.dll (97 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\dynplugins\BDSGRtpDyn_PluginConfig.xml (104 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\BDMPerfMon.dll (209 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\uninst.exe (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\BDLogicUtils.dll (3833 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\BavScanH.dll (49 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmsysrepair\BDMSRCore.dll (287 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDLogicUtils.dll (164 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\safebrowser.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\BDSGRtpDyn_ContainerConfig.xml (145 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x86\BDArKit.sys (132 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.ATL\atl80.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.CRT\msvcm80.dll (3073 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdUpdate.exe (5442 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Download\bdcomproxy.dll (70 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\ToastImage.png (5 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\websafe\WebMonHook.dll (320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\fileverify.xml (1 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\Config\901.dat (8 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\app.ico (34 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\Config\809.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\BDMNetGetInfo.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsdB5.tmp (161100 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\bd0002.dll (1749 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\dl.dll (14988 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\7z.dll (1649 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\res\onlineWnd.zip (16424 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\Database\bdvs.dat (5 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\patch.7z (5442 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\BDDownload\2032233599\Setting\host.dat (306 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.CRT\microsoft.vc80.crt.manifest (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMPatchAgent.dll (41 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\KVRtp_PluginConfig.xml (2 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\websafe\WebSafe.dll (7386 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\NetService.ini (615 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\Config\900.dat (8 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.CRT\microsoft.vc80.crt.manifest (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\804.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvtrayplugins\TrayPluginContainerConfig.xml (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMPatchAgent.dll (45 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\BDUDiskGuard.dll (201 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\BDMNet.dll (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fixsvc.dll (23407 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\explugin\npBaiduSDDetectPlug.dll (99 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86\BDMWrench.sys (209 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKVTray.rdb (40 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMWindowsLib.dll (99 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86\BDArKit.sys (132 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\GCCallbackBind.dll (41 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\Cooly_PluginConfig.xml (726 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\BavCommon.dll (226 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKVMC.rdb (161 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvrtpplugins\FileMon.dll (3700 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\drivers\BDSafeBrowser.sys (54 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.CRT\msvcr80.dll (4185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86\BDSafeBrowser.sys (54 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDMDownload.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.crt\msvcp80.dll (1835 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvrtpplugins\fm.dat (597 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\KVTray_PluginConfig.xml (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMBase.dll (6400 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\updlog.dll (15 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDKVMainFrame.dll (5442 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdBugRpt.exe (3782 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BaiduHipsUpdate.exe (39 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.ATL\atl80.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\BDMReport.dll.bdl (28762 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMEvents.dll (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\bd64_x64.dll (41 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\GameNoDisturb.ini (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\BDKitUtils.dll (66 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDShellExt64.dll (1720 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\Repair_PluginConfig1.xml (411 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDPerflog.dll (156 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.CRT\msvcm80.dll (3073 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKVTips.rdb (69 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\TrustAndIso.dll (78 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\ToastLogo.ico (1623 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\slbynsdh.dll.bdl (316550 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\HIPS.dll (14022 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\safebrowser.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\BDSGRtpDyn_PluginConfig.xml (104 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\SearchProtection.rdb (132 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\fileverify.xml (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\vatl.msi (182 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\repairplugins\baidusdRepair1.dll (168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\c1e34f06c619c930edcb862b30719b3f.bdt (631 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\dl.dll (65930 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\drivers\x86\bd0001.sys (70 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\ccesign.dat (1611 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\CompatibilityChecker.dll (160 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDLogicUtils.dll (5441 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\900.dat (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\BDArKit.sys (141 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x86\win7\bd0003.map (40 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmsysrepair\BSRLib.dat (141 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\dl.dll (14988 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMScriptVM.dll (213 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMFrameWork.dll (308 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMNet.dll (3901 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\uninst.exe (3913 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\FTSysFixer\SysFixerLuaScript.dat (117 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\blacksign.dat (852 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\drivers\bd0001.sys (601 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\drivers\bd0004.sys (673 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDKVDeskBand.dll (136 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\KavUpdate.dll (1658 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\901.dat (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.atl\microsoft.vc80.atl.manifest (466 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\811.dat (8 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKVConfig.rdb (144 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Download\dl.dll (12289 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\drivers\x64\bd0001.sys (174 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\BDSGBugRpt.exe (3858 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdUProxy64.exe (3791 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMReport.dll (1666 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x86\winxp\bd0003.map (38 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\GCScriptBind.dll (6400 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\InstallCfg.xml (177 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\hips_product1.xml (291 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMSDWrench.dll (99 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\SafeBrowserHelper.dll (55 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\coolyplugins\CoolyContainerConfig.xml (329 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\BDMAVCached.dll (1658 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\810.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\tips.xml (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMNetGetInfo.dll (322 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\systemfile.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BaiduHipsBugRpt.exe (1843 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\licenses\duilib license.txt (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvtrayplugins\BDKVTrayTipsPlugin.dll (197 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\BDSafeBrowser.sys (51 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x64\BDArKit.sys (141 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.ATL\atl80.dll (601 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMAVE.dll (258 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\hu.dll (3312 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\bdsg0001.dll (601 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\wverify.dat (12289 bytes)
%System%\drivers\BDArKit.sys (1346 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.ATL\microsoft.vc80.atl.manifest (466 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\KVFixerConfigMgr.dll (234 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.CRT\msvcp80.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\bdsg0001.dll (115 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMDbSqlite.dll (1867 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDKVDownloadProtect.dll (152 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvrtpplugins\RtpContainerConfig.xml (818 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\DriverManager.dll (115 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\ad.dll (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\dynplugins\BDSGRtpDyn_ContainerConfig.xml (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\plugins (4 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\BDMWrench.sys (726 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvrtpplugins\HIPSClient.dll (1740 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\BavScanM.dll (66 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BaiduHips1.exe (7972 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\7z.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\SafeBrowserHelper.dll (55 bytes)

The Malware deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\plugins\BDSGRtp_ContainerConfig.xml (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers_back\x86 (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers_back\x86\winxp\bd0003.map (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\plugins (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\vatl.msi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fixsvc.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.atl\microsoft.vc80.atl.manifest (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers_back\x86\win7\bd0003.map (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\vcrt.msi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\dynplugins\BDSGRtpDyn_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86\BDArKit.sys (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\900.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\BDArKit.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers_back\x86\BDArKit.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\dynplugins\BDSGRtpDyn_ContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.atl (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers_back\x64 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64 (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Download\bdcomproxy.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\plugins\HIPS.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86\BDMWrench.sys (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\901.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\plugins\baiduRepair.dll (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\811.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\plugins\BDSGRtp_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\bd0001.sys (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers_back\x64\win7\bd0003.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\Pizmdb.7z (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.crt (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers_back\x86\winxp\bd0003.sys (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers_back\x64\win7\bd0003.map (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.crt\microsoft.vc80.crt.manifest (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\bd64_x86.dll (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\809.dat (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Download\dl.dll (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\810.dat (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\806.dat (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\804.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\LKHelper.7z (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\BDSafeBrowser.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.crt\msvcr80.dll (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers_back\x86\win7\bd0003.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86\BDSafeBrowser.sys (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Download\7z.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsyB4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\dynplugins (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers_back\x86\win7 (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Download\bddownloader.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.crt\msvcm80.dll (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers_back\BDMWrench.sys (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers_back\x86\winxp (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers_back\x64\win7 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\bd0004.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\bd64_x64.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86\bd0004.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.crt\msvcp80.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.atl\atl80.dll (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers_back\x64\BDArKit.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86\bd0001.sys (0 bytes)

The process bddownloader.exe:2932 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%WinDir%\Temp\bdt\a698a77d83bc1d0bd60da931227c7d5a.bdt (71 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\dnw.xml.tmp.bdl (309 bytes)

The Malware deletes the following file(s):

%Program Files%\BaiduSd2.1\2.1.0.2625\dnw.xml.tmp.bdl (0 bytes)

Registry activity

The process BaiduSd.exe:1376 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EB 7C 08 8A D1 99 71 90 45 15 32 11 0E 64 21 D0"

The process regsvr32.exe:2632 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "25 65 E6 0B 09 53 DB 05 17 76 03 1A 3B 26 75 91"

[HKCR\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}]
"(Default)" = "IDownloader_2"

[HKCR\CLSID\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\InProcServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}]
"(Default)" = "PSFactoryBuffer"

[HKCR\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}\ProxyStubClsid32]
"(Default)" = "{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}"

[HKCR\CLSID\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\InProcServer32]
"(Default)" = "%Program Files%\Common Files\Baidu\BDDownload\108\bdcomproxy.dll"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}]
"(Default)" = "IDownloader"

[HKCR\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}\NumMethods]
"(Default)" = "6"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\NumMethods]
"(Default)" = "15"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid32]
"(Default)" = "{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}"

The process BaiduHips.exe:1164 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Services\bd0002]
"Description" = "bd0002"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Tag" = "1"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Type" = "1"
"ImagePath" = "system32\DRIVERS\bd0002.sys"

[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bddriver" = "02 00 00 00 01 00 00 00 02 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\System\CurrentControlSet\Services\bd0002]
"DisplayName" = "bd0002"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Type" = "1"

[HKLM\System\CurrentControlSet\Services\bd0002]
"ErrorControl" = "0"
"Group" = "bddriver"
"Tag" = "2"

[HKLM\System\CurrentControlSet\Services\bd0001]
"ImagePath" = "system32\DRIVERS\bd0001.sys"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "99 1B CA 5C 40 C2 4B 86 12 8B 41 2E C1 04 5B 2B"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Group" = "bddriver"
"DisplayName" = "bd0001"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640.bak, , \??\%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch.bak,"

[HKLM\System\CurrentControlSet\Services\bd0002]
"InstallDir_hips" = "%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640"

[HKLM\System\CurrentControlSet\Services\bd0001]
"ErrorControl" = "0"
"Description" = "bd0001"

[HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ParseAutoexec" = "1"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\bd0002]
"Start" = "1"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Start" = "1"

The Malware deletes the following value(s) in system registry:

[HKLM\System\CurrentControlSet\Services\bd0002]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\bd0001]
"DeleteFlag"

The process BaiduHips.exe:1888 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Services\bd0002]
"Description" = "bd0002"

[HKLM\SOFTWARE\Baidu\BaiduHips]
"InstallPath" = "%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BaiduHips.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\Baidu\BaiduHips]
"Version" = "1.0.0.640"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Type" = "1"
"ImagePath" = "system32\DRIVERS\bd0002.sys"

[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bddriver" = "02 00 00 00 01 00 00 00 02 00 00 00"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Tag" = "1"

[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bdsvcorder" = "04 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00"

[HKLM\System\CurrentControlSet\Services\bd0002]
"DisplayName" = "bd0002"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Type" = "1"

[HKLM\System\CurrentControlSet\Services\bd0002]
"ErrorControl" = "0"
"Group" = "bddriver"
"Tag" = "2"

[HKLM\System\CurrentControlSet\Services\bd0001]
"ImagePath" = "system32\DRIVERS\bd0001.sys"

[HKLM\System\CurrentControlSet\Services\BaiduHips]
"Group" = "bdsvcorder"

[HKLM\System\CurrentControlSet\Services\BDKVRTP]
"Tag" = "2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "72 73 69 7B 1A 54 9D E6 1F F4 C2 28 11 45 18 B9"

[HKLM\System\CurrentControlSet\Control\ServiceGroupOrder]
"List" = "System Reserved, Boot Bus Extender, System Bus Extender, SCSI miniport, Port, Primary Disk, SCSI Class, SCSI CDROM Class, FSFilter Infrastructure, FSFilter System, FSFilter Bottom, FSFilter Copy Protection, FSFilter Security Enhancer, FSFilter Open File, FSFilter Physical Quota Management, FSFilter Encryption, FSFilter Compression, FSFilter HSM, FSFilter Cluster File System, FSFilter System Recovery, FSFilter Quota Management, FSFilter Content Screener, FSFilter Continuous Backup, FSFilter Replication, bddriver, FSFilter Anti-Virus, FSFilter Undelete, FSFilter Activity Monitor, FSFilter Top, Filter, Boot File System, Base, Pointer Port, Keyboard Port, Pointer Class, Keyboard Class, Video Init, Video, Video Save, File System, Event Log, Streams Drivers, NDIS Wrapper, bdsvcorder, COM Infrastructure, UIGroup, LocalValidation, PlugPlay, PNP_TDI, NDIS, TDI, NetBIOSGroup, ShellSvcGroup, SchedulerGroup, SpoolerGroup, AudioGroup, SmartCardGroup, NetworkProvider, RemoteValidation, NetDDEGroup, Parallel arbitrator, Extended Base, PCI Configuration, MS Transactions"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Group" = "bddriver"
"DisplayName" = "bd0001"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640.bak,"

[HKLM\System\CurrentControlSet\Services\bd0002]
"InstallDir_hips" = "%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640"

[HKLM\System\CurrentControlSet\Services\bd0001]
"ErrorControl" = "0"

[HKLM\System\CurrentControlSet\Services\BaiduHips]
"Tag" = "1"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Description" = "bd0001"

[HKLM\System\CurrentControlSet\Services\BDKVRTP]
"Group" = "bdsvcorder"

[HKLM\SOFTWARE\Baidu\BaiduHips]
"InstallDir" = "%Program Files%\Common Files\Baidu\BaiduHips"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\bd0002]
"Start" = "1"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Start" = "1"

The Malware deletes the following value(s) in system registry:

[HKLM\System\CurrentControlSet\Services\bd0002]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\bd0001]
"DeleteFlag"

The process BaiduSdSvc.exe:1600 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Services\bd0003]
"Group" = "FSFilter Anti-Virus"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Description" = "BDArKit"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"DisplayName" = "BDMWrench"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Type" = "1"
"Group" = "bddriver"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"ImagePath" = "system32\DRIVERS\BDArKit.sys"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"ImagePath" = "system32\DRIVERS\BDMWrench.sys"

[HKLM\System\CurrentControlSet\Services\bd0003]
"ErrorControl" = "1"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"Description" = "BDMWrench"

[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bddriver" = "02 00 00 00 01 00 00 00 02 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\System\CurrentControlSet\Services\bd0003]
"ImagePath" = "system32\DRIVERS\bd0003.sys"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Description" = "Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¥Å Å¸Ã¨Æ’Â½Ã§Â»â€žÃ¤Â»Â¶"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"Tag" = "5"

[HKLM\System\CurrentControlSet\Services\bd0003\Instances]
"DefaultInstance" = "bd0003 Instance"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"Type" = "1"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Type" = "2"

[HKLM\System\CurrentControlSet\Services\BDKVRTP]
"ImagePath" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdSvc.exe -r"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"Group" = "bddriver"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Tag" = "3"

[HKLM\System\CurrentControlSet\Services\bd0003\Instances\bd0003 Instance]
"Altitude" = "326912"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"DisplayName" = "BDArKit"
"Tag" = "4"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A1 CA 4C F6 13 EC ED 83 E0 E0 C0 92 67 7A 3D 54"

[HKLM\System\CurrentControlSet\Services\bd0002]
"InstallDir_sd" = "%Program Files%\BaiduSd2.1\2.1.0.2625"

[HKLM\System\CurrentControlSet\Services\bd0003]
"DependOnService" = "FltMgr"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"ErrorControl" = "0"

[HKLM\System\CurrentControlSet\Services\bd0003\Instances\bd0003 Instance]
"Flags" = "0"

[HKLM\System\CurrentControlSet\Services\bd0003]
"DisplayName" = "bd0003"

[HKLM\System\CurrentControlSet\Services\BDKVRTP]
"Group" = "COM Infrastructure"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"ErrorControl" = "0"

The following service will be launched automatically at system boot up:

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Start" = "2"

To automatically run itself each time Windows is booted, the Malware adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"baidusdTray" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdTray.exe -stmd=3"

"baidusdTray" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdTray.exe -stmd=3"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\bd0003]
"Start" = "1"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"Start" = "1"

The Malware deletes the following value(s) in system registry:

[HKLM\System\CurrentControlSet\Services\bd0003]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"DeleteFlag"

The process BaiduSdSvc.exe:1112 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "95 79 49 DF 19 C9 E2 D5 AD 40 65 4B 4C E9 4B 8D"

The process BDSGBugRpt.exe:1112 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DE 13 25 6A 95 8C 26 3D 70 ED 3F C9 FF 06 4D 35"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\LocalService\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\LocalService\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files"

The process BaiduProtect.exe:2980 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "73 CA 29 09 6D DA 60 35 DB C6 85 47 4B 35 36 56"

[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bddriver" = "02 00 00 00 01 00 00 00 02 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files"
"Cookies" = "%Documents and Settings%\LocalService\Cookies"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = ""

[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486]
"BDSGBugRpt.exe" = "Ã¥Â¼â€šÃ¥Â¸Â¸Ã¦Å Â¥Ã¥â€˜Å Ã§Â¨â€¹Ã¥ÂºÂ"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = ""

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"

The Malware modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Malware modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Malware modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The process RegSvr32.exe:452 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCR\AppID\ieCommonPlugin.DLL]
"AppID" = "{6B4447CA-C33E-4E65-914D-C7B346D73F80}"

[HKCR\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\InprocServer32]
"(Default)" = "%Program Files%\BaiduSd2.1\2.1.0.2625\explugin\ieBaiduSDDetectPlug.dll"

[HKCR\Interface\{C7777CD6-0F43-49E4-B988-F62E3BA5130A}\TypeLib]
"Version" = "1.0"
"(Default)" = "{9A93865B-4314-47AE-8C4A-850748CCC6BF}"

[HKCR\Interface\{C7777CD6-0F43-49E4-B988-F62E3BA5130A}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\VersionIndependentProgID]
"(Default)" = "ieCommonPlugin.Implement"

[HKCR\TypeLib\{9A93865B-4314-47AE-8C4A-850748CCC6BF}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\ieCommonPlugin.Implement]
"(Default)" = "Implement Class"

[HKCR\TypeLib\{9A93865B-4314-47AE-8C4A-850748CCC6BF}\1.0\HELPDIR]
"(Default)" = ""

[HKCR\ieCommonPlugin.Implement\CurVer]
"(Default)" = "ieCommonPlugin.Implement.1"

[HKCR\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\ProgID]
"(Default)" = "ieCommonPlugin.Implement.1"

[HKCR\ieCommonPlugin.Implement\CLSID]
"(Default)" = "{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}"

[HKCR\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}]
"(Default)" = "Implement Class"

[HKCR\Interface\{C7777CD6-0F43-49E4-B988-F62E3BA5130A}]
"(Default)" = "IImplement"

[HKCR\AppID\{6B4447CA-C33E-4E65-914D-C7B346D73F80}]
"(Default)" = "ieCommonPlugin"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "ED 2F 12 B5 E1 44 D7 9E 57 A6 EA 57 B3 89 16 66"

[HKCR\TypeLib\{9A93865B-4314-47AE-8C4A-850748CCC6BF}\1.0\0\win32]
"(Default)" = "%Program Files%\BaiduSd2.1\2.1.0.2625\explugin\ieBaiduSDDetectPlug.dll"

[HKCR\ieCommonPlugin.Implement.1\CLSID]
"(Default)" = "{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}"

[HKCR\ieCommonPlugin.Implement.1]
"(Default)" = "Implement Class"

[HKCR\Interface\{C7777CD6-0F43-49E4-B988-F62E3BA5130A}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\TypeLib]
"(Default)" = "{9A93865B-4314-47AE-8C4A-850748CCC6BF}"

[HKCR\TypeLib\{9A93865B-4314-47AE-8C4A-850748CCC6BF}\1.0]
"(Default)" = "ieCommonPlugin 1.0 Type Library"

[HKCR\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\InprocServer32]
"ThreadingModel" = "Apartment"

The process RegSvr32.exe:1528 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "76 FD E1 D5 0D 00 48 B5 D8 B2 BA 9F 5C 16 0F 2C"

[HKCR\CLSID\{15DEE173-1BE9-4424-81E0-58A87076E9B1}\InprocServer32]
"ThreadingModel" = "Apartment"
"(Default)" = "%Program Files%\BaiduSd2.1\2.1.0.2625\websafe\WebMonBHO.dll"

[HKCR\CLSID\{15DEE173-1BE9-4424-81E0-58A87076E9B1}]
"(Default)" = "WebMonBHO"

It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15DEE173-1BE9-4424-81E0-58A87076E9B1}]
"(Default)" = "BDHOOK"

"NoExplorer" = "1"

The process RegSvr32.exe:1440 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCR\TypeLib\{45D1EEF3-7713-48FA-B7A5-B77229C7D330}\1.0]
"(Default)" = "BDShellExt 1.0 Type Library"

[HKCR\BDShellExt.BDShellExtMenu\CurVer]
"(Default)" = "BDShellExt.BDShellExtMenu.1"

[HKCR\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\NumMethods]
"(Default)" = "3"

[HKCR\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}]
"(Default)" = "IBDShellExtMenu"

[HKCR\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{45D1EEF3-7713-48FA-B7A5-B77229C7D330}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\InProcServer32]
"(Default)" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BDShellExt.dll"

[HKCR\BDShellExt.BDShellExtMenu.1]
"(Default)" = "BDShellExtMenu Class"

[HKCR\BDShellExt.BDShellExtMenu]
"(Default)" = "BDShellExtMenu Class"

[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}\InprocServer32]
"(Default)" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BDShellExt.dll"

[HKCR\BDShellExt.BDShellExtMenu.1\CLSID]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"

[HKCR\lnkfile\shellex\ContextMenuHandlers\BDShellExt]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"

[HKCR\AppID\BDShellExt.DLL]
"AppID" = "{FBE0E29B-01DB-4876-B147-46F5AABA6823}"

[HKCR\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00890530-6A9F-4be2-B1BB-73F01E2BB986}" = "BDShellExtMenu Class"

[HKCR\BDShellExt.BDShellExtMenu\CLSID]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"

[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}\TypeLib]
"(Default)" = "{45D1EEF3-7713-48fa-B7A5-B77229C7D330}"

[HKCR\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\TypeLib]
"(Default)" = "{45D1EEF3-7713-48FA-B7A5-B77229C7D330}"

[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}\VersionIndependentProgID]
"(Default)" = "BDShellExt.BDShellExtMenu"

[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}\ProgID]
"(Default)" = "BDShellExt.BDShellExtMenu.1"

[HKCR\AllFilesystemObjects\shellex\ContextMenuHandlers\BDShellExt]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"

[HKCR\CLSID\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}]
"(Default)" = "PSFactoryBuffer"

[HKCR\AppID\{FBE0E29B-01DB-4876-B147-46F5AABA6823}]
"(Default)" = "BDShellExt"

[HKCR\TypeLib\{45D1EEF3-7713-48FA-B7A5-B77229C7D330}\1.0\0\win32]
"(Default)" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BDShellExt.dll"

[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}]
"AppID" = "{FBE0E29B-01DB-4876-B147-46F5AABA6823}"

[HKCR\CLSID\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\InProcServer32]
"ThreadingModel" = "Both"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DA C4 FE 4E AF 25 BA 19 18 DB 8A 95 B3 54 97 D6"

[HKCR\Folder\shellex\ContextMenuHandlers\BDShellExt]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"

[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}]
"(Default)" = "BDShellExtMenu Class"

[HKCR\TypeLib\{45D1EEF3-7713-48FA-B7A5-B77229C7D330}\1.0\HELPDIR]
"(Default)" = ""

[HKCR\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}\InprocServer32]
"ThreadingModel" = "Apartment"

The process %original file name%.exe:632 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin\MimeTypes\application/np-BaiduSDDetect]
"Description" = "BaidusdDetectNPPlugin"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"InstallDate" = "2014-9-24"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™]
"UninstallString" = "%Program Files%\BaiduSd2.1\2.1.0.2625\uninst.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"Version" = "2.1.0.2625"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™]
"DisplayVersion" = "2.1.0.2625"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\iexplore\AllowedDomains\*]
"(Default)" = ""

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Common Files\Baidu\BDDownload\108]
"bddownloader.exe" = "Ã§â„¢Â¾Ã¥ÂºÂ¦Ã©Â«ËœÃ©â‚¬Å¸Ã¤Â¸â€¹Ã¨Â½Â½Ã¥Â¼â€¢Ã¦â€œÅ½"

[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"vendor" = "Beijing baidu Netcom science and technology co.ltd"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Description" = "Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¥Å Å¸Ã¨Æ’Â½Ã§Â»â€žÃ¤Â»Â¶"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™]
"Publisher" = "Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥Å“Â¨Ã§ÂºÂ¿Ã§Â½â€˜Ã§Â»Å“Ã¦Å â‚¬Ã¦Å“Â¯Ã¯Â¼Ë†Ã¥Å’â€”Ã¤ÂºÂ¬Ã¯Â¼â€°Ã¦Å“â€°Ã©â„¢ÂÃ¥â€¦Â¬Ã¥ÂÂ¸"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Type" = "1"

[HKLM\System\CurrentControlSet\Services\bd0003\Instances]
"DefaultInstance" = "bd0003 Instance"

[HKLM\System\CurrentControlSet\Services\bd0003\Instances\bd0003 Instance]
"Altitude" = "326912"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Tag" = "4"

[HKLM\System\CurrentControlSet\Services\bd0004]
"ErrorControl" = "0"

[HKLM\SOFTWARE\Baidu\BaiduProtect]
"Version" = "1.3.0.486"
"INSTLANG" = "2052"

[HKLM\System\CurrentControlSet\Services\bd0004]
"Tag" = "2"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"ErrorControl" = "0"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Group" = "FSFilter Anti-Virus"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640.bak, , \??\%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch.bak, , \??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\ypvsy\BaiduProtect\7z.dll,"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Description" = "BDArKit"

[HKCR\metnsd\clsid]
"SequenceID" = "E3 BD 82 45 CB D4 B3 41 99 5C F7 DB 45 A3 8D 69"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Baidu\BaiduProtect]
"InstallDir" = "%Program Files%\Common Files\Baidu\BaiduProtect1.3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"InstallDir" = "%Program Files%\BaiduSd2.1"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "54 A0 E1 63 F3 06 3C BF 4A 9B 9B 21 6B 2E 65 82"

[HKLM\System\CurrentControlSet\Services\bd0001]
"DisplayName" = "bd0001"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\bd0003]
"DependOnService" = "FltMgr"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\BaiduSd2.1\2.1.0.2625]
"BaiduSdSvc.exe" = "Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¦Å“ÂÃ¥Å Â¡Ã§Â¨â€¹Ã¥ÂºÂ"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Group" = "bddriver"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\System\CurrentControlSet\Services\bd0004]
"Description" = "bd0004"

[HKLM\SOFTWARE\Baidu\BaiduProtect]
"SupplyID" = "10000201"
"RtpFlag" = "273"

[HKLM\System\CurrentControlSet\Services\bd0003]
"ImagePath" = "system32\DRIVERS\bd0003.sys"

[HKLM\System\CurrentControlSet\Services\bd0004]
"ImagePath" = "system32\DRIVERS\bd0004.sys"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Tag" = "1"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"ImagePath" = "system32\DRIVERS\BDArKit.sys"

[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bddriver" = "02 00 00 00 01 00 00 00 02 00 00 00"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\BaiduSd2.1\2.1.0.2625]
"BaiduSd.exe" = "Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¤Â¸Â»Ã§Â¨â€¹Ã¥ÂºÂ"

[HKLM\System\CurrentControlSet\Services\bd0004]
"DisplayName" = "bd0004"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Type" = "2"

[HKLM\System\CurrentControlSet\Services\bd0004]
"Type" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\System\CurrentControlSet\Services\bd0001]
"ImagePath" = "system32\DRIVERS\bd0001.sys"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™]
"DisplayIcon" = "%Program Files%\BaiduSd2.1\2.1.0.2625\app.ico"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Tag" = "3"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Type" = "1"

[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"Path" = "%Program Files%\BaiduSd2.1\2.1.0.2625\explugin\npBaiduSDDetectPlug.dll"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"msiexec.exe" = "WindowsÃ‚Â® installer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™]
"DisplayName" = "Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™2.1"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"VirusTime" = "2013.11.28 0110"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\bd0001]
"ErrorControl" = "0"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\BaiduSd2.1\2.1.0.2625]
"BDKVWsc.exe" = "Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¥Â®â€°Ã¥â€¦Â¨Ã¤Â¸ÂÃ¥Â¿Æ’Ã¦Å½Â¥Ã¥ÂÂ£"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine]
"BaiduHips.exe" = "Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥Â®â€°Ã¥â€¦Â¨Ã§Â¨â€¹Ã¥ÂºÂ"

[HKLM\System\CurrentControlSet\Services\bd0003]
"ErrorControl" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"INSTLANG" = "2052"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Baidu\BaiduProtect]
"InstallDate" = "2014-9-24"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Services\bd0004]
"Group" = "bddriver"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"regsvr32.exe" = "Microsoft(C) Register Server"

[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"ProductName" = "BaiduSd"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\System\CurrentControlSet\Services\bd0004]
"InstallDir_sd" = "%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"DisplayName" = "BDArKit"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"Description" = "Baidusd detect NPAPI plugin"

[HKLM\System\CurrentControlSet\Control\ServiceGroupOrder]
"List" = "System Reserved, Boot Bus Extender, System Bus Extender, SCSI miniport, Port, Primary Disk, SCSI Class, SCSI CDROM Class, FSFilter Infrastructure, FSFilter System, FSFilter Bottom, FSFilter Copy Protection, FSFilter Security Enhancer, FSFilter Open File, FSFilter Physical Quota Management, FSFilter Encryption, FSFilter Compression, FSFilter HSM, FSFilter Cluster File System, FSFilter System Recovery, FSFilter Quota Management, FSFilter Content Screener, FSFilter Continuous Backup, FSFilter Replication, bddriver, FSFilter Anti-Virus, FSFilter Undelete, FSFilter Activity Monitor, FSFilter Top, Filter, Boot File System, Base, Pointer Port, Keyboard Port, Pointer Class, Keyboard Class, Video Init, Video, Video Save, File System, Event Log, Streams Drivers, NDIS Wrapper, COM Infrastructure, UIGroup, LocalValidation, PlugPlay, PNP_TDI, NDIS, TDI, NetBIOSGroup, ShellSvcGroup, SchedulerGroup, SpoolerGroup, AudioGroup, SmartCardGroup, NetworkProvider, RemoteValidation, NetDDEGroup, Parallel arbitrator, Extended Base, PCI Configuration, MS Transactions"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Description" = "bd0001"
"Group" = "bddriver"

[HKLM\System\CurrentControlSet\Services\bd0003\Instances\bd0003 Instance]
"Flags" = "0"

[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"Version" = "1.0.0.1"

[HKLM\System\CurrentControlSet\Services\bd0003]
"DisplayName" = "bd0003"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"SupplyID" = "11111"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Common Files\Baidu\BDDownload\108]
"bddownloader.exe" = "%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã©Â«ËœÃ©â‚¬Å¸Ã¤Â¸â€¹Ã¨Â½Â½Ã¥â„¢Â¨"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\bd0001]
"Start" = "1"

The Malware modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\bd0003]
"Start" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:]
"%original file name%.exe" = "C:\%original file name%.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¥Å“Â¨Ã§ÂºÂ¿Ã¥Â®â€°Ã¨Â£â€¦Ã§Â¨â€¹Ã¥ÂºÂ"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\BaiduSd2.1\2.1.0.2625]
"BaiduSdBugRpt.exe" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdBugRpt.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™BUGÃ¤Â¸Å Ã¦Å Â¥Ã§Â¨â€¹Ã¥ÂºÂ"

The Malware adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp]
"slbynsdh.dll" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\slbynsdh.dll:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¥Â®â€°Ã¨Â£â€¦Ã§Â¨â€¹Ã¥ÂºÂ"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\BaiduSd2.1\2.1.0.2625]
"BaiduSdSvc.exe" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdSvc.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¦Å“ÂÃ¥Å Â¡Ã§Â¨â€¹Ã¥ÂºÂ"

"BaiduSdTray.exe" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdTray.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¦â€°ËœÃ§â€ºËœÃ§Â¨â€¹Ã¥ÂºÂ"

"BaiduSdUpdate.exe" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdUpdate.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¦â€ºÂ´Ã¦â€“Â°Ã§Â¨â€¹Ã¥ÂºÂ"

"BaiduSdUProxy64.exe" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdUProxy64.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¤Â»Â£Ã§Ââ€ Ã§Â¨â€¹Ã¥ÂºÂ"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\bd0004]
"Start" = "1"

The Malware adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\BaiduSd2.1\2.1.0.2625]
"BaiduSdSvc.exe" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdSvc.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¦Å“ÂÃ¥Å Â¡Ã§Â¨â€¹Ã¥ÂºÂ"

The following service will be launched automatically at system boot up:

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Start" = "2"

The Malware adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Common Files\Baidu\BDDownload\108]
"bddownloader.exe" = "%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã©Â«ËœÃ©â‚¬Å¸Ã¤Â¸â€¹Ã¨Â½Â½Ã¥â„¢Â¨"

The Malware modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Malware adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\C:]
"%original file name%.exe" = "C:\%original file name%.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¥Å“Â¨Ã§ÂºÂ¿Ã¥Â®â€°Ã¨Â£â€¦Ã§Â¨â€¹Ã¥ÂºÂ"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp]
"slbynsdh.dll" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\slbynsdh.dll:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¥Â®â€°Ã¨Â£â€¦Ã§Â¨â€¹Ã¥ÂºÂ"

The Malware modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Malware adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\BaiduSd2.1\2.1.0.2625]
"BaiduSdUpdate.exe" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdUpdate.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¦â€ºÂ´Ã¦â€“Â°Ã§Â¨â€¹Ã¥ÂºÂ"

"BaiduSdUProxy64.exe" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdUProxy64.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¤Â»Â£Ã§Ââ€ Ã§Â¨â€¹Ã¥ÂºÂ"

"BaiduSdBugRpt.exe" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdBugRpt.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™BUGÃ¤Â¸Å Ã¦Å Â¥Ã§Â¨â€¹Ã¥ÂºÂ"

"BaiduSdTray.exe" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdTray.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¦â€°ËœÃ§â€ºËœÃ§Â¨â€¹Ã¥ÂºÂ"

The Malware deletes the following value(s) in system registry:

[HKLM\System\CurrentControlSet\Services\bd0004]
"DeleteFlag"

[HKLM\SOFTWARE\Baidu\BaiduProtect]
"RtpFlag"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp]
"slbynsdh.dll"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp]
"slbynsdh.dll"

[HKLM\System\CurrentControlSet\Services\bd0001]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\bd0003]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:]
"%original file name%.exe"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\C:]
"%original file name%.exe"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"DeleteFlag"

The process netsh.exe:2588 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"BitNames" = " NAP_TRACE_BASE NAP_TRACE_NETSH"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"Guid" = "710adbf0-ce88-40b4-a50d-231ada6593f0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"Guid" = "b0278a28-76f1-4e15-b1df-14b209a12613"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7B 49 22 9C 4B 73 3E EB BF 5C 1B 7C 55 9B 58 9B"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

The Malware adds process executable file it works in to the list of trusted Windows Firewall applications:

Adds a rule to the firewall Windows which allows any network activity:

The Malware deletes the following value(s) in system registry:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Common Files\Baidu\BDDownload\108]
"bddownloader.exe"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Common Files\Baidu\BDDownload\108]
"bddownloader.exe"

The process BDKVWsc.exe:2680 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "45 01 C2 47 60 C1 40 41 12 19 5D 58 3C AF 6E AD"

The process BDKVWsc.exe:1980 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "ED E9 69 5B BA C9 0E DE 2B 47 84 54 9E 52 D4 3B"

The process mscorsvw.exe:172 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\State]
"AccumulatedWaitIdleTime" = "1260000"

The process bddownloader.exe:2172 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\0\win32]
"(Default)" = "%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe"

[HKCR\BDDownloadProxy.Downloader\CLSID]
"(Default)" = "{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\TypeLib]
"(Default)" = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\LocalServer32]
"(Default)" = "%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\BDDownloadProxy.Downloader.1]
"(Default)" = "Downloader Class"

[HKCR\BDDownloadProxy.Downloader.1\CLSID]
"(Default)" = "{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}"

[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\BDDownloadProxy.Downloader]
"(Default)" = "Downloader Class"

[HKCR\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}]
"(Default)" = "DownloadProxy"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}]
"(Default)" = "Downloader Class"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\ProgID]
"(Default)" = "BDDownloadProxy.Downloader.1"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"netsh.exe" = "Network Command Shell"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\TypeLib]
"(Default)" = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"

[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\TypeLib]
"Version" = "1.0"

[HKCR\AppID\DownloadProxy.EXE]
"AppID" = "{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}"

[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\HELPDIR]
"(Default)" = ""

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D3 E5 C1 EF D3 F0 81 A0 E4 1A 89 38 42 27 5D 7A"

[HKCR\BDDownloadProxy.Downloader\CurVer]
"(Default)" = "BDDownloadProxy.Downloader.1"

[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\TypeLib]
"(Default)" = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"

[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}]
"(Default)" = "_IDownloaderEvents"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}]
"AppID" = "{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}"

[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0]
"(Default)" = "DownloadProxy 1.0 Type Library"

[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\VersionIndependentProgID]
"(Default)" = "BDDownloadProxy.Downloader"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}]
"(Default)" = "IDownloader"

The Malware modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Malware modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Malware modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process bddownloader.exe:2932 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "10 FC 0A E4 8C FB F6 D6 CC CB 60 1C E5 B5 83 50"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\LocalService\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

The process MsiExec.exe:1760 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F7 EF 6F 82 4A 5F E2 72 27 F7 49 AD E8 A1 CD 33"

The process MsiExec.exe:948 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2F 66 26 61 9F 42 A5 DB 51 54 65 19 A1 5C 61 E2"

Dropped PE files

MD5	File path
05ca3b250b1108f1f64c2771cf25a9b6	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsiB6.tmp\BDLogicUtils.dll
b62367fe2d02b8f47914b088a006d50c	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsiB6.tmp\BDMDownload.dll
06597a9f16b163c97b8f95d457bce8b2	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsiB6.tmp\BDMNet.dll
12f98be1d919784370eb0f87e78b60d8	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsiB6.tmp\BDMNetGetInfo.dll
30cbc602ada7cdfb0346038c05996d84	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsiB6.tmp\BDMReport.dll
39257175ac9c90199c69aea1a7bcbda0	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsiB6.tmp\BDMSkin.dll
1c951bbcbc780046d6be1079a04870a4	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsiB6.tmp\System.dll
763b532d651f0ad5e135d9b57bf4fba4	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsiB6.tmp\dl.dll
ebfe7c9594e300bb0c16e7bb99a7e66d	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsiB6.tmp\hu.dll
1eda7fb9be218d03f4f280d076c308b1	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsiB6.tmp\slbynsdh.dll
4c3b7cab2c258724ed198a7fdfce524b	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsiB6.tmp\tmpx9occh.dll
484e797cb0d7091f3d7b756c55b9ad75	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\7z.dll
df636a0b62a7b2627fc9b2d350b4bc97	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\BDKitUtils.dll
22e50e5996418ee28c045e03e8317c1e	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\BDLogicUtils.dll
cab11c2c6400a84ed2b44d49a17f566d	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\BDMDownload.dll
0c7731a8c922383486d692c4ba8d605d	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\BDMNet.dll
a9980d90e8f335fead9f6c56e5dd2fa0	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\BDMReport.dll
b17e9ce6a38e30ea726d329d4ecf7be8	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\BDSGBugRpt.exe
72ecf429b94ef8c8b707785918c4d0f0	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\BaiduProtect.exe
e4c14afa9238cfce3f340ecfb6507cde	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\DriverManager.dll
ccb0c6b32e52970c2fa951eef3fe7241	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\SafeBrowserDll.dll
442a27b8c9b736bd5edc19a45d935855	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\SafeBrowserHelper.dll
ad299e12f03562d712fb5e7e3b27148e	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\SafeExplorer.dll
87157a389c35166ea44b445d67627504	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\SafeExplorer_x64.dll
8a6f76a77cfaefc99103eb72667e1ed3	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\ad.dll
0e44262751095514f0901ef58371dd31	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\bdsg0001.dll
6cb0b19da38d75f7f014d333fcb750d5	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\bdsg0002.dll
be591266430719de0c05383841c2913c	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\uninst.exe
bd41d5bb8e1a290fc17cb963522c0099	c:\Program Files\BaiduSd2.1\2.1.0.2625\BAV\BavCommon.dll
1b8c4af1ac0cee8301b10e5aa15751e7	c:\Program Files\BaiduSd2.1\2.1.0.2625\BAV\BavEngine.dll
f01e5681328e98ea61465eb3d894078e	c:\Program Files\BaiduSd2.1\2.1.0.2625\BAV\BavFrame.dll
2794ecd5040fcd59772d215c10f56470	c:\Program Files\BaiduSd2.1\2.1.0.2625\BAV\BavScanH.dll
fd875b7677013cb59776fb1633c061bc	c:\Program Files\BaiduSd2.1\2.1.0.2625\BAV\BavScanM.dll
0f893b451ce2e3dcc6fb17eb6ddf7e43	c:\Program Files\BaiduSd2.1\2.1.0.2625\BAV\BavScanS.dll
6075d26c90a855f6a852f435d8e695eb	c:\Program Files\BaiduSd2.1\2.1.0.2625\BAV\BavScanV.dll
9d135e78639be2012fa5ffe96f05d67e	c:\Program Files\BaiduSd2.1\2.1.0.2625\BDConfig.dll
c837509362fbb54537dc5f055862abcf	c:\Program Files\BaiduSd2.1\2.1.0.2625\BDCooly.dll
5093b3af46ddf04c9d37f39a8c3de19e	c:\Program Files\BaiduSd2.1\2.1.0.2625\BDKVDeskBand.dll
e7089f56cb4a01681fd26240c7073e97	c:\Program Files\BaiduSd2.1\2.1.0.2625\BDKVDeskBand64.dll
7169568c9d40e606231eda197db86d9f	c:\Program Files\BaiduSd2.1\2.1.0.2625\BDKVDownloadProtect.dll
79e8dc5bff7304f2e749bd7a3ede966e	c:\Program Files\BaiduSd2.1\2.1.0.2625\BDKVDownloadProtect_x64.dll
ea9a4f53bc2cbc6d96b57bc7dbd5d010	c:\Program Files\BaiduSd2.1\2.1.0.2625\BDKVMainFrame.dll
e5f00370504ac92ea324a7e228a864bc	c:\Program Files\BaiduSd2.1\2.1.0.2625\BDKVWsc.exe
e224f2c705db1d5dc2a6833987471b3d	c:\Program Files\BaiduSd2.1\2.1.0.2625\BDLogicUtils.dll
475f62e609de1bb0a6b80a1cd6497457	c:\Program Files\BaiduSd2.1\2.1.0.2625\BDMAVE.dll
7256ca0513070efb47ed80ecd4429059	c:\Program Files\BaiduSd2.1\2.1.0.2625\BDMDbSqlite.dll
418d49b8e0300e76fe06f4eda9a9d2b5	c:\Program Files\BaiduSd2.1\2.1.0.2625\BDMDownload.dll
68e4ebe183d32eff69d83aca52fdb335	c:\Program Files\BaiduSd2.1\2.1.0.2625\BDMEvents.dll
f8cebb784bc08068b98bbcc445476bb5	c:\Program Files\BaiduSd2.1\2.1.0.2625\BDMFrameWork.dll
eb723541a974391eb23da02ac217e18f	c:\Program Files\BaiduSd2.1\2.1.0.2625\BDMNet.dll
12f98be1d919784370eb0f87e78b60d8	c:\Program Files\BaiduSd2.1\2.1.0.2625\BDMNetGetInfo.dll
03cd546574a5d78612a4a730a726dfe2	c:\Program Files\BaiduSd2.1\2.1.0.2625\BDMPatchAgent.dll
9c2df6f04bd07f42274f79f45d132065	c:\Program Files\BaiduSd2.1\2.1.0.2625\BDMReport.dll
510d71d11fcd1a92ef5470b09cbd5ca6	c:\Program Files\BaiduSd2.1\2.1.0.2625\BDMSDWrench.dll
429f82b1713a659b84043a5e14b3f0eb	c:\Program Files\BaiduSd2.1\2.1.0.2625\BDMScriptVM.dll
b8e15a6d8b5208a0d0dee8b93dbf2160	c:\Program Files\BaiduSd2.1\2.1.0.2625\BDMSkin.dll
fbcf33e8388bcadd5a98186cb1a954a5	c:\Program Files\BaiduSd2.1\2.1.0.2625\BDMUpdate.dll
4e455aad51b3a5f5e57974b0794c7ab0	c:\Program Files\BaiduSd2.1\2.1.0.2625\BDMWindowsLib.dll
0b9483044c40d82ea2b3b501d6784115	c:\Program Files\BaiduSd2.1\2.1.0.2625\BDPerflog.dll
e5ac01857ca5b9239398b9412c5f2183	c:\Program Files\BaiduSd2.1\2.1.0.2625\BDShellExt.dll
a502f71a2ab45b8f321d88697532208e	c:\Program Files\BaiduSd2.1\2.1.0.2625\BDShellExt64.dll
944e147a57125dfd794a196a9e902d77	c:\Program Files\BaiduSd2.1\2.1.0.2625\BP.dll
6bf6776c3f619858098edb4793f5d48f	c:\Program Files\BaiduSd2.1\2.1.0.2625\BaiduSd.exe
3de4ef51eb03f914a05cae3817110989	c:\Program Files\BaiduSd2.1\2.1.0.2625\BaiduSdBugRpt.exe
6a9766f5b15ce63bca734cf0da6b9c09	c:\Program Files\BaiduSd2.1\2.1.0.2625\BaiduSdRepair.exe
053ffc062010ce2f02531750daadfebb	c:\Program Files\BaiduSd2.1\2.1.0.2625\BaiduSdSvc.exe
92dfb1874e8e19101bfe69443d39baa8	c:\Program Files\BaiduSd2.1\2.1.0.2625\BaiduSdTray.exe
dc8314e0e9719013ea5ce12fad2fc5fd	c:\Program Files\BaiduSd2.1\2.1.0.2625\BaiduSdUProxy64.exe
bcec2665c4523a25ce29742b5db7d460	c:\Program Files\BaiduSd2.1\2.1.0.2625\BaiduSdUpdate.exe
6af4d5b392aaaa910d1f41255c89b9d6	c:\Program Files\BaiduSd2.1\2.1.0.2625\Budv.dll
23e5fbdc96d55dfb9a26e36081a5569f	c:\Program Files\BaiduSd2.1\2.1.0.2625\DesktopToast.exe
7bc6dc9fe5852949dd9355636a088589	c:\Program Files\BaiduSd2.1\2.1.0.2625\DriverManager.dll
0000822e5a61823fe43ebcda9616f3aa	c:\Program Files\BaiduSd2.1\2.1.0.2625\GCCallbackBind.dll
566b845b5b0aaf08ba99ecb3d133662d	c:\Program Files\BaiduSd2.1\2.1.0.2625\GCCommunicate.dll
0b695fd68c2f0dede1088d6464b13896	c:\Program Files\BaiduSd2.1\2.1.0.2625\GCScriptBind.dll
04c06fb11fc4d19312e354d473144eda	c:\Program Files\BaiduSd2.1\2.1.0.2625\KVFixerConfigMgr.dll
b1f17f8bad22aba168933291d264d8b0	c:\Program Files\BaiduSd2.1\2.1.0.2625\ad.dll
df636a0b62a7b2627fc9b2d350b4bc97	c:\Program Files\BaiduSd2.1\2.1.0.2625\bdmantivirus\BDKitUtils.dll
39c2b62ba4ed8d8a7d5f58d12dcff408	c:\Program Files\BaiduSd2.1\2.1.0.2625\bdmantivirus\BDMAVCached.dll
f524a12edabbc9896597e62e9ed2ba52	c:\Program Files\BaiduSd2.1\2.1.0.2625\bdmantivirus\BDMAVEng.dll
ccbfec786fce5ea2a3a666a92e6ec36e	c:\Program Files\BaiduSd2.1\2.1.0.2625\bdmantivirus\BDMPerfMon.dll
bb65a15f2d1c62d2f2a46b4de32911c0	c:\Program Files\BaiduSd2.1\2.1.0.2625\bdmantivirus\BDMRepBase.dll
7228c306b9cb258307dd3239cc32c9b3	c:\Program Files\BaiduSd2.1\2.1.0.2625\bdmantivirus\BDMRepMgr.dll
ec0fbb8317ab055f1c98380a746fabd2	c:\Program Files\BaiduSd2.1\2.1.0.2625\bdmantivirus\BDUDiskGuard.dll
cd798bf3c37deeafa4427304e3a07ad7	c:\Program Files\BaiduSd2.1\2.1.0.2625\bdmantivirus\CompatibilityChecker.dll
c28d1dfe8c0c89b9e9fe031929b4f263	c:\Program Files\BaiduSd2.1\2.1.0.2625\bdmantivirus\KavUpdate.dll
ef82355ec6c9c40dbdff8c02b3ce2721	c:\Program Files\BaiduSd2.1\2.1.0.2625\bdmantivirus\TrustAndIso.dll
4a38e8467179b9e015956fdabf160ed6	c:\Program Files\BaiduSd2.1\2.1.0.2625\bdmantivirus\bduf.dll
015714268c9e13eb93d6ada5021959c0	c:\Program Files\BaiduSd2.1\2.1.0.2625\bdmsysrepair\BDMSRCore.dll
7a216b041703797b6d000bd870b16349	c:\Program Files\BaiduSd2.1\2.1.0.2625\bdmsysrepair\BDMSREng.dll
2619bdb16bafaec8304fae07e459f321	c:\Program Files\BaiduSd2.1\2.1.0.2625\dl.dll
34e11d25672bdf576c0bf780ee757ec5	c:\Program Files\BaiduSd2.1\2.1.0.2625\drivers\BDArKit.sys
239e82ca6b4a17adc47b22aa68605114	c:\Program Files\BaiduSd2.1\2.1.0.2625\drivers\BDMWrench.sys
233c96e5369ef4b58ab606c2b150b65a	c:\Program Files\BaiduSd2.1\2.1.0.2625\drivers\bd0003.sys
d620be8483f68c0546d0c5143b02c3c6	c:\Program Files\BaiduSd2.1\2.1.0.2625\explugin\ieBaiduSDDetectPlug.dll
41e65f916c4cf270ea703e0468cc8ed3	c:\Program Files\BaiduSd2.1\2.1.0.2625\explugin\npBaiduSDDetectPlug.dll
e136ce722d87e651908d2f8f5595848c	c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDConfig.dll
c358cb50d5479eaa0280e9e975e7cdcf	c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDLogicUtils.dll
c2d7977ac9a4e37b12517329b49de788	c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDMAVCached.dll
935c5325cd0261ab15e767b37d33b2d0	c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDMAVEng.dll
f32ef9ec93cc70ddcb66bd435c01f39f	c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDMBase.dll
56bf2578c56b40e9453203a745d92655	c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDMDownload.dll
c9457528a89e074a56cee081dc640bde	c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDMFrameWork.dll
6875451bc343fd7aa8ec7f3b9557bb69	c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDMLog.dll
6429c5c9044cd456b2e0d465074c7765	c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDMMsg.dll
bdf1ca8b5dd0d5ab10003a453f11129c	c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDMNet.dll
345d3cec4cf4d36994b64ecb59ec4aaa	c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDMPatchAgent.dll
35cf305786664fdc2dd4923f5d219eab	c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDMReport.dll
fc7e6fa8257cc9d6dd902251fd69e2ff	c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDMStringUtils.dll
07550c9285702edaee590fa6c3ea5a03	c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDMTinyXml.dll
d543e6653f1c0bf7799978a6e15fb5f9	c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDMUpdate.dll
34709c4b09d9bf8168b18a20b8fd29f6	c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDPerflog.dll
789c9c53cb7756e51027f68c6021504f	c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BaiduHips.exe
45f038cb1ad73dc777852f3d9a8e874a	c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BaiduHipsBugRpt.exe
7000e9ad04a4b0e2c0bc8b9c614cd07b	c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BaiduHipsUpdate.exe
6ecc9432e370e56bca97d6a754d37dca	c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\DriverManager.dll
1f05025913e4633451d96e5bc082da4f	c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\TrustAndIso.dll
ae1a7564004beadae09bd097b8a38a38	c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\bd0001.dll
c97b746b8bc001a2ff3c6b72149d78b9	c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\bd0002.dll
94e2246531b2e5c3319da7ab79372d2f	c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\drivers\x64\bd0001.sys
d1895f7555fff550e20bbf92146e17cf	c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\drivers\x64\bd0002.sys
04116475cff6d3305a8233c8342ffa88	c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\drivers\x86\bd0001.sys
c39fa78d836fcc2c62d16bac891394f8	c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\drivers\x86\bd0002.sys
80e74f4acebe3fcf63215c49dd0e4015	c:\Program Files\BaiduSd2.1\2.1.0.2625\plugins\bdkv\BDKVVirusPlugins.dll
34c200b090d1cce20603cb802d0802b6	c:\Program Files\BaiduSd2.1\2.1.0.2625\plugins\bdkvrtpplugins\FileMon.dll
2cee9d49bca0c09936c7f9ee2bfa6a0b	c:\Program Files\BaiduSd2.1\2.1.0.2625\plugins\bdkvrtpplugins\HIPSClient.dll
a206c24181d4a1f27c06cd0e29d05028	c:\Program Files\BaiduSd2.1\2.1.0.2625\plugins\bdkvrtpplugins\PrivacyProtect.dll
07a4615d67805fa2c70529f8247abaa7	c:\Program Files\BaiduSd2.1\2.1.0.2625\plugins\bdkvtrayplugins\BDDownLoadProtectPlugin.dll
8cf046aec1b3e8774fe30ec71fe1297d	c:\Program Files\BaiduSd2.1\2.1.0.2625\plugins\bdkvtrayplugins\BDKVRmvDevPlugin.dll
ac132cd5ec22b1d2d1f99410f4c1b1a4	c:\Program Files\BaiduSd2.1\2.1.0.2625\plugins\bdkvtrayplugins\BDKVTrayTipsPlugin.dll
e929f3c74dd5838c4e3f3bbd28aa01e2	c:\Program Files\BaiduSd2.1\2.1.0.2625\plugins\bdkvtrayplugins\UserDetectionPlugin.dll
ea98336db5a7c2da6b313c807e53b07f	c:\Program Files\BaiduSd2.1\2.1.0.2625\plugins\repairplugins\baidusdRepair.dll
d7fae249db5ff018e90508996e5d9174	c:\Program Files\BaiduSd2.1\2.1.0.2625\uninst.exe
3d5e90a3c4eb46f66bda1931a9907006	c:\Program Files\BaiduSd2.1\2.1.0.2625\updlog.dll
e3408ea25c8e17a6b6f9910187958f5a	c:\Program Files\BaiduSd2.1\2.1.0.2625\websafe\DllInject.dll
1c478ffbaa60518d1d4ff20f978c94be	c:\Program Files\BaiduSd2.1\2.1.0.2625\websafe\WebMonBHO.dll
36f72e68688e83d6803123c60f0edb44	c:\Program Files\BaiduSd2.1\2.1.0.2625\websafe\WebMonHook.dll
27abe07e9ecbffb7f29e24226303fe3f	c:\Program Files\BaiduSd2.1\2.1.0.2625\websafe\WebSafe.dll
5e9f80b1049bba37a7b5514790d8f586	c:\Program Files\BaiduSd2.1\2.1.0.2625\websafe\WebSafePlugin.dll
123df1ab69a1d32b42a9d6c797ac5447	c:\Program Files\Common Files\Baidu\BDDownload\108\7z.dll
c7ac6fdc3f233399708cdf5edb4f7343	c:\Program Files\Common Files\Baidu\BDDownload\108\bdcomproxy.dll
2ecb6110aade861f16c9ca210f3ea005	c:\Program Files\Common Files\Baidu\BDDownload\108\bddownloader.exe
2619bdb16bafaec8304fae07e459f321	c:\Program Files\Common Files\Baidu\BDDownload\108\dl.dll
e136ce722d87e651908d2f8f5595848c	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDConfig.dll
c358cb50d5479eaa0280e9e975e7cdcf	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDLogicUtils.dll
c2d7977ac9a4e37b12517329b49de788	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDMAVCached.dll
935c5325cd0261ab15e767b37d33b2d0	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDMAVEng.dll
f32ef9ec93cc70ddcb66bd435c01f39f	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDMBase.dll
56bf2578c56b40e9453203a745d92655	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDMDownload.dll
c9457528a89e074a56cee081dc640bde	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDMFrameWork.dll
6875451bc343fd7aa8ec7f3b9557bb69	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDMLog.dll
6429c5c9044cd456b2e0d465074c7765	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDMMsg.dll
bdf1ca8b5dd0d5ab10003a453f11129c	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDMNet.dll
345d3cec4cf4d36994b64ecb59ec4aaa	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDMPatchAgent.dll
35cf305786664fdc2dd4923f5d219eab	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDMReport.dll
fc7e6fa8257cc9d6dd902251fd69e2ff	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDMStringUtils.dll
07550c9285702edaee590fa6c3ea5a03	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDMTinyXml.dll
d543e6653f1c0bf7799978a6e15fb5f9	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDMUpdate.dll
34709c4b09d9bf8168b18a20b8fd29f6	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDPerflog.dll
789c9c53cb7756e51027f68c6021504f	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BaiduHips.exe
45f038cb1ad73dc777852f3d9a8e874a	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BaiduHipsBugRpt.exe
7000e9ad04a4b0e2c0bc8b9c614cd07b	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BaiduHipsUpdate.exe
6ecc9432e370e56bca97d6a754d37dca	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\DriverManager.dll
1f05025913e4633451d96e5bc082da4f	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\TrustAndIso.dll
ae1a7564004beadae09bd097b8a38a38	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\bd0001.dll
c97b746b8bc001a2ff3c6b72149d78b9	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\bd0002.dll
04116475cff6d3305a8233c8342ffa88	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\bd0001.sys
c39fa78d836fcc2c62d16bac891394f8	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\bd0002.sys
85e228f2d13456e145dd756b4d7fc6e2	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduAn_HipsClient_2.1.dll
d5402c14fd9a98a47614f2e8fdfdfbca	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduAn_HipsClient_2.2.dll
947ccea3196c6d67babd6c4d5ca71d50	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduAn_HipsClient_2.3.dll
3f40b1504d7696ba7341f7ba465e3b56	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.5.dll
1c7a49db64849cdfaf0d9010661e6385	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.6.dll
9b664677838ed675f52337e910e0dc6c	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.7.dll
3b4ef9c679537e2632ffbdbb0186f1b0	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.8.dll
484e797cb0d7091f3d7b756c55b9ad75	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\7z.dll
df636a0b62a7b2627fc9b2d350b4bc97	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDKitUtils.dll
22e50e5996418ee28c045e03e8317c1e	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDLogicUtils.dll
cab11c2c6400a84ed2b44d49a17f566d	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDMDownload.dll
0c7731a8c922383486d692c4ba8d605d	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDMNet.dll
a9980d90e8f335fead9f6c56e5dd2fa0	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDMReport.dll
b17e9ce6a38e30ea726d329d4ecf7be8	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDSGBugRpt.exe
72ecf429b94ef8c8b707785918c4d0f0	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BaiduProtect.exe
e4c14afa9238cfce3f340ecfb6507cde	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\DriverManager.dll
3e9a33113d663d8bd5ed38858e669652	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.ATL\atl80.dll
75f2a9b695ef3ef22d731f059920f636	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.CRT\msvcm80.dll
8c53ccd787c381cd535d8dcca12584d8	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.CRT\msvcp80.dll
1169436ee42f860c7db37a4692b38f0e	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.CRT\msvcr80.dll
ccb0c6b32e52970c2fa951eef3fe7241	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\SafeBrowserDll.dll
442a27b8c9b736bd5edc19a45d935855	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\SafeBrowserHelper.dll
ad299e12f03562d712fb5e7e3b27148e	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\SafeExplorer.dll
87157a389c35166ea44b445d67627504	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\SafeExplorer_x64.dll
8a6f76a77cfaefc99103eb72667e1ed3	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\ad.dll
0e44262751095514f0901ef58371dd31	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\bdsg0001.dll
34e11d25672bdf576c0bf780ee757ec5	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\drivers\BDArKit.sys
2faa81c2a727604ff68d6b57fa7f352d	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\drivers\BDMWrench.sys
4d6f4a3243506c60a69e176d1ca150fa	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\drivers\BDSafeBrowser.sys
affec9e725e6cf9762c6bc2fd35c6ae4	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\drivers\bd0001.sys
30d5d35c0496cb8b8357fd8ff9d098fc	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\drivers\bd0004.sys
3e9a33113d663d8bd5ed38858e669652	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.ATL\atl80.dll
75f2a9b695ef3ef22d731f059920f636	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.CRT\msvcm80.dll
8c53ccd787c381cd535d8dcca12584d8	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.CRT\msvcp80.dll
1169436ee42f860c7db37a4692b38f0e	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.CRT\msvcr80.dll
a15ea9c8fe8a3b4b0706da8fb2e1a7b1	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\HIPS.dll
3e9a33113d663d8bd5ed38858e669652	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.ATL\atl80.dll
75f2a9b695ef3ef22d731f059920f636	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.CRT\msvcm80.dll
8c53ccd787c381cd535d8dcca12584d8	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.CRT\msvcp80.dll
1169436ee42f860c7db37a4692b38f0e	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.CRT\msvcr80.dll
0a786745000c626ae21e19b008f67457	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\baiduRepair.dll
be591266430719de0c05383841c2913c	c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\uninst.exe
3e9a33113d663d8bd5ed38858e669652	c:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
75f2a9b695ef3ef22d731f059920f636	c:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
8c53ccd787c381cd535d8dcca12584d8	c:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
1169436ee42f860c7db37a4692b38f0e	c:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
34e11d25672bdf576c0bf780ee757ec5	c:\WINDOWS\system32\drivers\BDArKit.sys
239e82ca6b4a17adc47b22aa68605114	c:\WINDOWS\system32\drivers\BDMWrench.sys
4d6f4a3243506c60a69e176d1ca150fa	c:\WINDOWS\system32\drivers\BDSafeBrowser.sys
04116475cff6d3305a8233c8342ffa88	c:\WINDOWS\system32\drivers\bd0001.sys
c39fa78d836fcc2c62d16bac891394f8	c:\WINDOWS\system32\drivers\bd0002.sys
233c96e5369ef4b58ab606c2b150b65a	c:\WINDOWS\system32\drivers\bd0003.sys
30d5d35c0496cb8b8357fd8ff9d098fc	c:\WINDOWS\system32\drivers\bd0004.sys

HOSTS file anomalies

No changes have been detected.

Rootkit activity

Using the driver "%System%\DRIVERS\bd0003.sys" the Malware controls creation and closing of processes by installing the process notifier.
Using the driver "%System%\DRIVERS\bd0001.sys" the Malware controls creation and closing of processes by installing the process notifier.
Using the driver "%System%\DRIVERS\bd0001.sys" the Malware controls creation and closing of threads by installing the thread notifier.
Using the driver "%System%\DRIVERS\bd0001.sys" the Malware controls loading executable images into a memory by installing the Load image notifier.
The Malware installs the following kernel-mode hooks:

ZwUnloadKey

Propagation

VersionInfo

Company Name:
Product Name:
Product Version: 1.0.334.548
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 1.0.334.548
File Description:
Comments:
Language: Chinese (Simplified, PRC)

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	28432	28672	4.50399	f569e353af0ed51bf4c216faa9bed4e7
.rdata	32768	10898	11264	3.04561	91eee43954e068e650f7b73a8b0e6915
.data	45056	425660	512	1.02085	db9f7acbf1c3ddfe255077b699955dfa
.ndata	471040	708608	0	0	d41d8cd98f00b204e9800998ecf8427e
.rsrc	1179648	22800	23040	2.38678	8bd0512dbc5ab778effa672da5af003c
.reloc	1204224	3978	4096	3.73676	c6e2afa2982abb7e027c0165ea782a0e

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://pxsw.n.shifen.com/
hxxp://baidubrs.dlmix.glb0.lxdns.com/client/dllv5/BDMReport.dll
hxxp://baidubrs.dlmix.glb0.lxdns.com/client/dllv5/BDMNet.dll
hxxp://sxsw.n.shifen.com/
hxxp://baidubrs.dlmix.glb0.lxdns.com/client1/common/install/31744421716/BDMZip.dll
hxxp://a26.d.akamai.net/msdownload/update/v3/static/trustedr/en/authrootseq.txt
hxxp://a26.d.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab
hxxp://e6845.ce.akamaiedge.net/pca3.crl
hxxp://e6845.ce.akamaiedge.net/pca3-g5.crl
hxxp://e6845.ce.akamaiedge.net/CSC3-2010.crl
hxxp://swsd.n.shifen.com/
hxxp://hy.n.shifen.com/
hxxp://baidubrs.dlmix.glb0.lxdns.com/client1/common/patch/24946961047/dnw.xml
hxxp://gsdr.n.shifen.com/
hxxp://dl1sw.baidu.com/client1/common/install/31744421716/BDMZip.dll	8.37.234.10
hxxp://s.x.baidu.com/	180.76.2.46
hxxp://dl1sw.baidu.com/client1/common/patch/24946961047/dnw.xml	8.37.234.10
hxxp://d.x.baidu.com/	123.125.115.130
hxxp://hb.sg.baidu.com/	123.125.70.59
hxxp://csc3-2010-crl.verisign.com/CSC3-2010.crl	23.9.117.163
hxxp://dr.sg.baidu.com/	123.125.70.59
hxxp://up.hy.baidu.com/	112.80.248.17
hxxp://crl.verisign.com/pca3.crl	23.9.117.163
hxxp://dl1sw.baidu.com/client/dllv5/BDMReport.dll	8.37.234.10
hxxp://p.x.baidu.com/	123.125.65.152
hxxp://crl.verisign.com/pca3-g5.crl	23.9.117.163
hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab	184.84.243.34
hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt	184.84.243.34
hxxp://upt.sg.baidu.com/	123.125.70.59
hxxp://dl1sw.baidu.com/client/dllv5/BDMNet.dll	8.37.234.10
jp.download.iyuntian.com	123.125.65.154
tk.download.iyuntian.com	123.125.69.209
rc.download.iyuntian.com	123.125.65.153
up.download.iyuntian.com	123.125.65.148
res.download.iyuntian.com	123.125.65.129
dtrp.download.iyuntian.com	123.125.65.150
utk.download.iyuntian.com	123.125.65.147
cfg.download.iyuntian.com	123.125.65.132

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected

Traffic

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 77

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...A........" 34774fbda3add406d6894c6154e2b3d7([email protected]` ......
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 133
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` ......HTTP/1.
1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream.
.Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 133..
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` ........

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 236

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...x..

...." 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.([email protected].` ...h..p......M.k...P...F.g..R{1f\.h.7..>O.O.5....F.s..8...s.j.....x.&........%/.QE..:=...!.........,F&...K.
..POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 228

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...x..

...." 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.([email protected].` ...`..(a.,\f

]...>..W..`[..K..S....DH.x.v..$z..ZM.../....&${)...=..9..bS'...
nNy.S.P8..:...W.'.../W..
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 196
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.
FS.~.B...c....B.;..v.........^.([email protected].` [email protected] .
........x.....J9.j.u..P..W{.....R3.................}...fHTTP/1.1 200 O
K..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-A
live: timeout=30..Connection: Keep-Alive..Content-Length: 196.....x...
....." 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B.
..c....B.;..v.........^.([email protected].` [email protected] ........
.x.....J9.j.u..P..W{.....R3.................}...fHTTP/1.1 200 OK..Serv
er: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: t
imeout=30..Connection: Keep-Alive..Content-Length: 196.....x........" 
34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....
B.;..v.........^.([email protected].` [email protected]. ..'.
.uw.b..C......T.,....7......#.lm.6....?!..HTTP/1.1 200 OK..Server: iYu
ntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=
30..Connection: Keep-Alive..Content-Length: 196.....x........" 34774fb
da3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.
........^.([email protected].` [email protected]. ..'..uw.b..
C......T.,....7......#.lm.6....?!....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 196

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.L.@[^..&p..2Yd:.\.kC....Z|%...8..E.,[email protected].` ...@. h...C}.K..!F........L......5.'..k=;$?.#V.~.......!.K...o.x....f.POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 188

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.L.@[^..&p..2Yd:.\.kC....Z|%...8..E.,[email protected].` ...8..BW...lH..?..f...M..O.P.r.{PFpg......,.".U..\ XXk...,...*POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 188

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.L.@[^..&p..2Yd:.\.kC....Z|%...8..E.,[email protected].` ...8.....u...F$.[.<.I15.. Y...9..z{7([email protected]~r*

..N.
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 148
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.0......G"7.
../,....:$.....^1Qa./z..>..."[email protected].` ..... .&.~.
I.....sL...HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: applica
tion/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Con
tent-Length: 148.....x........" 34774fbda3add406d6894c6154e2b3d7(.....
....28.0......G"7.../,....:$.....^1Qa./z..>..."[email protected]
.P.X.` ..... .&.~.I.....sL...HTTP/1.1 200 OK..Server: iYuntianSvr..Con
tent-Type: application/octet-stream..Keep-Alive: timeout=30..Connectio
n: Keep-Alive..Content-Length: 148.....x........" 34774fbda3add406d689
4c6154e2b3d7(.........28J..loRN.0EE..<Su&......n......A..)..#z...2.
m.....r.<6.`[email protected].` ...........'!~O.|...V.HTTP/1.1 200 OK..Ser
ver: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: 
timeout=30..Connection: Keep-Alive..Content-Length: 148.....x........"
 34774fbda3add406d6894c6154e2b3d7(.........28..n...!.YOz...T!.....jj..
.>.D.6.... =../I......d..."[email protected].` ..........yJ.5.?..jOR[font>....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 212

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.L.@[^..&p..2Yd:.\.kC....Z|%...8..E.,[email protected].` ...P. ..Kb....OA.#..#...w....E..s2=....m..3..K.....i..X...&............J.J .h..Y.U.j..
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 148

...x........" 34774fbda3add406d6894c6154e2b3d7(.........284...S....i..
[email protected].` ..... .b3...EE
..q....-....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 212

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.([email protected].` ...P.,nL.H..Z...^).p)[email protected];.t.H.8..k..~.=.2. ..7..r$.......n......
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 148
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.
FS.~.B...c....B.;..v.........^.([email protected].` .....,o...0...
.....0....

GET /client1/common/install/31744421716/BDMZip.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dl1sw.baidu.com

Range: bytes=5898240-

Referer: hXXp://dl1sw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.0 206 Partial Content

Expires: Fri, 24 Oct 2014 07:50:34 GMT

Date: Wed, 24 Sep 2014 07:50:34 GMT

Server: nginx

Content-Type: application/octet-stream

Last-Modified: Wed, 24 Sep 2014 07:40:21 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

Content-Range: bytes 5898240-18154311/18154312

Content-Length: 12256072

Age: 32616

Via: 1.0 sdbz30:88 (Cdn Cache Server V2.0), 1.0 shiben13:51020 (Cdn Cache Server V2.0)

Connection: close

Content-Disposition: attachment;filename="BDMZip.dll"

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
An/..tN..x..sW?...!.........~.sY...1...vOt.p...xJ[B..Y.8P..G.4.&.Z....
.....S.5.K.[[email protected].%[email protected]$.2..._..PC.0?...n.M
.%v.]N4..9.{`.d.m91.E.-._.c....QrX.......H..v.,..:.....j.Q.u.z..X.5wsN
ff.C.\..u...b..v0....s ....6....Q]....wCC.j.Gw..S]V..G.`g....$..J%.U%.
.][email protected]%..OZY.
...&..i~]..=.:m.....\...u...>.....3..m..2~..F..Y...$...0....B.*:Y.B
.vhwwq.!OW%^9..z.-'.2.r)......jq.q!....i.e...p.....=....[#{.3z..,...q.
...]......M..){....4..../.Nf..>?.Z8..9F..k....S.B2...eIh1.o!<...
..U.....5s..x...J..\1"..<..... .P..e...4..}n...m.B.....F...D...G.^.
.....?\...?.f......5a.......`...[.....iz..d.M....E.......v..W....^....
.....5[../gUig.....c...)..`...h<.{\X_3.o$>......NG...3q....T....
..I.S....Si~..d....w....y..CF..._).~...8.eA..._..8..3.....z..[..2!..cZ
.....-.e;..Or...f-.=?.2.k.w.X([...../.(L.......7..=z..:.5.0be$:.......
[email protected]....".....>J..H.5S"S..W...j..;IB
?....V..i.9..2.J?.$p.n......|4J........R.y>.t?...r..8q...0..s...Z..
.. T7..,.i..."N..L..........C...K.....IQJ8. 3.f...d..{In.9....#\...5.p
%.l...p.....$ .......n...........j...........:r.B.D..b.m=(.....>...
.......).)....V.....U..}M.hs..]..T7..m]3....Zi.]F..yAk.q....Y....uR.vy
...1:.................)[email protected].{.]L...c.).n^LJ...^:o
....*.2.i....M....~...d..,.b.p.....,.OK..4....I.7.8-=n.-.P7w9......-..
....\EN..........b.2.;...J..p=.6....v..nf.y.D3O[....}a..Q..{e....s.C..
%.v.c.._....0. ..G..u1.L.l..Q....;:......u.&....t..#)f...'....Qa7.<<< skipped >>>

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 173

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ...(.....{. ZS\.....TJr........Y.X.j`.H%..A.P

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 149
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` ......\/....0
[email protected]/1.1 200 OK..Server: iYuntianSvr..Content-Type: applicati
on/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Conte
nt-Length: 149.....y........" 34774fbda3add406d6894c6154e2b3d7(.......
..28j..C.....d.B."h...[w.H.[....L".X.........X.."[email protected].
V` ......\/[email protected]..

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 160

Content-Type: application/octet-stream

Host: upt.sg.baidu.com

Keep-Alive: timeout=600,max=1000

...|....N...." 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2..

$bso..-~.r.2........p{[email protected]....` ....'..`..f&O..t.U6.......tq./
HTTP/1.1 200 OK

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 160
...|....N...." 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..I
I.z..r.1.m2....$bso..-~.r.2........p{[email protected]....` ....'...u.
 ^.% @.6?.....r..5|.HTTP/1.1 200 OK..Content-Type: application/octet-s
tream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length:
 160.....|....N...." 34774fbda3add406d6894c6154e2b3d7(.........28..4..
x.|..II.z..r.1.m2....$bso..-~.r.2........p{[email protected]....` ....
'...u. ^.% @.6?.....r..5|...

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 188

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...p........" 34774fbda3add406d6894c6154e2b3d7(.28...G..SB|[email protected].` ...@.%.6...3H.Yo...6'.ic'....0.e.W..S..-..|

C.=-
.........H).c......G
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 140

...p........" 34774fbda3add406d6894c6154e2b3d7(.28...G..SB|.e.J-iT....
[email protected].` .....%...K..B....I.U..
HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-
stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length
: 140.....p........" 34774fbda3add406d6894c6154e2b3d7(.28...G..SB|.e.J
[email protected].` .....%...K..B..
..I.U......

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 220

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...p........" 34774fbda3add406d6894c6154e2b3d7(.28...G..SB|[email protected].` ...`.%Pq
.)..3%....Z.d.?S..X........Jk.j0G...H`@...B.N...r2....L.......3._....
.#.\>....2.>.L.r....L.
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 140

...p........" 34774fbda3add406d6894c6154e2b3d7(.28...G..SB|.e.J-iT....
[email protected].` .....%.B....!....OY...
HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-
stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length
: 140.....p........" 34774fbda3add406d6894c6154e2b3d7(.28...G..SB|.e.J
[email protected].` .....%.B....!..
..OY.....

GET /client1/common/install/31744421716/BDMZip.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dl1sw.baidu.com

Range: bytes=14090240-

Referer: hXXp://dl1sw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.0 206 Partial Content

Expires: Fri, 24 Oct 2014 07:50:34 GMT

Date: Wed, 24 Sep 2014 07:50:34 GMT

Server: nginx

Content-Type: application/octet-stream

Last-Modified: Wed, 24 Sep 2014 07:40:21 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

Content-Range: bytes 14090240-18154311/18154312

Content-Length: 4064072

Age: 32616

Via: 1.0 sdbz30:88 (Cdn Cache Server V2.0), 1.0 shiben13:51020 (Cdn Cache Server V2.0)

Connection: close

Content-Disposition: attachment;filename="BDMZip.dll"

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
D:..B....eI.....Uu]99...Km;F.....uXD.w.ToC._...fd9."..h.......s.V.W.r?
.w8\.\...L(.......@Ov_...K...zc.}T...?!........L....&o]q........c.GNl.
`.b-............q.w.7..T....V?$|.N...z.Re.&...@...,R.1.<mj...W.&...
.l.h..$..)..G....J......a.t..i.9.nr.....bP..;XHc.i..G.>..f....}X...
..A$..*......d.e".;jG%hL..tHy.U......`C..J.9.j/...Zi.....N...!w{..E&~.
r.0A..2& .f..... .#).&.:...!.Usg....Q...cE7...j<=.=uB.".6 ..>..]
..[dP..b..#-.M.........N.....g3jd..~@.!...&...]..y..m...........I].>
;.;....VO.....S....:[email protected]&Oc.J.)...a.Xl......8.e.mCR.
/'s.b.ZX..Av.'Y..bA.... .b;.....m ......O.....~SQ....9.R...3.[p.......
.u.....b..Q9.e.!./g........O.}Ww[...WV*..I.<....-..p.....B.....P.dL
Rz..O....E.P.....y|.|..W/:.V.....'...Mk......\.5)v....g#.i<E....{..
...A...@.;.J. aC^...G.D...sw.....;M..7i..I..{./[email protected]....&..~..t.vD
......B': (.....|[email protected]$..Gu ....1...b.|./..d......K..#..E.&.
.1..&..}y.:..(=c...."I.^...U.;5........i:./...C...(.....(.zD;Y.Z...Som
.,.gqi..k5..d......j.E.\.3.bZ{P..a...K...#....0....M.|$.{iE.R=.....Y.s
.....25l./I#.U..b.6..).4...P...[...`.......;..;AvV.P.r...d............
9...W>P...s.i...............]].k..4h.......T2..bX..2-...p..5.s...H.
....<.r.....*.......-.. .j.5..$K.....^:.q7U....B.P.X.E.i*.9 #,..`..
...W.h..T..w../.:....~p/.{:^/z...z..v...mS}....p.,....R..T,4..A(.o...E
Mm.)/....(....Z.k.....l1..][email protected][email protected].........)[email protected].
N.W........v.Fr._~..\`qaB.N.......{..(.,1...&'....R..E..0o...P&.:..a.G
.....6~YS.FC/.B5.D,S.J4.a!.....FA..Y.v.....fVzQO..h.:...d^.h..Cw.G<<< skipped >>>

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 173

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ...(..W.._....{..9g.v.I.1Mk.....}..2G}^...U.b.
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 149
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` ......x)v(...
....E.['.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: applicati
on/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Conte
nt-Length: 149.....y........" 34774fbda3add406d6894c6154e2b3d7(.......
..28j..C.....d.B."h...[w.H.[....L".X.........X.."[email protected].
V` ......x)v(.......E.['...

GET /client1/common/install/31744421716/BDMZip.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dl1sw.baidu.com

Range: bytes=7733248-

Referer: hXXp://dl1sw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.0 206 Partial Content

Expires: Fri, 24 Oct 2014 07:50:34 GMT

Date: Wed, 24 Sep 2014 07:50:34 GMT

Server: nginx

Content-Type: application/octet-stream

Last-Modified: Wed, 24 Sep 2014 07:40:21 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

Content-Range: bytes 7733248-18154311/18154312

Content-Length: 10421064

Age: 32619

Via: 1.0 sdbz30:88 (Cdn Cache Server V2.0), 1.0 shiben13:51020 (Cdn Cache Server V2.0)

Connection: close

Content-Disposition: attachment;filename="BDMZip.dll"

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
%.>V..{}8.p.;X.1Y..5....@".e...{........{3.W..;l....e."z/v...ZL.Bm.
.=M.....`.P.YV.X...=O.P.CV..9J..r...5A&.3..d.9G.B...Dgz..Jw......a.*.R
...#..UN.o.j...@*.?...&.b...E.....<)...E...0...b.tc.H.WR2i..|.P....
...J.h......V...q.%F...%....w...s9&B.....<._..V....P[.o.t3Y..1..mf.
...........>...vc@W.....%....L.d0..r9.p.. *]...ta......of.d.Y.,.Z.G
4\S.M9.y..'*..\....)..?...k.r..n..t.s..2.*V.2....f\....OA...el."...*..
.{....o... B..T...s...Z..N.G.o..9/...Kq.....g.x.....AOB...JC.[[email protected]...
6V....6.lrs....u...x..%........A......|#f.......z...R.>.......}s..]
[email protected].#;...?..`.2.!Llx...L...l..2............z.rYo....f?x..6e.i. 
.....Gl.P-S.....50.x....tk.#..P!.vR...@%|....?!."9..n.lb..Uq...a.D@)..
..[...".1..!u"...w...g...4..L.........B...L.I.]...2..ok..x........P.j.
./M/.#.i.H..Z....K../...,*..h...........1Bv......... .pp....s........m
.j.}..o..y..![.....]&7. ...>.b...X.XB8;[T.e..mb.S..M.}nGQ.......W..
#z$By..m.y..!E..j~.d.9.^.LX..i....G_H.r....^._.......o....D5.uP...YP..
...o.....d. ...l.P......|.j.0h.iqy.G...%7>..9a%...W.}.....X}.~.]...
....%....D;.j..6..Xi..|,Ni.(.n.B|U.....mVy'.S...!q.0_p..S.......x\....
IF..a..7l.C}..Z..d..M._RD|.N/..(-...$*...b....G.$.8.~*t>.XD..@.....
.K..x.b..b....u...B.../.w".j.....`..Zx.#8f........."cI...>...-.....
...5K.dJ............6..V.^/\ZJ...e$....Oh......oT....W.3B..K...8..x...
9B.5..}F.(l..R..C./*..P3.K|da."..|.b;..IS?...RS...9.......x.Q.$%.....b
.....i.5...7yt..Fn.:...*.n..{.9Bh=|Mx...W.|zI.4.........J......." L.z.
.1...|.P...#P....@~.....I..V9..2*.P~..c.U....."..d...5@<...-v.)<<< skipped >>>

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 132

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.L.@[^..&p..2Yd:.\.kC....Z|%...8..E.,[email protected].` ......
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 132
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.
FS.~.B...c....B.;..v.........^.([email protected].` ........

GET /CSC3-2010.crl HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: csc3-2010-crl.verisign.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache


HTTP/1.1 200 OK

Server: Apache

ETag: "6dfdae41fcd222e6fc98e0cdfd2d59ee:1411549812"

Last-Modified: Wed, 24 Sep 2014 09:10:12 GMT

Date: Wed, 24 Sep 2014 16:54:27 GMT

Transfer-Encoding:  chunked

Connection: keep-alive

Connection: Transfer-Encoding

Content-Type: application/pkix-crl
00006000..0...80.......0...*.H........0..1.0...U....US1.0...U....VeriS
ign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at h
ttps://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Sign
ing 2010 [email protected]
0730092631Z0!....c..k....D.k.....120708062201Z0!... _...u.t.=.<.&..
.130218061114Z0!...&..].....P.k.:...120125130117Z0!...7P.x....8.Q...s.
.130227010252Z0!...J.....Q..Y.[.....110404153956Z0!...d...=..q!_...g9.
.130729145216Z0!...d....Y.......o...140711083257Z0!...l.....h2<.H..
....120329152211Z0!...q.9...`H.*.Y.C...120525202212Z0!...s...TM.......
0...121221080842Z0!...t..,.. ...eL.....130314222305Z0!...y..r.HW.v....
.w..140423054643Z0!..../u.......A..5...101214165045Z0!.....0.Xc...%...
iM..121102230226Z0!.......S.a&.X5t.E]..111206083350Z0!....c.(....B.[M8
3...140108164517Z0!....A.Sv.....f,.....110609003155Z0!.....z......!.ID
{]..101228182208Z0!....b^......{d.J'...130102154110Z0!.......n........
'u..140521222808Z0!......0..........I..130912181631Z0!....6e...~..T...
....130131012247Z0!.....|.....t.l.o....140827175301Z0!.........bD#*u..
....130226223939Z0!.......@..'$.).;}\..130121172259Z0!....7.v.........
.n..120724160733Z0!....P;.Y..d...c.(...120209181451Z0!.....].bb[.....!
....140328205453Z0!.....a...L`..IV.....130402103508Z0!......fFW.z.....
@T..130117000242Z0!...........].{7.....120730000000Z0!...".......Z.V.,
.e..121031192224Z0!...'....[.1......g..130318195659Z0!...,GI.jH.|...J.
....120518121623Z0!...<%a.=.d.......O..120424164254Z0!...@.....<<< skipped >>>

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 228

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...x..

...." 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.([email protected].` ...`..(...a'x.v/n?.....u......'o."DQ..e#t.kT.d..2....D..;o..0v?6gG

#.=.(.".q...s._.....E5........=_..
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 196
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.
FS.~.B...c....B.;..v.........^.([email protected].` ...@....^j....
Xll......x..A.i.K..2/..........5..f.!...Mlb......zD....2....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 268

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...x..

...." 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.([email protected].` .........u....;M........ovn.A.|$o....4.......w....217..LI.K..

d.~.G......#:J._*.."pf..r.sO. .....:...zl2.>

t.Z.\`n...3..c...x9..b....h.E..we
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 196
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.
FS.~.B...c....B.;..v.........^.([email protected].` ...@... ...)..
.....{... ...Y,.Hog1..v... vu.u...i.8..~......=.-.&2.(?.....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 228

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...x..

...." 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.([email protected].` ...`..=........u4.Dq..P..8...3..?-2M....-......v.....u....SA=..a@.#....6.B&..F.BQ.C...X...c7...r......
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 196
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.
FS.~.B...c....B.;..v.........^.([email protected].` ...@.........,
...x....nD./.q .....[7r.-.P...T..f..R.........4dG....5.0....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 212

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...x..

...." 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.([email protected].` ...P.. Ss.l...}..
......M...<I32...,{1.,.H..f....r..O....>jk.....a5.:.....\j..k.....m
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 196
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.
FS.~.B...c....B.;..v.........^.([email protected].` ...@.........!
.5W..<.z...f..K3W5r...&....).....,9N.R..*[..S..K.R."........


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 252

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...x..

...." 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.([email protected].` ...x..........m._`=..X.=:#e..9#..~i...`.*..F..v..>....?..rROwO........-l...@]...T.DI...7bb.....4Pj..m..h..R....6x1.<x~..../VPOST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 228

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...x..

...." 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.([email protected].` ...`....z,|L...F8.uS.!.(.gkYJ^.c.I.WA.!..P*.8~.V.....I..U....j.mj]...O`.8...U..][email protected];.P........U.
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 196
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.
FS.~.B...c....B.;..v.........^.([email protected].` [email protected]
[..2r..S....`c..;.H....^.N..T\.*.p.......;l......._...m.HTTP/1.1 200 O
K..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-A
live: timeout=30..Connection: Keep-Alive..Content-Length: 196.....x...
....." 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B.
..c....B.;..v.........^.([email protected].` [email protected]~j..]5]..
.9...].I...U.K..uO.2.........o...I.c.`.=r.l..5./t....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 276

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...x..

...." 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.([email protected].` ......l%.|......\6i.C.<...A.....*tPY...$.W.S^........nU..A.......]`.....;[email protected]..
...1e\..d.w.&I.%...&i>.........q!!.:.2.

j.D.S.....)Nm.i.Q
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 196
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.
FS.~.B...c....B.;..v.........^.([email protected].` [email protected]....
bL.op..E.?..C..i.....>......... -.1=.[.dC........g..9..u..

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 156

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.L.@[^..&p..2Yd:.\.kC....Z|%...8..E.,[email protected].` .......8A .....[..H..P.e.'6.~.
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 132
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.L.@[^..&p..
2Yd:.\.kC....Z|%...8..E.,[email protected].` ......HTTP/1.1
 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..
Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 132...
..x........" 34774fbda3add406d6894c6154e2b3d7(.........28.L.@[^..&p..2
Yd:.\.kC....Z|%...8..E.,[email protected].` ........

GET /client/dllv5/BDMReport.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dl1sw.baidu.com

Referer: hXXp://dl1sw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.0 200 OK

Expires: Thu, 02 Oct 2014 13:54:11 GMT

Date: Tue, 02 Sep 2014 13:54:11 GMT

Server: nginx

Content-Type: application/octet-stream

Content-Length: 1207520

Last-Modified: Wed, 30 Apr 2014 05:24:32 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

Age: 1911593

Via: 1.0 wzpy185:88 (Cdn Cache Server V2.0), 1.0 jg9:10001 (Cdn Cache Server V2.0)

Connection: close

Content-Disposition: attachment;filename="BDMReport.dll"

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD

MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......M......S...S
...S.Y.S...S.[.S...S.[.S...S...S...S.[.S!..S...S...S...S...S.[.Sd..S.[
.S...S.[.S...S...S...S.[.S...SRich...S........................PE..L...
.!.Q...........!.....P... ......u........`............................
...........................................j.......V..................
[email protected]..@............`
..t............................text....O.......P.................. ..`
.rdata..1....`.......`..............@[email protected][email protected]........
[email protected]...............................@[email protected]..............
[email protected]..................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................

<<< skipped >>>

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 175

Content-Type: application/octet-stream

Host: hb.sg.baidu.com

Keep-Alive: timeout=600,max=1000

...{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2..

$bso..-~.r.2........p{[email protected]....` ...(..D)..-.....=.eo;...h.c.[\.......).\\Wk..
HTTP/1.1 200 OK

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 351
...{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II
.z..r.1.m2....$bso..-~.r.2........p{[email protected]....` .........IW
W1.&..p. (>..4B.....\.\..z..j.../..4.&.~s#.T..jIH.`.......}utq.....
.y..np...B..m.k...i#*Lr....n..&.q......&....q..}....rE.Rs.........=1[.
'Q..*...n...O..@v)i..L..%}.....A......J..B.c...Y......*../..........5.
..).HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Aliv
e: timeout=30..Connection: Keep-Alive..Content-Length: 351.....{......
.." 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2
....$bso..-~.r.2........p{[email protected]....` .........IWW1.&..p. (
>..4B.....\.\..z..j.../..4.&.~s#.T..jIH.`.......}utq......y..np...B
..m.k...i#*Lr....n..&.q......&....q..}....rE.Rs.........=1[.'Q..*...n.
..O..@v)i..L..%}.....A......J..B.c...Y......*../..........5...)...

GET /client1/common/install/31744421716/BDMZip.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dl1sw.baidu.com

Range: bytes=8650752-

Referer: hXXp://dl1sw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.0 206 Partial Content

Expires: Fri, 24 Oct 2014 07:50:34 GMT

Date: Wed, 24 Sep 2014 07:50:34 GMT

Server: nginx

Content-Type: application/octet-stream

Last-Modified: Wed, 24 Sep 2014 07:40:21 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

Content-Range: bytes 8650752-18154311/18154312

Content-Length: 9503560

Age: 32620

Via: 1.0 sdbz30:88 (Cdn Cache Server V2.0), 1.0 shiben13:51020 (Cdn Cache Server V2.0)

Connection: close

Content-Disposition: attachment;filename="BDMZip.dll"

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
.Y...tU|F.BM..2g....F..t.Wf... .~.. ..T.........P.v....i,..j....&..z..
...x......G_x}lO..w.:....../.4.P............0...J.\...i.3...M......u_.
C{...pt.F..8.}J..d......p:oc[b....'.......;..A..v.W. 3..6...i.....yg.b
x...%(=....Q.?.U......sh....F.).z.(..j..r.[*.n."o..(.C.:.\.......jo...
[email protected]. {~[8o........g#|a.^.:.......fX...X..16..=..0VT
hD....YF,.r.z9|....F."..F.......qF=..B..%.71.....gc...<.]V....b....
..D....rr.....0b......jL..wK.z..C..C&M...J..(.......O".)<.)*>*sk
..s.,I.6..JSt.uF..a{...w#Y......LE..l|...g\x.^'X...;@n,.!....FK.....;"
`6p............:.%.GhZ..~.]C$Z..{.z.GX.X....N..`X.4.......{,w.........
A.o.k.R,02..F.....h....e../...wk.....^...{..y....8...J..f<x.K\..-..
....L.P2.k7Bv.2.p*..Gs...' . ..c.Q..B.t.....4...?..]..e>.aDhn.BA.H.
......C..Ks{.L.K.T.2.{....g......U.~}.^4.../~D...9ic..i.d...W..v\{....
..E..W.kS.>._FJ...f,..1.!..F.....9..r~lE...F...w.....{...S..wA<.
.Z..#..."...9....y....s...[....].,td..,...../..d....U.j..`1.."...w ../
V......u..[....0;..:Ufr<.p.Q.g.!...p.C..W../D.)IA....Pc..`."..`.'{L
!W..oIF...?..)J:D.......Evy#...^}...M2..2:..q.._A8........d....Z...V.,
.a...F...$21..r.1F..o.B..A...u.wfs.....].b.......|M8(...^......s..l.o!
2.....rW..3`..u.M..DW. .mLH.<-p.....'o..Wl..5..&.......=.%..AT...b.
b...r..........|....*..........}..o.O.q.N.......r..d.T<.[.i.%.[ %..
..I.m._.p..z"=y<X....MO..J/....O."....y...0".N.......C*a..<..4..
.l....u...<.9s...C..#....[...A.!8.a..:.K...l)0..n.g.N...........o|.
.Vm-....../.s...d.u..6...{..].....s...X.$..A...k.E.....?...2..E...<<< skipped >>>

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 77

Content-Type: application/octet-stream

Host: p.x.baidu.com

Keep-Alive: timeout=600,max=1000

...A........." 34774fbda3add406d6894c6154e2b3d7([email protected].` ......
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 133
...y........." 34774fbda3add406d6894c6154e2b3d7(.........28...........
.....H.....g...8pBl ......R@ ..'..~0......;[email protected].` ......
....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 157

Content-Type: application/octet-stream

Host: p.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y........." 34774fbda3add406d6894c6154e2b3d7(.........28................H.....g...8pBl ..
...R@ ..'..~0......;[email protected].` .......Y..95( ....t....|.3*...
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 837
...y........." 34774fbda3add406d6894c6154e2b3d7(.........28...........
.....H.....g...8pBl ......R@ ..'..~0......;[email protected].` ............F
...#T..&...}..&.t.. ..I....`..6.H3-./}..].......<.@k/..]..a$.......
.,....:.y.].![.*/[email protected]......
.G......;H..D....jf..'.hL.xb.u.|....z...m.|.............a.">...P!F.
a..%|$.......G..q......:oo.$.p..7.*m.>&.Ve...~....x....r..>z.I..
.9......w.)f}..H.q.>..^..X...[nm.=d@,.......k..HfL{.L....$..K... &l
t;u.....!..T.0...g......y......`....s.k...b....Tl.<..JC1.&..&...i-.
k.~.%....l.E..}}.J..|..E..K#..z..[....F&..S#.|........I.4A........S...
.....0./4..H.A.....h........3.VH..........Xo.0K...A.?.p..?9..=....S.s.
K.....*...w.*...5....."..;.[.Dn...R. u.D"...... a].p..Wy.....v|..^.1&.
9...w..D...&...cP..............*.$...........h.......;J8.b......nw..4.
l.d.k.25`...........

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 117

Content-Type: application/octet-stream

Host: up.hy.baidu.com

Keep-Alive: timeout=600,max=1000

...9....N...." 34774fbda3add406d6894c6154e2b3d7([email protected].` ...0...Y..95( .s....d....\..7Y#dp....#:..X<ksX.rO...aG
HTTP/1.1 200 OK

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 85

...9....N...." 34774fbda3add406d6894c6154e2b3d7([email protected].` ......r
...m_.....r.A..HTTP/1.1 200 OK..Content-Type: application/octet-stream
..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 85..
...9....N...." 34774fbda3add406d6894c6154e2b3d7([email protected].` ......r
...m_.....r.A....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 173

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ...(..[.dD.2.....O.4L.JG...
..L/%.=.Z.^.j.:.
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 149

...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` ......*.K....
 .hG..rg.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: applicati
on/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Conte
nt-Length: 149.....y........" 34774fbda3add406d6894c6154e2b3d7(.......
..28j..C.....d.B."h...[w.H.[....L".X.........X.."[email protected].
V` ......*.K.... .hG..rg...

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 167

Content-Type: application/octet-stream

Host: dr.sg.baidu.com

Keep-Alive: timeout=600,max=1000

...{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2..

$bso..-~.r.2........p{[email protected]....` ... ....L.1#V.MV..;.<l<.&.
Z...N.c....
HTTP/1.1 200 OK

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 151
...{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II
.z..r.1.m2....$bso..-~.r.2........p{[email protected]....` ..........i
r.<;e...Zr?HTTP/1.1 200 OK..Content-Type: application/octet-stream.
.Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 151..
...{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II
.z..r.1.m2....$bso..-~.r.2........p{[email protected]....` ..........i
r.<;e...Zr?..

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 77

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...A........" 34774fbda3add406d6894c6154e2b3d7([email protected]` ......
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 133
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28.!.PH._..4dH
...d]r dT`..1........<.[.:...}.:... ;[email protected]` ......HTTP
/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stre
am..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 13
3.....y........" 34774fbda3add406d6894c6154e2b3d7(.........28.!.PH._..
4dH...d]r dT`..1........<.[.:...}.:... ;[email protected]` .......
.

GET /client1/common/install/31744421716/BDMZip.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dl1sw.baidu.com

Range: bytes=11272192-

Referer: hXXp://dl1sw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.0 206 Partial Content

Expires: Fri, 24 Oct 2014 07:50:38 GMT

Date: Wed, 24 Sep 2014 07:50:38 GMT

Server: nginx

Content-Type: application/octet-stream

Last-Modified: Wed, 24 Sep 2014 07:40:21 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

Content-Range: bytes 11272192-18154311/18154312

Content-Length: 6882120

Age: 32614

Via: 1.0 sdbz30:88 (Cdn Cache Server V2.0), 1.0 jg11:8888 (Cdn Cache Server V2.0)

Connection: close

Content-Disposition: attachment;filename="BDMZip.dll"

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
#.....n..S....|.2...H.\A......./..._...1.$=..{.C...)...y.C.2..6.~.0d.P
.a...G.;a6.....x.........m..~.!....O..,...K.Q..\.9.S...0L..b|.H.0.....
........>m..&9...a.R.x...Z.$....[....h....J...yh..=7.<...M..nL..
%$7..Y.}.%././.#!M...P........\.W7.i....XW....W..4_...<.}[Kn#.-k..N
a>.x..~....:.(-......T#9.9..J1...7.s...^.b....'.R..\...(...2.X..\o.
r.f-.xfB....}......[9&4..v(...Z.... f..SJ.q..\.~2...o.Y...N...v....R..
.6....g....8\;.t...%.Bl..h....#.M.=J".....J...7~.W7cz.*'..`o1...*.eh..
.~R..........v....^t...... 9#.....M.PY.LrEG..GQ...^\.!/..J...C.,,.....
`..R........d|....c.....K........r.ax'A$...\-....B.....\......^k.V../y
.....,v../..M)t8E..?..(...cO...| ..:......%..L....{.jo".$.....%6u.:.p.
[email protected]*..V;S}25.K..359.%.Y...Uj.;.~ .4F....{u$.s.sD...M0*PQE......
9.g*]..M..}.m....9M.~.A....*.E...8;..}...\...gw......'r4..J...O.~. ...
..\_QO..p......./....2.:....7..)mq;.P..|:.......P.....#.............o%
...J..3.~...A....gQX..N[..6..!......i.l.h8n....B.....a<..i-..T_5P..
...U.B.......3B....E/.mY.Gz..lSg.:...!.BV....R|-R$av'{.&..x.,!...w....
..d.....f.U..\).'..I..s.^5....... u.g.g....ao......x............Av....
qq.K`...L......a..(<...d<aNH\.....#X..=....V....3 .7..lI....>
KR.Q|.z..f^}P....A.H..vB....YZZ.\.C .0e.....z....1...R.N..oY........
.n...%r_}.z....-.mN...5...4...r..y.!....*.A..W.[.^H.c.'....@;E...f...Q
.H...:J.c.n....R.K......2.g}..vb ..*....}..0...M..rM.nx.A.#........,..
.P.6:....*..$W$74H...#.....0...G.,.%[email protected]\a...>...e*.....l
y.../C...[.<`LlZ`..x..[cC|....B[.w.L*..Y*6|X...m..}...PkX...qK.<<< skipped >>>

GET /pca3.crl HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: crl.verisign.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache


HTTP/1.1 200 OK

Server: Apache

ETag: "8f6b3bcd9bb64555001fba64f5b01b92:1411517716"

Last-Modified: Wed, 24 Sep 2014 00:15:16 GMT

Date: Wed, 24 Sep 2014 16:54:26 GMT

Content-Length: 933

Connection: keep-alive

Content-Type: application/pkix-crl

0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U
....Class 3 Public Primary Certification Authority..140922000000Z..141
231235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y
.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.....
..fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!............R
.e.53..010207212458Z0!..!......Y...ISi....010706171411Z0!..$-..I{r....
u<._...080403172226Z0!..&.."?..y..51}..1..010706172118Z0!..4....2..
..{W......080605175030Z0!..B....c............070411175910Z0!..H.Py...N
....* [email protected]!..Y......w
`G........070411175657Z0!..Z`[email protected].*q..080403172017Z0!..l....I..
.Y..] .c..010706171749Z0"......T=deQ...1u.]...010207212247Z0".....p..1
..7<.....e..010207211822Z0...*.H............M....s#..Lo...TU...tM.3
...'.U......:Z...w.x.=....K.0;...!....D....9...,!....B.t. <........
..-.....k.$<i{O.<.E...*.......Ow _..J.....

GET /pca3-g5.crl HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: crl.verisign.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache


HTTP/1.1 200 OK

Server: Apache

ETag: "bd6753109994fa1bef1833b34f3e263b:1411514416"

Last-Modified: Tue, 23 Sep 2014 23:20:16 GMT

Date: Wed, 24 Sep 2014 16:54:26 GMT

Content-Length: 533

Connection: keep-alive

Content-Type: application/pkix-crl
0...0..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U
....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For aut
horized use only1E0C..U...<VeriSign Class 3 Public Primary Certific
ation Authority - G5..140922000000Z..141231235959Z0...*.H.............
O...i.i(.#..s.T....F....${|...xLT.k...(....AC.#.....Y.Ht..}.n..* ...b.
Gs...G..N.|2*.9l....\..H.Y....Wh. .....A.......?/...}.......z.Q..qP_.-
..~......!.UBW...ER..6....:.p...[...../..h...9.J(..<.;i.......?c.I.
t....LV.uD....B..z...~I .6..aR[..(..q..............

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 157

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ...........d...O.Y."..0A.aE...
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 149
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` ......F.<$
.Q.SA'..._..HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: applic
ation/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Co
ntent-Length: 149.....y........" 34774fbda3add406d6894c6154e2b3d7(....
.....28j..C.....d.B."h...[w.H.[....L".X.........X.."[email protected]
.X.V` ......F.<$.Q.SA'..._....

GET /client1/common/install/31744421716/BDMZip.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dl1sw.baidu.com

Range: bytes=1703936-

Referer: hXXp://dl1sw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.0 206 Partial Content

Expires: Fri, 24 Oct 2014 07:50:34 GMT

Date: Wed, 24 Sep 2014 07:50:34 GMT

Server: nginx

Content-Type: application/octet-stream

Last-Modified: Wed, 24 Sep 2014 07:40:21 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

Content-Range: bytes 1703936-18154311/18154312

Content-Length: 16450376

Age: 32616

Via: 1.0 sdbz30:88 (Cdn Cache Server V2.0), 1.0 shiben13:51020 (Cdn Cache Server V2.0)

Connection: close

Content-Disposition: attachment;filename="BDMZip.dll"

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
....6S..'....B."....Wiv.............y..n9|.K.3z.33....J..|..<....).
..wE...}K.Blh..BQR.h'.,...e.?v.-.:-..K.vL....-.0.r(.{\._jr..b...[...u.
<....=...-...z.8pPm...C^.i..j....4.C.p.....A&....2.!?.......%..p$N.
0..-.q.)j.`[email protected]....]......g.f>..s5.r...eUs.......ev......
[email protected]`.3N........u2.V...6y.\/P%3>.xQB.pF..."'...U .&...
..Y....".F.~.7[aq C.u..j....6...a..H.......P.i."Xz.KM.....YZ`B`..N.;..
.X|....5W............i......p.3..4C....N#RO).m.<8.gV...1...X.a..K.&
lt;.......a..?F...n..x0.j.9L..;m7.>..{..2..f^...o...}..N0_........ 
..6*.\..p#.O.'.Hv~..j.;._...,....^......<.D|..$.R.y.i|.?.....*.N..h
...(....XX.MYQX....w?S'.6.N.......T.'T6Kc`P....O*...(d.n"......D...#..
.V6.j,,... ..H,.if.%h.k.L..f/...K..K...gW)...N.t..;=..X3.R5#..L.. -P..
.t.B).L..K......~..H...[...y*.\pyZ...>...1%~u......;.h.0a......~.E.
.P.^......w.E.G]T........I^.-Aa.vH..NJ......~'<T.3.c.;d..?..9...9.J
.~...BA...^....D^W.y.G....]..M...T...}[email protected]:.....o.....O...T9...
.~,....u..1 ..!..t. b...J{...6H1..*.Y,X....8.....#....2.....A=S._....8
...|...b.=:W0..6 ......mgEa.'....o..z...vOz...rP..........sOv9fR....-b
..d'..e>L%*....p..;.*..=...........6...(.A.9?O.x.&..E.T......V;k...
I.7.p.-,'..v....f.... ?B..&-...M........`w........}.8.W.ht$J$.x... ...
.NeA.. ...jr.....p.b6X.....m[>|.nl.H|k...h(.. .*.x)..##~j...Z.=.v..
..I(D.eH.Y...9......K(.5:. ....../u.%...N.l:[email protected]...
..w....5..=.q..^...q..q.XV\.(....[...-....M...B....y...d.|.Q..}8...F.&
....%3.j.LU.....M.[w..:'<.h........U..........}nO.....eFNH..}0D<<< skipped >>>

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 79

Content-Type: application/octet-stream

Host: hb.sg.baidu.com

Keep-Alive: timeout=600,max=1000

...C........" 34774fbda3add406d6894c6154e2b3d7([email protected]....` ......
HTTP/1.1 200 OK

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 135
...{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II
.z..r.1.m2....$bso..-~.r.2........p{[email protected]....` ......HTTP/
1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeou
t=30..Connection: Keep-Alive..Content-Length: 135.....{........" 34774
fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2....$bso.
.-~.r.2........p{[email protected]....` ......HTTP/1.1 200 OK..Content
-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: K
eep-Alive..Content-Length: 135.....{........" 34774fbda3add406d6894c61
54e2b3d7(.........28..4..x.|..II.z..r.1.m2....$bso..-~.r.2........p{.S
[email protected]....` ......HTTP/1.1 200 OK..Content-Type: application/
octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-
Length: 135.....{........" 34774fbda3add406d6894c6154e2b3d7(.........2
8..4..x.|..II.z..r.1.m2....$bso..-~.r.2........p{[email protected]....
` ........

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 167

Content-Type: application/octet-stream

Host: dr.sg.baidu.com

Keep-Alive: timeout=600,max=1000

...{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2..

$bso..-~.r.2........p{[email protected]....` ... ..y....-..j.....;.$.6...v.l)_...z0
HTTP/1.1 200 OK

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 151
...{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II
.z..r.1.m2....$bso..-~.r.2........p{[email protected]....` ...........
,!..]..-.pfHTTP/1.1 200 OK..Content-Type: application/octet-stream..Ke
ep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 151.....
{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z.
.r.1.m2....$bso..-~.r.2........p{[email protected]....` ...........,!.
.]..-.pf..

GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: VVV.download.windowsupdate.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache


HTTP/1.1 200 OK

Content-Type: text/plain

Last-Modified: Fri, 12 Sep 2014 18:02:51 GMT

Accept-Ranges: bytes

ETag: "80179bc4b3cecf1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Content-Length: 18

Cache-Control: max-age=1954

Date: Wed, 24 Sep 2014 16:54:47 GMT

Connection: keep-alive

X-CCC: US

X-CID: 2

1401CFCEB3C4C42958....

GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: VVV.download.windowsupdate.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache


HTTP/1.1 200 OK

Content-Type: application/octet-stream

Last-Modified: Fri, 12 Sep 2014 18:47:05 GMT

Accept-Ranges: bytes

ETag: "805a83f2b9cecf1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Content-Length: 56928

Cache-Control: max-age=6001

Date: Wed, 24 Sep 2014 16:54:48 GMT

Connection: keep-alive

X-CCC: US

X-CID: 2
MSCF....`.......,...................I.................,E.Y .authroot.s
tl..Y-..8..CK...<T...g.v!M.d..f.%d..}K..5..F. ...T..%.,YJ.,!T......
_..x.<=O.....yy....;3..>.|..~..\.....|......;..8..~.za...."A...q
.......g..m......<X........j"I........!..-w.....w....P...H..(.?}..2
.N. .u..a. ...=.C..D.F>rC.. ..|).=.. ..3b.8H.M...(...u8.%...W.g...\
YB.m:.....dE.........V....$....Dn:....0...S."...o..q.....K...I..K...(x
%....>A.R...`.0 .........<`L0mp...%....y.....g.n...R0Op..<..,
....`0$z.@..&.x"....T..H...<........~..E..".....<<.\B(.......
[email protected]/"...f.......k..Jm7j....R.5q....Rz.
.!@...].......Y.[........4.. .D8..&...t.J^O..Q.._..1.J.m5<'k.,....%
T....i.\.;.;q..S./ 8.?Bu.............}D.Q....L....*..[.."e......15m...
_.0.M........#..v!..<...@..?sc.y....*.....tX[........{.W4.Q...^u@..
*..QP.......~.L9N....2r...4.....B..-\(...b.d...K...O.8..Un.......V.<
;.......A...V.....(..s..f..q.{N0.hS.,..;M.|G|[email protected].._.....7._6...C.0...
A;L....%...M=Y.....f.JV.(.5.....0..?*...KZ....jM...8.6U...#...ew.?..?.
..........WE.Or..O>..{.'[email protected]}.o:?~....]&l
t;!...%....}@.d...L.p.a.g ..K."..N1!%..S.bT.H.-.....e..`.0$...0t..DX..
{.....#./...8.5..M...T.......D......V\C.zy.....3E:..>.{..).QW......
q....9..n..1....8%,.........r.p@.>. ...Q.?.p..7.?..7...&..!........
.`. .=....Sf..q.l.A.....L...t.}g..;...f....=.e.~.z....C..*R....H-..=..
.f..(t'.."....F...g._....n.J..U.4vr`}.....1..o@.....@.#...R. L8....z..
].|......3..y..-./....K..6{...s.<R`.}[email protected]....<<< skipped >>>

GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: VVV.download.windowsupdate.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache


HTTP/1.1 200 OK

Content-Type: text/plain

Last-Modified: Fri, 12 Sep 2014 18:02:51 GMT

Accept-Ranges: bytes

ETag: "80179bc4b3cecf1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Content-Length: 18

Cache-Control: max-age=1975

Date: Wed, 24 Sep 2014 16:54:26 GMT

Connection: keep-alive

X-CCC: US

X-CID: 2

1401CFCEB3C4C42958....

GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: VVV.download.windowsupdate.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache


HTTP/1.1 200 OK

Content-Type: application/octet-stream

Last-Modified: Fri, 12 Sep 2014 18:47:05 GMT

Accept-Ranges: bytes

ETag: "805a83f2b9cecf1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Content-Length: 56928

Cache-Control: max-age=6023

Date: Wed, 24 Sep 2014 16:54:26 GMT

Connection: keep-alive

X-CCC: US

X-CID: 2
MSCF....`.......,...................I.................,E.Y .authroot.s
tl..Y-..8..CK...<T...g.v!M.d..f.%d..}K..5..F. ...T..%.,YJ.,!T......
_..x.<=O.....yy....;3..>.|..~..\.....|......;..8..~.za...."A...q
.......g..m......<X........j"I........!..-w.....w....P...H..(.?}..2
.N. .u..a. ...=.C..D.F>rC.. ..|).=.. ..3b.8H.M...(...u8.%...W.g...\
YB.m:.....dE.........V....$....Dn:....0...S."...o..q.....K...I..K...(x
%....>A.R...`.0 .........<`L0mp...%....y.....g.n...R0Op..<..,
....`0$z.@..&.x"....T..H...<........~..E..".....<<.\B(.......
[email protected]/"...f.......k..Jm7j....R.5q....Rz.
.!@...].......Y.[........4.. .D8..&...t.J^O..Q.._..1.J.m5<'k.,....%
T....i.\.;.;q..S./ 8.?Bu.............}D.Q....L....*..[.."e......15m...
_.0.M........#..v!..<...@..?sc.y....*.....tX[........{.W4.Q...^u@..
*..QP.......~.L9N....2r...4.....B..-\(...b.d...K...O.8..Un.......V.<
;.......A...V.....(..s..f..q.{N0.hS.,..;M.|G|[email protected].._.....7._6...C.0...
A;L....%...M=Y.....f.JV.(.5.....0..?*...KZ....jM...8.6U...#...ew.?..?.
..........WE.Or..O>..{.'[email protected]}.o:?~....]&l
t;!...%....}@.d...L.p.a.g ..K."..N1!%..S.bT.H.-.....e..`.0$...0t..DX..
{.....#./...8.5..M...T.......D......V\C.zy.....3E:..>.{..).QW......
q....9..n..1....8%,.........r.p@.>. ...Q.?.p..7.?..7...&..!........
.`. .=....Sf..q.l.A.....L...t.}g..;...f....=.e.~.z....C..*R....H-..=..
.f..(t'.."....F...g._....n.J..U.4vr`}.....1..o@.....@.#...R. L8....z..
].|......3..y..-./....K..6{...s.<R`.}[email protected]....<<< skipped >>>

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 165

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ... ....!..!..U....OG..`.~p..4...h....
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 285
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` ........J...%
....j....J....O...>..."A..0....OZ..m..?_O...P$....Z;HsY5...s.w ..4.
..'.F...sK^.$F<C...g.=......=.}.R..Pv.........?.)~k.Xge...b".I..%.A
..4sF.9.. ...

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 68

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...8........" 34774fbda3add406d6894c6154e2b3d7([email protected].` ......
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 124

...p........" 34774fbda3add406d6894c6154e2b3d7(.28...G..SB|.e.J-iT....
[email protected].` ......HTTP/1.1 200 OK.
.Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Ali
ve: timeout=30..Connection: Keep-Alive..Content-Length: 124.....p.....
..." 34774fbda3add406d6894c6154e2b3d7(.28...G..SB|.e.J-iT.....m.......
[email protected].` ........

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 76

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...@........" 34774fbda3add406d6894c6154e2b3d7([email protected].` ......
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 132
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28i.e.p.qA<
...O.....V....;.._....{.i.f....k.....6\...][email protected].` ......HTTP/
1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-strea
m..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 132
.....x........" 34774fbda3add406d6894c6154e2b3d7(.........28i.e.p.qA&l
t;...O.....V....;.._....{.i.f....k.....6\...][email protected].` ........

GET /client1/common/install/31744421716/BDMZip.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dl1sw.baidu.com

Range: bytes=5832704-

Referer: hXXp://dl1sw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)



l..G`......nPM<..4h...3..J.a..Zv.l'.vy..w......T..M..y..J......EEt/
W.)F.....rJ.%|W..............d....].k...7M...E@~...!?9..$....*D.)..~.~
..s.(.w..LH3.....wM...Qj.-..W...h.DH.ru.Lc.*...iJ.;.J.._E>6I..5Z...
..u.........;......V`..L..V.Q.Y%...A.;.......[..[wAR......b....7.e..V.
..../%......o......g...9B*9...cf)'.;...._|&....$.Z.j..L...W..3;....5.K
.....[ ~9.S...TY-D.@&.AP.{..v)..K.gc..V.z..xI.Q..........8.{...eY.~.uc
.0.....i............q..B....Y$..I....<&..:|..}V.A....7.. ...G>..
.=.S....o.5...8'..,.......]..ex......u-......GM.7U....&)j....$...7._.}
e..A.O:?...j.%C....'y.....U%..}[...HIb.7|,'.<b...%./.(...6...2%..G.
.;..K^.#..{...&..o..I9$._.zG.5.]....bv4...TO.ij....8w...\....p.P.....]
..#.UUD....2..xXgn.\.......'<8%.......d.m....>....,F. ...D...D..
 ...TK......".x,B..!}.E.B...]%...n9.}.|M...T.P.....<.......'.-;...^
[email protected]..".w.Oo0Q.,.....v.F-i
.Q\..%...d7t8../.U=.J38....`.../MH;...:........s.ah...."}^ ......./.)Y
.....O....!...M.oV.D......l.!?.Z_..;..9aq..6..~..8.e5.@vw.}...D ....nK
...!E8!..9.[s.Q..'......-..w|h.../.,.....M.V...M*.#.........s..8h.%k}.
.H]f.S[b.N......,.M..JQ{] `QI...#.Q.k....p..;{3.wp. ...G...[....G.*...
[email protected].._).iT..8ZklH....t....|....cYI..o..T}...^...]..#;.u....oa.Y/z.y
............x..SnI..\|.9...P...o..../p::N>..C.C.S.F.....c..9.....\T
[email protected]!....l*L.......c.Z..)..;..}!%e.....r$..3.`....$..Q...>q
...#.St..\P..Q..P...5:t...[..$....K'.=..5......P.......1~...t......#2&
gt;..T.j.K.`U=.2...y&.mI.%.e..}...4.L&..^W}....^.H.U/5.M....|j..`.<<< skipped >>>

GET /client/dllv5/BDMNet.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dl1sw.baidu.com

Referer: hXXp://dl1sw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.0 200 OK

Expires: Thu, 09 Oct 2014 15:58:48 GMT

Date: Tue, 09 Sep 2014 15:58:48 GMT

Server: nginx

Content-Type: application/octet-stream

Content-Length: 1176520

Last-Modified: Wed, 30 Apr 2014 05:24:32 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

Age: 1299316

Via: 1.0 sdytwt87:8080 (Cdn Cache Server V2.0), 1.0 tswt79:88 (Cdn Cache Server V2.0), 1.0 jg14:10001 (Cdn Cache Server V2.0)

Connection: close

Content-Disposition: attachment;filename="BDMNet.dll"

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD

MZ......................@................/............................
..!..L.!This program cannot be run in DOS mode....$..........^.a...a..
.a...a..za...n...a..T....a.......a.......a......ya.......a.......a....
...a.......a..Rich.a..........PE..L.....3S...........!................
................................................O.....................
..............-...0...........................H#......T....9..........
....................X...@............................................t
ext............................... ..`.rdata..-.......................
....@[email protected][email protected]
[email protected]...............................@[email protected]..
.....@[email protected]..........................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................

<<< skipped >>>

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 188

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...p........" 34774fbda3add406d6894c6154e2b3d7(.28...G..SB|[email protected].` ...@.%.Y..95( ......2d>...l....e.!O..l..{.B....6\..>0......)'.....v...
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 140
...p........" 34774fbda3add406d6894c6154e2b3d7(.28...G..SB|.e.J-iT....
[email protected].` .....%...p.A(2..C.....
....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 188

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...p........" 34774fbda3add406d6894c6154e2b3d7(.28...G..SB|[email protected].` ...@.%9...p...z....3.Z. ....h.W.....~

...[...y.h..C.5E..I. ....?..p.q
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 140
...p........" 34774fbda3add406d6894c6154e2b3d7(.28...G..SB|.e.J-iT....
[email protected].` .....%].t$/..N.....|..
....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 188

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...p........" 34774fbda3add406d6894c6154e2b3d7(.28...G..SB|[email protected].` ...@.%N..$.*o..E.@.,{P^5..=.6...e...C.....U.....,.s<...y..I.2=.r).$O..
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 140
...p........" 34774fbda3add406d6894c6154e2b3d7(.28...G..SB|.e.J-iT....
[email protected].` .....%.t........"..D..
..

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 204

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...x........" 34774fbda3add406d6894c6154e2b3d7(.........28i.e.p.qA<...O.....V....;.._....{.i.f....k.....6\...][email protected].` ...H. $t....o-.........Q....;z....X*..>...|..mM[....5....s...@I./JV.....L..V.
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 148

...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.. .`.....(.
kN9<./E.xV.....s.P..S..J5..6.#Q..y...,[email protected].` ..... .....
.m...1.c.G.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: applica
tion/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Con
tent-Length: 148.....x........" 34774fbda3add406d6894c6154e2b3d7(.....
....28.. .`.....(.kN9<./E.xV.....s.P..S..J5..6.#Q..y...,[email protected]
.P.X.` ..... ......m...1.c.G...

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 76

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...@........" 34774fbda3add406d6894c6154e2b3d7([email protected].` ......
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 132
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.L.@[^..&p..
2Yd:.\.kC....Z|%...8..E.,[email protected].` ......HTTP/1.1
 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..
Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 132...
..x........" 34774fbda3add406d6894c6154e2b3d7(.........28.L.@[^..&p..2
Yd:.\.kC....Z|%...8..E.,[email protected].` ........

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 716

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.([email protected].` ...H..Gn.o9D...,LI..q.3
[email protected]..\.......5..i.0T.....0.4..&.D...5./?.<.z>.xk.....q....f..'lq..}..
.%e.N.C.T_'-q<@#w5L.<..}.5...Lo5...b...[.:..X

..<b.vn..2L....8...C.o.m<O..7F.U..1Ms8b.9....c.c"... .........\..7.....t...8...I.!Lb...XbX}$..$...q.iI$......Z...{.........`{y.........o............ ...2..R....TMN`...&.....3....)..,:..P.m,.q..j.|........QfJzC|:&.....K.=....-q\..m.^.[..xb...`/[email protected]....$.(...).....l..2

JG*...,;4U.kz..V.......dD.1.S.....]T.`.....$.h..uxg_..>IN.M.ZL.:..E.1..OS.....y........J......|f..~.

..'...JQ.....T..s-*8.9k
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 156
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.
FS.~.B...c....B.;..v.........^.([email protected].` ........f>.
p.z...r.u..V.....O.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type:
 application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Al
ive..Content-Length: 156.....x........" 34774fbda3add406d6894c6154e2b3
d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..
[email protected].` ........f>.p.z...r.u..V.....O...

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 175

Content-Type: application/octet-stream

Host: dr.sg.baidu.com

Keep-Alive: timeout=600,max=1000

...{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2..

$bso..-~.r.2........p{[email protected]....` ...(..G.......;`..~E{../R.l|;~..e...y.........
HTTP/1.1 200 OK

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 151
...{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II
.z..r.1.m2....$bso..-~.r.2........p{[email protected]....` .......-..f
....;I..%R9HTTP/1.1 200 OK..Content-Type: application/octet-stream..Ke
ep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 151.....
{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z.
.r.1.m2....$bso..-~.r.2........p{[email protected]....` .......-..f...
.;I..%R9....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 167

Content-Type: application/octet-stream

Host: dr.sg.baidu.com

Keep-Alive: timeout=600,max=1000

...{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2..

$bso..-~.r.2........p{[email protected]....` ... ...e

...G..G.....kr3...u9}02..q#WPOST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 167

Content-Type: application/octet-stream

Host: dr.sg.baidu.com

Keep-Alive: timeout=600,max=1000

...{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2..

$bso..-~.r.2........p{[email protected]....` ... ......2..(o......~#......y...}.C.|
HTTP/1.1 200 OK

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 151
...{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II
.z..r.1.m2....$bso..-~.r.2........p{[email protected]....` .......9...
IZV..<.....HTTP/1.1 200 OK..Content-Type: application/octet-stream.
.Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 151..
...{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II
.z..r.1.m2....$bso..-~.r.2........p{[email protected]....` .......9...
IZV..<.....HTTP/1.1 200 OK..Content-Type: application/octet-stream.
.Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 151..
...{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II
.z..r.1.m2....$bso..-~.r.2........p{[email protected]....` .......T.$$
.T...Z.% ,...

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 77

Content-Type: application/octet-stream

Host: p.x.baidu.com

Keep-Alive: timeout=600,max=1000

...A........." 34774fbda3add406d6894c6154e2b3d7([email protected].` ......
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 133

...y........." 34774fbda3add406d6894c6154e2b3d7(.........28?.....p....
..p.... ..F.T_".l..w...^[email protected].` ......
....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 157

Content-Type: application/octet-stream

Host: p.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y........." 34774fbda3add406d6894c6154e2b3d7(.........28?.....p.

...p.... ..F.T_".l..w...^[email protected].` .......Y..95( ..0.....Y.D.x.{>
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 845
...y........." 34774fbda3add406d6894c6154e2b3d7(.........28?.....p....
..p.... ..F.T_".l..w...^[email protected].` ..........{..
...*a.-Ewy.Y2_.g..k....".B,.....l.m..(.g.3Y...K~v9:p...[.'!....(......
c../..T.X.....y..7...]U....U{.w.^H..>...Q..N..Z...E&N.#..y....z.y.Z
&B.4...v....z..,...#..A.;CR...Q...:*.!.}%ur..d..^.....L..."....I.6L...
...i<[email protected]<.......3........y..._......n..H...rO
_1......)w.$J.J...]cD...*2...|.......e.>......i5.#....&........5.2K
.=..W.&...m/..5.M_dc.TC&W*.........(.a V.KFl...b5Q..x....g.....6<iz
. r.o.#...(.laG....1.R...~.<.. ...Wx.}....|....&$..../....l.......B
...NK..rTc......a..........J..........H....,ZK.!z?....K.Y...p....NE5.{
.?....f........j.pB>...QF.-&..jP....n.......>|F.`9S.B.R....3'C..
n.c.N..[.Aj...Z...Msk.....Bq~~...w..'0.^.R..Sp#.u...Hk ..e.z[Uc....;.1
....Yp.K.[.].F.^X......<.R.....

GET /client1/common/install/31744421716/BDMZip.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dl1sw.baidu.com

Range: bytes=10354688-

Referer: hXXp://dl1sw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.0 206 Partial Content

Expires: Fri, 24 Oct 2014 07:50:38 GMT

Date: Wed, 24 Sep 2014 07:50:38 GMT

Server: nginx

Content-Type: application/octet-stream

Last-Modified: Wed, 24 Sep 2014 07:40:21 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

Content-Range: bytes 10354688-18154311/18154312

Content-Length: 7799624

Age: 32613

Via: 1.0 sdbz30:88 (Cdn Cache Server V2.0), 1.0 jg11:8888 (Cdn Cache Server V2.0)

Connection: close

Content-Disposition: attachment;filename="BDMZip.dll"

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
n.Q.x....(%..G.....H.........N.d.....K`.1..ZM..>t5.E.n....!.l.MK..$
7....A.q....D..2..Q!.z/...TX...u...$....d$...CM:.']..h.t..G).O..U..C..
cU./%...03.eg..y..g....!..1c.}/........,=.S.N......._2..rB.S..&.C.E.cg
@......)v..........H.TC.j......0..*X.'........76q.v...15m._.5b.....#..
.G.Y...FU.....Y.X#.....i....|....u...5.*,...g..........F$.}le.........
|."..1....S.....N.COw..k-V1....5.*@.\Nq..!..l|Z....|...ZAD.9.W..S`..9.
vj...TF..tK...-......h(.c.._dN...%y............P'.2l.\k.<....=..b2.
....b......l.../......#.J.........uzz...].BL5N6;..<Q..3y..P....w...
..(...^...1..$Fm..1*:..$...5e-C!%...XF.........}q..rl.'g@......?){[.z.
r.......... ......u...x.Q..K..y....E-r...........X/.\.5DYe: ..%f.... Y
x...~.....u2...........Mj.Vl47....F.J.=...).d.n...8....3......X<F^.
GS?.q... 8....p*W..._.....M.../5.wU:].].J..1!..%QH.qT ........3b,..vq.
2......7c.._.........D.....u..y....B.(....OJ..5....I.'.c......-...7...
r(?....X..e..9*9... L.iw1.......&.9.>)...).....T^8..g.*..f......O.j
.......n,5S.....>.8._.#.*6......6^....y....B...z.:.Mj..#.... .gg.r@
.K*9FV.A.K..8G...!.h.2..B0.Xt..o......FKy.S.a..>....a....d..#~.%l..
......S.Qq..R.F.F..Vb......#.*-@..,.x....M...7..?..^..........)\.....V
5.H.D'........fm.......h..tw.u......z.>... ..M2..P...S.....m*......
..e..t[.MZ...B...W..Y..V.Fd\[email protected]....
Y....E1'..Y.v.}e.V.\Q....q...VC....X..T./1.J&?.X;.dvuwZ..)n/p"/...1K..
V]R./'e.....2.....X0..W3....%!..{[email protected]........%...I..
i.V...B.<...*4.~rP............F.i.....,....l........*...Nx....-<<< skipped >>>

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 247

Content-Type: application/octet-stream

Host: dr.sg.baidu.com

Keep-Alive: timeout=600,max=1000

...{........" 34774fbda3add406d6894c6154e2b3d7(.........28s....I.......}[.$. .7......Y...O....,.S....7.'[email protected]....` ...p.."...>.[...n.....$.0pu.Fh....w.......7.v09X..}.x.....f.o.W?.|L......v.........Z.....D..N......}.b.....L.&.U3.-.$Z
HTTP/1.1 200 OK

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 151
...{........" 34774fbda3add406d6894c6154e2b3d7(.........28s....I......
.}[.$. .7......Y...O....,.S....7.'[email protected]....` ..........0
d..YZ..... HTTP/1.1 200 OK..Content-Type: application/octet-stream..Ke
ep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 151.....
{........" 34774fbda3add406d6894c6154e2b3d7(.........28s....I.......}[
.$. .7......Y...O....,.S....7.'[email protected]....` ..........0d..
YZ..... ..

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 252

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...x..

...." 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.([email protected].` ...x.......4.......H.vM.J>......Ek...............s.."EQ...l..b.

..i.....G{-...0Q

c..X.Qb.....D....#.........J..p_....T.[N..
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 196
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.
FS.~.B...c....B.;..v.........^.([email protected].` [email protected]..#m.
.....`.n..Y...]<2H...\[email protected]....(.gq.HTTP/1.1 20
0 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Kee
p-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 196.....x
........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~
.B...c....B.;..v.........^.([email protected].` [email protected]..#m.....
.`.n..Y...]<2H...\[email protected]....(.gq...

GET /client1/common/install/31744421716/BDMZip.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dl1sw.baidu.com

Range: bytes=5111808-

Referer: hXXp://dl1sw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.0 206 Partial Content

Expires: Fri, 24 Oct 2014 07:50:38 GMT

Date: Wed, 24 Sep 2014 07:50:38 GMT

Server: nginx

Content-Type: application/octet-stream

Last-Modified: Wed, 24 Sep 2014 07:40:21 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

Content-Range: bytes 5111808-18154311/18154312

Content-Length: 13042504

Age: 32617

Via: 1.0 sdbz30:88 (Cdn Cache Server V2.0), 1.0 jg11:8888 (Cdn Cache Server V2.0)

Connection: close

Content-Disposition: attachment;filename="BDMZip.dll"

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
........r_.?..........O....R....p.D.!E...3.......y...tn.L..Y...[.JUN..
6....s.......C.g..[3...R.#s..q......zKW..y............L.. uG .{F.]...c
}s.BD..7&.(.D.i.......`....&.4z.....a....K.#..........T....[.!...x..,.
..@[email protected]....).'C].qN_....|...$C4...\..[........Og~Ze...
.......l."V~.[A.Y..y.*...n&_....%.j.[.xP..".J-.Ys.......D.||Q........g
..........Dp<...S.=...........d.~..z.$...1....E."..F...63...J..Pe..
x2bE...)[email protected]>..D.R...>.6..4...S.?.2.gt.o...n...#.'.
.g'.O......o..........Ob.S..\...w..j..sI..=.VC...ZH...-.....t.@%k....?
...*...)k...........#[email protected]*....n..iC.2
[email protected]^*.....e`..~.j.S.s)}.;...s.V8.^.t..J:...J..V%p.QW...#
.r...h.`1U.m......].....e..e...?.AhjT.W9..._q.... -.&.<..{ ..%yv...
..a..~N.d6A..s.a.....$.E .O9d....../=;......<Fl.....Qn;be.._......L
]].r........vL.m.7."`.LU. ...Zi""S.....r|v5/j...D.8.i.$C.. F..b]..6n..
pMF.{~XKE.t!`].....}..(.#..Jsq"..I.o..^...z.7.............Mf..........
y...Vt..&.e.3L..8w..-...&..........n....P..yXbg.R..u.J4.{*....0.g....A
M.&"r...]Y.....8.Dw.FVy........e.C.....?.>...~.;G;.\...=.B.{.......
.!.o..u"M....U..d).....s.V.9..g......-...>M......x?...k.....{.....I
..j;....:.%......0GkO..V............ ......f`.....E..i.........~..!...
....8'S<Io.=.fm"..`...~]m_T.....5. S.....u,........6).{D..|.._\J/..
!0.Q.....jMj.9S:|<..?..B38.T6..q.......Y]..#^..s......'\[email protected]
o{....C..Z..F.).*...?6.I.a_.j.d.. \ H...)...=.9.-..y..p !..6)4 .D...I.
.H....-.h.f.....p.M.....{t..t.g..... [email protected] ....6.BC...P....<<< skipped >>>

GET /client1/common/install/31744421716/BDMZip.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dl1sw.baidu.com

Range: bytes=9961472-

Referer: hXXp://dl1sw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)



@7..W.......bd..[..Vk;.....O... .G......LX.c1.[..V.KA..hr......Y..k...
K.r.?{. .y.b...>.....]^...rE...ugV.........7)R...Z/..%A:>..X..Y.
........8=1...x...W..b~ts......R......W....&.......1..'#...c;....^.G-V
....._.i.5......F..... .I.,.#..6.........n....e.|_.<.>&.rV...i..
r..;2..........WN..bh..>..*... ..pyY.F.i!".......*1a5....7...x..i..
r....I8.....0j..l.........*.5.W.X...Z..E.....F....#!..Ls{.y.C....p--..
....A.9Q..T.u.A{T.V{8q.'~x.x.>..^....../..........`......`.....PfX.
..7.ww.........:....%c!`..G..@.,7.....k...=....|.IJ=.-....]...2.8.....
Vk..>........].wi...l>..S^..z..*......Nd.^....u..I.#.?Z...v.L...
.).....VA.G...jw........G|....)..8....F3..|...n...H.r..o$=r1.....s...0
......?..........Ig....SS..0..h..f.=Kp...b.....M.y'i..$.h...<...Q(.
.t...m....O..0..._....t..aarT\5.?4...GZ...eNyaGx....`........zB.x<.
.E....Q..n...<.v..W.}.....P...#i.$].....x.h..K'...d<Q....H...../
)._..y..>.&.k.N...#...H....T...C..U>..e.~..`{....<N.....z>
l...kr..C/.,...65..=.,....F.F<...Ey...,T[.5..F".......Ca~<v.....
sTL...F...9..h.E]].H..]..{:.i.^'Kz.........-.wPVN..l..E..R66..o....R0.
....f[..pU..0v^.S...> *...U.f...Q_i8.{........K:DH.V.hXW..a..QV..O.
...... ?....s..{.....{N..N..B.......>.....!&.ZMR.......V...`H..59].
V,e..E .p.CBv......f.`...[.rw..../ID.4...?Sq.MC.p...y^o..<^z.....$.
....x..p.A7.3.../fa...Mp...s1.e%u.....0..= ...F={,.z.. ...B.o..7.f....
....... ....F............7.GU..w.K.2.&.......|...w.X.qCi.H.....3....I.
..x.)hL..6L}mN...{N...a`m...A.....2s.SNy ..q=i.T9..... ...-.9..R..<<< skipped >>>

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 156

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.([email protected].` .......8A .....[..H..P.e.'6.~.
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 156
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.
FS.~.B...c....B.;..v.........^.([email protected].` ............{.
.Q.4.. ...V.lU.WHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: ap
plication/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive
..Content-Length: 156.....x........" 34774fbda3add406d6894c6154e2b3d7(
.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@
.H.P.X.` ............{..Q.4.. ...V.lU.W..

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 79

Content-Type: application/octet-stream

Host: dr.sg.baidu.com

Keep-Alive: timeout=600,max=1000

...C........" 34774fbda3add406d6894c6154e2b3d7([email protected]....` ......
HTTP/1.1 200 OK

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 135
...{........" 34774fbda3add406d6894c6154e2b3d7(.........28s....I......
.}[.$. .7......Y...O....,.S....7.'[email protected]....` ......HTTP/
1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeou
t=30..Connection: Keep-Alive..Content-Length: 135.....{........" 34774
fbda3add406d6894c6154e2b3d7(.........28s....I.......}[.$. .7......Y...
O....,.S....7.'[email protected]....` ......HTTP/1.1 200 OK..Content
-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: K
eep-Alive..Content-Length: 135.....{........" 34774fbda3add406d6894c61
54e2b3d7(.........28s....I.......}[.$. .7......Y...O....,.S....7.'..N.
[email protected]....` ......HTTP/1.1 200 OK..Content-Type: application/
octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-
Length: 135.....{........" 34774fbda3add406d6894c6154e2b3d7(.........2
8s....I.......}[.$. .7......Y...O....,.S....7.'[email protected]....
` ........

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 357

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y........" 34774fbda3add406d6894c6154e2b3d7(.........28.!.PH._..4dH...d]r dT`..1........<.[.:...}.:... ;[email protected]` ......D.........Q..L-5.s.k..[....;.3.4..j{..,.....!b...^$.. W.`8&w.5%<....8o.:.....m..d.. ....9Ob..:.F.#...u(\.~.u..t....~S.G..AG..."2....H..$
A6<,...qi...k..[_E..X".K..3.&.......n.V.......~.AX.g...H).8..{h.^[email protected]..!=

..A.f...
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 149

...y........" 34774fbda3add406d6894c6154e2b3d7(.........28{...~.....Z.
...j...d.gx!..EV..W....o.y.% [email protected]` .......sqJ...
....e...aHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: applicati
on/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Conte
nt-Length: 149.....y........" 34774fbda3add406d6894c6154e2b3d7(.......
..28{...~.....Z....j...d.gx!..EV..W....o.y.% [email protected].
V` .......sqJ.......e...a..

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 247

Content-Type: application/octet-stream

Host: dr.sg.baidu.com

Keep-Alive: timeout=600,max=1000

...{........" 34774fbda3add406d6894c6154e2b3d7(.........28s....I.......}[.$. .7......Y...O....,.S....7.'[email protected]....` ...p..$t....o-T....E...VQ...*.yE.....0..Kz"....;..Tr.r4.F^...R... 8.."B..].......h..p..-5...X&....
..%NX(..x?w.F...]..
HTTP/1.1 200 OK

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 151
...{........" 34774fbda3add406d6894c6154e2b3d7(.........28s....I......
.}[.$. .7......Y...O....,.S....7.'[email protected]....` ...........
3~.6.&.....HTTP/1.1 200 OK..Content-Type: application/octet-stream..Ke
ep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 151.....
{........" 34774fbda3add406d6894c6154e2b3d7(.........28s....I.......}[
.$. .7......Y...O....,.S....7.'[email protected]....` ...........3~.
6.&.......

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 229

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ...`..A.`..KN..U...c..o....#1.\|TN

.....*-.]L..Z..&b.......7^s[z.8...M..Z.[...U..m.>PRk.y...*.
.|....POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 189

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ...8....-.H8...!....1.Z
...Lj.;...,q?z0...I......&(.nW[..-R'V:POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 189

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ...8...Bj76..R...,...........sD.........?.:[email protected] / HTTP/1.1

Connection: Keep-Alive

Content-Length: 237

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ...h.....da4..8.UA.)..w"......%Q
u..qk.Z.W.r..1....9M.#.....L...M.%...%.6.../5FA2Ze2gv.^*#........5U..%'...G..POST / HTTP/1.1

Connection: Keep-Alive

Content-Leng
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 149

...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` .............
...`.pT..HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: applicati
on/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Conte
nt-Length: 149.....y........" 34774fbda3add406d6894c6154e2b3d7(.......
..28j..C.....d.B."h...[w.H.[....L".X.........X.."[email protected].
V` ................`.pT..HTTP/1.1 200 OK..Server: iYuntianSvr..Content
-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: K
eep-Alive..Content-Length: 149.....y........" 34774fbda3add406d6894c61
54e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...Al
[email protected]` ........U...b...t.. ^.HTTP/1.1 200 OK..Server: iYun
tianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=3
0..Connection: Keep-Alive..Content-Length: 149.....y........" 34774fbd
a3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X..
.......X.."[email protected]` ......i.|P....3..6...\HTTP/1.1 200 
OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-
Alive: timeout=30..Connection: Keep-Alive..Content-Length: 149.....y..
......" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...
[w.H.[....L".X.........X.."[email protected]` ......xw.........YM
E..HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/oct
et-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Len
gth: 149.....y........" 34774fbda3add406d6894c6154e2b3d7(.........

<<< skipped >>>

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 237

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ...h.........s.!^d...$.=R0..~=._.p~]..s...#....D2..o.[..gP.$9v(

Z.UGse.jw/P.a..[.-C.3.......n..../.o.....}'."POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 237

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ...h....^.I..P...hr../...J.kj.. .|.5....iN..
.{...k.J{\...A....<`.5K.I..b..C(...=?L~0......i.]G...1..Er..5..X
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 149
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` ........Z...c
9."YWx..cHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: applicati
on/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Conte
nt-Length: 149.....y........" 34774fbda3add406d6894c6154e2b3d7(.......
..28j..C.....d.B."h...[w.H.[....L".X.........X.."[email protected].
V` ........Z...c9."YWx..cHTTP/1.1 200 OK..Server: iYuntianSvr..Content
-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: K
eep-Alive..Content-Length: 149.....y........" 34774fbda3add406d6894c61
54e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...Al
[email protected]` ......>.({K..r.N..#h......


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 181

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ...0..Tu..Y..<...t.jH...M.P...!._o.D94.Q#....EhS.N. [.POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 181

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ...0....7{.V.....
..K..$.[...[0N?...7..?........{...POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 181

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y......

" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ...0...W...qdZ....G.d..OKF?..d;r..Yb..#._....;D.G.....
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 149
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` ......`.z3t.|
1E1/.'...HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: applicati
on/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Conte
nt-Length: 149.....y........" 34774fbda3add406d6894c6154e2b3d7(.......
..28j..C.....d.B."h...[w.H.[....L".X.........X.."[email protected].
V` ........ ..=.#..R`.C..HTTP/1.1 200 OK..Server: iYuntianSvr..Content
-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: K
eep-Alive..Content-Length: 149.....y........" 34774fbda3add406d6894c61
54e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...Al
[email protected]` ......~].fh...!../...T....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 181

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ...0....

..*....dL...4...&..N.Egq-..|...j..`.f.|..D.POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 181

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y......." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ...0....Q=A.".*.Y]..........^V..K.7A ##L..`.h....&.|..POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 181

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y.......
" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ...0......;...,...!.w..^.............'fKe..FW .c...nkr
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 149

...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` ..........G.X
8..V...k.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: applicati
on/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Conte
nt-Length: 149.....y........" 34774fbda3add406d6894c6154e2b3d7(.......
..28j..C.....d.B."h...[w.H.[....L".X.........X.."[email protected].
V` ......Lr...b... g=..."HTTP/1.1 200 OK..Server: iYuntianSvr..Content
-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: K
eep-Alive..Content-Length: 149.....y........" 34774fbda3add406d6894c61
54e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...Al
[email protected]` ......>.r....W...T......

GET /client1/common/patch/24946961047/dnw.xml HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dl1sw.baidu.com

Referer: hXXp://dl1sw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.0 200 OK

Expires: Sun, 05 Oct 2014 15:52:38 GMT

Date: Fri, 05 Sep 2014 15:52:38 GMT

Server: nginx

Content-Type: text/xml

Content-Length: 165

Last-Modified: Mon, 07 Jul 2014 15:29:21 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

Age: 1645333

Via: 1.0 zhjzh55:8080 (Cdn Cache Server V2.0), 1.0 tswt79:8104 (Cdn Cache Server V2.0), 1.0 jg13:8888 (Cdn Cache Server V2.0)

Connection: close

Content-Disposition: attachment;filename="dnw.xml"

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
..}..a.Pr.DN...R.x.,....*[email protected]=gJbC.z....M..Z.A .A....[........
oh.*Fi:....ki.c1...(.(3:...5..........}.,.U>...{{...... .]k/".}*D.?
>a.#c..3.....[..9..r#.u|`.....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` [email protected]=.6u.
^...w..7rIwB...p"#p...i....#.R.xJ...7...(....D..N.i..W.\..}....o.YxMk..0..

...Zu...K..uE.Kg,Z....N.....oH...C.V.

........"S..|x....z}...b.L.q\....p
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]./.
b.L ........S.I..S.....2f.s|&..TcS...y..]2Yb^..F.4.B.PB!.....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ........@@..i<.S....J...X....L;.B....k3..j.b...W.R.Veo..Y05.l
...al*[email protected]..>h[.c...L.|..7....,.f0.4..D...J....~...!.V......J.d...G[....RD....P..".>........1.
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` ...@.....%...
?r..cN..d.{.S7....K{......... ..1M..d..nn..KQ..J....O...Y....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ......<.............,........]....I.C.#X?....O....P/..KQ....

.W
......L.-..^...-.R... ..Ml[........r..u...k.......x.(..?..,....FA.1..F1.{..k.....F....1*l...u.'f..s.Vm.....iV...,J.a.
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]
ju}.E.......N.>.z|N.j.5..c...8.r.h.\..%..w..... X..c.)..T...
.


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ......M....k}.H.

v.j..,PI.U....rq.Z...o...!...../...l../6"......O...L...k.4....<'.....n@\L...l5...tf...vr`.LCt....6N...?Bo....... 0.......t...L...i.7&.A.-N 8;.h.U.....x....8..(.4ib
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` ...@.....&..x
.!y'a-..R.....3j...9......`.O.I.u!..o..P.T.s........^........


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 301

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ..........K;d55.<..W~$.X......;....\.Z4......=b6Z..U..wN./f7B..|.......*..D.o<B......Y.sS.......t.a..@}&..>k-2..1e#}6...)\......U[...wgQ.......&4.v...La....pK.y...t......<..
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]..".CJ
... ......R..G.K...2.y.W.4..,...v.%Rs..5..........U..........


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ......|.C.

"..j.|dxW.a.u.U.:-..tO..ox..WmC.......Px. Vss.A.9..o...{8.k..P.(..../.e...0.....4-....I..y.c.Ywzu.~v.=I.U...^u.h(.......r.sg2.q............D... .l.X..t...v.5,....H

q.
C.
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]
..|3....S<.G.h*..3.v...u..2G...e.......'2B.....3>.U.F.[Gd
....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` .......v..w.1t...B..L.......qA..;.5...bo.@..>......{..$..<.,......L.n~..i.8..i6..~...J..B".R........E.W./J..[..#p.M> ...S...q...<>W..d5'..gz.l..3)...A.k......y
.........>....|..w^c..
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]>.#
Q.J#.|^.`..Ò.j0.v_.....3..:..A.LZ..K..Wr.#.v9....l.."D:L@....
.


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ......r.....*.J^-..S.@=...{/...\...X..)...b.G.*...............Ft......#..0R
_ZPQ.i..O....E7..<_... Z.ma.578.(b.|...n#T,.c.....9.r.nZMS.L..........Ms.PH..i^=A...M?......%...R.,@..
...
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` ...@...)x..K:
............{2u..t.DI.E..m..:.gV.*..u.<..C<.........p.0..
....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` .....

..&.........A.E...i...>K..`!Ke...qaz..N.3.á..I..E.]......k..z.M8.'...4...
u:.1U....d....k....".J..'........h.r..z..1..1X.....w.$....!-p.)..>,...n(.H.....H0..<..a!z..U}.....I
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]
..g.."..... V.\......z|.2o...k..r`...5H.m#........3Q...b.....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ..........b..u......H.9nV.MTVe..PG..Q.oF8....Oo..S.!.vH#.-.sK[.#={...I.i.7p... .6......70[N.~S...M..P......Z..iq....C"<BTb...D.T........>=/..6>.v'3....Os.[O...L.*.I.O.. .S
.....~.i
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]..
3A:..V...D.`....T.@._i.q.X....Y,.f6...*'I...) .V ...q[.......


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 453

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

..

" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` [email protected].......&...i.;.kCa.......I..J...l9... ..| 7..lp.\..

[email protected]%..,.

.|..mZ.j..8,.^..]....oEN..q*.Y .<.!R.......?..].2...{Ym8.......~V.U.N.{.8..9Y'__...{...#..Q.p...........Ei.
......Zy.....zQU.5Vu.......a.....R/.i....0...>.{5&!

..
[email protected]..|}].c..*w../....)..A......w. [{..
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 245
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` ...p...}..Pm.
.>...q.*\..]... .... .F..*c%.........D.../{Q.tnI........1.. .e.....
.0i...... Ui...<[email protected].....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` [email protected]'.L......{B..(.F...Nt.....|..u.

....$Ax...0(.N\O/../K..<cw]1.M.q_....d...'..7.!....C....q.....v.O........W..W\..tB#..Z.....Z...
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` ...@....&....
.FE3.w.~..(V..:PF.X.X!#M....}.........#u.4.X*^...'.;;...k....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

..." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ...... .IM..=..1....=&...=.g$.X.K:._....q..a..}.A.J.....,..>.y....1...L..E.[@.....j..H.(........G..!..E...6..u.a./....)%....:.[.%......iXp......|..f..T.9].{...CK.{Z....#..s...K....
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]
=. /.....V....q.a.:[email protected].^....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...
" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ......$=3..<.lAt.....|.I.i.......b.......X..X.....r...'....%o............M...[A..ay..@/D.i.....n.Ies.|....... 8EF...#...........4...z.{fK....<..L._(<&.......H..!.<&...6...bW.sl......
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected](..j6.
6.8.....B.z."..x.`...I{ #%.e..C..?............_Ui&.{.R..>...
.


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` .......e....M.<.
..(0..iy.!..a....%`[email protected]...&.Gu..1..{rSS2...Q...F...b.oP..3DF&.7C...;..&...*?.R"........Gp8h$. [email protected]."...D.$K........]...|....x.....h...)RuE.>.oD
lI.R.
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` ...@......;U.
.'.}.r...O..A.t.S..,..E&...r..I...U.Lq]|6W.........m...H=....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` .......?p.{.4.v.Q.n..L...s....)..-#....Z=....XDO2uz..s9..{......h..r._..L..M......2U.f.......*...[X.]D.Q$;kktT.b...U..:]Nd...b....6.......y.4@..(..q.J.....h>.>......#.D4......]c{P...
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]
s....x-.}.\0......VOGB...L.c8........-cWc.t.....G.....{=;....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ......h...A...0..U.... ..W.)Q..8..s...j..6.p.p...e....]wA..m.A.#}
.41.QeH9S...XM.q...(.%..qK....[H....3....;J....n"a4.b....9.!..N0.u.v.c.w.S*t(...E.K.Py.....Q.ry<..S..

T...=}..}...
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]
D.A..n....e..({...kS.W...m..n..2...%&.......s...-.3..........


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ......D... '.....mr(p.n........]#2....G.2W&.....t.n.". E...].... .oX..{"..GDp..H.U^....S}......r.[....v....S..;J.i.K.k.*..{f.DI<A.k.._.f.3l../.R|.fH......I`...u...! E.&

z......W.e
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]..
L..E?....q&^.....#b....uU..k...............d...M..1.w9.......


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ......Z..j.c.0 *.R.M.S...H....W..4.!..`R ..3..."K...2)..K..54..7I.<.e3j.h.:/.'2.....iC3. ..;
"T.i......O....).d....AE.9.... .p.V...,./........iY]q.<....pY#E.T>.../..}A%....v.=p..}.k
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` ...@....$.../
...&......&..6..H..m..rp...^_...X.6a....Zmnl.S..I... ........


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ......H......."..^.pUU.ZV..ltU.]..L....H:.../...7...M=....."o.......9\./../I(X../...sE.@9. ...t...;#.n...b...=.?.F3.4#.n..c(.W..M..=........2..&oB).?......]..Rc9.c.nV!L....g|. ..."8.
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected] ..'P.
.n...V......!8....I.J..Mz...9!.-;d...Z"....9=....h..1...e....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ......y..5..UP.Cr.m:...G_@..#...jC.C..$ ..c...jF......y..L..y...A.....{...X/.....W_vI..'....b?.h..2.....y".Z..le=.2n-f....=.t.M...0.4K...;.{....Qu..

.R$.W.D.6..k.t..=9Z{.....n...?w.
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` ...@.....#..l
...4d`x...(...uL:..ca.$....O.=...;. .cIm.......3..4{.."......


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` .......... L{S....=."_08..y]F.....2.|.ua.Es<...tX-8.1...vga.x..|U._#....A.e......H..v)....z..wW.....F...S...m&.SpM~....z>. .=y#..8}[email protected]#.....yhWL.<.]N..X...5Z.y..
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` ...@......=..
7..a6..$......V..w..;[email protected]..../.F.]a.......


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` .............".p..}.V8.....T.z.. ......K.).7J..l...M:4&..Q.K_...%._p../.,..T..w...c. ...y&.m....f g.[.wM[s....X.q...
E....$.R..[.P.
........Z......r..m.-J"d.Z.%$.....a..n....q0..2..
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]..
e./G.X...2C...G#..{.pC. ur.4e.5.p..y..k....yLn.*..@..`..?....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` .......fE......\..5{B..`#`-....}.1r w.:.........A\.i.....>8Pl[.b...I.x...rF.....H.M.mWX..c.{....Z....".b./..$..&4..U......Js..i5.tBme..g..z..b....Zon...Z.|.K..L..Z.._c......c|.*.AE..
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected].
.|y..x..."..<V..SL..d%....0.9..`=.Q4.......U......3j.".b....
.


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` .......~Uf....#.a...
....5(......Av..p.P5..W....:..Rk.~...K.f.....C%.l?....(....g.%.>sQ.....g.)..K3WT.RY..R.h..Ad.....S.....kD.=...
|Lp.\Q..4Z..C!.._..4x..\"...g[..I.........{;R....
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` ...@.. .;V.a.
.K..(. a..DK...e"cD..8&a.....b...P.%;tV...[.x1.2.."..$6Xb....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ......x.O...au...A.YBeUI.......f4........_...m.m...i....l........}..9..G.......5.WgX .`..7....Y.n.;...).y..v.Gw..E`....sz......^..Jg.x.'..`v..B....4.xGN.[.R6........a.V.n.a.q0d

..
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]
.......P.Xn.L.].s#....!*...a\6_..... .7.......Z.WG ..-.......


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` .......a.Mh.3}..J0R...:.0...w p.f.T..tqVr7.......m.i..k...b...2..Wo...^#.....2IO.Y&..x..x.ynQ9.w&,.*...)..1..Z.......
k.az......l.....q....MM.3..-.u.K..r...S.......... z.DBJ4X...uf.<
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]#.....
..i.....2.8..y..._o....).4rG..D........L...~./.CPv=[.........


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` .......3.....5. ...c....x..@..._L].Q..}Q.fyzP....x....a..._R...zw...a. [email protected].,..........-..g...v..U".W.8(....v..........&.M...............a.p.-...c3J.skPi.8...bx.#K....8V.....<{..
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]
. ].n.....Av...IM{........].....FeY.z-.T.p_I.....~y.L>8G,...
.


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ......l..G8I%...dXy.".............q.d...P.8...........6....j\.jC.]..D.D^.....Jk....nJ(&b..F.E..........(r..%U..R..8.......KF....=80/y........g...G.ZW.H.i............
..m...<.V. ..r.
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]...
.s._1....Q-6m9r.`T..P.V.}.......5).~.v.............H...M.....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ............D<kvb6f.#..q......z.....%E..... .../.....H|....M$.*P...{.... p.n.2...~..M..f.iI.1X...r.).i.5
Z..a...C.,....WM.|.....=..b....}WL*..<X.r....*..U..W.q6.4.M,./.-...e.P6.?e.s
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` ...@..(..$..?
....:...k.3P.......t?..l..Y.3....].$0...G...7..R..4W..>.....
.


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ........"....*..MO| .-V.Xh...........]..a.<...5.........t}q.Ls.w.....d7m`5s..\.C..8__X.....].. ..5.BK.x.`......W.9..!k#f.P.....&. c..#.H.....:D.......7......b..Y)...b~7....>l..#a..L
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` ...@.."X{|zr]
..]..X.*S[WS.5.....V...0*.V."...%.*.2.y.r......`&...S.t......


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ...........SI'JK/.v.*....51..3...J./.G.Cb..ljk...x...i..s..U.......\G&....q..vb:N.rq.{.>..v..e ..-..I..kJ^....{]N.....1...Ie....G.x..h
.P..$.8..}..*...[..N.y.0[>.coC..C.>{GX.w......
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]. 
AS.....AM.1x..%['.>...`.n.....u.N. .*...@^.y.....L..v.......
.


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

... " 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` .......'.c.].]..~.n..=..U[ ...{w(I.db....*"......Oc.....-..[.o..#.&. ...r.H.r......<c.............x"O..Q..j,....FL..s...P2..^b....Jk....pl.m[...)U..iMk.,..Q.....v.._.L.........<....
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y....... " 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]
..s(.U..1h...*r...Ow..,.=........$_.....-..E.V.......o,.q....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 301

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...!" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ......A'.MX.R.3......M.I.....8.s.&

..wL..0}..#.!.s.T..VH1*{S.&k..A..z..&..*...x%...t.A.....*.#--.G.I8.\gU..c.<.1.e..`.. ....z..82q.p.m...O.E.SL.....Z...k...^/.g.:>.C .m...".
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y.......!" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]....
omOi.v9...8NJ.=..A.\3C.....9G....{Vr._..).......J.......I....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

..."" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ........S..-....C}^d\s..
...1@

.........f...c~..]/..........k......'....f.......I.w.W.u.U*"...i.(.."?...J..
.-.<..'_1.|....v.V ....../gh.Bj.pbbm........TT...Y{...$(]5>.]...$7....n.S
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y......."" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]
Y.t.h.`.0*........U....~.-...~_..*.[...G....j........r".y....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...#" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ........

....C....<.T..`[email protected].*..S,....~.3q[M..s..!..M.`.I*.=..U.2.)b..6..S..Sd~.i.2-i.Ow....z..<i.I........i.6..\3..!..B.....5......?E..l..f.Y...R.~D.Dt..F...
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y.......#" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` ...@..}......
..C...s.'...c.m...Z.1.;._..|..>KR..X]...m..\4.m.&.:....(....
.


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...$" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` .......bZ.e.2..{...t..O.u. }..?.H.i.Jk

M..F..]...........&C...h.rz.....S...f..,......>..:}.'.l..E*=..V.X...KQ.[.-...m....3z0m._@R.....

g
......#9p..H.

..).#...~......;X.........P.
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y.......$" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected];..(.
I...W..2T.......d...j)...I..@.....@?T.$...ZgB{.t. c...0}.....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...%" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` .......|I..`.bh ..(C.H.j...RJp.F...Zn}\..#3T*2T.t...?6...^....8.*.".9...Z.-....r.Q......_Hf.q

W..X.I.T ..Y.M..i..YkW...K.'b....E

[0..#...0iYm....]...B

3......./c.s.U. ......{..~
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y.......%" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]
..H...w...T.R..c.1...&...t...i.>......I2N...L.zc"}.....g ...
.


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 301

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...&" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ......VR....yNG.... ..u#..54C.O.......^. oC.6.D..jc...........U.V1Ry......).....E.f.p...Z$,)k...1..b|.......KH).IU...#i..b.D.^.3%.-..."..Z...g.k..{..7n.].<4..IC....r......H
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197

...y.......&" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` ...@..$*.a...
..e....d.q.kl.....:......?..#....s..L......q:...Qe.j ........

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 301

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...'" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ......[..h.bQIU.@5U..(X..".M"_|..:.....j..Afm.~l..#}0:..'..h...I.b <..N....

>W.-".;o.....b..E.o..

.-=gL.&(.=.4 .8'......j!b>.......;5.....z.v....T.u.....y.....)g.y.p...
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y.......'" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]<..
0.....kM0|..w..V..t*...F].".I...4.....x Bf.........C.kW..J.W...
.


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...(" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ......%`...Q..@...........&g......e'.][email protected]..\..8.BCb.p."w.[.NY... .
......C.(.
.T.91c...Ad.Z.#.....o"..%..<80..

..h.]... .zP`l

.Si.*..y....$.(...%^..t....
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y.......(" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected])u.
...KA...kw......Z,.....&....<.SU.K.d.Q......]V.E............
.


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...)" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` .......)...$..i.9.../.u._.$yq.S .u.'.
..O<..
.y(U\9..
.}\..I35X.....-.:..'xi.%...e.....[...K2..`.....Il#.....u.........A..D b#.........P C.} ..v........y{".3.W '.(....'6...L4!.Kt.t[
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y.......)" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` ...@.....].\,
B.....rs...5..u:.....:~....6'Z.l.."[email protected]........


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...*" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ......U....L\"K.U2...5<...,..a.....p5&%I...W..`...fX.s..Z.hP.<..a.m..(...s.6...1..y-....." ...._..E.....J..Hx.....<....{oh..?y$M<.ul..M.1....l.....;.....CK....7..#.S.
..f..6._.....
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y.......*" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]......
G#...&9....jM.2...].y.u.F.OOv.k*xf...Bxes.|.s.j......q.......


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

... " 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ......p

.z\m..Zi;....U.d......8..W.......c;..>...?....].j...... .W...=7.......|5...f........... ../...z1....H..wL...U..'.x.....
dm ...^..c..fG.....|'.4.m.d.>.(B.<..$...h.v.5/~...db.
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y....... " 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]....
U.6.P3>9l'j.......j.3...{.{.0I..u..Lx..Bz......N6{[email protected]...
.


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...," 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ........

H..sb.q.m..>.V.k..t.)_.v?.4U............ .v..8.Tx.~<........
l8..E...9$.n..=.7..b...qq}..@ 3..41...h...u!....O.ej."*7....$...._.........j.v._.........\..m..(............1|.
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y.......," 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]
..\....."....0..1>$?..CM......w.e.]..u.I..$...`....e3A..f...
.


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...-" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ..........'...2.OF..F...I.p>er].!.wl..i1.....:v.y..<. ..Ev.tS|aO.Y..CdY. .x*..Q...IcL?..........B.o..
[email protected]>6..\......$..)........g`.n.,t.;...j....C\4@..$i...5'..Qx0!...0...].[.
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y.......-" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]...
e5 V...u[..N..Kl.~.....Rp.cS*.).....NJL.w2...$..i.`}.^.\.....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` .......7..
..~...v...D..c......./R..u.......(..0,q.2.....[........>;|..>...l.Q?..u.L....9....t..ih....W.cj...2.....B.J{Ko......z.]

..!......1....$.hW.f)*.!v.,.;..t....&5..~f.T. =..:
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` ...@...[R...9
...'.y{./Lu.e.v.(......G...:..f. ....U.s9.#0.....wRu=.Y......


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

.../" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ......R..U..W3>._..F.^r..:.P._.O{.Q..E.D..W"....Bz,.......G.AT.x..{... Sh.<..6J..*........S..J.....2y.$.$
k

#..=....)K....9*2..%dN.9.l;...(.HB.|).l,......U.t../..P.`. ......._.....
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y......./" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]......
z.[7.{...nH........<G.J.l[.Q.. ..>.0.. ..r.....@n..!.k...
....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...0" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ............;....f.a.'`..Q...0M..n.....aS.....\..^[email protected].....:....G.?.-:z

..;....i.\.R...u.0_Z.[P....`6:$z:Q[u_}...c5F..`....).....>4.4...#...8.O.1..)v...H..I.w.=..M.`:d?..*.
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y.......0" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected].|....
.~.......)..2..W...<.Y./..(T.*\.%/9p/i.Zhl.....Kr(.....G....
.


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...1" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` .....

h"x.D..V...0<../..T.*_...\......N....c....".n_..C...&D..........&5?7(.}....R....M..F.Z.!Q.O..(..#...1.DtI...&.4... .r..T........q. F.....1...X....

....'2...V.x...~......P8.
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y.......1" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]..
.=.c..Au...B...g@.........\....B.....*@..3.....|?:..BxU......


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...2" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ........i..<.....b~.#.([email protected]`..x..L.\......0p.....g...&,?..N......LRpb.......^,..O...<...4......=$S.. [email protected]..:[o.'0. Z.G......]..P..'a..E.}CH. ........v..
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y.......2" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` ...@.....{...
..IbKE..}.Ep..<h.#._.F.$A.V.E...........F.1.7....I.....mL...
.


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...3" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` .......0...,.....mN..|E2..<
.G.....).z..C.W3;.2........(....t.T...I.<...w1.~.y.....1m.....7aQ.OQ;4{..K.:....-....7._.9...5.9b...g/...-....._/....}.3.R.S...K..$....V..._6<v.`...n.;7.
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y.......3" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]
...|K.......f..........,[email protected].... S4......


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...4" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` .......~.P3.*....h<T.z4.64Kra. !..t.........V

..i...A7.[H.>..:m.M.x..J...v.!.r.g#......fyy.X...@.
..T..d...'...nz-.{]7...dS....|.C2..B.

..:K7:R.&..{p.....^y.]._.........N..bA~.._.
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y.......4" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]
2.M.....x4.E.6....Av2...09..x...=Mhk...sN.^Y......6.o........


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...5" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ...................,...P...5.(.g.n.xT..%[email protected]>[.......U.4k.m".G.......2.}\*b.A.S....>z...{....|.....N.=.......`V....V

.......
.).'.j5.B....,.< .8.,...f.....!C......r..aN..S..".
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y.......5" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]\...
.......{)...lq.H.l&...:b\...FJ..~...G....S.*|.0........Y.....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 309

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...6" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ..........Tq..HZE.K}f4f..Z;...Jg...2.....p..........tP.."....[n-.........P.-

.B.... ..8d..^.....E....$.u.. . ..(.r!....^.hK.."<..X~z..HF....?K..b..^.....9.J.'...h...Z.{.B>..6p(.#g.
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 197
...y.......6" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` [email protected]....."
.:H....,.r...\..Z}..w].WW&.<...`8.._.....0..<..........tQ
....


POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 469

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y..

...7" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ...P..?.o.a.....'....2m.P_..z.z..*7n8..bU.._c..2}O...A...\!..T}.../.f...~NR.Je.)....B.9...c2...Q.
q..l

.S.AzZQ.....{]
Q$3....6J..I.h8TU.x~..
...
...c-0yWk...1 O6.......Z..V...;....!.r.... ...I...CQ.....g.s..&.j...A....q/es.3.loa....?...R[.H.$.v..Wuo,.g-G..P.c;.`9|.5..k}l5.....8..yc.C{..P.A.9...> !.s...<I...A..|..{.......}.t2......n2...s.}.
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 245
...y.......7" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` ...p.. ..r.t.
.e.}8.n4.~?....nK#.jA.4..D.5..,[email protected]......,7~wV..E....Q..M....k.....
..Q")...~.#e6{.q..Oh..4...t.p.>..U*....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 165

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ... ..s.1E. ....e.7..#}...P.VD..C.....
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 301
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` .............
F...!N......X.C....m.~......K.....O...A...kO......1g..k..`n.....X3..f.
l...e..p7.....r..w..}..,g7iF...X..{.P.D.`X~f.m...j.....G..7@.&..2EPW..
.k.WH........?.]{^.....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 173

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X...
.....X.."[email protected]` ...(....~.P@._...z....BA..t.S.t@#.h......A.o..
HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 149

...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B
."h...[w.H.[....L".X.........X.."[email protected]` .......Tb..ro
p.%....t.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: applicati
on/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Conte
nt-Length: 149.....y........" 34774fbda3add406d6894c6154e2b3d7(.......
..28j..C.....d.B."h...[w.H.[....L".X.........X.."[email protected].
V` .......Tb..rop.%....t...

GET /client1/common/install/31744421716/BDMZip.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dl1sw.baidu.com

Referer: hXXp://dl1sw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.0 200 OK

Expires: Fri, 24 Oct 2014 07:50:34 GMT

Date: Wed, 24 Sep 2014 07:50:34 GMT

Server: nginx

Content-Type: application/octet-stream

Content-Length: 18154312

Last-Modified: Wed, 24 Sep 2014 07:40:21 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

Age: 32615

Via: 1.0 sdbz30:88 (Cdn Cache Server V2.0), 1.0 shiben13:51020 (Cdn Cache Server V2.0)

Connection: close

Content-Disposition: attachment;filename="BDMZip.dll"

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD

MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.........Z...4N..4N
..4NC.JN..4N..IN..4N..YN..4N..ZN..4N..kN..4N..iN..4N..5Nd.4N..FN..4N..
NN..4N..HN..4N..LN..4NRich..4N........................PE..L....s"T....
.......!..... .......... ".......0............................... ....
...P..................................M............`..................
H#...@...)..@[email protected]........
.......................text............ .................. ..`.rdata..
.....0.......0..............@[email protected]....... ..................@.
...rsrc........`....... ..............@[email protected]....@..............
[email protected]..........................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................

<<< skipped >>>

The Malware connects to the servers at the folowing location(s):

BaiduSdSvc.exe_1600:

.text

`.rdata

@.data

.rsrc

@.reloc

%d.%d.%d

libprotobuf %s %s:%d] %s

..\src\google\protobuf\stubs\common.cc

..\src\google\protobuf\message_lite.cc

CHECK failed: !coded_out.HadError():

..\src\google\protobuf\io\coded_stream.cc

..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc

Content-Length:%d

s.x.baidu.com

c:\clientci\workspace\bdkv_v2.1_fix_compile\avmain_proj\Source\MiniUpdate\thirdparty\google/protobuf/repeated_field.h

c:\clientci\workspace\bdkv_v2.1_fix_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp

.\update.pb.cc

%s:%u

Unsupported Media Type

HTTP Version not supported

HTTP/1.0

HTTP/1.1

1.0.0.1

.\header.pb.cc

%u.%u.%u.%u

addr %s not good...

https

ftpes

ftps

tftp

% ;?:@=&,$/-_!.~*()

System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

%s\Connection

1.0.1.1

%d.%d

d-d-d d:d:d

RegKey

CryptMsgGetParam

CryptMsgClose

CertFindCertificateInStore

CertFreeCertificateContext

CertCloseStore

CertGetNameStringW

CryptCATCatalogInfoFromContext

RootKey

SubKey

IsNative64Key

&#xX;

</%s>

%s="%s"

%s='%s'

<!--%s-->

<![CDATA[%s]]>

version="%s"

encoding="%s"

standalone="%s"

c:\clientci\workspace\bdkv_v2.1_fix_compile\basic\KVOutput\binrelease\BaiduSdSvc.pdb

?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ

BDLogicUtils.dll

BDMFrameWork.dll

SHLWAPI.dll

BDMSkin.dll

GetWindowsDirectoryW

KERNEL32.dll

USER32.dll

RegOpenKeyExW

RegCloseKey

RegCreateKeyExW

ADVAPI32.dll

MSVCP80.dll

PSAPI.DLL

WS2_32.dll

MSVCR80.dll

_amsg_exit

_crt_debugger_hook

USERENV.dll

WTSAPI32.dll

SensApi.dll

HttpSendRequestW

InternetCrackUrlW

HttpOpenRequestW

HttpQueryInfoW

WININET.dll

NETAPI32.dll

SHDeleteKeyW

GetSystemWindowsDirectoryW

RegOpenKeyExA

RegQueryInfoKeyW

RegEnumKeyExW

RegSetKeySecurity

RegNotifyChangeKeyValue

RegGetKeySecurity

RegDeleteKeyW

RegFlushKey

SHELL32.dll

ole32.dll

imagehlp.dll

BaiduSdSvc.exe

.?AV?$CSingleton@VCRtpPluginContainer@@@BDMBase@@

.?AVCRtpPluginContainer@@

.?AV?$CSingleton@VCRTPServer@@@utils@@

.?AVCRTPServer@@

.?AVCBDMOptionsReportRecord@@

.?AVCBDMLauchReportRecord@@

.?AVTSMsg@@

.?AVIBDMMsg@@

.?AVTSMsgMap@@

.?AVITSMsgMap@@

.?AVTSMsgDispatcher@@

.?AVITSMsgDispatcher@@

.?AVTSMsgStub@@

.?AVITSMsgStub@@

.?AVheader@http@bena@@

.?AVrequest@http@bena@@

.?AVresponse@http@bena@@

<assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.4053" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>

<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>

3!3-393]3}3

0#0 172^2

0(0-0F0V0h0}0

8 8$8(8,8084888<8@8|8

1 1$1(1,1014181<1

< <$<(<,<0<4<8<<<

HKEY_LOCAL_MACHINE\Software

HKEY_CURRENT_USER\Software\Classes\CLSID

HKEY_CURRENT_USER\Software\Classes\DirectShow

HKEY_CURRENT_USER\Software\Classes\Interface

HKEY_CURRENT_USER\Software\Classes\Media Type

HKEY_CURRENT_USER\Software\Classes\MediaFoundation

HKEY_CLASSES_ROOT\CLSID

HKEY_CLASSES_ROOT\DirectShow

HKEY_CLASSES_ROOT\Interface

HKEY_CLASSES_ROOT\Media Type

HKEY_CLASSES_ROOT\MediaFoundation

explorer.exe

HKEY_LOCAL_MACHINE\Software\Wow6432Node

HKEY_CURRENT_USER\Software\Wow6432Node\Classes\CLSID

HKEY_CURRENT_USER\Software\Wow6432Node\Classes\DirectShow

HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Interface

HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Media Type

HKEY_CURRENT_USER\Software\Wow6432Node\Classes\MediaFoundation

HKEY_CLASSES_ROOT\Wow6432Node\CLSID

HKEY_CLASSES_ROOT\Wow6432Node\DirectShow

HKEY_CLASSES_ROOT\Wow6432Node\Interface

HKEY_CLASSES_ROOT\Wow6432Node\Media Type

HKEY_CLASSES_ROOT\Wow6432Node\MediaFoundation

\BDConfig.dll

winlogon.exe

SOFTWARE\Microsoft\Windows\CurrentVersion

ntdll.dll

BaiduSdTray.exe

"{0}\{1}" {2}

SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN

EXPLORER.EXE

Global\BDKVMutex{B2F10594-7119-4649-9326-AF1890C5CE56}

Global\BDKVEvent{8C345A9A-F601-405d-AB4A-B459CD5E369E}

Global\TAV_SERVICE_{4A9CAFF9-6834-419c-AFB1-139AC49FF55E}

\\.\pipe\{5EA6312A-0014-4160-AF85-E26361D6281E}

BaiduSd.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduSd

\bdkvrtpplugins\RtpContainerConfig.xml

C:\test.exe

d-d-d d:d:d d

d:d:d

%s(%d)

Last Error : %u(%s)

\BDMAVE.dll

Global\BDKVMutex{32EB1BC7-A5CD-4356-A6B1-54D7BF690CA7}

JoinBaiduCloundPlan

\kernel32.dll

Windows 8.1

Windows 8.0

Windows 7

Windows Vista

Windows 7

Windows Vista

Windows Server 2003,

Windows XP

Windows 2000

Windows NT

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009

Windows 95

Windows 98

Windows ME

BaiduSdUpdate.exe

CX

{X-X-X-XX-XXXXXX}

CD823ABCA-A92F-429d-9E11-3779B5F682AA

BDMUPDATE_{626ADED9-5989-4e97-A482-09AC95C17D47}

BDMUpdate.dll

BDMNet.dll

.bdtmp

.old_

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0

Akernel32.dll

\Global.db

Aiphlpapi.dll

A\\.\PhysicalDrive%d

\\.\Scsi%d:

BHKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

oHKEY_USERS

Wintrust.dll

Crypt32.dll

Software\Microsoft\Windows NT\CurrentVersion\Time Zones\

Software\Microsoft\Windows NT\CurrentVersion\ProfileList\

Software\Microsoft\Windows NT\CurrentVersion\Print\

Software\Microsoft\Windows NT\CurrentVersion\Ports\

Software\Microsoft\Windows NT\CurrentVersion\Perflib\

Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\

Software\Microsoft\Windows NT\CurrentVersion\Language Pack\

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

Software\Microsoft\Windows NT\CurrentVersion\Gre_Initialize\

Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\

Software\Microsoft\Windows NT\CurrentVersion\Fonts\

Software\Microsoft\Windows NT\CurrentVersion\FontMapper\

Software\Microsoft\Windows NT\CurrentVersion\FontLink\

Software\Microsoft\Windows NT\CurrentVersion\FontDpi\

Software\Microsoft\Windows NT\CurrentVersion\Console\

Software\Microsoft\Windows\CurrentVersion\Telephony\Locations\

Software\Microsoft\Windows\CurrentVersion\Setup\

Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\

Software\Microsoft\Windows\CurrentVersion\Policies\

Software\Microsoft\Windows\CurrentVersion\Group Policy\

Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap\

Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\

Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\

Software\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes\

Software\Microsoft\Windows\CurrentVersion\App Paths\

Software\Microsoft\SystemCertificates\

Software\Microsoft\EnterpriseCertificates\

system32\winlogon.exe

D6BE417DD-264A-4678-A036-74D2173ECCEB

2.1.0.2625

BaidusdSvc.exe

BaiduHips.exe_1164:

.text

`.rdata

@.data

.rsrc

@.reloc

t6;)u%Sj

N,SSSh

;9u.SWj

SSSh(hL

asio.misc

asio.misc error

\\.\Pipe\

thread.exit_event

thread.entry_event

exception:%s:%d, unknown exception!

exception:%s:%d, %s

Kernel32.dll

Can't terminate a sub-expression with an alternation operator |.

A regular expression can start with the alternation operator |.

Alternation operators are not allowed inside a DEFINE block.

More than one alternation operator | was encountered inside a conditional expression.

A repetition operator cannot be applied to a zero-width assertion.

Invalid alternation operators within (?...) block.

The \c and \C escape sequences are not supported by POSIX basic regular expressions: try the Perl syntax instead.

Found a closing repetition operator } with no corresponding {.

The repeat operator " " cannot start a regular expression.

The repeat operator "?" cannot start a regular expression.

The repeat operator "*" cannot start a regular expression.

right-curly-bracket

left-curly-bracket

0123456789

Unmatched quantified repeat operator { or \{.

Invalid preceding regular expression prior to repetition operator.

..\src\google\protobuf\message_lite.cc

CHECK failed: !coded_out.HadError():

..\src\google\protobuf\io\coded_stream.cc

%d.%d.%d

libprotobuf %s %s:%d] %s

..\src\google\protobuf\stubs\common.cc

..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc

.\hipsad\Global\CloudControl_AD\ad.pb.cc

CreateReportClient

ReleaseReportClient

.\hipsad\Global\ReportBase\msg.pb.cc

datapkg.FieldsList

datapkg.DataType

xxxxxxxxxxxxxxxx

c:\clientci\workspace\hips_v1.0_fix_forAd_compile\stable_proj\include\thirdInclude\boost/algorithm/hex.hpp

c:\clientci\workspace\hips_v1.0_fix_forAd_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp

{CEA7F4FD-F5F6-4F4D-B7B0-18AD6070B910}

{943569E1-477F-4c1f-9710-A34533FC527B}

bdkvrtpplugins\HIPSClient.dll

{5BD380DD-860B-45CB-83E9-8F3987E9C750}

HipsClient.dll

{FBF8E387-B470-4aaf-9122-B91F3E9BA5B7}

operation

asyncreport

operator

%d.%d.%d.%d

%s\%s

BaiduHips.exe

DriverManager.dll

BaiduHips_CS_{94208c7a-2988-436f-8317-0a7873feb993}

param%d

Error: SetFilePointer, errcode=%d

Error: Malloc buffer, code=%d

Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag

boost thread: trying joining itself

CryptCATCatalogInfoFromContext

WTHelperGetProvCertFromChain

ERROR: %s

%s %s s

decoder doesn't support this archive

ERROR #%d

c:\clientci\workspace\hips_v1.0_fix_forAd_compile\basic\Output\release\BaiduHips.pdb

?Is64BitWindows@CBDMWin64Helper@BDMBase@@QAEHXZ

BDMBase.dll

?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ

BDLogicUtils.dll

BDMTinyXml.dll

?GetWindowsDirectory_DLL@BDMStringUtils@@YA_NPA_WH@Z

BDMStringUtils.dll

GetProcessHeap

CreateIoCompletionPort

CreateNamedPipeA

GetNamedPipeInfo

DisconnectNamedPipe

ConnectNamedPipe

WaitNamedPipeA

SetNamedPipeHandleState

KERNEL32.dll

USER32.dll

RegCloseKey

RegOpenKeyExW

RegCreateKeyExW

RegQueryInfoKeyW

RegDeleteKeyW

RegEnumKeyW

RegOpenKeyW

RegEnumKeyExW

ADVAPI32.dll

SHELL32.dll

MSVCP80.dll

SHLWAPI.dll

MSVCR80.dll

_amsg_exit

_wcmdln

_crt_debugger_hook

PSAPI.DLL

NETAPI32.dll

ImageGetCertificateHeader

imagehlp.dll

CertGetNameStringW

CRYPT32.dll

VERSION.dll

WS2_32.dll

?BDMGetProcessCmdLineAndImgPathW@BDMBase@@YGHKPA_WK0K@Z

?BDMGetWindowsVersion@BDMMisc@@YAHAAKPA_WH@Z

.?AVpipe_acceptor@ipc@baidu@@

.?AV?$service_base@Vstream_handle_service@windows@asio@boost@@@detail@asio@boost@@

.?AV?$typeid_wrapper@Vstream_handle_service@windows@asio@boost@@@detail@asio@boost@@

.?AVstream_handle_service@windows@asio@boost@@

.?AV?$bind_t@XV?$mf4@XVpipe_channel@ipc@baidu@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$function@$$A6AXVerror_code@system@boost@@@Z@boost@@H_J@_mfi@boost@@V?$list5@V?$value@PAVpipe_channel@ipc@baidu@@@_bi@boost@@V?$value@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@23@V?$value@V?$function@$$A6AXVerror_code@system@boost@@@Z@boost@@@23@V?$value@H@23@V?$value@_J@23@@_bi@3@@_bi@boost@@

.?AVpipe_channel@ipc@baidu@@

.?AV?$basic_stream_handle@Vstream_handle_service@windows@asio@boost@@@windows@asio@boost@@

.?AV?$basic_handle@Vstream_handle_service@windows@asio@boost@@@windows@asio@boost@@

.?AV?$basic_io_object@Vstream_handle_service@windows@asio@boost@@@asio@boost@@

.?AVSourceTargetCmdParamFilter@@

.?AVSetWindowsHookFilter@@

.?AV?$sp_counted_impl_p@VSetWindowsHookFilter@@@detail@boost@@

.?AV?$sp_counted_impl_p@VSourceTargetCmdParamFilter@@@detail@boost@@

.?AV?$factory@V?$shared_ptr@VSourceTargetCmdParamFilter@@@boost@@PQnone_helper@detail@2@H$0A@@boost@@

.?AV?$factory@V?$shared_ptr@VSetWindowsHookFilter@@@boost@@PQnone_helper@detail@2@H$0A@@boost@@

.?AVOnSwitchMsg@@

.?AVSwitchMsg@@

.?AVOnSetActionReplyMsg@@

.?AVSetActionReplyMsg@@

.?AVOnGetFileCloudMsg@@

.?AVGetFileCloudMsg@@

.?AVOnGetStatusMsg@@

.?AVGetStatusMsg@@

.?AVOnSetStatusMsg@@

.?AVSetStatusMsg@@

.?AVOnRemoveProductMsg@@

.?AVRemoveProductMsg@@

.?AVOnAddProductMsg@@

.?AVAddProductMsg@@

.?AVProductAckMsgBase@@

.?AVProductMsgBase@@

.?AVOnUnRegisterMsg@@

.?AVUnRegisterMsg@@

.?AVOnRegisterMsg@@

.?AVRegisterMsg@@

.?AVCustomerAckMsgBase@@

.?AVCustomerMsgBase@@

.?AVClientMsgBase@@

.?AVEventNotifyMsg@@

.?AVEventQueryMsg@@

.?AVReportClient@ns_reportbase@ns_global@@

.?AVReportMessageBase@ns_reportbase@ns_global@@

.?AVBaseSynCloudPacket@ns_basecloud@ns_global@@

.?AVBaseCloudPacket@ns_basecloud@ns_global@@

ÿfH

<assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.4053" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>

<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>

2(2.242:2@2

1#2[2|2&383

4 5R5d5

2 2;2_2|2

:':-:3:>:

3(3.343{3

5 5$5(5,505

5$5*565=5

14181<1@1

<)<;<`<}<

; ;$;(;,;

3 323F3K3S3m3

6 6(676~6

8"90999\9

5!5'51575

: :$:(:,:0:4:

; ;$;(;,;0;4;8;|;

2 2$2(2,202

3 3(303<3`3

1 1(101<1`1

3 3(343\3

;$;,;4;@;|;

aac3894f-8186-4845-bbe1-a8a363c8e7ea

0b24b311-6267-4907-8da3-9e58e539a561

BDMReport.dll

xx

smr.dat

BDMNet.dll

BaiduHipsUpdate.exe

\BDConfig.dll

Register Service Main Function Error!ErrorCode=%d

BDHIPS_Mutex_Service_F678C9B0-9A8D-4f66-9108-0DA121F30FBF

)\BDMAVCached.dll

\TrustAndIso.dll

)\BDConfig.dll

\hips_customer.xml

%d.%d

plugins\KVRtp_PluginConfig.xml

plugins\Cooly_PluginConfig.xml

plugins\bdkvrtpplugins\RtpContainerConfig.xml

plugins\LocalPluginInfo.xml

dplugins\GlobalPluginInfo.xml

kernel32.dll

.default

S-%d-%x-%lu-%lu-%lu-%lu-%lu-%lu-%lu-%lu

MSGTYPE

BDHIPS_Mutex_Install_4b2e6131-f986-4081-b993-2b7b20ee910e

InstallCfg.xml

BDHIPS_Mutex_UnInstall_173e33b8-97b4-4b95-bb6a-1e8373862a60

}aac3894f-8186-4845-bbe1-a8a363c8e7ea

f1b029df-912d-47ef-bfb8-788c9c32b777

\hips_self_enc.xml

\BaiduSd.exe

\BaiduAn.exe

BaiduHipsBugRpt.exe

_X64.DLL

SourceTargetCmdParamFilter

SetWindowsHookFilter

FileSignLog.txt

Error: Sign file failed: [%s]

BDMAVEng.dll

\ad.dll

Iwintrust.dll

ntdll.dll

explorer.exe

1.0.0.640

bddownloader.exe_2932:

.text

`.rdata

@.data

.rsrc

8%uvP

;*u.SUj

PSSSSSSh

>.uTV

j SSSSSSSh

aSSSh

FTPjK

FtPj;

C.PjRV

tGHt.Ht&

YYtCP

asio.ssl

asio.misc

D:\dl\boost_1_44_0_build\include\boost/exception/detail/exception_ptr.hpp

asio.misc error

asio.ssl error

dtrp.download.iyuntian.com

res.download.iyuntian.com

tk.download.iyuntian.com

utk.download.iyuntian.com

thread.exit_event

thread.entry_event

%s\Connection

System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

VVV.baidu.com.cn

HTTP/1.1

$MD5Version: 1.0.0 November-19-1997 $

$Id: md5.c,v 1.1.1.1 2004/05/17 13:23:36 rcrittenden0569 Exp $

</%s>

<!--%s-->

standalone="%s"

encoding="%s"

version="%s"

&#xX;

%s='%s'

%s="%s"

PKEY_CUSTOMNAME

PKEY_PRODUCTNAME

PKEY_ISSHOW

PKEY_EXITTIME

PKEY_CUSTOMID

PKEY_START_STATUS

PKEY_GUID

PKEY_MINORVERSION

PKEY_MAJORVERSION

PKEY_COREVERSION

PKEY_EXEVERSION

PKEY_UPDATESERVERPORT

PKEY_UPDATESERVERIP

PKEY_PSHASH

PKEY_PSNAME

PKEY_EXHASH

PKEY_EXNAME

PKEY_TNHASH

PKEY_TNNAME

PKEY_COREHASH

PKEY_CORENAME

PKEY_EXEHASH

PKEY_EXENAME

PKEY_UPDATEURL

PKEY_FILENAME

PKEY_RESULT

up.download.iyuntian.com

PKEY_TTL

PKEY_ISFIX

PKEY_VERSION

PKEY_FILEEMULE_HASH

PKEY_FILEEMULE_SIZE

PKEY_FILEEMULE_NAME

PKEY_FILEBT_HASH

PKEY_FILEBT_SIZE

PKEY_FILEBT_NAME

PKEY_FILECORE_HASH

PKEY_FILECORE_SIZE

PKEY_FILECORE_NAME

PKEY_URL

PKEY_PERIOD

kernel32.dll

.mixcrt

KERNEL32.DLL

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

mscoree.dll

GetProcessWindowStation

USER32.DLL

operator

portuguese-brazilian

FhModule = %u, pfunc = %u

DbgHelp.dll

crash.dmp

0xX

DlBugReport.ini

DlBugReport.dat

%Y-%m-%d %H:%M:%S

%d.%d.%d.%d

,d-d-d d:d:d

[ 0xX ] %s [%s]

Error: Write address 0xX

Error: Read address 0xX

version = %s

%s-----------------------------------

Type: %s

Address: 0xX

bddownloader.exe

EXCEPTION_FLT_INVALID_OPERATION

EXCEPTION_FLT_DENORMAL_OPERAND

(%d,%d,%d,%d)

0xX<unknown module>:

%s::x;

0xX[%X] %s:

%s::x

Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag

Visual C   CRT: Not enough memory to complete call to strerror.

Broken pipe

Inappropriate I/O control operation

Operation not permitted

d:\dl\DownloadProxy_proj\Output\Release\bddownloader.pdb

GetProcessHeap

CreateIoCompletionPort

GetCPInfo

GetConsoleOutputCP

KERNEL32.dll

USER32.dll

GDI32.dll

RegDeleteKeyW

RegCloseKey

RegCreateKeyExW

RegOpenKeyExW

RegQueryInfoKeyW

RegEnumKeyExW

RegOpenKeyW

RegOpenKeyExA

ADVAPI32.dll

ShellExecuteW

SHELL32.dll

ole32.dll

OLEAUT32.dll

SHLWAPI.dll

COMCTL32.dll

WS2_32.dll

VERSION.dll

NetWkstaTransportEnum

NETAPI32.dll

PSAPI.DLL

imagehlp.dll

zcÁ

'DownloadProxy.EXE'

BDDownloadProxy.Downloader.1 = s 'Downloader Class'

CLSID = s '{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}'

BDDownloadProxy.Downloader = s 'Downloader Class'

CurVer = s 'BDDownloadProxy.Downloader.1'

ForceRemove {91B5E4DE-4C97-41CD-9F94-84BFAABB7371} = s 'Downloader Class'

ProgID = s 'BDDownloadProxy.Downloader.1'

VersionIndependentProgID = s 'BDDownloadProxy.Downloader'

'TypeLib' = s '{DA624F8F-98BF-4B03-AD11-A12D07119E81}'

stdole2.tlbWWW

cuiMsgTypeWWW

pMsgParamWWWd

6|pTaskUrl

Created by MIDL version 6.00.0366 at Thu May 22 14:49:00 2014

&UU*&&&&&&&&*UU(%%%%%%%%(UU)%%%%%%%%)UU.$$$$$$$$.UU1''''''''1UU

"7,,11,,7"

2222222222222222

11///20.

##!!! !!!##

.02///11

mM............................................................Mm

mM..........................................Mm

(((((((JgT..TgJ(((((((

<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

bdpunchproxy.dll

bddownload_config.xml

dl.dll

\bddownloader.exe

{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}

CLSID\%s\LocalServer32

{%X-%X-%X-%X-%X%X}

B.tlb

Mscoree.dll

BDDownloadProxy.Downloader.1

\Installlog.txt

\bdcomproxy.dll

\7z.dll

\bdpunchproxy.dll

\dl.dll

regsvr32.exe

Kernel32.dll

7z.dll

C\StringFileInfo\xx\

netsh.exe

\\.\PhysicalDrive%d

\\.\Scsi%d:

oiphlpapi.dll

\Global.db

PBDD_Temp_Exe

%*.*f

: %s/s

%s: %s

\TDConfig.ini

H\set.log

%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe

(1-10240)

1.0.108.0

BaiduProtect.exe_2980:

.text

`.rdata

@.data

.rsrc

@.reloc

RSShPeW

;9u.SWj

8.uwS

n<.ut

<0%u7

|$0)|$,3

,4,56,789

WSSh|,W

..\src\google\protobuf\message_lite.cc

CHECK failed: !coded_out.HadError():

%d.%d.%d

libprotobuf %s %s:%d] %s

..\src\google\protobuf\stubs\common.cc

CHECK failed: (from.GetDescriptor()) == (descriptor):

..\src\google\protobuf\message.cc

: Tried to copy from a message with a different type.to:

..\src\google\protobuf\io\coded_stream.cc

..\src\google\protobuf\generated_message_reflection.cc

..\src\google\protobuf\wire_format.cc

..\src\google\protobuf\reflection_ops.cc

..\src\google\protobuf\descriptor.cc

". To use it here, please add the necessary import.

", which is not imported by "

$0$1 = $2

$0$1 $2 $3 = $4

.PLACEHOLDER_VALUE

.placeholder.proto

map key must name a scalar or string field.

map_key must not name a repeated field.

CHECK failed: dynamic.get() != NULL:

.foo = value".

.dummy

FieldDescriptorProto.extendee set for non-extension field.

FieldDescriptorProto.extendee not set for extension field.

Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "

CHECK failed: !out.HadError():

" is repeated. Repeated options are not supported.

Import "

Missing field: FileDescriptorProto.name.

File recursively imports itself:

..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc

\xx

..\src\google\protobuf\stubs\strutil.cc

..\src\google\protobuf\extension_set.cc

CHECK failed: iter != extensions_.end():

..\src\google\protobuf\extension_set_heavy.cc

..\src\google\protobuf\descriptor.pb.cc

google/protobuf/descriptor.proto

google/protobuf/descriptor.proto

google.protobuf"G

2$.google.protobuf.FileDescriptorProto"

2 .google.protobuf.DescriptorProto

2$.google.protobuf.EnumDescriptorProto

2'.google.protobuf.ServiceDescriptorProto

2%.google.protobuf.FieldDescriptorProto

.google.protobuf.FileOptions

.google.protobuf.SourceCodeInfo"

2/.google.protobuf.DescriptorProto.ExtensionRange

.google.protobuf.MessageOptions

2 .google.protobuf.FieldDescriptorProto.Label

2*.google.protobuf.FieldDescriptorProto.Type

.google.protobuf.FieldOptions"

2).google.protobuf.EnumValueDescriptorProto

.google.protobuf.EnumOptions"l

2!.google.protobuf.EnumValueOptions"

2&.google.protobuf.MethodDescriptorProto

.google.protobuf.ServiceOptions"

.google.protobuf.MethodOptions"

2).google.protobuf.FileOptions.OptimizeMode:

2$.google.protobuf.UninterpretedOption":

2$.google.protobuf.UninterpretedOption*

2#.google.protobuf.FieldOptions.CType:

experimental_map_key

2$.google.protobuf.UninterpretedOption"/

2-.google.protobuf.UninterpretedOption.NamePart

2(.google.protobuf.SourceCodeInfo.Location

com.google.protobufB

Tokenizer::ParseInteger() passed text that could not have been tokenized as an integer:

..\src\google\protobuf\io\tokenizer.cc

Tokenizer::ParseFloat() passed text that could not have been tokenized as a float:

Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:

..\src\google\protobuf\stubs\substitute.cc

..\src\google\protobuf\dynamic_message.cc

..\src\google\protobuf\text_format.cc

..\src\google\protobuf\descriptor_database.cc

Invalid file descriptor data passed to EncodedDescriptorDatabase::Add().

Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag

<!--%s-->

&#xX;

</%s>

%s='%s'

%s="%s"

<![CDATA[%s]]>

standalone="%s"

encoding="%s"

version="%s"

F3.7.16

SQLite format 3

CREATE TABLE sqlite_master(

sql text

CREATE TEMP TABLE sqlite_temp_master(

REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY

inflate 1.2.5 Copyright 1995-2010 Mark Adler

deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler

1.2.5

.\RTPServer.cpp

CRTPServer Run start

CRTPServer Run stop

CRTPServer StartSystemModules Finish

.\RegHelper.cpp

.\ProxyLogicMgr.cpp

Str = %s

CustomID = %s

d:\jenkins\workspace\bdsg_trunk_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp

RTP HandleHeartbeat. CommandType = %d

.\HeartbeatObserver.cpp

Data = %s

.\BDSGCoreSvr.cpp

asio.misc

asio.misc error

iLen length : %d

%d.%d.%d.%d

{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}

.\BDMConfig\BDMConfig.cpp

config_service.proto

.\BDMConfig\Protocol\config_service.pb.cc

config_service.proto"(

cmd_list

.ConfigItem"@

.ResultSet

.\BDMConfig\CompoundDoc\CompoundDoc.cpp

.\PluginMgr\SafeBrowser.cpp

.\PluginMgr\PluginContainerImp.cpp

supportsys

.\PluginMgr\PluginMgr.cpp

ipcmsg

winmsg

CKVStorage::GetValue, Data Folder not Exist : %s

.\PluginMgr\KVStorage.cpp

create table IF NOT EXISTS kvs (key TEXT, value TEXT, primary key(key))

select value from kvs where key=?

CKVStorage::GetValue, Sqlite3 Exec Error: %s

replace into kvs(key,value) values (?,?)

boost thread: trying joining itself

bdmlog%dddddd_%d.log

(%d) d:d:d.d %s %s_%s: %s

.\SGPluginMgr.cpp

.\RTPDynPluginContainer.cpp

thread.entry_event

thread.exit_event

[CDynPluginCloudCtrl::Start]recv data : %s

.\DynPluginCloudCtrl.cpp

[CDynPluginCloudCtrl::CheckMD5]Check MD5, file MD5 : %s, MD5 msg : %s

.\DynPluginContainerImp.cpp

7z.dll

.\DynPluginCloudScan.cpp

.\CheckHelper.cpp

,iType:%d, strPath:%s, strFileName:%s

,iType:%d, strValue:%s

mainkey

subkey

keyname

,iType:%d, strMainKey:%s, strSubKey:%s, strKeyName:%s

,iType:%d, strMainKey:%s, strSubKey:%s, strKeyName:%s, strFileName:%s

,iType:%d, strMainKey:%s, strSubKey:%s, strKeyName:%s, strVersion:%s, strFileName:%s

main_key

sub_key

key_name

,iType:%d, version=%s

d:\jenkins\workspace\bdsg_trunk_compile\safeguard_client_proj\source\checksystem\CheckItemBase.h

.\BDSGInstall.cpp

GetBDMInstallReportRecord

GetBDMUnInstallReportRecord

.\BDSGInstallConfig.cpp

[CBDSGInstallConfig::CheckMD5]Check MD5, file MD5 : %s, MD5 msg : %s

.\updatemgr.cpp

[CUpdateMgr::Start]recv data : %s

bddownloader.exe

[CUpdateMgr::DoResponse]ParseBDSGInstallCmd success : %s

[CUpdateMgr::DoResponse]ParseBDSGInstallCmd fail : %s

.\NetRequestHelper.cpp

[CNetRequestHelper::CNetRequestHelper]strVer=%s, iSoftID=%d, iSupplyID=%d

.\Downloader.cpp

1.0.0.1

.\GlobalConfigMgr.cpp

.\DownloadComCheck.cpp

.\ProtobufDef\zeus.pb.cpp

sw.zeus.ExtendedInfo

sw.zeus.KeyVersion

sw.zeus.BasicInfo

sw.zeus.SubRequest

sw.zeus.CCRequest

sw.zeus.KeyValue

sw.zeus.FileItem

sw.zeus.FileGroup

sw.zeus.KVConfig

sw.zeus.Action

sw.zeus.ActionMap

sw.zeus.NetInfo

sw.zeus.CCResponse

sw.zeus.HBRequest

sw.zeus.HBResponse

1.0.1.1

%d.%d

d-d-d d:d:d

RegKey

large file support is disabled

unknown operation

SQL logic error or missing database

foreign_keys

sqlite_compileoption_get

sqlite_compileoption_used

sqlite_log

sqlite_source_id

sqlite_version

sqlite_attach

sqlite_detach

sqlite_stat1

sqlite_rename_parent

sqlite_rename_trigger

sqlite_rename_table

GetProcessHeap

RowKey

SQLITE_

d:d:d

d-d-d

failed to allocate %u bytes of memory

failed memory resize %u to %u bytes

922337203685477580

API call with %s database connection pointer

OsError 0x%x (%u)

os_win.c:%d: (%d) %s(%s) - %s

delayed %dms for lock/sharing conflict

%s-shm

%s\etilqs_

%s\%s

Recovered %d frames from WAL file %s

cannot limit WAL size: %s

invalid page number %d

2nd reference to page %d

Failed to read ptrmap key=%d

Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)

%d of %d pages missing from overflow list starting at %d

failed to get page %d

freelist leaf count too big on page %d

Page %d:

unable to get the page. error code=%d

btreeInitPage() returns error code %d

On tree page %d cell %d:

On page %d at right child:

Corruption detected in cell %d on page %d

Multiple uses for byte %d of page %d

Fragmentation of %d bytes reported as %d on page %d

Page %d is never used

Pointer map page %d is referenced

Outstanding page count goes from %d to %d during this analysis

unknown database %s

keyinfo(%d

%s(%d)

%s-mjXXXXXX9XXz

MJ delete: %s

MJ collide: %s

-mjX9X

foreign key constraint failed

unable to use function %s in the requested context

bind on a busy prepared statement: [%s]

zeroblob(%d)

abort at %d in [%s]: %s

constraint failed at %d in [%s]

cannot open savepoint - SQL statements in progress

no such savepoint: %s

cannot release savepoint - SQL statements in progress

cannot commit transaction - SQL statements in progress

sqlite_temp_master

sqlite_master

SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid

cannot change %s wal mode from within a transaction

database table is locked: %s

statement aborts at %d: [%s] %s

cannot open value of type %s

cannot open virtual table: %s

cannot open view: %s

no such column: "%s"

foreign key

indexed

cannot open %s column for writing

misuse of aliased aggregate %s

%s: %s.%s.%s

%s: %s.%s

%s: %s

not authorized to use function: %s

%r %s BY term out of range - should be between 1 and %d

too many terms in %s BY clause

Expression tree is too large (maximum depth %d)

variable number must be between ?1 and ?%d

too many SQL variables

too many columns in %s

EXECUTE %s%s SUBQUERY %d

misuse of aggregate: %s()

%.*s"%w"%s

%s%.*s"%w"

%s OR name=%Q

type='trigger' AND (%s)

sqlite_

table %s may not be altered

there is already another table or index with this name: %s

view %s may not be altered

UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;

UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');

sqlite_sequence

UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q

UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;

Cannot add a PRIMARY KEY column

UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q

sqlite_altertab_%s

CREATE TABLE %Q.%s(%s)

DELETE FROM %Q.%s WHERE %s=%Q

SELECT tbl,idx,stat FROM %Q.sqlite_stat1

invalid name: "%s"

too many attached databases - max %d

database %s is already in use

Invalid key value

unable to open database: %s

no such database: %s

cannot detach database %s

database %s is locked

%s %T cannot reference objects in database %s

access to %s.%s.%s is prohibited

access to %s.%s is prohibited

object name reserved for internal use: %s

there is already an index named %s

too many columns on %s

duplicate column name: %s

default value of column [%s] is not constant

table "%s" has more than one primary key

AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY

CREATE %s %.*s

UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d

CREATE TABLE %Q.sqlite_sequence(name,seq)

view %s is circularly defined

UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d

sqlite_stat%d

DELETE FROM %Q.sqlite_sequence WHERE name=%Q

DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'

sqlite_stat

table %s may not be dropped

use DROP TABLE to delete table %s

use DROP VIEW to delete view %s

foreign key on %s should reference only one column of table %T

number of columns in foreign key does not match the number of columns in the referenced table

unknown column "%s" in foreign key definition

indexed columns are not unique

table %s may not be indexed

views may not be indexed

virtual tables may not be indexed

there is already a table named %s

index %s already exists

sqlite_autoindex_%s_%d

table %s has no column named %s

CREATE%s INDEX %.*s

INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);

no such index: %S

index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped

DELETE FROM %Q.%s WHERE name=%Q AND type='index'

a JOIN clause is required before %s

unable to identify the object to be reindexed

no such collation sequence: %s

table %s may not be modified

cannot modify %s because it is a view

foreign key mismatch - "%w" referencing "%w"

table %S has %d columns but %d values were supplied

%d values for %d columns

table %S has no column named %s

%s.%s may not be NULL

constraint %s failed

PRIMARY KEY must be unique

sqlite3_extension_init

unable to open shared library [%s]

no entry point [%s] in shared library [%s]

error during initialization: %s

automatic extension loading failed: %s

foreign_key_list

foreign_key_check

*** in database %s ***

unsupported encoding: %s

rekey

hexkey

hexrekey

malformed database schema (%s)

%s - %s

unsupported file format

SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid

database schema is locked: %s

unknown or unsupported join type: %T %T%s%T

RIGHT and FULL OUTER JOINs are not currently supported

a NATURAL join may not have an ON or USING clause

cannot have both ON and USING clauses in the same join

cannot join using column %s - column not present in both tables

USE TEMP B-TREE FOR %s

COMPOUND SUBQUERIES %d AND %d %s(%s)

%s.%s

%s:%d

ORDER BY clause should come after %s not before

LIMIT clause should come after %s not before

SELECTs to the left and right of %s do not have the same number of result columns

no such index: %s

sqlite_subquery_%p_

too many references to "%s": max 65535

%s.%s.%s

no such table: %s

SCAN TABLE %s %s%s(~%d rows)

sqlite3_get_table() called with two or more incompatible queries

cannot create %s trigger on view: %S

cannot create INSTEAD OF trigger on table: %S

INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')

no such trigger: %S

-- TRIGGER %s

no such column: %s

cannot VACUUM - SQL statements in progress

PRAGMA vacuum_db.synchronous=OFF

SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0

SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'

SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0

SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';

INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)

UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d

vtable constructor failed: %s

vtable constructor did not declare schema: %s

no such module: %s

table %s: xBestIndex returned an invalid plan

%s SUBQUERY %d

%s TABLE %s

%s AS %s

%s USING %s%sINDEX%s%s%s

%s USING INTEGER PRIMARY KEY

%s (rowid=?)

%s (rowid>? AND rowid<?)

%s (rowid>?)

%s (rowid<?)

%s VIRTUAL TABLE INDEX %d:%s

%s (~%lld rows)

at most %d tables in a join

cannot use index: %s

the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers

the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers

unknown database: %s

no such %s mode: %s

%s mode not allowed: %s

no such vfs: %s

database corruption at line %d of [%.10s]

misuse at line %d of [%.10s]

cannot open file at line %d of [%.10s]

xxxxxxxxxxxxxxxx

RootKey

SubKey

IsNative64Key

CryptMsgGetParam

CryptMsgClose

CertFindCertificateInStore

CertFreeCertificateContext

CertCloseStore

CertGetNameStringW

CryptCATCatalogInfoFromContext

d:\jenkins\workspace\bdsg_trunk_compile\basic\Output\BinRelease\BaiduProtect.pdb

?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ

BDLogicUtils.dll

SetProcessShutdownParameters

GetWindowsDirectoryW

CreateIoCompletionPort

SetNamedPipeHandleState

WaitNamedPipeW

ConnectNamedPipe

CreateNamedPipeW

GetCPInfo

KERNEL32.dll

USER32.dll

RegCloseKey

RegCreateKeyExW

RegOpenKeyExW

RegOpenKeyW

ADVAPI32.dll

ShellExecuteW

SHELL32.dll

ole32.dll

OLEAUT32.dll

MSVCP80.dll

PSAPI.DLL

WS2_32.dll

SHLWAPI.dll

MSVCR80.dll

_amsg_exit

_crt_debugger_hook

USERENV.dll

WTSAPI32.dll

SensApi.dll

VERSION.dll

GetSystemWindowsDirectoryW

RegEnumKeyExW

RegSetKeySecurity

RegQueryInfoKeyW

RegEnumKeyW

RegNotifyChangeKeyValue

RegGetKeySecurity

RegDeleteKeyW

RegFlushKey

ShellExecuteExW

SHDeleteKeyW

imagehlp.dll

BaiduProtect.exe

.?AV?$CSingleton@VCRtpPluginContainer@@$00@BDMBase@@

.?AVCRtpPluginContainer@@

.?AVCBDMOptionsReportRecord@@

.?AVCBDMLauchReportRecord@@

.?AVIReportHelper@@

.?AV?$sp_counted_impl_p@Vsqlite3_connection@BDMDatabase@@@detail@boost@@

.?AUIPluginMsgBus@@

.?AV?$CSingleton@VCPluginMsgBus@@$00@BDMBase@@

.?AVCPluginMsgBus@@

.?AVPipeServer@IPC@@

.?AVCIpcPipeServer@IPC@@

.PA_W

.?AVWorkerThread@PipeServer@IPC@@

.?AVCPluginMsg@@

.?AVTSMsg@@

.?AVIBDMMsg@@

.?AVTSMsgDispatcher@@

.?AVITSMsgDispatcher@@

.?AVTSMsgMap@@

.?AVITSMsgMap@@

.?AVTSMsgStub@@

.?AVITSMsgStub@@

.?AV?$CSingleton@VCRtpDynPluginContainer@@$00@BDMBase@@

.?AVCRtpDynPluginContainer@@

.?AUICryptoGetTextPassword@@

.?AVKeyValue@zeus@sw@@

.?AVKeyVersion@zeus@sw@@

<assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.4053" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>

<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>

71787_7{7

7(828=8}8

8#9=9`9}9

6$7(7,70747

4$4)4[4`4

2,2U2

; ;$;(;,;0;4;8;<;

4P5c5v5

5`6c6v6

6p7c7v7

?'?-?3?9?

7%7 7074787<7

9 9,92979=9

? ?$?(?,?

2,2d2|2

9”9C9J9i9n9

6 6*626:6

9œ9

515=5_607

6$707>7|7

8,9094989<9

-0R0s0}0

< <%</<<<]<

8%8U8

=->3>@>}>

5"5'51565@5

< =$=(=,=0=4=

8$888@8`8

<,<8<\<|<

8,888@8\8

@01234567

888816666554443

6666554443

!6666554443

HKEY_LOCAL_MACHINE\Software

HKEY_CURRENT_USER\Software\Classes\CLSID

HKEY_CURRENT_USER\Software\Classes\DirectShow

HKEY_CURRENT_USER\Software\Classes\Interface

HKEY_CURRENT_USER\Software\Classes\Media Type

HKEY_CURRENT_USER\Software\Classes\MediaFoundation

HKEY_CLASSES_ROOT\CLSID

HKEY_CLASSES_ROOT\DirectShow

HKEY_CLASSES_ROOT\Interface

HKEY_CLASSES_ROOT\Media Type

HKEY_CLASSES_ROOT\MediaFoundation

HKEY_LOCAL_MACHINE\Software\Wow6432Node

HKEY_CURRENT_USER\Software\Wow6432Node\Classes\CLSID

HKEY_CURRENT_USER\Software\Wow6432Node\Classes\DirectShow

HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Interface

HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Media Type

HKEY_CURRENT_USER\Software\Wow6432Node\Classes\MediaFoundation

HKEY_CLASSES_ROOT\Wow6432Node\CLSID

HKEY_CLASSES_ROOT\Wow6432Node\DirectShow

HKEY_CLASSES_ROOT\Wow6432Node\Interface

HKEY_CLASSES_ROOT\Wow6432Node\Media Type

HKEY_CLASSES_ROOT\Wow6432Node\MediaFoundation

explorer.exe

Advapi32.dll

winlogon.exe

SOFTWARE\Microsoft\Windows\CurrentVersion

ntdll.dll

BDSGTray.exe

"{0}\{1}" {2}

SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN

EXPLORER.EXE

BDSG.exe

BDSGUpdate.exe

BDSGBugRpt.exe

pGlobal\BDSGMutex{4DDC7CE5-B8F6-4D54-8F3C-AE1BBC251CA6}

Global\BDSGEvent{FED312EE-4C82-4B56-B88F-C3051E50B619}

BDMNet.dll

pGlobal\TBD_SERVICE_{4A9CAFF9-6834-419c-AFB1-139AC49FF55E}

pGlobal\BDSGEvent{FED312EE-4C82-4B56-B88F-C3051E50B619}

Global\BDSGMutex{4DDC7CE5-B8F6-4D54-8F3C-AE1BBC251CA6}

\\.\pipe\{2BDE5E3F-7442-42AE-A1BB-FE3F35210C96}

HKEY_LOCAL_MACHINE\SOFTWARE\baidu\BaiduProtect

\BDSGRtp_ContainerConfig.xml

{943569E1-477F-4C1F-9710-A34533FC527B}

BDKitUtils.dll

CRegHelper::SetValue, hRootKey=%x, strSubKey=%s

pCRegHelper::RegOpenKey %x, %s: NULL == m_pSysKit

CRegHelper::RegSetValue %x, %s, %s: NULL == m_pSysKit

CRegHelper::RegSetValue: RegCreateKeyExWByPass %x, %s, %s: return %d, GetLastError=%d

CRegHelper::RegSetValue: RegSetValueExWByPass %x, %s, %s, %d: return %d, GetLastError=%d

CRegHelper::RegSetValue: RegSetValueExWByPass %x, %s, %s, %s: return %d, GetLastError=%d

CProxyLogicMgr::ProcessHipsEvents, Customid=%d NotifyID = %d SrcFileName = %s

pCProxyLogicMgr::ProcessHipsGetStatus, Customid=%d StatusListSize = %d

pCProxyLogicMgr::ProcessHipsGetCustomID. Size = %d

pCProxyLogicMgr::ProcessHipsGetCustomID. ID = %d

CProxyLogicMgr::ProcessHipsGetStatus, Customid=%d StatusListSize = %d

pCProxyLogicMgr::ProcessHipsProductRemoveEmpty. Begin to UnInstall

uninst.exe"

pCProxyLogicMgr::ProcessProxyRegisterCmd. CustomID = %d

CProxyLogicMgr::ProcessProxyUnRegisterCmd. CustomID = %d

pCProxyLogicMgr::ProcessProxySetStatusCmd. CustomID = %d vItemStatusList.size = %d

pCProxyLogicMgr::ProcessProxyGetStatusCmd. CustomID = %d

pCProxyLogicMgr::ProcessProxyServiceProbeCmd. CustomID = %d

CProxyLogicMgr::ProcessProxyGetFileCloudStatusCmd. CustomID = %d vFileCloudItemStatusList.size = %d

pCProxyLogicMgr::ProcessProxyRegSetValueCmd. CustomID = %d wszSubKeyName = %s

CProxyLogicMgr::ProcessProxySetActionReplyCmd. CustomID = %d m_dwMsgIndex = %d

pCProxyLogicMgr::ProcessProxySetAdStatusCmd. CustomID = %d vAdItemStatusList.size = %d

pCProxyLogicMgr::ProcessProxyGetAdStatusCmd. CustomID = %d

pCProxyLogicMgr::ProcessProxyGetInstalledBrowserCmd. CustomID = %d

pCProxyLogicMgr::ProcessProxyLockDefaultBrowserCmd. CustomID = %d BrowserID = %d

Lock Default Browser Result = %d BrowserID = %d

pCProxyLogicMgr::ProcessProxyLockIEMainPageCmd. CustomID = %d

Lock IE MainPage Result = %d

pCProxyLogicMgr::ProcessProxyUnlockDefaultBrowserCmd. CustomID = %d

Unlock Default Browser Result = %d

pCProxyLogicMgr::ProcessProxyUnlockIEMainPageCmd. CustomID = %d

Unlock IE MainPage Result = %d

pCProxyLogicMgr::ProcessProxyRegSetValueExCmd. CustomID = %d, ListSize = %d

CProxyLogicMgr::ProcessProxyLockBDClientByBDBrowserCmd. CustomID = %d

pLock BDClient Result = %d

pCProxyLogicMgr::ProcessProxyUnLockBDClientByBDBrowserCmd. CustomID = %d

pUnlock BDClient Result = %d

pCProxyLogicMgr::ProcessProxyGetLockedDefaultBrowserCmd. CustomID = %d

pBrowserID = %d

pCProxyLogicMgr::ProcessHeartbeatData. CmdType = %d

CProxyLogicMgr::ProcessHeartbeatData HB_CMD_BDSG_UPDATE

pCProxyLogicMgr::ProcessHeartbeatData HB_CMD_BDSG_UPDATE SET pHIPS SUCCESS!! dwFlags = %d

CProxyLogicMgr::ProcessHeartbeatData HB_CMD_BDSG_BINCONFIG

vIntCustomID.size = %d

pvDWCustomID is empty, update all products. vIntCustomID.size = %d

pCProxyLogicMgr::ProcessHeartbeatData HB_CMD_BDSG_DYNPLUGIN

BDSGRtpDyn_ContainerConfig.xml

CProxyLogicMgr::ProcessHeartbeatData HB_CMD_BDSG_DYNPLUGIN Init

p.log

C:\test.exe

d-d-d d:d:d d

Last Error : %u(%s)

04CBB498-153C-4DED-BBA4-B1AA14FDBCE2

\ad.dll

plugins\HIPS.dll

Global\BDSGMutex{B492DF06-1331-4FFD-83ED-E31FDDBD8C80}

kernel32.dll

@\kernel32.dll

Windows 8

Windows 7

Windows Vista

Windows 7

Windows Vista

Windows Server 2003,

Windows XP

Windows 2000

Windows NT

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009

Windows 95

Windows 98

Windows ME

Kernel32.dll

%u.%u.%u.%u

Global\{74B41C93-AC9A-4a9e-85E0-27A02EA509FA}

p---COMPOUDDOC---pStream->Stat error %x

---COMPOUDDOC---pStream->Write error %x

---COMPOUDDOC---pStream->SetSize error %x

SafeBrowserDll.dll

pCSafeBrowser::CSafeBrowser, LoadLibrary Failed, GetLastError = %d

CSafeBrowser::Start, return %d

CSafeBrowser::Stop, return %d

CSafeBrowser::Lock, return %d

CSafeBrowser::Lock, Browser %d Not Exists

CSafeBrowser::Unlock, return %d

\safebrowser.xml

row=%d,col=%d

CSafeBrowser::LockBaiduProductByBaiduBrowser, funLockBaiduProductByBaiduBrowser return %d

CSafeBrowser::UnlockBaiduProductByBaiduBrowser, funCancelBaiduProduct return %d

CSafeBrowser::Report, pJson=%s, nCount=%d

CSafeBrowserUnload::CSafeBrowserUnload, LoadLibrary Failed, GetLastError = %d

CSafeBrowserUnload::Unload, return %d

\\.\pipe\{0F98C369-2D5B-4445-8D05-42E727DEA4D5}

ApluginConfig.xml

RX

{X-X-X-XX-XXXXXX}

kv.db

0 is an invalid value for completionKey

SendLoopbackMessage FAILED, MSGID:{0}, Reason: Service disabled

PostLoopbackMessage FAILED, MSGID:{0}, Reason: Service disabled

PostLoopbackMessage FAILED, MSGID:{0}

/{0}/{1}/{2}

SendIpcMessage Begin, MSGID:{0}, TARGET:{1}

SendIpcMessage FAILED, MSGID:{0}, TARGET:{1}, Reason: Service disabled

PostIpcMessage FAILED, MSGID:{0}, TARGET:{1}, Reason: Service disabled

ForwardMessage - Forward Message, MsgId:{0}, FROM:/{1}/{2}/{3} TO {4}

ForwardMessage - Forward Message Failed, MsgId:{0}, FROM:/{1}/{2}/{3} TO {4}

/%d/%d/%d

ACreateNamedPipe

PipeServer::Run() - ConnectNamedPipe:

PipeServer::CreateListeningPipe Start Listen

PipeServer::Run() - GetOverlappedResult:

PipeServer::Run() - WaitForMultipleObjects:

PipeServer::Run() - Exception:

PipeServer::Run() - Unexpected exception

PipeServer::ReleaseTunnel()

PipeServer::WorkerThread::WriteCompleted - Tunnel write where not all data was written

PipeServer::Tunnel::Tunnel()

PipeServer::WorkerThread::Run() - Exception:

PipeServer::WorkerThread::Run() - Unexpected exception

PipeServer::WorkerThread::Run() - Unexpected operation

PipeServer::WorkerThread::Run() - Unexpected - pBuffer is 0

CIOCompletionPort::CIOCompletionPort() - CreateIoCompletionPort

CIOCompletionPort::AssociateDevice() - CreateIoCompletionPort

CIOCompletionPort::PostStatus() - PostQueuedCompletionStatus

CIOCompletionPort::GetStatus() - GetQueuedCompletionStatus

Global\{17ED6DA0-0902-461c-B763-F00FF209066B}

Global\{FA6FBBB1-8C8E-43b1-B8EC-35573A94C231}

D823ABCA-A92F-429d-9E11-3779B5F682AA

Q_PluginConfig.xml

[CRtpDynPluginContainer::SetALLPluginsState]StartExtract Fail, m_szPluginDir: %s, strFileName: %s, errorcode: %d

p[CRtpDynPluginContainer::SetALLPluginsState]DYN_PLUGIN_MSG_INSTALL %s, errorcode: %d

[CRtpDynPluginContainer::SetALLPluginsState]DYN_PLUGIN_MSG_REMOVE %s, errorcode: %d

[CDynPluginCloudCtrl::DoResponse]tmpDownloadFileName : %s

[CDynPluginCloudCtrl::EnsureConfigFile]Ensure Config file : %s

[CDynPluginCloudCtrl::Download]FILE_EXIST==false, dwAttr : %d, error : %d, file : %s

[CDynPluginCloudCtrl::CheckMD5]strConfigPath doesn't exist: %s

[CDynPluginCloudCtrl::GetWaitTime]uiRtn : %d

[CDynPluginCloudCtrl::DynPluginInfo2SubRequests]file %s, GUID : %s, cmd : %d

[CDynPluginCloudCtrl::SubRequests2DynPluginInfo]file : %s, GUID : %s, cmd : %d

[CDynPluginCloudScan::HandResp]ParseDynPluginCloudScanRespData success %d

[CDynPluginCloudScan::HandResp]errorCode %d

[CDynPluginCloudScan::DoResponse]strCloudScanKey %s

SYSTEM\CurrentControlSet\services\%s

[CCheckItemBase::Service]path:%s, retcode=%d

[CCheckItemBase::Process]get procss : %s

T.\BDSGInstall.cpp

[CBDSGInstall::CopyFolder]pFrom : %s, pTo : %s

[CBDSGInstall::CopyExeFilePath]pFrom : %s, pTo : %s, pFileName : %s

fileverify.xml

[CBDSGInstall::Install]CreateMutex Fail, lasterror : %d

[CBDSGInstall::StartService]OpenService error : %d

[CBDSGInstall::StartService]StartService error : %d

[CBDSGInstall::StartService]QueryServiceStatus success : %d

[CBDSGInstall::StartService]QueryServiceStatus error : %d

[CBDSGInstall::DoInstall]lastdir = %s

[CBDSGInstall::DoInstall]kill baiduprotect.exe

[CBDSGInstall::DoInstall]uninstall server : %d

\Data\*.*

\bdsg0001.dll

\bdsg0002.dll

[CBDSGInstall::DoInstall]rename and delete bdsg0001.dll/bdsg0002.dll

\Config\810.dat

\Config\8000.dat

[CBDSGInstall::DoInstall]delete lastdir : %s

\*.xml

\*.dll

\Microsoft.VC80.ATL\*.*

\Microsoft.VC80.ATL

\plugins\Microsoft.VC80.ATL

\dynplugins\Microsoft.VC80.ATL

\Microsoft.VC80.CRT\*.*

\Microsoft.VC80.CRT

\plugins\Microsoft.VC80.CRT

\dynplugins\Microsoft.VC80.CRT

\*.ico

\BaiduProtect.exe

\BDSGBugRpt.exe

\uninst.exe

\BDLogicUtils.dll

\BDMNet.dll

\BDMReport.dll

\DriverManager.dll

\BDMDownload.dll

\BDKitUtils.dll

\SafeExplorer.dll

\SafeExplorer_x64.dll

\SafeBrowserDll.dll

\SafeBrowserHelper.dll

\7z.dll

[CBDSGInstall::DoInstall]argc : %d

[CBDSGInstall::DoInstall]argv[2] : %s

[CBDSGInstall::DoInstall]strSupplyID : %s

[CBDSGInstall::DoInstall]strSupplyID 1 : %s

[CBDSGInstall::DoInstall]Version %s

[CBDSGInstall::DoInstall]InstallDir %s

[CBDSGInstall::DoInstall]SupplyID %s

\drivers\x86\*.sys

\drivers\x64\*.sys

\bd64_x64.dll

\bd64_x86.dll

\drivermanager.dll

[CBDSGInstall::DoInstall]install server : %d

[CBDSGInstall::DoInstall]start server : %d

[CBDSGInstall::DoInstall]data report

dep360.exe

[CBDSGInstall::Uninstall]SupplyID = %s

[CBDSGInstall::Uninstall]strUninstallDir = %s

[CBDSGInstall::Uninstall]Data Report

[CBDSGInstall::Uninstall]kill baiduprotect.exe

[CBDSGInstall::Uninstall]RMDir %s

bd64_x64.dll

bd64_x86.dll

drivers\bd0001.sys

drivers\bd0004.sys

drivers\BDArKit.sys

drivers\BDMWrench.sys

[CBDSGInstall::Uninstall]Delete drivers %s

LoadFileConfig, path=%s

[CBDSGInstallConfig::CheckMD5]strConfigPath doesn't exist: %s

********* m_dwFileVerifyVer = %u **********

p[CUpdateMgr::CUpdateMgr]m_strTempPath : %s, iRtn = %d

[CUpdateMgr::DoUpdate]m_dwFlags : %d

[CUpdateMgr::DoResponse]m_vUpdateRespItem.size() <= 0

[CUpdateMgr::DoResponse]m_vUpdateItem.size() <= 0

[CUpdateMgr::CUpdateMgr]m_strBDSDTempPath : %s ,iRtn = %d

[CUpdateMgr::EnsureExeFile]Ensure Exe file: %s

[CUpdateMgr::EnsureExeFile]delete success

[CUpdateMgr::EnsureExeFile]delete fail

[CUpdateMgr::DoResponse]Download Fail, iRetryTime : %d, stop download

[CUpdateMgr::DoResponse]Download Fail, retry %d

[CUpdateMgr::Download]wstrExePath ; %s

[CUpdateMgr::Download]file md5 : %s, resp md5 : %s

[CUpdateMgr::Install]strFilePath : %s, strParam : %s

[CUpdateMgr::CheckBDSD]m_dwFlags = %d

[CUpdateMgr::CheckBDMAssist]m_dwFlags = %d

[CUpdateMgr::Check360Assist]m_dwFlags = %d

[CUpdateMgr::CheckTencent]m_dwFlags = %d

[CUpdateMgr::Install]OnBDSGDownloadFinish : %s, strParam : %s

[CUpdateMgr::GetWaitTime]wait %d

[CNetRequestHelper::CNetRequestHelper]GetProcAddress Failed !!! errCode = %u

[CNetRequestHelper::CNetRequestHelper]Load Net Dll Failed !!! errCode = %u

[CNetRequestHelper::RpcRequestData]serviceID= %u, requestCmd = %u

192.168.100.100

[CDownloader::UnInit]CloseHandle Fail!!! errorcode : %d

[CDownloader::UnInit]FreeLibrary Fail!!! errorcode : %d

[CDownloader::StartDownload]url = %s, filename = %s, max_speed = %d

[CDownloader::OnDownloadFileSize]dwTaskID = %d, dwFileSize = %d

[CDownloader::OnDownloadFileName]dwTaskID = %d, strFileName = %d

[CDownloader::OnDownloadPercent]dwTaskID = %d, dwPercent = %d, dwDownloadSpeed=%d

[CDownloader::OnDownloadComplete]dwTaskID = %d, dwErrorCode = %d

[CDownloader::OnFirstDataTime]dwTaskID = %d, dwFirstDataTime = %d

[CGlobalConfigMgr::GetCustomversion]dwFlagVersion ERROR: %d

[CGlobalConfigMgr::GetSupplyID]dwFlagSupplyID ERROR: %d

GameAccMgrDll.dll

{%X-%X-%X-%X-%X%X}

CLSID\%s\LocalServer32

dl.dll

m_strLocalExeFileName = %s.

m_strLocalDllFileName = %s.

CheckComFile() bLocalExeExist = TRUE. LocalFileVersion = %d.

BDDownloadProxy.Downloader.1

CheckComFile() %s not exist. bNeedRegLocalCom set to TRUE.

CheckComFile(). LocalFileVersion %d > CommFileVersion %d. bNeedRegLocalCom set to TRUE.

CheckComFile(). LocalFileVersion %d <= CommFileVersion %d. Try to CoCreateInstance.

CheckComFile(). bLocalExe Exist, Ready to Install BDDownloader.

\StringFileInfo\xx\FileVersion

%USERPROFILE%\AppData\Local\

%USERPROFILE%\Local Settings\

Dr%x.drt

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

oHKEY_USERS

Software\Microsoft\Windows NT\CurrentVersion\Time Zones\

Software\Microsoft\Windows NT\CurrentVersion\ProfileList\

Software\Microsoft\Windows NT\CurrentVersion\Print\

Software\Microsoft\Windows NT\CurrentVersion\Ports\

Software\Microsoft\Windows NT\CurrentVersion\Perflib\

Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\

Software\Microsoft\Windows NT\CurrentVersion\Language Pack\

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

Software\Microsoft\Windows NT\CurrentVersion\Gre_Initialize\

Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\

Software\Microsoft\Windows NT\CurrentVersion\Fonts\

Software\Microsoft\Windows NT\CurrentVersion\FontMapper\

Software\Microsoft\Windows NT\CurrentVersion\FontLink\

Software\Microsoft\Windows NT\CurrentVersion\FontDpi\

Software\Microsoft\Windows NT\CurrentVersion\Console\

Software\Microsoft\Windows\CurrentVersion\Telephony\Locations\

Software\Microsoft\Windows\CurrentVersion\Setup\

Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\

Software\Microsoft\Windows\CurrentVersion\Policies\

Software\Microsoft\Windows\CurrentVersion\Group Policy\

Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap\

Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\

Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\

Software\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes\

Software\Microsoft\Windows\CurrentVersion\App Paths\

Software\Microsoft\SystemCertificates\

Software\Microsoft\EnterpriseCertificates\

system32\winlogon.exe

TWintrust.dll

Crypt32.dll

6BE417DD-264A-4678-A036-74D2173ECCEB

%Documents and Settings%\All Users\Application Data\Baidu\BDSG\Config\

1.3.0.486

services.exe_764_rwx_00760000_00001000:

%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\bd0001.dll

svchost.exe_1088_rwx_01E80000_00001000:

%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\bd0001.dll

svchost.exe_1088_rwx_02740000_00001000:

%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\bdsg0001.dll

Explorer.EXE_2032_rwx_00E70000_00001000:

%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\SafeExplorer.dll

Explorer.EXE_2032_rwx_00E83000_00001000:

ComSpec=%System%\cmd.exe

OS=Windows_NT

Path=C:\Perl\site\bin;C:\Perl\bin;%System%;%WinDir%;%WinDir%\System32\Wbem;c:\Program Files\Wireshark

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

SystemRoot=%WinDir%

windir=%WinDir%

360Tray.exe

kxetray.exe

QQPCTray.exe

baidu.com

hao123.com

Explorer.EXE_2032_rwx_00E90000_00001000:

%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\SafeExplorer.dll

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Scan a system with an anti-rootkit tool.
Terminate malicious process(es) (How to End a Process With the Task Manager):

BaiduSd.exe:1376
regsvr32.exe:2632
BaiduHips.exe:1164
BaiduHips.exe:1888
BaiduSdSvc.exe:1600
BaiduSdSvc.exe:1112
BDSGBugRpt.exe:1112
BaiduProtect.exe:2980
RegSvr32.exe:452
RegSvr32.exe:1528
RegSvr32.exe:1440
%original file name%.exe:632
netsh.exe:2588
BDKVWsc.exe:2680
BDKVWsc.exe:1980
mscorsvw.exe:172
bddownloader.exe:2172
MsiExec.exe:1760
MsiExec.exe:948
Delete the original Malware file.
Delete or disinfect the following files created/modified by the Malware:

%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.1.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.7.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduAn_HipsClient_2.1.xml (2 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (18 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.6.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.8.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\hips_customer.xml (220 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.7.dll (3897 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.3.dll (6347 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\MANIFEST-000002 (4 bytes)
%WinDir%\Temp\TarC8.tmp (2784 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.6.dll (3897 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduAn_HipsClient_2.2.xml (2 bytes)
%WinDir%\Temp\CabC7.tmp (56 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduAn_HipsClient_2.3.dll (6841 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.8.dll (2321 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.3.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.2.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\smr.dat (37839 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduAn_HipsClient_2.3.xml (2 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (56 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.6.dll (5873 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.6.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.2.dll (7972 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduAn_HipsClient_2.2.dll (9098 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduAn_HipsClient_2.1.dll (9098 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.7.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.8.dll (1728 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (408 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.8.xml (17 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\MANIFEST-000002 (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.1.dll (7972 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.5.dll (7972 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.5.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.5.dll (8657 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.7.dll (5873 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (408 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.5.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMUpdate.dll (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMReport.dll (1425 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMNet.dll (5873 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDConfig.dll (3073 bytes)
%System%\drivers\bd0002.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\bd0002.dll (3073 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMFrameWork.dll (1425 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch.7z (7433 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMAVEng.dll (4545 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\systemfile.dat (3 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMDownload.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMBase.dll (7345 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDLogicUtils.dll (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\x64\bd0001.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMPatchAgent.dll (41 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\hips_product.xml (291 bytes)
%System%\drivers\bd0001.sys (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\NetService.ini (615 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BaiduHips.exe (8657 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\x86\bd0001.sys (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\hips_self_enc.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\DriverManager.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\x86\bd0002.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMMsg.dll (49 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMTinyXml.dll (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMLog.dll (45 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\bd0001.dll (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\bd0002.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\blacksign.dat (852 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDPerflog.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\TrustAndIso.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BaiduHipsUpdate.exe (39 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\cache_config.dat (469 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMStringUtils.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BaiduHipsBugRpt.exe (3361 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\bd0001.sys (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\x64\bd0002.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\placeholder_tmp (11 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\InstallCfg.xml (177 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMAVCached.dll (1425 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\wverify.dat (15019 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\FileSignDB\MANIFEST-000002 (4 bytes)
%System%\config\SYSTEM.LOG (15411 bytes)
%System%\config\software (38871 bytes)
%System%\config\SOFTWARE.LOG (39198 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\IsolationDB.db-journal (532 bytes)
%System%\drivers\BDMWrench.sys (601 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\privacy.db-journal (532 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\white_list.db (145 bytes)
C:\$Directory (688 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\CachedDB_1\MANIFEST-000002 (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\white_list.db-journal (512 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Data\cache.db (149 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Data\kv.db-journal (532 bytes)
%System%\drivers\BDSafeBrowser.sys (54 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Data\apps.db-journal (10908 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Data\cache.db-journal (532 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDSGBugRpt.exe (5441 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\drivers\BDArKit.sys (673 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdRepair.exe (1744 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\app.ico (34 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\BaiduProtect.exe (12288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\SafeBrowserDll.dll (287 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\websafe\WebMonBHO.dll (1609 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMSkin.dll (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\699a753a89cb10ec8ba7f17426d84102.bdt (4 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\vcrt.msi (3742 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDShellExt.dll (1707 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdSvc1.exe (3889 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDCooly.dll (90 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\Config\806.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\GCCommunicate.dll (41 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\ad.dll (1859 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\BDMNet.dll.bdl (29010 bytes)
%System%\drivers\bd0004.sys (673 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (32 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\Config\804.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsClient.xml (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\BDLogicUtils.dll (30968 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMUpdate.dll (160 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Budv.dll (95 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMDownload.dll (1625 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMUpdate.dll (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.crt\msvcr80.dll (3705 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\patch\placeholder_tmp (11 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\TrayPlugin.rdb (268 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvtrayplugins\UserDetectionPlugin.dll (156 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDMNet.dll (7726 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkv\BDKVVirusPlugins.dll (1625 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\websafe\user_trusted_list.dat (125 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdTray1.exe (12289 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\plugins\BDSGRtp_PluginConfig.xml (680 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\cache_config.dat (469 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x64\win7\bd0003.map (34 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMMsg.dll (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.crt\microsoft.vc80.crt.manifest (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmsysrepair\BDMSREng.dll (291 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\7z.dll (2105 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\DriverManager.dll (673 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™.lnk (770 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe (9605 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\bd64_x86.dll (39 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\iexplore.exe.xml (528 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\virus_type.dat (1 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.ATL\microsoft.vc80.atl.manifest (466 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.CRT\msvcp80.dll (3361 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\KVCommonRes.rdb (28502 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDConfig.dll (1781 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\kav_verify.dat (677 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x86\win7\bd0003.sys (56 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\TrustAndIso.dll (312 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\BDMRepBase.dll (6371 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvrtpplugins\PrivacyProtect.dll (172 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\BavScanV.dll (66 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMAVCached.dll (303 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDPerflog.dll (123 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Download\7z.dll (1652 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\SafeExplorer.dll (176 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\tuopan.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\tmpx9occh.dll (71670 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\uninst.exe (1685 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.crt\msvcm80.dll (1760 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDMReport.dll (7433 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\app.ico (1623 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\bd0003.sys (55 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\LKHelper.7z (22433 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x86\winxp\bd0003.sys (55 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSd1.exe (1658 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86\bd0004.sys (182 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDKVDownloadProtect_x64.dll (178 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\cache_config.dat (469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\bd0001.sys (104 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMAVEng.dll (3733 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\DriverManager.dll (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86\bd0001.sys (73 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\FTSysFixer\SysFixerConfig1.dat (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\BDArKit.sys (673 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\blacksign.dat (852 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\Config\810.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\monitor_config.dat (559 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDKitUtils.dll (601 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (1237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\hips.xml (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMDownload.dll (99 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.CRT\msvcr80.dll (4185 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\websafe\white_list.dat (1636 bytes)
%Documents and Settings%\All Users\Desktop\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™.lnk (758 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\DriverManager.dll (174 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMLog.dll (45 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\BavFrame.dll (66 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.CRT\msvcp80.dll (3361 bytes)
%System%\drivers\bd0003.sys (55 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\bduf.dll (1691 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvtrayplugins\BDKVRmvDevPlugin.dll (242 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.CRT\msvcm80.dll (3073 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\SafeExplorer_x64.dll (2321 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\hips_self_enc.xml (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKVUpdate.rdb (1674 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\drivers\BDMWrench.sys (1281 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\wverify.dat (12289 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\BavScanS.dll (66 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\drivers\x86\bd0002.sys (196 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\KVMainframe_PluginConfig1.xml (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMFrameWork.dll (283 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\BDMSkin.dll (38495 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\explugin\ieBaiduSDDetectPlug.dll (115 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\bdsg0002.dll (1708 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKV1.rdb (89 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMTinyXml.dll (181 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDKVDeskBand64.dll (125 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\hips.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\BDMDownload.dll (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\bd0004.sys (168 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\websafe\WebSafePlugin.dll (226 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™\Ã¥ÂÂ¸Ã¨Â½Â½Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™.lnk (743 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.ATL\microsoft.vc80.atl.manifest (466 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\Pizmdb.7z (132160 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BP.dll (30058 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\33f59beac1c942dd19f41a7fd30f3f9b.bdt (647 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\TrayDldProtect.rdb (113 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\websafe\DllInject.dll (45 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\System.dll (784 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\scan_mgr_config.dat (5 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\licenses\directui license.txt (593 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\809.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\806.dat (3 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\baiduRepair.dll (673 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\drivers\x64\bd0002.sys (190 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\BDSGRtp_PluginConfig.xml (680 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\BDMAVEng.dll (3786 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\hips_customer.xml (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\BDMDownload.dll (108 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\NetService.ini (615 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\repairplugins\RepairPluginContainerConfig.xml (228 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\BDMRepMgr.dll (1634 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x64\win7\bd0003.sys (65 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\Config\811.dat (8 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\systemfile.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\BDKitUtils.dll (66 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\DesktopToast.exe (103 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.CRT\microsoft.vc80.crt.manifest (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\BDMReport.dll (5442 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Download\bddownloader.exe (7972 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\ad.dll (1746 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMNet.dll (6351 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\plugins\baiduRepair.dll (178 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMStringUtils.dll (66 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkv\KVMainframePluginContainerConfig.xml (384 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMReport.dll (287 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\BavEngine.dll (82 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKVQuarantine.rdb (10 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDLogicUtils.dll (316 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\bdcomproxy.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\SafeExplorer.dll (673 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDConfig.dll (1867 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\Database\bdmp.dat (32 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvtrayplugins\BDDownLoadProtectPlugin.dll (1752 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\SafeBrowserDll.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\plugins\BDSGRtp_ContainerConfig.xml (347 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\BDSGRtp_ContainerConfig.xml (347 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BaiduProtect.exe (14022 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\plugins\HIPS.dll (12288 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKVTray\TrayPlugin.rdb (1812 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.CRT\msvcr80.dll (4185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\SafeExplorer_x64.dll (1710 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDKVWsc1.exe (1671 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\bd0001.dll (131 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\FTSysFixer\SysFixerXMLScript.dat (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.atl\atl80.dll (97 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\dynplugins\BDSGRtpDyn_PluginConfig.xml (104 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\BDMPerfMon.dll (209 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\uninst.exe (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\BDLogicUtils.dll (3833 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\BavScanH.dll (49 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmsysrepair\BDMSRCore.dll (287 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDLogicUtils.dll (164 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\safebrowser.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\BDSGRtpDyn_ContainerConfig.xml (145 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x86\BDArKit.sys (132 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.ATL\atl80.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.CRT\msvcm80.dll (3073 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdUpdate.exe (5442 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Download\bdcomproxy.dll (70 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\ToastImage.png (5 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\websafe\WebMonHook.dll (320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\fileverify.xml (1 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\Config\901.dat (8 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\app.ico (34 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\Config\809.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\BDMNetGetInfo.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsdB5.tmp (161100 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\bd0002.dll (1749 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\dl.dll (14988 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\7z.dll (1649 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\res\onlineWnd.zip (16424 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\Database\bdvs.dat (5 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\patch.7z (5442 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\BDDownload\2032233599\Setting\host.dat (306 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.CRT\microsoft.vc80.crt.manifest (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMPatchAgent.dll (41 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\KVRtp_PluginConfig.xml (2 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\websafe\WebSafe.dll (7386 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\NetService.ini (615 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\Config\900.dat (8 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.CRT\microsoft.vc80.crt.manifest (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\804.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvtrayplugins\TrayPluginContainerConfig.xml (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMPatchAgent.dll (45 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\BDUDiskGuard.dll (201 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\BDMNet.dll (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fixsvc.dll (23407 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\explugin\npBaiduSDDetectPlug.dll (99 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86\BDMWrench.sys (209 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKVTray.rdb (40 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMWindowsLib.dll (99 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86\BDArKit.sys (132 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\GCCallbackBind.dll (41 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\Cooly_PluginConfig.xml (726 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\BavCommon.dll (226 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKVMC.rdb (161 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvrtpplugins\FileMon.dll (3700 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\drivers\BDSafeBrowser.sys (54 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.CRT\msvcr80.dll (4185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86\BDSafeBrowser.sys (54 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDMDownload.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.crt\msvcp80.dll (1835 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvrtpplugins\fm.dat (597 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\KVTray_PluginConfig.xml (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMBase.dll (6400 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\updlog.dll (15 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDKVMainFrame.dll (5442 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdBugRpt.exe (3782 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BaiduHipsUpdate.exe (39 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.ATL\atl80.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\BDMReport.dll.bdl (28762 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMEvents.dll (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\bd64_x64.dll (41 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\GameNoDisturb.ini (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\BDKitUtils.dll (66 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDShellExt64.dll (1720 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\Repair_PluginConfig1.xml (411 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDPerflog.dll (156 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.CRT\msvcm80.dll (3073 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKVTips.rdb (69 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\TrustAndIso.dll (78 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\ToastLogo.ico (1623 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\slbynsdh.dll.bdl (316550 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\HIPS.dll (14022 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\safebrowser.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\BDSGRtpDyn_PluginConfig.xml (104 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\SearchProtection.rdb (132 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\fileverify.xml (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\vatl.msi (182 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\repairplugins\baidusdRepair1.dll (168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\c1e34f06c619c930edcb862b30719b3f.bdt (631 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\dl.dll (65930 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\drivers\x86\bd0001.sys (70 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\ccesign.dat (1611 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\CompatibilityChecker.dll (160 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDLogicUtils.dll (5441 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\900.dat (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\BDArKit.sys (141 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x86\win7\bd0003.map (40 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmsysrepair\BSRLib.dat (141 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\dl.dll (14988 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMScriptVM.dll (213 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMFrameWork.dll (308 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMNet.dll (3901 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\uninst.exe (3913 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\FTSysFixer\SysFixerLuaScript.dat (117 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\blacksign.dat (852 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\drivers\bd0001.sys (601 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\drivers\bd0004.sys (673 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDKVDeskBand.dll (136 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\KavUpdate.dll (1658 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\901.dat (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.atl\microsoft.vc80.atl.manifest (466 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\811.dat (8 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKVConfig.rdb (144 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Download\dl.dll (12289 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\drivers\x64\bd0001.sys (174 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\BDSGBugRpt.exe (3858 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdUProxy64.exe (3791 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMReport.dll (1666 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x86\winxp\bd0003.map (38 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\GCScriptBind.dll (6400 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\InstallCfg.xml (177 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\hips_product1.xml (291 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMSDWrench.dll (99 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\SafeBrowserHelper.dll (55 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\coolyplugins\CoolyContainerConfig.xml (329 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\BDMAVCached.dll (1658 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\810.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\tips.xml (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMNetGetInfo.dll (322 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\systemfile.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BaiduHipsBugRpt.exe (1843 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\licenses\duilib license.txt (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvtrayplugins\BDKVTrayTipsPlugin.dll (197 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\BDSafeBrowser.sys (51 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x64\BDArKit.sys (141 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.ATL\atl80.dll (601 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMAVE.dll (258 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\hu.dll (3312 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\bdsg0001.dll (601 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\wverify.dat (12289 bytes)
%System%\drivers\BDArKit.sys (1346 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.ATL\microsoft.vc80.atl.manifest (466 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\KVFixerConfigMgr.dll (234 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.CRT\msvcp80.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\bdsg0001.dll (115 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMDbSqlite.dll (1867 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDKVDownloadProtect.dll (152 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvrtpplugins\RtpContainerConfig.xml (818 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\DriverManager.dll (115 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\ad.dll (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\dynplugins\BDSGRtpDyn_ContainerConfig.xml (145 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\BDMWrench.sys (726 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvrtpplugins\HIPSClient.dll (1740 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\BavScanM.dll (66 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BaiduHips1.exe (7972 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\7z.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\SafeBrowserHelper.dll (55 bytes)
%WinDir%\Temp\bdt\a698a77d83bc1d0bd60da931227c7d5a.bdt (71 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\dnw.xml.tmp.bdl (309 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"baidusdTray" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdTray.exe -stmd=3"
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Permalink

Back to the blog

e-mail

Google+

Twitter

Facebook

Sample_344387b34f

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet

Sample_344387b34f

E-mail

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet