Trojan.Win32.Alureon.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 6357de48decaabd2c155aa99c8ce6cd3
SHA1: fd807fceebbc89d806677fa26bf5d840fba9d213
SHA256: af40252d51084b3f668260473f7e02f562fe1b7a267edcc9386e5457fd3b6b3f
SSDeep: 49152:VXpA9ybBzY5284GZ5c1 powpl wY b84/La:VtbBc5hnXoy 61W
Size: 1766344 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2012-02-24 21:19:59
Analyzed on: WindowsXPESX SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
vcredist_x86.exe:608
MsiExec.exe:680
The Trojan injects its code into the following process(es):
%original file name%.exe:1344
services.exe:760
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:1344 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x64\bd00021.sys (218 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDAFileHelper1.exe (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmpatcherplugins\BDMPatcher.dll (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\GCCommunicate.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\tmpmdszir.dll (29256 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\GCScriptBind.dll (3815 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\BDMPatcherPlugin.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SWManager.rdb (1812 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\homepage.ini (361 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (32 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_second_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOTraceConfig.xml (9 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsusplugins\BDMNetMonSusPlugin.dll (3721 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\BDMWrench.sys (122 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\Pizmdb.7z (213482 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_4_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\MainframePluginContainerConfig.xml (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SafePlugin.rdb (4 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\Mainpage.rdb (3831 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDMTips.rdb (183 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\scan_mgr_config.dat (2 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_8_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\BDMSafePlugin1.dll (6420 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDKV1.rdb (29 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\CompatibilityChecker.dll (140 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Bkfg.dll (3811 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BaiduAnBugRpt.exe (6437 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\Unknownfile.rdb (48 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDSWShellExt64.dll (3664 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\EnhanceBoost.dll (275 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SYSAccMgrDll.dll (3761 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDMSetting.rdb (85 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMSWParseDetect.dll (1613 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDKVLogs.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_1_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMPatchAgent.dll (37 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SYSCleaner.dll (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMNetGetInfo.dll (11344 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\DriverManager.dll (119 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDNetMisc.dll (67 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x86\BDArKit.sys (91 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDMTray.rdb (20 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMMsg.dll (49 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\GlobalPluginInfo.xml (25 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDLogicUtils.dll (3833 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMSOCleanerTrayPlugin.dll (3757 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\BDMNetMonMgrDll.dll (62 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_class_filter.db (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bd0001.dll (131 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bd0002.dll (1749 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x86\BDMNetMon_XP_x86.sys (95 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMNet.dll (3024 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\blacksign.dat (537 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\NetService.ini (590 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (1209 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\TrustAndIso.dll (262 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\SWCatalogDataItem.xml (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x64\BDArKit.sys (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\tgqdy.dll (4 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\{F5E93978-539C-476B-9A7B-B6C32025A557}.png (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmkvscanplugin\BDMKVScanPlugin.dll (3745 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\LocalPluginInfo.xml (14 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\uninst.exe (9606 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\tgqdy.dll.bdl (620140 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\websafe\WebSafe.dll (6428 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\BDMSOLiveAccDataMgr.dll (168 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\RTPPlugins\HIPS.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Download\bddownloader.exe (7972 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMReport.dll (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMStringUtils.dll (66 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMScriptVM.dll (213 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\BDMRepMgr.dll (3733 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\BDMSOLiveAccStrategyMgr.dll (107 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SusPlugin.rdb (163 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\licenses\directui license.txt (593 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\virus_type.dat (485 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_7_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_9_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOSilentCleanerConfig.dat (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\33f59beac1c942dd19f41a7fd30f3f9b.bdt (647 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_repairproperty.dat (2 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (24 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\Patcher.rdb (143 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMUpdate.dll (3729 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\68905108990c088c31aead3b6d1651be.bdt (519 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Download\bdcomproxy.dll (70 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMBase.dll (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsusplugins\BDMSOAccSusPlugin.dll (3737 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca (3820 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerConfig.dat (6 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\BDMSWManagerFrame.dll (3725 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMMainFrame.dll (9606 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\BDAVCache.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SysOptDict.dat (4 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMSusPlugin.dll (3745 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\BDMSysFixerPlugin.dll (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDCooly.dll (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMSkin.dll (36698 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_3_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMTinyXml.dll (181 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMSOAccTrayPlugin.dll (3733 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\CommonRes.rdb (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\HotPlugins.xml (386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\GameNoDisturb.ini (215 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SysFixer.rdb (87 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\BDMSOLiveAccEngine.dll (111 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\RTPPlugins\RtpContainerConfig.xml (474 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_blank_speed.png (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDLogicUtils.dll.bdl (40821 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BaiduAnTray1.exe (12289 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SORegCleanerConfig.dat (900 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x64\BDMNetMon_WIN7_x64.sys (109 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\hu.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMDownload.dll (5520 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_acc.dat (3 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerPreScan.dat (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_minute_speed.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\System.dll (784 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\BDMProcessRunningTime.dll (82 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMFrameWork.dll (271 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerScript.dat (58 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\vcredist_x86.exe (17629 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMNet.dll (6392 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\BDEnhanceBoost.sys (59 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\BDMSOManagerPlugins\BDMSOCleanerPlugin.dll (15801 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BaiduAnSvc1.exe (7972 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDASWAcc.exe (46 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDSWShellExt.dll (1720 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDMUpdate.rdb (1630 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\app.ico (1623 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\BDMKVMainPlugin.dll (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_6_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SOManager.rdb (1741 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\RTPPlugins\BDMSOAccServicePlugin.dll (1859 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_2_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BaiduAn1.exe (1683 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmswmanagerplugins\BDMSWManagerView.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOTraceCleanerConfig.dat (5 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Download\dl.dll (12289 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\KVCommonRes.rdb (109 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmpatcherplugins\PatcherContainer.xml (563 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMTips.exe (3743 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMSkin.dll (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SiteInspection.rdb (1868 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\BDMCoolyPlugins\BDMCoolyContainerConfig.xml (465 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\Softmgr.rdb (690 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x86\bd00021.sys (206 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\SysFixer.dll (267 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDALeakfixer.exe (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\sd\BDLogicUtils.dll (3832 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\SysFixerLuaScript.dat (145 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\sd\FileMon.dll (7972 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerCheckItem.dat (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsusplugins\SusPluginContainerConfig.xml (605 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\PluginSetup.xml (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\804.dat (3 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMTrayTipsPlugin.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMDownload.dll (324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\dl.dll (65930 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\systemfile.dat (3 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOGarbageCleanerConfig.dat (12 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\pluginUnit.dat (727 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\BDMCoolyPlugins\BDMSOAccCoolyPlugin.dll (1834 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmkvscanplugin\BDMKVScanPluginContainerConfig.xml (380 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_5_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\PluginManager.dll (6359 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x86\bd0001.sys (70 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMSWNestCore.dll (6428 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\3d47db2aaf2f15af6b0fdabd9474d2cd.bdt (3 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SysAccelerator.rdb (1742 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMCommon.dll (1609 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\ad.dll (6379 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SysAccLiveStrategy.dat (93 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x86\BDMNetMon_WIN7_x86.sys (94 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_property.dat (267 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_extlist.dat (3 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x64\bd0001.sys (160 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\licenses\duilib license.txt (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_0_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOHomePageCleanerConfig.dat (12 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BaiduAnUpdate.exe (7972 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SOTurbo.rdb (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nswB3.tmp (110649 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\BDMSOManagerPlugins\BDMSOAcceleratorPlugin.dll (6424 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Download\7z.dll (1652 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\TrayPluginContainerConfig.xml (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\SysRepLib.dat (22 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BP.dll (30058 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\kav_compatible.dat (25 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMWindowsLib.dll (99 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\GCCallbackBind.dll (24 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\SysFixerConfig1.dat (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmpatcherplugins\BDMConnect.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\SafePluginContainerConfig.xml (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\StartupDict.dat (1783 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\KVMain.rdb (55 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\bduf.dll (3823 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\BDMAVEng.dll (6420 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDMTray\TrayPlugin.rdb (3 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\BDKitUtils.dll (62 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\SysFixerXMLScript.dat (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\res\onlineWnd.zip (14184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\f2d00606824cd42a1c03eb9caa15e29f.bdt (631 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\BDMRepBase.dll (3897 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDASoftmgr1.exe (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bg_tips_speed_win8.png (4 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\patch\publish.db (30058 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOGarbageConfig.xml (14 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_appassext.dat (2 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\PluginManager\PluginConfig.db (12289 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SORegCleanerScript.dat (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMReport.dll.bdl (30090 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMNet.dll.bdl (28543 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOPluginCleanerConfig.dat (442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\hips.xml (1 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsrB2.tmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (0 bytes)
The process vcredist_x86.exe:608 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\vcredis1.cab (6255 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\vcredist.msi (42423 bytes)
Registry activity
The process %original file name%.exe:1344 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCR\metnsd\clsid]
"SequenceID" = "C0 0D FA 98 20 1D 52 4B 80 2D EE 6D 5E F0 97 3B"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c14c4f6-74da-11e2-81b0-000c29ec7fc5}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225]
"vcredist_x86.exe" = "IExpress Setup"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "96 28 3F 62 06 8E 80 B0 6B 21 28 48 61 6C 94 39"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\C:]
"%original file name%.exe" = "C:\%original file name%.exe:*:Enabled:百度å«士在线安装程åºÂÂ"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:]
"%original file name%.exe" = "C:\%original file name%.exe:*:Enabled:百度å«士在线安装程åºÂÂ"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp]
"tgqdy.dll" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\tgqdy.dll:*:Enabled:百度å«士安装程åºÂÂ"
The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp]
"tgqdy.dll" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\tgqdy.dll:*:Enabled:百度å«士安装程åºÂÂ"
The process vcredist_x86.exe:608 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AF 62 14 35 1A 3B 4B 2A BA 06 FA D8 56 18 32 DF"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0" = "rundll32.exe %System%\advpack.dll,DelNodeRunDLL32 C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\"
The process MsiExec.exe:680 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B6 55 7A 94 6F 8A 81 89 4D F5 2F 3B 4A 4F 08 6B"
Dropped PE files
MD5 | File path |
---|---|
44edff85d12e091f0b129f05a3f2a042 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\BDLogicUtils.dll |
d184763cb4e62d531193978de7b82db2 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\BDMDownload.dll |
c8b0dca29d7b9aff1b801af86212c586 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\BDMNet.dll |
12f98be1d919784370eb0f87e78b60d8 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\BDMNetGetInfo.dll |
30cbc602ada7cdfb0346038c05996d84 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\BDMReport.dll |
b540a866191f7fd20f5e6355bc2b094e | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\BDMSkin.dll |
f52eb281e29da8065e18805617ac2cbc | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\System.dll |
763b532d651f0ad5e135d9b57bf4fba4 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\dl.dll |
ebfe7c9594e300bb0c16e7bb99a7e66d | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\hu.dll |
f32de2a845f461e07a95656fa0873b92 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\tgqdy.dll |
f728bab4ed737e85ad5134c5a3b8c359 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\tmpmdszir.dll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
vcredist_x86.exe:608
MsiExec.exe:680 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x64\bd00021.sys (218 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDAFileHelper1.exe (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmpatcherplugins\BDMPatcher.dll (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\GCCommunicate.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\tmpmdszir.dll (29256 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\GCScriptBind.dll (3815 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\BDMPatcherPlugin.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SWManager.rdb (1812 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\homepage.ini (361 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (32 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_second_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOTraceConfig.xml (9 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsusplugins\BDMNetMonSusPlugin.dll (3721 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\BDMWrench.sys (122 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\Pizmdb.7z (213482 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_4_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\MainframePluginContainerConfig.xml (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SafePlugin.rdb (4 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\Mainpage.rdb (3831 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDMTips.rdb (183 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\scan_mgr_config.dat (2 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_8_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\BDMSafePlugin1.dll (6420 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDKV1.rdb (29 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\CompatibilityChecker.dll (140 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Bkfg.dll (3811 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BaiduAnBugRpt.exe (6437 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\Unknownfile.rdb (48 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDSWShellExt64.dll (3664 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\EnhanceBoost.dll (275 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SYSAccMgrDll.dll (3761 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDMSetting.rdb (85 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMSWParseDetect.dll (1613 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDKVLogs.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_1_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMPatchAgent.dll (37 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SYSCleaner.dll (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMNetGetInfo.dll (11344 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\DriverManager.dll (119 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDNetMisc.dll (67 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x86\BDArKit.sys (91 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDMTray.rdb (20 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMMsg.dll (49 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\GlobalPluginInfo.xml (25 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDLogicUtils.dll (3833 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMSOCleanerTrayPlugin.dll (3757 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\BDMNetMonMgrDll.dll (62 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_class_filter.db (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bd0001.dll (131 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bd0002.dll (1749 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x86\BDMNetMon_XP_x86.sys (95 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMNet.dll (3024 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\blacksign.dat (537 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\NetService.ini (590 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (1209 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\TrustAndIso.dll (262 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\SWCatalogDataItem.xml (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x64\BDArKit.sys (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\tgqdy.dll (4 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\{F5E93978-539C-476B-9A7B-B6C32025A557}.png (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmkvscanplugin\BDMKVScanPlugin.dll (3745 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\LocalPluginInfo.xml (14 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\uninst.exe (9606 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\tgqdy.dll.bdl (620140 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\websafe\WebSafe.dll (6428 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\BDMSOLiveAccDataMgr.dll (168 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\RTPPlugins\HIPS.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Download\bddownloader.exe (7972 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMReport.dll (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMStringUtils.dll (66 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMScriptVM.dll (213 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\BDMRepMgr.dll (3733 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\BDMSOLiveAccStrategyMgr.dll (107 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SusPlugin.rdb (163 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\licenses\directui license.txt (593 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\virus_type.dat (485 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_7_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_9_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOSilentCleanerConfig.dat (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\33f59beac1c942dd19f41a7fd30f3f9b.bdt (647 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_repairproperty.dat (2 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (24 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\Patcher.rdb (143 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMUpdate.dll (3729 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\68905108990c088c31aead3b6d1651be.bdt (519 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Download\bdcomproxy.dll (70 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMBase.dll (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsusplugins\BDMSOAccSusPlugin.dll (3737 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerConfig.dat (6 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\BDMSWManagerFrame.dll (3725 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMMainFrame.dll (9606 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\BDAVCache.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SysOptDict.dat (4 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMSusPlugin.dll (3745 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\BDMSysFixerPlugin.dll (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDCooly.dll (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMSkin.dll (36698 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_3_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMTinyXml.dll (181 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMSOAccTrayPlugin.dll (3733 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\CommonRes.rdb (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\HotPlugins.xml (386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\GameNoDisturb.ini (215 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SysFixer.rdb (87 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\BDMSOLiveAccEngine.dll (111 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\RTPPlugins\RtpContainerConfig.xml (474 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_blank_speed.png (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDLogicUtils.dll.bdl (40821 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BaiduAnTray1.exe (12289 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SORegCleanerConfig.dat (900 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x64\BDMNetMon_WIN7_x64.sys (109 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\hu.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMDownload.dll (5520 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_acc.dat (3 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerPreScan.dat (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_minute_speed.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\System.dll (784 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\BDMProcessRunningTime.dll (82 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMFrameWork.dll (271 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerScript.dat (58 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\vcredist_x86.exe (17629 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMNet.dll (6392 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\BDEnhanceBoost.sys (59 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\BDMSOManagerPlugins\BDMSOCleanerPlugin.dll (15801 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BaiduAnSvc1.exe (7972 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDASWAcc.exe (46 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDSWShellExt.dll (1720 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDMUpdate.rdb (1630 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\app.ico (1623 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\BDMKVMainPlugin.dll (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_6_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SOManager.rdb (1741 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\RTPPlugins\BDMSOAccServicePlugin.dll (1859 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_2_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BaiduAn1.exe (1683 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmswmanagerplugins\BDMSWManagerView.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOTraceCleanerConfig.dat (5 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Download\dl.dll (12289 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\KVCommonRes.rdb (109 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmpatcherplugins\PatcherContainer.xml (563 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMTips.exe (3743 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMSkin.dll (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SiteInspection.rdb (1868 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\BDMCoolyPlugins\BDMCoolyContainerConfig.xml (465 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\Softmgr.rdb (690 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x86\bd00021.sys (206 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\SysFixer.dll (267 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDALeakfixer.exe (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\sd\BDLogicUtils.dll (3832 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\SysFixerLuaScript.dat (145 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\sd\FileMon.dll (7972 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerCheckItem.dat (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsusplugins\SusPluginContainerConfig.xml (605 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\PluginSetup.xml (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\804.dat (3 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMTrayTipsPlugin.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMDownload.dll (324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\dl.dll (65930 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\systemfile.dat (3 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOGarbageCleanerConfig.dat (12 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\pluginUnit.dat (727 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\BDMCoolyPlugins\BDMSOAccCoolyPlugin.dll (1834 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmkvscanplugin\BDMKVScanPluginContainerConfig.xml (380 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_5_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\PluginManager.dll (6359 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x86\bd0001.sys (70 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMSWNestCore.dll (6428 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\3d47db2aaf2f15af6b0fdabd9474d2cd.bdt (3 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SysAccelerator.rdb (1742 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMCommon.dll (1609 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\ad.dll (6379 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SysAccLiveStrategy.dat (93 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x86\BDMNetMon_WIN7_x86.sys (94 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_property.dat (267 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_extlist.dat (3 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x64\bd0001.sys (160 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\licenses\duilib license.txt (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_0_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOHomePageCleanerConfig.dat (12 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BaiduAnUpdate.exe (7972 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SOTurbo.rdb (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nswB3.tmp (110649 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\BDMSOManagerPlugins\BDMSOAcceleratorPlugin.dll (6424 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Download\7z.dll (1652 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\TrayPluginContainerConfig.xml (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\SysRepLib.dat (22 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BP.dll (30058 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\kav_compatible.dat (25 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMWindowsLib.dll (99 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\GCCallbackBind.dll (24 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\SysFixerConfig1.dat (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmpatcherplugins\BDMConnect.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\SafePluginContainerConfig.xml (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\StartupDict.dat (1783 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\KVMain.rdb (55 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\bduf.dll (3823 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\BDMAVEng.dll (6420 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDMTray\TrayPlugin.rdb (3 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\BDKitUtils.dll (62 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\SysFixerXMLScript.dat (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\res\onlineWnd.zip (14184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\f2d00606824cd42a1c03eb9caa15e29f.bdt (631 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\BDMRepBase.dll (3897 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDASoftmgr1.exe (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bg_tips_speed_win8.png (4 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\patch\publish.db (30058 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOGarbageConfig.xml (14 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_appassext.dat (2 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\PluginManager\PluginConfig.db (12289 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SORegCleanerScript.dat (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMReport.dll.bdl (30090 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMNet.dll.bdl (28543 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOPluginCleanerConfig.dat (442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\hips.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\vcredis1.cab (6255 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\vcredist.msi (42423 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0" = "rundll32.exe %System%\advpack.dll,DelNodeRunDLL32 C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name:
Product Name:
Product Version: 1.0.385.633
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 1.0.385.633
File Description:
Comments:
Language: Chinese (Simplified, PRC)
Company Name: Product Name: Product Version: 1.0.385.633Legal Copyright: Legal Trademarks: Original Filename: Internal Name: File Version: 1.0.385.633File Description: Comments: Language: Chinese (Simplified, PRC)
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 28432 | 28672 | 4.50399 | f569e353af0ed51bf4c216faa9bed4e7 |
.rdata | 32768 | 10898 | 11264 | 3.04561 | 91eee43954e068e650f7b73a8b0e6915 |
.data | 45056 | 425660 | 512 | 1.02085 | db9f7acbf1c3ddfe255077b699955dfa |
.ndata | 471040 | 610304 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
.rsrc | 1081344 | 23536 | 23552 | 3.58455 | ca33c34b6d496334ebf60c8854c0207f |
.reloc | 1105920 | 3978 | 4096 | 3.79583 | 5dfbb8318f00f7e72ed7b2505c450360 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://baidubrs.dlmix.glb0.lxdns.com/client/dllw5/BDLogicUtils.dll | |
hxxp://baidubrs.dlmix.glb0.lxdns.com/client/dllv5/BDMReport.dll | |
hxxp://baidubrs.dlmix.glb0.lxdns.com/client/dllws/BDMNet.dll | |
hxxp://sxsw.n.shifen.com/ | |
hxxp://swdownload.jomodns.com/sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll | |
hxxp://dlsw.baidu.com/sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll | 180.76.22.47 |
hxxp://dl1sw.baidu.com/client/dllw5/BDLogicUtils.dll | 8.37.234.9 |
hxxp://dl1sw.baidu.com/client/dllws/BDMNet.dll | 8.37.234.9 |
hxxp://s.x.baidu.com/ | 180.76.2.46 |
hxxp://dl1sw.baidu.com/client/dllv5/BDMReport.dll | 8.37.234.9 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=22282240-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:18:53 GMT
Content-Type: application/x-msdownload
Content-Length: 7265104
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29678
Content-Range: bytes 22282240-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
.^...Y......l......d............xB....G9...SN..s...U..hM....:..z>=.....2....{Z6."...mo..e.^.F.c....=K/.Pn....TC.VpJ...X....Pl.....`3.......!...C...9..y........B.{.Mn..jI.1.QM.o.z..C:g...*..U.(./I........q'.. P.`..q6...3...............8.....t.{oH.$..u..).I..6H.K..7[..zzRWW..|iMh...\... ......2......$W.8....N NG...$.H..qA|q....1...8....a...../.*d...R.........,....<..h...7u/.....8.<nhYp....,.tIHF.sz.....`.Q..?.Y_.I..-..[.2..c...4t...5!.......J.^..O.r/..I....6l*z...n.:.o.F..Q...<..*QA......l.3..........He....8.....Q..9Q.&....I7.>.$F.-..V.O.R|...2..... .U.... .~.G.^..'..z<.._j.........k.o...........!d..(..O.{..J...?.3D.k......C.\.p..T..... :L..TGd .t..jS......o.So.A.M....K4......rT/_.m..:..O$..k..........t.}81...Wb|..X.P.B..N....9..h../%~.C.pp.9..0..C/.&......oL..@....TS#7.A.sY.*....u...o.......x...O.9..L?c.R.&wH._....0T.t..x..n.d....)....^I.....6 .:K.Q..dm...U.-.H.!2.\|..T.....F&.....Ut........s..>..).L...&...u.C.D.KSoo...,..}b.d.....YV....rD.QR..m.) P.. |....8..3.."...$......!.S..Y......=..=.............._.]..."..%....f........D.}p..F.; R.....|.b....b.....#..............R./..../.......k.)-];.:&..5.1.....[?.@..H.j.OSh...Y..T.E..:..Q.>.*G>.e......D]../.Z...&..#..e"..n.}.....b.=.......a^...L......Q.x....h)Sar.N.%.k..8DT&).{..o*v.T/...V.....B....6.k.3.t...%X..k....[<...F...C;..}..U.o..m.......4....R:.z.7a...%G..5......../.L&F.m@..zQ............l5... ..>..l..E.0}^w....P..;9../....h..6 ...^.5..98./..H..8...}.]7...{....~.x........7]..[..6..t...w....h.[..Xv......K...v..c0.N.a..}zIes.!.....
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=28180480-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:28 GMT
Content-Type: application/x-msdownload
Content-Length: 1366864
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29713
Content-Range: bytes 28180480-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
.0...d]Z7.....BmG.g~.@. ....,{}..j....x4...Xur...{..ru.B.....a..Xs..W`._.>.......No.,a\%i...@....b.K..6.^,..pTJ.]u.....l}S.N..j.g....y(.u.9...3.ma...Tz.|...A..TuO.....85M...C............T...Ok..H.Nk;.c.)....b....4...A.D...X.'..^a..!7.hk:X<.h.J.H.....).e.........7....?.8.C......=.q(t.....>.m_....@..@?;.3..v.]..2..T3-.t[*:.#.>..<..&=....R.k...q....y..@.c%.4..X.a.z......g..)....;!.U\.U..X]_..0.8^..1...{......\....pI.....fA..3..>m...2r....-....f.}...F..k.>.....n.{?...v.....o%.!.a@#..|\.^.........d.... :yl^...@.~.k.$t;.2!n.*...m...v........P...z... ....@.'..Q.t.J...{..W...3.~...8Fm.J...vM\(..4......]........{..^.S..i.C.Y..Sk}D............7.,t..s...s......o...6....\..j......"r....Q|q......M....P..V!.....n%ux.c....t4...AA&..p."H..<0Q......s..K.....E.. ..L5...?.7....Z...l,?...S.....0..[X.N)....ky...%n. .1.e.ju|.9.....$.b.8.9MN..O..\.r.S.Jk.y.n.5o..`.......e.mX`?..Z.a@...D4.......r.....4.z.[f\[..u..j.1Fm..[9.).......,OQ7...q...E.t........~0uVs.....?..75..../...)..?..e.V.sx......&....C..f"q)xc).%..W........u.gl4.... 5R..r......#...;......g.<|.U~>.<..zS.vS.. .....#.R.cB.J))..}...0.fr...........H}..vK-...&.3..-.:...wk.......ui0..j....."....9....-_.J......C>....B..:l.Q...h.J..k.x.|....5..&.}z..dW.."..|v{}Q.............BB..=S*.|0......#[...M3\..,p....x5.l....... <f.....1...W......i[..g..b..<4.,../39MA....M.GM.....]....?....g......C|....7n\G......@..l.....x....l..q_......#..lc..f..... .u.......]%..L.i...j...w...<.#...._Q.~......,us]... ..jC..5$...<..u.V#.oy.~a....<8s..2...;y;
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=27525120-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:24 GMT
Content-Type: application/x-msdownload
Content-Length: 2022224
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29709
Content-Range: bytes 27525120-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
"3.,..0N..$nTU{...2.......a%......7........p....t..Fl_...)...=...of.R.:...P...9......k.h......6.db....y....>.6....!c."$.W.j..}...~.....K.V...>C.6.. ..F..l...d.s..!.@.er.P......n2...$..d7N.}...^U....t....F..c...l...id?...._.....##.......\!......-..w...{.0#..6.....6.d...pEF4......... F.Ask..%.g.s.u...?.....1]p9..g-.&.J..8,.Z%_.Oa..z(....D.a.X..,.-*..L...U.K.y..M(.....1.....*...x.u..5H...6I.!E.n..9.l........."!.....rS ce....q ....Ja...CK.?_#..o.nr...v.. .....2R...........&.}>.......j,?Aj..m&..U".Lg..K..dx.Xw.4.I.(].....f9c.M(S..#....[2k!.....6..J.9..?.a.....:..Z..s...u...K$.....4.|....1].c]- ;.S..vM....V...8.d....w:....q.....c...\.8...m^............m..<.G...`..4f.~.an.U.s.0..<a.5...._2.S)y.,.......x.........9...............)...IglN..lifk.TjAO._....W...".uT....AS.......w.F3.=.|......^.W.....e(..g.$\A.1.rqh.@...82.G.%....p..~.lP......BH|..6&.[.r.XQ..9 p...... .3.......z.X....:.e.=G..m.....d`G...\ .?..l...1..<.J,d]...1.j.@."T..!...N...C..E..#....,#gl.%.............7.W......].._..%..2..p..e.)j.@S4.OI5@.7[a.....X..*.$....../"......Fd`....QI..z...9uy.k....sB.0.O.......PZ..}.......28`3y.nv...2...$#Sd.......x ...^N.s......QY.sj.e...o..c...F..9.R.. y-%...c/. ....|.Vc....Y[H...}....Yb..Y.F.....u.v.1..a..P-.rc'....<[u.z....q.MG}.t.....Tr.w....Bg..^R.~.....LZ....^M=`....7V{....`....L.FC.My......mM...${..\....@...y...&..F.....~=..ym&.S.....2.5$!.fQ d.w.<,....m....X...<.|.."PU'...P...Z.B..].b....Q ...f.t.....7...6NN....cvl....w5...#..n`.b...!...A.........gK.U..@.Xv....6.1Q..._.2...t8.c.5.2...........j
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=26214400-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:18 GMT
Content-Type: application/x-msdownload
Content-Length: 3332944
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29703
Content-Range: bytes 26214400-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
.^..j`.$...G..lC.W...aBs.>.*?.l.Z.C..3....E...L.O.%I.7(f..G{....v.......~.>.............$.......P.;.........b").....z.......%..*<...k..u.;..r..\.Sk..3".@.....]....&...(.m..'(..a........"}rw...2.@...b...;&......A8W.4....K...fT~B..[.v...Y-d.@..!.-7.._...;...P..Hy.Og.!.k..A.'..MH...x....<Y$w...Ih.t.......98....... Mo.g@.{G.gK.(....W._..Y.e..l.k..%.!qVDt8?.... .RH...._..j..O........JP.e_~...}....aZ3.V.i[.Ft.....4..$.".b...J%p.....W.S..=.E...P!..c~..."...a.|o.vBT!<K.."%..}.1..f.\HH.....T'........9u..'.X.....0).....R...->..,..v.W...X..".B..IhF...D..%c....q;.BY /..`t.:....Y($.^..w.A..*$..2@.....4.1N......H....W0.dk......2....H..5.D(n2.(.).E~....... ......sT.... .,7......,.U.!.N..*.``u...........1_./.<.{...D.t..[.IZK.D..s..s..~.6...h...\.uvq.x.#8....)GW..0.....y!'.fc.G ....".........X..>..u..s....|.r..I$U....UHi.j..'p..z....m...K%f.".'...k.j?.F...o...Q..Fm.......M.....b....%Ma3)C.D.....x...._.y....q....Y...%'i.tL......1. ....#AE..u.q.B..D..0.?H..3....I.V.N..}....a..a...........*.d........|..M.?..*.....t'F.s*.n.y@P}..&........~...*S...|>u"..`...R ...4.,......?.....F%.I}...v....."|.QT#"6.=.Gz..4..!.Z...."..]F.`\(p......>..dbF..~q.R7..|6.d...]...2.g.&....=.;..P.33q.}N.3...%.)..y..V(._#6L..6...%3..2r....T.>B..._.>L...T...>.....J.Z..*Y@u..0.....tNQX.4L......a.........?I...q?.RD'.-.s.y..qy...RJx^z.....zx3..\..".....^...p......3.^..T.^A.....q.6....v-.....[2T......._..&.....-....j....wt...L...>.,...(.88......6d....y........<............|g.n3...U.x....F..N..a......hV..C.{-e...{.(E.&g
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=26869760-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:21 GMT
Content-Type: application/x-msdownload
Content-Length: 2677584
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29706
Content-Range: bytes 26869760-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
./{..K8*.MS...9C......_...@..k..e.......^.g.*v. ...O......%.....!....../Z..|....?>..E......{|......L...l.,.f..I.%JZ... .....)...ye..t\..F.' ....Q{dKZp...@W4.....4Q4...O.8L.t.......~J[.}.h).....b.%.C.~i..Rd.{.-.......\....~..../...........ap....J........{%io...q...]....F.0.....F....4...j.M...d.Q.......r.5.` 1l..4..po^_.>q.m.d.../...7e=......r.,f{.....JP.w..@@...3........B.ku..E.&.5....qr8...xm.h`N..u./..`&...).g..ua%<.u...B.{-`%..QV..X.d.....B.......xC.d. dG.....$..C...g....hw(.1~<.-......3.....sg&....(.X.....$i1f.77...q..3?.Q..........0 m.[.F......q.....X....y...u....H}ap...\_..m...U.}..:....b.%P.....k...tU.]....<.. f6.$.........mR...o....^.K.#.*^...)..c...L.....wa(.......%)....Z..".t.U.&..?...Q.../s.....8a[...b.....Hel..o)..;...#..`R..Z....{Z.W.......)a".ss.......jam........Gg4S}...X....S...!`.m.851Wm.....=...n.5L..Y...[.j)...o..Z...m.'>..;..j...v._..$..D..ynn.w5...E.....}-.3.[ ......@.......g.3....Yj$X#...._.?.<..E.g..4S!*..5[......6...bK....20 .Si.9j$..5@.N.=.wX-..@....:...0...^.`...1...=...g{..}f5.<(...D[.B...."H.$.Qcp..yI;.S..vTB....iF.hd..4..Z#..hhHC..qlM..V%...h>...-.U..^...........dp..."D...g....~iJw.;.zl.....B.z..Z2..;N..R-. .C_..=.*..k:C.$Rkg.9.z.8.$(%2..jR....5t)..}}.. ......-0.F...2..._.. ......(Q0......j.O...4.....Yc/~.L...zd....*....3.z..1....Mx.....^...Y.M6w...D-`.....j...f)F....K....BL.g.L5..9..Y.(m.(.>............R......^.j..`5....eM.N@.........p..a ..[."..L.....D.{......../.sD..h..z.hA..w....8.p*...7Hs......Q......<.j.{...T....5!...7l"..K...O.WU...L.QZ.......A.
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=29491200-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:34 GMT
Content-Type: application/x-msdownload
Content-Length: 56144
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29719
Content-Range: bytes 29491200-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=29491200-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:34 GMT
Content-Type: application/x-msdownload
Content-Length: 56144
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29719
Content-Range: bytes 29491200-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=22151168-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:18:49 GMT
Content-Type: application/x-msdownload
Content-Length: 7396176
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29674
Content-Range: bytes 22151168-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
..?.....Q|....."./.... ..e......TK..;..s.....Nx_(.2.b......./#/.....(....O....fv..AG.A...).v.2..t.{.J.....H...g_.......>.7.UW....}..{7.h.p...o0R/g.l.dF.k...@....Tn.U.....Pu...I.(9ss.[nW.,..-...".?=.q...o.Q{.....}.".l.....t.....36...V.-4.........).h.@. U...*c...R!......'&..^>>...l..?...T.d....uf.......1..7.PK.\6...]..]..a.R..v.....d....k.X.v.^......o.S2...2...i...2@...6......-.....m........A.&.. ?.S....~G.[z.......#.yU....6!......O......;. ./n.....}d.uN..G...X.2...d.....E.....F-......w-p.7..=....R)..Ii.aC....... ...irs^..X..3....wE..:......{E...}nR-..d....K1.[.:....o>.Pd..ISzs`fe."..=(.?...B....:...F......y".$.....0S.&K...p8a.K..c..2.2.X.$.....6.;....l-.}@..3..0_K*.G...p(.......\.(......!E..<'Pz.|..e..i....~j3....jm..."<..'.....n.....z......./L[...x.<....q.....mi;.XR$fs.].A&y:N.w...W.D...........E...L1..1.G.#..{.A{=.......$..k................:..F...s....Qf..y.......N...|.....Q...CH...Cf...%T.z"T.*R?.'...=...W"*............5....Gh..../...Y...v.{@.[.L...O.Q.%...J{<!|.*...._WH;.p..p...m(v.. v..-.0...w..;V .....#.....*w.l.....nMe...#.i..b.....yc!a..).V..}.uAVjX.T.0...We..b}......a{.4.x..qY.BZ.4.nr....FP...!;.[m..7....{....J.q?..V...98.{......>..EP..Z.}Q..i..^A...:'.~..@r_!.T>q.....V..#e..Lm.&u..;..i...B.Z.>..o3...J.....s.(...T..?..f.U.U......id..H.....G.x.Q<v.!...........M..*F...NA....U.h2k0.[...K...K..v.;...(.oP........A.X..m.W....d.u....&.....(.m._...\NhSB......u.yY..).....^.h......p..O........~@..>1...-...A<......;.J....Bb......bz.#.c..:.N..j.j.Z..d...@M.,..>.=._...Q.L
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=28704768-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:30 GMT
Content-Type: application/x-msdownload
Content-Length: 842576
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29715
Content-Range: bytes 28704768-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
.,.r..i0,...c..*.B.....}...?..z.. ...:3...:..4.%Q....7*.q..u...&..T...(]..z.....)k1U3i.`@.K. C<.b.. ....g.#......@...(.........0.\;: .....cV....\.R...v..6Q.X}.G.LU.-r....$...oR........,....U...yR.l.G..)...P..F..Z..1fC.............@Fd.....@.~`..K..X-.Y...c...R.wk.8..qy..U....G...C.JRD...|k..f..=.....d.nS_J........~).X.j.......N.....,xx...i..'....<.j.q.y.....Yzj ....i.....s...n..X"r.... .\S!..[...r>h[....!B.....-uET3j].5R.O.@b..37z.5/.J.......x"..hvj.g...k.._....._.....4(....#MS.....YbN`FJ9...]......lq.h.:....'.f......3GyX......%.....i....V..]....Pm....K?..!/.Z.)...U.....0z..D(.'CM..4.........>.>}[o..l5....C..y4^..]../-t0.....p@pG...(...k&....)..r.cs2....K..L.Y...>H..J....}#J..)..7..I[b.2...S..tAB...lL.X...,.x...G...A.....F.6LTcWQu...N...-...!N.6.......|...>...U.c.K.U-JIl..:J}...>.i...}au4.Z.mn.9]D...2.e....L..C.`.v>L..l....b.'..R.;...RD..\q$......M\...X..L...$`..7...A........$yg...c{.......G.......F.Hd\s.5.n.x.}.&4..0.I.(H..F..A=Q..ak7....p.....J....=............... .g......d..%y.......Q.....9..5_.y......?Ke.;...?s.#.~!U../7KY..GK`...=.4..B|..8N.H.&.r..N..Y.M....0x9.).M...Jz....z..S..xJ..$.%.c.. L.|....r..@.GfMi.hj.}.......n...t.._.e%3@.`A........#.H.s..!......=...j.dt.[.H0.......jb ...q.x.7K.w...A!..r..>.E...a..eo .<.:.e.Y.1.J.........<Z.^.?X.[....~..T7....ga~X..{a4..c[...Gb....'.<...{K...}..V..X.<......;......3..;>..D%[2.Bg....G...[...-41.J2.#.e....=j. .....&?"..bIh..WHK...|....Pb.!..U.....`l.h.AI.]......{i~@.*.....!...;..t....8yD..v.o.ho.^WF.L.CL..2.... ..,<%c.q
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=7471104-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:18:49 GMT
Content-Type: application/x-msdownload
Content-Length: 22076240
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29674
Content-Range: bytes 7471104-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
.Sd.D[%g..9.i..F......Gq}l..-........2ur......wG...t)i.l:.aZ;.!...V...C...#5..(uhm.....dE........6...D..<....z.._....\n(.}..../..S...AQt......u......v..G..0.jY.Y.O.*.PW...h..V.^..T../.r..5w.p.S.....rg&..`..4.`.r.pD...z..s.B....ig.#i)..........%/,...X...*_[..........R...0.d{.5[..P....3..v......C.\.v.....x...........\nb...:..........%-.guMM...{...~ta..C....~...S.U...e..m5.Sz./A.g.S.xX..jpo..e%.....D....(..8..s.)J...........p.....q~...U.3l....>.(9....j0..<......(9..S.3L..^...1E7.Q...VqG...:...Bq7Pnc...f.V......x..})..T..?.......F.ZBI.F.6@.vo.R..8.L.....].O..y.y.91~p..Y.S...v. aE. .........>W.....B.........D.......?r......B.P...v..!...........9..*..A^{....x..>....C.........P...C{...>...|.W....r.g...........Y8,........q..`a.-....d... v.s8. ..B.y............/..3...]....xZ3.~,...=._.....I...Bo...H........N*...(.S.;.....8......%]{%@a.........Pp...B.Q.&.p~.z.."e.C..Eq......RU..-..2.G....vS..v..../Q..L.......Y.. _vA.2A..........3..2......8h...G. S.1..........&..:....c..P.^........i\.D..bv&."O.j..as...M.Q..rsd.b(..`.)JL..yR.......,B.QO7......Za...i&.F..Jz..p ......%...n..x?p...0>iP......v:?.....*..Z.f.......t.C...I.......(_...R!.h......c.L....B........6.k.......~.j..y.:..s[.~.q........<..>....WK4..>uG............B.y,...D.._....E....._...-...1z.../.~/...&.s.P....a5\....!......_V.`..d..I.W...yr/...Wy..A.'@.n.rj.7.....Xo...}......vk......U-...l.BLs......55-./'.......fT.u...1.{.6...........F..aL...QhL5.........oz..D........q.]w..t...K.(W:.".../..-.....h...O..G....&.q(!... ....}..B....i.STn.K..#..
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=27262976-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:23 GMT
Content-Type: application/x-msdownload
Content-Length: 2284368
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29708
Content-Range: bytes 27262976-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
.qu.....n.`. ..AX.PM.TZ.$....Z.u.dlaN0H.....p..R..fY.....P....Hc...g=E...........:.V.J..t.BS.Y,.....M2.._.]N,......V.f..~c`u.i..........).. ..p`.}..ziz....1L..D...7.).........X.......cZ.....mA...}yq....L.(.a...i.W .....!S.............:D.\6...s>.T#.p.u.yE......%..k9\.....J........<..B.@&..k<.....I..........7.$..fqq...j4WM...X.;G........9.....F....I@[..5Q..X....".B.....W.O .z..L.c....H.S.V.P..yj.U..nu./?|......j_\'".^..<..t...%,.d...QQ.?..[.IY?.....T."..-!.....`..[j..s=&".}bB....a...Oi.J......v....4.I...._H.....A.............3.f-R?.._>...6..........'.T.....<._..;>.e.@:.SFS...Ik......fB<^W...N.9.,...~y..R.g4..8.kd1...$..h..!.i.....2.(H....:..6$.q....g.s-...Em.>R.M*..di;.@t......"..V........w).^...ev.-<............&/.:.........z. .E....j.Uj....5...u...?..2..q....<..b...]....q..g...E.....A..\.4..vW.7K... ..i9..|....98.....o.....,...n......o/P..../.s..7.W.=.1}...dp.O.o.Q....r.k...9......@"R.Gd..r..@jT...\V.......r.L..........\.4..v.C7..@..q...Dz.Wi1r..k.&.....?..... d ..R3Kt.c.h.....&G.0.D.;.\....kR..H1>..3.b.P| c..6....yy.....Q..aQ61v.....<eF&.....n..'....{.........{_.R...`... ..O..nc..v..E=i..3i..8)."\.|,.D:.[......C.|......;..F(..;..".].....$^!...>.w.>.}......0......<......RPS.....qV.......%.5D...79..\.i3.....W..3V.\VwJ...l{.._...&.7[...Z....^..z..l.L........;._.l..Y...Z.e.../R..O..h.Y.i..Q...,......i8..J.}.C.q.. e.o.............h..Qni..v.....%.8./5}.0.......On|.kB.,.Z.zK.......zJ].T._]..]..P{.a.!.I..B.3...j.JX._cA2.._T...d.......wY>U.y"m.......%b.$../..D...j.....
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=25296896-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:14 GMT
Content-Type: application/x-msdownload
Content-Length: 4250448
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29699
Content-Range: bytes 25296896-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
8....N.;.1...u\...,..* ............[.z..E{....36.........6/.4$...7zt.g.qw"8.......\...$.i.f .t.WuD@.......k...].....5=W'...wP$..3..t..>uS......I .U[(...I}. .......u.....X..M:.)o..C....6.I~...X,1.M.r.....v.*..v.....>e..-..5.A..o.......D<.W.I.&.....}cFS.Tx..1.|..B/>:..z..c...L'..IvV. k."X...{u_r..T6...W....O...l......V38Nth...{.f..`.>.6...7oX@>; xTzu.phAo......d.....JQ{N0;.B.Aa..|.Q.n....'.... ...........$...../..)PtT.,...KV....W.k(.D..x........e.}.-h.......Z?..h.P...~j .....x.3q`...&.[,........%..C..de.q.5..U..5.....Q....Zc....#n..u....#.#.(.....@`.5..y..X...%U.X(...I.".sG..|...tj^....@iI0..B....#......... .Q'.4.4...?S..8R8........}~.WqdD7...s..i_...&...n)..= .gncT..Y.....mc._.r.f..../..Y.>.S/k5...E..f^.....&^P....M..v}B....hJL...g.......d..Z$U.../<.:.J......).....>..,\{...%9#._h..Bw....0..l...T...hf...L.VY.M .~.1.r..j...............1y.b...<v.g...KY.... h.....q..j...)]..n-1...._......G..j7;...t.k....M.....@........N.~..Pi..l.}j ..h...l~o..Z67...;... 1!....-/...u!t=......F..-lB.r.......i.[.khu.y. ....-G#.J..$...g..C..J...}!J.QH............._...c......D.U.<C/.|....M`....=.$.v..Z....~...n{..X...N...@.m).w.m=..V..O...18P.t...... .2..\....[.....l....;...R...U....o......y>..k~LFI.$......f6Q....I.^.c...K.q/~Ac\.{...l..j...=.c.dc.S.n.E.Qu*.H(.......B>...JA....l...i....<.6.{!......`.. y..).6.Y.....)l.n@.,o.M@_..?HMH2...%F...Uq.W2.~..2.V...w3..Bj.ye.......iv.[..U......$.ZX..F..S.=75...?#.r.Y.6..1.Z..8{Bz;u.5...."e.....l..$...|.N.......4. .x...........7."./n.G..%...7.!{[@.1T.V.7..
<<< skipped >>>
GET /client/dllv5/BDMReport.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.0 200 OK
Expires: Thu, 09 Oct 2014 15:53:58 GMT
Date: Tue, 09 Sep 2014 15:53:58 GMT
Server: nginx
Content-Type: application/octet-stream
Content-Length: 1207520
Last-Modified: Wed, 30 Apr 2014 05:24:32 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Age: 1297486
Via: 1.0 sdytwt85:88 (Cdn Cache Server V2.0), 1.0 tswt79:80 (Cdn Cache Server V2.0), 1.0 shiben14:10001 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BDMReport.dll"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M......S...S...S.Y.S...S.[.S...S.[.S...S...S...S.[.S!..S...S...S...S...S.[.Sd..S.[.S...S.[.S...S...S...S.[.S...SRich...S........................PE..L....!.Q...........!.....P... ......u........`.......................................................................j.......V.......................P..........l...@d...............................R..@............`..t............................text....O.......P.................. ..`.rdata..1....`.......`..............@..@.data....d...p...@...p..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
<<< skipped >>>
GET /client/dllw5/BDLogicUtils.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Range: bytes=688128-
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.0 206 Partial Content
Expires: Wed, 08 Oct 2014 06:27:12 GMT
Date: Mon, 08 Sep 2014 06:27:12 GMT
Server: nginx
Content-Type: application/octet-stream
Last-Modified: Tue, 06 May 2014 06:31:30 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Range: bytes 688128-924495/924496
Content-Length: 236368
Age: 1417891
Via: 1.0 wzpy220:8080 (Cdn Cache Server V2.0), 1.0 shiben10:10001 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BDLogicUtils.dll"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
..T$..B..J.3...r....b....................E...........e...M..H.....T$..B..M...@...E...........e...M.../....T$..B..J.3.......8D...0........M...@...M...@....t.........M..]/...T$...l.....h...3..w....\D....................M..8@...T$..B..J.3..H.....D.....................T$..B..J.3.. .....E.............T$..B..J.3.......hE...q.........E.P.M.Q.s........T$..B..J.3........E...@........M...?...E.P.M.Q.;........T$..B..J.3.......J.3........F..........E.P.....Y..E.P.....Y..E.P.....Y..E.P.....Y..T$..B..J.3..D....|F.................M.....U....T$..B..J.3........F..................M...>...M...>...M...>...M...>...M...>...E...........e...M...>....T$..B..J.3........F... ........M..x>...T$..B..J.3.......J.3..~....@G...........M.......T$..B..J.3..X....J.3..N.....G...........M..xY...M...... ...M...8.B....M...`......M...p......M.............M.............M.............M.............M........&....M.............M.............M...,.........T$..B..J.3.......HH.........M..8....T$..B..J.3..h.....H.....................M...,..........=..........=...M...=..........<..........<....T.....<...M...<..........<...M...<....p.....<....8.....<..........<...T$.............3........I...(.................h....u<....h....j<...M..b<...M..Z<...M..R<...M..J<...T$...X.....T...3..T.....I........................<..........<..........;..........;..........;..........;..........;..........;..........;..........;..........;..........;..........;..........;.........{;.........p;.........e;....$..
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=23855104-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:07 GMT
Content-Type: application/x-msdownload
Content-Length: 5692240
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29692
Content-Range: bytes 23855104-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
.....h..S...\.5CU.Av...../A.#.".XHL5.E..E.....`...5A..tg...[.A|b.2@y.8....1......ghu~.e.!4.......UW....a......pV..& ..|%J0.....K........._iY $..o...ao.KX.N......N(.NM..].......[..9.....r...X...:P..S..F./ ..".%......}R@_ :..v.v@c.:F!..!.iH..m..^[.-.....{..........t..F.o1.q.IW ..D..yw.x.BP..a.k."......K/......d..9..& r.}..O...ir.G ...{./.y.2yz.....(<....(q"....`V.........).U..$...;..}...../..I.vB..CP.i...}........=..D..'..=./....o..)0b..q.....9YH.7}.5.C.2.t.h'.?.....H.H|s......`3>.V..d...L.P6....p./y.....a z....i8..}..1.$v.iQ..~&.si..X.....~D. .I....p......6..7.g-8.q.l.....H.;0n..{....c..K.;:..ZG...>.}p`D8.....M...PQ.(.NX..5m.&..(R.....2.Fm.. n..;.\7..8../#m.n[.q.6#..i.3.......^..S.....k.s)C.."0... .......>.l.Q=.s........4.z..P......(.......\[iO# ...Y...=....m...EH..b....(]..=r.p...yKOt..A.BN.q.[...3...\e..Bv.g...`..[...h...f5.s...(.....K...Z..;\. ...D..H..*|.......'4.qXf/.....4..V..`..z..P..Xp......\..K...Z...$..Y..(......P3...G.AQs s;%L...u......_..a......~&.O..8r..U..3.k.2._../..G....2....,mh.Y..'.....x......iX.m...OY...A19.(.]p...;....Z....)....&O...6..J.t...u^0.?z....pzlFUM&....9.......MTTVt.T.X.@.8SQ.F....TA*.k.;Js.#]...#.r..l..@;|."!.....`G_.;s.......v.u.X...-..rx,..$...1.....e...B`....WQ.... &.Y......^:pm...$..6.... .&..:...`q.,...U^.gp.n.....lf..m...T.i..?~...B..X.?.m*T/..uE.$y....m....AUWA.5...$L..13..T..HGB/...m.V.W.\'>].,q56.;...X.Q..)N..2.Dc?9g..Y.b...U.Co..lCj...Y.&,........~Q..G.....a..........p..V..~.k...GWV.'.P(]B.>.PU.WM<4j{k...-..Gb..s~..6....Q@ ...X!..v......'.Q....n...
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=24379392-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:09 GMT
Content-Type: application/x-msdownload
Content-Length: 5167952
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29694
Content-Range: bytes 24379392-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
.3.. !<......^.VT.....$.?R.9).....P..;.kp..`.$-}.%T.Y|..;.....B'.z......ER.x.%..PT./)......JJ.|...p..}1"R..ZR...D.pB..\.o.....T.,..W-..#,|.B..H..s..:W.. z.:......m%..&x..9..X..aA...p.*..c*t...YZ...h.{......n.\..........B2...R<.........x...o.1....0..E.*o..|9..Ra..$..,1............-5.......R4.r.h.]W..F.".....&.'[........s......O.\...vK`.].D......nk...%Kb.......S.......*3....o.....h>....I..apH!..L.}....d....o.]......jZ'...%.X...E..6.B.'._wG......b$m.?..w....z.;.D.r.5...X..y..(G.#6_O......s.2.c........i....Da .h...{...5.xl_..zN#^.6*f.....riP2...B..._D.&......%)%;...(...5.4@a.:....~O....zjGC<....*3..Y<...d..$.Jk.2......R..?.....l...*..9.b..N~.4..7.l\....p&N.$...I'V"..L.D.......W...9.\.a......^c..ny.......d.8..d..hX.m...\.....;/.=..L..Kr.{I7.....i@8......h...|.....)r.......}........P..R.fN.l...{.).....Dk...i%...... .....B..d..t.s.U...V.....0.t.G-.......m'E..S....k........%.b.pVM.u... `0.'.............z.mMkA.........9b..GU.......!-.bf.tn.@E;YJ&..1...s..v...H....&.M9...6.......p..q..s}F..Y..]........s.{.#.."I2A1l.....^Q....~..#.x..1..q.}".7.L.....(......(6}q.....9./0.w.=tn....I.........."d.@{OJp.h...".k.....O.......|N........(..(...?.%h`..T.Ggm]F...?.~...e.-. ...<...p.tx|.........N...Chk.f.).5...i...!..-X..1BC.#..S.ndL....P3..K...A$..... ...V....I.i.....^...o1t,...-...9.....^.......].H.CXQ..R..l....<..8...H"L..'i...X.K..MxG...[T...W.tj.&........7....m.`..3....]&t.......,.H"....l.ys........U......`...-.xv.43t...@-.=..;.Z.(.LC.<8..VP`..J.I..t....._.<..._?;...9..*I..a{.H...TNrS.xKH..h.1.q....#d.
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=24117248-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:08 GMT
Content-Type: application/x-msdownload
Content-Length: 5430096
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29693
Content-Range: bytes 24117248-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
..dev...jc&.=.a."....u..`.{... s=S.%...[%b.g.z..9..w....Cg.ZR.Q7......8.2r.....V.|.K....O.a...l...v..j.-.....%!..l.Bg.C.....5.......v..5/Z..:.)..L=.z..S. lBAG]..9.....'...d....c........~UL.h.....K..D.sA..<...........i.?!Mp.Q..^G .H'...kMQ...j.m.]..r..-.C.......'.....2j..i.S.un...v..L./...n.^QQl......m..[..q.T....E..I.?.-...W......V.t1..!,.v....:..........j.\.......$......xl.....[1....L.s..^h.{..T..*....y..L...9....%d..F..huW....7".{a..........Y...........R..AT....,......t..].. .>y.N.!R..i.C.!.F..-...... ..$.L...]..l.?..Bz.-..J..."7.49.ay......!o..Jp.ue.......O..'`H.... ....$.,4h.Q.$1".?q....u?........8EN..uVxM.'"O.T*A..5..o..........h.....mX.H_.A...B.../....$...i<.1,..k"... :.i..k)1.6.d.%..1.ds...._HE6.LbYR.H.. o.....*.......7.E......NF6U...5U.m.V[.}O.2...t.,.;.g. .y..=.d.s...i1.S...cU...8...7P}.....'.).....syIw....U.Q..>...j..Lk..;\..3....\...3.R..K.\6.....A6.H..l..."...)...CZz>..uz...(.r.f..j. l.1...w.c....84..U.QhmQ..@..i..2.F....)...)...#.........H.H.. ... .O|...i....\.....s......?*m.!............S.X....H!^..ua.....}.H.....\.p.i.?O....4.9..,..O..*.(&@.:...0....O/"9._............4.w}L.ji|#6.[........Q...7.j..D..Qz....q........ ...!f..d..@...*../..^..qx7..,k-...F...^.&j@.\...a......K..=.5.. .`:_..I3.....V ..>TO.].4u..w../F...uX..-4....xA."A.e....s.\=D..a1.(.......(KO)...4..K.:xi.L.T.....N..o...3...J..M.,...x%zO..g...98.....>.............wxVel.H..c. .l=O..Z.c%..aM.;....u...*S...@..GY ....O...*I.2.enE.c|?.H.i .&....H....f.yb./.@.....*.... n\.......p|9.c[5.>.G....O...W.....LWK.......H...]
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=15335424-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:01 GMT
Content-Type: application/x-msdownload
Content-Length: 14211920
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29686
Content-Range: bytes 15335424-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
Q....o.A......}....o..Q...5E..nL. .)....D$....&7...$..C..I@3-..$M...x......~.j....=.....U1.}F.Z>...R.........`.... n............;..[)..{S..!...0..`....;$......e.....:.. .3..&@.ko.....:..............u..6F...Lc2.L....O[>J...Xm...<.P.......=,.y!.=`.<B.2<M.|^O......8I.!.!_...l.b...Z.EI..d.......s........Wv.n..n5T.6.....7...u|]Nx..D.K..Tv..v..7.c.X._6..R./.C..........5~B!......yYR=u....4..4.t..>..R.x#..W..6s..}V...O...._......_.Q-..g.....6.......qC..JF....TcV Z..I..8Wd...7.hJ........s<.5.G...\x&....._..=....:..L..................`...Tl.....w.H}Lfl.'g0M\.D............Yv.[.G3.zC....yh/.....?<.........lB..........m.........O..Z....L....uL...d..PX.".S.......g.K......}...8.a.....=....=.WD......5..~..kX6:.>..H...8d.k.6......%A.....K.."/^..........?V.).<....D.w.X..1..L.S..8.j........(...S....?.....R.%..............|.&...J.k. ..n!...59&._i.i.!.....or.i.8T..Ioj.....p7%C..j...z3...Hb.<b".....eK........*.....f.. .ea>A.r....M.pn...;.oU.Z.I.T...S.5Y[.*!U.MQ......!J*...IE...Y...h..5Z............Hw..k9..,..x|..4O..4].>&...o.e.M.....tf:...J...K./(D..f...}...-..K...}. M..G%.2t...m......\Z.......W^.L....aK..D..=............;.0|<..N.../.S........\._k......=........{Q..=...{v..\*..|......O..cE.{.U.(!Y4.,.........$K.s.........F..T..[.FSDj....N._....c.B`S...h.\.v....X>...C.^h.Ls.......gt<.vd_....EV.(MI.JX..A....d-...I...J...&.=.-1p#...l.....u..*.c.S...T......5....6...ln&....}....g.D#..U.H..#.z.8...e...T..........].zQ.....#..p...I5..... ....P..c..l..!.u..=:.)....P.....G....6.4..#......'.=...
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=29491200-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:34 GMT
Content-Type: application/x-msdownload
Content-Length: 56144
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29719
Content-Range: bytes 29491200-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=29360128-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:33 GMT
Content-Type: application/x-msdownload
Content-Length: 187216
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29718
Content-Range: bytes 29360128-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
..0...(....-b{........../.~..e..2...,A...A.@.E%%M......`..L.....;:o...@......I..|...Z....Tf...r.a.......G..."f{...D.....wui0$z"..D...... .^..n..#oT/.^I.(........L.f..F..Kjh.B.Av..a~d.-7..Dh...Z|.0......g.. ../..5..u..7#e_....w...!D......#....d...7.T...Vu..=.y.!{.I.%O..........0...H.@.j.....h.._......1L........&N|........."v......m...j,Y...%..LJ..r....@.b`...V.%..R8.m.Lg......s!6w!q.fu...1.Y..>A.=.K...U........@.....4if.....`.bN.....<.......P..`...Yw..<...../.%W.....;{]...IX.[LcM(X.).................Z....G..W.......r.E.F;..|-.Me2...I...........%..GZ..^......h.<.K..I{.u.z.....G@W..Y._F.s......e'...)o....P.......J..d....D]r.p.....=..GY..=i^n&.......Z7....X.e..u....m6.7.,GU..5......Q...Q...w.......dO........K.........]B.. ..97.MvZ...d...i.Ti.~....,.gH3...B.........x.?....7~......./.....Y.m..72.>.p..I).YD.0@..0g..H...ySx.-E..............m_.[.f...@.k.)C..R...L.gj].]x.#.WGT.L..tj...*.6.wt........4<#.g?.T....3...k.9....t.^s<<5.#.|u../.OM...3..f....M..O...i..Hq4......$.........T....jt<....DwI...?)UT....E..x..#...Xk.......U.M.!...}.......#......fQpU.......U6.!..i...[E3[.'<y....9P..-...t..!.bz.......N....*.%k9...>}.....O.U.k..h..X0.....n...Q...C.fH.....B.....NF.B...e7...$....-k..L1...(......8...[..m.....*..*@.2...A..h.4z.3(cet..Nq. p.....hpiL............."X.........\...$J.N.cF.U..t.!.....m.P2.{l..o..~a.wj...#.....ZR.b..z.pY..|C(`p...B..&K...&...N..i....3.`_..&.C1:p.",..[a.:....M..t*..e....bA,....hhPq.....j.....IsD..a...[..(.&....5_uE....6....s...PJ .(ta.O...#..9e........C.....u..6.........
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=22544384-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:18:57 GMT
Content-Type: application/x-msdownload
Content-Length: 7002960
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29682
Content-Range: bytes 22544384-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
v.y8|e..s....r..V.XA/....z..UAYj....FgO.,..kUp..M...8......j.....o....z.;..../.w.(.D....V.B$.......X........}..Tx..........6..xx%b.......^=Z...[(.....S.....JN.. .sd. D.'...I.. ..J64....4.J..h<...R)J@........s..,(.e.K6U1......rJw.....o..!rl....W5p...........R;..L......<...")%$g^.>a.n_y.C.}.. .j.q.........j....Z..QNE..........W=..Q..f....<...A.x.Ms.8.... ..1b..........d.AP).W,..].y.h..%4U..,....J.xG...f..P..Vqm.W.2:.).7.........Y9..|.(v.n-8............<.W.XY0o..=mr....|i].....W^..Y.[....A.s.....0T.}..AO.,.....X .....( _[h.q...m.O..V.0.K&k2@.0oX.G.c..u..t.....G..p.....7.X?.......JU....=k....o.,....1I.....)p.`/C..mr}wQ.{.}.sF.....t.6s......^..r..........,.}..'uq..9.c..~......Y...d.8..'.(".._...c..F..;.C\.$.....K.:.p.....[..yr...YS.A.:.|...u.[..Q..G4..F./...a...N........N.w....@.c.......D\..S.H....>8...Y,J.......f.H.......qg..zA..w.c<......OFB.&...y..66...%.t......n....W.Q.Dh.GP.)3....r2P..........x..{<.).N]....M&VJ..,..A.....%......\./...........C..9U.}3.VZ M.P..Lq.{.Fx...).As......@<$A.......x...^RC~.!.by..hY.,.6N.<d.~H&2...P.,BP.#.D_ ..|........V........M..FB.&Q..k.U.s................m....O...*f.R.)...E..oq.uJ..I....,.R.*F.\...........!K.p.e.@..z..!J,.5.. .....rE.k}.~.|....!.yb...`..r.@.n..p9.2..G.Z_jNP.=...".x.i...2ui...../..:.......<....O[..t.<...5}....*.H..f.......n..."v._q.0.NW.R7..k..(.[.I-....DC.U(...I.S.>.8.1....0.v...bo.:..^.....rM!..]V.@.#.-...a<._...".p."....Dt.c.^......f.!..._..O...W.....k.l. .e.'...a...-.T.qyio.....JH..P.y....x..a.*..".u-....J.5Q$.|..w...p0..)
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=28442624-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:29 GMT
Content-Type: application/x-msdownload
Content-Length: 1104720
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29714
Content-Range: bytes 28442624-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
.Oh...T.Y ....Vciv.Ck~..9.Y.}....{./.<...3.]y5..l....{......K2..N.gdn..].'.....vy...6..:.9....K.i......f..^..].....|..._&!.u.|......l.......".XB6.{..............D.3%.R.....4.Y..... .vT...6$....(.................T..V.Q..rFE......NA9..6#...Sg.s9:b.1.Z.<`....,..(|(j6..j..m....].>1G.%.w|.'......S......#..~....P|.....6........J...?.Z.?.....s.......Q...........F.o..U1....P.$.G?...'.{.q2.......=...5......?~..-..=..6..'Vh.y.Y.]%.($`. .......V8V.l...JY...j..}S.7...l.b....i!_..Fot=H..Z.z.r...>8z.xD[.......8.Pl......&.R(.%e.T. [h>...N.."Q.;.j...).@2h.&f.a..kf..=4. X.X.?{.7.m......h.\..6...w..p|..C.<.. .b.._..U.............d.U.O..al..........]...c}....f....q..o....b.....$;.G..q"...:.....X..F.N.m..Z.#)\...A.T[.CC.I4|).oW6.....>..M......}ZB........m;...FN.....N....v.}d... st..'.......C..7.w'....@.S.Y..E..b........W.....3..#C...Z...v\.N.]*....)n'.VqY..\.Wuu..h.m.3.'....u..T.......yPh...V...&...@S...@Y.?6bN5..*..n.a.....,E\.....m..A_.[%.........E/h..q.......`..=.../........I...1_..........n.z-.,e.}iY......(...F..x.......V..:.M.f.<..............ocG.:z.V3..JzV.....V.GU.....g..#.'Y...t.5.....@....q....xW?OTeNa..M~..(&..0.....D......*...%m....oLF...\......kSM.......s.....!|'.|..!.3c....$....`.u|G..EU]....X.0.(........l.....:w..?.....f.....i........FS.D..V..\.CD.1zh.,.e....v..P..st*..I...cM.(..jC1..>.K...K;....U..j|.D....)Z.2...?.*.-..u.Pg.rm......8./.".^....ecy........x..X.lS..y,3.8...G..47.."E0_..R.f.Ql!...?lB.;<........ X.h....q.s.>...#.7..t.f......p...,..8.=....{..&Z5n..x.X.$.c.........#........
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=27918336-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:27 GMT
Content-Type: application/x-msdownload
Content-Length: 1629008
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29712
Content-Range: bytes 27918336-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
.c..PT.T...6..n$.a..j..w......4.!..B......../..6.<...J..".*...D...vs....W.0P....5.]liZ....P._KQ......*a&..UxO..V..wp..M9.l..j^.<2.8.d{n.iu.l{p=h%Qf..R=....._\q..3.!@..-n.e........W._A......Lb..[^..n.S.......;.4..iR.A...{5u...s). -..I....U..................>.E$..{...g.0i....j...M..5....... 7i-.9..E..v. .l..V.. CIB.....N.hA.Q.f..q...-.......... .P.N..,....).*^\...l..f..B...l...w.... f....3"5..&...AeU...K..........v..|...u...x..zY..^.{i'|Y...K.......h.....E,9.F.E'nD......v.t.d]. .... .H...h....9....2.Z....SP{\;.B`.i-&.....K......d....(w$.W.......\'.#gL....a...Fm...@: .& 18.]...........Je.}....q..........D... ..Nh....d.r\.j.i!....59?j,..p.VrP...3.d5..|p7..3WDz.x...B.{..."......,.7.w.....q...q...D.1....................7L.>.....5=.....J...$..;..!.nc..d7 ..n..3....54c..s....=..Ll.u...\...&....mn.....~.mh..P......=...a.>.......O.8..F..3..']..;C......#.P.^.<. Ps.......w_...X..U~...5...8...8._.0....5..(."............%..........U..d#...q........../U.....7..6B.....Hi..0 ..rpn....7...U.l.....5N.#......?....U....0.V...~. 'C.g.SPDA.Z...O./wc1../......po?.....;..}.......Y.:...4[.W!&.qu.c8h...P?..I..(^<{.2..w..AN.]..teB..`QO.m..0..5!..D......N......h.....tV.}..C.b.\..-.s.>..I...G..E,zE....u.EY./.t(..b...#6.aw.[.X..] .....G.,...&|.. ..I...:....D.j.=e...<m%.R5.....[c...v.rtce.V......[..{...u...=..|..d...9..-o..... ..M..3.m.......DZ/..4..>...l.[.]....0....5...h...C....]...l...I. .t..KNYv..$B.. ....S#N...#..s.......G...yt..6...7...4.[F..)!rz..Y.H.,;..\d.... .....E.......h.B.....k.-|G.&.g........<...
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=23199744-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:04 GMT
Content-Type: application/x-msdownload
Content-Length: 6347600
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29689
Content-Range: bytes 23199744-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
.}.|....&.G...yOI}...P..W...o......PJ........D.r:s_......(G..P.....c4.......%.Z....)...W..i:.......\...c....N.....z...H.]....1.$..uQ...*...*.Z......Z..th.Ghk.t.".=..2....`.l.....H.BG.e........K....V.u.F..j..8....^.WL]..k....W.}.....(.8....../...Uf..9<*.;..:.P...r..H.. .D.E..Q.x...<Wq.?H.l"hK...02N.)rhL./..e.j...Q.z1G.O...(8.....#...p:......g.n....eO.L.R.... ....n........R.....0.>..G...... .)n.E..{jYb...`......e...............L.L21>...J...?..aS.N..........&...N...ijn/..[.1....."..3..]~...f......./~u#..s.=R.i....g...i.W}..M...D..;..M...o...;Q.. ..:&.]jP.e..JZ..($.......$....j..a.m(E].c..iH.I..g0ySD/.l..Q,.(W.!...N.C$J(:o.QTsi..?^.!{X...~%.:lB.#..W........`........O..yD..(............/..Q-..s..vzb9%$l.8.AM'..uk^.S&.!....(S...._.....r......zg`..$....!.....%...mW...%.....5pe.....I.o.S8..v...{....X1w.t.[.I.....'......@..Z............@..8..Y.o..4.3.O2...p.Z..`..G.tu.k"...M.N.E.fQ>rS......F..wd.D|..\.5..aU..k(] ..r.8.......JE..y...g._.........p..<O.<"O....t..9.3Qa...F%.hX.f.jo!...,(..q..{ -.......>.. .(..k..MA.._..\.....R.kKl.....i...@......V..9.R.........a....D.$.|.E.X.!....ja.. .{.......PW...k ....g.T.M./....I.R....y..e$W.h..\c.......(.7SUE#M...u... ..f.....).......)I..k.....@.F...?.Y.p.vXoUS..B.....&...1..q4^ l.L...........L....?..}. _V..Z.>../..1...i.F........|S&q...Z.J...V..}.........z`.(VmX."..s.8.........WM.. .t.LT..x..-...>.(.....y-:4-.r.Jt.h.....d....W.V......&....3..g........ MK.....4....T.......*.X..s..O..J.$e.;Kh....V..z..h.(...E..k...............AF...)...{....r.5jn..5P.J} aY..
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=24772608-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:11 GMT
Content-Type: application/x-msdownload
Content-Length: 4774736
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29696
Content-Range: bytes 24772608-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
GgC....@.S..x...J0![.......0.k.j.YI..qm[...r$.../.....#DW...........1..uQ.~..\.hq..v...n8....L.u...E..m/...G......n .w....{..............HRU.W.-5|.9.^..1#.-........d-.......}..x...L"........./,.:.Z.3`w.......6.o.._j..x..\.hKt..G.....!.1....:.........Gy;.7.;4p.;X.<!.Y&P..!)d\..en...2......h........(V.......m!..[D..1ri.....X....4....N.<...pe...p.F|.Dq...}..rh..l-...p....3.........werV;..u.B.c.2p....F5..../.....!d.....Z00..@...^...B.A..........S8..............W...)..t].{O....[.:t.....7.........!.R....@...o...h(..#ji.pK.g.=5?.../.....$6B........../6....(.......P.@..e..@0....".S....$bu..I\..u.7d.K8R...'*...o..=.vP........r...M^o...O.....Q...\.9......g...u...A.8..N.(Zx.^8F2......)...\]t..i).4E..EPiO.l.......{...{e....H....a}QW.7I.T.]..3...Lp..:...9/bP....d".Z..{|..z.7}U.r.od...J..Kv..:i.z..|......r.....L.xA5.....N.....Vub.4........!...q..N....l[9..n.f....1..q..q.............lx J\.>..fTI{tx.h..B& ..P.../33!..../q..G..o.....X..W..v}s..a.....}.....W....C..5....Q.|.w4J#.mJ..'S....`.r..Y.3.T.q;.e.X...vq .)!C.Z.`.ck.Sa.G.}.....E.%...b..c....`.=...Z.Y-WV:.u..).gt...y..1.@...g#...m..6..."....SD...u%....sb...o=j.^..^.C..(5...K%..Y.b...d..cV......qHB,_...;.{Ps......S.F)$C.^.}d.Z..KN|..f\`Tc...:..2,\..l...q..~........;|....k.X...w......'C........$...9.8=T7.6...]d....b;..K.t.k2.J.......k...<.o.........o..2...[C...."6.d.FEc....By~...O.f>.%......'.y. ,....<t $..u7.:.[..._.W.9...]o..@......U......y..2.Y..6.^.O.),i....JK.......&.......@.....<.."h......W...D....E?.)..k..}n%......KV.b...nc.COL...LNZ$I.lw-..../....
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=23461888-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:05 GMT
Content-Type: application/x-msdownload
Content-Length: 6085456
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29690
Content-Range: bytes 23461888-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
J[.Z.....=5.c.b.....%E..A..b....;6vA..j6*.x.,..>.._.....Y.S..@.r...xU}....6.G..........|bG.M$..........o.....P......D?W.Q.....0.$......I...Q<..........p^Z.9..d....U..Go.?W...A65.....mo...lS.5...M...F.."A2z.....p....!.f.h...~.OzC....Po.G...O..^...k.>./...X:dV,.,..t..HM.....H.r........k......?....NL..H....R._.......6...37..%.jG....K...T.......a.nIY.F.g...........9..Y..(.[...RD..a.i..{...:.I/..?O";.k....W^k...}3.%1.fY.."..a.k.....G......pc.zO...G...`...b..T....fk<2..0........W.|..[A..ha.FS..OnD..Gi.P..c.;..........J2N6.}.5 ..O9_........*..?)....B.....Ih.......S..:Z...J;O.....oF.]S...z..\.1._%k/%C.f..e[=..../1...!..wX...1.}.......nH.lo=.r..`..:{E..WmB.z...r..PX....x........C..q........Z....6. t..D... .\|....$.M.<D..~..EY@.4.Z..I4j...B......~.K..%.1 .;...'.3.H.]..8..#Uv_....F....g...Q.c.jK... ...............Z.lAgA....E2.S......9...-*....w..)..A....*.../K....#P.oi...[..A...L.....9o...zD...n..0.%i>*l.Eg..r.Z..l.<..P...[.S..0.GU...V...K.. J......b...)."w.[..y".....\.iz..2Hz.a.X7$,.\`......&.8......U..YB>..Im\......LM'3v...........T.2E]t87..|.`.....u:....(.........`.Q...xN...b........L.../.E......$.g....I!`...q......8....-.]X...PS...........@..`.....b.r..J~.q^.l..UtN.>.N......Ql..oJ..w....e...EFyn.M........yK.)............}fe...Q.s.W.[............/.Z....36....no.V....`.....-.S.........s.....U...|...C..k ..5WF....S4..!om^.e....*......v.:.... 1...X.;F..>..H...&.F...1"..N.`..f.it...5.ew..N...cS.1........A...A6^..N8..a....Q..Q.f.{.n;.N..3..;AF.......f..(..wQ...1.....t.@...z.d...b.......].....
<<< skipped >>>
GET /client/dllws/BDMNet.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.0 200 OK
Expires: Fri, 26 Sep 2014 23:19:04 GMT
Date: Wed, 27 Aug 2014 23:19:04 GMT
Server: nginx
Content-Type: application/octet-stream
Content-Length: 1178448
Last-Modified: Thu, 10 Apr 2014 08:10:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Age: 2393980
Via: 1.0 wzpy201:80 (Cdn Cache Server V2.0), 1.0 shiben9:8888 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BDMNet.dll"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>.^._..._..._..._..._...P..._..T...._......._......._......y_......._......._......._......._..Rich._..........PE..L....>ES...........!................W................................................{..................................-...............................P...........@9..................................@............................................text...;........................... ..`.rdata..-...........................@..@.data...............................@....tls................................@....rsrc...............................@..@.reloc...3.......@..................@..B..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
<<< skipped >>>
GET /client/dllw5/BDLogicUtils.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Range: bytes=557056-
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.0 206 Partial Content
Expires: Wed, 08 Oct 2014 06:27:12 GMT
Date: Mon, 08 Sep 2014 06:27:12 GMT
Server: nginx
Content-Type: application/octet-stream
Last-Modified: Tue, 06 May 2014 06:31:30 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Range: bytes 557056-924495/924496
Content-Length: 367440
Age: 1417891
Via: 1.0 wzpy220:8080 (Cdn Cache Server V2.0), 1.0 shiben10:10001 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BDLogicUtils.dll"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
..........M.d......Y_^[..]....U.R.<......j.j..g.....................T$...$PR...Q.D$......D$......[......@......u.2.......PQ.L$... ..............j.h.|..d.....P..HSUVW.....3.P.D$\d........\$..D$t.x1.tLj.3.h.....L$ .D$8.....t$4.D$$.......D$.P.L$8.t$h.d?..h.z...L$8Q.D$<..........L$p........E..x1.t..}....U..z1.t......L$t;..y.ug..1..u.u..w..C.9h.u..x...9.u..>...~..[.9 u...1.t.....W...........D$..X.9k.us..1.t....C..fW.M!......C..X.H..U...;M.u.......1..q.u..w..>.E..A..U..J..C.9h.u..H....E.9(u......H..E..A..U0.A0.Q0.E0..8]0.......L$..A.;x.........8_0........;.ug.F..x0.u..X0V.F0.......F..L$..x1.uv..8Z0u..P.8Z0tc.P.8Z0u....Z0P.@0..8....F..L$..V0.P0.^0.@.V.X0......v.x0.u..X0V.F0.........L$..x1.u..P.8Z0u...8Z0u..@0..A...;x..v...G....1..8Z0u..P..Z0P.@0..N......L$..V0.P0.^0..V.X0......_0.}$.r..M.Q.D.......E$.....E ....U.E...)....L$..A......v.....A..D$l.T$p.L$t...H..L$\d......Y_^][..T...............j.h.|..d.....P..HSUVW.....3.P.D$\d........\$..D$t.x5.tLj.3.h.....L$ .D$8.....t$4.D$$.......D$.P.L$8.t$h.t<..h.z...L$8Q.D$<..........L$p...b....E..x5.t..}....U..z5.t......L$t;..y.ug..5..u.u..w..C.9h.u..x...9.u..>...~..[.9 u...5.t.....W...........D$..X.9k.us..5.t....C..fW.........C..X.H..U...;M.u.......5..q.u..w..>.E..A..U..J..C.9h.u..H....E.9(u......H..E..A..U4.A4.Q4.E4..8]4.......L$..A.;x.........8_4........;.ug.F..x4.u..X4V.F4.......F..L$..x5.uv..8Z4u..P.8Z4tc.P.8Z4u....Z4P.@4..8....F..L$..V4.P4.^4.@.V.X4......v.x4.u..X4V.F4.........L$..x5.u..P.8Z4u...8Z4u..@4..A...;x..v...G....1..8Z4u..P..Z4P.@4.........L$.
<<< skipped >>>
GET /client/dllw5/BDLogicUtils.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Range: bytes=819200-
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.0 206 Partial Content
Expires: Wed, 08 Oct 2014 06:27:12 GMT
Date: Mon, 08 Sep 2014 06:27:12 GMT
Server: nginx
Content-Type: application/octet-stream
Last-Modified: Tue, 06 May 2014 06:31:30 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Range: bytes 819200-924495/924496
Content-Length: 105296
Age: 1417891
Via: 1.0 wzpy220:8080 (Cdn Cache Server V2.0), 1.0 shiben10:10001 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BDLogicUtils.dll"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
........"...........................................".......,...................................".......X..................................."..........................................."..........................................."...........................................".......................................*...".......4...............................<.......G.......R.......]...".......`...............................r..."..................................................."..................................................."...........................................................".......8...................................".......t...................................".......................................(...".......................................=...".......................................R.......Z.......s.......~...................".......$...................................".......x..................................."..........................................."..................................................................."....................................... ...".......@...............................2...".......l...............................D...".......................................V.......^...".......................................p.......x..................."...........................................".......<...................................".......h..................................."...............................................".............................................
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=25952256-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:17 GMT
Content-Type: application/x-msdownload
Content-Length: 3595088
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29702
Content-Range: bytes 25952256-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
Y..<..(....6UUFr{.h..N!.T.``....gc...... ..G.T..$.J?...S@.F.... ...Lc.....*.5..@....@a...0h2........r..#3..Pb.}...F.....%:...^.E..f....JN.....?g.@8.H...Ui?./...r.^...."..7.....b..:.l..ngotT:X....=.\g......n.8......P .j..<.i.<.G.v.q.J....F.....9..kK 7M...[........E......S%Y.a..P...Os..R.<0=P..SuC..aL.:P..dG.Hk....w_3... =.y..k..@D..L,.....yy.[......N=.'....#..':vx...p <.bi.@..{[..H....b.Z)..`.yF.^..q.B...._%Q...p:.8......d/...q:neJ..........G..i...>7ge..o....h.\l..:...8..L.\..r..v ....g....b.....A......2..A../..:..EK..ptP;.@.zf.O..IlrQb.B.......D..R.E..\..${3...[Iz.R^...._..h.B.7o..W...O.....C..e.t...Hf~NVwA.?..w...........x....j8.$.`..fl........AU.l=.C.P#............'\.....d{.x...}Dv...oh....}..f.k......@..Eh.|...vZ..}...A*....ek.C.%@N...........w....r..K....@.^o.&....{~..*./....? .O .U..=?`..I....4..%}LD...LM...j.,...3|.N...pe.o....._$?C?\5..c..{[..L)...._t.....O..S.....#.M...T.. .0>.@.wF.}C.H......gvM.'.t.m.....L..l.u2.3...?.9.W..gLF4?.Kn..Q!<.4_...#..&. ........Y........k.....Fb&f.^.U..o.=.9........'..&..Bb2..W(..'.R.....d.....3........|\..Oi..v..d..]yr.#.,MG........pR.....V,..b..}.L..A.55..zW...f{.S.Y[X...C.F..:].."....!_0.T.b8.Wkv.}m.%.cVt."nn=.~w.u...vRX.....j.A....S.,f...u`....8...C..U.Q.m..f.!..&?N.H..E..gs...|0..Xx2.9..].&....P4..u.....s.:H...e....>U...Y{..2..h.0].v...Ak......J..b.!..8.8Q.....^.....!.:.T......i...U-..z.e...aI.H7D....-......G/e.!.~AmS..K [..m>.f.Ay..r<n..$.Fp....F...G}....f.........<q.H.....AU]...:.N.""}$R%}Y.t.../Y.h....a.b..Q..\..b.x.=Z..@...A]]..
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=131072-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:18:49 GMT
Content-Type: application/x-msdownload
Content-Length: 29416272
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29674
Content-Range: bytes 131072-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
_^[..V.t$...t~.F.;.L...t.P..\..Y.F.;.P...t.P..\..Y.F.;.T...t.P..\..Y.F.;.X...t.P..\..Y.F.;.\...t.P..\..Y.F ;.`...t.P.{\..Y.v$;5d...t.V.i\..Y^.U.....SV.u.W3.9~..}..u..}.u.9~.u..}..}..@....6...j0j..k.....;.YYu.3.@.u...j......;.Y.E.u.S..\..Y...89~.......j......;.Y.E.u.S..[...u...[..Y...8..v8.C.Pj.V.E.j.P.eB.....C.Pj.V.E.j.P.QB.....C.Pj.V.E.j.P.=B.....C.Pj.V.E.j.P.)B....P...C.Pj.V.E.j.P..B.....C PjPV.E.j.P..A.....C$PjQV.E.j.P..A.....C(Pj.V.E.j.P..A....P...C)Pj.Vj..E.P..A.....C*PjTV.E.j.P..A.....C PjUV.E.j.P..A.....C,PjVV.E.j.P..A....P...C-PjWV.E.j.P.lA.....C.PjRV.E.j.P.XA.....C/PjSV.E.j.P.DA....<..t$S.....S..Z...u...Z...u..}Z......Q....C.......0|...9....0..@.8.u..#..;u....~........>.u...j.Y.@........E..u...............I..K....@..M..C.3.@3.9}...t..M.........;.t.P..|1........;.t#P..|1....u.........Y..........Y..YY.E........E.............3._^[..3..-....t"...t....t.Ht.3..........................SUVW.......U3..^.WS..[...~..~..~.3..~............ ......CMu.................ANu._^][.U..$d..........,...3.......SW.E.P.v....0...............3........@;.r..E......... t .].......;.w. .@P.......j R.4[.....C..C..u.j..v..E..v.PW......Pj.j...'..3.S.v.......WPW......PW.v.S.......DS.v.......WPW......Ph.....v.S.......$3...LE....t..L...............t..L.. ........................@;.r..M.......E.....3.)E..U...........Z ...w..L....... .....w..L.. .... .......A;.r......._3.[.xP..........j.h({...m...........t....Gpt...l.t..wh..u.j .p...Y........j......Y.e...wh.u.;5....t6..t.V..|1....u.......t.V. W..Y......Gh.5.....u.V..t1...E...........
<<< skipped >>>
GET /client/dllw5/BDLogicUtils.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Range: bytes=524288-
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=25690112-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:16 GMT
Content-Type: application/x-msdownload
Content-Length: 3857232
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29701
Content-Range: bytes 25690112-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
... r..Cj@....@u..b.l.......m..L.X.d.f.... ~*.}).e}...k...c.2.h.}{CY.. nn.....#..E.9...G0,.F.4..<. G.....Ip..)./...|!P.....8...s..#D..J..D....^,'......?y%.lE."...D5.......3K.SJ..e.=z{..Y./...@*..S..Ew)..6.c...pds......Nh..{5...\......7..........G...e....I.d. ).f..~...h.o.....4....XP.)..z:j=x.........CE.2.n.....N.;..".."I.....r.R.....S..i.].aH;.L.BsB:.fa............-..^A!.r.._h....a.. j....on}.#.....~......<...F..j.T:...O.:_.C.z.d{7.T.Z#...E.r........c.....P.1'.'>[^ .r.R.aL....psV..F..Y....~k].^5......p...n#.}}...A.b...$..D...Kj....\[...}..O.f(49..|^..'...0.....S. W.`W.).9M...Ta...o5.;T....b').....h...o.=......r5.x.........V.r...Y.....!......N..G."~k&..rG....^B..mx3.A7..1D...g......\t..B..b<p........UA@.p.I...\...mCx.......5...F.z>............,,cN...]...y..m.Bj...Z..uSO..(..C4.i.~..9..5.LJ.!E.4:.rB.>}.....`'.......~.dq_.E._.n....s..I:..>.|..r.b{Q...r..#.......3.Ln.M..@..|....,%'.@h(y.Kr....4_.8a.....V...Q.Q@..=r.:.lV.e......l."...#.$.\.0V.......z....d. ....K.H.f".... Rp.5...h7.`..x....U..\'.A........iw..vC.?....z.|....p.&"..A...N...,.M.........wd.gy2..|.HjH..7._.7@..../,....*..BG.E...~F.....H.h8d.h.e....qk...F...!...l_......Zk.4..()....a.....-......-t...}BU....v....?.....\...g...d...T.BXc.3..Q..:).....=G.O.E....'...AA.^. R..2Z..-.....n..$........C_......P..F..^..lG....<........S.t.P.w.M8.*......{.!TF........nl...&a...N.......%}..==l...M..,...9..x.G..........y.J.5...5..6......%[...h....9.O....\&..8..d.H..\T.!Jb...sY....m.1..Z.Q.E..HL.y.g.......O..$.@<.>E]Qp.e...v..s.C............./..
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=25034752-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:13 GMT
Content-Type: application/x-msdownload
Content-Length: 4512592
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29698
Content-Range: bytes 25034752-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
?..o.H:......;...... n....|.}m.3c.&....1..I..D.,mv...X.k.~..A..u .Dr.5C./...Z"8..$'..W...i....z...... .Dl..t. ..^.#4o.9.k..Ij..T.}...i.b..4......Z..=B......*..N.l..?H.......Ix.k.......%.............>R&.....o..).......w.....Z.L...u>..2..0AF~.j.W...(.....t...jo.1k...)....|t~R...M8Qd.n.V....*Z...5.[\....'..S Gj....v.IN..Eq..1..H..~1g.....CFt.I.'...H.t:.8OpH......$%..l(n<S.}....c.......:..a|.8rzL<*....l.........~=S.....h./_ ...]WG.Va..OkS..P...x..}Q.o.0..t..|.&.60.D2.n3..k\!.<....!. ...7Z.nQ..o.Y...q.....X.6.......e.1.l%u.1..J....8...&....Qw...">........../<...c.........c..N.7......}-.I.q......2..u..;5t.....%.....=.....NC..'.......Nf"..G...f;.L.}bV..j..,43q......d3.9....^...1....'........Q.....H...3..:.%E..y.1.w....P#...C................2f@"..>R..l-..IYa....3`.C.;.$.....Q\... KW&.........G ...\.............~T._J...a..B....F.5.....CB.......K3.O@.<#.......B;.4. .I..e'"....Q...? ....m..}..s...^k|.x.u......a....E.............!B..q>...\...]J.0..^U.a..p...Of..".h.f.z.D.Z...o.8U.h.B.....R.(.B[.-^t;./.&..glY..V.6Y...9.<.J.=.Fq...y......1....#.>.s.Sj.F.t.."....&..6.[_...b.rVb......]... .8.:o'.-:.v.g......P....... ..;i...8..wA.p.8N.y...pw........y..Vz.nh\.(6]...>.A.F.Y.9..a.kG....U..y8..s.iv.9.r...P4aN`r88..E|......E/.o.h.0..<..a.BM.Y.. .D;`.....:...P...V...xY.......oc"#...._.N....|F.E.{1..z...2.0.F%i1lf..^..D......m.O\Fnf.d.=zG..d.\.5.{............!...>f3P=D.....H...m.b..^.Gm!....A_o6.[.s$.i.*.]...Y.NS.8?t..-..*..C...T! L......z...v. .?..#.n.@.l...4..oU.\.(.b.p..HW~...s..l.......
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=29097984-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:32 GMT
Content-Type: application/x-msdownload
Content-Length: 449360
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29717
Content-Range: bytes 29097984-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
....N."....m.4?.d..<FeQ.....(@...N..n....7....'.`7.).....OKW.L!0.i..U....Ig..E...^8......~..{Il..5....Q.jk..f..-..]..Oo...'..~<..n&.,K.Iy.Y..J..b.....!...0.....^.....k}......j.y.-......._...D..["....jD...........f.......*.8....B.......g.......w1.B...z}L...h.y...l..(....Ze..be..o.........F#.......i.d..,....:3..n....".y..,'<P...%q...a0L.Q.. ......HF .)....S.....S....._.$Z..3..!.....y........"..2..M...`Z.|......OlB*@.)-...I..;.9Z....J.f..{..Y.. {.r.Y ]...#..P.......Bj<3... Tq.0i.....{.^A..*#...e.....O...JB`o.:csg....Uk...Z..>..h.F.....H .B..s ;* .........t9.....5H..|K.~WQC........hv.(..........>&.H..c.^.O..3>jR...6.%........GK....rT.... ..._3........S.TB.E.......~..D[(6S@....I.|U./....:.....A... ..o.......s|.b....2..mW....\...4u.v....].J.].E.v..<..<gj..c...q.......V..........t..g.e..3..S*/.z..t].."7^Eg_t.6.8..s3..U.G\7&.*.;.{._.\.tk.tX..........wB......B...Bz......|.U...J....e`..GF.....O.s. .... .;.U...D.s..U..C..._..X._.8.C.UJ.......I..].,...'C-..Q...g#(..<..Q..i.a<..,.....K...2k...z'#W=..c....V....".i.2z......J!.#.5.pi.I.c.........{.X..9E3[,..-x.D...Ob..} .o.cH.)V..o..Q...M[s........=.pX...l..........h..a ..(}..l....wL......))..1V......u3.H<........ZG.....J.EN........N.b..n.\.5..pu..F.Y.4.w..`P.O ..b..&K..K....)c .............S*.8.;.&........R8..e...5..<"....E..L03r.^...u.J^......)O.5...........d.z..#.u.7....e.@.........B....6.....&_..$.....q~.!..e.-.:.b'..%.n.v-...4...e?cE...;..o..Ki>...B.......<*.CU.|....\......Q...z\ e1dG.A..,a.o6.D.O...L..rlu.?..^....<..2T.....
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=14811136-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:18:49 GMT
Content-Type: application/x-msdownload
Content-Length: 14736208
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29674
Content-Range: bytes 14811136-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
....".M..11.Q.$|.o#.nR..&^).~..j.t(....K..D.....fbzi...5,.R.wA0.J.#.L..d.%......?9........$.'.L..M..j..o..".qFI.\.5.zU...W.#....7.... .b.D&..*ch........|L\_p..B. M..19X..P./5. .6..Q..8S<.UD.,...4.5..G?B...U....^.2.Uo:...{.Q..S.`..^`.A..>($%e^-P......BX.>Jo.P.z.T...9./t..O... ......1.,H..rpTP.L~.....n.\Q.>.s.........!;[:5.G.&...3...z..-P......... ..... 9.Q.......'...*.}&.Dc.D.QgLf....*wQ@..2...A....s...Q..S.a.....QL.m^.....T..I..O..T......l..a|/.Z.v.f2`@.........(.IW.....N....{..J....6...N....-.$.......t......g..u..o..0.FT;........._dPY.!.U..r...#..t....Mat.4L.HnVIr.p..#.g..,.E.#.Wm.l5....D5..nN5...)4Hq......8.,.??..........i.TM..^|......\.sq.....OW.@........[.......#.>nm.P{..9...It.8..F........[W.y\...;{...p.BM.H$.f...g...A.......:..H.....ON...;f...l....0VE`h..........BRh...$..X.V.~......#Wfj....ga...s..@..>`....8.h.n.9.yZ..,..).....@JM..L-7.DWw.S.y...8J..P~6.O.<>.P..G. ....-....yp............T.j.c.B..xp.;........t|.m.E...~...f`9.$X.@ ..Qs.d0...Wn.|A......f....,...f......a{<]....N@.a.....]..|=.S.T,.........Y.b......K........}.[.}..........5.Z....F........3...........7. ,.>J.a.....S.8.F{.5....;....XL6..%Uac\..H....w....4..@.9(.. .B ..a.....L....j..g. dNH.....H..e.r{.A.B.Y..z...a...........,.j..hd.f....6Tf..=..hn...R ...&.&.....O..$_...cU.L.....G..s..h.kh.FZ...Cz({......3-T.w.0GRMq............*.dA'..nlo2.,B.0..0.8s..&...A alM}*...C.@q.~C.%3.....K(&s..Kl...o.j..W.....UZ..10.c`s0{8...... ".(.&...(..\w.....Z.........4._..C...~.....`...lw..Y3...8..v....g..W~....Y...CcR:.z4a_...'.<...)
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 68
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...8........" c0205aca635d4bb7638c184e1bd81562(.2.8.@.H.P.X.` ......
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 124
...p........" c0205aca635d4bb7638c184e1bd81562(.28.....Y.5...R...^fRw?0<.3...9)...PG..m...0.OV...{f.O. DM.8.@.H.P.X.` ........
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=26607616-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:20 GMT
Content-Type: application/x-msdownload
Content-Length: 2939728
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29705
Content-Range: bytes 26607616-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
.G<.O....(b.~..E....T/..o.......]Tde(..YB.....g..C.I...%..*Scj.t:.K...Nx....-D._.aL#,.....E......a..2....g........d..j...Z.yG.&6...h......;.. .R.&...dY......y[....#...........)....!0..j...:.(I1%..{x....}u.U......O.._.7.g|......,@....'....<.).u.kF........?...~G.n..".._....e.F...S...Rh.....t}.Wh.......z.g..r.\eq......f..<..0...{F8.X.|T...:Z..?...X..G#...xlI5cW.E....%....}...k.m.qkx.\.. ,........~.....mI.t..y:.QEc%a..VA......~V.....Q.Ua...?.^...../k_....b.@....p:..ha...'.P...3X.....B.80.#.. .........LH0....k.X.r.:....C...oe9%7U.:.8.......n.(.....m`;.....`.......8.F..u'&?.D........<,.GJ.....QE.%.A.*.y...:..l%.Q...|..k.._..*O............C...s...#b.`.N...m.!qD...Lm.r..n.V.T0....) $.N..wE%......6........v^'....Kj.\.*...R3iT...tL..I..2.x...........7.'. ....d.@......p..\...OEh3.9.}^B.u... .`....?...u).m...^.NT..!..r......T..'.:.~.0.......<. .{#...z....;.t$D.?.F....5..... ...%.....6..9b~....w.:....s..lw..&...^.DmOq}1-s...D....xk-.|.&[c....<.......Z...3.O......=@.#.h.0.{....4......aDE.C8..0Zr...'...a..x..#.l'.6...tNc...@..d&.`c....&..&.4...*.,>X4...P....-0.C...30,B....44...R88.6IS&]h(6.....?.E..&. J.P./r.]{..Xq:.R`...;.._....;W6..~......<R.f6Fov^{.........g..T.N~].. .wB..T..3..I.@.....;8.........nW9....6..#..p.}....~Ko.cm....c.;.....RM.t.FL.......7..<...3.W..1,V....E}.bee$..,.........*.s.........$-...0.a9..t.w........zB....J.X`....%.T&Tq.*..):....l._U.Kb..l.uw...?i....,.}h.l!".C...{Z...i.8...G...........`;m..<W.O%F......o......"y.F.&L.M....4!~..^.n..J.H%.S.n...z...-<.n........y..*s...n4..
<<< skipped >>>
GET /client/dllw5/BDLogicUtils.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 200 OK
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:18:47 GMT
Content-Type: application/x-msdownload
Content-Length: 29547344
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29672
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U57w.TY$.TY$.TY$..'$.TY$6.$$.TY$6.7${TY$6.4$.TY$.[.$.TY$.[.$.TY$.TX$.TY$6. $UTY$6.#$.TY$6.%$.TY$.TY$.TY$6.!$.TY$Rich.TY$................PE..L....u"T...........!..... ...................0..........................................................................M...,...........x...............P....p...c...3..............................`P..@............0...............................text............ .................. ..`.rdata.......0.......0..............@..@.data...Xr.......0..................@....rsrc...x............0..............@..@.reloc..Z....p....... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
<<< skipped >>>
GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=17170432-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.1 206 Partial Content
Server: JSP3/2.0.0-b
Date: Wed, 24 Sep 2014 16:19:10 GMT
Content-Type: application/x-msdownload
Content-Length: 12376912
Connection: close
ETag: db95d0a2c92d20b05b97bce9bbc6473d
Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT
Expires: Sat, 27 Sep 2014 08:04:14 GMT
Age: 29695
Content-Range: bytes 17170432-29547343/29547344
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
x-bs-version: A1859930A384C85DB3A9A4C39561205F
x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==
x-bs-meta-crc32: 1450853511
Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d
x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==
`-Z... I..3... ....D=......c....7\.T..x...........!i..{......b.....H.....h.flzE........!..C.h.8j[/....a}~%]t..,.....q..d..$c;......]=\......QJ.g.....|.....?....(JM*..^..!..h..{..k.....$c...ud..>.!....,........Bf{;...q|?......-'.H...4y.v....c........V........)..........@e>=7.f.C....8.....F....'4. ?'...S..Zs.l.g...L..s.43.wJ.x.X....3r..}.z.H.m.F..Jt0..uzp.....`..A.G..FB6.t...e!,eK..}.;.....\....p...K\.Sq1... ...Q'.t.7J.3..46...i5...E?..........;..c...3d2......k..].P..].x.Yi...z.....S...X}......2......sQ.@m..:....l.z..$z{~R(.T.. 0........X$.v*./....OZ...m......%........".B?...u........-0.Y..lKx^...\.>.4...\S8..l.B5....y].?9E.....<k..:.Br...1...E.p....i...._...ECv..j.N./.b\-.jn...b............). ^.s>.o...xw....2%..G..........uO.cB.\....b#...-)z~^.C.c.....-...]..`...Y=...X._.G...7..t:..,._.v.<]EggL.u..............;.....4......5RM...,.....T(. W..f...[..,.aHn.'....S..V.....h..07yn.qggP#v#W[5......G.....\.gm....3....H..|D...&.bE~.....;....'..m.........Le.j.}~..ZE2..|QG.T'.0.....$K ,...........j.&.q'..)..u..&.....)|D..}...R....Kv.;._=....POk..W.&..] %m.`J..`...C......S.......}..?...s3...e..-G.....b.T*...n?MJ.k...vf........>.0@.w...VE...D.de..~.O.....9.BfrT......J.C.!4s.'[p..p.E.....C.......@.k3p.I......J.f.....t.F..;.4.@|F.P.o...k.(......*.h....tN.&.................-q.....Z-H..I.....y},..GK..X..<r...........L..QI..X&.4.cf...^.....]CB....D...z[?DQ%..8y..e.U.?R.Wf.N,X.zh.\.R.....}.|i.U.:...............bR.,..&..Q..S.k....H..O`...nYE.2P,....pZ=....o.]..-R...........x`:.z.;$.*.....y}........CW..6Z..I.
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 228
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...p........" c0205aca635d4bb7638c184e1bd81562(.28.....Y.5...R...^fRw?0<.3...9)...PG.m...0.OV...{f.O. DM.8.@.H.P.X.` ...h.%h...C}.K{T\QZa.L.`. .P!..~...L.<4.av.P.#....w..p.U...Q..Kk.b...].....=....3.pj....n.Z.o.&M.Ao.=/....N.V.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 140
...p........" c0205aca635d4bb7638c184e1bd81562(.28.....Y.5...R...^fRw?0<.3...9)...PG..m...0.OV...{f.O. DM.8.@.H.P.X.` .....%........o`H.BE7.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 140.....p........" c0205aca635d4bb7638c184e1bd81562(.28.....Y.5...R...^fRw?0<.3...9)...PG..m...0.OV...{f.O. DM.8.@.H.P.X.` .....%........o`H.BE7...
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_1344:
.text
.text
`.rdata
`.rdata
@.data
@.data
.ndata
.ndata
.rsrc
.rsrc
@.reloc
@.reloc
RegDeleteKeyExW
RegDeleteKeyExW
Kernel32.DLL
Kernel32.DLL
PSAPI.DLL
PSAPI.DLL
%s=%s
%s=%s
GetWindowsDirectoryW
GetWindowsDirectoryW
KERNEL32.dll
KERNEL32.dll
ExitWindowsEx
ExitWindowsEx
GetAsyncKeyState
GetAsyncKeyState
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
SHFileOperationW
SHFileOperationW
ShellExecuteW
ShellExecuteW
SHELL32.dll
SHELL32.dll
RegDeleteKeyW
RegDeleteKeyW
RegCloseKey
RegCloseKey
RegEnumKeyW
RegEnumKeyW
RegOpenKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCreateKeyExW
ADVAPI32.dll
ADVAPI32.dll
COMCTL32.dll
COMCTL32.dll
ole32.dll
ole32.dll
VERSION.dll
VERSION.dll
.knjZL
.knjZL
3$3,383\3|3
3$3,383\3|3
Thawte Certification1
Thawte Certification1
hXXp://ocsp.thawte.com0
hXXp://ocsp.thawte.com0
.hXXp://crl.thawte.com/ThawteTimestampingCA.crl0
.hXXp://crl.thawte.com/ThawteTimestampingCA.crl0
hXXp://ts-ocsp.ws.symantec.com07
hXXp://ts-ocsp.ws.symantec.com07
hXXp://ts-aia.ws.symantec.com/tss-ca-g2.cer0
hXXp://ts-aia.ws.symantec.com/tss-ca-g2.cer0
hXXp://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
hXXp://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
.Class 3 Public Primary Certification Authority0
.Class 3 Public Primary Certification Authority0
hXXp://crl.verisign.com/pca3.crl0
hXXp://crl.verisign.com/pca3.crl0
hXXps://VVV.verisign.com/cps0
hXXps://VVV.verisign.com/cps0
#hXXp://logo.verisign.com/vslogo.gif04
#hXXp://logo.verisign.com/vslogo.gif04
hXXp://ocsp.verisign.com0>
hXXp://ocsp.verisign.com0>
DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
n.aAHu
n.aAHu
2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,
2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,
2Beijing baidu Netcom science and technology co.ltd1>0
2Beijing baidu Netcom science and technology co.ltd1>0
2Beijing baidu Netcom science and technology co.ltd0
2Beijing baidu Netcom science and technology co.ltd0
/hXXp://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
/hXXp://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
hXXps://VVV.verisign.com/rpa0
hXXps://VVV.verisign.com/rpa0
hXXp://ocsp.verisign.com0;
hXXp://ocsp.verisign.com0;
/hXXp://csc3-2010-aia.verisign.com/CSC3-2010.cer0
/hXXp://csc3-2010-aia.verisign.com/CSC3-2010.cer0
hXXps://VVV.verisign.com/cps0*
hXXps://VVV.verisign.com/cps0*
#hXXp://crl.verisign.com/pca3-g5.crl04
#hXXp://crl.verisign.com/pca3-g5.crl04
hXXp://ocsp.verisign.com0
hXXp://ocsp.verisign.com0
BBB.DDD
BBB.DDD
4&;6;];};
4&;6;];};
Nullsoft Install System v2.46.5-Unicode
Nullsoft Install System v2.46.5-Unicode
logging set to %d
logging set to %d
settings logging to %d
settings logging to %d
created uninstaller: %d, "%s"
created uninstaller: %d, "%s"
WriteReg: error creating key "%s\%s"
WriteReg: error creating key "%s\%s"
WriteReg: error writing into "%s\%s" "%s"
WriteReg: error writing into "%s\%s" "%s"
WriteRegBin: "%s\%s" "%s"="%s"
WriteRegBin: "%s\%s" "%s"="%s"
WriteRegDWORD: "%s\%s" "%s"="0xx"
WriteRegDWORD: "%s\%s" "%s"="0xx"
WriteRegExpandStr: "%s\%s" "%s"="%s"
WriteRegExpandStr: "%s\%s" "%s"="%s"
WriteRegStr: "%s\%s" "%s"="%s"
WriteRegStr: "%s\%s" "%s"="%s"
DeleteRegKey: "%s\%s"
DeleteRegKey: "%s\%s"
DeleteRegValue: "%s\%s" "%s"
DeleteRegValue: "%s\%s" "%s"
WriteINIStr: wrote [%s] %s=%s in %s
WriteINIStr: wrote [%s] %s=%s in %s
CopyFiles "%s"->"%s"
CopyFiles "%s"->"%s"
CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
Error registering DLL: Could not load %s
Error registering DLL: Could not load %s
Error registering DLL: %s not found in %s
Error registering DLL: %s not found in %s
GetTTFFontName(%s) returned %s
GetTTFFontName(%s) returned %s
GetTTFVersionString(%s) returned %s
GetTTFVersionString(%s) returned %s
Exec: failed createprocess ("%s")
Exec: failed createprocess ("%s")
Exec: success ("%s")
Exec: success ("%s")
Exec: command="%s"
Exec: command="%s"
ExecShell: success ("%s": file:"%s" params:"%s")
ExecShell: success ("%s": file:"%s" params:"%s")
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
Exch: stack
Exch: stack
RMDir: "%s"
RMDir: "%s"
MessageBox: %d,"%s"
MessageBox: %d,"%s"
Delete: "%s"
Delete: "%s"
File: wrote %d to "%s"
File: wrote %d to "%s"
File: skipped: "%s" (overwriteflag=%d)
File: skipped: "%s" (overwriteflag=%d)
File: error creating "%s"
File: error creating "%s"
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
Rename failed: %s
Rename failed: %s
Rename on reboot: %s
Rename on reboot: %s
Rename: %s
Rename: %s
IfFileExists: file "%s" does not exist, jumping %d
IfFileExists: file "%s" does not exist, jumping %d
IfFileExists: file "%s" exists, jumping %d
IfFileExists: file "%s" exists, jumping %d
CreateDirectory: "%s" created
CreateDirectory: "%s" created
CreateDirectory: can't create "%s" - a file already exists
CreateDirectory: can't create "%s" - a file already exists
CreateDirectory: can't create "%s" (err=%d)
CreateDirectory: can't create "%s" (err=%d)
CreateDirectory: "%s" (%d)
CreateDirectory: "%s" (%d)
SetFileAttributes: "%s":X
SetFileAttributes: "%s":X
Sleep(%d)
Sleep(%d)
detailprint: %s
detailprint: %s
Call: %d
Call: %d
Aborting: "%s"
Aborting: "%s"
Jump: %d
Jump: %d
verifying installer: %d%%
verifying installer: %d%%
unpacking data: %d%%
unpacking data: %d%%
... %d%%
... %d%%
hXXp://nsis.sf.net/NSIS_Error
hXXp://nsis.sf.net/NSIS_Error
~nsu.tmp
~nsu.tmp
install.log
install.log
%u.%u%s%s
%u.%u%s%s
Skipping section: "%s"
Skipping section: "%s"
Section: "%s"
Section: "%s"
New install of "%s" to "%s"
New install of "%s" to "%s"
.DEFAULT\Control Panel\International
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
*?|/":
*?|/":
invalid registry key
invalid registry key
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
x%c
x%c
RMDir: RemoveDirectory failed("%s")
RMDir: RemoveDirectory failed("%s")
RMDir: RemoveDirectory on Reboot("%s")
RMDir: RemoveDirectory on Reboot("%s")
RMDir: RemoveDirectory("%s")
RMDir: RemoveDirectory("%s")
RMDir: RemoveDirectory invalid input("%s")
RMDir: RemoveDirectory invalid input("%s")
Delete: DeleteFile failed("%s")
Delete: DeleteFile failed("%s")
Delete: DeleteFile on Reboot("%s")
Delete: DeleteFile on Reboot("%s")
Delete: DeleteFile("%s")
Delete: DeleteFile("%s")
%s: failed opening file "%s"
%s: failed opening file "%s"
LOCALS~1\Temp\nsmB4.tmp\tmpmdszir.dll
LOCALS~1\Temp\nsmB4.tmp\tmpmdszir.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsmB4.tmp\tmpmdszir.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsmB4.tmp\tmpmdszir.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsmB4.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsmB4.tmp
Nullsoft Install System v2.46.5-Unicode
Nullsoft Install System v2.46.5-Unicode
%Program Files%\
%Program Files%\
smB4.tmp
smB4.tmp
File: skipped: "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsmB4.tmp\tmpmdszir.dll" (overwriteflag=1)
File: skipped: "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsmB4.tmp\tmpmdszir.dll" (overwriteflag=1)
p\tmpmdszir.dll"
p\tmpmdszir.dll"
1376516
1376516
\%original file name%.exe
\%original file name%.exe
c:\%original file name%.exe
c:\%original file name%.exe
%Program Files%\Baidu\BaiduAn
%Program Files%\Baidu\BaiduAn
%original file name%.exe
%original file name%.exe
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsrB2.tmp
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsrB2.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
-586546794
-586546794
1.0.385.633
1.0.385.633
BaiduAnSvc.exe_220:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
T$xRSSh
T$xRSSh
;9u.SWj
;9u.SWj
8.uwS
8.uwS
n<.ut>
n<.ut>
..\src\google\protobuf\message_lite.cc
..\src\google\protobuf\message_lite.cc
CHECK failed: !coded_out.HadError():
CHECK failed: !coded_out.HadError():
%d.%d.%d
%d.%d.%d
libprotobuf %s %s:%d] %s
libprotobuf %s %s:%d] %s
..\src\google\protobuf\stubs\common.cc
..\src\google\protobuf\stubs\common.cc
CHECK failed: (from.GetDescriptor()) == (descriptor):
CHECK failed: (from.GetDescriptor()) == (descriptor):
..\src\google\protobuf\message.cc
..\src\google\protobuf\message.cc
: Tried to copy from a message with a different type.to:
: Tried to copy from a message with a different type.to:
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\generated_message_reflection.cc
..\src\google\protobuf\generated_message_reflection.cc
..\src\google\protobuf\wire_format.cc
..\src\google\protobuf\wire_format.cc
..\src\google\protobuf\reflection_ops.cc
..\src\google\protobuf\reflection_ops.cc
..\src\google\protobuf\descriptor.cc
..\src\google\protobuf\descriptor.cc
". To use it here, please add the necessary import.
". To use it here, please add the necessary import.
", which is not imported by "
", which is not imported by "
$0$1 = $2
$0$1 = $2
$0$1 $2 $3 = $4
$0$1 $2 $3 = $4
.PLACEHOLDER_VALUE
.PLACEHOLDER_VALUE
.placeholder.proto
.placeholder.proto
map key must name a scalar or string field.
map key must name a scalar or string field.
map_key must not name a repeated field.
map_key must not name a repeated field.
CHECK failed: dynamic.get() != NULL:
CHECK failed: dynamic.get() != NULL:
.foo = value".
.foo = value".
.dummy
.dummy
FieldDescriptorProto.extendee set for non-extension field.
FieldDescriptorProto.extendee set for non-extension field.
FieldDescriptorProto.extendee not set for extension field.
FieldDescriptorProto.extendee not set for extension field.
Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "
Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "
CHECK failed: !out.HadError():
CHECK failed: !out.HadError():
" is repeated. Repeated options are not supported.
" is repeated. Repeated options are not supported.
Import "
Import "
Missing field: FileDescriptorProto.name.
Missing field: FileDescriptorProto.name.
File recursively imports itself:
File recursively imports itself:
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
\xx
\xx
..\src\google\protobuf\stubs\strutil.cc
..\src\google\protobuf\stubs\strutil.cc
..\src\google\protobuf\extension_set.cc
..\src\google\protobuf\extension_set.cc
CHECK failed: iter != extensions_.end():
CHECK failed: iter != extensions_.end():
..\src\google\protobuf\extension_set_heavy.cc
..\src\google\protobuf\extension_set_heavy.cc
..\src\google\protobuf\descriptor.pb.cc
..\src\google\protobuf\descriptor.pb.cc
google/protobuf/descriptor.proto
google/protobuf/descriptor.proto
google/protobuf/descriptor.proto
google/protobuf/descriptor.proto
google.protobuf"G
google.protobuf"G
2$.google.protobuf.FileDescriptorProto"
2$.google.protobuf.FileDescriptorProto"
2 .google.protobuf.DescriptorProto
2 .google.protobuf.DescriptorProto
2$.google.protobuf.EnumDescriptorProto
2$.google.protobuf.EnumDescriptorProto
2'.google.protobuf.ServiceDescriptorProto
2'.google.protobuf.ServiceDescriptorProto
2%.google.protobuf.FieldDescriptorProto
2%.google.protobuf.FieldDescriptorProto
.google.protobuf.FileOptions
.google.protobuf.FileOptions
.google.protobuf.SourceCodeInfo"
.google.protobuf.SourceCodeInfo"
2/.google.protobuf.DescriptorProto.ExtensionRange
2/.google.protobuf.DescriptorProto.ExtensionRange
.google.protobuf.MessageOptions
.google.protobuf.MessageOptions
2 .google.protobuf.FieldDescriptorProto.Label
2 .google.protobuf.FieldDescriptorProto.Label
2*.google.protobuf.FieldDescriptorProto.Type
2*.google.protobuf.FieldDescriptorProto.Type
.google.protobuf.FieldOptions"
.google.protobuf.FieldOptions"
2).google.protobuf.EnumValueDescriptorProto
2).google.protobuf.EnumValueDescriptorProto
.google.protobuf.EnumOptions"l
.google.protobuf.EnumOptions"l
2!.google.protobuf.EnumValueOptions"
2!.google.protobuf.EnumValueOptions"
2&.google.protobuf.MethodDescriptorProto
2&.google.protobuf.MethodDescriptorProto
.google.protobuf.ServiceOptions"
.google.protobuf.ServiceOptions"
.google.protobuf.MethodOptions"
.google.protobuf.MethodOptions"
2).google.protobuf.FileOptions.OptimizeMode:
2).google.protobuf.FileOptions.OptimizeMode:
2$.google.protobuf.UninterpretedOption":
2$.google.protobuf.UninterpretedOption":
2$.google.protobuf.UninterpretedOption*
2$.google.protobuf.UninterpretedOption*
2#.google.protobuf.FieldOptions.CType:
2#.google.protobuf.FieldOptions.CType:
experimental_map_key
experimental_map_key
2$.google.protobuf.UninterpretedOption"/
2$.google.protobuf.UninterpretedOption"/
2-.google.protobuf.UninterpretedOption.NamePart
2-.google.protobuf.UninterpretedOption.NamePart
2(.google.protobuf.SourceCodeInfo.Location
2(.google.protobuf.SourceCodeInfo.Location
com.google.protobufB
com.google.protobufB
Tokenizer::ParseInteger() passed text that could not have been tokenized as an integer:
Tokenizer::ParseInteger() passed text that could not have been tokenized as an integer:
..\src\google\protobuf\io\tokenizer.cc
..\src\google\protobuf\io\tokenizer.cc
Tokenizer::ParseFloat() passed text that could not have been tokenized as a float:
Tokenizer::ParseFloat() passed text that could not have been tokenized as a float:
Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:
Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:
..\src\google\protobuf\stubs\substitute.cc
..\src\google\protobuf\stubs\substitute.cc
..\src\google\protobuf\dynamic_message.cc
..\src\google\protobuf\dynamic_message.cc
..\src\google\protobuf\text_format.cc
..\src\google\protobuf\text_format.cc
..\src\google\protobuf\descriptor_database.cc
..\src\google\protobuf\descriptor_database.cc
Invalid file descriptor data passed to EncodedDescriptorDatabase::Add().
Invalid file descriptor data passed to EncodedDescriptorDatabase::Add().
{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}
{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}
c:\clientci\workspace\bdm_v2.3fix_compile\stable_proj\include\thirdInclude\google/protobuf/repeated_field.h
c:\clientci\workspace\bdm_v2.3fix_compile\stable_proj\include\thirdInclude\google/protobuf/repeated_field.h
config_service.proto
config_service.proto
.\BDMConfig\Protocol\config_service.pb.cc
.\BDMConfig\Protocol\config_service.pb.cc
config_service.proto"(
config_service.proto"(
cmd_list
cmd_list
.ConfigItem"@
.ConfigItem"@
.ResultSet
.ResultSet
Content-Length:%d
Content-Length:%d
s.x.baidu.com
s.x.baidu.com
c:\clientci\workspace\bdm_v2.3fix_compile\main_proj\Source\MiniUpdate\thirdparty\google/protobuf/repeated_field.h
c:\clientci\workspace\bdm_v2.3fix_compile\main_proj\Source\MiniUpdate\thirdparty\google/protobuf/repeated_field.h
c:\clientci\workspace\bdm_v2.3fix_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp
c:\clientci\workspace\bdm_v2.3fix_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp
.\update.pb.cc
.\update.pb.cc
%s:%u
%s:%u
1.0.0.1
1.0.0.1
.\header.pb.cc
.\header.pb.cc
%u.%u.%u.%u
%u.%u.%u.%u
addr %s not good...
addr %s not good...
Unsupported Media Type
Unsupported Media Type
HTTP Version not supported
HTTP Version not supported
HTTP/1.0
HTTP/1.0
HTTP/1.1
HTTP/1.1
https
https
ftpes
ftpes
ftps
ftps
tftp
tftp
% ;?:@=&,$/-_!.~*()
% ;?:@=&,$/-_!.~*()
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
%s\Connection
%s\Connection
c:\clientci\workspace\bdm_v2.3fix_compile\basic\Output\BinRelease\BaiduAnSvc.pdb
c:\clientci\workspace\bdm_v2.3fix_compile\basic\Output\BinRelease\BaiduAnSvc.pdb
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
BDLogicUtils.dll
BDLogicUtils.dll
?BDMGetWindowsVersion@BDMMisc@@YAHAAKPA_WH@Z
?BDMGetWindowsVersion@BDMMisc@@YAHAAKPA_WH@Z
BDMBase.dll
BDMBase.dll
?GetWindowsDirectoryW@utils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetWindowsDirectoryW@utils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
BDMFrameWork.dll
BDMFrameWork.dll
BDMStringUtils.dll
BDMStringUtils.dll
?BDMMsgGetModule@@YGJPAPAX@Z
?BDMMsgGetModule@@YGJPAPAX@Z
BDMMsg.dll
BDMMsg.dll
BDMSkin.dll
BDMSkin.dll
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
ADVAPI32.dll
ADVAPI32.dll
SHFileOperationW
SHFileOperationW
ShellExecuteExW
ShellExecuteExW
ShellExecuteW
ShellExecuteW
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
MSVCP80.dll
MSVCP80.dll
PSAPI.DLL
PSAPI.DLL
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
MSVCR80.dll
MSVCR80.dll
_amsg_exit
_amsg_exit
_crt_debugger_hook
_crt_debugger_hook
USERENV.dll
USERENV.dll
WTSAPI32.dll
WTSAPI32.dll
HttpSendRequestW
HttpSendRequestW
InternetCrackUrlW
InternetCrackUrlW
HttpOpenRequestW
HttpOpenRequestW
HttpQueryInfoW
HttpQueryInfoW
WININET.dll
WININET.dll
NETAPI32.dll
NETAPI32.dll
BDMTinyXml.dll
BDMTinyXml.dll
RegOpenKeyExA
RegOpenKeyExA
BaiduAnSvc.exe
BaiduAnSvc.exe
.?AV?$CSingleton@VCRtpPluginContainer@@@BDMBase@@
.?AV?$CSingleton@VCRtpPluginContainer@@@BDMBase@@
.?AVCRtpPluginContainer@@
.?AVCRtpPluginContainer@@
.?AV?$CSingleton@VCRTPServer@@@utils@@
.?AV?$CSingleton@VCRTPServer@@@utils@@
.?AVCRTPServer@@
.?AVCRTPServer@@
.?AVCBDMOptionsReportRecord@@
.?AVCBDMOptionsReportRecord@@
.?AVCBDMLauchReportRecord@@
.?AVCBDMLauchReportRecord@@
.?AVCCmdPluginLauncher@@
.?AVCCmdPluginLauncher@@
.?AVCExePluginLauncher@@
.?AVCExePluginLauncher@@
.?AVIPluginCmdExecutor@@
.?AVIPluginCmdExecutor@@
.?AUPluginInfoPassiveSaver@@
.?AUPluginInfoPassiveSaver@@
.?AVheader@http@bena@@
.?AVheader@http@bena@@
.?AVresponse@http@bena@@
.?AVresponse@http@bena@@
.?AVrequest@http@bena@@
.?AVrequest@http@bena@@
ÿF=
ÿF=
5%6s6
5%6s6
7 828=8{8
7 828=8{8
;'
;'
4%5X5b5w5
4%5X5b5w5
8!8'8-838
8!8'8-838
050=0"151
050=0"151
9!:4:]:|:
9!:4:]:|:
5h6D6~6s7
5h6D6~6s7
2%3U3
2%3U3
2&2-2:2?2
2&2-2:2?2
> >$>(>,>0>4>8>
> >$>(>,>0>4>8>
4 4$4(4,40444]4
4 4$4(4,40444]4
5"6 656]6
5"6 656]6
1$2-23292
1$2-23292
8%9U9z9
8%9U9z9
0%0U0u0
0%0U0u0
5 5$5(5,5054585
5 5$5(5,5054585
9 9$9(9,9094989
9 9$9(9,9094989
1 1$1(1,10181|1
1 1$1(1,10181|1
\PluginSetup.xml
\PluginSetup.xml
/handle=%d /supplyid=%d /installmode=2 /S /D=%s
/handle=%d /supplyid=%d /installmode=2 /S /D=%s
BDMDownload.dll
BDMDownload.dll
PackCache.xml
PackCache.xml
##cmd:
##cmd:
UninstalledPlugins.xml
UninstalledPlugins.xml
%d.%d
%d.%d
\GlobalPluginInfo.xml
\GlobalPluginInfo.xml
\LocalPluginInfo.xml
\LocalPluginInfo.xml
\HotPlugins.xml
\HotPlugins.xml
\HotPlugin.bnr
\HotPlugin.bnr
PluginSetup.xml
PluginSetup.xml
explorer.exe
explorer.exe
winlogon.exe
winlogon.exe
SOFTWARE\Microsoft\Windows\CurrentVersion
SOFTWARE\Microsoft\Windows\CurrentVersion
ntdll.dll
ntdll.dll
BaiduAnTray.exe
BaiduAnTray.exe
"{0}\{1}" {2}
"{0}\{1}" {2}
SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
EXPLORER.EXE
EXPLORER.EXE
BaiduAn.exe
BaiduAn.exe
BaiduAnUpdate.exe
BaiduAnUpdate.exe
BaiduAnBugRpt.exe
BaiduAnBugRpt.exe
Global\BDMMutex{B2F10594-7119-4649-9326-AF1890C5CE56}
Global\BDMMutex{B2F10594-7119-4649-9326-AF1890C5CE56}
BDAFileHelper.exe
BDAFileHelper.exe
Global\BDMEvent{8C345A9A-F601-405d-AB4A-B459CD5E369E}
Global\BDMEvent{8C345A9A-F601-405d-AB4A-B459CD5E369E}
BDALeakfixer.exe
BDALeakfixer.exe
Global\TBD_SERVICE_{4A9CAFF9-6834-419c-AFB1-139AC49FF55E}
Global\TBD_SERVICE_{4A9CAFF9-6834-419c-AFB1-139AC49FF55E}
\\.\pipe\{B99F6A00-E6C9-4253-9708-C6EFB939FD53}
\\.\pipe\{B99F6A00-E6C9-4253-9708-C6EFB939FD53}
BDASoftmgr.exe
BDASoftmgr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduAn
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduAn
\RTPPlugins\RtpContainerConfig.xml
\RTPPlugins\RtpContainerConfig.xml
C:\test.exe
C:\test.exe
d-d-d d:d:d d
d-d-d d:d:d d
d:d:d
d:d:d
%s(%d)
%s(%d)
Last Error : %u(%s)
Last Error : %u(%s)
Global\BDMMutex{32EB1BC7-A5CD-4356-A6B1-54D7BF690CA7}
Global\BDMMutex{32EB1BC7-A5CD-4356-A6B1-54D7BF690CA7}
Global\{74B41C93-AC9A-4a9e-85E0-27A02EA509FA}
Global\{74B41C93-AC9A-4a9e-85E0-27A02EA509FA}
BDMNet.dll
BDMNet.dll
BDMUPDATE_{626ADED9-5989-4e97-A482-09AC95C17D47}
BDMUPDATE_{626ADED9-5989-4e97-A482-09AC95C17D47}
BDMUpdate.dll
BDMUpdate.dll
.bdtmp
.bdtmp
.old_
.old_
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0
kernel32.dll
kernel32.dll
\Global.db
\Global.db
Diphlpapi.dll
Diphlpapi.dll
D\\.\PhysicalDrive%d
D\\.\PhysicalDrive%d
\\.\Scsi%d:
\\.\Scsi%d:
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\Config\
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\Config\
2.3.0.2224
2.3.0.2224
BaiduanSvc.exe
BaiduanSvc.exe
BaiduAnTray.exe_2280:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
u%SVW
u%SVW
;9u.SWj
;9u.SWj
8.uwS
8.uwS
n<.ut>
n<.ut>
;:u.SWj
;:u.SWj
SSSSSh
SSSSSh
L$.UQf
L$.UQf
%D|MJC|
%D|MJC|
%d.%d.%d
%d.%d.%d
libprotobuf %s %s:%d] %s
libprotobuf %s %s:%d] %s
..\src\google\protobuf\stubs\common.cc
..\src\google\protobuf\stubs\common.cc
..\src\google\protobuf\message_lite.cc
..\src\google\protobuf\message_lite.cc
CHECK failed: !coded_out.HadError():
CHECK failed: !coded_out.HadError():
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\io\coded_stream.cc
CHECK failed: (from.GetDescriptor()) == (descriptor):
CHECK failed: (from.GetDescriptor()) == (descriptor):
..\src\google\protobuf\message.cc
..\src\google\protobuf\message.cc
: Tried to copy from a message with a different type.to:
: Tried to copy from a message with a different type.to:
..\src\google\protobuf\wire_format.cc
..\src\google\protobuf\wire_format.cc
..\src\google\protobuf\reflection_ops.cc
..\src\google\protobuf\reflection_ops.cc
..\src\google\protobuf\generated_message_reflection.cc
..\src\google\protobuf\generated_message_reflection.cc
..\src\google\protobuf\descriptor.cc
..\src\google\protobuf\descriptor.cc
". To use it here, please add the necessary import.
". To use it here, please add the necessary import.
", which is not imported by "
", which is not imported by "
$0$1 = $2
$0$1 = $2
$0$1 $2 $3 = $4
$0$1 $2 $3 = $4
.PLACEHOLDER_VALUE
.PLACEHOLDER_VALUE
.placeholder.proto
.placeholder.proto
map key must name a scalar or string field.
map key must name a scalar or string field.
map_key must not name a repeated field.
map_key must not name a repeated field.
CHECK failed: dynamic.get() != NULL:
CHECK failed: dynamic.get() != NULL:
.foo = value".
.foo = value".
.dummy
.dummy
FieldDescriptorProto.extendee set for non-extension field.
FieldDescriptorProto.extendee set for non-extension field.
FieldDescriptorProto.extendee not set for extension field.
FieldDescriptorProto.extendee not set for extension field.
Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "
Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "
CHECK failed: !out.HadError():
CHECK failed: !out.HadError():
" is repeated. Repeated options are not supported.
" is repeated. Repeated options are not supported.
Import "
Import "
Missing field: FileDescriptorProto.name.
Missing field: FileDescriptorProto.name.
File recursively imports itself:
File recursively imports itself:
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
\xx
\xx
..\src\google\protobuf\stubs\strutil.cc
..\src\google\protobuf\stubs\strutil.cc
..\src\google\protobuf\extension_set.cc
..\src\google\protobuf\extension_set.cc
CHECK failed: iter != extensions_.end():
CHECK failed: iter != extensions_.end():
..\src\google\protobuf\extension_set_heavy.cc
..\src\google\protobuf\extension_set_heavy.cc
..\src\google\protobuf\descriptor.pb.cc
..\src\google\protobuf\descriptor.pb.cc
google/protobuf/descriptor.proto
google/protobuf/descriptor.proto
google/protobuf/descriptor.proto
google/protobuf/descriptor.proto
google.protobuf"G
google.protobuf"G
2$.google.protobuf.FileDescriptorProto"
2$.google.protobuf.FileDescriptorProto"
2 .google.protobuf.DescriptorProto
2 .google.protobuf.DescriptorProto
2$.google.protobuf.EnumDescriptorProto
2$.google.protobuf.EnumDescriptorProto
2'.google.protobuf.ServiceDescriptorProto
2'.google.protobuf.ServiceDescriptorProto
2%.google.protobuf.FieldDescriptorProto
2%.google.protobuf.FieldDescriptorProto
.google.protobuf.FileOptions
.google.protobuf.FileOptions
.google.protobuf.SourceCodeInfo"
.google.protobuf.SourceCodeInfo"
2/.google.protobuf.DescriptorProto.ExtensionRange
2/.google.protobuf.DescriptorProto.ExtensionRange
.google.protobuf.MessageOptions
.google.protobuf.MessageOptions
2 .google.protobuf.FieldDescriptorProto.Label
2 .google.protobuf.FieldDescriptorProto.Label
2*.google.protobuf.FieldDescriptorProto.Type
2*.google.protobuf.FieldDescriptorProto.Type
.google.protobuf.FieldOptions"
.google.protobuf.FieldOptions"
2).google.protobuf.EnumValueDescriptorProto
2).google.protobuf.EnumValueDescriptorProto
.google.protobuf.EnumOptions"l
.google.protobuf.EnumOptions"l
2!.google.protobuf.EnumValueOptions"
2!.google.protobuf.EnumValueOptions"
2&.google.protobuf.MethodDescriptorProto
2&.google.protobuf.MethodDescriptorProto
.google.protobuf.ServiceOptions"
.google.protobuf.ServiceOptions"
.google.protobuf.MethodOptions"
.google.protobuf.MethodOptions"
2).google.protobuf.FileOptions.OptimizeMode:
2).google.protobuf.FileOptions.OptimizeMode:
2$.google.protobuf.UninterpretedOption":
2$.google.protobuf.UninterpretedOption":
2$.google.protobuf.UninterpretedOption*
2$.google.protobuf.UninterpretedOption*
2#.google.protobuf.FieldOptions.CType:
2#.google.protobuf.FieldOptions.CType:
experimental_map_key
experimental_map_key
2$.google.protobuf.UninterpretedOption"/
2$.google.protobuf.UninterpretedOption"/
2-.google.protobuf.UninterpretedOption.NamePart
2-.google.protobuf.UninterpretedOption.NamePart
2(.google.protobuf.SourceCodeInfo.Location
2(.google.protobuf.SourceCodeInfo.Location
com.google.protobufB
com.google.protobufB
Tokenizer::ParseInteger() passed text that could not have been tokenized as an integer:
Tokenizer::ParseInteger() passed text that could not have been tokenized as an integer:
..\src\google\protobuf\io\tokenizer.cc
..\src\google\protobuf\io\tokenizer.cc
Tokenizer::ParseFloat() passed text that could not have been tokenized as a float:
Tokenizer::ParseFloat() passed text that could not have been tokenized as a float:
Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:
Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:
..\src\google\protobuf\stubs\substitute.cc
..\src\google\protobuf\stubs\substitute.cc
..\src\google\protobuf\dynamic_message.cc
..\src\google\protobuf\dynamic_message.cc
..\src\google\protobuf\text_format.cc
..\src\google\protobuf\text_format.cc
..\src\google\protobuf\descriptor_database.cc
..\src\google\protobuf\descriptor_database.cc
Invalid file descriptor data passed to EncodedDescriptorDatabase::Add().
Invalid file descriptor data passed to EncodedDescriptorDatabase::Add().
unsupported version
unsupported version
inflate 1.2.5 Copyright 1995-2010 Mark Adler
inflate 1.2.5 Copyright 1995-2010 Mark Adler
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
1.2.5
1.2.5
{C6642F75-8DBE-473d-A98B-940F84EF702C}
{C6642F75-8DBE-473d-A98B-940F84EF702C}
.\Global\ReportBase\msg.pb.cc
.\Global\ReportBase\msg.pb.cc
datapkg.FieldsList
datapkg.FieldsList
datapkg.DataType
datapkg.DataType
CreateReportClient
CreateReportClient
ReleaseReportClient
ReleaseReportClient
{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}
{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}
kernel32.dll
kernel32.dll
.\filedispatch\FileDispatch.pb.cc
.\filedispatch\FileDispatch.pb.cc
c:\clientci\workspace\bdm_v2.3fix_compile\stable_proj\include\thirdInclude\google/protobuf/repeated_field.h
c:\clientci\workspace\bdm_v2.3fix_compile\stable_proj\include\thirdInclude\google/protobuf/repeated_field.h
config_service.proto
config_service.proto
.\BDMConfig\Protocol\config_service.pb.cc
.\BDMConfig\Protocol\config_service.pb.cc
config_service.proto"(
config_service.proto"(
cmd_list
cmd_list
.ConfigItem"@
.ConfigItem"@
.ResultSet
.ResultSet
Content-Length:%d
Content-Length:%d
s.x.baidu.com
s.x.baidu.com
c:\clientci\workspace\bdm_v2.3fix_compile\main_proj\Source\MiniUpdate\thirdparty\google/protobuf/repeated_field.h
c:\clientci\workspace\bdm_v2.3fix_compile\main_proj\Source\MiniUpdate\thirdparty\google/protobuf/repeated_field.h
c:\clientci\workspace\bdm_v2.3fix_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp
c:\clientci\workspace\bdm_v2.3fix_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp
.\update.pb.cc
.\update.pb.cc
%s:%u
%s:%u
%u.%u.%u.%u
%u.%u.%u.%u
addr %s not good...
addr %s not good...
Unsupported Media Type
Unsupported Media Type
HTTP Version not supported
HTTP Version not supported
HTTP/1.0
HTTP/1.0
HTTP/1.1
HTTP/1.1
1.0.0.1
1.0.0.1
.\header.pb.cc
.\header.pb.cc
https
https
ftpes
ftpes
ftps
ftps
tftp
tftp
% ;?:@=&,$/-_!.~*()
% ;?:@=&,$/-_!.~*()
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
%s\Connection
%s\Connection
c:\clientci\workspace\bdm_v2.3fix_compile\basic\Output\BinRelease\BaiduAnTray.pdb
c:\clientci\workspace\bdm_v2.3fix_compile\basic\Output\BinRelease\BaiduAnTray.pdb
BDMSkin.dll
BDMSkin.dll
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
BDLogicUtils.dll
BDLogicUtils.dll
?BDMRegSmartCreateKey@BDMRegisterUtils@@YAHPB_WKPAPAUHKEY__@@PAK@Z
?BDMRegSmartCreateKey@BDMRegisterUtils@@YAHPB_WKPAPAUHKEY__@@PAK@Z
?BDMGetWindowsVersion@BDMMisc@@YAHAAKPA_WH@Z
?BDMGetWindowsVersion@BDMMisc@@YAHAAKPA_WH@Z
BDMBase.dll
BDMBase.dll
?GetWindowsDirectoryW@utils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetWindowsDirectoryW@utils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
BDMFrameWork.dll
BDMFrameWork.dll
BDMStringUtils.dll
BDMStringUtils.dll
?BDMMsgGetModule@@YGJPAPAX@Z
?BDMMsgGetModule@@YGJPAPAX@Z
BDMMsg.dll
BDMMsg.dll
GetWindowsDirectoryW
GetWindowsDirectoryW
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
RegOpenKeyW
RegOpenKeyW
RegCreateKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegFlushKey
RegFlushKey
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteW
ShellExecuteW
SHFileOperationW
SHFileOperationW
ShellExecuteExW
ShellExecuteExW
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
SHLWAPI.dll
SHLWAPI.dll
MSVCP80.dll
MSVCP80.dll
MSVCR80.dll
MSVCR80.dll
_amsg_exit
_amsg_exit
_wcmdln
_wcmdln
_crt_debugger_hook
_crt_debugger_hook
PSAPI.DLL
PSAPI.DLL
WTSAPI32.dll
WTSAPI32.dll
USERENV.dll
USERENV.dll
InternetCrackUrlW
InternetCrackUrlW
HttpOpenRequestW
HttpOpenRequestW
HttpQueryInfoW
HttpQueryInfoW
HttpSendRequestW
HttpSendRequestW
WININET.dll
WININET.dll
NETAPI32.dll
NETAPI32.dll
VERSION.dll
VERSION.dll
WS2_32.dll
WS2_32.dll
BDMTinyXml.dll
BDMTinyXml.dll
GetProcessHeap
GetProcessHeap
RegOpenKeyExA
RegOpenKeyExA
BaiduAnTray.exe
BaiduAnTray.exe
??_B?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@51
??_B?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@51
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@0AAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@A
?instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@0AAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@A
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?t@?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@4V?$singleton_wrapper@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@detail@34@A
?t@?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@4V?$singleton_wrapper@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@detail@34@A
.?AVCBDCmdParser@BDMLogicMisc@@
.?AVCBDCmdParser@BDMLogicMisc@@
.?AVCBDMConfigReportRecord@@
.?AVCBDMConfigReportRecord@@
.?AVCPluginMenuItemExecutor@@
.?AVCPluginMenuItemExecutor@@
.?AVIPluginCmdExecutor@@
.?AVIPluginCmdExecutor@@
.?AVCBDMLauchReportRecord@@
.?AVCBDMLauchReportRecord@@
.?AVReportMessageBase@ns_reportbase@ns_global@@
.?AVReportMessageBase@ns_reportbase@ns_global@@
.?AVRegSystemCallPassThrough@ns_common@@
.?AVRegSystemCallPassThrough@ns_common@@
.?AVReportClient@ns_reportbase@ns_global@@
.?AVReportClient@ns_reportbase@ns_global@@
.?AUPluginInfoPassiveSaver@@
.?AUPluginInfoPassiveSaver@@
.?AVCCmdPluginLauncher@@
.?AVCCmdPluginLauncher@@
.?AVCExePluginLauncher@@
.?AVCExePluginLauncher@@
.?AVheader@http@bena@@
.?AVheader@http@bena@@
.?AVresponse@http@bena@@
.?AVresponse@http@bena@@
.?AVrequest@http@bena@@
.?AVrequest@http@bena@@
#include "windows.h"
#include "windows.h"
ÿF=
ÿF=
6t7X7^7g7s7
6t7X7^7g7s7
; ;;;_;|;
; ;;;_;|;
3%4S4_4w4
3%4S4_4w4
2 2%2.282
2 2%2.282
8Â8N8i8v8
8Â8N8i8v8
:":):3:`:
:":):3:`:
4O4u4
4O4u4
>%>'?1?8?
>%>'?1?8?
3G4C4S4h4y4
3G4C4S4h4y4
1.2@2]2~2
1.2@2]2~2
4%4S4d4
4%4S4d4
=!=;=_=|=
=!=;=_=|=
6%7S7
6%7S7
6o6V6q6
6o6V6q6
: :$:(:,:0:4:8:<:>
: :$:(:,:0:4:8:<:>
3#3(3.343
3#3(3.343
1 1$1(1,1014181
1 1$1(1,1014181
8‰8S8c8v8
8‰8S8c8v8
0!1&161|1
0!1&161|1
8„8u8
8„8u8
;&;-;4;?;
;&;-;4;?;
2/343>3\3
2/343>3\3
8Å’8
8Å’8
283D3z3
283D3z3
=$=,=8=\=|=
=$=,=8=\=|=
0 0(000
0 0(000
:$:,:4:@:|:
:$:,:4:@:|:
\PluginSetup.xml
\PluginSetup.xml
PackCache.xml
PackCache.xml
##cmd:
##cmd:
UninstalledPlugins.xml
UninstalledPlugins.xml
BDMDownload.dll
BDMDownload.dll
/handle=%d /supplyid=%d /installmode=2 /S /D=%s
/handle=%d /supplyid=%d /installmode=2 /S /D=%s
%d.%d
%d.%d
\GlobalPluginInfo.xml
\GlobalPluginInfo.xml
\LocalPluginInfo.xml
\LocalPluginInfo.xml
\HotPlugins.xml
\HotPlugins.xml
\HotPlugin.bnr
\HotPlugin.bnr
PluginSetup.xml
PluginSetup.xml
%d.%d.%d.%d
%d.%d.%d.%d
ntdll.dll
ntdll.dll
EXPLORER.EXE
EXPLORER.EXE
explorer.exe
explorer.exe
BDMNet.dll
BDMNet.dll
BaiduHips.exe
BaiduHips.exe
UDP-ADM_DRVE_ISTL_FID
UDP-ADM_DRVE_ISTL_FID
UDP-ADM_DRVE_OPEN_FID
UDP-ADM_DRVE_OPEN_FID
bdmantivirus\BDKitUtils.dll
bdmantivirus\BDKitUtils.dll
system32\DRIVERS\BDMWrench.sys
system32\DRIVERS\BDMWrench.sys
BaiduSdSvc.exe
BaiduSdSvc.exe
"%s\BaiduSdSvc.exe" -r
"%s\BaiduSdSvc.exe" -r
%Program Files% (x86)\Baidu
%Program Files% (x86)\Baidu
%Program Files%\Baidu
%Program Files%\Baidu
D:\Program Files (x86)\Baidu
D:\Program Files (x86)\Baidu
D:\Program Files\Baidu
D:\Program Files\Baidu
E:\Program Files (x86)\Baidu
E:\Program Files (x86)\Baidu
E:\Program Files\Baidu
E:\Program Files\Baidu
F:\Program Files (x86)\Baidu
F:\Program Files (x86)\Baidu
F:\Program Files\Baidu
F:\Program Files\Baidu
BaiduAnSvc.exe
BaiduAnSvc.exe
"%s\BaiduAnSvc.exe" -r
"%s\BaiduAnSvc.exe" -r
BDMReport.dll
BDMReport.dll
%s\baidu\baiduan\Config\8001.dat
%s\baidu\baiduan\Config\8001.dat
%s\BaiduHips.exe
%s\BaiduHips.exe
BaiduProtect.exe
BaiduProtect.exe
"%s\BaiduProtect.exe" -r
"%s\BaiduProtect.exe" -r
%Program Files% (x86)\Common Files\Baidu
%Program Files% (x86)\Common Files\Baidu
%Program Files%\Common Files\Baidu
%Program Files%\Common Files\Baidu
D:\Program Files (x86)\Common Files\Baidu
D:\Program Files (x86)\Common Files\Baidu
D:\Program Files\Common Files\Baidu
D:\Program Files\Common Files\Baidu
E:\Program Files (x86)\Common Files\Baidu
E:\Program Files (x86)\Common Files\Baidu
E:\Program Files\Common Files\Baidu
E:\Program Files\Common Files\Baidu
F:\Program Files (x86)\Common Files\Baidu
F:\Program Files (x86)\Common Files\Baidu
F:\Program Files\Common Files\Baidu
F:\Program Files\Common Files\Baidu
%s\baidu\baidusd\Config\900.dat
%s\baidu\baidusd\Config\900.dat
BaiduSdTray.exe
BaiduSdTray.exe
xx
xx
\\.\BDMWrench
\\.\BDMWrench
Global\BDDefenseDriver{80438582-0F66-44E0-3D2B-2D7E872CBFBB}
Global\BDDefenseDriver{80438582-0F66-44E0-3D2B-2D7E872CBFBB}
CD61BB3A-403D-7650-5D9A-4E57EA1035E6
CD61BB3A-403D-7650-5D9A-4E57EA1035E6
UDP-ADM_KITUTL_PH_SET_INVALID
UDP-ADM_KITUTL_PH_SET_INVALID
UDP-ADM_WMWCH_PH_SET_INVALID
UDP-ADM_WMWCH_PH_SET_INVALID
UDP-ADM_ST_ID:%d
UDP-ADM_ST_ID:%d
UDP-ADM_DRVE_RUN
UDP-ADM_DRVE_RUN
UDP-ADM_CLIENT_RUN
UDP-ADM_CLIENT_RUN
UDP-ADM_CPY_SYS_FID
UDP-ADM_CPY_SYS_FID
UDP-ADM_OPEN_SYS_FID
UDP-ADM_OPEN_SYS_FID
UDP-ADM_INST_SYS_FID
UDP-ADM_INST_SYS_FID
UDP-ADM_SED_PAVER_FID
UDP-ADM_SED_PAVER_FID
UDP-ADM_ATR_SET
UDP-ADM_ATR_SET
UDP-ADM_SED_ATR_FID
UDP-ADM_SED_ATR_FID
UDP-ADM_SED_FSD
UDP-ADM_SED_FSD
UDP-ADM_RPT_FID
UDP-ADM_RPT_FID
UDP-ADM_FSD
UDP-ADM_FSD
\BaiduSdSvc.exe
\BaiduSdSvc.exe
\BaiduAnSvc.exe
\BaiduAnSvc.exe
UDP-ADM_RPT_INIT_FID
UDP-ADM_RPT_INIT_FID
\system32\drivers\BDMWrench.sys
\system32\drivers\BDMWrench.sys
drivers\BDMWrench.sys
drivers\BDMWrench.sys
UDP-EVT_WFR
UDP-EVT_WFR
UDP-EVT_WFID
UDP-EVT_WFID
UDP-ADM_SED_PAVER2_FID
UDP-ADM_SED_PAVER2_FID
\BaiduSdTray.exe" -stmd=3
\BaiduSdTray.exe" -stmd=3
\BaiduAnTray.exe" -stmd=3
\BaiduAnTray.exe" -stmd=3
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
C9521EC1-6642-5CF6-8FB9-DE04639593BD
C9521EC1-6642-5CF6-8FB9-DE04639593BD
UDP-PS_KITUTI_PH_SET_INVALID
UDP-PS_KITUTI_PH_SET_INVALID
UDP-PS_LD_FID
UDP-PS_LD_FID
UDP-PL_SRV_ID:%d
UDP-PL_SRV_ID:%d
UDP-PL_SRV_RUN
UDP-PL_SRV_RUN
UDP-PL_SRV_INSTPH_FID
UDP-PL_SRV_INSTPH_FID
UDP-PL_SRV_CK_REG_DAMG
UDP-PL_SRV_CK_REG_DAMG
UDP-PL_SRV_REPT01_FID
UDP-PL_SRV_REPT01_FID
UDP-PL_SRV_REGREPIR_FID
UDP-PL_SRV_REGREPIR_FID
UDP-PL_SRV_PL_FID
UDP-PL_SRV_PL_FID
UDP-PL_SRV_REPT02_FID
UDP-PL_SRV_REPT02_FID
UDP-PL_SRV_FSD
UDP-PL_SRV_FSD
UDP-PL_TRY_ID:%d
UDP-PL_TRY_ID:%d
UDP-PL_TRY_RUN
UDP-PL_TRY_RUN
UDP-PL_TRY_INSTPH_FID
UDP-PL_TRY_INSTPH_FID
UDP-PL_TRY_UN_ATRUN
UDP-PL_TRY_UN_ATRUN
UDP-PL_TRY_REPT01_FID
UDP-PL_TRY_REPT01_FID
UDP-PL_TRY_PL_FID
UDP-PL_TRY_PL_FID
UDP-PL_TRY_REPT02_FID
UDP-PL_TRY_REPT02_FID
UDP-PL_TRY_FSD
UDP-PL_TRY_FSD
UDP-PL_RPT_INIT_FID
UDP-PL_RPT_INIT_FID
UDP-ADM_SET_KITU
UDP-ADM_SET_KITU
UDP-ADM_SET_MWR_PATH
UDP-ADM_SET_MWR_PATH
UDP-ADM_OS_ERR
UDP-ADM_OS_ERR
UDP-ADM_PROC_DIR_UN_EXIST
UDP-ADM_PROC_DIR_UN_EXIST
UDP-ADM_PROC_GT_VER_FID
UDP-ADM_PROC_GT_VER_FID
UDP-ADM_PROC_MATCH_FID
UDP-ADM_PROC_MATCH_FID
%s%d\%ld\
%s%d\%ld\
Download.data
Download.data
download.db
download.db
publish.db
publish.db
profile.db
profile.db
%s_%d
%s_%d
%s%d\
%s%d\
metadata.db
metadata.db
\updateTips.dat
\updateTips.dat
Baiduan.exe -stmd=2 -selplugin={BFB3F7A3-4FA1-466f-AB97-A96EFA9EFA6E}\{D8CD8DC5-D053-402a-99D9-47554C744B0C}
Baiduan.exe -stmd=2 -selplugin={BFB3F7A3-4FA1-466f-AB97-A96EFA9EFA6E}\{D8CD8DC5-D053-402a-99D9-47554C744B0C}
BDMQueryObj is faild is 0x%x
BDMQueryObj is faild is 0x%x
QueryIpcAddressHelper is faild is 0x%x
QueryIpcAddressHelper is faild is 0x%x
QueryIpcAddressHelper is success ,but IpcAddress List is Empty
QueryIpcAddressHelper is success ,but IpcAddress List is Empty
{AF849809-EC94-47CB-80E9-1452BEC92ADA}
{AF849809-EC94-47CB-80E9-1452BEC92ADA}
{1CB69707-E42B-4128-8A00-7336B93DC262}
{1CB69707-E42B-4128-8A00-7336B93DC262}
baiduan.exe -stmd=6
baiduan.exe -stmd=6
ActivateMainApp_{BFB3F7A3-4FA1-466f-AB97-A96EFA9EFA6E}\
ActivateMainApp_{BFB3F7A3-4FA1-466f-AB97-A96EFA9EFA6E}\
{E9C9ED70-127F-4BE4-9821-74160A768A90}
{E9C9ED70-127F-4BE4-9821-74160A768A90}
{7576896A-4E2F-4665-AB7D-95938D2632F1}
{7576896A-4E2F-4665-AB7D-95938D2632F1}
{F5E93978-539C-476B-9A7B-B6C32025A557}
{F5E93978-539C-476B-9A7B-B6C32025A557}
{716CE9AE-35B9-4639-B585-47F6B47B4E2D}
{716CE9AE-35B9-4639-B585-47F6B47B4E2D}
{D8CD8DC5-D053-402a-99D9-47554C744B0C}
{D8CD8DC5-D053-402a-99D9-47554C744B0C}
BDMgr.exe -stmd=7
BDMgr.exe -stmd=7
BDMgr.exe -stmd=6
BDMgr.exe -stmd=6
BDMgr.exe -stmd=7 -selplugin={914438D6-1EC4-434A-B6EC-20F84894C395}
BDMgr.exe -stmd=7 -selplugin={914438D6-1EC4-434A-B6EC-20F84894C395}
hXXp://weishi.baidu.com/feedback/
hXXp://weishi.baidu.com/feedback/
TrayPluginContainerConfig.xml
TrayPluginContainerConfig.xml
{E059A29F-D2ED-4f28-849A-851AA9D5A05C}
{E059A29F-D2ED-4f28-849A-851AA9D5A05C}
QQ.exe
QQ.exe
screen_snapshot.exe
screen_snapshot.exe
SnippingTool.exe
SnippingTool.exe
CommonRes.rdb
CommonRes.rdb
BDMUpdate.dll
BDMUpdate.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduAn
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduAn
1800000
1800000
ic_question_48_48.png
ic_question_48_48.png
file='skin_image1.png' xtiled='true' ytiled='true'
file='skin_image1.png' xtiled='true' ytiled='true'
BDASoftmgr.exe
BDASoftmgr.exe
BDASWAcc.exe
BDASWAcc.exe
BaiduAnBugRpt.exe
BaiduAnBugRpt.exe
BDMgr.exe -stmd=61 -prel
BDMgr.exe -stmd=61 -prel
BaiduAn.exe
BaiduAn.exe
BaiduAnUpdate.exe
BaiduAnUpdate.exe
Client.exe
Client.exe
\GameNoDisturb.ini
\GameNoDisturb.ini
Shell32.dll
Shell32.dll
FreeDistractionTips.xml
FreeDistractionTips.xml
BaiduAn{D8A4131D-3A7A-48a1-B080-28E1DC04F7C2}
BaiduAn{D8A4131D-3A7A-48a1-B080-28E1DC04F7C2}
ic_title_logo.png
ic_title_logo.png
btn_exit_hover_16_16.png
btn_exit_hover_16_16.png
btn_opennodisturb_hover_16_16.png
btn_opennodisturb_hover_16_16.png
btn_nodisturb_hover_16_16.png
btn_nodisturb_hover_16_16.png
btn_acc_hover_16_16.png
btn_acc_hover_16_16.png
ico_mainpage_normal.png
ico_mainpage_normal.png
btn_exit_normal_16_16.png
btn_exit_normal_16_16.png
btn_acc_normal_16_16.png
btn_acc_normal_16_16.png
btn_opennodisturb_normal_16_16.png
btn_opennodisturb_normal_16_16.png
btn_nodisturb_normal_16_16.png
btn_nodisturb_normal_16_16.png
TrayMenu.xml
TrayMenu.xml
Config\config.ini
Config\config.ini
%d-%d-%d
%d-%d-%d
ActivateTrayApp_{E6F42A49-F45B-4FDF-ADD8-DFAE10011BD1}
ActivateTrayApp_{E6F42A49-F45B-4FDF-ADD8-DFAE10011BD1}
2.3.1.2681
2.3.1.2681
hXXp://weishi.baidu.com
hXXp://weishi.baidu.com
hXXp://weishi.baidu.com/privacy.html
hXXp://weishi.baidu.com/privacy.html
about.xml
about.xml
@advapi32.dll
@advapi32.dll
QueryIpcAddressHelper
QueryIpcAddressHelper
testtips.xml
testtips.xml
D:\BDdownloads
D:\BDdownloads
Global\{74B41C93-AC9A-4a9e-85E0-27A02EA509FA}
Global\{74B41C93-AC9A-4a9e-85E0-27A02EA509FA}
B\\.\pipe\{B99F6A00-E6C9-4253-9708-C6EFB939FD53}
B\\.\pipe\{B99F6A00-E6C9-4253-9708-C6EFB939FD53}
BDMUPDATE_{626ADED9-5989-4e97-A482-09AC95C17D47}
BDMUPDATE_{626ADED9-5989-4e97-A482-09AC95C17D47}
.bdtmp
.bdtmp
.old_
.old_
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0
\Global.db
\Global.db
Fiphlpapi.dll
Fiphlpapi.dll
F\\.\PhysicalDrive%d
F\\.\PhysicalDrive%d
\\.\Scsi%d:
\\.\Scsi%d:
0123456789
0123456789
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\Config\
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\Config\
BaiduanTray.exe
BaiduanTray.exe
services.exe_760_rwx_006E0000_00001000:
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bd0001.dll
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bd0001.dll