Trojan.Win32.Alureon_6357de48de

by malwarelabrobot on September 25th, 2014 in Malware Descriptions.

Trojan.Win32.Alureon.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Trojan


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 6357de48decaabd2c155aa99c8ce6cd3
SHA1: fd807fceebbc89d806677fa26bf5d840fba9d213
SHA256: af40252d51084b3f668260473f7e02f562fe1b7a267edcc9386e5457fd3b6b3f
SSDeep: 49152:VXpA9ybBzY5284GZ5c1 powpl wY b84/La:VtbBc5hnXoy 61W
Size: 1766344 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2012-02-24 21:19:59
Analyzed on: WindowsXPESX SP3 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

vcredist_x86.exe:608
MsiExec.exe:680

The Trojan injects its code into the following process(es):

%original file name%.exe:1344
services.exe:760

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:1344 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x64\bd00021.sys (218 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDAFileHelper1.exe (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmpatcherplugins\BDMPatcher.dll (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\GCCommunicate.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\tmpmdszir.dll (29256 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\GCScriptBind.dll (3815 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\BDMPatcherPlugin.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SWManager.rdb (1812 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\homepage.ini (361 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (32 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_second_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOTraceConfig.xml (9 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsusplugins\BDMNetMonSusPlugin.dll (3721 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\BDMWrench.sys (122 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\Pizmdb.7z (213482 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_4_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\MainframePluginContainerConfig.xml (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SafePlugin.rdb (4 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\Mainpage.rdb (3831 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDMTips.rdb (183 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\scan_mgr_config.dat (2 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_8_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\BDMSafePlugin1.dll (6420 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDKV1.rdb (29 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\CompatibilityChecker.dll (140 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Bkfg.dll (3811 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BaiduAnBugRpt.exe (6437 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\Unknownfile.rdb (48 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDSWShellExt64.dll (3664 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\EnhanceBoost.dll (275 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SYSAccMgrDll.dll (3761 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDMSetting.rdb (85 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMSWParseDetect.dll (1613 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDKVLogs.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_1_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMPatchAgent.dll (37 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SYSCleaner.dll (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMNetGetInfo.dll (11344 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\DriverManager.dll (119 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDNetMisc.dll (67 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x86\BDArKit.sys (91 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDMTray.rdb (20 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMMsg.dll (49 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\GlobalPluginInfo.xml (25 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDLogicUtils.dll (3833 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMSOCleanerTrayPlugin.dll (3757 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\BDMNetMonMgrDll.dll (62 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_class_filter.db (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bd0001.dll (131 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bd0002.dll (1749 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x86\BDMNetMon_XP_x86.sys (95 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMNet.dll (3024 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\blacksign.dat (537 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\NetService.ini (590 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (1209 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\TrustAndIso.dll (262 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\SWCatalogDataItem.xml (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x64\BDArKit.sys (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\tgqdy.dll (4 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\{F5E93978-539C-476B-9A7B-B6C32025A557}.png (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmkvscanplugin\BDMKVScanPlugin.dll (3745 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\LocalPluginInfo.xml (14 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\uninst.exe (9606 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\tgqdy.dll.bdl (620140 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\websafe\WebSafe.dll (6428 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\BDMSOLiveAccDataMgr.dll (168 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\RTPPlugins\HIPS.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Download\bddownloader.exe (7972 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMReport.dll (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMStringUtils.dll (66 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMScriptVM.dll (213 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\BDMRepMgr.dll (3733 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\BDMSOLiveAccStrategyMgr.dll (107 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SusPlugin.rdb (163 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\licenses\directui license.txt (593 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\virus_type.dat (485 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_7_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_9_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOSilentCleanerConfig.dat (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\33f59beac1c942dd19f41a7fd30f3f9b.bdt (647 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_repairproperty.dat (2 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (24 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\Patcher.rdb (143 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMUpdate.dll (3729 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\68905108990c088c31aead3b6d1651be.bdt (519 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Download\bdcomproxy.dll (70 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMBase.dll (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsusplugins\BDMSOAccSusPlugin.dll (3737 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca (3820 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerConfig.dat (6 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\BDMSWManagerFrame.dll (3725 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMMainFrame.dll (9606 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\BDAVCache.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SysOptDict.dat (4 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMSusPlugin.dll (3745 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\BDMSysFixerPlugin.dll (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDCooly.dll (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMSkin.dll (36698 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_3_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMTinyXml.dll (181 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMSOAccTrayPlugin.dll (3733 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\CommonRes.rdb (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\HotPlugins.xml (386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\GameNoDisturb.ini (215 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SysFixer.rdb (87 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\BDMSOLiveAccEngine.dll (111 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\RTPPlugins\RtpContainerConfig.xml (474 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_blank_speed.png (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDLogicUtils.dll.bdl (40821 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BaiduAnTray1.exe (12289 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SORegCleanerConfig.dat (900 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x64\BDMNetMon_WIN7_x64.sys (109 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\hu.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMDownload.dll (5520 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_acc.dat (3 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerPreScan.dat (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_minute_speed.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\System.dll (784 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\BDMProcessRunningTime.dll (82 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMFrameWork.dll (271 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerScript.dat (58 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\vcredist_x86.exe (17629 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMNet.dll (6392 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\BDEnhanceBoost.sys (59 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\BDMSOManagerPlugins\BDMSOCleanerPlugin.dll (15801 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BaiduAnSvc1.exe (7972 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDASWAcc.exe (46 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDSWShellExt.dll (1720 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDMUpdate.rdb (1630 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\app.ico (1623 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\BDMKVMainPlugin.dll (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_6_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SOManager.rdb (1741 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\RTPPlugins\BDMSOAccServicePlugin.dll (1859 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_2_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BaiduAn1.exe (1683 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmswmanagerplugins\BDMSWManagerView.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOTraceCleanerConfig.dat (5 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Download\dl.dll (12289 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\KVCommonRes.rdb (109 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmpatcherplugins\PatcherContainer.xml (563 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMTips.exe (3743 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMSkin.dll (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SiteInspection.rdb (1868 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\BDMCoolyPlugins\BDMCoolyContainerConfig.xml (465 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\Softmgr.rdb (690 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x86\bd00021.sys (206 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\SysFixer.dll (267 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDALeakfixer.exe (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\sd\BDLogicUtils.dll (3832 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\SysFixerLuaScript.dat (145 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\sd\FileMon.dll (7972 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerCheckItem.dat (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsusplugins\SusPluginContainerConfig.xml (605 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\PluginSetup.xml (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\804.dat (3 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMTrayTipsPlugin.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMDownload.dll (324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\dl.dll (65930 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\systemfile.dat (3 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOGarbageCleanerConfig.dat (12 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\pluginUnit.dat (727 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\BDMCoolyPlugins\BDMSOAccCoolyPlugin.dll (1834 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmkvscanplugin\BDMKVScanPluginContainerConfig.xml (380 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_5_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\PluginManager.dll (6359 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x86\bd0001.sys (70 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMSWNestCore.dll (6428 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\3d47db2aaf2f15af6b0fdabd9474d2cd.bdt (3 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SysAccelerator.rdb (1742 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMCommon.dll (1609 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\ad.dll (6379 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SysAccLiveStrategy.dat (93 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x86\BDMNetMon_WIN7_x86.sys (94 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_property.dat (267 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_extlist.dat (3 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x64\bd0001.sys (160 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\licenses\duilib license.txt (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_0_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOHomePageCleanerConfig.dat (12 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BaiduAnUpdate.exe (7972 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SOTurbo.rdb (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nswB3.tmp (110649 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\BDMSOManagerPlugins\BDMSOAcceleratorPlugin.dll (6424 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Download\7z.dll (1652 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\TrayPluginContainerConfig.xml (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\SysRepLib.dat (22 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BP.dll (30058 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\kav_compatible.dat (25 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMWindowsLib.dll (99 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\GCCallbackBind.dll (24 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\SysFixerConfig1.dat (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmpatcherplugins\BDMConnect.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\SafePluginContainerConfig.xml (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\StartupDict.dat (1783 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\KVMain.rdb (55 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\bduf.dll (3823 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\BDMAVEng.dll (6420 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDMTray\TrayPlugin.rdb (3 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\BDKitUtils.dll (62 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\SysFixerXMLScript.dat (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\res\onlineWnd.zip (14184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\f2d00606824cd42a1c03eb9caa15e29f.bdt (631 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\BDMRepBase.dll (3897 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDASoftmgr1.exe (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bg_tips_speed_win8.png (4 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\patch\publish.db (30058 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOGarbageConfig.xml (14 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_appassext.dat (2 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\PluginManager\PluginConfig.db (12289 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SORegCleanerScript.dat (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMReport.dll.bdl (30090 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMNet.dll.bdl (28543 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOPluginCleanerConfig.dat (442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\hips.xml (1 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsrB2.tmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (0 bytes)

The process vcredist_x86.exe:608 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\vcredis1.cab (6255 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\vcredist.msi (42423 bytes)

Registry activity

The process %original file name%.exe:1344 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\metnsd\clsid]
"SequenceID" = "C0 0D FA 98 20 1D 52 4B 80 2D EE 6D 5E F0 97 3B"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c14c4f6-74da-11e2-81b0-000c29ec7fc5}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225]
"vcredist_x86.exe" = "IExpress Setup"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "96 28 3F 62 06 8E 80 B0 6B 21 28 48 61 6C 94 39"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\C:]
"%original file name%.exe" = "C:\%original file name%.exe:*:Enabled:百度卫士在线安装程序"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:]
"%original file name%.exe" = "C:\%original file name%.exe:*:Enabled:百度卫士在线安装程序"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp]
"tgqdy.dll" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\tgqdy.dll:*:Enabled:百度卫士安装程序"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp]
"tgqdy.dll" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\tgqdy.dll:*:Enabled:百度卫士安装程序"

The process vcredist_x86.exe:608 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AF 62 14 35 1A 3B 4B 2A BA 06 FA D8 56 18 32 DF"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0" = "rundll32.exe %System%\advpack.dll,DelNodeRunDLL32 C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\"

The process MsiExec.exe:680 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B6 55 7A 94 6F 8A 81 89 4D F5 2F 3B 4A 4F 08 6B"

Dropped PE files

MD5 File path
44edff85d12e091f0b129f05a3f2a042 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\BDLogicUtils.dll
d184763cb4e62d531193978de7b82db2 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\BDMDownload.dll
c8b0dca29d7b9aff1b801af86212c586 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\BDMNet.dll
12f98be1d919784370eb0f87e78b60d8 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\BDMNetGetInfo.dll
30cbc602ada7cdfb0346038c05996d84 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\BDMReport.dll
b540a866191f7fd20f5e6355bc2b094e c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\BDMSkin.dll
f52eb281e29da8065e18805617ac2cbc c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\System.dll
763b532d651f0ad5e135d9b57bf4fba4 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\dl.dll
ebfe7c9594e300bb0c16e7bb99a7e66d c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\hu.dll
f32de2a845f461e07a95656fa0873b92 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\tgqdy.dll
f728bab4ed737e85ad5134c5a3b8c359 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\tmpmdszir.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name:
Product Version: 1.0.385.633
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 1.0.385.633
File Description:
Comments:
Language: Chinese (Simplified, PRC)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 28432 28672 4.50399 f569e353af0ed51bf4c216faa9bed4e7
.rdata 32768 10898 11264 3.04561 91eee43954e068e650f7b73a8b0e6915
.data 45056 425660 512 1.02085 db9f7acbf1c3ddfe255077b699955dfa
.ndata 471040 610304 0 0 d41d8cd98f00b204e9800998ecf8427e
.rsrc 1081344 23536 23552 3.58455 ca33c34b6d496334ebf60c8854c0207f
.reloc 1105920 3978 4096 3.79583 5dfbb8318f00f7e72ed7b2505c450360

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://baidubrs.dlmix.glb0.lxdns.com/client/dllw5/BDLogicUtils.dll
hxxp://baidubrs.dlmix.glb0.lxdns.com/client/dllv5/BDMReport.dll
hxxp://baidubrs.dlmix.glb0.lxdns.com/client/dllws/BDMNet.dll
hxxp://sxsw.n.shifen.com/
hxxp://swdownload.jomodns.com/sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll
hxxp://dlsw.baidu.com/sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll 180.76.22.47
hxxp://dl1sw.baidu.com/client/dllw5/BDLogicUtils.dll 8.37.234.9
hxxp://dl1sw.baidu.com/client/dllws/BDMNet.dll 8.37.234.9
hxxp://s.x.baidu.com/ 180.76.2.46
hxxp://dl1sw.baidu.com/client/dllv5/BDMReport.dll 8.37.234.9


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

SURICATA STREAM Packet with invalid ack
SURICATA STREAM FIN invalid ack
SURICATA STREAM ESTABLISHED packet out of window

Traffic

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=22282240-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:18:53 GMT
Content-Type: application/x-msdownload
Content-Length: 7265104
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29678
Content-Range: bytes 22282240-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
.^...Y......l......d............xB....G9...SN..s...U..hM....:..z>=.
....2....{Z6."...mo..e.^.F.c....=K/.Pn....TC.VpJ...X....Pl.....`3.....
..!...C...9..y........B.{.Mn..jI.1.QM.o.z..C:g...*..U.(./I........q'..
 P.`..q6...3...............8.....t.{oH.$..u..).I..6H.K..7[..zzRWW..|iM
h...\... ......2......$W.8....N NG...$.H..qA|q....1...8....a...../.*d.
..R.........,....<..h...7u/.....8.<nhYp....,.tIHF.sz.....`.Q..?.
Y_.I..-..[.2..c...4t...5!.......J.^..O.r/..I....6l*z...n.:.o.F..Q...&l
t;..*QA......l.3..........He....8.....Q..9Q.&....I7.>.$F.-..V.O.R|.
..2..... .U.... .~.G.^..'..z<.._j.........k.o...........!d..(..O.{.
.J...?.3D.k......C.\.p..T..... :L..TGd .t..jS......o.So.A.M....K4.....
.rT/_.m..:..O$..k..........t.}81...Wb|..X.P.B..N....9..h../%~.C.pp.9..
0..C/[email protected]#7.A.sY.*....u...o.......x...O.9..L?c.R.&wH._.
...0T.t..x..n.d....)....^I.....6 .:K.Q..dm...U.-.H.!2.\|..T.....F&....
.Ut........s..>..).L...&...u.C.D.KSoo...,..}b.d.....YV....rD.QR..m.
) P.. |....8..3.."...$......!.S..Y......=..=.............._.]..."..%..
..f........D.}p..F.; R.....|.b....b.....#..............R./..../.......
k.)-];.:&..5.1.....[[email protected]..:..Q.>.*G>.e......D].
./.Z...&..#..e"..n.}.....b.=.......a^...L......Q.x....h)Sar.N.%.k..8DT
&).{..o*v.T/...V.....B....6.k.3.t...%X..k....[<...F...C;..}..U.o..m
.......4....R:.z.7a...%G..5......../[email protected]... ..>
;..l..E.0}^w....P..;9../....h..6 ...^.5..98./..H..8...}.]7...{....~.x.
.......7]..[..6..t...w....h.[..Xv......K...v..c0.N.a..}zIes.!.....
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=28180480-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:28 GMT
Content-Type: application/x-msdownload
Content-Length: 1366864
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29713
Content-Range: bytes 28180480-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
.0...d]Z7.....BmG.g~.@. ....,{}..j....x4...Xur...{..ru.B.....a..Xs..W`
._.>.......No.,a\%[email protected].^,..pTJ.]u.....l}S.N..j.g....y(.u
.9...3.ma...Tz.|...A..TuO.....85M...C............T...Ok..H.Nk;.c.)....
b....4...A.D...X.'..^a..!7.hk:X<.h.J.H.....).e.........7....?.8.C..
....=.q(t.....>.m_....@..@?;.3..v.]..2..T3-.t[*:.#.>..<..&=..
[email protected]%.4..X.a.z......g..)....;!.U\.U..X]_..0.8^..1...{..
....\....pI.....fA..3..>m...2r....-....f.}...F..k.>.....n.{?...v
.....o%.!.a@#..|\.^.........d.... :yl^...@.~.k.$t;.2!n.*...m...v......
..P...z... ....@.'..Q.t.J...{..W...3.~...8Fm.J...vM\(..4......].......
.{..^.S..i.C.Y..Sk}D............7.,t..s...s......o...6....\..j......"r
....Q|q......M....P..V!.....n%ux.c....t4...AA&..p."H..<0Q......s..K
.....E.. ..L5...?.7....Z...l,?...S.....0..[X.N)....ky...%n. .1.e.ju|.9
.....$.b.8.9MN..O..\.r.S.Jk.y.n.5o..`.......e.mX`[email protected].
....4.z.[f\[..u..j.1Fm..[9.).......,OQ7...q...E.t........~0uVs.....?..
75..../...)..?..e.V.sx......&....C..f"q)xc).%..W........u.gl4.... 5R..
r......#...;......g.<|.U~>.<..zS.vS.. .....#.R.cB.J))..}...0.
fr...........H}..vK-...&.3..-.:...wk.......ui0..j....."....9....-_.J..
....C>....B..:l.Q...h.J..k.x.|....5..&.}z..dW.."..|v{}Q............
.BB..=S*.|0......#[...M3\..,p....x5.l....... <f.....1...W......i[..
g..b..<4.,../39MA....M.GM.....]....?....g......C|....7n\[email protected]
.....x....l..q_......#..lc..f..... .u.......]%..L.i...j...w...<.#..
.._Q.~......,us]... ..jC..5$...<..u.V#.oy.~a....<8s..2...;y;
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=27525120-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:24 GMT
Content-Type: application/x-msdownload
Content-Length: 2022224
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29709
Content-Range: bytes 27525120-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
"3.,..0N..$nTU{...2.......a%......7........p....t..Fl_...)...=...of.R.
:...P...9......k.h......6.db....y....>.6....!c."$.W.j..}...~.....K.
V...>C.6.. [email protected]...$..d7N.}...^U....t....F
..c...l...id?...._.....##.......\!......-..w...{.0#..6.....6.d...pEF4.
........ F.Ask..%.g.s.u...?.....1]p9..g-.&.J..8,.Z%_.Oa..z(....D.a.X..
,.-*..L...U.K.y..M(.....1.....*...x.u..5H...6I.!E.n..9.l........."!...
..rS ce....q ....Ja...CK.?_#..o.nr...v.. .....2R...........&.}>....
...j,?Aj..m&..U".Lg..K..dx.Xw.4.I.(].....f9c.M(S..#....[2k!.....6..J.9
..?.a.....:..Z..s...u...K$.....4.|....1].c]- ;.S..vM....V...8.d....w:.
...q.....c...\.8...m^............m..<.G...`..4f.~.an.U.s.0..<a.5
...._2.S)y.,.......x.........9...............)...IglN..lifk.TjAO._....
W...".uT....AS.......w.F3.=.|......^.W.....e(..g.$\[email protected].%.
...p..~.lP......BH|..6&.[.r.XQ..9 p...... .3.......z.X....:.e.=G..m...
..d`G...\ .?..l...1..<.J,d]...1.j.@."T..!...N...C..E..#....,#gl.%..
...........7.W......].._..%..2..p..e.)[email protected]@.7[a.....X..*.$....../
"......Fd`....QI..z...9uy.k....sB.0.O.......PZ..}.......28`3y.nv...2..
.$#Sd.......x ...^N.s......QY.sj.e...o..c...F..9.R.. y-%...c/. ....|.V
c....Y[H...}....Yb..Y.F.....u.v.1..a..P-.rc'....<[u.z....q.MG}.t...
..Tr.w....Bg..^R.~.....LZ....^M=`....7V{....`....L.FC.My......mM...${.
.\[email protected]...&..F.....~=..ym&.S.....2.5$!.fQ d.w.<,....m....X...&l
t;.|.."PU'...P...Z.B..].b....Q ...f.t.....7...6NN....cvl....w5...#..n`
[email protected]..._.2...t8.c.5.2...........j
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=26214400-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:18 GMT
Content-Type: application/x-msdownload
Content-Length: 3332944
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29703
Content-Range: bytes 26214400-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
.^..j`.$...G..lC.W...aBs.>.*?.l.Z.C..3....E...L.O.%I.7(f..G{....v..
.....~.>.............$.......P.;.........b").....z.......%..*<..
.k..u.;..r..\.Sk..3".@.....]....&...(.m..'(..a........"}[email protected]..
.;&......A8W.4....K...fT~B..[.v...Y-d.@..!.-7.._...;...P..Hy.Og.!.k..A
.'..MH...x....<Y$w...Ih.t.......98....... Mo.g@.{G.gK.(....W._..Y.e
..l.k..%.!qVDt8?.... .RH...._..j..O........JP.e_~...}....aZ3.V.i[.Ft..
...4..$.".b...J%p.....W.S..=.E...P!..c~..."...a.|o.vBT!<K.."%..}.1.
.f.\HH.....T'........9u..'.X.....0).....R...->..,..v.W...X..".B..Ih
F...D..%c....q;.BY /..`t.:....Y($.^..w.A..*[email protected]
.dk......2....H..5.D(n2.(.).E~....... ......sT.... .,7......,.U.!.N..*
.``u...........1_./.<.{...D.t..[.IZK.D..s..s..~.6...h...\.uvq.x.#8.
...)GW..0.....y!'.fc.G ....".........X..>..u..s....|.r..I$U....UHi.
j..'p..z....m...K%f.".'...k.j?.F...o...Q..Fm.......M.....b....%Ma3)C.D
.....x...._.y....q....Y...%'i.tL......1. ....#AE..u.q.B..D..0.?H..3...
.I.V.N..}....a..a...........*.d........|..M.?..*.....t'F.s*.n.y@P}..&.
.......~...*S...|>u"..`...R ...4.,......?.....F%.I}...v....."|.QT#"
6.=.Gz..4..!.Z...."..]F.`\(p......>..dbF..~q.R7..|6.d...]...2.g.&..
..=.;..P.33q.}N.3...%.)..y..V(._#6L..6...%3..2r....T.>B..._.>L..
.T...>.....J.Z..*[email protected].........?I...q?.RD'.-.s.
y..qy...RJx^z.....zx3..\..".....^...p......3.^..T.^A.....q.6....v-....
.[2T......._..&.....-....j....wt...L...>.,...(.88......6d....y.....
...<............|g.n3...U.x....F..N..a......hV..C.{-e...{.(E.&g
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=26869760-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:21 GMT
Content-Type: application/x-msdownload
Content-Length: 2677584
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29706
Content-Range: bytes 26869760-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
./{..K8*[email protected].......^.g.*v. ...O......%.....!.....
./Z..|....?>..E......{|......L...l.,.f..I.%JZ... .....)...ye..t\..F
.' ....Q{[email protected].......~J[.}.h).....b.%.C.~i..Rd.{
.-.......\....~..../...........ap....J........{%io...q...]....F.0.....
F....4...j.M...d.Q.......r.5.` 1l..4..po^_.>q.m.d.../...7e=......r.
,f{.....JP.w..@@...3........B.ku..E.&.5....qr8...xm.h`N..u./..`&...).g
..ua%<.u...B.{-`%..QV..X.d.....B.......xC.d. dG.....$..C...g....hw(
.1~<.-......3.....sg&....(.X.....$i1f.77...q..3?.Q..........0 m.[.F
......q.....X....y...u....H}ap...\_..m...U.}..:....b.%P.....k...tU.]..
..<.. f6.$.........mR...o....^.K.#.*^...)..c...L.....wa(.......%)..
..Z..".t.U.&..?...Q.../s.....8a[...b.....Hel..o)..;...#..`R..Z....{Z.W
.......)a".ss.......jam........Gg4S}...X....S...!`.m.851Wm.....=...n.5
L..Y...[.j)...o..Z...m.'>..;..j...v._..$..D..ynn.w5...E.....}-.3.[ 
[email protected]$X#...._.?.<..E.g..4S!*..5[......6...bK....2
0 [email protected].=.wX-..@....:...0...^.`...1...=...g{..}f5.<(...D[.B
...."H.$.Qcp..yI;.S..vTB....iF.hd..4..Z#..hhHC..qlM..V%...h>...-.U.
.^...........dp..."D...g....~iJw.;.zl.....B.z..Z2..;N..R-. .C_..=.*..k
:C.$Rkg.9.z.8.$(%2..jR....5t)..}}.. ......-0.F...2..._.. ......(Q0....
..j.O...4.....Yc/~.L...zd....*....3.z..1....Mx.....^...Y.M6w...D-`....
.j...f)F....K....BL.g.L5..9..Y.(m.(.>............R......^.j..`5....
[email protected] ..[."..L.....D.{......../.sD..h..z.hA..w....8.p*...
7Hs......Q......<.j.{...T....5!...7l"..K...O.WU...L.QZ.......A.
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=29491200-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:34 GMT
Content-Type: application/x-msdownload
Content-Length: 56144
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29719
Content-Range: bytes 29491200-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=29491200-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:34 GMT
Content-Type: application/x-msdownload
Content-Length: 56144
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29719
Content-Range: bytes 29491200-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=22151168-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:18:49 GMT
Content-Type: application/x-msdownload
Content-Length: 7396176
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29674
Content-Range: bytes 22151168-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
..?.....Q|....."./.... ..e......TK..;..s.....Nx_(.2.b......./#/.....(.
...O....fv..AG.A...).v.2..t.{.J.....H...g_.......>.7.UW....}..{7.h.
p...o0R/[email protected].(9ss.[nW.,..-...".?=.q...o.Q{.
....}.".l.....t.....36...V.-4.........).h.@. U...*c...R!......'&..^>
;>...l..?...T.d....uf.......1..7.PK.\6...]..]..a.R..v.....d....k.X.
v.^[email protected].&.. ?.S....~G.[z.
......#.yU....6!......O......;. ./n.....}d.uN..G...X.2...d.....E.....F
-......w-p.7..=....R)..Ii.aC....... ...irs^..X..3....wE..:......{E...}
nR-..d....K1.[.:....o>.Pd..ISzs`fe."..=(.?...B....:...F......y".$..
...0S.&K...p8a.K..c..2.2.X.$.....6.;....l-.}@..3..0_K*.G...p(.......\.
(......!E..<'Pz.|..e..i....~j3....jm..."<..'.....n.....z......./
L[...x.<....q.....mi;.XR$fs.].A&y:N.w...W.D...........E...L1..1.G.#
..{.A{=.......$..k................:..F...s....Qf..y.......N...|.....Q.
..CH...Cf...%T.z"T.*R?.'...=...W"*............5....Gh..../...Y...v.{@.
[.L...O.Q.%...J{<!|.*...._WH;.p..p...m(v.. v..-.0...w..;V .....#...
..*w.l.....nMe...#.i..b.....yc!a..).V..}.uAVjX.T.0...We..b}......a{.4.
x..qY.BZ.4.nr....FP...!;.[m..7....{....J.q?..V...98.{......>..EP..Z
.}Q..i..^A...:'.~..@r_!.T>q.....V..#e..Lm.&u..;..i...B.Z.>..o3..
.J.....s.(...T..?..f.U.U......id..H.....G.x.Q<v.!...........M..*F..
.NA....U.h2k0.[...K...K..v.;...(.oP........A.X..m.W....d.u....&.....(.
m._...\NhSB......u.yY..).....^.h......p..O........~@..>1...-...A<
;......;.J....Bb......bz.#.c..:.N..j.j.Z..d...@M.,..>.=._...Q.L
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=28704768-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:30 GMT
Content-Type: application/x-msdownload
Content-Length: 842576
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29715
Content-Range: bytes 28704768-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
.,.r..i0,...c..*.B.....}...?..z.. ...:3...:..4.%Q....7*.q..u...&..T...
(]..z.....)k1U3i.`@.K. C<.b.. ....g.#......@...(.........0.\;: ....
.cV....\.R...v..6Q.X}.G.LU.-r....$...oR........,....U...yR.l.G..)...P.
.F..Z..1fC.............@Fd.....@.~`..K..X-.Y...c...R.wk.8..qy..U....G.
..C.JRD...|k..f..=.....d.nS_J........~).X.j.......N.....,xx...i..'....
<.j.q.y.....Yzj ....i.....s...n..X"r.... .\S!..[...r>h[....!B...
..-uET3j][email protected]/.J.......x"..hvj.g...k.._....._.....4(....#MS
.....YbN`FJ9...]......lq.h.:....'.f......3GyX......%.....i....V..]....
Pm....K?..!/.Z.)...U.....0z..D(.'CM..4.........>.>}[o..l5....C..
y4^..]../-t0.....p@pG...(...k&....)..r.cs2....K..L.Y...>H..J....}#J
..)..7..I[b.2...S..tAB...lL.X...,.x...G...A.....F.6LTcWQu...N...-...!N
.6.......|...>...U.c.K.U-JIl..:J}...>.i...}au4.Z.mn.9]D...2.e...
.L..C.`.v>L..l....b.'..R.;...RD..\q$......M\...X..L...$`..7...A....
....$yg...c{.......G.......F.Hd\s.5.n.x.}.&4..0.I.(H..F..A=Q..ak7....p
.....J....=............... .g......d..%y.......Q.....9..5_.y......?Ke.
;...?s.#.~!U../7KY..GK`...=.4..B|..8N.H.&.r..N..Y.M....0x9.).M...Jz...
.z..S..xJ..$.%.c.. L.|[email protected].}.......n...t.._.e%3@.`A.......
.#.H.s..!......=...j.dt.[.H0.......jb ...q.x.7K.w...A!..r..>.E...a.
.eo .<.:.e.Y.1.J.........<Z.^.?X.[....~..T7....ga~X..{a4..c[...G
b....'.<...{K...}..V..X.<......;......3..;>..D%[2.Bg....G...[
...-41.J2.#.e....=j. .....&?"..bIh..WHK...|....Pb.!..U.....`l.h.AI.]..
....{i~@.*.....!...;..t....8yD..v.o.ho.^WF.L.CL..2.... ..,<%c.q
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=7471104-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:18:49 GMT
Content-Type: application/x-msdownload
Content-Length: 22076240
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29674
Content-Range: bytes 7471104-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
.Sd.D[%g..9.i..F......Gq}l..-........2ur......wG...t)i.l:.aZ;.!...V...
C...#5..(uhm.....dE........6...D..<....z.._....\n(.}..../..S...AQt.
.....u......v..G..0.jY.Y.O.*.PW...h..V.^..T../.r..5w.p.S.....rg&..`..4
.`.r.pD...z..s.B....ig.#i)..........%/,...X...*_[..........R...0.d{.5[
..P....3..v......C.\.v.....x...........\nb...:..........%-.guMM...{...
~ta..C....~...S.U...e..m5.Sz./A.g.S.xX..jpo..e%.....D....(..8..s.)J...
........p.....q~...U.3l....>.(9....j0..<......(9..S.3L..^...1E7.
Q...VqG...:...Bq7Pnc...f.V......x..})[email protected]
.....].O..y.y.91~p..Y.S...v. aE. .........>W.....B.........D.......
?r......B.P...v..!...........9..*..A^{....x..>....C.........P...C{.
..>...|.W....r.g...........Y8,........q..`a.-....d... v.s8. ..B.y..
........../..3...]....xZ3.~,...=._.....I...Bo...H........N*...(.S.;...
..8......%]{%@a.........Pp...B.Q.&.p~.z.."e.C..Eq......RU..-..2.G....v
S..v..../Q..L.......Y.. _vA.2A..........3..2......8h...G. S.1.........
.&..:....c..P.^........i\.D..bv&."O.j..as...M.Q..rsd.b(..`.)JL..yR....
...,B.QO7......Za...i&.F..Jz..p ......%...n..x?p...0>iP......v:?...
..*..Z.f.......t.C...I.......(_...R!.h......c.L....B........6.k.......
~.j..y.:..s[.~.q........<..>....WK4..>uG............B.y,...D.
._....E....._...-...1z.../.~/...&.s.P....a5\....!......_V.`..d..I.W...
yr/...Wy..A.'@.n.rj.7.....Xo...}......vk......U-...l.BLs......55-./'..
.....fT.u...1.{.6...........F..aL...QhL5.........oz..D........q.]w..t.
..K.(W:.".../..-.....h...O..G....&.q(!... ....}..B....i.STn.K..#..
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=27262976-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:23 GMT
Content-Type: application/x-msdownload
Content-Length: 2284368
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29708
Content-Range: bytes 27262976-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
.qu.....n.`. ..AX.PM.TZ.$....Z.u.dlaN0H.....p..R..fY.....P....Hc...g=E
...........:.V.J..t.BS.Y,.....M2.._.]N,......V.f..~c`u.i..........).. 
..p`.}..ziz....1L..D...7.).........X.......cZ.....mA...}yq....L.(.a...
i.W .....!S.............:D.\6...s>.T#.p.u.yE......%..k9\.....J.....
...<..B.@&..k<.....I..........7.$..fqq...j4WM...X.;G........9...
..F....I@[..5Q..X....".B.....W.O .z..L.c....H.S.V.P..yj.U..nu./?|.....
.j_\'".^..<..t...%,.d...QQ.?..[.IY?.....T."..-!.....`..[j..s=&".}bB
....a...Oi.J......v....4.I...._H.....A.............3.f-R?.._>...6..
........'.T.....<._..;>.e.@:.SFS...Ik......fB<^W...N.9.,...~y
..R.g4..8.kd1...$..h..!.i.....2.(H....:..6$.q....g.s-...Em.>R.M*..d
i;.@t......"..V........w).^...ev.-<............&/.:.........z. .E..
..j.Uj....5...u...?..2..q....<..b...]....q..g...E.....A..\.4..vW.7K
... ..i9..|....98.....o.....,...n......o/P..../.s..7.W.=.1}...dp.O.o.Q
....r.k...9......@"R.Gd..r..@jT...\V.......r.L..........\.4..v.C7..@..
q...Dz.Wi1r..k.&.....?..... d ..R3Kt.c.h.....&G.0.D.;.\....kR..H1>.
.3.b.P| c..6....yy.....Q..aQ61v.....<eF&.....n..'....{.........{_.R
...`... ..O..nc..v..E=i..3i..8)."\.|,.D:.[......C.|......;..F(..;..".]
.....$^!...>.w.>.}......0......<......RPS.....qV.......%.5D..
.79..\.i3.....W..3V.\VwJ...l{.._...&.7[...Z....^..z..l.L........;._.l.
.Y...Z.e.../R..O..h.Y.i..Q...,......i8..J.}.C.q.. e.o.............h..Q
ni..v.....%.8./5}.0.......On|.kB.,.Z.zK.......zJ].T._]..]..P{.a.!.I..B
.3...j.JX._cA2.._T...d.......wY>U.y"m.......%b.$../..D...j.....
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=25296896-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:14 GMT
Content-Type: application/x-msdownload
Content-Length: 4250448
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29699
Content-Range: bytes 25296896-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
8....N.;.1...u\...,..* ............[.z..E{....36.........6/.4$...7zt.g
.qw"8.......\...$.i.f [email protected]...].....5=W'...wP$..3..t..>uS
......I  .U[(...I}. .......u.....X..M:.)o..C....6.I~...X,1.M.r.....v.*
..v.....>e..-..5.A..o.......D<.W.I.&.....}cFS.Tx..1.|..B/>:..
z..c...L'..IvV. k."X...{u_r..T6...W....O...l......V38Nth...{.f..`.>
.6...7oX@>; xTzu.phAo......d.....JQ{N0;.B.Aa..|.Q.n....'.... ......
.....$...../..)PtT.,...KV....W.k(.D..x........e.}.-h.......Z?..h.P...~
j .....x.3q`...&.[,........%..C..de.q.5..U..5.....Q....Zc....#n..u....
#.#.(.....@`.5..y..X...%U.X(...I.".sG..|...tj^[email protected]....#........
. .Q'.4.4...?S..8R8........}~.WqdD7...s..i_...&...n)..= .gncT..Y.....m
c._.r.f..../..Y.>.S/k5...E..f^.....&^P....M..v}B....hJL...g.......d
..Z$U.../<.:.J......).....>..,\{...%9#._h..Bw....0..l...T...hf..
.L.VY.M .~.1.r..j...............1y.b...<v.g...KY.... h.....q..j...)
]..n-1...._......G..j7;[email protected].~..Pi..l.}j ..h...l~
o..Z67...;... 1!....-/...u!t=......F..-lB.r.......i.[.khu.y. ....-G#.J
..$...g..C..J...}!J.QH............._...c......D.U.<C/.|....M`....=.
$.v..Z....~...n{[email protected]).w.m=..V..O...18P.t...... .2..\....[....
.l....;...R...U....o......y>..k~LFI.$......f6Q....I.^.c...K.q/~Ac\.
{...l..j...=.c.dc.S.n.E.Qu*.H(.......B>...JA....l...i....<.6.{!.
.....`.. y..).6.Y.....)l.n@.,o.M@_..?HMH2...%F...Uq.W2.~..2.V...w3..Bj
.ye.......iv.[..U......$.ZX..F..S.=75...?#.r.Y.6..1.Z..8{Bz;u.5...."e.
....l..$...|.N.......4. .x...........7."./n.G..%...7.!{[@.1T.V.7..
<<< skipped >>>


GET /client/dllv5/BDMReport.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.0 200 OK
Expires: Thu, 09 Oct 2014 15:53:58 GMT
Date: Tue, 09 Sep 2014 15:53:58 GMT
Server: nginx
Content-Type: application/octet-stream
Content-Length: 1207520
Last-Modified: Wed, 30 Apr 2014 05:24:32 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Age: 1297486
Via: 1.0 sdytwt85:88 (Cdn Cache Server V2.0), 1.0 tswt79:80 (Cdn Cache Server V2.0), 1.0 shiben14:10001 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BDMReport.dll"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......M......S...S
...S.Y.S...S.[.S...S.[.S...S...S...S.[.S!..S...S...S...S...S.[.Sd..S.[
.S...S.[.S...S...S...S.[.S...SRich...S........................PE..L...
.!.Q...........!.....P... ......u........`............................
...........................................j.......V..................
[email protected]..@............`
..t............................text....O.......P.................. ..`
.rdata..1....`.......`..............@[email protected][email protected]........
[email protected]...............................@[email protected]..............
[email protected]..................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................
<<< skipped >>>


GET /client/dllw5/BDLogicUtils.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Range: bytes=688128-
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.0 206 Partial Content
Expires: Wed, 08 Oct 2014 06:27:12 GMT
Date: Mon, 08 Sep 2014 06:27:12 GMT
Server: nginx
Content-Type: application/octet-stream
Last-Modified: Tue, 06 May 2014 06:31:30 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Range: bytes 688128-924495/924496
Content-Length: 236368
Age: 1417891
Via: 1.0 wzpy220:8080 (Cdn Cache Server V2.0), 1.0 shiben10:10001 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BDLogicUtils.dll"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
..T$..B..J.3...r....b....................E...........e...M..H.....T$..
[email protected].../....T$..B..J.3.......8D...0........M..
[email protected][email protected]..]/...T$...l.....h...3..w....\D.............
[email protected]$..B..J.3..H.....D.....................T$..B..J.3.. ..
...E.............T$..B..J.3.......hE...q.........E.P.M.Q.s........T$..
[email protected]...?...E.P.M.Q.;........T$..B..J.3.......J
.3........F..........E.P.....Y..E.P.....Y..E.P.....Y..E.P.....Y..T$..B
..J.3..D....|F.................M.....U....T$..B..J.3........F.........
.........M...>...M...>...M...>...M...>...M...>...E.....
......e...M...>....T$..B..J.3........F... ........M..x>...T$..B.
[email protected]$..B..J.3..X....J.3..N.....
G...........M..xY...M...... ...M...8.B....M...`......M...p......M.....
........M.............M.............M.............M........&....M.....
........M.............M...,.........T$..B..J.3.......HH.........M..8..
..T$..B..J.3..h.....H.....................M...,..........=..........=.
..M...=..........<..........<....T.....<...M...<..........
<...M...<....p.....<....8.....<..........<...T$........
.....3........I...(.................h....u<....h....j<...M..b<
;...M..Z<...M..R<...M..J<...T$...X.....T...3..T.....I........
................<..........<..........;..........;..........;...
.......;..........;..........;..........;..........;..........;.......
...;..........;..........;.........{;.........p;.........e;....$..
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=23855104-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:07 GMT
Content-Type: application/x-msdownload
Content-Length: 5692240
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29692
Content-Range: bytes 23855104-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
.....h..S...\.5CU.Av...../A.#.".XHL5.E..E.....`...5A..tg...[.A|[email protected]
....1......ghu~.e.!4.......UW....a......pV..& ..|%J0.....K........._iY
 $..o...ao.KX.N......N(.NM..].......[..9.....r...X...:P..S..F./ ..".%.
.....}R@_ :..v.v@c.:F!..!.iH..m..^[.-.....{..........t..F.o1.q.IW ..D.
.yw.x.BP..a.k."......K/......d..9..& r.}..O...ir.G ...{./.y.2yz.....(&
lt;....(q"....`V.........).U..$...;..}...../..I.vB..CP.i...}........=.
.D..'..=./....o..)0b..q.....9YH.7}.5.C.2.t.h'.?.....H.H|s......`3>.
V..d...L.P6....p./y.....a z....i8..}..1.$v.iQ..~&.si..X.....~D. .I....
p......6..7.g-8.q.l.....H.;0n..{....c..K.;:..ZG...>.}p`D8.....M.
..PQ.(.NX..5m.&..(R.....2.Fm.. n..;.\7..8../#m.n[.q.6#..i.3.......^..S
.....k.s)C.."0... .......>.l.Q=.s........4.z..P......(.......\[iO# 
...Y...=....m...EH..b....(]..=r.p...yKOt..A.BN.q.[...3...\e..Bv.g...`.
.[...h...f5.s...(.....K...Z..;\. ...D..H..*|.......'4.qXf/.....4..V..`
..z..P..Xp......\..K...Z...$..Y..(......P3...G.AQs s;%L...u......_..a.
.....~&.O..8r..U..3.k.2._../..G....2....,mh.Y..'.....x......iX.m...OY.
..A19.(.]p...;....Z....)....&O...6..J.t...u^0.?z....pzlFUM&....9......
[email protected]*.k.;Js.#]...#.r..l..@;|."!.....`G_.;s.......v
.u.X...-..rx,..$...1.....e...B`....WQ.... &.Y......^:pm...$..6.... .&.
.:...`q.,...U^.gp.n.....lf..m...T.i..?~...B..X.?.m*T/..uE.$y....m....A
UWA.5...$L..13..T..HGB/...m.V.W.\'>].,q56.;...X.Q..)N..2.Dc?9g..Y.b
...U.Co..lCj...Y.&,........~Q..G.....a..........p..V..~.k...GWV.'.P(]B
.>.PU.WM<4j{k...-..Gb..s~..6....Q@ ...X!..v......'.Q....n...
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=24379392-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:09 GMT
Content-Type: application/x-msdownload
Content-Length: 5167952
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29694
Content-Range: bytes 24379392-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
.3.. !<......^.VT.....$.?R.9).....P..;.kp..`.$-}.%T.Y|..;.....B'.z.
.....ER.x.%..PT./)......JJ.|...p..}1"R..ZR...D.pB..\.o.....T.,..W-..#,
|.B..H..s..:W.. z.:......m%..&x..9..X..aA...p.*..c*t...YZ...h.{......n
.\..........B2...R<.........x...o.1....0..E.*o..|9..Ra..$..,1......
......-5.......R4.r.h.]W..F.".....&.'[........s......O.\...vK`.].D....
..nk...%Kb.......S.......*3....o.....h>....I..apH!..L.}....d....o.]
......jZ'...%.X...E..6.B.'._wG......b$m.?..w....z.;.D.r.5...X..y..(G.#
6_O......s.2.c........i....Da .h...{...5.xl_..zN#^.6*f.....riP2...B...
_D.&......%)%;...(...5.4@a.:....~O....zjGC<....*3..Y<...d..$.Jk.
2......R..?.....l...*..9.b..N~.4..7.l\....p&N.$...I'V"..L.D.......W...
9.\.a......^c..ny.......d.8..d..hX.m...\.....;/.=..L..Kr.{I7.....i@8..
....h...|.....)r.......}........P..R.fN.l...{.).....Dk...i%...... ....
.B..d..t.s.U...V.....0.t.G-.......m'E..S....k........%.b.pVM.u... `0.'
.............z.mMkA.........9b..GU.......!-.bf.tn.@E;YJ&..1...s..v...H
....&.M9...6.......p..q..s}F..Y..]........s.{.#.."I2A1l.....^Q....~..#
.x..1..q.}".7.L.....(......(6}q.....9./0.w.=tn....I.........."d.@{OJp.
h...".k.....O.......|N........(..(...?.%h`..T.Ggm]F...?.~...e.-. ...&l
t;...p.tx|.........N...Chk.f.).5...i...!..-X..1BC.#..S.ndL....P3..K...
A$..... ...V....I.i.....^...o1t,...-...9.....^.......].H.CXQ..R..l....
<..8...H"L..'i...X.K..MxG...[T...W.tj.&........7....m.`..3....]&t..
.....,.H"....l.ys........U......`...-.xv.43t...@-.=..;.Z.(.LC.<8..V
P`..J.I..t....._.<..._?;...9..*I..a{.H...TNrS.xKH..h.1.q....#d.
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=24117248-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:08 GMT
Content-Type: application/x-msdownload
Content-Length: 5430096
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29693
Content-Range: bytes 24117248-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
..dev...jc&.=.a."....u..`.{... s=S.%...[%b.g.z..9..w....Cg.ZR.Q7......
8.2r.....V.|.K....O.a...l...v..j.-.....%!..l.Bg.C.....5.......v..5/Z..
:.)..L=.z..S. lBAG]..9.....'...d....c........~UL.h.....K..D.sA..<..
.........i.?!Mp.Q..^G .H'...kMQ...j.m.]..r..-.C.......'.....2j..i.S.un
...v..L./...n.^QQl......m..[..q.T....E..I.?.-...W......V.t1..!,.v....:
..........j.\.......$......xl.....[1....L.s..^h.{..T..*....y..L...9...
.%d..F..huW....7".{a..........Y...........R..AT....,......t..].. .>
y.N.!R..i.C.!.F..-...... ..$.L...]..l.?..Bz.-..J..."7.49.ay......!o..J
p.ue.......O..'`H.... ....$.,4h.Q.$1".?q....u?........8EN..uVxM.'"O.T*
A..5..o..........h.....mX.H_.A...B.../....$...i<.1,..k"... :.i..k)1
.6.d.%..1.ds...._HE6.LbYR.H.. o.....*.......7.E......NF6U...5U.m.V[.}O
.2...t.,.;.g. .y..=.d.s...i1.S...cU...8...7P}.....'.).....syIw....U.Q.
.>...j..Lk..;\..3....\...3.R..K.\6.....A6.H..l..."...)...CZz>..u
z...(.r.f..j. [email protected]....)...)...#.........
H.H.. ... .O|...i....\.....s......?*m.!............S.X....H!^..ua.....
}.H.....\.p.i.?O....4.9..,..O..*.(&@.:...0....O/"9._............4.w}L.
ji|#6.[........Q...7.j..D..Qz....q........ ...!f..d..@...*../..^..qx7.
.,k-...F...^.&j@.\...a......K..=.5.. .`:_..I3.....V ..>TO.].4u..w..
/F...uX..-4....xA."A.e....s.\=D..a1.(.......(KO)...4..K.:xi.L.T.....N.
.o...3...J..M.,...x%zO..g...98.....>.............wxVel.H..c. .l=O..
Z.c%..aM.;....u...*[email protected] ....O...*I.2.enE.c|?.H.i .&....H....f.yb.
/.@.....*.... n\.......p|9.c[5.>.G....O...W.....LWK.......H...]
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=15335424-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:01 GMT
Content-Type: application/x-msdownload
Content-Length: 14211920
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29686
Content-Range: bytes 15335424-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
Q....o.A......}....o..Q...5E..nL. .)....D$....&7...$..C..I@3-..$M...x.
.....~.j....=.....U1.}F.Z>...R.........`.... n............;..[)..{S
..!...0..`....;$......e.....:.. [email protected].....:..............u..6F...L
c2.L....O[>J...Xm...<.P.......=,.y!.=`.<B.2<M.|^O......8I.
!.!_...l.b...Z.EI..d.......s........Wv.n..n5T.6.....7...u|]Nx..D.K..Tv
..v..7.c.X._6..R./.C..........5~B!......yYR=u....4..4.t..>..R.x#..W
..6s..}V...O...._......_.Q-..g.....6.......qC..JF....TcV Z..I..8Wd...7
.hJ........s<.5.G...\x&....._..=....:..L..................`...Tl...
..w.H}Lfl.'g0M\.D............Yv.[.G3.zC....yh/.....?<.........lB...
.......m.........O..Z....L....uL...d..PX.".S.......g.K......}...8.a...
..=....=.WD......5..~..kX6:.>..H...8d.k.6......%A.....K.."/^.......
...?V.).<....D.w.X..1..L.S..8.j........(...S....?.....R.%..........
....|.&...J.k. ..n!...59&._i.i.!.....or.i.8T..Ioj.....p7%C..j...z3...H
b.<b".....eK........*.....f.. .ea>A.r....M.pn...;.oU.Z.I.T...S.5
Y[.*!U.MQ......!J*...IE...Y...h..5Z............Hw..k9..,..x|..4O..4].&
gt;&...o.e.M.....tf:...J...K./(D..f...}...-..K...}. M..G%.2t...m......
\Z.......W^.L....aK..D..=............;.0|<..N.../.S........\._k....
..=........{Q..=...{v..\*..|......O..cE.{.U.(!Y4.,.........$K.s.......
..F..T..[.FSDj....N._....c.B`S...h.\.v....X>...C.^h.Ls.......gt<
.vd_....EV.(MI.JX..A....d-...I...J...&.=.-1p#...l.....u..*.c.S...T....
..5....6...ln&....}....g.D#..U.H..#.z.8...e...T..........].zQ.....#..p
...I5..... ....P..c..l..!.u..=:.)....P.....G....6.4..#......'.=...
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=29491200-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:34 GMT
Content-Type: application/x-msdownload
Content-Length: 56144
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29719
Content-Range: bytes 29491200-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=29360128-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:33 GMT
Content-Type: application/x-msdownload
Content-Length: 187216
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29718
Content-Range: bytes 29360128-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
..0...(....-b{........../.~..e..2...,[email protected]%%M......`..L.....;:o...
@......I..|...Z....Tf...r.a.......G..."f{...D.....wui0$z"..D...... .^.
.n..#oT/.^I.(........L.f..F..Kjh.B.Av..a~d.-7..Dh...Z|.0......g.. ../.
.5..u..7#e_....w...!D......#....d...7.T...Vu..=.y.!{.I.%O..........0..
[email protected].._......1L........&N|........."v......m...j,Y...%..LJ..r.
[email protected]`...V.%..R8.m.Lg......s!6w!q.fu...1.Y..>A.=.K...U........@...
..4if.....`.bN.....<.......P..`...Yw..<...../.%W.....;{]...IX.[L
cM(X.).................Z....G..W.......r.E.F;..|-.Me2...I...........%.
.GZ..^......h.<.K..I{[email protected]._F.s......e'...)o....P.......J
..d....D]r.p.....=..GY..=i^n&.......Z7....X.e..u....m6.7.,GU..5......Q
...Q...w.......dO........K.........]B.. ..97.MvZ...d...i.Ti.~....,.gH3
...B.........x.?....7~......./.....Y.m..72.>.p..I)[email protected]
Sx.-E..............m_.[[email protected].)C..R...L.gj].]x.#.WGT.L..tj...*.6.wt.
.......4<#.g?.T....3...k.9....t.^s<<5.#.|u../.OM...3..f....M.
.O...i..Hq4......$.........T....jt<....DwI...?)UT....E..x..#...Xk..
.....U.M.!...}.......#......fQpU.......U6.!..i...[E3[.'<y....9P..-.
..t..!.bz.......N....*.%k9...>}.....O.U.k..h..X0.....n...Q...C.fH..
...B.....NF.B...e7...$....-k..L1...(......8...[..m.....*..*@.2...A..h.
4z.3(cet..Nq. p.....hpiL............."X.........\...$J.N.cF.U..t.!....
.m.P2.{l..o..~a.wj...#.....ZR.b..z.pY..|C(`p...B..&K...&...N..i....3.`
_..&.C1:p.",..[a.:....M..t*..e....bA,....hhPq.....j.....IsD..a...[..(.
&....5_uE....6....s...PJ .(ta.O...#..9e........C.....u..6.........
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=22544384-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:18:57 GMT
Content-Type: application/x-msdownload
Content-Length: 7002960
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29682
Content-Range: bytes 22544384-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
v.y8|e..s....r..V.XA/....z..UAYj....FgO.,..kUp..M...8......j.....o....
z.;..../.w.(.D....V.B$.......X........}..Tx..........6..xx%b.......^=Z
...[(.....S.....JN.. .sd. D.'...I.. ..J64....4.J..h<...R)J@........
s..,(.e.K6U1......rJw.....o..!rl....W5p...........R;..L......<...")
%$g^.>a.n_y.C.}.. .j.q.........j....Z..QNE..........W=..Q..f....<
;...A.x.Ms.8.... ..1b..........d.AP).W,..].y.h..%4U..,....J.xG...f..P.
.Vqm.W.2:.).7.........Y9..|.(v.n-8............<.W.XY0o..=mr....|i].
....W^..Y.[....A.s.....0T.}..AO.,.....X .....( _[h.q...m.O..V.0.K&k2@.
0oX.G.c..u..t.....G..p.....7.X?.......JU....=k....o.,....1I.....)p.`/C
..mr}wQ.{.}.sF.....t.6s......^..r..........,.}..'uq..9.c..~......Y...d
.8..'.(".._...c..F..;.C\.$.....K.:.p.....[..yr...YS.A.:.|...u.[..Q..G4
..F./[email protected]\..S.H....>8...Y,J.......f.H
.......qg..zA..w.c<......OFB.&...y..66...%.t......n....W.Q.Dh.GP.)3
....r2P..........x..{<.).N]....M&VJ..,..A.....%......\./...........
C..9U.}3.VZ M.P..Lq.{.Fx...).As......@<$A.......x...^RC~.!.by..hY.,
.6N.<d.~H&2...P.,BP.#.D_ ..|........V........M..FB.&Q..k.U.s.......
.........m....O...*f.R.)...E..oq.uJ..I....,.R.*F.\...........!K.p.e.@.
.z..!J,.5.. .....rE.k}.~.|....!.yb...`[email protected]_jNP.=...".x.i
...2ui...../..:.......<....O[..t.<...5}....*.H..f.......n..."v._
q.0.NW.R7..k..(.[.I-....DC.U(...I.S.>.8.1....0.v...bo.:..^.....rM!.
.]V.@.#.-...a<._...".p."....Dt.c.^......f.!..._..O...W.....k.l. .e.
'...a...-.T.qyio.....JH..P.y....x..a.*..".u-....J.5Q$.|..w...p0..)
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=28442624-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:29 GMT
Content-Type: application/x-msdownload
Content-Length: 1104720
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29714
Content-Range: bytes 28442624-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
.Oh...T.Y ....Vciv.Ck~..9.Y.}....{./.<...3.]y5..l....{......K2..N.g
dn..].'.....vy...6..:.9....K.i......f..^..].....|..._&!.u.|......l....
...".XB6.{..............D.3%.R.....4.Y..... .vT...6$....(.............
....T..V.Q..rFE......NA9..6#...Sg.s9:b.1.Z.<`....,..(|(j6..j..m....
].>1G.%.w|.'......S......#..~....P|.....6........J...?.Z.?.....s...
....Q...........F.o..U1....P.$.G?...'.{.q2.......=...5......?~..-..=..
6..'Vh.y.Y.]%.($`. .......V8V.l...JY...j..}S.7...l.b....i!_..Fot=H..Z.
z.r...>8z.xD[.......8.Pl......&.R(.%e.T. [h>...N.."Q.;.j...).@2h
.&f.a..kf..=4. X.X.?{.7.m......h.\..6...w..p|..C.<.. .b.._..U......
.......d.U.O..al..........]...c}....f....q..o....b.....$;.G..q"...:...
..X..F.N.m..Z.#)\...A.T[.CC.I4|).oW6.....>..M......}ZB........m;...
FN.....N....v.}d... st..'.......C..7.w'[email protected].
.#C...Z...v\.N.]*....)n'.VqY..\.Wuu..h.m.3.'....u..T.......yPh...V...&
...@S...@Y.?6bN5..*..n.a.....,E\.....m..A_.[%.........E/h..q.......`..
=.../........I...1_..........n.z-.,e.}iY......(...F..x.......V..:.M.f.
<..............ocG.:z.V3..JzV.....V.GU.....g..#.'[email protected]
....xW?OTeNa..M~..(&..0.....D......*...%m....oLF...\......kSM.......s.
....!|'.|..!.3c....$....`.u|G..EU]....X.0.(........l.....:w..?.....f..
...i........FS.D..V..\.CD.1zh.,.e....v..P..st*..I...cM.(..jC1..>.K.
..K;....U..j|.D....)Z.2...?.*.-..u.Pg.rm......8./.".^....ecy........x.
.X.lS..y,3.8...G..47.."E0_..R.f.Ql!...?lB.;<........ X.h....q.s.>
;...#.7..t.f......p...,..8.=....{..&Z5n..x.X.$.c.........#........
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=27918336-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:27 GMT
Content-Type: application/x-msdownload
Content-Length: 1629008
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29712
Content-Range: bytes 27918336-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
.c..PT.T...6..n$.a..j..w......4.!..B......../..6.<...J..".*...D...v
s....W.0P....5.]liZ....P._KQ......*a&..UxO..V..wp..M9.l..j^.<2.8.d{
n.iu.l{p=h%Qf..R=....._\[email protected]._A......Lb..[^..n.S....
...;.4..iR.A...{5u...s). -..I....U..................>.E$..{...g.0i.
...j...M..5....... 7i-.9..E..v. .l..V.. CIB.....N.hA.Q.f..q...-.......
... .P.N..,....).*^\...l..f..B...l...w.... f....3"5..&...AeU...K......
....v..|...u...x..zY..^.{i'|Y...K.......h.....E,9.F.E'nD......v.t.d]. 
.... .H...h....9....2.Z....SP{\;.B`.i-&.....K......d....(w$.W.......\'
.#gL....a...Fm...@: .& 18.]...........Je.}....q..........D... ..Nh....
d.r\.j.i!....59?j,..p.VrP...3.d5..|p7..3WDz.x...B.{..."......,.7.w....
.q...q...D.1....................7L.>.....5=.....J...$..;..!.nc..d7 
..n..3....54c..s....=..Ll.u...\...&....mn.....~.mh..P......=...a.>.
......O.8..F..3..']..;C......#.P.^.<. Ps.......w_...X..U~...5...8..
.8._.0....5..(."............%..........U..d#...q........../U.....7..6B
.....Hi..0 ..rpn....7...U.l.....5N.#......?....U....0.V...~. 'C.g.SPDA
.Z...O./wc1../......po?.....;..}.......Y.:...4[.W!&.qu.c8h...P?..I..(^
<{.2..w..AN.]..teB..`QO.m..0..5!..D......N......h.....tV.}..C.b.\..
-.s.>..I...G..E,zE....u.EY./.t(..b...#6.aw.[.X..] .....G.,...&|.. .
.I...:....D.j.=e...<m%.R5.....[c...v.rtce.V......[..{...u...=..|..d
...9..-o..... ..M..3.m.......DZ/..4..>...l.[.]....0....5...h...C...
.]...l...I. .t..KNYv..$B.. ....S#N...#..s.......G...yt..6...7...4.[F..
)!rz..Y.H.,;..\d.... .....E.......h.B.....k.-|G.&.g........<...
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=23199744-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:04 GMT
Content-Type: application/x-msdownload
Content-Length: 6347600
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29689
Content-Range: bytes 23199744-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
.}.|....&.G...yOI}...P..W...o......PJ........D.r:s_......(G..P.....c4.
......%.Z....)...W..i:.......\...c....N.....z...H.]....1.$..uQ...*...*
.Z......Z..th.Ghk.t.".=..2....`.l.....H.BG.e........K....V.u.F..j..8..
..^.WL]..k....W.}.....(.8....../...Uf..9<*.;..:.P...r..H.. .D.E..Q.
x...<Wq.?H.l"hK...02N.)rhL./..e.j...Q.z1G.O...(8.....#...p:......g.
n....eO.L.R.... ....n........R.....0.>..G...... .)n.E..{jYb...`....
..e...............L.L21>...J...?..aS.N..........&...N...ijn/..[.1..
..."..3..]~...f......./~u#..s.=R.i....g...i.W}..M...D..;..M...o...;Q..
 ..:&.]jP.e..JZ..($.......$....j..a.m(E].c..iH.I..g0ySD/.l..Q,.(W.!...
N.C$J(:o.QTsi..?^.!{X...~%.:lB.#..W........`........O..yD..(..........
../..Q-..s..vzb9%$l.8.AM'..uk^.S&.!....(S...._.....r......zg`..$....!.
....%...mW...%.....5pe.....I.o.S8..v...{....X1w.t.[.I.....'[email protected].
[email protected]..`..G.tu.k"...M.N.E.fQ>rS......F
..wd.D|..\.5..aU..k(] ..r.8.......JE..y...g._.........p..<O.<"O.
...t..9.3Qa...F%.hX.f.jo!...,(..q..{ -.......>.. .(..k..MA.._..\...
[email protected].$.|.E.X.!....ja.. .{.....
..PW...k ....g.T.M./....I.R....y..e$W.h..\c.......(.7SUE#M...u... ..f.
....).......)[email protected]...?.Y.p.vXoUS..B.....&...1..q4^ l.L.........
..L....?..}. _V..Z.>../..1...i.F........|S&q...Z.J...V..}.........z
`.(VmX."..s.8.........WM.. .t.LT..x..-...>.(.....y-:4-.r.Jt.h.....d
....W.V......&....3..g........ MK.....4....T.......*.X..s..O..J.$e.;Kh
....V..z..h.(...E..k...............AF...)...{....r.5jn..5P.J} aY..
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=24772608-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:11 GMT
Content-Type: application/x-msdownload
Content-Length: 4774736
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29696
Content-Range: bytes 24772608-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
[email protected]![.......0.k.j.YI..qm[...r$.../.....#DW...........1.
.uQ.~..\.hq..v...n8....L.u...E..m/...G......n .w....{..............HRU
.W.-5|.9.^..1#.-........d-.......}..x...L"........./,.:.Z.3`w.......6.
o.._j..x..\.hKt..G.....!.1....:.........Gy;.7.;4p.;X.<!.Y&P..!)d\..
en...2......h........(V.......m!..[D..1ri.....X....4....N.<...pe...
p.F|.Dq...}..rh..l-...p....3.........werV;..u.B.c.2p....F5..../.....!d
.....Z00..@...^...B.A..........S8..............W...)..t].{O....[.:t...
[email protected](..#ji.pK.g.=5?.../.....$6B........../6...
.([email protected]..@0....".S....$bu..I\..u.7d.K8R...'*...o..=.vP........
r...M^o...O.....Q...\.9......g...u...A.8..N.(Zx.^8F2......)...\]t..i).
4E..EPiO.l.......{...{e....H....a}QW.7I.T.]..3...Lp..:...9/bP....d".Z.
.{|..z.7}U.r.od...J..Kv..:i.z..|......r.....L.xA5.....N.....Vub.4.....
...!...q..N....l[9..n.f....1..q..q.............lx J\.>..fTI{tx.h..B
& ..P.../33!..../q..G..o.....X..W..v}s..a.....}.....W....C..5....Q.|.w
4J#.mJ..'S....`.r..Y.3.T.q;.e.X...vq .)!C.Z.`.ck.Sa.G.}.....E.%...b..c
....`.=...Z.Y-WV:.u..)[email protected]#...m..6..."....SD...u%....sb...
o=j.^..^.C..(5...K%..Y.b...d..cV......qHB,_...;.{Ps......S.F)$C.^.}d.Z
..KN|..f\`Tc...:..2,\..l...q..~........;|....k.X...w......'C........$.
..9.8=T7.6...]d....b;..K.t.k2.J.......k...<.o.........o..2...[C....
"6.d.FEc....By~...O.f>.%......'.y. ,....<t $..u7.:.[..._.W.9...]
[email protected].^.O.),i....JK.......&.......@.....<.."h.
.....W...D....E?.)..k..}n%......KV.b...nc.COL...LNZ$I.lw-..../....
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=23461888-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:05 GMT
Content-Type: application/x-msdownload
Content-Length: 6085456
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29690
Content-Range: bytes 23461888-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
J[.Z.....=5.c.b.....%E..A..b....;6vA..j6*.x.,..>[email protected]...
xU}....6.G..........|bG.M$..........o.....P......D?W.Q.....0.$......I.
..Q<..........p^Z.9..d....U..Go.?W...A65.....mo...lS.5...M...F.."A2
z.....p....!.f.h...~.OzC....Po.G...O..^...k.>./...X:dV,.,..t..HM...
..H.r........k......?....NL..H....R._.......6...37..%.jG....K...T.....
..a.nIY.F.g...........9..Y..(.[...RD..a.i..{...:.I/..?O";.k....W^k...}
3.%1.fY.."..a.k.....G......pc.zO...G...`...b..T....fk<2..0........W
.|..[A..ha.FS..OnD..Gi.P..c.;..........J2N6.}.5 ..O9_........*..?)....
B.....Ih.......S..:Z...J;O.....oF.]S...z..\.1._%k/%C.f..e[=..../1...!.
.wX...1.}.......nH.lo=.r..`..:{E..WmB.z...r..PX....x........C..q......
..Z....6. t..D... .\|....$.M.<[email protected]......~.K..%.1 
.;...'.3.H.]..8..#Uv_....F....g...Q.c.jK... ...............Z.lAgA....E
2.S......9...-*....w..)..A....*.../K....#P.oi...[..A...L.....9o...zD..
.n..0.%i>*l.Eg..r.Z..l.<..P...[.S..0.GU...V...K.. J......b...)."
w.[..y".....\.iz..2Hz.a.X7$,.\`......&.8......U..YB>..Im\......LM'3
v...........T.2E]t87..|.`.....u:....(.........`.Q...xN...b........L...
/.E......$.g....I!`...q......8....-.]X...PS...........@..`.....b.r..J~
.q^.l..UtN.>.N......Ql..oJ..w....e...EFyn.M........yK.)............
}fe...Q.s.W.[............/.Z....36....no.V....`.....-.S.........s.....
U...|...C..k ..5WF....S4..!om^.e....*......v.:.... 1...X.;F..>..H..
.&.F...1"..N.`..f.it...5.ew..N...cS.1........A...A6^..N8..a....Q..Q.f.
{.n;.N..3..;AF.......f..(.&#[email protected].......].....
<<< skipped >>>


GET /client/dllws/BDMNet.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.0 200 OK
Expires: Fri, 26 Sep 2014 23:19:04 GMT
Date: Wed, 27 Aug 2014 23:19:04 GMT
Server: nginx
Content-Type: application/octet-stream
Content-Length: 1178448
Last-Modified: Thu, 10 Apr 2014 08:10:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Age: 2393980
Via: 1.0 wzpy201:80 (Cdn Cache Server V2.0), 1.0 shiben9:8888 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BDMNet.dll"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$........>.^._...
_..._..._..._...P..._..T...._......._......._......y_......._......._.
......_......._..Rich._..........PE..L....>ES...........!..........
......W................................................{..............
....................-...............................P...........@9....
..............................@.......................................
.....text...;........................... ..`.rdata..-.................
..........@[email protected][email protected]............
[email protected]...............................@[email protected]
...3.......@[email protected]....................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................
<<< skipped >>>


GET /client/dllw5/BDLogicUtils.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Range: bytes=557056-
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.0 206 Partial Content
Expires: Wed, 08 Oct 2014 06:27:12 GMT
Date: Mon, 08 Sep 2014 06:27:12 GMT
Server: nginx
Content-Type: application/octet-stream
Last-Modified: Tue, 06 May 2014 06:31:30 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Range: bytes 557056-924495/924496
Content-Length: 367440
Age: 1417891
Via: 1.0 wzpy220:8080 (Cdn Cache Server V2.0), 1.0 shiben10:10001 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BDLogicUtils.dll"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
..........M.d......Y_^[..]....U.R.<......j.j..g....................
.T$...$PR...Q.D$......D$......[[email protected]$... .......
.......j.h.|..d.....P..HSUVW.....3.P.D$\d........\$..D$t.x1.tLj.3.h...
..L$ .D$8.....t$4.D$$.......D$.P.L$8.t$h.d?..h.z...L$8Q.D$<........
..L$p........E..x1.t..}....U..z1.t......L$t;..y.ug..1..u.u..w..C.9h.u.
.x...9.u..>...~..[.9 u...1.t.....W...........D$..X.9k.us..1.t....C.
.fW.M!......C..X.H..U...;M.u.......1..q.u..w..>.E..A..U..J..C.9h.u.
.H....E.9(u......H..E..A..U0.A0.Q0.E0..8]0.......L$..A.;x.........8_0.
.......;.ug.F..x0.u..X0V.F0.......F..L$..x1.uv..8Z0u..P.8Z0tc.P.8Z0u..
[email protected]$..V0.P0.^[email protected]$..
[email protected]...;[email protected]
$..V0.P0.^0..V.X0......_0.}$.r..M.Q.D.......E$.....E ....U.E...)....L$
..A......v.....A..D$l.T$p.L$t...H..L$\d......Y_^][..T...............j.
h.|..d.....P..HSUVW.....3.P.D$\d........\$..D$t.x5.tLj.3.h.....L$ .D$8
.....t$4.D$$.......D$.P.L$8.t$h.t<..h.z...L$8Q.D$<..........L$p.
..b....E..x5.t..}....U..z5.t......L$t;..y.ug..5..u.u..w..C.9h.u..x...9
.u..>...~..[.9 u...5.t.....W...........D$..X.9k.us..5.t....C..fW...
......C..X.H..U...;M.u.......5..q.u..w..>.E..A..U..J..C.9h.u..H....
E.9(u......H..E..A..U4.A4.Q4.E4..8]4.......L$..A.;x.........8_4.......
.;.ug.F..x4.u..X4V.F4.......F..L$..x5.uv..8Z4u..P.8Z4tc.P.8Z4u....Z4P.
@4..8....F..L$..V4.P4.^[email protected]$..x5.u..
[email protected]...;[email protected]$.
<<< skipped >>>


GET /client/dllw5/BDLogicUtils.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Range: bytes=819200-
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.0 206 Partial Content
Expires: Wed, 08 Oct 2014 06:27:12 GMT
Date: Mon, 08 Sep 2014 06:27:12 GMT
Server: nginx
Content-Type: application/octet-stream
Last-Modified: Tue, 06 May 2014 06:31:30 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Range: bytes 819200-924495/924496
Content-Length: 105296
Age: 1417891
Via: 1.0 wzpy220:8080 (Cdn Cache Server V2.0), 1.0 shiben10:10001 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BDLogicUtils.dll"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
........"...........................................".......,.........
..........................".......X...................................
"...........................................".........................
.................."...........................................".......
................................*...".......4.........................
......<.......G.......R.......]...".......`........................
.......r..."..................................................."......
............................................."........................
...................................".......8..........................
.........".......t..................................."................
.......................(...".......................................=..
.".......................................R.......Z.......s.......~....
...............".......$...................................".......x..
................................."....................................
......."..............................................................
....."....................................... ...".......@............
...................2...".......l...............................D..."..
.....................................V.......^..."....................
...................p.......x..................."......................
.....................".......<...................................".
......h..................................."...........................
....................".............................................
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=25952256-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:17 GMT
Content-Type: application/x-msdownload
Content-Length: 3595088
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29702
Content-Range: bytes 25952256-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
Y..<..(....6UUFr{.h..N!.T.``....gc...... [email protected].... ...
Lc.....*.5..@[email protected]..#3..Pb.}...F.....%:...^.E..f....JN
[email protected]?./...r.^...."..7.....b..:.l..ngotT:X....=.\g......n.
8......P .j..<.i.<.G.v.q.J....F.....9..kK  7M...[........E......
S%Y.a..P...Os..R.<0=P..SuC..aL.:P..dG.Hk....w_3... [email protected],..
...yy.[......N=.'....#..':vx...p <.bi.@..{[..H....b.Z)..`.yF.^..q.B
...._%Q...p:.8......d/...q:neJ..........G..i...>7ge..o....h.\l..:..
.8..L.\..r..v ....g....b.....A......2..A../..:..EK..ptP;[email protected]
.B.......D..R.E..\..${3...[Iz.R^...._..h.B.7o..W...O.....C..e.t...Hf~N
VwA.?..w...........x....j8.$.`..fl........AU.l=.C.P#............'\....
.d{.x...}Dv...oh....}[email protected].|...vZ..}...A*....ek.C.%@N......
.....w....r..K....@.^o.&....{~..*./....? .O  .U..=?`..I....4..%}LD...L
M...j.,...3|.N...pe.o....._$?C?\5..c..{[..L)...._t.....O..S.....#.M...
T.. .0>[email protected].}C.H......gvM.'.t.m.....L..l.u2.3...?.9.W..gLF4?.Kn..Q
!<.4_...#..&. ........Y........k.....Fb&f.^.U..o.=.9........'..&..B
b2..W(..'.R.....d.....3........|\..Oi..v..d..]yr.#.,MG........pR.....V
,..b..}.L..A.55..zW...f{.S.Y[X...C.F..:].."....!_0.T.b8.Wkv.}m.%.cVt."
nn=.~w.u...vRX.....j.A....S.,f...u`....8...C..U.Q.m..f.!..&?N.H..E..gs
...|0..Xx2.9..].&....P4..u.....s.:H...e....>U...Y{..2..h.0].v...Ak.
.....J..b.!..8.8Q.....^.....!.:.T......i...U-..z.e...aI.H7D....-......
G/e.!.~AmS..K [..m>.f.Ay..r<n..$.Fp....F...G}....f.........<q
.H.....AU]...:.N.""}$R%}Y.t.../Y.h....a.b..Q..\[email protected]]]..
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=131072-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:18:49 GMT
Content-Type: application/x-msdownload
Content-Length: 29416272
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29674
Content-Range: bytes 131072-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
_^[..V.t$...t~.F.;.L...t.P..\..Y.F.;.P...t.P..\..Y.F.;.T...t.P..\..Y.F
.;.X...t.P..\..Y.F.;.\...t.P..\..Y.F ;.`...t.P.{\..Y.v$;5d...t.V.i\..Y
^.U.....SV.u.W3.9~..}..u..}.u.9~.u..}..}[email protected].....;.YYu.3.
@.u...j......;.Y.E.u.S..\..Y...89~.......j......;.Y.E.u.S..[...u...[..
Y...8..v8.C.Pj.V.E.j.P.eB.....C.Pj.V.E.j.P.QB.....C.Pj.V.E.j.P.=B.....
C.Pj.V.E.j.P.)B....P...C.Pj.V.E.j.P..B.....C PjPV.E.j.P..A.....C$PjQV.
E.j.P..A.....C(Pj.V.E.j.P..A....P...C)Pj.Vj..E.P..A.....C*PjTV.E.j.P..
A.....C PjUV.E.j.P..A.....C,PjVV.E.j.P..A....P...C-PjWV.E.j.P.lA.....C
.PjRV.E.j.P.XA.....C/PjSV.E.j.P.DA....<..t$S.....S..Z...u...Z...u..
}Z......Q....C.......0|[email protected]..#..;u....~........>.u...j.
[email protected][email protected][email protected]}...t..M.........;
.t.P..|1........;.t#P..|1....u.........Y..........Y..YY.E........E....
.........3._^[..3..-....t"...t....t.Ht.3..........................SUVW
.......U3..^.WS..[...~..~..~.3..~............ ......CMu...............
..ANu._^][.U..$d..........,...3.......SW.E.P.v....0...............3...
.....@;.r..E......... t .].......;.w. [email protected] R.4[.....C..C..u.j..
v..E..v.PW......Pj.j...'..3.S.v.......WPW......PW.v.S.......DS.v......
.WPW......Ph.....v.S.......$3...LE....t..L...............t..L.. ......
..................@;.r..M.......E.....3.)E..U...........Z ...w..L.....
.. .....w..L.. .... .......A;.r......._3.[.xP..........j.h({...m......
.....t....Gpt...l.t..wh..u.j .p...Y........j......Y.e...wh.u.;5....t6.
.t.V..|1....u.......t.V. W..Y......Gh.5.....u.V..t1...E...........
<<< skipped >>>


GET /client/dllw5/BDLogicUtils.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Range: bytes=524288-
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)



d.......3..\$..|$L;.u<h....h.T..j..L$ .\$X.a....\$D.....h.......\$.
.....P.L$P.........D$D....t..L$..X...j.h....h....j.W.L7.......u.VW.&..
.....L$<d......Y_^[..8...P...f....L$<d......Y_^[..8....j.h....d.
....P..,SVW.....3.P.D$<d.......3..\$..|$L;.u<hp...h.T..j..L$ .\$
X......\$D.....h.......\$......P.L$P.N.......D$D....t..L$..x...j.hH...
h....j.W.l6.......u.VW.F.......L$<d......Y_^[..8...P........L$<d
......Y_^[..8....QS.\$.VW..3..|$..F..C.P.....9{.~WU.o..F..N.;.}.......
...F....%.F.;.u....P........n...7...V.......n......Q.........;{.|.]_^[
Y....j.h....d.....P..,SVW.....3.P.D$<d.......3..\$..|$L;.u<hh...
h.T..j..L$ .\$X.!....\$D.....h.......\$..h...P.L$P.........D$D....t..L
$.......G.P.N.........W.N.......L$<d......Y_^[..8..............j.h.
...d.....P..,SVW.....3.P.D$<d.......3..\$..|$L;.u<h\...h.T..j..L
$ .\$X.a....\$D.....h.......\$......P.L$P.........D$D....t..L$..X...j.
h....h....j.W.L4.......u.VW.&.......L$<d......Y_^[..8...P...v....L$
<d......Y_^[..8.....D$.....0...w......0.....a...w......W.....A...w.
.....7............D$......Tw,...l....$.<.........................\.
.'.."..?.6...3...9...0...........!...$...'...*...-...9................
......................................................................
...................81............V...~..r..F.P.p......3..F......F..F.^
...........j.h....d.....PQSVW.....3.P.D$.d........t$..Fh.Vl;..D$.....~
..NX.9 .P.G....~H.r..N4Q........3.......~H.^D.^4.~..r..V.R.........~..
^..^..L$.d......Y_^[...........j.hBL....|$l........h....hDp...L$tj
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=25690112-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:16 GMT
Content-Type: application/x-msdownload
Content-Length: 3857232
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29701
Content-Range: bytes 25690112-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
... r..Cj@[email protected].... ~*.}).e}...k...c.2.h.}{CY..
 nn.....#..E.9...G0,.F.4..<. G.....Ip..)./...|!P.....8...s..#D..J..
D....^,'......?y%.lE."...D5.......3K.SJ..e.=z{..Y./...@*..S..Ew)..6.c.
..pds......Nh..{5...\......7..........G...e....I.d. ).f..~...h.o.....4
....XP.)..z:j=x.........CE.2.n.....N.;..".."I.....r.R.....S..i.].aH;.L
.BsB:.fa............-..^A!.r.._h....a.. j....on}.#.....~......<...F
..j.T:...O.:_.C.z.d{7.T.Z#...E.r........c.....P.1'.'>[^ .r.R.aL....
psV..F..Y....~k].^5......p...n#.}}...A.b...$..D...Kj....\[...}..O.f(49
..|^..'...0.....S. W.`W.).9M...Ta...o5.;T....b').....h...o.=......r5.x
.........V.r...Y.....!......N..G."~k&..rG....^B..mx3.A7..1D...g......\
t..B..b<[email protected]...\...mCx.......5...F.z>............,,c
N...]...y..m.Bj...Z..uSO..(..C4.i.~..9..5.LJ.!E.4:.rB.>}.....`'....
...~.dq_.E._.n....s..I:..>.|..r.b{Q...r..#.......3.Ln.M..@..|....,%
'.@h(y.Kr....4_.8a.....V...Q.Q@..=r.:.lV.e......l."...#.$.\.0V.......z
....d. ....K.H.f".... Rp.5...h7.`..x....U..\'.A........iw..vC.?....z.|
....p.&"..A...N...,.M.........wd.gy2..|.HjH..7._.7@..../,....*..BG.E..
.~F.....H.h8d.h.e....qk...F...!...l_......Zk.4..()....a.....-......-t.
..}BU....v....?.....\...g...d...T.BXc.3..Q..:).....=G.O.E....'...AA.^.
 R..2Z..-.....n..$........C_......P..F..^..lG....<........S.t.P.w.M
8.*......{.!TF........nl...&a...N.......%}..==l...M..,...9..x.G.......
...y.J.5...5..6......%[...h....9.O....\&..8..d.H..\T.!Jb...sY....m.1..
Z.Q.E..HL.y.g.......O..$.@<.>E]Qp.e...v..s.C............./..
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=25034752-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:13 GMT
Content-Type: application/x-msdownload
Content-Length: 4512592
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29698
Content-Range: bytes 25034752-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
?..o.H:......;...... n....|.}m.3c.&....1..I..D.,mv...X.k.~..A..u .Dr.5
C./...Z"8..$'..W...i....z...... .Dl..t. ..^.#4o.9.k..Ij..T.}...i.b..4.
.....Z..=B......*..N.l..?H.......Ix.k.......%.............>R&.....o
..).......w.....Z.L...u>..2..0AF~.j.W...(.....t...jo.1k...)....|t~R
...M8Qd.n.V....*Z...5.[\....'..S Gj....v.IN..Eq..1..H..~1g.....CFt.I.'
...H.t:.8OpH......$%..l(n<S.}....c.......:..a|.8rzL<*....l......
...~=S.....h./_ ...]WG.Va..OkS..P...x..}Q.o.0..t..|.&.60.D2.n3..k\!.&l
t;....!. ...7Z.nQ..o.Y...q.....X.6.......e.1.l%u.1..J....8...&....Qw..
.">........../<...c.........c..N.7......}-.I.q......2..u..;5t...
..%.....=.....NC..'.......Nf"..G...f;.L.}bV..j..,43q......d3.9....^...
1....'........Q.....H...3..:.%E..y.1.w....P#...C................2f@"..
>R..l-..IYa....3`.C.;.$.....Q\... KW&.........G ...\.............~T
._J...a..B....F.5.....CB.......K3.O@.<#.......B;.4. .I..e'"....Q...
? ....m..}..s...^k|.x.u......a....E.............!B..q>...\...]J.0..
^U.a..p...Of..".h.f.z.D.Z...o.8U.h.B.....R.(.B[.-^t;./.&..glY..V.6Y...
9.<.J.=.Fq...y......1....#.>.s.Sj.F.t.."....&..6.[_...b.rVb.....
.]... .8.:o'.-:.v.g......P....... ..;i...8..wA.p.8N.y...pw........y..V
z.nh\.(6]...>.A.F.Y.9..a.kG....U..y8..s.iv.9.r...P4aN`r88..E|......
E/.o.h.0..<..a.BM.Y.. .D;`.....:...P...V...xY.......oc"#...._.N....
|F.E.{1..z...2.0.F%i1lf..^..D......m.O\Fnf.d.=zG..d.\.5.{............!
...>f3P=D.....H...m.b..^.Gm!....A_o6.[.s$.i.*.]...Y.NS.8?t..-..*..C
...T! L......z...v. .?..#[email protected].\.(.b.p..HW~...s..l.......
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=29097984-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:32 GMT
Content-Type: application/x-msdownload
Content-Length: 449360
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29717
Content-Range: bytes 29097984-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
....N."....m.4?.d..<FeQ.....(@...N..n....7....'.`7.).....OKW.L!0.i.
.U....Ig..E...^8......~..{Il..5....Q.jk..f..-..]..Oo...'..~<..n&.,K
.Iy.Y..J..b.....!...0.....^.....k}......j.y.-......._...D..["....jD...
........f.......*.8....B.......g.......w1.B...z}L...h.y...l..(....Ze..
be..o.........F#.......i.d..,....:3..n....".y..,'<P...%q...a0L.Q.. 
......HF .)....S.....S....._.$Z..3..!.....y........"..2..M...`Z.|.....
.OlB*@.)-...I..;.9Z....J.f..{..Y.. {.r.Y ]...#..P.......Bj<3... Tq.
0i.....{.^A..*#...e.....O...JB`o.:csg....Uk...Z..>..h.F.....H .B..s
 ;* .........t9.....5H..|K.~WQC........hv.(..........>&.H..c.^.O..3
>jR...6.%........GK....rT.... ..._3........S.TB.E.......~..D[(6S@..
..I.|U./....:.....A... ..o.......s|.b....2..mW....\...4u.v....].J.].E.
v..<..<gj..c...q.......V..........t..g.e..3..S*/.z..t].."7^Eg_t.
6.8..s3..U.G\7&.*.;.{._.\.tk.tX..........wB......B...Bz......|.U...J..
..e`..GF.....O.s. .... .;.U...D.s..U..C..._..X._.8.C.UJ.......I..].,..
.'C-..Q...g#(..<..Q..i.a<..,.....K...2k...z'#W=..c....V....".i.2
z......J!.#.5.pi.I.c.........{.X..9E3[,..-x.D...Ob..} .o.cH.)V..o..Q..
.M[s........=.pX...l..........h..a ..(}..l....wL......))..1V......u3.H
<........ZG.....J.EN........N.b..n.\.5..pu..F.Y.4.w..`P.O ..b..&K..
K....)c .............S*.8.;.&........R8..e...5..<"....E..L03r.^...u
.J^......)O.5...........d.z..#[email protected].....&_..$....
.q~.!..e.-.:.b'..%.n.v-...4...e?cE...;..o..Ki>...B.......<*.CU.|
....\......Q...z\ e1dG.A..,a.o6.D.O...L..rlu.?..^....<..2T.....
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=14811136-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:18:49 GMT
Content-Type: application/x-msdownload
Content-Length: 14736208
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29674
Content-Range: bytes 14811136-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
....".M..11.Q.$|.o#.nR..&^).~..j.t(....K..D.....fbzi...5,.R.wA0.J.#.L.
.d.%......?9........$.'.L..M..j..o..".qFI.\.5.zU...W.#....7.... .b.D&.
.*ch........|L\_p..B. M..19X..P./5. .6..Q..8S<.UD.,...4.5..G?B...U.
...^.2.Uo:...{.Q..S.`..^`.A..>($%e^-P......BX.>Jo.P.z.T...9./t..
O... ......1.,H..rpTP.L~.....n.\Q.>.s.........!;[:5.G.&...3...z..-P
......... ..... 9.Q.......'...*.}&.Dc.D.QgLf....*[email protected]..
S.a.....QL.m^.....T..I..O..T......l..a|/.Z.v.f2`@.........(.IW.....N..
..{..J....6...N....-.$.......t......g..u..o..0.FT;........._dPY.!.U..r
...#..t....Mat.4L.HnVIr.p..#.g..,.E.#.Wm.l5....D5..nN5...)4Hq......8.,
.??..........i.TM..^|......\.sq.....OW.@........[.......#.>nm.P{..9
...It.8..F........[W.y\...;{...p.BM.H$.f...g...A.......:..H.....ON...;
f...l....0VE`h..........BRh...$..X.V.~......#Wfj....ga...s..@..>`..
..8.h.n.9.yZ..,..)[email protected]~6.O.<>.P..G. ...
.-....yp............T.j.c.B..xp.;........t|.m.E...~...f`9.$X.@ ..Qs.d0
...Wn.|A......f....,...f......a{<][email protected].....]..|=.S.T,.........Y
.b......K........}.[.}..........5.Z....F........3...........7. ,.>J
.a.....S.8.F{.5....;....XL6..%Uac\[email protected](.. .B ..a.....L..
..j..g. dNH.....H..e.r{.A.B.Y..z...a...........,.j..hd.f....6Tf..=..hn
...R ...&.&.....O..$_...cU.L.....G..s..h.kh.FZ...Cz({......3-T.w.0GRMq
............*.dA'..nlo2.,B.0..0.8s..&...A alM}*...C.@q.~C.%3.....K(&s.
.Kl...o.j..W.....UZ..10.c`s0{8...... ".(.&...(..\w.....Z.........4._..
C...~.....`...lw..Y3...8..v....g..W~....Y...CcR:.z4a_...'.<...)
<<< skipped >>>


POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 68
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000

...8........" c0205aca635d4bb7638c184e1bd81562([email protected].` ......
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 124
...p........" c0205aca635d4bb7638c184e1bd81562(.28.....Y.5...R...^fRw?
0<.3...9)...PG..m...0.OV...{f.O. [email protected].` ........



GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=26607616-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:20 GMT
Content-Type: application/x-msdownload
Content-Length: 2939728
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29705
Content-Range: bytes 26607616-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
.G<.O....(b.~..E....T/..o.......]Tde(..YB.....g..C.I...%..*Scj.t:.K
...Nx....-D._.aL#,.....E......a..2....g........d..j...Z.yG.&6...h.....
.;.. .R.&...dY......y[....#...........)....!0..j...:.(I1%..{x....}u.U.
.....O.._.7.g|......,@....'....<.).u.kF........?...~G.n..".._....e.
F...S...Rh.....t}.Wh.......z.g..r.\eq......f..<..0...{F8.X.|T...:Z.
.?...X..G#...xlI5cW.E....%....}...k.m.qkx.\.. ,........~.....mI.t..y:.
QEc%a..VA......~V.....Q.Ua...?.^...../[email protected]:..ha...'.P...3X..
...B.80.#.. .........LH0....k.X.r.:....C...oe9%7U.:.8.......n.(.....m`
;.....`.......8.F..u'&?.D........<,.GJ.....QE.%.A.*.y...:..l%.Q...|
..k.._..*O............C...s...#b.`.N...m.!qD...Lm.r..n.V.T0....)  $.N.
.wE%......6........v^'....Kj.\.*...R3iT...tL..I..2.x...........7.'. ..
[email protected]..\...OEh3.9.}^B.u... .`....?...u).m...^.NT..!..r......T..
'.:.~.0.......<. .{#...z....;.t$D.?.F....5..... ...%.....6..9b~....
w.:....s..lw..&...^.DmOq}1-s...D....xk-.|.&[c....<.......Z...3.O...
...=@.#.h.0.{....4......aDE.C8..0Zr...'...a..x..#.l'[email protected]&.`
c....&..&.4...*.,>X4...P....-0.C...30,B....44...R88.6IS&]h(6.....?.
E..&. J.P./r.]{..Xq:.R`...;.._....;W6..~......<R.f6Fov^{.........g.
.T.N~].. .wB..T..3..I.@.....;8.........nW9....6..#..p.}....~Ko.cm....c
.;.....RM.t.FL.......7..<...3.W..1,V....E}.bee$..,.........*.s.....
....$-...0.a9..t.w........zB....J.X`....%.T&Tq.*..):....l._U.Kb..l.uw.
..?i....,.}h.l!".C...{Z...i.8...G...........`;m..<W.O%F......o.....
."y.F.&L.M....4!~..^.n..J.H%.S.n...z...-<.n........y..*s...n4..
<<< skipped >>>


GET /client/dllw5/BDLogicUtils.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)



M........U........E..0..............M..q.................!.........E..
.......................=.!............!................E......"l....|.
....|.....x...h......x.......x.........t.....t..................6.....
....Rh.............................RPh...................B.........Qh.
...........................Ph............................Qh...........
..................t.........p.......p.........p...Qh..................
.P ........P......Qh...................P.....j....l.....l.....h...j.j.
j.......Q..h.......h....P......E......R.....E...........P.r...........
..........f........h....j.......R........f........h....j.......P......
....p.........t.........x.......j.j.j...p...Q..P...............D...j@j
.......R.1........|.......3.....................,...................f.
.......j.......Qh....j.h....j...L...j.j.j.......R......P......Q......R
..H..........=.!...t....!............................................=
. ...t...d...8.......d.........p...P......Q...HTTP/1.0 200 OK..Expires
: Thu, 09 Oct 2014 15:52:58 GMT..Date: Tue, 09 Sep 2014 15:52:58 GMT..
Server: nginx..Content-Type: application/octet-stream..Content-Length:
 924496..Last-Modified: Tue, 06 May 2014 06:31:30 GMT..Cache-Control: 
max-age=2592000..Accept-Ranges: bytes..Age: 1297545..Via: 1.0 hzh64:81
04 (Cdn Cache Server V2.0), 1.0 sdbz23:8080 (Cdn Cache Server V2.0), 1
.0 jg9:51020 (Cdn Cache Server V2.0)..Connection: close..Content-Dispo
sition: attachment;filename="BDLogicUtils.dll"..Access-Control-Allow-O
rigin: *..Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTION
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 200 OK
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:18:47 GMT
Content-Type: application/x-msdownload
Content-Length: 29547344
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29672
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......U57w.TY$.TY$
.TY$..'$.TY$6.$$.TY$6.7${TY$6.4$.TY$.[.$.TY$.[.$.TY$.TX$.TY$6. $UTY$6.
#$.TY$6.%$.TY$.TY$.TY$6.!$.TY$Rich.TY$................PE..L....u"T....
.......!..... ...................0....................................
......................................M...,...........x...............
P....p...c...3..............................`[email protected]........
.......................text............ .................. ..`.rdata..
.....0.......0..............@[email protected]..................@.
...rsrc...x............0..............@[email protected]....... ......
[email protected]..........................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................
<<< skipped >>>


GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=17170432-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:10 GMT
Content-Type: application/x-msdownload
Content-Length: 12376912
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29695
Content-Range: bytes 17170432-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
`-Z... I..3... ....D=......c....7\.T..x...........!i..{......b.....H..
...h.flzE........!..C.h.8j[/....a}~%]t..,.....q..d..$c;......]=\......
QJ.g.....|.....?....(JM*..^..!..h..{..k.....$c...ud..>.!....,......
..Bf{;...q|?......-'.H...4y.v....c........V........)..........@e>=7
.f.C....8.....F....'4. ?'...S..Zs.l.g...L..s.43.wJ.x.X....3r..}.z.H.m.
F..Jt0..uzp.....`..A.G..FB6.t...e!,eK..}.;.....\....p...K\.Sq1... ...Q
'.t.7J.3..46...i5...E?..........;..c...3d2......k..].P..].x.Yi...z....
.S...X}......2......sQ.@m..:....l.z..$z{~R(.T.. 0........X$.v*./....OZ
...m......%........".B?...u........-0.Y..lKx^...\.>.4...\S8..l.B5..
..y].?9E.....<k..:.Br...1...E.p....i...._...ECv..j.N./.b\-.jn...b..
..........). ^.s>.o...xw....2%..G..........uO.cB.\....b#...-)z~^.C.
c.....-...]..`...Y=...X._.G...7..t:..,._.v.<]EggL.u..............;.
....4......5RM...,.....T(. W..f...[..,.aHn.'....S..V.....h..07yn.qggP#
v#W[5......G.....\.gm....3....H..|D...&.bE~.....;....'..m.........Le.j
.}~..ZE2..|QG.T'.0.....$K ,...........j.&.q'..)..u..&.....)|D..}...R..
..Kv.;._=....POk..W.&..] %m.`J..`...C......S.......}..?...s3...e..-G..
...b.T*...n?MJ.k...vf........>[email protected]..~.O.....9.BfrT....
..J.C.!4s.'[[email protected]..;.4.@|F.P.o..
.k.(......*.h....tN.&.................-q.....Z-H..I.....y},..GK..X..&l
t;r...........L..QI..X&.4.cf...^.....]CB....D...z[?DQ%..8y..e.U.?R.Wf.
N,X.zh.\.R.....}.|i.U.:...............bR.,..&..Q..S.k....H..O`...nYE.2
P,....pZ=....o.]..-R...........x`:.z.;$.*.....y}........CW..6Z..I.
<<< skipped >>>


POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 228
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000

...p........" c0205aca635d4bb7638c184e1bd81562(.28.....Y.5...R...^fRw?0<.3...9)...PG
.m...0.OV...{f.O. [email protected].` ...h.%h...C}.K{T\QZa.L.`. .P!..~...L.<4.av.P.#....w..p.U...Q..Kk.b...].....=....3.pj....n.Z.o.&M.Ao.=/....N.V.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 140
...p........" c0205aca635d4bb7638c184e1bd81562(.28.....Y.5...R...^fRw?
0<.3...9)...PG..m...0.OV...{f.O. [email protected].` .....%........o`H.B
E7.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/oct
et-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Len
gth: 140.....p........" c0205aca635d4bb7638c184e1bd81562(.28.....Y.5..
.R...^fRw?0<.3...9)...PG..m...0.OV...{f.O. [email protected].` .....%...
.....o`H.BE7...

The Trojan connects to the servers at the folowing location(s):

%original file name%.exe_1344:

.text
`.rdata
@.data
.ndata
.rsrc
@.reloc
RegDeleteKeyExW
Kernel32.DLL
PSAPI.DLL
%s=%s
GetWindowsDirectoryW
KERNEL32.dll
ExitWindowsEx
GetAsyncKeyState
USER32.dll
GDI32.dll
SHFileOperationW
ShellExecuteW
SHELL32.dll
RegDeleteKeyW
RegCloseKey
RegEnumKeyW
RegOpenKeyExW
RegCreateKeyExW
ADVAPI32.dll
COMCTL32.dll
ole32.dll
VERSION.dll
.knjZL
3$3,383\3|3
Thawte Certification1
hXXp://ocsp.thawte.com0
.hXXp://crl.thawte.com/ThawteTimestampingCA.crl0
hXXp://ts-ocsp.ws.symantec.com07
 hXXp://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
 hXXp://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
.Class 3 Public Primary Certification Authority0
<VeriSign Class 3 Public Primary Certification Authority - G50
hXXp://crl.verisign.com/pca3.crl0
hXXps://VVV.verisign.com/cps0
#hXXp://logo.verisign.com/vslogo.gif04
hXXp://ocsp.verisign.com0>
DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
n.aAHu
2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,
2Beijing baidu Netcom science and technology co.ltd1>0<
2Beijing baidu Netcom science and technology co.ltd0
/hXXp://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
hXXps://VVV.verisign.com/rpa0
hXXp://ocsp.verisign.com0;
/hXXp://csc3-2010-aia.verisign.com/CSC3-2010.cer0
hXXps://VVV.verisign.com/cps0*
#hXXp://crl.verisign.com/pca3-g5.crl04
hXXp://ocsp.verisign.com0
BBB.DDD
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
4&;6;];};
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46.5-Unicode</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/></application></compatibility></assembly>
logging set to %d
settings logging to %d
created uninstaller: %d, "%s"
WriteReg: error creating key "%s\%s"
WriteReg: error writing into "%s\%s" "%s"
WriteRegBin: "%s\%s" "%s"="%s"
WriteRegDWORD: "%s\%s" "%s"="0xx"
WriteRegExpandStr: "%s\%s" "%s"="%s"
WriteRegStr: "%s\%s" "%s"="%s"
DeleteRegKey: "%s\%s"
DeleteRegValue: "%s\%s" "%s"
WriteINIStr: wrote [%s] %s=%s in %s
CopyFiles "%s"->"%s"
CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
Error registering DLL: Could not load %s
Error registering DLL: %s not found in %s
GetTTFFontName(%s) returned %s
GetTTFVersionString(%s) returned %s
Exec: failed createprocess ("%s")
Exec: success ("%s")
Exec: command="%s"
ExecShell: success ("%s": file:"%s" params:"%s")
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
Exch: stack < %d elements
RMDir: "%s"
MessageBox: %d,"%s"
Delete: "%s"
File: wrote %d to "%s"
File: skipped: "%s" (overwriteflag=%d)
File: error creating "%s"
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
Rename failed: %s
Rename on reboot: %s
Rename: %s
IfFileExists: file "%s" does not exist, jumping %d
IfFileExists: file "%s" exists, jumping %d
CreateDirectory: "%s" created
CreateDirectory: can't create "%s" - a file already exists
CreateDirectory: can't create "%s" (err=%d)
CreateDirectory: "%s" (%d)
SetFileAttributes: "%s":X
Sleep(%d)
detailprint: %s
Call: %d
Aborting: "%s"
Jump: %d
verifying installer: %d%%
unpacking data: %d%%
... %d%%
hXXp://nsis.sf.net/NSIS_Error
~nsu.tmp
install.log
%u.%u%s%s
Skipping section: "%s"
Section: "%s"
New install of "%s" to "%s"
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
*?|<>/":
invalid registry key
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
x%c
RMDir: RemoveDirectory failed("%s")
RMDir: RemoveDirectory on Reboot("%s")
RMDir: RemoveDirectory("%s")
RMDir: RemoveDirectory invalid input("%s")
Delete: DeleteFile failed("%s")
Delete: DeleteFile on Reboot("%s")
Delete: DeleteFile("%s")
%s: failed opening file "%s"
LOCALS~1\Temp\nsmB4.tmp\tmpmdszir.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsmB4.tmp\tmpmdszir.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsmB4.tmp
Nullsoft Install System v2.46.5-Unicode
%Program Files%\
smB4.tmp
File: skipped: "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsmB4.tmp\tmpmdszir.dll" (overwriteflag=1)
p\tmpmdszir.dll"
1376516
\%original file name%.exe
c:\%original file name%.exe
%Program Files%\Baidu\BaiduAn
%original file name%.exe
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsrB2.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
-586546794
1.0.385.633

BaiduAnSvc.exe_220:

.text
`.rdata
@.data
.rsrc
@.reloc
T$xRSSh
;9u.SWj
8.uwS
n<.ut
..\src\google\protobuf\message_lite.cc
CHECK failed: !coded_out.HadError():
%d.%d.%d
libprotobuf %s %s:%d] %s
..\src\google\protobuf\stubs\common.cc
CHECK failed: (from.GetDescriptor()) == (descriptor):
..\src\google\protobuf\message.cc
: Tried to copy from a message with a different type.to:
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\generated_message_reflection.cc
..\src\google\protobuf\wire_format.cc
..\src\google\protobuf\reflection_ops.cc
..\src\google\protobuf\descriptor.cc
". To use it here, please add the necessary import.
", which is not imported by "
$0$1 = $2
$0$1 $2 $3 = $4
.PLACEHOLDER_VALUE
.placeholder.proto
map key must name a scalar or string field.
map_key must not name a repeated field.
CHECK failed: dynamic.get() != NULL:
.foo = value".
.dummy
FieldDescriptorProto.extendee set for non-extension field.
FieldDescriptorProto.extendee not set for extension field.
Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "
CHECK failed: !out.HadError():
" is repeated. Repeated options are not supported.
Import "
Missing field: FileDescriptorProto.name.
File recursively imports itself:
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
\xx
..\src\google\protobuf\stubs\strutil.cc
..\src\google\protobuf\extension_set.cc
CHECK failed: iter != extensions_.end():
..\src\google\protobuf\extension_set_heavy.cc
..\src\google\protobuf\descriptor.pb.cc
google/protobuf/descriptor.proto
google/protobuf/descriptor.proto
google.protobuf"G
2$.google.protobuf.FileDescriptorProto"
2 .google.protobuf.DescriptorProto
2$.google.protobuf.EnumDescriptorProto
2'.google.protobuf.ServiceDescriptorProto
2%.google.protobuf.FieldDescriptorProto
.google.protobuf.FileOptions
.google.protobuf.SourceCodeInfo"
2/.google.protobuf.DescriptorProto.ExtensionRange
.google.protobuf.MessageOptions
2 .google.protobuf.FieldDescriptorProto.Label
2*.google.protobuf.FieldDescriptorProto.Type
.google.protobuf.FieldOptions"
2).google.protobuf.EnumValueDescriptorProto
.google.protobuf.EnumOptions"l
2!.google.protobuf.EnumValueOptions"
2&.google.protobuf.MethodDescriptorProto
.google.protobuf.ServiceOptions"
.google.protobuf.MethodOptions"
2).google.protobuf.FileOptions.OptimizeMode:
2$.google.protobuf.UninterpretedOption":
2$.google.protobuf.UninterpretedOption*
2#.google.protobuf.FieldOptions.CType:
experimental_map_key
2$.google.protobuf.UninterpretedOption"/
2-.google.protobuf.UninterpretedOption.NamePart
2(.google.protobuf.SourceCodeInfo.Location
com.google.protobufB
Tokenizer::ParseInteger() passed text that could not have been tokenized as an integer:
..\src\google\protobuf\io\tokenizer.cc
Tokenizer::ParseFloat() passed text that could not have been tokenized as a float:
Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:
..\src\google\protobuf\stubs\substitute.cc
..\src\google\protobuf\dynamic_message.cc
..\src\google\protobuf\text_format.cc
..\src\google\protobuf\descriptor_database.cc
Invalid file descriptor data passed to EncodedDescriptorDatabase::Add().
{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}
c:\clientci\workspace\bdm_v2.3fix_compile\stable_proj\include\thirdInclude\google/protobuf/repeated_field.h
config_service.proto
.\BDMConfig\Protocol\config_service.pb.cc
config_service.proto"(
cmd_list
.ConfigItem"@
.ResultSet
Content-Length:%d
s.x.baidu.com
c:\clientci\workspace\bdm_v2.3fix_compile\main_proj\Source\MiniUpdate\thirdparty\google/protobuf/repeated_field.h
c:\clientci\workspace\bdm_v2.3fix_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp
.\update.pb.cc
%s:%u
1.0.0.1
.\header.pb.cc
%u.%u.%u.%u
addr %s not good...
Unsupported Media Type
HTTP Version not supported
HTTP/1.0
HTTP/1.1
https
ftpes
ftps
tftp
% ;?:@=&,$/-_!.~*()
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
%s\Connection
c:\clientci\workspace\bdm_v2.3fix_compile\basic\Output\BinRelease\BaiduAnSvc.pdb
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
BDLogicUtils.dll
?BDMGetWindowsVersion@BDMMisc@@YAHAAKPA_WH@Z
BDMBase.dll
?GetWindowsDirectoryW@utils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
BDMFrameWork.dll
BDMStringUtils.dll
?BDMMsgGetModule@@YGJPAPAX@Z
BDMMsg.dll
BDMSkin.dll
KERNEL32.dll
USER32.dll
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
ADVAPI32.dll
SHFileOperationW
ShellExecuteExW
ShellExecuteW
SHELL32.dll
ole32.dll
MSVCP80.dll
PSAPI.DLL
WS2_32.dll
SHLWAPI.dll
MSVCR80.dll
_amsg_exit
_crt_debugger_hook
USERENV.dll
WTSAPI32.dll
HttpSendRequestW
InternetCrackUrlW
HttpOpenRequestW
HttpQueryInfoW
WININET.dll
NETAPI32.dll
BDMTinyXml.dll
RegOpenKeyExA
BaiduAnSvc.exe
.?AV?$CSingleton@VCRtpPluginContainer@@@BDMBase@@
.?AVCRtpPluginContainer@@
.?AV?$CSingleton@VCRTPServer@@@utils@@
.?AVCRTPServer@@
.?AVCBDMOptionsReportRecord@@
.?AVCBDMLauchReportRecord@@
.?AVCCmdPluginLauncher@@
.?AVCExePluginLauncher@@
.?AVIPluginCmdExecutor@@
.?AUPluginInfoPassiveSaver@@
.?AVheader@http@bena@@
.?AVresponse@http@bena@@
.?AVrequest@http@bena@@
ÿF=
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.4053" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS>
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>
5%6s6
7 828=8{8
;'</<5<]<
4%5X5b5w5
8!8'8-838
050=0"151
9!:4:]:|:
5h6D6~6s7
2%3U3
2&2-2:2?2
> >$>(>,>0>4>8>
4 4$4(4,40444]4
5"6 656]6
1$2-23292
8%9U9z9
0%0U0u0
5 5$5(5,5054585<5
9 9$9(9,9094989<9@9
1 1$1(1,10181|1
\PluginSetup.xml
/handle=%d /supplyid=%d /installmode=2 /S /D=%s
BDMDownload.dll
PackCache.xml
##cmd:
UninstalledPlugins.xml
%d.%d
\GlobalPluginInfo.xml
\LocalPluginInfo.xml
\HotPlugins.xml
\HotPlugin.bnr
PluginSetup.xml
explorer.exe
winlogon.exe
SOFTWARE\Microsoft\Windows\CurrentVersion
ntdll.dll
BaiduAnTray.exe
"{0}\{1}" {2}
SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
EXPLORER.EXE
BaiduAn.exe
BaiduAnUpdate.exe
BaiduAnBugRpt.exe
Global\BDMMutex{B2F10594-7119-4649-9326-AF1890C5CE56}
BDAFileHelper.exe
Global\BDMEvent{8C345A9A-F601-405d-AB4A-B459CD5E369E}
BDALeakfixer.exe
Global\TBD_SERVICE_{4A9CAFF9-6834-419c-AFB1-139AC49FF55E}
\\.\pipe\{B99F6A00-E6C9-4253-9708-C6EFB939FD53}
BDASoftmgr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduAn
\RTPPlugins\RtpContainerConfig.xml
C:\test.exe
d-d-d d:d:d d
d:d:d
%s(%d)
Last Error : %u(%s)
Global\BDMMutex{32EB1BC7-A5CD-4356-A6B1-54D7BF690CA7}
Global\{74B41C93-AC9A-4a9e-85E0-27A02EA509FA}
BDMNet.dll
BDMUPDATE_{626ADED9-5989-4e97-A482-09AC95C17D47}
BDMUpdate.dll
.bdtmp
.old_
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0
kernel32.dll
\Global.db
Diphlpapi.dll
D\\.\PhysicalDrive%d
\\.\Scsi%d:
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\Config\
2.3.0.2224
BaiduanSvc.exe

BaiduAnTray.exe_2280:

.text
`.rdata
@.data
.rsrc
@.reloc
u%SVW
;9u.SWj
8.uwS
n<.ut
;:u.SWj
SSSSSh
L$.UQf
%D|MJC|
%d.%d.%d
libprotobuf %s %s:%d] %s
..\src\google\protobuf\stubs\common.cc
..\src\google\protobuf\message_lite.cc
CHECK failed: !coded_out.HadError():
..\src\google\protobuf\io\coded_stream.cc
CHECK failed: (from.GetDescriptor()) == (descriptor):
..\src\google\protobuf\message.cc
: Tried to copy from a message with a different type.to:
..\src\google\protobuf\wire_format.cc
..\src\google\protobuf\reflection_ops.cc
..\src\google\protobuf\generated_message_reflection.cc
..\src\google\protobuf\descriptor.cc
". To use it here, please add the necessary import.
", which is not imported by "
$0$1 = $2
$0$1 $2 $3 = $4
.PLACEHOLDER_VALUE
.placeholder.proto
map key must name a scalar or string field.
map_key must not name a repeated field.
CHECK failed: dynamic.get() != NULL:
.foo = value".
.dummy
FieldDescriptorProto.extendee set for non-extension field.
FieldDescriptorProto.extendee not set for extension field.
Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "
CHECK failed: !out.HadError():
" is repeated. Repeated options are not supported.
Import "
Missing field: FileDescriptorProto.name.
File recursively imports itself:
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
\xx
..\src\google\protobuf\stubs\strutil.cc
..\src\google\protobuf\extension_set.cc
CHECK failed: iter != extensions_.end():
..\src\google\protobuf\extension_set_heavy.cc
..\src\google\protobuf\descriptor.pb.cc
google/protobuf/descriptor.proto
google/protobuf/descriptor.proto
google.protobuf"G
2$.google.protobuf.FileDescriptorProto"
2 .google.protobuf.DescriptorProto
2$.google.protobuf.EnumDescriptorProto
2'.google.protobuf.ServiceDescriptorProto
2%.google.protobuf.FieldDescriptorProto
.google.protobuf.FileOptions
.google.protobuf.SourceCodeInfo"
2/.google.protobuf.DescriptorProto.ExtensionRange
.google.protobuf.MessageOptions
2 .google.protobuf.FieldDescriptorProto.Label
2*.google.protobuf.FieldDescriptorProto.Type
.google.protobuf.FieldOptions"
2).google.protobuf.EnumValueDescriptorProto
.google.protobuf.EnumOptions"l
2!.google.protobuf.EnumValueOptions"
2&.google.protobuf.MethodDescriptorProto
.google.protobuf.ServiceOptions"
.google.protobuf.MethodOptions"
2).google.protobuf.FileOptions.OptimizeMode:
2$.google.protobuf.UninterpretedOption":
2$.google.protobuf.UninterpretedOption*
2#.google.protobuf.FieldOptions.CType:
experimental_map_key
2$.google.protobuf.UninterpretedOption"/
2-.google.protobuf.UninterpretedOption.NamePart
2(.google.protobuf.SourceCodeInfo.Location
com.google.protobufB
Tokenizer::ParseInteger() passed text that could not have been tokenized as an integer:
..\src\google\protobuf\io\tokenizer.cc
Tokenizer::ParseFloat() passed text that could not have been tokenized as a float:
Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:
..\src\google\protobuf\stubs\substitute.cc
..\src\google\protobuf\dynamic_message.cc
..\src\google\protobuf\text_format.cc
..\src\google\protobuf\descriptor_database.cc
Invalid file descriptor data passed to EncodedDescriptorDatabase::Add().
unsupported version
inflate 1.2.5 Copyright 1995-2010 Mark Adler
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
1.2.5
{C6642F75-8DBE-473d-A98B-940F84EF702C}
.\Global\ReportBase\msg.pb.cc
datapkg.FieldsList
datapkg.DataType
CreateReportClient
ReleaseReportClient
{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}
kernel32.dll
.\filedispatch\FileDispatch.pb.cc
c:\clientci\workspace\bdm_v2.3fix_compile\stable_proj\include\thirdInclude\google/protobuf/repeated_field.h
config_service.proto
.\BDMConfig\Protocol\config_service.pb.cc
config_service.proto"(
cmd_list
.ConfigItem"@
.ResultSet
Content-Length:%d
s.x.baidu.com
c:\clientci\workspace\bdm_v2.3fix_compile\main_proj\Source\MiniUpdate\thirdparty\google/protobuf/repeated_field.h
c:\clientci\workspace\bdm_v2.3fix_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp
.\update.pb.cc
%s:%u
%u.%u.%u.%u
addr %s not good...
Unsupported Media Type
HTTP Version not supported
HTTP/1.0
HTTP/1.1
1.0.0.1
.\header.pb.cc
https
ftpes
ftps
tftp
% ;?:@=&,$/-_!.~*()
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
%s\Connection
c:\clientci\workspace\bdm_v2.3fix_compile\basic\Output\BinRelease\BaiduAnTray.pdb
BDMSkin.dll
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
BDLogicUtils.dll
?BDMRegSmartCreateKey@BDMRegisterUtils@@YAHPB_WKPAPAUHKEY__@@PAK@Z
?BDMGetWindowsVersion@BDMMisc@@YAHAAKPA_WH@Z
BDMBase.dll
?GetWindowsDirectoryW@utils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
BDMFrameWork.dll
BDMStringUtils.dll
?BDMMsgGetModule@@YGJPAPAX@Z
BDMMsg.dll
GetWindowsDirectoryW
KERNEL32.dll
USER32.dll
GDI32.dll
RegOpenKeyExW
RegCloseKey
RegOpenKeyW
RegCreateKeyExW
RegDeleteKeyW
RegFlushKey
ADVAPI32.dll
ShellExecuteW
SHFileOperationW
ShellExecuteExW
SHELL32.dll
ole32.dll
OLEAUT32.dll
SHLWAPI.dll
MSVCP80.dll
MSVCR80.dll
_amsg_exit
_wcmdln
_crt_debugger_hook
PSAPI.DLL
WTSAPI32.dll
USERENV.dll
InternetCrackUrlW
HttpOpenRequestW
HttpQueryInfoW
HttpSendRequestW
WININET.dll
NETAPI32.dll
VERSION.dll
WS2_32.dll
BDMTinyXml.dll
GetProcessHeap
RegOpenKeyExA
BaiduAnTray.exe
??_B?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@51
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@0AAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@A
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?t@?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@4V?$singleton_wrapper@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@detail@34@A
.?AVCBDCmdParser@BDMLogicMisc@@
.?AVCBDMConfigReportRecord@@
.?AVCPluginMenuItemExecutor@@
.?AVIPluginCmdExecutor@@
.?AVCBDMLauchReportRecord@@
.?AVReportMessageBase@ns_reportbase@ns_global@@
.?AVRegSystemCallPassThrough@ns_common@@
.?AVReportClient@ns_reportbase@ns_global@@
.?AUPluginInfoPassiveSaver@@
.?AVCCmdPluginLauncher@@
.?AVCExePluginLauncher@@
.?AVheader@http@bena@@
.?AVresponse@http@bena@@
.?AVrequest@http@bena@@
#include "windows.h"
ÿF=
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.4053" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS>
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>
6t7X7^7g7s7
; ;;;_;|;
< <;<_<|<
3%4S4_4w4
2 2%2.282
88N8i8v8
:":):3:`:
4O4u4
>%>'?1?8?
3G4C4S4h4y4
1.2@2]2~2
4%4S4d4
=!=;=_=|=
6%7S7
<"= =5=]=
6o6V6q6
: :$:(:,:0:4:8:<:@:
3#3(3.343
1 1$1(1,1014181<1@1
8‰8S8c8v8
0!1&161|1
8„8u8
;&;-;4;?;
2/343>3\3
8Œ8
283D3z3
=$=,=8=\=|=
0 0(000<0`0
:$:,:4:@:|:
\PluginSetup.xml
PackCache.xml
##cmd:
UninstalledPlugins.xml
BDMDownload.dll
/handle=%d /supplyid=%d /installmode=2 /S /D=%s
%d.%d
\GlobalPluginInfo.xml
\LocalPluginInfo.xml
\HotPlugins.xml
\HotPlugin.bnr
PluginSetup.xml
%d.%d.%d.%d
ntdll.dll
EXPLORER.EXE
explorer.exe
BDMNet.dll
BaiduHips.exe
UDP-ADM_DRVE_ISTL_FID
UDP-ADM_DRVE_OPEN_FID
bdmantivirus\BDKitUtils.dll
system32\DRIVERS\BDMWrench.sys
BaiduSdSvc.exe
"%s\BaiduSdSvc.exe" -r
%Program Files% (x86)\Baidu
%Program Files%\Baidu
D:\Program Files (x86)\Baidu
D:\Program Files\Baidu
E:\Program Files (x86)\Baidu
E:\Program Files\Baidu
F:\Program Files (x86)\Baidu
F:\Program Files\Baidu
BaiduAnSvc.exe
"%s\BaiduAnSvc.exe" -r
BDMReport.dll
%s\baidu\baiduan\Config\8001.dat
%s\BaiduHips.exe
BaiduProtect.exe
"%s\BaiduProtect.exe" -r
%Program Files% (x86)\Common Files\Baidu
%Program Files%\Common Files\Baidu
D:\Program Files (x86)\Common Files\Baidu
D:\Program Files\Common Files\Baidu
E:\Program Files (x86)\Common Files\Baidu
E:\Program Files\Common Files\Baidu
F:\Program Files (x86)\Common Files\Baidu
F:\Program Files\Common Files\Baidu
%s\baidu\baidusd\Config\900.dat
BaiduSdTray.exe
xx
\\.\BDMWrench
Global\BDDefenseDriver{80438582-0F66-44E0-3D2B-2D7E872CBFBB}
CD61BB3A-403D-7650-5D9A-4E57EA1035E6
UDP-ADM_KITUTL_PH_SET_INVALID
UDP-ADM_WMWCH_PH_SET_INVALID
UDP-ADM_ST_ID:%d
UDP-ADM_DRVE_RUN
UDP-ADM_CLIENT_RUN
UDP-ADM_CPY_SYS_FID
UDP-ADM_OPEN_SYS_FID
UDP-ADM_INST_SYS_FID
UDP-ADM_SED_PAVER_FID
UDP-ADM_ATR_SET
UDP-ADM_SED_ATR_FID
UDP-ADM_SED_FSD
UDP-ADM_RPT_FID
UDP-ADM_FSD
\BaiduSdSvc.exe
\BaiduAnSvc.exe
UDP-ADM_RPT_INIT_FID
\system32\drivers\BDMWrench.sys
drivers\BDMWrench.sys
UDP-EVT_WFR
UDP-EVT_WFID
UDP-ADM_SED_PAVER2_FID
\BaiduSdTray.exe" -stmd=3
\BaiduAnTray.exe" -stmd=3
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
C9521EC1-6642-5CF6-8FB9-DE04639593BD
UDP-PS_KITUTI_PH_SET_INVALID
UDP-PS_LD_FID
UDP-PL_SRV_ID:%d
UDP-PL_SRV_RUN
UDP-PL_SRV_INSTPH_FID
UDP-PL_SRV_CK_REG_DAMG
UDP-PL_SRV_REPT01_FID
UDP-PL_SRV_REGREPIR_FID
UDP-PL_SRV_PL_FID
UDP-PL_SRV_REPT02_FID
UDP-PL_SRV_FSD
UDP-PL_TRY_ID:%d
UDP-PL_TRY_RUN
UDP-PL_TRY_INSTPH_FID
UDP-PL_TRY_UN_ATRUN
UDP-PL_TRY_REPT01_FID
UDP-PL_TRY_PL_FID
UDP-PL_TRY_REPT02_FID
UDP-PL_TRY_FSD
UDP-PL_RPT_INIT_FID
UDP-ADM_SET_KITU
UDP-ADM_SET_MWR_PATH
UDP-ADM_OS_ERR
UDP-ADM_PROC_DIR_UN_EXIST
UDP-ADM_PROC_GT_VER_FID
UDP-ADM_PROC_MATCH_FID
%s%d\%ld\
Download.data
download.db
publish.db
profile.db
%s_%d
%s%d\
metadata.db
\updateTips.dat
Baiduan.exe -stmd=2 -selplugin={BFB3F7A3-4FA1-466f-AB97-A96EFA9EFA6E}\{D8CD8DC5-D053-402a-99D9-47554C744B0C}
BDMQueryObj is faild is 0x%x
QueryIpcAddressHelper is faild is 0x%x
QueryIpcAddressHelper is success ,but IpcAddress List is Empty
{AF849809-EC94-47CB-80E9-1452BEC92ADA}
{1CB69707-E42B-4128-8A00-7336B93DC262}
baiduan.exe -stmd=6
ActivateMainApp_{BFB3F7A3-4FA1-466f-AB97-A96EFA9EFA6E}\
{E9C9ED70-127F-4BE4-9821-74160A768A90}
{7576896A-4E2F-4665-AB7D-95938D2632F1}
{F5E93978-539C-476B-9A7B-B6C32025A557}
{716CE9AE-35B9-4639-B585-47F6B47B4E2D}
{D8CD8DC5-D053-402a-99D9-47554C744B0C}
BDMgr.exe -stmd=7
BDMgr.exe -stmd=6
BDMgr.exe -stmd=7 -selplugin={914438D6-1EC4-434A-B6EC-20F84894C395}
hXXp://weishi.baidu.com/feedback/
TrayPluginContainerConfig.xml
{E059A29F-D2ED-4f28-849A-851AA9D5A05C}
QQ.exe
screen_snapshot.exe
SnippingTool.exe
CommonRes.rdb
BDMUpdate.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduAn
1800000
ic_question_48_48.png
file='skin_image1.png' xtiled='true' ytiled='true'
BDASoftmgr.exe
BDASWAcc.exe
BaiduAnBugRpt.exe
BDMgr.exe -stmd=61 -prel
BaiduAn.exe
BaiduAnUpdate.exe
Client.exe
\GameNoDisturb.ini
Shell32.dll
FreeDistractionTips.xml
BaiduAn{D8A4131D-3A7A-48a1-B080-28E1DC04F7C2}
ic_title_logo.png
btn_exit_hover_16_16.png
btn_opennodisturb_hover_16_16.png
btn_nodisturb_hover_16_16.png
btn_acc_hover_16_16.png
ico_mainpage_normal.png
btn_exit_normal_16_16.png
btn_acc_normal_16_16.png
btn_opennodisturb_normal_16_16.png
btn_nodisturb_normal_16_16.png
TrayMenu.xml
Config\config.ini
%d-%d-%d
ActivateTrayApp_{E6F42A49-F45B-4FDF-ADD8-DFAE10011BD1}
2.3.1.2681
hXXp://weishi.baidu.com
hXXp://weishi.baidu.com/privacy.html
about.xml
@advapi32.dll
QueryIpcAddressHelper
testtips.xml
D:\BDdownloads
Global\{74B41C93-AC9A-4a9e-85E0-27A02EA509FA}
B\\.\pipe\{B99F6A00-E6C9-4253-9708-C6EFB939FD53}
BDMUPDATE_{626ADED9-5989-4e97-A482-09AC95C17D47}
.bdtmp
.old_
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0
\Global.db
Fiphlpapi.dll
F\\.\PhysicalDrive%d
\\.\Scsi%d:
0123456789
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\Config\
BaiduanTray.exe

services.exe_760_rwx_006E0000_00001000:

%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bd0001.dll


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    vcredist_x86.exe:608
    MsiExec.exe:680

  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x64\bd00021.sys (218 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDAFileHelper1.exe (7386 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmpatcherplugins\BDMPatcher.dll (5442 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\GCCommunicate.dll (28 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\tmpmdszir.dll (29256 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\GCScriptBind.dll (3815 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\BDMPatcherPlugin.dll (7386 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SWManager.rdb (1812 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\homepage.ini (361 bytes)
    %Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (32 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_second_speed.png (15 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOTraceConfig.xml (9 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsusplugins\BDMNetMonSusPlugin.dll (3721 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\BDMWrench.sys (122 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\Pizmdb.7z (213482 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_4_speed.png (15 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\MainframePluginContainerConfig.xml (1 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SafePlugin.rdb (4 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\Mainpage.rdb (3831 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDMTips.rdb (183 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\scan_mgr_config.dat (2 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_8_speed.png (15 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\BDMSafePlugin1.dll (6420 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDKV1.rdb (29 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\CompatibilityChecker.dll (140 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Bkfg.dll (3811 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BaiduAnBugRpt.exe (6437 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\Unknownfile.rdb (48 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDSWShellExt64.dll (3664 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\EnhanceBoost.dll (275 bytes)
    %Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SYSAccMgrDll.dll (3761 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDMSetting.rdb (85 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMSWParseDetect.dll (1613 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDKVLogs.dll (7386 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_1_speed.png (15 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMPatchAgent.dll (37 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SYSCleaner.dll (7386 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMNetGetInfo.dll (11344 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\DriverManager.dll (119 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDNetMisc.dll (67 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x86\BDArKit.sys (91 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDMTray.rdb (20 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMMsg.dll (49 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\GlobalPluginInfo.xml (25 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDLogicUtils.dll (3833 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMSOCleanerTrayPlugin.dll (3757 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\BDMNetMonMgrDll.dll (62 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_class_filter.db (5442 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bd0001.dll (131 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bd0002.dll (1749 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x86\BDMNetMon_XP_x86.sys (95 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMNet.dll (3024 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\blacksign.dat (537 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\NetService.ini (590 bytes)
    %Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (1209 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\TrustAndIso.dll (262 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\SWCatalogDataItem.xml (1 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x64\BDArKit.sys (80 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\tgqdy.dll (4 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\{F5E93978-539C-476B-9A7B-B6C32025A557}.png (1 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmkvscanplugin\BDMKVScanPlugin.dll (3745 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\LocalPluginInfo.xml (14 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\uninst.exe (9606 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\tgqdy.dll.bdl (620140 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\websafe\WebSafe.dll (6428 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\BDMSOLiveAccDataMgr.dll (168 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\RTPPlugins\HIPS.dll (7386 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Download\bddownloader.exe (7972 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMReport.dll (5442 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMStringUtils.dll (66 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMScriptVM.dll (213 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\BDMRepMgr.dll (3733 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\BDMSOLiveAccStrategyMgr.dll (107 bytes)
    %Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SusPlugin.rdb (163 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\licenses\directui license.txt (593 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\virus_type.dat (485 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_7_speed.png (15 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_9_speed.png (15 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOSilentCleanerConfig.dat (12 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\bdt\33f59beac1c942dd19f41a7fd30f3f9b.bdt (647 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_repairproperty.dat (2 bytes)
    %Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (24 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\Patcher.rdb (143 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMUpdate.dll (3729 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\bdt\68905108990c088c31aead3b6d1651be.bdt (519 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Download\bdcomproxy.dll (70 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMBase.dll (5442 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsusplugins\BDMSOAccSusPlugin.dll (3737 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerConfig.dat (6 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\BDMSWManagerFrame.dll (3725 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMMainFrame.dll (9606 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\BDAVCache.dll (7386 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SysOptDict.dat (4 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMSusPlugin.dll (3745 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\BDMSysFixerPlugin.dll (5442 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDCooly.dll (7386 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMSkin.dll (36698 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_3_speed.png (15 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMTinyXml.dll (181 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMSOAccTrayPlugin.dll (3733 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\CommonRes.rdb (7386 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\HotPlugins.xml (386 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\GameNoDisturb.ini (215 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SysFixer.rdb (87 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\BDMSOLiveAccEngine.dll (111 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\RTPPlugins\RtpContainerConfig.xml (474 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_blank_speed.png (14 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDLogicUtils.dll.bdl (40821 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BaiduAnTray1.exe (12289 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SORegCleanerConfig.dat (900 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x64\BDMNetMon_WIN7_x64.sys (109 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\hu.dll (3312 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMDownload.dll (5520 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_acc.dat (3 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerPreScan.dat (1 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_minute_speed.png (15 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\System.dll (784 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\BDMProcessRunningTime.dll (82 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMFrameWork.dll (271 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerScript.dat (58 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\vcredist_x86.exe (17629 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMNet.dll (6392 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\BDEnhanceBoost.sys (59 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\BDMSOManagerPlugins\BDMSOCleanerPlugin.dll (15801 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BaiduAnSvc1.exe (7972 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDASWAcc.exe (46 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDSWShellExt.dll (1720 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDMUpdate.rdb (1630 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\app.ico (1623 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\BDMKVMainPlugin.dll (5442 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_6_speed.png (15 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SOManager.rdb (1741 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\RTPPlugins\BDMSOAccServicePlugin.dll (1859 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_2_speed.png (15 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BaiduAn1.exe (1683 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmswmanagerplugins\BDMSWManagerView.dll (7386 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOTraceCleanerConfig.dat (5 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Download\dl.dll (12289 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\KVCommonRes.rdb (109 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmpatcherplugins\PatcherContainer.xml (563 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMTips.exe (3743 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMSkin.dll (5442 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SiteInspection.rdb (1868 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\BDMCoolyPlugins\BDMCoolyContainerConfig.xml (465 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\Softmgr.rdb (690 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x86\bd00021.sys (206 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\SysFixer.dll (267 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDALeakfixer.exe (7386 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\sd\BDLogicUtils.dll (3832 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\SysFixerLuaScript.dat (145 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\sd\FileMon.dll (7972 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerCheckItem.dat (1 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsusplugins\SusPluginContainerConfig.xml (605 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\PluginSetup.xml (1 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\804.dat (3 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMTrayTipsPlugin.dll (7386 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMDownload.dll (324 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\dl.dll (65930 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\systemfile.dat (3 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOGarbageCleanerConfig.dat (12 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\pluginUnit.dat (727 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\BDMCoolyPlugins\BDMSOAccCoolyPlugin.dll (1834 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmkvscanplugin\BDMKVScanPluginContainerConfig.xml (380 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_5_speed.png (15 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\PluginManager.dll (6359 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x86\bd0001.sys (70 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMSWNestCore.dll (6428 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\bdt\3d47db2aaf2f15af6b0fdabd9474d2cd.bdt (3 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SysAccelerator.rdb (1742 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMCommon.dll (1609 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\ad.dll (6379 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SysAccLiveStrategy.dat (93 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x86\BDMNetMon_WIN7_x86.sys (94 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_property.dat (267 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_extlist.dat (3 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x64\bd0001.sys (160 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\licenses\duilib license.txt (1 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_0_speed.png (15 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOHomePageCleanerConfig.dat (12 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BaiduAnUpdate.exe (7972 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SOTurbo.rdb (18 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nswB3.tmp (110649 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\BDMSOManagerPlugins\BDMSOAcceleratorPlugin.dll (6424 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Download\7z.dll (1652 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\TrayPluginContainerConfig.xml (1 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\SysRepLib.dat (22 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BP.dll (30058 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\kav_compatible.dat (25 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMWindowsLib.dll (99 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\GCCallbackBind.dll (24 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\SysFixerConfig1.dat (1 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmpatcherplugins\BDMConnect.dll (7386 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\SafePluginContainerConfig.xml (1 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\StartupDict.dat (1783 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\KVMain.rdb (55 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\bduf.dll (3823 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\BDMAVEng.dll (6420 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDMTray\TrayPlugin.rdb (3 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\BDKitUtils.dll (62 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\SysFixerXMLScript.dat (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\res\onlineWnd.zip (14184 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\bdt\f2d00606824cd42a1c03eb9caa15e29f.bdt (631 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\BDMRepBase.dll (3897 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDASoftmgr1.exe (7386 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bg_tips_speed_win8.png (4 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\patch\publish.db (30058 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOGarbageConfig.xml (14 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_appassext.dat (2 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\PluginManager\PluginConfig.db (12289 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SORegCleanerScript.dat (14 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMReport.dll.bdl (30090 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMNet.dll.bdl (28543 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOPluginCleanerConfig.dat (442 bytes)
    %Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\hips.xml (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\vcredis1.cab (6255 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\vcredist.msi (42423 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "wextract_cleanup0" = "rundll32.exe %System%\advpack.dll,DelNodeRunDLL32 C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\"

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  6. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now