Skip to main content

Trojan.Win32.FlyStudio_fb19d72726


HEUR:Trojan-Downloader.Win32.Generic (Kaspersky), Gen:Variant.Symmi.48377 (B) (Emsisoft), Trojan.Win32.FlyStudio.FD, mzpefinder_pcap_file.YR, GenericEmailWorm.YR (Lavasoft MAS)Behaviour: Trojan-Downloader, Trojan, Worm, EmailWorm

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: fb19d727263c37bf685e453975c01269

SHA1: 50f32856e588fe9062cf917375ebabefa6c1d532

SHA256: e675ab1c9a5311a2757858be3bc06a3ef72a5076de100ae055787ce245922a32

SSDeep: 12288:MeBy9Zkt/6gHZeAw76sYmhcjeFbgFgHFv:MeBJcg5YSe9lv

Size: 568144 bytes

File type: EXE

Platform: WIN32

Entropy: Packed

PEID: UPolyXv05_v6

Company: no certificate found

Created at: 2015-09-29 06:32:48

Analyzed on: WindowsXP SP3 32-bit

Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Dynamic Analysis

Payload

Behaviour Description
EmailWormWorm can send e-mails.


Process activity

The Trojan creates the following process(es):

Baidu_Setup_1.6.200.359_ftn_1050103060.exe:1308
Baidu.exe:968
Baidu.exe:1836
Baidu.exe:2540
Baidu.exe:3220
YouQian_Setup.exe:1488

The Trojan injects its code into the following process(es):

%original file name%.exe:856
Baidu_Setup_1.6.200.359_ftn_1050103060.exe:492
Baidu.exe:808

Mutexes

The following mutexes were created/opened:

WininetProxyRegistryMutexWininetConnectionMutexWininetStartupMutexc:!documents and settings!adm!local settings!history!history.ie5!c:!documents and settings!adm!cookies!c:!documents and settings!adm!local settings!temporary internet files!content.ie5!_!MSFTHISTORY!_ZonesLockedCacheCounterMutexZonesCounterMutexZonesCacheCounterMutexRasPbFileShimCacheMutex

File activity

The process %original file name%.exe:856 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\EDTTN6HH\7gj1[1] (991986 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F6HGJOR7\7b1[1] (353734 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\EDTTN6HH\Baidu_Setup_1.6.200.359_ftn_1050103060[1].exe (688653 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F6HGJOR7\2k[1] (205033 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\EDTTN6HH\uc1[1] (984448 bytes)

The process Baidu_Setup_1.6.200.359_ftn_1050103060.exe:1308 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
%WinDir%\Temp\baidu\youqian\桌面百度\process.cfg (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp (284894 bytes)
%WinDir%\Temp\baidu\youqian\桌面百度\YouQian_Setup.exe (25112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
%WinDir%\Temp\baidu\youqian\桌面百度\桌面百度.ini (1607 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\BDMSkin.dll (37727 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\InstallHelper.dll (26688 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
%WinDir%\Temp\baidu\youqian\桌面百度\132.exe (172202 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsv1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp (0 bytes)

The process Baidu_Setup_1.6.200.359_ftn_1050103060.exe:492 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\error-pages_x.png (89 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm5.tmp (447624 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\349.png (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Base.dll (77808 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\Software.pb (9984 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\res_xiaoxizhongxin.png (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\iconall-1.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\arrow.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\Utils.dll (23296 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\haze.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\executor.xml (233 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\error-pages\connection-error.html (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\login\login.html (6 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\png8-logo57x65.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\InstallHelper.dll (3616 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Update.dll (11040 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F6HGJOR7\bdzc_Setup_2.0.3.124[1].dll (18424 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-center-left.png (130 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\PluginSetup.xml (654 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\storm.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\msgconfig.pb (142 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\icon_xinwen.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-center-right.png (130 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\msvcr100.dll (25824 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\foggy.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\login_mods.js (14 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\sleet.png (741 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\enter.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.0\skinres.rdb (8 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\pack.bat (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.0\weixinUI.xml (345 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\request.js (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\heavy-storm.png (926 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\download-hover.png (985 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\error-pages\app-error.html (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\uninst.exe (18640 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\bookmarks_z.png (7 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\light-rain.png (864 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\BDWebDownload.dll (7192 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\executor.xml (310 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\icon_gupiao.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\sandstorm.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\bianqian\1.0.0.0\PluginSetup.xml (625 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\logo57x65.png (4 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\error-pages\crash.html (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\yinyue\1.0.0.0\skinres.rdb (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\PluginSetup.xml (612 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\overcast.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\shower.png (817 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\yinyue\1.0.0.0\icon_yinyue.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\font\open-sans\OpenSans-Light-webfont.woff (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\se\icon-google.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\mod.js (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\foggy.png (663 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\split_m.png (124 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\kuaidi.png (312 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\res_jietu.png (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\dust.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.0\res_weixin.png (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\default-icon.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\dy.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\Base.dll (38904 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Protocol.dll (24048 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\msvcr100.dll (51648 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\executor.xml (172 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\advance.png (377 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\44.png (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\green_arrow_up.png (154 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\bianqian\1.0.0.0\icon_bianqian.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\PluginSetup.xml (612 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\344.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\respond.min.js (4 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\split_m.png (925 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BaiduBugRpt.exe (13168 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\icon-circle-loading.gif (9 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\folder.png (276 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\error-pages\404.html (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\vedio_play.png (465 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\yinyue\1.0.0.0\res_yinyue.png (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\js\main.js (1552 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\jietuDll.dll (3312 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Skins\AssociateWnd.rdb (1568 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\heavy-snow.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\UIHandler.dll (120372 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\icon-loading.gif (5 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\banner.png (5 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\thundershower.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\gupiaoUI.xml (336 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\heavy-snow.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-radio-unchecked.png (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-button-search-large.png (408 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\history_mods.js (6360 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\thundershower-with-hail.png (946 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\png8-ala.png (561 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\jietuUI.xml (347 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Skins\Update.rdb (6624 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\layout.css (11 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\severe-storm.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\settings_mods.js (2392 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\DD_belatedPNG_0.0.8a-min.js (6 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-top-left.png (194 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\bianqian\1.0.0.0\bianqianUI.xml (346 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\pack_z.png (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-button-search.png (382 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\qq.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\moderate-rain.png (963 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.0\executor.xml (241 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\screensnapshot.exe (20624 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\shower.png (481 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\skinres.rdb (1856 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\js\libs\super-ajax.js (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\snow-storm.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\download.png (991 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\xinwenUI.xml (342 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\XiaoXiUI.xml (382 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\box-shadow.css (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\res_resou.png (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\mg-close.png (170 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\366.png (5 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\snow-flurry.png (479 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\PluginMgr.dll (49664 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LogicMisc.dll (140990 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\server-storm.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-textbox.png (588 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\msvcp100.dll (28368 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\icon-alert-ok.png (2392 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\dy.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\png8-ex.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\resouUI.xml (340 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\skinres.rdb (1856 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\aladdin.html (2 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\auto_complete\top_site.db (10128 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-searchbox-active.png (893 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\history.css (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-bottom-left.png (249 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\map.js (8 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\yinyue\1.0.0.0\executor.xml (150 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\msvcp100.dll (14184 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\yinyue\1.0.0.0\yinyueUI.xml (358 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\png8-iconall-1.png (197 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\gz.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\js\libs\jquery-ui-1.10.4.custom.min.js (1552 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\login-success.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\error-pages\res\js\common.js (990 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\login.css (7 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\res_xinwen.png (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\1px.png (947 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\363.png (4 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\logo_blank.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\music_play.png (155 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\loading.png (1552 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\sunny.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\PluginSetup.xml (622 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\settings.css (2392 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-bottom-right.png (259 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-bottom-center.png (143 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\icon-clear-general-png8.png (841 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\bianqian\1.0.0.0\res_bianqian.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\bianqian\1.0.0.0\skinres.rdb (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\new.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\js\libs\jquery-1.11.1.min.js (3312 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\gray1px.png (918 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\download-hover.png (177 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\iconall.gif (94 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\json2.js (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\privacy.png (296 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\ice-rain.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\PWidgetAppCommonBase.dll (14384 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\rpt.dat (222 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\login_z.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\MsgPush.dll (31072 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\iframe_loading.gif (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\input.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\favicon.ico (5 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-checkbox-unchecked.png (361 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\testIO.exe (784 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\AppHTMLXinWen.xml (442 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Skins\Setting.rdb (3712 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\snow-storm.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\icon_jietu.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\appBlackList.dat (8 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\executor.xml (234 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Skins\BDSearchBar.rdb (6624 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\bookmarks.html (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\global.js (8184 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\yinyue\1.0.0.0\PluginSetup.xml (616 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-checkbox-checked.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\mg-newtab.png (197 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\1.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\icon_xiaoxizhongxinNotify.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\general.png (379 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\green_arrow_down.png (150 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\cloudy.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\history_z.png (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\light-snow.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\se\icon-taobao.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\input.png (214 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\XiaoXiUINotify.xml (412 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\error-pages_z.png (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\unknown.png (480 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\vedio_play.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\font\open-sans\OpenSans-Light-webfont.eot (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-top-right.png (202 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\arrow-png8.png (260 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Utils.dll (46592 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\folder-arrow-png8.png (292 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\bookmarks.css (9 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\icon-clear-general.png (866 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-radio-checked.png (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\red_arrow_down.png (944 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\reset.css (826 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\skinres.rdb (1856 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\dust.png (812 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BrowserCore.dll (67072 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\ie-fix.css (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\res_xiaoxizhongxinNotify.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\loading.png (1552 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\ice-rain.png (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\bookmarks_mods.js (1856 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\se\icon-baidu.png (367 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\green_arrow_down.png (944 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\arrow.png (203 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\PluginSetup.xml (616 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\sf.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\green_arrow_up.png (943 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\bg-circle-loading.png (6 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\red_arrow_down.png (150 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\executor.xml (232 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sc_tmp.dll.bdtmp (18424 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Report.dll (7232 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\365.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\loading.png (1552 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\moderate-snow.png (992 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\icon-tree-search-ie8.png (15 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\CommonWorker.dll (3712 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\343.png (4 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\unknown.png (851 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\bg-circle-loading-large.png (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\368.png (5 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\error-pages.css (7 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\sleet.png (436 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\png8-dialog-close.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.0\PluginSetup.xml (616 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\gz.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BrowserFrame.dll (67494 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\logo25x29.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\qxdh20140619.png (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Skins\AppContainer.rdb (10 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\cloudy.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\Report.dll (3616 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\duststorm.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\red_arrow_up.png (943 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-button-new.png (977 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\thundershower-with-hail.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\skinres.rdb (23424 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\app-reload.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-button.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\LocalPluginInfo.xml (4 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\moderate-rain.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-searchbox.png (893 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\server-storm.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\DetectVm.dll (4784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\snow-flurry.png (847 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\folder-arrow-hover-png8.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\AppHTMLReSou.xml (438 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\Protocol.dll (12024 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.0\icon_weixin.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\storm.png (815 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BDMSkin.dll (60928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mb_setup.log (2575 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\BDMSkin.dll (30464 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Download.dll (4784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\heavy-rain.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\music_play.png (960 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BaiduUpdate.exe (11040 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\GlobalPluginInfo.xml (6 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\error-pages\connection-fail.html (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\js\libs\jquery.color-2.1.2.min.js (6 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\AppHTMLGuPiao.xml (440 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\loading.png (1552 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\new.png (232 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\heavy-rain.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\icon_xiaoxizhongxin.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\bianqian\1.0.0.0\bianqianDll.dll (16 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Skins\BrowserNotify.rdb (14384 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\bdb_scheme.dat (1484 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\mg-refresh.png (215 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\bianqian\1.0.0.0\executor.xml (187 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\res\InstallWnd.zip (3616 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\heavy-storm.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\light-rain.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\font\open-sans\OpenSans-Light-webfont.svg (4992 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\se\icon-baidu1.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\AppHTMLXiaoXi.xml (440 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-radio-tooltip-png8.png (329 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\thundershower.png (898 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Skins\CommonRes.rdb (74736 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\duststorm.png (811 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\enter.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\bookmark\bookmark.db (20 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\split_g.png (968 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\atl100.dll (10128 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\347.png (4 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\download.png (177 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\js\libs\dataReport.js (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\pack.css (784 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\red_arrow_up.png (154 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\CheckerProxy.dll (10128 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\skinres.rdb (1856 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\icon_resou.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\head-star-png8.png (450 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\severe-storm.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\png8-dialog.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BDClientProxy.dll (45104 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\overcast.png (680 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\ala.png (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\font\open-sans\OpenSans-Light-webfont.ttf (1552 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\sunny.png (856 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\mg-foward.png (156 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\light-snow.png (918 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\settings_z.png (11 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-top-center.png (122 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\res_gupiao.png (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\split_g.png (248 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Heartbeat.dll (14384 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\moderate-snow.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\error-pages\ssl-error.html (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\png8-login-success.png (824 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\mg-back.png (154 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\kuaidi.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Baidu.exe (24048 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\sand.png (1 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsr4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp (0 bytes)

The process Baidu.exe:808 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\settings\user_setting.db (24 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\blank_tab\new_tab.db-journal (512 bytes)
%Documents and Settings%\All Users\Baidu\BDCLProxy\10000302_130895171752697500.dat (314 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\stock.pb (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\CheckerExe.exe (63735 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\auto_complete\auto_complete.db (284596 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\bookmark\bookmark.db.bak (10 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\auto_complete\auto_complete.db-journal (5454 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\novel.pb (2 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\settings\default_setting.db (24 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\blank_tab\new_tab.db (145 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\blank_tab\new_tab.db-journal (0 bytes)
%Documents and Settings%\All Users\Baidu\BDCLProxy\10000302_130895171752697500.dat (0 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\auto_complete\auto_complete.db-journal (0 bytes)

The process Baidu.exe:1836 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Desktop\百度.lnk (1 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\百度\卸载百度.lnk (1 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\百度.lnk (1 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\百度.lnk (1 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\百度\百度.lnk (1 bytes)

The process YouQian_Setup.exe:1488 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)

Registry activity

The process %original file name%.exe:856 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E0 8F 1D B3 33 71 2A 29 F8 42 02 F5 12 48 40 E4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process Baidu_Setup_1.6.200.359_ftn_1050103060.exe:1308 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5A 4A 86 52 67 75 0D F3 B0 95 A1 D3 7C BF 36 EB"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Baidu\BaiduYouQian\packageinstall]
"param" = "Xxjh9G0tXMLez7O2T5upZbVkEFeGSirxy9dYQekwVzz3Z1ikJ jGDPSC0WRykW8aBmNrUQLi0OivztreQTX3edZTHioyulIhwOqiMyhdNK5MIUOU gYtMOfnR5maiaU9pCLak4mk2g7IGTEYLRGOkoo0QxbHsGj8Iv7jDuuJCgpSTL4Y2DQ0HuRIvWnwySHLybfpSRZkg29W8v/4oj0Bw2BJW6DWTg9VdBGmSEvZ1Ts8wvoZ41Dg nELDVclUFp2ihqcJPWYwTXJCCUc98tEqHuPf1CmzlAFFQaavUCwz/Geq45ALZiGAvlfHXZEJ5fQ50uD7lzwPCim6hqqGPp ra6HcmESFC6V1MGyIxU4kJzPtnT2xv67aOTXPT8nGfpbFBbAHxoLdmNabYU fdZPJ c U3HbzBeoO/qJaLe5hDaCjLD0a9EnDBDJ1izfKUw/Wxw0t3hDna1QSle7Y9kQ6bW GTxGl/lceIohXMputK67QsdQZRh QJ6EkgMFnwwh"

The process Baidu_Setup_1.6.200.359_ftn_1050103060.exe:492 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}]
"Policy" = "3"

[HKLM\SOFTWARE\Baidu\Baidu]
"TN" = "SE_Baiduclient_9vpgkwv8"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359]
"baidu.exe" = "百度主程序"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}]
"AppPath" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1C 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度]
"UninstallString" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\uninst.exe"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度]
"DisplayName" = "百度"

[HKLM\SOFTWARE\Baidu\Baidu]
"SupplyID" = "1050103060"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Baidu\Baidu\ConStatus]
"AutoRun" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Baidu\Baidu]
"BrowserSelected" = "2"

"INSTLANG" = "2052"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度]
"Publisher" = "百度在线网络技术(北京)有限公司"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Baidu\Baidu]
"InstallDir" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Baidu\Baidu]
"Version" = "1.6.200.359"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C7 F3 D4 F5 5C 98 BD FA 37 40 BE 0D 0F 88 FE 78"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}]
"AppName" = "Baidu.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度]
"DisplayVersion" = "1.6.200.359"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Baidu\Baidu]
"InstallDate" = "2015-10-17"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Baidu\Baidu]
"channel" = "MainFrame=0,SearchBar=1,Tray=1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度]
"DisplayIcon" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Baidu.exe,0"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"BaiduClient" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Baidu.exe -noclient"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process Baidu.exe:968 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "23 DA D8 51 00 8E 89 5F C8 C9 5B 45 F3 B5 A3 F4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359]
"BaiduUpdate.exe" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BaiduUpdate.exe:*:Enabled:BaiduUpdate.exe"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359]
"BaiduUpdate.exe" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BaiduUpdate.exe:*:Enabled:BaiduUpdate.exe"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359]
"baidu.exe" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Baidu.exe:*:Enabled:Baidu.exe"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359]
"BaiduBugRpt.exe" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BaiduBugRpt.exe:*:Enabled:BaiduBugRpt.exe"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359]
"BaiduBugRpt.exe" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BaiduBugRpt.exe:*:Enabled:BaiduBugRpt.exe"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359]
"baidu.exe" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Baidu.exe:*:Enabled:Baidu.exe"

The process Baidu.exe:808 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9C 6E 45 87 80 A4 B7 06 F3 B9 81 4B 11 14 64 3C"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Recent" = "%Documents and Settings%\%current user%\Recent"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The process Baidu.exe:1836 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FA 49 05 4F EF DA A3 46 F1 A0 FB 5D 34 81 09 82"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

The process Baidu.exe:2540 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9D 7B 70 4F E5 0D 60 A8 C0 2F DA 6B 06 69 05 BE"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

The process Baidu.exe:3220 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3D 51 9D B6 76 06 C0 43 91 E1 D8 6D 30 13 E1 38"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

The process YouQian_Setup.exe:1488 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "83 91 78 4A 9A B4 DF DB F7 0C A0 31 00 18 DD 71"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

Dropped PE files

There are no dropped PE files.

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.

Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    Baidu_Setup_1.6.200.359_ftn_1050103060.exe:1308
    Baidu.exe:968
    Baidu.exe:1836
    Baidu.exe:2540
    Baidu.exe:3220
    YouQian_Setup.exe:1488

  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\EDTTN6HH\7gj1[1] (991986 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F6HGJOR7\7b1[1] (353734 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\EDTTN6HH\Baidu_Setup_1.6.200.359_ftn_1050103060[1].exe (688653 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F6HGJOR7\2k[1] (205033 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\EDTTN6HH\uc1[1] (984448 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
    %WinDir%\Temp\baidu\youqian\桌面百度\process.cfg (210 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp (284894 bytes)
    %WinDir%\Temp\baidu\youqian\桌面百度\YouQian_Setup.exe (25112 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
    %WinDir%\Temp\baidu\youqian\桌面百度\桌面百度.ini (1607 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\BDMSkin.dll (37727 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\InstallHelper.dll (26688 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
    %WinDir%\Temp\baidu\youqian\桌面百度\132.exe (172202 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\error-pages_x.png (89 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsm5.tmp (447624 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\349.png (3 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Base.dll (77808 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\Software.pb (9984 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\res_xiaoxizhongxin.png (3 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\iconall-1.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\arrow.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\Utils.dll (23296 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\haze.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\executor.xml (233 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\error-pages\connection-error.html (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\login\login.html (6 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\png8-logo57x65.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\InstallHelper.dll (3616 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Update.dll (11040 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F6HGJOR7\bdzc_Setup_2.0.3.124[1].dll (18424 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-center-left.png (130 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\PluginSetup.xml (654 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\storm.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\msgconfig.pb (142 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\icon_xinwen.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-center-right.png (130 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\msvcr100.dll (25824 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\foggy.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\login_mods.js (14 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\sleet.png (741 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\enter.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.0\skinres.rdb (8 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\pack.bat (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.0\weixinUI.xml (345 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\request.js (3 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\heavy-storm.png (926 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\download-hover.png (985 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\error-pages\app-error.html (2 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\uninst.exe (18640 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\bookmarks_z.png (7 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\light-rain.png (864 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\BDWebDownload.dll (7192 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\executor.xml (310 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\icon_gupiao.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\sandstorm.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\bianqian\1.0.0.0\PluginSetup.xml (625 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\logo57x65.png (4 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\error-pages\crash.html (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\yinyue\1.0.0.0\skinres.rdb (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\System.dll (784 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\PluginSetup.xml (612 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\overcast.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\shower.png (817 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\yinyue\1.0.0.0\icon_yinyue.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\font\open-sans\OpenSans-Light-webfont.woff (784 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\se\icon-google.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\mod.js (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\foggy.png (663 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\split_m.png (124 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\kuaidi.png (312 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\res_jietu.png (2 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\dust.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.0\res_weixin.png (3 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\default-icon.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\dy.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\Base.dll (38904 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Protocol.dll (24048 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\msvcr100.dll (51648 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\executor.xml (172 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\advance.png (377 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\44.png (3 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\green_arrow_up.png (154 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\bianqian\1.0.0.0\icon_bianqian.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\PluginSetup.xml (612 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\344.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\respond.min.js (4 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\split_m.png (925 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BaiduBugRpt.exe (13168 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\icon-circle-loading.gif (9 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\folder.png (276 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\error-pages\404.html (2 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\vedio_play.png (465 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\yinyue\1.0.0.0\res_yinyue.png (2 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\js\main.js (1552 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\jietuDll.dll (3312 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Skins\AssociateWnd.rdb (1568 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\heavy-snow.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\UIHandler.dll (120372 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\icon-loading.gif (5 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\banner.png (5 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\thundershower.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\gupiaoUI.xml (336 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\heavy-snow.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-radio-unchecked.png (3 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-button-search-large.png (408 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\history_mods.js (6360 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\thundershower-with-hail.png (946 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\png8-ala.png (561 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\jietuUI.xml (347 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Skins\Update.rdb (6624 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\layout.css (11 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\severe-storm.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\settings_mods.js (2392 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\DD_belatedPNG_0.0.8a-min.js (6 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-top-left.png (194 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\bianqian\1.0.0.0\bianqianUI.xml (346 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\pack_z.png (784 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-button-search.png (382 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\qq.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\moderate-rain.png (963 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.0\executor.xml (241 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\screensnapshot.exe (20624 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\shower.png (481 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\skinres.rdb (1856 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\js\libs\super-ajax.js (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\snow-storm.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\download.png (991 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\xinwenUI.xml (342 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\XiaoXiUI.xml (382 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\box-shadow.css (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\res_resou.png (3 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\mg-close.png (170 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\366.png (5 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\snow-flurry.png (479 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\PluginMgr.dll (49664 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LogicMisc.dll (140990 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\server-storm.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-textbox.png (588 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\msvcp100.dll (28368 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\icon-alert-ok.png (2392 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\dy.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\png8-ex.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\resouUI.xml (340 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\skinres.rdb (1856 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\aladdin.html (2 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\auto_complete\top_site.db (10128 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-searchbox-active.png (893 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\history.css (784 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-bottom-left.png (249 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\map.js (8 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\yinyue\1.0.0.0\executor.xml (150 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\msvcp100.dll (14184 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\yinyue\1.0.0.0\yinyueUI.xml (358 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\png8-iconall-1.png (197 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\gz.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\js\libs\jquery-ui-1.10.4.custom.min.js (1552 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\login-success.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\error-pages\res\js\common.js (990 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\login.css (7 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\res_xinwen.png (2 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\1px.png (947 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\363.png (4 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\logo_blank.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\music_play.png (155 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\loading.png (1552 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\sunny.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\PluginSetup.xml (622 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\settings.css (2392 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-bottom-right.png (259 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-bottom-center.png (143 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\icon-clear-general-png8.png (841 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\bianqian\1.0.0.0\res_bianqian.png (2 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\bianqian\1.0.0.0\skinres.rdb (784 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\new.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\js\libs\jquery-1.11.1.min.js (3312 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\gray1px.png (918 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\download-hover.png (177 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\iconall.gif (94 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\json2.js (2 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\privacy.png (296 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\ice-rain.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\PWidgetAppCommonBase.dll (14384 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\rpt.dat (222 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\login_z.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\MsgPush.dll (31072 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\iframe_loading.gif (784 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\input.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\favicon.ico (5 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-checkbox-unchecked.png (361 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\testIO.exe (784 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\AppHTMLXinWen.xml (442 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Skins\Setting.rdb (3712 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\snow-storm.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\icon_jietu.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\appBlackList.dat (8 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\executor.xml (234 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Skins\BDSearchBar.rdb (6624 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\bookmarks.html (3 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\global.js (8184 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\yinyue\1.0.0.0\PluginSetup.xml (616 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-checkbox-checked.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\mg-newtab.png (197 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\1.png (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\icon_xiaoxizhongxinNotify.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\general.png (379 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\green_arrow_down.png (150 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\cloudy.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\history_z.png (784 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\light-snow.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\se\icon-taobao.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\input.png (214 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\XiaoXiUINotify.xml (412 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\error-pages_z.png (784 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\unknown.png (480 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\vedio_play.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\font\open-sans\OpenSans-Light-webfont.eot (784 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-top-right.png (202 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\arrow-png8.png (260 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Utils.dll (46592 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\folder-arrow-png8.png (292 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\bookmarks.css (9 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\icon-clear-general.png (866 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-radio-checked.png (3 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\red_arrow_down.png (944 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\reset.css (826 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\skinres.rdb (1856 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\dust.png (812 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BrowserCore.dll (67072 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\ie-fix.css (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\res_xiaoxizhongxinNotify.png (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\loading.png (1552 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\ice-rain.png (784 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\js\bookmarks_mods.js (1856 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\se\icon-baidu.png (367 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\green_arrow_down.png (944 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\arrow.png (203 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\PluginSetup.xml (616 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\sf.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\green_arrow_up.png (943 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\bg-circle-loading.png (6 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\red_arrow_down.png (150 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\executor.xml (232 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\sc_tmp.dll.bdtmp (18424 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Report.dll (7232 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\365.png (2 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\loading.png (1552 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\moderate-snow.png (992 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\icon-tree-search-ie8.png (15 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\CommonWorker.dll (3712 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\343.png (4 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\unknown.png (851 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\bg-circle-loading-large.png (784 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\368.png (5 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\error-pages.css (7 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\sleet.png (436 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\png8-dialog-close.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.0\PluginSetup.xml (616 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\gz.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BrowserFrame.dll (67494 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\logo25x29.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\qxdh20140619.png (2 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Skins\AppContainer.rdb (10 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\cloudy.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\Report.dll (3616 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\duststorm.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\red_arrow_up.png (943 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-button-new.png (977 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\thundershower-with-hail.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\1.0.0.0\skinres.rdb (23424 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\app-reload.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-button.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\LocalPluginInfo.xml (4 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\moderate-rain.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-searchbox.png (893 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\server-storm.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\DetectVm.dll (4784 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\snow-flurry.png (847 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\folder-arrow-hover-png8.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\AppHTMLReSou.xml (438 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\Protocol.dll (12024 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.0\icon_weixin.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\storm.png (815 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BDMSkin.dll (60928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mb_setup.log (2575 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\BDMSkin.dll (30464 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Download.dll (4784 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\heavy-rain.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\music_play.png (960 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BaiduUpdate.exe (11040 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\GlobalPluginInfo.xml (6 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\error-pages\connection-fail.html (2 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\js\libs\jquery.color-2.1.2.min.js (6 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\AppHTMLGuPiao.xml (440 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\loading.png (1552 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\new.png (232 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\heavy-rain.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\icon_xiaoxizhongxin.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\bianqian\1.0.0.0\bianqianDll.dll (16 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Skins\BrowserNotify.rdb (14384 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\bdb_scheme.dat (1484 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\mg-refresh.png (215 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\bianqian\1.0.0.0\executor.xml (187 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsr6.tmp\res\InstallWnd.zip (3616 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\heavy-storm.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\light-rain.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\font\open-sans\OpenSans-Light-webfont.svg (4992 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\se\icon-baidu1.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiaoxizhongxin\1.0.0.2\AppHTMLXiaoXi.xml (440 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-radio-tooltip-png8.png (329 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\thundershower.png (898 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Skins\CommonRes.rdb (74736 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\duststorm.png (811 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\enter.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\bookmark\bookmark.db (20 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\split_g.png (968 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\atl100.dll (10128 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\top\347.png (4 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\download.png (177 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\js\libs\dataReport.js (3 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\pack.css (784 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\red_arrow_up.png (154 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\CheckerProxy.dll (10128 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.0\skinres.rdb (1856 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.0\icon_resou.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\head-star-png8.png (450 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\severe-storm.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\bookmarks\res\css\img\png8-dialog.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\BDClientProxy.dll (45104 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\overcast.png (680 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\ala.png (3 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\font\open-sans\OpenSans-Light-webfont.ttf (1552 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\sunny.png (856 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\mg-foward.png (156 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\light-snow.png (918 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\settings_z.png (11 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\bg-box-shadow-top-center.png (122 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.2\res_gupiao.png (3 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\8\split_g.png (248 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Heartbeat.dll (14384 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\moderate-snow.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\error-pages\ssl-error.html (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\img\png8-login-success.png (824 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\res\css\img\mg-back.png (154 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\kuaidi.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Baidu.exe (24048 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\LocalPages\apps\aladdin\res\css\img\sand.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\settings\user_setting.db (24 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\blank_tab\new_tab.db-journal (512 bytes)
    %Documents and Settings%\All Users\Baidu\BDCLProxy\10000302_130895171752697500.dat (314 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\stock.pb (2 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\CheckerExe.exe (63735 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\auto_complete\auto_complete.db (284596 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\bookmark\bookmark.db.bak (10 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\auto_complete\auto_complete.db-journal (5454 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\novel.pb (2 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\settings\default_setting.db (24 bytes)
    %Documents and Settings%\%current user%\Desktop\百度.lnk (1 bytes)
    %Documents and Settings%\%current user%\Start Menu\Programs\百度\卸载百度.lnk (1 bytes)
    %Documents and Settings%\%current user%\Start Menu\Programs\百度.lnk (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\百度.lnk (1 bytes)
    %Documents and Settings%\%current user%\Start Menu\Programs\百度\百度.lnk (1 bytes)
    %Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "BaiduClient" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\Baidu.exe -noclient"

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  6. Reboot the computer.
*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

Company Name: Soft
Product Name: ?????
Product Version: 5.2.1.0
Legal Copyright: Soft ????
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 5.2.1.0
File Description: dc CAD
Comments: ????
Language: English (United States)

Company Name: Soft Product Name: ?????Product Version: 5.2.1.0Legal Copyright: Soft ????Legal Trademarks: Original Filename: Internal Name: File Version: 5.2.1.0File Description: dc CADComments: ????Language: English (United States)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
UPX04096224870400d41d8cd98f00b204e9800998ecf8427e
UPX122528005365765345285.471891878ef6ce51cdfb4fdd621cc3b91633b
.rsrc278937624576245763.09822001b173ba8ca5bdeefda647e026db3f3

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Network Activity

URLs

URL IP
hxxp://cnrdn.com/rd.htm?id=1384659&r=http://www.baidu.com/42.156.140.191
hxxp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj1?public&code=855660852431bcf426a5bae830564ee1
hxxp://brdlsw.jomodns.com/ditui/zujian/Baidu_Setup_1.6.200.359_ftn_1050103060.exe
hxxp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc1?public&code=6fdb767dabadc33d2d6d795070210423
hxxp://dlsw.br.baidu.com/ditui/zujian/Baidu_Setup_1.6.200.359_ftn_1050103060.exe118.123.210.46

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /ditui/zujian/Baidu_Setup_1.6.200.359_ftn_1050103060.exe HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dlsw.br.baidu.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: JSP3/2.0.13

Date: Sat, 17 Oct 2015 00:57:53 GMT

Content-Type: application/octet-stream

Content-Length: 6831104

Connection: keep-alive

ETag: "554c7256-683c00"

Last-Modified: Fri, 08 May 2015 08:22:46 GMT

Expires: Tue, 24 Nov 2015 10:30:54 GMT

Age: 5322419

Cache-Control: max-age=8640000

Accept-Ranges: bytes

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................p.......B...9............@..........................P........i...@.................................d...........Hq............h..#...........................................................................................text....o.......p.................. ..`.rdata...*.......,...t..............@..@.data....~..........................@....ndata.......0...........................rsrc...Hq.......r..................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H.....-G..H.P.u..u..u.....@..K...SV.5.-G.W.E.P.u.....@..e...E..E.P.u.....@..}..e....D.@........FR..VV..U... M..........M........E...FQ.....NU..M.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E..E.P.u.....@..u....E..9}...n....~X.te.v4..L.@..E...tU.}.j.W.E......E.......P.@..vXW..T.@..u..5X.@.W..h ....E..E.Pj.h..F.W....@..u.W...u....E.P.u.....@._^3.[.....L$...-G...i. @...T.....tUVW.q.3.;5.-G.sD..i. @...D..S.....t.G.....t...O..t .....u...3....3...F. @..;5.-G.r.[_^...U..QQ

<<< skipped >>>

GET /rd.htm?id=1384659&r=http://VVV.baidu.com/ HTTP/1.1

Referer: hXXp://cnrdn.com/rd.htm?id=1384659&r=http://VVV.baidu.com/

Accept: */*

Accept-Language: zh-cn

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Content-Type: application/x-www-form-urlencoded

Host: cnrdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine/1.4.1

Date: Sat, 17 Oct 2015 00:57:52 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Vary: Accept-Encoding

186f..<!DOCTYPE html>.<html>.<head>..<title>CNZZ...............................................................</title>..<meta charset="utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />..<meta content="yes" name="apple-mobile-web-app-capable"/>..<meta content="yes" name="apple-touch-fullscreen" />..<meta name="keywords" content="cnzz,............,............,............,............,.........,......,............,............,......,............,seo,............,.........,.........,............" />..<meta name="description" content="CNZZ.........................................................................................................................................................................................." />..<meta name="author" content="cnzz" />..<meta name="copyright" content="www.cnzz.com" />..<link href="hXXp://VVV.cnzz.com/favicon.ico" rel="shortcut icon" />..<link href="hXXp://img.cnzz.net/adt/cnzz_rd/transfer.css" rel="stylesheet"/>.</head>.<body><script>.with(document)with(body)with(insertBefore(createElement("script"),firstChild))setAttribute("exparams","category=&userid=&aplus&yunid=&&trid=0a930d6b14450434725695389e&asid=AQAAAAAQnSFWbs2PJwAAAACoR 2/bGzDiA==",id="tb-beacon-aplus",src=(location>"https"?"//g":"//g") ".alicdn.com/alilog/mlog/aplus_v2.js").</script>...<div class="transfer">...<div class="transfer-inn">....<img src="ht

<<< skipped >>>

GET /fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc1?public&code=6fdb767dabadc33d2d6d795070210423 HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 180.153.147.73

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 17 Oct 2015 00:31:11 GMT

Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8zb mod_jk/1.2.31

Content-Disposition: attachment; filename="uc1"

Accept-Ranges: bytes

x-cdmi-object-size: 10222796

x-cdmi-create-time: 2015-08-20 15:47:19

Content-Length: 10222796

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: application/octet-stream;charset=UTF-8

........W...list_soft.xml.......................................................................................................................................................................................................................................................t...bluebox.png.........................................................................................................................................................................................................................................................g...ucweb.png............................................................................................................................................................................................................................................................WO.BlueBoxSetup.exe....................................................................................................................................................................................................................................................PuX.Browser_V3.2.2937.0_f_4070_(Build14120411).exe.........................................................................................................................................................................................................................<?xml version="1.0" encoding="UTF-8" ?>..<Profile>.. <SoftwareList SuitLabel="............;............;">.. <Group GroupId="0" name="............">.. <Softw

<<< skipped >>>

GET /fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj1?public&code=855660852431bcf426a5bae830564ee1 HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 180.153.147.73

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 17 Oct 2015 00:31:11 GMT

Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8zb mod_jk/1.2.31

Content-Disposition: attachment; filename="7gj1"

Accept-Ranges: bytes

x-cdmi-object-size: 9894214

x-cdmi-create-time: 2015-09-21 09:04:14

Content-Length: 9894214

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: application/octet-stream;charset=UTF-8

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.6 &.Xs&.Xs&.Xs.r*s*.Xs.p&s/.Xs.r%s..Xs.r5sa.Xs...s .Xs/..s$.Xs&.Ys..Xs...s..Xs.r6s..Xs.r"s'.Xs.r$s'.Xs&.Xs'.Xs.r s'.XsRich&.Xs........................PE..L......U................. ..........p........0....@.......................... ..........................................Au......h........1..............`............8..................................@............0...............................text............ .................. ..`.rdata.......0.......0..............@..@.data........@...@...@..............@....rsrc....1.......@..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

<<< skipped >>>

Map

The Trojan connects to the servers at the folowing location(s):

Strings from Dumps

%original file name%.exe_856:

`.rsrc

`.rsrc

t$(SSh

t$(SSh

~%UVW

~%UVW

.tTPV

.tTPV

FTPjK

FTPjK

FtPj;

FtPj;

F.PjRWj

F.PjRWj

u.WWj

u.WWj

u.VVj

u.VVj

u$SShe

u$SShe

user32.dll

user32.dll

urlmon

urlmon

ole32.dll

ole32.dll

shell32.dll

shell32.dll

RegOpenKeyA

RegOpenKeyA

RegEnumKeyA

RegEnumKeyA

MsgWaitForMultipleObjects

MsgWaitForMultipleObjects

URLDownloadToFileA

URLDownloadToFileA

D:\dream

D:\dream

D:\dream\win1.log

D:\dream\win1.log

QQPCTray.exe

QQPCTray.exe

D:\dream\winky.log

D:\dream\winky.log

360tray.exe

360tray.exe

D:\dream\win2.log

D:\dream\win2.log

D:\dream\winzmbd.log

D:\dream\winzmbd.log

C:\Users\Public\Desktop\UC

C:\Users\Public\Desktop\UC

%Documents and Settings%\All Users\

%Documents and Settings%\All Users\

Software\Microsoft\Windows\CurrentVersion\Uninstall

Software\Microsoft\Windows\CurrentVersion\Uninstall

Software\Microsoft\Windows\CurrentVersion\Uninstall\

Software\Microsoft\Windows\CurrentVersion\Uninstall\

Windows

Windows

C:\Users\Public\Desktop\2345

C:\Users\Public\Desktop\2345

C:\Users\Public\Desktop\

C:\Users\Public\Desktop\

D:\dream\b2.bat

D:\dream\b2.bat

D:\dream\2k

D:\dream\2k

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2k?public&code=bc96045fad7c5e598098b4c38960a58f

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2k?public&code=bc96045fad7c5e598098b4c38960a58f

D:\dream\2345pic_k1252705.exe

D:\dream\2345pic_k1252705.exe

D:\dream\2345pic_k1252705.exe -s1

D:\dream\2345pic_k1252705.exe -s1

2345pic_k1252705.exe

2345pic_k1252705.exe

C:\Users\

C:\Users\

%Documents and Settings%\

%Documents and Settings%\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall

HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_USERS\S-1-5-21-4278381565-3782908184-2563460023-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_USERS\S-1-5-21-4278381565-3782908184-2563460023-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_USERS\S-1-5-21-442436397-1971995177-210813084-500\Software\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_USERS\S-1-5-21-442436397-1971995177-210813084-500\Software\Microsoft\Windows\CurrentVersion\Uninstall

D:\dream\1.bat

D:\dream\1.bat

hXXp://cnrdn.com/rd.htm?id=1434474&r=http://VVV.baidu.com/

hXXp://cnrdn.com/rd.htm?id=1434474&r=http://VVV.baidu.com/

WinHttp.WinHttpRequest.5.1

WinHttp.WinHttpRequest.5.1

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Content-Type: application/x-www-form-urlencoded

Content-Type: application/x-www-form-urlencoded

D:\dream\ky

D:\dream\ky

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/jm/1/ky?public&code=618009ec0030ff56d26737fbb6a007aa

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/jm/1/ky?public&code=618009ec0030ff56d26737fbb6a007aa

D:\dream\Kuaizip_Setup_7654_1061607.exe

D:\dream\Kuaizip_Setup_7654_1061607.exe

D:\dream\Kuaizip_Setup_7654_1061607.exe /JingMo

D:\dream\Kuaizip_Setup_7654_1061607.exe /JingMo

hXXp://cnrdn.com/rd.htm?id=1486675&r=http://VVV.baidu.com/

hXXp://cnrdn.com/rd.htm?id=1486675&r=http://VVV.baidu.com/

D:\dream\b.bat

D:\dream\b.bat

D:\dream\2b1

D:\dream\2b1

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b1?public&code=afee9a3d69bbe1feef1f6dc8cfde1cbf

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b1?public&code=afee9a3d69bbe1feef1f6dc8cfde1cbf

D:\dream\2b2

D:\dream\2b2

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b2?public&code=02bb6661abd99ff72259707a9b53c750

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b2?public&code=02bb6661abd99ff72259707a9b53c750

D:\dream\2b3

D:\dream\2b3

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b3?public&code=8ce18dbc7b1a421fa4d0ffe8392ee432

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b3?public&code=8ce18dbc7b1a421fa4d0ffe8392ee432

D:\dream\2b4

D:\dream\2b4

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b4?public&code=b3a42642be7f0a15054e0695b2b9447f

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b4?public&code=b3a42642be7f0a15054e0695b2b9447f

D:\dream\2b5

D:\dream\2b5

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b5?public&code=c9e36403780d6acd5f66e1bc35d1838d

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b5?public&code=c9e36403780d6acd5f66e1bc35d1838d

D:\dream\2345explorer_k1252705.exe

D:\dream\2345explorer_k1252705.exe

D:\dream\2345explorer_k1252705.exe -s1

D:\dream\2345explorer_k1252705.exe -s1

2345explorer_k1252705.exe

2345explorer_k1252705.exe

hXXp://cnrdn.com/rd.htm?id=1438531&r=http://VVV.baidu.com/

hXXp://cnrdn.com/rd.htm?id=1438531&r=http://VVV.baidu.com/

D:\dream\zy

D:\dream\zy

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/zy2/zy?public&code=94979ed818604a3f6632db70c4686078

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/zy2/zy?public&code=94979ed818604a3f6632db70c4686078

D:\dream\lgezy

D:\dream\lgezy

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/3/lge?public&code=84c5751f6a57ab5839dc76a83b46d24d

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/3/lge?public&code=84c5751f6a57ab5839dc76a83b46d24d

D:\dream\BlueInstaller_bsvalkkx_101101_.exe

D:\dream\BlueInstaller_bsvalkkx_101101_.exe

D:\dream\BlueResource.bpk

D:\dream\BlueResource.bpk

set "w71=Microsoft\Windows\Start Menu\Programs"

set "w71=Microsoft\Windows\Start Menu\Programs"

set "w72=Microsoft\Windows\Start Menu"

set "w72=Microsoft\Windows\Start Menu"

"%USERPROFILE%\%xp1%"

"%USERPROFILE%\%xp1%"

"%ALLUSERSPROFILE%\%xp1%"

"%ALLUSERSPROFILE%\%xp1%"

"%USERPROFILE%\%xp2%"

"%USERPROFILE%\%xp2%"

"%ALLUSERSPROFILE%\%xp2%"

"%ALLUSERSPROFILE%\%xp2%"

reg add "HKEY_CURRENT_USER\Software\HomeSafe" /v "StartFlagNoTip" /t REG_DWORD /d 1 /f

reg add "HKEY_CURRENT_USER\Software\HomeSafe" /v "StartFlagNoTip" /t REG_DWORD /d 1 /f

D:\dream\2.bat

D:\dream\2.bat

hXXp://cnrdn.com/rd.htm?id=1491046&r=http://VVV.baidu.com/

hXXp://cnrdn.com/rd.htm?id=1491046&r=http://VVV.baidu.com/

D:\dream\7b1

D:\dream\7b1

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b1?public&code=65e1f8bb6a35d835ac36afb3fe114df0

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b1?public&code=65e1f8bb6a35d835ac36afb3fe114df0

D:\dream\7b2

D:\dream\7b2

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b2?public&code=75e1b53f8002b8fcbef1533ddcf838f3

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b2?public&code=75e1b53f8002b8fcbef1533ddcf838f3

D:\dream\7b3

D:\dream\7b3

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b3?public&code=2bb598cb60451c4b4c1930932c14c586

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b3?public&code=2bb598cb60451c4b4c1930932c14c586

D:\dream\7b4

D:\dream\7b4

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b4?public&code=4cdbf863df18a09984db8531c4f8dac0

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b4?public&code=4cdbf863df18a09984db8531c4f8dac0

D:\dream\7b5

D:\dream\7b5

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b5?public&code=192609a39126a61929211de82ef70fd6

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b5?public&code=192609a39126a61929211de82ef70fd6

D:\dream\bdBrowserSetup-5956-ftn_1050103060.exe

D:\dream\bdBrowserSetup-5956-ftn_1050103060.exe

hXXp://cnrdn.com/rd.htm?id=1483547&r=http://VVV.baidu.com/

hXXp://cnrdn.com/rd.htm?id=1483547&r=http://VVV.baidu.com/

D:\dream\uc1

D:\dream\uc1

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc1?public&code=6fdb767dabadc33d2d6d795070210423

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc1?public&code=6fdb767dabadc33d2d6d795070210423

D:\dream\uc2

D:\dream\uc2

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc2?public&code=fc17f9c282f24d1cb0252ce893cddb8f

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc2?public&code=fc17f9c282f24d1cb0252ce893cddb8f

D:\dream\uc3

D:\dream\uc3

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc3?public&code=950c1793575761983e9f4158bbce1bc5

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc3?public&code=950c1793575761983e9f4158bbce1bc5

D:\dream\uc4

D:\dream\uc4

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc4?public&code=4521c8d77cc1a0a675996ecf979e172c

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc4?public&code=4521c8d77cc1a0a675996ecf979e172c

D:\dream\uc5

D:\dream\uc5

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc5?public&code=7ec7b3ccb21e6f94450c8a28eeed7c0e

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc5?public&code=7ec7b3ccb21e6f94450c8a28eeed7c0e

D:\dream\uc6

D:\dream\uc6

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc6?public&code=d05b6e4a191a5f39789a63a568014257

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc6?public&code=d05b6e4a191a5f39789a63a568014257

D:\dream\lgeuc

D:\dream\lgeuc

D:\dream\3.bat

D:\dream\3.bat

hXXp://cnrdn.com/rd.htm?id=1438530&r=http://VVV.baidu.com/

hXXp://cnrdn.com/rd.htm?id=1438530&r=http://VVV.baidu.com/

D:\dream\7GJ1

D:\dream\7GJ1

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj1?public&code=855660852431bcf426a5bae830564ee1

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj1?public&code=855660852431bcf426a5bae830564ee1

D:\dream\7GJ2

D:\dream\7GJ2

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj2?public&code=559f2fd5eae8a65b9c76b7e06baadf9f

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj2?public&code=559f2fd5eae8a65b9c76b7e06baadf9f

D:\dream\7GJ3

D:\dream\7GJ3

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj3?public&code=90f7aa8c1fe3f4c7fb2afcb21556be79

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj3?public&code=90f7aa8c1fe3f4c7fb2afcb21556be79

D:\dream\7GJ4

D:\dream\7GJ4

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj4?public&code=c707ac8ce76d6128340264348878791d

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj4?public&code=c707ac8ce76d6128340264348878791d

D:\dream\7GJ5

D:\dream\7GJ5

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj5?public&code=8be55fde74c8db8826421a15c32e49a3

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj5?public&code=8be55fde74c8db8826421a15c32e49a3

D:\dream\PCMgr_Setup_10_8_16208_227(123004164).exe

D:\dream\PCMgr_Setup_10_8_16208_227(123004164).exe

hXXp://cnrdn.com/rd.htm?id=1486784&r=http://VVV.baidu.com/

hXXp://cnrdn.com/rd.htm?id=1486784&r=http://VVV.baidu.com/

D:\dream\zmbd

D:\dream\zmbd

hXXp://dlsw.br.baidu.com/ditui/zujian/Baidu_Setup_1.6.200.359_ftn_1050103060.exe

hXXp://dlsw.br.baidu.com/ditui/zujian/Baidu_Setup_1.6.200.359_ftn_1050103060.exe

D:\dream\Baidu_Setup_1.6.200.359_ftn_1050103060.exe

D:\dream\Baidu_Setup_1.6.200.359_ftn_1050103060.exe

hXXp://cnrdn.com/rd.htm?id=1442397&r=http://VVV.baidu.com/

hXXp://cnrdn.com/rd.htm?id=1442397&r=http://VVV.baidu.com/

hXXp://cnrdn.com/rd.htm?id=1489464&r=http://VVV.baidu.com/

hXXp://cnrdn.com/rd.htm?id=1489464&r=http://VVV.baidu.com/

hXXp://cnrdn.com/rd.htm?id=1384177&r=http://VVV.baidu.com/

hXXp://cnrdn.com/rd.htm?id=1384177&r=http://VVV.baidu.com/

D:\MM-liao9728.exe

D:\MM-liao9728.exe

D:\MM-liao

D:\MM-liao

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/mm?public&code=412c89b951806641268495a46a262424

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/mm?public&code=412c89b951806641268495a46a262424

hXXp://cnrdn.com/rd.htm?id=1490574&r=http://VVV.baidu.com/

hXXp://cnrdn.com/rd.htm?id=1490574&r=http://VVV.baidu.com/

hXXp://cnrdn.com/rd.htm?id=1384659&r=http://VVV.baidu.com/

hXXp://cnrdn.com/rd.htm?id=1384659&r=http://VVV.baidu.com/

%Ui,)

%Ui,)

tüV

tüV

1.2.18

1.2.18

inflate 1.1.3 Copyright 1995-1998 Mark Adler

inflate 1.1.3 Copyright 1995-1998 Mark Adler

%*.*f

%*.*f

CNotSupportedException

CNotSupportedException

commctrl_DragListMsg

commctrl_DragListMsg

Afx:%x:%x:%x:%x:%x

Afx:%x:%x:%x:%x:%x

Afx:%x:%x

Afx:%x:%x

COMCTL32.DLL

COMCTL32.DLL

CCmdTarget

CCmdTarget

MSWHEEL_ROLLMSG

MSWHEEL_ROLLMSG

__MSVCRT_HEAP_SELECT

__MSVCRT_HEAP_SELECT

portuguese-brazilian

portuguese-brazilian

iphlpapi.dll

iphlpapi.dll

SHLWAPI.dll

SHLWAPI.dll

MPR.dll

MPR.dll

.PAVCException@@

.PAVCException@@

.PAVCNotSupportedException@@

.PAVCNotSupportedException@@

.PAVCFileException@@

.PAVCFileException@@

(*.prn)|*.prn|

(*.prn)|*.prn|

(*.*)|*.*||

(*.*)|*.*||

Shell32.dll

Shell32.dll

Mpr.dll

Mpr.dll

Advapi32.dll

Advapi32.dll

User32.dll

User32.dll

Gdi32.dll

Gdi32.dll

Kernel32.dll

Kernel32.dll

(&07-034/)7 '

(&07-034/)7 '

?? / %d]

?? / %d]

%d / %d]

%d / %d]

: %d]

: %d]

(*.WAV;*.MID)|*.WAV;*.MID|WAV

(*.WAV;*.MID)|*.WAV;*.MID|WAV

(*.WAV)|*.WAV|MIDI

(*.WAV)|*.WAV|MIDI

(*.MID)|*.MID|

(*.MID)|*.MID|

(*.txt)|*.txt|

(*.txt)|*.txt|

(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG

(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG

(*.JPG)|*.JPG|BMP

(*.JPG)|*.JPG|BMP

(*.BMP)|*.BMP|GIF

(*.BMP)|*.BMP|GIF

(*.GIF)|*.GIF|

(*.GIF)|*.GIF|

(*.ICO)|*.ICO|

(*.ICO)|*.ICO|

(*.CUR)|*.CUR|

(*.CUR)|*.CUR|

%s:%d

%s:%d

windows

windows

out.prn

out.prn

%d.%d

%d.%d

%d / %d

%d / %d

%d/%d

%d/%d

Bogus message code %d

Bogus message code %d

(%d-%d):

(%d-%d):

%ld%c

%ld%c

(*.avi)|*.avi

(*.avi)|*.avi

WPFT532.CNV

WPFT532.CNV

WPFT632.CNV

WPFT632.CNV

EXCEL32.CNV

EXCEL32.CNV

write32.wpc

write32.wpc

Windows Write

Windows Write

mswrd632.wpc

mswrd632.wpc

Word for Windows 6.0

Word for Windows 6.0

wword5.cnv

wword5.cnv

Word for Windows 5.0

Word for Windows 5.0

mswrd832.cnv

mswrd832.cnv

mswrd632.cnv

mswrd632.cnv

Word 6.0/95 for Windows & Macintosh

Word 6.0/95 for Windows & Macintosh

html32.cnv

html32.cnv

Service Pack %d

Service Pack %d

Windows 2003

Windows 2003

Windows XP

Windows XP

Windows 2000

Windows 2000

Windows NT

Windows NT

Windows ??

Windows ??

Windows Millenium Edition

Windows Millenium Edition

Windows 98 Second Edition

Windows 98 Second Edition

Windows 98 SP1

Windows 98 SP1

Windows 98

Windows 98

Windows 95 OSR2

Windows 95 OSR2

Windows 95 SP1

Windows 95 SP1

Windows 95

Windows 95

Windows CE

Windows CE

Microsoft Windows Me

Microsoft Windows Me

Microsoft Windows 98

Microsoft Windows 98

Microsoft Windows 95

Microsoft Windows 95

Microsoft Windows 2003

Microsoft Windows 2003

Microsoft Windows XP

Microsoft Windows XP

Microsoft Windows 2000

Microsoft Windows 2000

Microsoft Windows NT

Microsoft Windows NT

KERNEL32.DLL

KERNEL32.DLL

%s

%s

Reply-To: %s

Reply-To: %s

From: %s

From: %s

To: %s

To: %s

Subject: %s

Subject: %s

Date: %s

Date: %s

Cc: %s

Cc: %s

%a, %d %b %Y %H:%M:%S

%a, %d %b %Y %H:%M:%S

SMTP

SMTP

.PAVCObject@@

.PAVCObject@@

.PAVCSimpleException@@

.PAVCSimpleException@@

.PAVCMemoryException@@

.PAVCMemoryException@@

.?AVCNotSupportedException@@

.?AVCNotSupportedException@@

.PAVCResourceException@@

.PAVCResourceException@@

.PAVCUserException@@

.PAVCUserException@@

.?AVCCmdTarget@@

.?AVCCmdTarget@@

.?AVCCmdUI@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.?AVCTestCmdUI@@

.PAVCArchiveException@@

.PAVCArchiveException@@

zcÁ

zcÁ

perl.exe

perl.exe

63c37bf685e453975c01269.exe

63c37bf685e453975c01269.exe

cmd.exe

cmd.exe

263c37bf685e453975c01269.exe

263c37bf685e453975c01269.exe

x86 9.0.30729.4148

x86 9.0.30729.4148

c:\%original file name%.exe

c:\%original file name%.exe

GetCPInfo

GetCPInfo

GetWindowsDirectoryA

GetWindowsDirectoryA

WinExec

WinExec

GetProcessHeap

GetProcessHeap

RegCloseKey

RegCloseKey

RegOpenKeyExA

RegOpenKeyExA

RegCreateKeyExA

RegCreateKeyExA

GetViewportExtEx

GetViewportExtEx

GetViewportOrgEx

GetViewportOrgEx

SetViewportOrgEx

SetViewportOrgEx

OffsetViewportOrgEx

OffsetViewportOrgEx

SetViewportExtEx

SetViewportExtEx

ScaleViewportExtEx

ScaleViewportExtEx

ShellExecuteA

ShellExecuteA

GetKeyboardLayout

GetKeyboardLayout

GetKeyState

GetKeyState

SetWindowsHookExA

SetWindowsHookExA

UnhookWindowsHookEx

UnhookWindowsHookEx

CreateDialogIndirectParamA

CreateDialogIndirectParamA

.text

.text

.rdata

.rdata

@.data

@.data

.rsrc

.rsrc

????????

????????

ADVAPI32.dll

ADVAPI32.dll

AVIFIL32.dll

AVIFIL32.dll

COMCTL32.dll

COMCTL32.dll

comdlg32.dll

comdlg32.dll

GDI32.dll

GDI32.dll

MSVFW32.dll

MSVFW32.dll

OLEAUT32.dll

OLEAUT32.dll

RASAPI32.dll

RASAPI32.dll

SHELL32.dll

SHELL32.dll

USER32.dll

USER32.dll

VERSION.dll

VERSION.dll

WININET.dll

WININET.dll

WINMM.dll

WINMM.dll

WINSPOOL.DRV

WINSPOOL.DRV

WS2_32.dll

WS2_32.dll

(*.*)

(*.*)

5.2.1.0

5.2.1.0

%original file name%.exe_856_rwx_00401000_002A7000:

t$(SSh

t$(SSh

~%UVW

~%UVW

.tTPV

.tTPV

FTPjK

FTPjK

FtPj;

FtPj;

F.PjRWj

F.PjRWj

u.WWj

u.WWj

u.VVj

u.VVj

u$SShe

u$SShe

user32.dll

user32.dll

urlmon

urlmon

ole32.dll

ole32.dll

shell32.dll

shell32.dll

RegOpenKeyA

RegOpenKeyA

RegEnumKeyA

RegEnumKeyA

MsgWaitForMultipleObjects

MsgWaitForMultipleObjects

URLDownloadToFileA

URLDownloadToFileA

D:\dream

D:\dream

D:\dream\win1.log

D:\dream\win1.log

QQPCTray.exe

QQPCTray.exe

D:\dream\winky.log

D:\dream\winky.log

360tray.exe

360tray.exe

D:\dream\win2.log

D:\dream\win2.log

D:\dream\winzmbd.log

D:\dream\winzmbd.log

C:\Users\Public\Desktop\UC

C:\Users\Public\Desktop\UC

%Documents and Settings%\All Users\

%Documents and Settings%\All Users\

Software\Microsoft\Windows\CurrentVersion\Uninstall

Software\Microsoft\Windows\CurrentVersion\Uninstall

Software\Microsoft\Windows\CurrentVersion\Uninstall\

Software\Microsoft\Windows\CurrentVersion\Uninstall\

Windows

Windows

C:\Users\Public\Desktop\2345

C:\Users\Public\Desktop\2345

C:\Users\Public\Desktop\

C:\Users\Public\Desktop\

D:\dream\b2.bat

D:\dream\b2.bat

D:\dream\2k

D:\dream\2k

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2k?public&code=bc96045fad7c5e598098b4c38960a58f

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2k?public&code=bc96045fad7c5e598098b4c38960a58f

D:\dream\2345pic_k1252705.exe

D:\dream\2345pic_k1252705.exe

D:\dream\2345pic_k1252705.exe -s1

D:\dream\2345pic_k1252705.exe -s1

2345pic_k1252705.exe

2345pic_k1252705.exe

C:\Users\

C:\Users\

%Documents and Settings%\

%Documents and Settings%\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall

HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_USERS\S-1-5-21-4278381565-3782908184-2563460023-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_USERS\S-1-5-21-4278381565-3782908184-2563460023-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_USERS\S-1-5-21-442436397-1971995177-210813084-500\Software\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_USERS\S-1-5-21-442436397-1971995177-210813084-500\Software\Microsoft\Windows\CurrentVersion\Uninstall

D:\dream\1.bat

D:\dream\1.bat

hXXp://cnrdn.com/rd.htm?id=1434474&r=http://VVV.baidu.com/

hXXp://cnrdn.com/rd.htm?id=1434474&r=http://VVV.baidu.com/

WinHttp.WinHttpRequest.5.1

WinHttp.WinHttpRequest.5.1

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Content-Type: application/x-www-form-urlencoded

Content-Type: application/x-www-form-urlencoded

D:\dream\ky

D:\dream\ky

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/jm/1/ky?public&code=618009ec0030ff56d26737fbb6a007aa

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/jm/1/ky?public&code=618009ec0030ff56d26737fbb6a007aa

D:\dream\Kuaizip_Setup_7654_1061607.exe

D:\dream\Kuaizip_Setup_7654_1061607.exe

D:\dream\Kuaizip_Setup_7654_1061607.exe /JingMo

D:\dream\Kuaizip_Setup_7654_1061607.exe /JingMo

hXXp://cnrdn.com/rd.htm?id=1486675&r=http://VVV.baidu.com/

hXXp://cnrdn.com/rd.htm?id=1486675&r=http://VVV.baidu.com/

D:\dream\b.bat

D:\dream\b.bat

D:\dream\2b1

D:\dream\2b1

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b1?public&code=afee9a3d69bbe1feef1f6dc8cfde1cbf

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b1?public&code=afee9a3d69bbe1feef1f6dc8cfde1cbf

D:\dream\2b2

D:\dream\2b2

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b2?public&code=02bb6661abd99ff72259707a9b53c750

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b2?public&code=02bb6661abd99ff72259707a9b53c750

D:\dream\2b3

D:\dream\2b3

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b3?public&code=8ce18dbc7b1a421fa4d0ffe8392ee432

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b3?public&code=8ce18dbc7b1a421fa4d0ffe8392ee432

D:\dream\2b4

D:\dream\2b4

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b4?public&code=b3a42642be7f0a15054e0695b2b9447f

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b4?public&code=b3a42642be7f0a15054e0695b2b9447f

D:\dream\2b5

D:\dream\2b5

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b5?public&code=c9e36403780d6acd5f66e1bc35d1838d

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/2b2/2b5?public&code=c9e36403780d6acd5f66e1bc35d1838d

D:\dream\2345explorer_k1252705.exe

D:\dream\2345explorer_k1252705.exe

D:\dream\2345explorer_k1252705.exe -s1

D:\dream\2345explorer_k1252705.exe -s1

2345explorer_k1252705.exe

2345explorer_k1252705.exe

hXXp://cnrdn.com/rd.htm?id=1438531&r=http://VVV.baidu.com/

hXXp://cnrdn.com/rd.htm?id=1438531&r=http://VVV.baidu.com/

D:\dream\zy

D:\dream\zy

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/zy2/zy?public&code=94979ed818604a3f6632db70c4686078

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/zy2/zy?public&code=94979ed818604a3f6632db70c4686078

D:\dream\lgezy

D:\dream\lgezy

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/3/lge?public&code=84c5751f6a57ab5839dc76a83b46d24d

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/3/lge?public&code=84c5751f6a57ab5839dc76a83b46d24d

D:\dream\BlueInstaller_bsvalkkx_101101_.exe

D:\dream\BlueInstaller_bsvalkkx_101101_.exe

D:\dream\BlueResource.bpk

D:\dream\BlueResource.bpk

set "w71=Microsoft\Windows\Start Menu\Programs"

set "w71=Microsoft\Windows\Start Menu\Programs"

set "w72=Microsoft\Windows\Start Menu"

set "w72=Microsoft\Windows\Start Menu"

"%USERPROFILE%\%xp1%"

"%USERPROFILE%\%xp1%"

"%ALLUSERSPROFILE%\%xp1%"

"%ALLUSERSPROFILE%\%xp1%"

"%USERPROFILE%\%xp2%"

"%USERPROFILE%\%xp2%"

"%ALLUSERSPROFILE%\%xp2%"

"%ALLUSERSPROFILE%\%xp2%"

reg add "HKEY_CURRENT_USER\Software\HomeSafe" /v "StartFlagNoTip" /t REG_DWORD /d 1 /f

reg add "HKEY_CURRENT_USER\Software\HomeSafe" /v "StartFlagNoTip" /t REG_DWORD /d 1 /f

D:\dream\2.bat

D:\dream\2.bat

hXXp://cnrdn.com/rd.htm?id=1491046&r=http://VVV.baidu.com/

hXXp://cnrdn.com/rd.htm?id=1491046&r=http://VVV.baidu.com/

D:\dream\7b1

D:\dream\7b1

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b1?public&code=65e1f8bb6a35d835ac36afb3fe114df0

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b1?public&code=65e1f8bb6a35d835ac36afb3fe114df0

D:\dream\7b2

D:\dream\7b2

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b2?public&code=75e1b53f8002b8fcbef1533ddcf838f3

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b2?public&code=75e1b53f8002b8fcbef1533ddcf838f3

D:\dream\7b3

D:\dream\7b3

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b3?public&code=2bb598cb60451c4b4c1930932c14c586

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b3?public&code=2bb598cb60451c4b4c1930932c14c586

D:\dream\7b4

D:\dream\7b4

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b4?public&code=4cdbf863df18a09984db8531c4f8dac0

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b4?public&code=4cdbf863df18a09984db8531c4f8dac0

D:\dream\7b5

D:\dream\7b5

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b5?public&code=192609a39126a61929211de82ef70fd6

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7b/7b5?public&code=192609a39126a61929211de82ef70fd6

D:\dream\bdBrowserSetup-5956-ftn_1050103060.exe

D:\dream\bdBrowserSetup-5956-ftn_1050103060.exe

hXXp://cnrdn.com/rd.htm?id=1483547&r=http://VVV.baidu.com/

hXXp://cnrdn.com/rd.htm?id=1483547&r=http://VVV.baidu.com/

D:\dream\uc1

D:\dream\uc1

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc1?public&code=6fdb767dabadc33d2d6d795070210423

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc1?public&code=6fdb767dabadc33d2d6d795070210423

D:\dream\uc2

D:\dream\uc2

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc2?public&code=fc17f9c282f24d1cb0252ce893cddb8f

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc2?public&code=fc17f9c282f24d1cb0252ce893cddb8f

D:\dream\uc3

D:\dream\uc3

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc3?public&code=950c1793575761983e9f4158bbce1bc5

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc3?public&code=950c1793575761983e9f4158bbce1bc5

D:\dream\uc4

D:\dream\uc4

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc4?public&code=4521c8d77cc1a0a675996ecf979e172c

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc4?public&code=4521c8d77cc1a0a675996ecf979e172c

D:\dream\uc5

D:\dream\uc5

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc5?public&code=7ec7b3ccb21e6f94450c8a28eeed7c0e

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc5?public&code=7ec7b3ccb21e6f94450c8a28eeed7c0e

D:\dream\uc6

D:\dream\uc6

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc6?public&code=d05b6e4a191a5f39789a63a568014257

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/uc2/uc6?public&code=d05b6e4a191a5f39789a63a568014257

D:\dream\lgeuc

D:\dream\lgeuc

D:\dream\3.bat

D:\dream\3.bat

hXXp://cnrdn.com/rd.htm?id=1438530&r=http://VVV.baidu.com/

hXXp://cnrdn.com/rd.htm?id=1438530&r=http://VVV.baidu.com/

D:\dream\7GJ1

D:\dream\7GJ1

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj1?public&code=855660852431bcf426a5bae830564ee1

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj1?public&code=855660852431bcf426a5bae830564ee1

D:\dream\7GJ2

D:\dream\7GJ2

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj2?public&code=559f2fd5eae8a65b9c76b7e06baadf9f

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj2?public&code=559f2fd5eae8a65b9c76b7e06baadf9f

D:\dream\7GJ3

D:\dream\7GJ3

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj3?public&code=90f7aa8c1fe3f4c7fb2afcb21556be79

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj3?public&code=90f7aa8c1fe3f4c7fb2afcb21556be79

D:\dream\7GJ4

D:\dream\7GJ4

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj4?public&code=c707ac8ce76d6128340264348878791d

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj4?public&code=c707ac8ce76d6128340264348878791d

D:\dream\7GJ5

D:\dream\7GJ5

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj5?public&code=8be55fde74c8db8826421a15c32e49a3

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/7gj1/7gj5?public&code=8be55fde74c8db8826421a15c32e49a3

D:\dream\PCMgr_Setup_10_8_16208_227(123004164).exe

D:\dream\PCMgr_Setup_10_8_16208_227(123004164).exe

hXXp://cnrdn.com/rd.htm?id=1486784&r=http://VVV.baidu.com/

hXXp://cnrdn.com/rd.htm?id=1486784&r=http://VVV.baidu.com/

D:\dream\zmbd

D:\dream\zmbd

hXXp://dlsw.br.baidu.com/ditui/zujian/Baidu_Setup_1.6.200.359_ftn_1050103060.exe

hXXp://dlsw.br.baidu.com/ditui/zujian/Baidu_Setup_1.6.200.359_ftn_1050103060.exe

D:\dream\Baidu_Setup_1.6.200.359_ftn_1050103060.exe

D:\dream\Baidu_Setup_1.6.200.359_ftn_1050103060.exe

hXXp://cnrdn.com/rd.htm?id=1442397&r=http://VVV.baidu.com/

hXXp://cnrdn.com/rd.htm?id=1442397&r=http://VVV.baidu.com/

hXXp://cnrdn.com/rd.htm?id=1489464&r=http://VVV.baidu.com/

hXXp://cnrdn.com/rd.htm?id=1489464&r=http://VVV.baidu.com/

hXXp://cnrdn.com/rd.htm?id=1384177&r=http://VVV.baidu.com/

hXXp://cnrdn.com/rd.htm?id=1384177&r=http://VVV.baidu.com/

D:\MM-liao9728.exe

D:\MM-liao9728.exe

D:\MM-liao

D:\MM-liao

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/mm?public&code=412c89b951806641268495a46a262424

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/mm?public&code=412c89b951806641268495a46a262424

hXXp://cnrdn.com/rd.htm?id=1490574&r=http://VVV.baidu.com/

hXXp://cnrdn.com/rd.htm?id=1490574&r=http://VVV.baidu.com/

hXXp://cnrdn.com/rd.htm?id=1384659&r=http://VVV.baidu.com/

hXXp://cnrdn.com/rd.htm?id=1384659&r=http://VVV.baidu.com/

%Ui,)

%Ui,)

tüV

tüV

1.2.18

1.2.18

inflate 1.1.3 Copyright 1995-1998 Mark Adler

inflate 1.1.3 Copyright 1995-1998 Mark Adler

%*.*f

%*.*f

CNotSupportedException

CNotSupportedException

commctrl_DragListMsg

commctrl_DragListMsg

Afx:%x:%x:%x:%x:%x

Afx:%x:%x:%x:%x:%x

Afx:%x:%x

Afx:%x:%x

COMCTL32.DLL

COMCTL32.DLL

CCmdTarget

CCmdTarget

MSWHEEL_ROLLMSG

MSWHEEL_ROLLMSG

__MSVCRT_HEAP_SELECT

__MSVCRT_HEAP_SELECT

portuguese-brazilian

portuguese-brazilian

iphlpapi.dll

iphlpapi.dll

SHLWAPI.dll

SHLWAPI.dll

MPR.dll

MPR.dll

.PAVCException@@

.PAVCException@@

.PAVCNotSupportedException@@

.PAVCNotSupportedException@@

.PAVCFileException@@

.PAVCFileException@@

(*.prn)|*.prn|

(*.prn)|*.prn|

(*.*)|*.*||

(*.*)|*.*||

Shell32.dll

Shell32.dll

Mpr.dll

Mpr.dll

Advapi32.dll

Advapi32.dll

User32.dll

User32.dll

Gdi32.dll

Gdi32.dll

Kernel32.dll

Kernel32.dll

(&07-034/)7 '

(&07-034/)7 '

?? / %d]

?? / %d]

%d / %d]

%d / %d]

: %d]

: %d]

(*.WAV;*.MID)|*.WAV;*.MID|WAV

(*.WAV;*.MID)|*.WAV;*.MID|WAV

(*.WAV)|*.WAV|MIDI

(*.WAV)|*.WAV|MIDI

(*.MID)|*.MID|

(*.MID)|*.MID|

(*.txt)|*.txt|

(*.txt)|*.txt|

(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG

(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG

(*.JPG)|*.JPG|BMP

(*.JPG)|*.JPG|BMP

(*.BMP)|*.BMP|GIF

(*.BMP)|*.BMP|GIF

(*.GIF)|*.GIF|

(*.GIF)|*.GIF|

(*.ICO)|*.ICO|

(*.ICO)|*.ICO|

(*.CUR)|*.CUR|

(*.CUR)|*.CUR|

%s:%d

%s:%d

windows

windows

out.prn

out.prn

%d.%d

%d.%d

%d / %d

%d / %d

%d/%d

%d/%d

Bogus message code %d

Bogus message code %d

(%d-%d):

(%d-%d):

%ld%c

%ld%c

(*.avi)|*.avi

(*.avi)|*.avi

WPFT532.CNV

WPFT532.CNV

WPFT632.CNV

WPFT632.CNV

EXCEL32.CNV

EXCEL32.CNV

write32.wpc

write32.wpc

Windows Write

Windows Write

mswrd632.wpc

mswrd632.wpc

Word for Windows 6.0

Word for Windows 6.0

wword5.cnv

wword5.cnv

Word for Windows 5.0

Word for Windows 5.0

mswrd832.cnv

mswrd832.cnv

mswrd632.cnv

mswrd632.cnv

Word 6.0/95 for Windows & Macintosh

Word 6.0/95 for Windows & Macintosh

html32.cnv

html32.cnv

Service Pack %d

Service Pack %d

Windows 2003

Windows 2003

Windows XP

Windows XP

Windows 2000

Windows 2000

Windows NT

Windows NT

Windows ??

Windows ??

Windows Millenium Edition

Windows Millenium Edition

Windows 98 Second Edition

Windows 98 Second Edition

Windows 98 SP1

Windows 98 SP1

Windows 98

Windows 98

Windows 95 OSR2

Windows 95 OSR2

Windows 95 SP1

Windows 95 SP1

Windows 95

Windows 95

Windows CE

Windows CE

Microsoft Windows Me

Microsoft Windows Me

Microsoft Windows 98

Microsoft Windows 98

Microsoft Windows 95

Microsoft Windows 95

Microsoft Windows 2003

Microsoft Windows 2003

Microsoft Windows XP

Microsoft Windows XP

Microsoft Windows 2000

Microsoft Windows 2000

Microsoft Windows NT

Microsoft Windows NT

KERNEL32.DLL

KERNEL32.DLL

%s

%s

Reply-To: %s

Reply-To: %s

From: %s

From: %s

To: %s

To: %s

Subject: %s

Subject: %s

Date: %s

Date: %s

Cc: %s

Cc: %s

%a, %d %b %Y %H:%M:%S

%a, %d %b %Y %H:%M:%S

SMTP

SMTP

.PAVCObject@@

.PAVCObject@@

.PAVCSimpleException@@

.PAVCSimpleException@@

.PAVCMemoryException@@

.PAVCMemoryException@@

.?AVCNotSupportedException@@

.?AVCNotSupportedException@@

.PAVCResourceException@@

.PAVCResourceException@@

.PAVCUserException@@

.PAVCUserException@@

.?AVCCmdTarget@@

.?AVCCmdTarget@@

.?AVCCmdUI@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.?AVCTestCmdUI@@

.PAVCArchiveException@@

.PAVCArchiveException@@

zcÁ

zcÁ

perl.exe

perl.exe

63c37bf685e453975c01269.exe

63c37bf685e453975c01269.exe

cmd.exe

cmd.exe

263c37bf685e453975c01269.exe

263c37bf685e453975c01269.exe

x86 9.0.30729.4148

x86 9.0.30729.4148

c:\%original file name%.exe

c:\%original file name%.exe

GetCPInfo

GetCPInfo

GetWindowsDirectoryA

GetWindowsDirectoryA

WinExec

WinExec

GetProcessHeap

GetProcessHeap

RegCloseKey

RegCloseKey

RegOpenKeyExA

RegOpenKeyExA

RegCreateKeyExA

RegCreateKeyExA

GetViewportExtEx

GetViewportExtEx

GetViewportOrgEx

GetViewportOrgEx

SetViewportOrgEx

SetViewportOrgEx

OffsetViewportOrgEx

OffsetViewportOrgEx

SetViewportExtEx

SetViewportExtEx

ScaleViewportExtEx

ScaleViewportExtEx

ShellExecuteA

ShellExecuteA

GetKeyboardLayout

GetKeyboardLayout

GetKeyState

GetKeyState

SetWindowsHookExA

SetWindowsHookExA

UnhookWindowsHookEx

UnhookWindowsHookEx

CreateDialogIndirectParamA

CreateDialogIndirectParamA

.text

.text

.rdata

.rdata

@.data

@.data

.rsrc

.rsrc

(*.*)

(*.*)

Baidu_Setup_1.6.200.359_ftn_1050103060.exe_1308:

.text

.text

`.rdata

`.rdata

@.data

@.data

.ndata

.ndata

.rsrc

.rsrc

@.reloc

@.reloc

RegDeleteKeyExW

RegDeleteKeyExW

Kernel32.DLL

Kernel32.DLL

PSAPI.DLL

PSAPI.DLL

%s=%s

%s=%s

GetWindowsDirectoryW

GetWindowsDirectoryW

KERNEL32.dll

KERNEL32.dll

ExitWindowsEx

ExitWindowsEx

GetAsyncKeyState

GetAsyncKeyState

USER32.dll

USER32.dll

GDI32.dll

GDI32.dll

SHFileOperationW

SHFileOperationW

ShellExecuteW

ShellExecuteW

SHELL32.dll

SHELL32.dll

RegDeleteKeyW

RegDeleteKeyW

RegCloseKey

RegCloseKey

RegEnumKeyW

RegEnumKeyW

RegOpenKeyExW

RegOpenKeyExW

RegCreateKeyExW

RegCreateKeyExW

ADVAPI32.dll

ADVAPI32.dll

COMCTL32.dll

COMCTL32.dll

ole32.dll

ole32.dll

VERSION.dll

VERSION.dll

uKeY

uKeY

) %s#

) %s#

OZ.nfwV

OZ.nfwV

5m6c6

5m6c6

8$8@8_8~8

8$8@8_8~8

= =)=4=;=

= =)=4=;=

6o6s6z6

6o6s6z6

6)646*959

6)646*959

3"4'4.434:4?4

3"4'4.434:4?4

0 0(050

0 0(050

7%7s7

7%7s7

4 4$4(4,404

4 4$4(4,404

; ;$;(;3;

; ;$;(;3;

7 7$7(7,707

7 7$7(7,707

5 5$5(5,505

5 5$5(5,505

: :$:(:,:

: :$:(:,:

; ;$;,;@;`;

; ;$;,;@;`;

Nullsoft Install System v2.46.5-Unicode

Nullsoft Install System v2.46.5-Unicode

logging set to %d

logging set to %d

settings logging to %d

settings logging to %d

created uninstaller: %d, "%s"

created uninstaller: %d, "%s"

WriteReg: error creating key "%s\%s"

WriteReg: error creating key "%s\%s"

WriteReg: error writing into "%s\%s" "%s"

WriteReg: error writing into "%s\%s" "%s"

WriteRegBin: "%s\%s" "%s"="%s"

WriteRegBin: "%s\%s" "%s"="%s"

WriteRegDWORD: "%s\%s" "%s"="0xx"

WriteRegDWORD: "%s\%s" "%s"="0xx"

WriteRegExpandStr: "%s\%s" "%s"="%s"

WriteRegExpandStr: "%s\%s" "%s"="%s"

WriteRegStr: "%s\%s" "%s"="%s"

WriteRegStr: "%s\%s" "%s"="%s"

DeleteRegKey: "%s\%s"

DeleteRegKey: "%s\%s"

DeleteRegValue: "%s\%s" "%s"

DeleteRegValue: "%s\%s" "%s"

WriteINIStr: wrote [%s] %s=%s in %s

WriteINIStr: wrote [%s] %s=%s in %s

CopyFiles "%s"->"%s"

CopyFiles "%s"->"%s"

CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d

CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d

Error registering DLL: Could not load %s

Error registering DLL: Could not load %s

Error registering DLL: %s not found in %s

Error registering DLL: %s not found in %s

GetTTFFontName(%s) returned %s

GetTTFFontName(%s) returned %s

GetTTFVersionString(%s) returned %s

GetTTFVersionString(%s) returned %s

Exec: failed createprocess ("%s")

Exec: failed createprocess ("%s")

Exec: success ("%s")

Exec: success ("%s")

Exec: command="%s"

Exec: command="%s"

ExecShell: success ("%s": file:"%s" params:"%s")

ExecShell: success ("%s": file:"%s" params:"%s")

ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d

ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d

Exch: stack

Exch: stack

RMDir: "%s"

RMDir: "%s"

MessageBox: %d,"%s"

MessageBox: %d,"%s"

Delete: "%s"

Delete: "%s"

File: wrote %d to "%s"

File: wrote %d to "%s"

File: skipped: "%s" (overwriteflag=%d)

File: skipped: "%s" (overwriteflag=%d)

File: error creating "%s"

File: error creating "%s"

File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"

File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"

Rename failed: %s

Rename failed: %s

Rename on reboot: %s

Rename on reboot: %s

Rename: %s

Rename: %s

IfFileExists: file "%s" does not exist, jumping %d

IfFileExists: file "%s" does not exist, jumping %d

IfFileExists: file "%s" exists, jumping %d

IfFileExists: file "%s" exists, jumping %d

CreateDirectory: "%s" created

CreateDirectory: "%s" created

CreateDirectory: can't create "%s" - a file already exists

CreateDirectory: can't create "%s" - a file already exists

CreateDirectory: can't create "%s" (err=%d)

CreateDirectory: can't create "%s" (err=%d)

CreateDirectory: "%s" (%d)

CreateDirectory: "%s" (%d)

SetFileAttributes: "%s":X

SetFileAttributes: "%s":X

Sleep(%d)

Sleep(%d)

detailprint: %s

detailprint: %s

Call: %d

Call: %d

Aborting: "%s"

Aborting: "%s"

Jump: %d

Jump: %d

verifying installer: %d%%

verifying installer: %d%%

unpacking data: %d%%

unpacking data: %d%%

... %d%%

... %d%%

hXXp://nsis.sf.net/NSIS_Error

hXXp://nsis.sf.net/NSIS_Error

~nsu.tmp

~nsu.tmp

install.log

install.log

%u.%u%s%s

%u.%u%s%s

Skipping section: "%s"

Skipping section: "%s"

Section: "%s"

Section: "%s"

New install of "%s" to "%s"

New install of "%s" to "%s"

.DEFAULT\Control Panel\International

.DEFAULT\Control Panel\International

Software\Microsoft\Windows\CurrentVersion

Software\Microsoft\Windows\CurrentVersion

*?|/":

*?|/":

invalid registry key

invalid registry key

HKEY_DYN_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

HKEY_CURRENT_CONFIG

HKEY_PERFORMANCE_DATA

HKEY_PERFORMANCE_DATA

HKEY_USERS

HKEY_USERS

HKEY_LOCAL_MACHINE

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

HKEY_CLASSES_ROOT

x%c

x%c

RMDir: RemoveDirectory failed("%s")

RMDir: RemoveDirectory failed("%s")

RMDir: RemoveDirectory on Reboot("%s")

RMDir: RemoveDirectory on Reboot("%s")

RMDir: RemoveDirectory("%s")

RMDir: RemoveDirectory("%s")

RMDir: RemoveDirectory invalid input("%s")

RMDir: RemoveDirectory invalid input("%s")

Delete: DeleteFile failed("%s")

Delete: DeleteFile failed("%s")

Delete: DeleteFile on Reboot("%s")

Delete: DeleteFile on Reboot("%s")

Delete: DeleteFile("%s")

Delete: DeleteFile("%s")

%s: failed opening file "%s"

%s: failed opening file "%s"

S~1\Temp\nsq3.tmp\InstallHelper.dll

S~1\Temp\nsq3.tmp\InstallHelper.dll

\msvcr80.dll

\msvcr80.dll

80.CRT.manifest

80.CRT.manifest

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsq3.tmp\InstallHelper.dll

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsq3.tmp\InstallHelper.dll

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsq3.tmp

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsq3.tmp

nsq3.tmp

nsq3.tmp

File: wrote 802816 to "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsq3.tmp\InstallHelper.dll"

File: wrote 802816 to "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsq3.tmp\InstallHelper.dll"

nsq3.tmp\InstallHelper.dll"

nsq3.tmp\InstallHelper.dll"

1.6.200.359

1.6.200.359

:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsq3.tmp

:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsq3.tmp

D:\dream\Baidu_Setup_1.6.200.359_ftn_1050103060.exe

D:\dream\Baidu_Setup_1.6.200.359_ftn_1050103060.exe

%WinDir%\Temp\baidu\youqian

%WinDir%\Temp\baidu\youqian

%WinDir%\Temp\baidu\youqian\

%WinDir%\Temp\baidu\youqian\

Microsoft.VC80.CRT

Microsoft.VC80.CRT

D:\dream

D:\dream

Baidu_Setup_1.6.200.359_ftn_1050103060.exe

Baidu_Setup_1.6.200.359_ftn_1050103060.exe

CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsv1.tmp

CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsv1.tmp

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\

1.6.200.359

1.6.200.359

Baidu_Setup_1.6.200.359_ftn_1050103060.exe_492:

.text

.text

`.rdata

`.rdata

@.data

@.data

.ndata

.ndata

.rsrc

.rsrc

@.reloc

@.reloc

RegDeleteKeyExW

RegDeleteKeyExW

Kernel32.DLL

Kernel32.DLL

PSAPI.DLL

PSAPI.DLL

%s=%s

%s=%s

GetWindowsDirectoryW

GetWindowsDirectoryW

KERNEL32.dll

KERNEL32.dll

ExitWindowsEx

ExitWindowsEx

GetAsyncKeyState

GetAsyncKeyState

USER32.dll

USER32.dll

GDI32.dll

GDI32.dll

SHFileOperationW

SHFileOperationW

ShellExecuteW

ShellExecuteW

SHELL32.dll

SHELL32.dll

RegDeleteKeyW

RegDeleteKeyW

RegCloseKey

RegCloseKey

RegEnumKeyW

RegEnumKeyW

RegOpenKeyExW

RegOpenKeyExW

RegCreateKeyExW

RegCreateKeyExW

ADVAPI32.dll

ADVAPI32.dll

COMCTL32.dll

COMCTL32.dll

ole32.dll

ole32.dll

VERSION.dll

VERSION.dll

>ÌW

>ÌW

s.Zn|

s.Zn|

Thawte Certification1

Thawte Certification1

hXXp://ocsp.thawte.com0

hXXp://ocsp.thawte.com0

.hXXp://crl.thawte.com/ThawteTimestampingCA.crl0

.hXXp://crl.thawte.com/ThawteTimestampingCA.crl0

&hXXps://VVV.globalsign.com/repository/03

&hXXps://VVV.globalsign.com/repository/03

"hXXp://crl.globalsign.net/root.crl0

"hXXp://crl.globalsign.net/root.crl0

hXXp://ts-ocsp.ws.symantec.com07

hXXp://ts-ocsp.ws.symantec.com07

hXXp://ts-aia.ws.symantec.com/tss-ca-g2.cer0

hXXp://ts-aia.ws.symantec.com/tss-ca-g2.cer0

hXXp://ts-crl.ws.symantec.com/tss-ca-g2.crl0(

hXXp://ts-crl.ws.symantec.com/tss-ca-g2.crl0(

&hXXps://VVV.globalsign.com/repository/0

&hXXps://VVV.globalsign.com/repository/0

-hXXp://crl.globalsign.com/gs/gscodesigng2.crl0

-hXXp://crl.globalsign.com/gs/gscodesigng2.crl0

4hXXp://secure.globalsign.com/cacert/gscodesigng2.crt04

4hXXp://secure.globalsign.com/cacert/gscodesigng2.crt04

(hXXp://ocsp2.globalsign.com/gscodesigng20

(hXXp://ocsp2.globalsign.com/gscodesigng20

DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0

DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0

2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,

2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,

hXXp://mini.baidu.com 0

hXXp://mini.baidu.com 0

System.dll

System.dll

2Beijing baidu Netcom science and technology co.ltd1>0

2Beijing baidu Netcom science and technology co.ltd1>0

2Beijing baidu Netcom science and technology co.ltd0

2Beijing baidu Netcom science and technology co.ltd0

/hXXp://csc3-2010-crl.verisign.com/CSC3-2010.crl0D

/hXXp://csc3-2010-crl.verisign.com/CSC3-2010.crl0D

hXXps://VVV.verisign.com/rpa0

hXXps://VVV.verisign.com/rpa0

hXXp://ocsp.verisign.com0;

hXXp://ocsp.verisign.com0;

/hXXp://csc3-2010-aia.verisign.com/CSC3-2010.cer0

/hXXp://csc3-2010-aia.verisign.com/CSC3-2010.cer0

hXXps://VVV.verisign.com/cps0*

hXXps://VVV.verisign.com/cps0*

#hXXp://logo.verisign.com/vslogo.gif04

#hXXp://logo.verisign.com/vslogo.gif04

#hXXp://crl.verisign.com/pca3-g5.crl04

#hXXp://crl.verisign.com/pca3-g5.crl04

hXXp://ocsp.verisign.com0

hXXp://ocsp.verisign.com0

K7.cX?

K7.cX?

>>>.AAA

>>>.AAA

Nullsoft Install System v2.46.5-Unicode

Nullsoft Install System v2.46.5-Unicode

logging set to %d

logging set to %d

settings logging to %d

settings logging to %d

created uninstaller: %d, "%s"

created uninstaller: %d, "%s"

WriteReg: error creating key "%s\%s"

WriteReg: error creating key "%s\%s"

WriteReg: error writing into "%s\%s" "%s"

WriteReg: error writing into "%s\%s" "%s"

WriteRegBin: "%s\%s" "%s"="%s"

WriteRegBin: "%s\%s" "%s"="%s"

WriteRegDWORD: "%s\%s" "%s"="0xx"

WriteRegDWORD: "%s\%s" "%s"="0xx"

WriteRegExpandStr: "%s\%s" "%s"="%s"

WriteRegExpandStr: "%s\%s" "%s"="%s"

WriteRegStr: "%s\%s" "%s"="%s"

WriteRegStr: "%s\%s" "%s"="%s"

DeleteRegKey: "%s\%s"

DeleteRegKey: "%s\%s"

DeleteRegValue: "%s\%s" "%s"

DeleteRegValue: "%s\%s" "%s"

WriteINIStr: wrote [%s] %s=%s in %s

WriteINIStr: wrote [%s] %s=%s in %s

CopyFiles "%s"->"%s"

CopyFiles "%s"->"%s"

CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d

CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d

Error registering DLL: Could not load %s

Error registering DLL: Could not load %s

Error registering DLL: %s not found in %s

Error registering DLL: %s not found in %s

GetTTFFontName(%s) returned %s

GetTTFFontName(%s) returned %s

GetTTFVersionString(%s) returned %s

GetTTFVersionString(%s) returned %s

Exec: failed createprocess ("%s")

Exec: failed createprocess ("%s")

Exec: success ("%s")

Exec: success ("%s")

Exec: command="%s"

Exec: command="%s"

ExecShell: success ("%s": file:"%s" params:"%s")

ExecShell: success ("%s": file:"%s" params:"%s")

ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d

ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d

Exch: stack

Exch: stack

RMDir: "%s"

RMDir: "%s"

MessageBox: %d,"%s"

MessageBox: %d,"%s"

Delete: "%s"

Delete: "%s"

File: wrote %d to "%s"

File: wrote %d to "%s"

File: skipped: "%s" (overwriteflag=%d)

File: skipped: "%s" (overwriteflag=%d)

File: error creating "%s"

File: error creating "%s"

File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"

File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"

Rename failed: %s

Rename failed: %s

Rename on reboot: %s

Rename on reboot: %s

Rename: %s

Rename: %s

IfFileExists: file "%s" does not exist, jumping %d

IfFileExists: file "%s" does not exist, jumping %d

IfFileExists: file "%s" exists, jumping %d

IfFileExists: file "%s" exists, jumping %d

CreateDirectory: "%s" created

CreateDirectory: "%s" created

CreateDirectory: can't create "%s" - a file already exists

CreateDirectory: can't create "%s" - a file already exists

CreateDirectory: can't create "%s" (err=%d)

CreateDirectory: can't create "%s" (err=%d)

CreateDirectory: "%s" (%d)

CreateDirectory: "%s" (%d)

SetFileAttributes: "%s":X

SetFileAttributes: "%s":X

Sleep(%d)

Sleep(%d)

detailprint: %s

detailprint: %s

Call: %d

Call: %d

Aborting: "%s"

Aborting: "%s"

Jump: %d

Jump: %d

verifying installer: %d%%

verifying installer: %d%%

unpacking data: %d%%

unpacking data: %d%%

... %d%%

... %d%%

hXXp://nsis.sf.net/NSIS_Error

hXXp://nsis.sf.net/NSIS_Error

~nsu.tmp

~nsu.tmp

install.log

install.log

%u.%u%s%s

%u.%u%s%s

Skipping section: "%s"

Skipping section: "%s"

Section: "%s"

Section: "%s"

New install of "%s" to "%s"

New install of "%s" to "%s"

.DEFAULT\Control Panel\International

.DEFAULT\Control Panel\International

Software\Microsoft\Windows\CurrentVersion

Software\Microsoft\Windows\CurrentVersion

*?|/":

*?|/":

invalid registry key

invalid registry key

HKEY_DYN_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

HKEY_CURRENT_CONFIG

HKEY_PERFORMANCE_DATA

HKEY_PERFORMANCE_DATA

HKEY_USERS

HKEY_USERS

HKEY_LOCAL_MACHINE

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

HKEY_CLASSES_ROOT

x%c

x%c

RMDir: RemoveDirectory failed("%s")

RMDir: RemoveDirectory failed("%s")

RMDir: RemoveDirectory on Reboot("%s")

RMDir: RemoveDirectory on Reboot("%s")

RMDir: RemoveDirectory("%s")

RMDir: RemoveDirectory("%s")

RMDir: RemoveDirectory invalid input("%s")

RMDir: RemoveDirectory invalid input("%s")

Delete: DeleteFile failed("%s")

Delete: DeleteFile failed("%s")

Delete: DeleteFile on Reboot("%s")

Delete: DeleteFile on Reboot("%s")

Delete: DeleteFile("%s")

Delete: DeleteFile("%s")

%s: failed opening file "%s"

%s: failed opening file "%s"

1\"%CurrentUserName%"\LOCALS~1\Temp\nsr6.tmp\InstallHelper.dll

1\"%CurrentUserName%"\LOCALS~1\Temp\nsr6.tmp\InstallHelper.dll

lient\1.6.200.359\Baidu.exe" -i 2#"%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359" -p 3

lient\1.6.200.359\Baidu.exe" -i 2#"%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359" -p 3

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsr6.tmp\InstallHelper.dll

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsr6.tmp\InstallHelper.dll

Poicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}

Poicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsr6.tmp

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsr6.tmp

aidu\BaiduClient\1.6.200.359

aidu\BaiduClient\1.6.200.359

\Baidu.exe" -noclient

\Baidu.exe" -noclient

ient\1.6.200.359

ient\1.6.200.359

callback%d

callback%d

kernel32.dll

kernel32.dll

nsr6.tmp

nsr6.tmp

File: skipped: "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsr6.tmp\InstallHelper.dll" (overwriteflag=1)

File: skipped: "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsr6.tmp\InstallHelper.dll" (overwriteflag=1)

stallHelper.dll"

stallHelper.dll"

:\Documents and Settings\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\1.6.200.359" -p 3")

:\Documents and Settings\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\1.6.200.359" -p 3")

\Local\Baidu\BaiduClient\1.6.200.359"

\Local\Baidu\BaiduClient\1.6.200.359"

ient\1.6.200.359\BDClientProxy.dll

ient\1.6.200.359\BDClientProxy.dll

%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359" -p 3

%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359" -p 3

1050103060

1050103060

.200.359_ftn_1050103060.exe

.200.359_ftn_1050103060.exe

\WINDOWS\Temp\baidu\youqian\

\WINDOWS\Temp\baidu\youqian\

\Baidu_Setup_1.6.200.359_ftn_1050103060.exe" /S

\Baidu_Setup_1.6.200.359_ftn_1050103060.exe" /S

0103060

0103060

050103060.exe

050103060.exe

"%WinDir%\Temp\baidu\youqian\

"%WinDir%\Temp\baidu\youqian\

%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359

%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359

yinyue\1.0.0.0

yinyue\1.0.0.0

1.0.0.2

1.0.0.2

%WinDir%\Temp\baidu\youqian\

%WinDir%\Temp\baidu\youqian\

Baidu_Setup_1.6.200.359_ftn_1050103060.exe

Baidu_Setup_1.6.200.359_ftn_1050103060.exe

CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsr4.tmp

CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsr4.tmp

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\

\Baidu_Setup_1.6.200.359_ftn_1050103060.exe

\Baidu_Setup_1.6.200.359_ftn_1050103060.exe

%Documents and Settings%\%current user%\Desktop

%Documents and Settings%\%current user%\Desktop

%Documents and Settings%\%current user%\Start Menu\Programs

%Documents and Settings%\%current user%\Start Menu\Programs

%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient

%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient

%Documents and Settings%\All Users

%Documents and Settings%\All Users

%Documents and Settings%\All Users\Application Data

%Documents and Settings%\All Users\Application Data

%Documents and Settings%\%current user%\Application Data

%Documents and Settings%\%current user%\Application Data

1.6.200.359

1.6.200.359

Baidu.exe_808:

.text

.text

`.rdata

`.rdata

@.data

@.data

.rsrc

.rsrc

@.reloc

@.reloc

Base.dll

Base.dll

Utils.dll

Utils.dll

WS2_32.dll

WS2_32.dll

Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag

Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag

unsupported version

unsupported version

asio.misc

asio.misc

asio.misc error

asio.misc error

thread.entry_event

thread.entry_event

thread.exit_event

thread.exit_event

E:\MiniBaidu\Basic\Include\CommonInclude\Base/Process/IPCMessager.h

E:\MiniBaidu\Basic\Include\CommonInclude\Base/Process/IPCMessager.h

E:\MiniBaidu\Basic\Include\CommonInclude\Base/Process/ChildProcess.h

E:\MiniBaidu\Basic\Include\CommonInclude\Base/Process/ChildProcess.h

CChildProcess::HandleMsg() invalid message id.

CChildProcess::HandleMsg() invalid message id.

Base::Process::CChildProcess::HandleMsg

Base::Process::CChildProcess::HandleMsg

BrowserProcess.cpp

BrowserProcess.cpp

NeedInstallNewVersion:%d

NeedInstallNewVersion:%d

DecodeMsgContent() serialization error

DecodeMsgContent() serialization error

DecodeMsgContent

DecodeMsgContent

E:\MiniBaidu\Basic\Include\CommonInclude\Base/Process/IPCMessageDef.h

E:\MiniBaidu\Basic\Include\CommonInclude\Base/Process/IPCMessageDef.h

E:\MiniBaidu\minibaidu_stable_proj\Include\boost/exception/detail/exception_ptr.hpp

E:\MiniBaidu\minibaidu_stable_proj\Include\boost/exception/detail/exception_ptr.hpp

EncodeMsgContent() serialization error

EncodeMsgContent() serialization error

EncodeMsgContent

EncodeMsgContent

BrowserShell.cpp

BrowserShell.cpp

Heartbeat.dll

Heartbeat.dll

BDMSkin.dll

BDMSkin.dll

Skins\CommonRes.rdb

Skins\CommonRes.rdb

UIHandler.dll

UIHandler.dll

BrowserFrame.dll

BrowserFrame.dll

C:\Windows\System32\riched20.dll

C:\Windows\System32\riched20.dll

e:\minibaidu\minibaidu_client_proj\source\brbrowser\AppPrefetcher.h

e:\minibaidu\minibaidu_client_proj\source\brbrowser\AppPrefetcher.h

open file error: %x

open file error: %x

BrowserShellMain.cpp

BrowserShellMain.cpp

CommonWorkerProcess.cpp

CommonWorkerProcess.cpp

CCommonWorkerProcess::HandleMsg Fail to handle %d message.

CCommonWorkerProcess::HandleMsg Fail to handle %d message.

CCommonWorkerProcess::HandleMsg

CCommonWorkerProcess::HandleMsg

CCommonWorkerProcess::GetInstance Fail to get %d instance

CCommonWorkerProcess::GetInstance Fail to get %d instance

Report %d data

Report %d data

CCommonWorkerProcess::HandleReportJob

CCommonWorkerProcess::HandleReportJob

CCommonWorkerProcess::HandleReportJob Fail to handle %d message

CCommonWorkerProcess::HandleReportJob Fail to handle %d message

GetReportMgr

GetReportMgr

ReleaseReportMgr

ReleaseReportMgr

CCommonWorkerProcess::HandleProtocolJob Fail to handle %d message

CCommonWorkerProcess::HandleProtocolJob Fail to handle %d message

boost thread: trying joining itself

boost thread: trying joining itself

E:\MiniBaidu\Basic\Include\CommonInclude\Base/Process/AsyncTask.h

E:\MiniBaidu\Basic\Include\CommonInclude\Base/Process/AsyncTask.h

PluginMgrProcess.cpp

PluginMgrProcess.cpp

RendererProcess.cpp

RendererProcess.cpp

E:\MiniBaidu\Basic\Output\BinRelease\Baidu.pdb

E:\MiniBaidu\Basic\Output\BinRelease\Baidu.pdb

?QueryKeyValue@Register@Base@@YAHPAUHKEY__@@PB_W1PA_WPAK@Z

?QueryKeyValue@Register@Base@@YAHPAUHKEY__@@PB_W1PA_WPAK@Z

Report.dll

Report.dll

MSVCP100.dll

MSVCP100.dll

MSVCR100.dll

MSVCR100.dll

_amsg_exit

_amsg_exit

_acmdln

_acmdln

_crt_debugger_hook

_crt_debugger_hook

GetProcessHeap

GetProcessHeap

CreateIoCompletionPort

CreateIoCompletionPort

KERNEL32.dll

KERNEL32.dll

USER32.dll

USER32.dll

RegCreateKeyExW

RegCreateKeyExW

RegOpenKeyExW

RegOpenKeyExW

RegCloseKey

RegCloseKey

ADVAPI32.dll

ADVAPI32.dll

ole32.dll

ole32.dll

ShellExecuteW

ShellExecuteW

SHELL32.dll

SHELL32.dll

SHLWAPI.dll

SHLWAPI.dll

WINMM.dll

WINMM.dll

.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@

.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@

.?AV?$singleton@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@serialization@boost@@

.?AV?$singleton@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@serialization@boost@@

.?AV?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@

.?AV?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@

.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@

.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@

.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@

.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@

.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@

.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@

.?AV?$singleton@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@serialization@boost@@

.?AV?$singleton@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@serialization@boost@@

.?AV?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@

.?AV?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@

.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@

.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@

.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@

.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@

.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@

.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@

.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@

.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@

.?AV?$bind_t@_NV?$mf1@_NVCChildProcess@Process@Base@@ABUSIPCMsg@IPCMessager@3@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCChildProcess@Process@Base@@@boost@@@_bi@boost@@U?$arg@$00@3@@_bi@3@@_bi@boost@@

.?AV?$bind_t@_NV?$mf1@_NVCChildProcess@Process@Base@@ABUSIPCMsg@IPCMessager@3@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCChildProcess@Process@Base@@@boost@@@_bi@boost@@U?$arg@$00@3@@_bi@3@@_bi@boost@@

.?AUSLaunchDone@ControlMsg@@

.?AUSLaunchDone@ControlMsg@@

.?AUSRunDone@ControlMsg@@

.?AUSRunDone@ControlMsg@@

.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@

.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@

.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@

.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@

.?AV?$singleton@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@

.?AV?$singleton@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@

.?AV?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@

.?AV?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@

.?AV?$singleton@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@

.?AV?$singleton@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@

.?AV?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@

.?AV?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@

.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@

.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@

.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@

.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@

.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@

.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@

.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@

.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@

.?AV?$bind_t@XV?$mf1@XVCCommonWorkerProcess@@ABUSIPCMsg@IPCMessager@Base@@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCCommonWorkerProcess@@@boost@@@_bi@boost@@V?$value@USIPCMsg@IPCMessager@Base@@@23@@_bi@3@@_bi@boost@@

.?AV?$bind_t@XV?$mf1@XVCCommonWorkerProcess@@ABUSIPCMsg@IPCMessager@Base@@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCCommonWorkerProcess@@@boost@@@_bi@boost@@V?$value@USIPCMsg@IPCMessager@Base@@@23@@_bi@3@@_bi@boost@@

.?AUSHostDoReport@CommonServiceMsg@@

.?AUSHostDoReport@CommonServiceMsg@@

.?AUSHostLoginNotification@CommonServiceMsg@@

.?AUSHostLoginNotification@CommonServiceMsg@@

%uuqb

%uuqb

?"?4?;?|?

?"?4?;?|?

;%;*;2;{;

;%;*;2;{;

5T5C5R5a5p5

5T5C5R5a5p5

= =$=(=,=0=4=8=

= =$=(=,=0=4=8=

9 9@9`9|9

9 9@9`9|9

3 3$3(3,30343

3 3$3(3,30343

A8706990-9490-4106-8033-12E64714B86B

A8706990-9490-4106-8033-12E64714B86B

Protocol.dll

Protocol.dll

CHROMECORE_PROCESS

CHROMECORE_PROCESS

\WebkitEngine.dll

\WebkitEngine.dll

\TridentEngine.dll

\TridentEngine.dll

chrome-extension

chrome-extension

login

login

url-safe

url-safe

res://LocalPages.dll/

res://LocalPages.dll/

.html

.html

.br.baidu.com

.br.baidu.com

.bdl.brs

.bdl.brs

--default-chromecore-path=

--default-chromecore-path=

--disable-chromecore

--disable-chromecore

Reply msg to parent

Reply msg to parent

Start hearbeat and send heartbeat msg.

Start hearbeat and send heartbeat msg.

password

password

C1BB4C06-D91C-47D8-B28E-E76B943205E9

C1BB4C06-D91C-47D8-B28E-E76B943205E9

user32.dll

user32.dll

\LogicMisc.dll

\LogicMisc.dll

\UIHandler.dll

\UIHandler.dll

Upd.dat

Upd.dat

BaiduUpdate.exe

BaiduUpdate.exe

\BrowserFrame.dll

\BrowserFrame.dll

\Heartbeat.dll

\Heartbeat.dll

%ws\Utils.dll

%ws\Utils.dll

%ws\Base.dll

%ws\Base.dll

Leave PrefetchData:readFile error code=%d

Leave PrefetchData:readFile error code=%d

Enter Base::MemoryOptimizer::Instance().Start()

Enter Base::MemoryOptimizer::Instance().Start()

Leave Base::MemoryOptimizer::Instance().Start()

Leave Base::MemoryOptimizer::Instance().Start()

Baidu.exe

Baidu.exe

@\CommonWorker.dll

@\CommonWorker.dll

Failed in init CommonWorker.dll instance.

Failed in init CommonWorker.dll instance.

pCCommonWorkerProcess::Run installationTask = %s

pCCommonWorkerProcess::Run installationTask = %s

CCommonWorkerProcess::Run customid = %d shmoffset = %d

CCommonWorkerProcess::Run customid = %d shmoffset = %d

CCommonWorkerProcess::HandleInstallationTask() strTaskType=%s strTaskParam=%s

CCommonWorkerProcess::HandleInstallationTask() strTaskType=%s strTaskParam=%s

BaiduBugRpt.exe

BaiduBugRpt.exe

Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

uninst.exe

uninst.exe

HandleSCNotifyTask ItemID = %d shmoffset = %d

HandleSCNotifyTask ItemID = %d shmoffset = %d

HandleSCNotifyTask wszSrcFileName = %s

HandleSCNotifyTask wszSrcFileName = %s

HandleSCNotifyTask monitorid = %d

HandleSCNotifyTask monitorid = %d

HandleSCNotifyTask eventType = %d

HandleSCNotifyTask eventType = %d

ShellExecute result = %d

ShellExecute result = %d

sBDClientProxy.dll

sBDClientProxy.dll

Software\Microsoft\Windows\CurrentVersion\Run

Software\Microsoft\Windows\CurrentVersion\Run

ClientRegAddValueToList result = %d

ClientRegAddValueToList result = %d

nClientRegSetValueEx result = %d

nClientRegSetValueEx result = %d

GetDefenseSwitch value = %s

GetDefenseSwitch value = %s

GetDefenseSwitch Read Reg failed! err = %d

GetDefenseSwitch Read Reg failed! err = %d

\PluginMgr.dll

\PluginMgr.dll

p\BrowserCore.dll

p\BrowserCore.dll

1.6.200.359

1.6.200.359

CheckerExe.exe_2864:

.text

.text

`.rdata

`.rdata

@.data

@.data

.rsrc

.rsrc

@.reloc

@.reloc

t6;.u%Sj

t6;.u%Sj

aSSSh

aSSSh

FTPjK

FTPjK

FtPj;

FtPj;

C.PjRV

C.PjRV

tGHt.Ht&

tGHt.Ht&

t.Wh,

t.Wh,

Visual C CRT: Not enough memory to complete call to strerror.

Visual C CRT: Not enough memory to complete call to strerror.

Please contact the application's support team for more information.

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- CRT not initialized

- floating point support not loaded

- floating point support not loaded

.mixcrt

.mixcrt

KERNEL32.DLL

KERNEL32.DLL

mscoree.dll

mscoree.dll

Broken pipe

Broken pipe

Inappropriate I/O control operation

Inappropriate I/O control operation

Operation not permitted

Operation not permitted

operator

operator

GetProcessWindowStation

GetProcessWindowStation

USER32.DLL

USER32.DLL

kernel32.dll

kernel32.dll

portuguese-brazilian

portuguese-brazilian

..\src\google\protobuf\message_lite.cc

..\src\google\protobuf\message_lite.cc

CHECK failed: !coded_out.HadError():

CHECK failed: !coded_out.HadError():

libprotobuf %s %s:%d] %s

libprotobuf %s %s:%d] %s

%d.%d.%d

%d.%d.%d

..\src\google\protobuf\stubs\common.cc

..\src\google\protobuf\stubs\common.cc

..\src\google\protobuf\io\coded_stream.cc

..\src\google\protobuf\io\coded_stream.cc

..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc

..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc

Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag

Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag

CHECK failed: (from.GetDescriptor()) == (descriptor):

CHECK failed: (from.GetDescriptor()) == (descriptor):

..\src\google\protobuf\message.cc

..\src\google\protobuf\message.cc

: Tried to copy from a message with a different type.to:

: Tried to copy from a message with a different type.to:

..\src\google\protobuf\descriptor.cc

..\src\google\protobuf\descriptor.cc

". To use it here, please add the necessary import.

". To use it here, please add the necessary import.

", which is not imported by "

", which is not imported by "

.PLACEHOLDER_VALUE

.PLACEHOLDER_VALUE

.placeholder.proto

.placeholder.proto

map key must name a scalar or string field.

map key must name a scalar or string field.

map_key must not name a repeated field.

map_key must not name a repeated field.

$0$1 = $2

$0$1 = $2

.dummy

.dummy

FieldDescriptorProto.extendee set for non-extension field.

FieldDescriptorProto.extendee set for non-extension field.

FieldDescriptorProto.extendee not set for extension field.

FieldDescriptorProto.extendee not set for extension field.

Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "

Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "

$0$1 $2 $3 = $4

$0$1 $2 $3 = $4

CHECK failed: dynamic.get() != NULL:

CHECK failed: dynamic.get() != NULL:

.foo = value".

.foo = value".

CHECK failed: !out.HadError():

CHECK failed: !out.HadError():

" is repeated. Repeated options are not supported.

" is repeated. Repeated options are not supported.

Import "

Import "

Missing field: FileDescriptorProto.name.

Missing field: FileDescriptorProto.name.

File recursively imports itself:

File recursively imports itself:

..\src\google\protobuf\wire_format.cc

..\src\google\protobuf\wire_format.cc

..\src\google\protobuf\reflection_ops.cc

..\src\google\protobuf\reflection_ops.cc

..\src\google\protobuf\generated_message_reflection.cc

..\src\google\protobuf\generated_message_reflection.cc

\xx

\xx

..\src\google\protobuf\stubs\strutil.cc

..\src\google\protobuf\stubs\strutil.cc

?..\src\google\protobuf\descriptor.pb.cc

?..\src\google\protobuf\descriptor.pb.cc

google/protobuf/descriptor.proto

google/protobuf/descriptor.proto

google/protobuf/descriptor.proto

google/protobuf/descriptor.proto

google.protobuf"G

google.protobuf"G

2$.google.protobuf.FileDescriptorProto"

2$.google.protobuf.FileDescriptorProto"

2 .google.protobuf.DescriptorProto

2 .google.protobuf.DescriptorProto

2$.google.protobuf.EnumDescriptorProto

2$.google.protobuf.EnumDescriptorProto

2'.google.protobuf.ServiceDescriptorProto

2'.google.protobuf.ServiceDescriptorProto

2%.google.protobuf.FieldDescriptorProto

2%.google.protobuf.FieldDescriptorProto

.google.protobuf.FileOptions

.google.protobuf.FileOptions

.google.protobuf.SourceCodeInfo"

.google.protobuf.SourceCodeInfo"

2/.google.protobuf.DescriptorProto.ExtensionRange

2/.google.protobuf.DescriptorProto.ExtensionRange

.google.protobuf.MessageOptions

.google.protobuf.MessageOptions

2 .google.protobuf.FieldDescriptorProto.Label

2 .google.protobuf.FieldDescriptorProto.Label

2*.google.protobuf.FieldDescriptorProto.Type

2*.google.protobuf.FieldDescriptorProto.Type

.google.protobuf.FieldOptions"

.google.protobuf.FieldOptions"

2).google.protobuf.EnumValueDescriptorProto

2).google.protobuf.EnumValueDescriptorProto

.google.protobuf.EnumOptions"l

.google.protobuf.EnumOptions"l

2!.google.protobuf.EnumValueOptions"

2!.google.protobuf.EnumValueOptions"

2&.google.protobuf.MethodDescriptorProto

2&.google.protobuf.MethodDescriptorProto

.google.protobuf.ServiceOptions"

.google.protobuf.ServiceOptions"

.google.protobuf.MethodOptions"

.google.protobuf.MethodOptions"

2).google.protobuf.FileOptions.OptimizeMode:

2).google.protobuf.FileOptions.OptimizeMode:

2$.google.protobuf.UninterpretedOption":

2$.google.protobuf.UninterpretedOption":

2$.google.protobuf.UninterpretedOption*

2$.google.protobuf.UninterpretedOption*

2#.google.protobuf.FieldOptions.CType:

2#.google.protobuf.FieldOptions.CType:

experimental_map_key

experimental_map_key

2$.google.protobuf.UninterpretedOption"/

2$.google.protobuf.UninterpretedOption"/

2-.google.protobuf.UninterpretedOption.NamePart

2-.google.protobuf.UninterpretedOption.NamePart

2(.google.protobuf.SourceCodeInfo.Location

2(.google.protobuf.SourceCodeInfo.Location

com.google.protobufB

com.google.protobufB

Tokenizer::ParseInteger() passed text that could not have been tokenized as an integer:

Tokenizer::ParseInteger() passed text that could not have been tokenized as an integer:

..\src\google\protobuf\io\tokenizer.cc

..\src\google\protobuf\io\tokenizer.cc

Tokenizer::ParseFloat() passed text that could not have been tokenized as a float:

Tokenizer::ParseFloat() passed text that could not have been tokenized as a float:

Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:

Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:

..\src\google\protobuf\dynamic_message.cc

..\src\google\protobuf\dynamic_message.cc

..\src\google\protobuf\text_format.cc

..\src\google\protobuf\text_format.cc

..\src\google\protobuf\stubs\substitute.cc

..\src\google\protobuf\stubs\substitute.cc

..\src\google\protobuf\descriptor_database.cc

..\src\google\protobuf\descriptor_database.cc

Invalid file descriptor data passed to EncodedDescriptorDatabase::Add().

Invalid file descriptor data passed to EncodedDescriptorDatabase::Add().

..\src\google\protobuf\extension_set.cc

..\src\google\protobuf\extension_set.cc

CHECK failed: iter != extensions_.end():

CHECK failed: iter != extensions_.end():

..\src\google\protobuf\extension_set_heavy.cc

..\src\google\protobuf\extension_set_heavy.cc

inflate 1.2.5 Copyright 1995-2010 Mark Adler

inflate 1.2.5 Copyright 1995-2010 Mark Adler

deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler

deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler

1.2.5

1.2.5

CustomId: %u, %ls: %d, %u

CustomId: %u, %ls: %d, %u

- unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

- unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

.\main.cpp

.\main.cpp

CustomId: %u, %ls, %ls

CustomId: %u, %ls, %ls

D:\bdzc\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp

D:\bdzc\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp

asio.misc

asio.misc

asio.misc error

asio.misc error

Report::CReportData::PackToProtoDataItem

Report::CReportData::PackToProtoDataItem

.\ReportMgr.cpp

.\ReportMgr.cpp

val(%s):

val(%s):

Report::CReportData::PackReportData

Report::CReportData::PackReportData

..\..\Include\msg.pb.cc

..\..\Include\msg.pb.cc

datapkg.FieldsList

datapkg.FieldsList

datapkg.DataType

datapkg.DataType

datapkg.ResPonse

datapkg.ResPonse

DataReport --- Server Disable Report !!

DataReport --- Server Disable Report !!

Report::CReportClient::CanReport

Report::CReportClient::CanReport

.\ReportClient.cpp

.\ReportClient.cpp

DataReport --- ReportID %u Banned !!

DataReport --- ReportID %u Banned !!

DataReport --- AsyncReport : Not Allowed !!

DataReport --- AsyncReport : Not Allowed !!

Report::CReportClient::AsyncReport

Report::CReportClient::AsyncReport

DataReport --- AsyncReport : AddPacketToQueue cmdid=%u length=%u

DataReport --- AsyncReport : AddPacketToQueue cmdid=%u length=%u

DataReport --- AsyncReport : End

DataReport --- AsyncReport : End

DataReport --- SyncReport : Not Allowed !!

DataReport --- SyncReport : Not Allowed !!

Report::CReportClient::SyncReport

Report::CReportClient::SyncReport

DataReport --- SyncReport : begin

DataReport --- SyncReport : begin

DataReport --- SyncReport : CreateEvent

DataReport --- SyncReport : CreateEvent

DataReport --- SyncReport : AddPacketToQueue cmdid=%u length=%u

DataReport --- SyncReport : AddPacketToQueue cmdid=%u length=%u

DataReport --- SyncReport : WaitForSingleObject wait=%u

DataReport --- SyncReport : WaitForSingleObject wait=%u

DataReport --- SyncReport : WaitForSingleObject result=%d

DataReport --- SyncReport : WaitForSingleObject result=%d

DataReport --- SyncReport : End

DataReport --- SyncReport : End

DataReport::AddPacketToQueue

DataReport::AddPacketToQueue

.\PacketQueue.cpp

.\PacketQueue.cpp

DataReport::AddPacketToQueue %u records

DataReport::AddPacketToQueue %u records

Report::TransportMgr::TransportMgr

Report::TransportMgr::TransportMgr

.\TransportMgr.cpp

.\TransportMgr.cpp

DataReport::StopTransportThread 1, uiWaitTime=%u

DataReport::StopTransportThread 1, uiWaitTime=%u

Report::TransportMgr::StopTransportThread

Report::TransportMgr::StopTransportThread

DataReport::StopTransportThread 2

DataReport::StopTransportThread 2

TransportMgr::OnResponse errorcode = %d

TransportMgr::OnResponse errorcode = %d

Report::TransportMgr::OnResponse

Report::TransportMgr::OnResponse

Report::TransportMgr::LoadPacketData

Report::TransportMgr::LoadPacketData

DataReport::LoadPacketData Change file success, new filesize = %u

DataReport::LoadPacketData Change file success, new filesize = %u

DataReport::LoadPacketData Change file failed! Clear file

DataReport::LoadPacketData Change file failed! Clear file

DataReport::LoadPacketData Clear file

DataReport::LoadPacketData Clear file

DataReport::SaveAndErasePacket cache file is full!

DataReport::SaveAndErasePacket cache file is full!

Report::TransportMgr::SaveAndErasePacket

Report::TransportMgr::SaveAndErasePacket

DataReport::SaveAndErasePacket save %d records

DataReport::SaveAndErasePacket save %d records

Report::TransportMgr::SaveAndEraseQueuePacket

Report::TransportMgr::SaveAndEraseQueuePacket

DataReport::SaveAndEraseQueuePacket save %d records

DataReport::SaveAndEraseQueuePacket save %d records

DataReport::start!

DataReport::start!

Report::TransportMgr::Working

Report::TransportMgr::Working

DataReport::TransportPacket success

DataReport::TransportPacket success

DataReport::TransportPacket failed[%d], buffer is full, try save [%u] records to file!

DataReport::TransportPacket failed[%d], buffer is full, try save [%u] records to file!

DataReport::TransportPacket failed[%d], save it to buffer! buffer size = %u

DataReport::TransportPacket failed[%d], save it to buffer! buffer size = %u

DataReport::TransportPacket failed becouse of server error, we abandon it!

DataReport::TransportPacket failed becouse of server error, we abandon it!

DataReport::TransportPacket Deal Cache !!

DataReport::TransportPacket Deal Cache !!

DataReport::TransportPacket DealCacheLimit=%u LastCacheNum=%u NewCacheNum=%u

DataReport::TransportPacket DealCacheLimit=%u LastCacheNum=%u NewCacheNum=%u

DataReport::TransportPacket Decrease Limit !! DealCacheLimit=%u

DataReport::TransportPacket Decrease Limit !! DealCacheLimit=%u

DataReport::TransportPacket Increase Limit !! DealCacheLimit=%u

DataReport::TransportPacket Increase Limit !! DealCacheLimit=%u

DataReport::TransportPacket buffer size = %u

DataReport::TransportPacket buffer size = %u

DataReport::TransportPacket Load [%u] buffer Packet to Queue!

DataReport::TransportPacket Load [%u] buffer Packet to Queue!

DataReport::stop!

DataReport::stop!

DataReport::TransportPacket Begin!

DataReport::TransportPacket Begin!

Report::TransportMgr::TransportPacket

Report::TransportMgr::TransportPacket

DataReport::TransportPacket SendPacket error = %d tryCount = %d

DataReport::TransportPacket SendPacket error = %d tryCount = %d

DataReport::SendPacket Error: %d, Wait %u seconds, then try again

DataReport::SendPacket Error: %d, Wait %u seconds, then try again

DataReport::SendPacket Error: %d, MAX_TRY_COUNT return

DataReport::SendPacket Error: %d, MAX_TRY_COUNT return

DataReport::SendPacket Connect error: lost %u ms, sleep 10 s!

DataReport::SendPacket Connect error: lost %u ms, sleep 10 s!

Report::TransportMgr::SendPacket

Report::TransportMgr::SendPacket

DataReport::SendPacket success: use %u ms!

DataReport::SendPacket success: use %u ms!

DataReport::SendPacket Get Svr Response: use %u ms! errcode = %u

DataReport::SendPacket Get Svr Response: use %u ms! errcode = %u

HandleResponse Static response cnt = %d MsgType = %d errorCode = %d

HandleResponse Static response cnt = %d MsgType = %d errorCode = %d

Report::CReportResponseHandler::HandleResponse

Report::CReportResponseHandler::HandleResponse

.\ReportNetComm.cpp

.\ReportNetComm.cpp

Report::CReportNetComm::CReportNetComm

Report::CReportNetComm::CReportNetComm

hXXp://dr.zc.baidu.com

hXXp://dr.zc.baidu.com

CBDMReportNetComm::RpcRequestData CmdID=%u Length=%u

CBDMReportNetComm::RpcRequestData CmdID=%u Length=%u

Report::CReportNetComm::RpcRequestData

Report::CReportNetComm::RpcRequestData

CBDMReportNetComm::RpcRequestData Fail !!

CBDMReportNetComm::RpcRequestData Fail !!

Basic_Report

Basic_Report

Basic_BugReport

Basic_BugReport

(%d/%d)%d-d-d_d:d:d.d_%s %s_%s:%s

(%d/%d)%d-d-d_d:d:d.d_%s %s_%s:%s

(%d) d:d:d.d %s %s_%s: %s

(%d) d:d:d.d %s %s_%s: %s

{7AFAC7CE-6A89-4385-8861-5075F44ECC7F}

{7AFAC7CE-6A89-4385-8861-5075F44ECC7F}

.\Config\Config.cpp

.\Config\Config.cpp

.\Config\CompoundDoc\CompoundDoc.cpp

.\Config\CompoundDoc\CompoundDoc.cpp

SetCrypt service_id=%d url=%s

SetCrypt service_id=%d url=%s

SetServiceUrl

SetServiceUrl

.\src\Protocol\AuroraServiceImpl.cpp

.\src\Protocol\AuroraServiceImpl.cpp

InitProductParam ver=%s soft_id=%d supply_id=%d product_id=%d

InitProductParam ver=%s soft_id=%d supply_id=%d product_id=%d

.\src\Protocol\AuroraProtocol.cpp

.\src\Protocol\AuroraProtocol.cpp

1234567890111111

1234567890111111

bena::protocol::ProtobufPack::UpdateSoftParam

bena::protocol::ProtobufPack::UpdateSoftParam

\NetService.ini

\NetService.ini

ServiceUrl.%d

ServiceUrl.%d

D:\bdzc\stable_proj\include\thirdInclude\boost/property_tree/ini_parser.hpp

D:\bdzc\stable_proj\include\thirdInclude\boost/property_tree/ini_parser.hpp

key expected

key expected

duplicate key name

duplicate key name

D:\bdzc\stable_proj\include\thirdInclude\boost/property_tree/string_path.hpp

D:\bdzc\stable_proj\include\thirdInclude\boost/property_tree/string_path.hpp

thread.entry_event

thread.entry_event

thread.exit_event

thread.exit_event

.\src\Protocol\RpcClient.cpp

.\src\Protocol\RpcClient.cpp

boost thread: trying joining itself

boost thread: trying joining itself

header.proto

header.proto

.\bena\Protocol\proto\header.pb.cc

.\bena\Protocol\proto\header.pb.cc

header.proto"

header.proto"

127.0.0.1

127.0.0.1

bena::http::client::do_async_request

bena::http::client::do_async_request

D:\bdzc\BasicModule\Source\Protocol\bena/http/client.h

D:\bdzc\BasicModule\Source\Protocol\bena/http/client.h

bena::http::client::~client

bena::http::client::~client

.\src\http\client.cpp

.\src\http\client.cpp

bena::http::client::close_for_destruct

bena::http::client::close_for_destruct

bena::http::client::close

bena::http::client::close

bena::http::client::async_connect_coro

bena::http::client::async_connect_coro

async_connect_coro connect error !! error: %s

async_connect_coro connect error !! error: %s

bena::http::client::async_request_coro

bena::http::client::async_request_coro

bena::http::client::hanle_timeout

bena::http::client::hanle_timeout

error_happened error: %s

error_happened error: %s

bena::http::client::error_happened

bena::http::client::error_happened

Unsupported Media Type

Unsupported Media Type

HTTP Version not supported

HTTP Version not supported

HTTP/1.0

HTTP/1.0

HTTP/1.1

HTTP/1.1

https

https

ftpes

ftpes

ftps

ftps

tftp

tftp

% ;?:@=&,$/-_!.~*()

% ;?:@=&,$/-_!.~*()

System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

%s\Connection

%s\Connection

d:\bdzc\Basic\outputmt\binreleasemt\CheckerExe.pdb

d:\bdzc\Basic\outputmt\binreleasemt\CheckerExe.pdb

KERNEL32.dll

KERNEL32.dll

RegEnumKeyExW

RegEnumKeyExW

RegOpenKeyExW

RegOpenKeyExW

RegCloseKey

RegCloseKey

ADVAPI32.dll

ADVAPI32.dll

WS2_32.dll

WS2_32.dll

WTSAPI32.dll

WTSAPI32.dll

SHLWAPI.dll

SHLWAPI.dll

PSAPI.DLL

PSAPI.DLL

WINMM.dll

WINMM.dll

GetProcessHeap

GetProcessHeap

GetCPInfo

GetCPInfo

CreateIoCompletionPort

CreateIoCompletionPort

USER32.dll

USER32.dll

SHELL32.dll

SHELL32.dll

ole32.dll

ole32.dll

VERSION.dll

VERSION.dll

NETAPI32.dll

NETAPI32.dll

GetConsoleOutputCP

GetConsoleOutputCP

GetWindowsDirectoryW

GetWindowsDirectoryW

GetSystemWindowsDirectoryW

GetSystemWindowsDirectoryW

RegCreateKeyExW

RegCreateKeyExW

RegDeleteKeyW

RegDeleteKeyW

RegOpenKeyExA

RegOpenKeyExA

zcÁ

zcÁ

.?AV?$Singleton@VCReportMgr@Report@@$00@@

.?AV?$Singleton@VCReportMgr@Report@@$00@@

.?AVCReportMgr@Report@@

.?AVCReportMgr@Report@@

.?AVCReportData@Report@@

.?AVCReportData@Report@@

.?AVIReportMgr@Report@@

.?AVIReportMgr@Report@@

.?AVIReportData@Report@@

.?AVIReportData@Report@@

.?AV?$sp_counted_impl_p@VTransportMgr@Report@@@detail@boost@@

.?AV?$sp_counted_impl_p@VTransportMgr@Report@@@detail@boost@@

.?AVCReportClient@Report@@

.?AVCReportClient@Report@@

.?AV?$Thread@U?$BindMember0@VTransportMgr@Report@@P812@AEXPAX@Z@fund@@@fund@@

.?AV?$Thread@U?$BindMember0@VTransportMgr@Report@@P812@AEXPAX@Z@fund@@@fund@@

.?AV?$EnableIntrusive@VCReportResponseHandler@Report@@@@

.?AV?$EnableIntrusive@VCReportResponseHandler@Report@@@@

.?AVCReportResponseHandler@Report@@

.?AVCReportResponseHandler@Report@@

.?AVCReportNetComm@Report@@

.?AVCReportNetComm@Report@@

.?AV?$enable_shared_from_this@Vclient@http@bena@@@boost@@

.?AV?$enable_shared_from_this@Vclient@http@bena@@@boost@@

.?AVclient@http@bena@@

.?AVclient@http@bena@@

.?AVrequest@http@bena@@

.?AVrequest@http@bena@@

.?AVheader@http@bena@@

.?AVheader@http@bena@@

.?AV?$bind_t@XV?$mf5@XVRpcClient@protocol@bena@@ABVresponse@http@3@Vconst_buffer@asio@boost@@IVerror_code@system@8@H@_mfi@boost@@V?$list6@V?$value@V?$shared_ptr@VRpcClient@protocol@bena@@@boost@@@_bi@boost@@U?$arg@$00@3@U?$arg@$01@3@U?$arg@$02@3@U?$arg@$03@3@V?$value@H@23@@_bi@3@@_bi@boost@@

.?AV?$bind_t@XV?$mf5@XVRpcClient@protocol@bena@@ABVresponse@http@3@Vconst_buffer@asio@boost@@IVerror_code@system@8@H@_mfi@boost@@V?$list6@V?$value@V?$shared_ptr@VRpcClient@protocol@bena@@@boost@@@_bi@boost@@U?$arg@$00@3@U?$arg@$01@3@U?$arg@$02@3@U?$arg@$03@3@V?$value@H@23@@_bi@3@@_bi@boost@@

.?AV?$service_base@V?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@@detail@asio@boost@@

.?AV?$service_base@V?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@@detail@asio@boost@@

.?AV?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@

.?AV?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@

.?AV?$service_base@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@

.?AV?$service_base@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@

.?AV?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@

.?AV?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@

.?AV?$sp_counted_impl_p@V?$vector@V?$basic_resolver_entry@Vtcp@ip@asio@boost@@@ip@asio@boost@@V?$allocator@V?$basic_resolver_entry@Vtcp@ip@asio@boost@@@ip@asio@boost@@@std@@@std@@@detail@boost@@

.?AV?$sp_counted_impl_p@V?$vector@V?$basic_resolver_entry@Vtcp@ip@asio@boost@@@ip@asio@boost@@V?$allocator@V?$basic_resolver_entry@Vtcp@ip@asio@boost@@@ip@asio@boost@@@std@@@std@@@detail@boost@@

.?AV?$typeid_wrapper@V?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@@detail@asio@boost@@

.?AV?$typeid_wrapper@V?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@@detail@asio@boost@@

.?AV?$typeid_wrapper@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@

.?AV?$typeid_wrapper@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@

.?AVresponse@http@bena@@

.?AVresponse@http@bena@@

1,2r2

1,2r2

42696@6_6

42696@6_6

7*8084888

7*8084888

? ?$?(?,?0?4?~?

? ?$?(?,?0?4?~?

1 1$1(1,1

1 1$1(1,1

1 2

8 8$8(8,8084888
8%9x9
8 8$8(8,808
Firefox
Opera
Chrome
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
http\shell\open\command
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
explorer.exe
subkey(%d):
pkey(%d):
val(%d):
a
@CanReport
BanReportID
TransportMgr create
rpt.dat
TransportMgr CacheFileName=%s
DataReport::LoadPacketData Read %s failed, error=%u!
DataReport::LoadPacketData Read %s success, but the file is empty!
DataReport::LoadPacketData Read %s success, filesize = %u
DataReport::LoadPacketData Read %s success, get %d records!
pCReportNetComm create
uGlobal\{17ED6DA0-0902-461c-B763-F00FF209066B}
Global\{FA6FBBB1-8C8E-43b1-B8EC-35573A94C231}
Global\{599D3D74-AA1A-4473-A004-B724A8018505}
t%d.dat
bbservice.exe
UtilsDll.dll
%u.%u.%u.%u
---COMPOUDDOC---pStream->Stat error %x
---COMPOUDDOC---pStream->Write error %x
---COMPOUDDOC---pStream->SetSize error %x
APack addr=%p split_value=%d uid=%I64u
Init SoftParam local_ver=%d g_ver=%d
Init AccountParam local_ver=%d g_ver=%d
InitRequestPortoHeader sig_len=%d split_value=%d uid=%I64u
InitRequestPortoHeader Clear AccountParam
Update AccountParam local_ver=%d g_ver=%d
UpdateAccountParam sig_len=%d split_value=%d uid=%I64u
UpdateSoftParam local_ver=%d g_ver=%d
~RpcClient request_times=%d timeout_times=%d internal_req_times=%d
tRpcClient request_times=%d
AsyncRpcRequest serviceID=%d msgType=%d seq=%d
HandleRecv UnpackOK !! serviceID=%d msgType=%d seq=%d error=%d transfer_costtime=%d
HandleRecv Unpack Error !! serviceID=%d error=%d
HandleRecv CallBack !! serviceID=%d msgType=%d seq=%d error=%d callback_costtime=%d
eHandleRecv CallBack !! serviceID=%d msgType=%d error=%d callback_costtime=%d
tRpcClient timeout_times=%d
client internal_req_times=%d
close_for_destruct session=%d
close session=%d
async_request_coro send request !! seqno=%d
\StringFileInfo\xx\FileVersion
Kernel32.dll
Software\Microsoft\Windows NT\CurrentVersion\Time Zones\
Software\Microsoft\Windows NT\CurrentVersion\ProfileList\
Software\Microsoft\Windows NT\CurrentVersion\Print\
Software\Microsoft\Windows NT\CurrentVersion\Ports\
Software\Microsoft\Windows NT\CurrentVersion\Perflib\
Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\
Software\Microsoft\Windows NT\CurrentVersion\Language Pack\
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Software\Microsoft\Windows NT\CurrentVersion\Gre_Initialize\
Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\
Software\Microsoft\Windows NT\CurrentVersion\Fonts\
Software\Microsoft\Windows NT\CurrentVersion\FontMapper\
Software\Microsoft\Windows NT\CurrentVersion\FontLink\
Software\Microsoft\Windows NT\CurrentVersion\FontDpi\
Software\Microsoft\Windows NT\CurrentVersion\Console\
Software\Microsoft\Windows\CurrentVersion\Telephony\Locations\
Software\Microsoft\Windows\CurrentVersion\Setup\
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\
Software\Microsoft\Windows\CurrentVersion\Policies\
Software\Microsoft\Windows\CurrentVersion\Group Policy\
Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap\
Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\
Software\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes\
Software\Microsoft\Windows\CurrentVersion\App Paths\
Software\Microsoft\SystemCertificates\
Software\Microsoft\EnterpriseCertificates\
system32\winlogon.exe
\Global.db
iphlpapi.dll
C\\.\PhysicalDrive%d
\\.\Scsi%d:
%Documents and Settings%\%current user%\AppData\Local\Baidu\BaiduClient\1.6.200.359\CheckerExe.exe
%Documents and Settings%\All Users\Application Data\Baidu\bbservice\Config\
1, 1, 0, 2
3R3t3>