Trojan.Win32.Alureon_6357de48de – Adaware

Trojan.Win32.Alureon.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Trojan

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: 6357de48decaabd2c155aa99c8ce6cd3

SHA1: fd807fceebbc89d806677fa26bf5d840fba9d213

SHA256: af40252d51084b3f668260473f7e02f562fe1b7a267edcc9386e5457fd3b6b3f

SSDeep: 49152:VXpA9ybBzY5284GZ5c1 powpl wY b84/La:VtbBc5hnXoy 61W

Size: 1766344 bytes

File type: EXE

Platform: WIN32

Entropy: Packed

PEID: UPolyXv05_v6

Company: no certificate found

Created at: 2012-02-24 21:19:59

Analyzed on: WindowsXPESX SP3 32-bit

Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Dynamic Analysis

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

vcredist_x86.exe:608
MsiExec.exe:680

The Trojan injects its code into the following process(es):

%original file name%.exe:1344
services.exe:760

Mutexes

The following mutexes were created/opened:No objects were found.

File activity

The process %original file name%.exe:1344 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x64\bd00021.sys (218 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDAFileHelper1.exe (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmpatcherplugins\BDMPatcher.dll (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\GCCommunicate.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\tmpmdszir.dll (29256 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\GCScriptBind.dll (3815 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\BDMPatcherPlugin.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SWManager.rdb (1812 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\homepage.ini (361 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (32 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_second_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOTraceConfig.xml (9 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsusplugins\BDMNetMonSusPlugin.dll (3721 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\BDMWrench.sys (122 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\Pizmdb.7z (213482 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_4_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\MainframePluginContainerConfig.xml (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SafePlugin.rdb (4 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\Mainpage.rdb (3831 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDMTips.rdb (183 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\scan_mgr_config.dat (2 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_8_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\BDMSafePlugin1.dll (6420 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDKV1.rdb (29 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\CompatibilityChecker.dll (140 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Bkfg.dll (3811 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BaiduAnBugRpt.exe (6437 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\Unknownfile.rdb (48 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDSWShellExt64.dll (3664 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\EnhanceBoost.dll (275 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SYSAccMgrDll.dll (3761 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDMSetting.rdb (85 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMSWParseDetect.dll (1613 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDKVLogs.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_1_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMPatchAgent.dll (37 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SYSCleaner.dll (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMNetGetInfo.dll (11344 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\DriverManager.dll (119 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDNetMisc.dll (67 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x86\BDArKit.sys (91 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDMTray.rdb (20 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMMsg.dll (49 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\GlobalPluginInfo.xml (25 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDLogicUtils.dll (3833 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMSOCleanerTrayPlugin.dll (3757 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\BDMNetMonMgrDll.dll (62 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_class_filter.db (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bd0001.dll (131 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bd0002.dll (1749 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x86\BDMNetMon_XP_x86.sys (95 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMNet.dll (3024 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\blacksign.dat (537 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\NetService.ini (590 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (1209 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\TrustAndIso.dll (262 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\SWCatalogDataItem.xml (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x64\BDArKit.sys (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\tgqdy.dll (4 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\{F5E93978-539C-476B-9A7B-B6C32025A557}.png (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmkvscanplugin\BDMKVScanPlugin.dll (3745 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\LocalPluginInfo.xml (14 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\uninst.exe (9606 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\tgqdy.dll.bdl (620140 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\websafe\WebSafe.dll (6428 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\BDMSOLiveAccDataMgr.dll (168 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\RTPPlugins\HIPS.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Download\bddownloader.exe (7972 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMReport.dll (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMStringUtils.dll (66 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMScriptVM.dll (213 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\BDMRepMgr.dll (3733 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\BDMSOLiveAccStrategyMgr.dll (107 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SusPlugin.rdb (163 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\licenses\directui license.txt (593 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\virus_type.dat (485 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_7_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_9_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOSilentCleanerConfig.dat (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\33f59beac1c942dd19f41a7fd30f3f9b.bdt (647 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_repairproperty.dat (2 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (24 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\Patcher.rdb (143 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMUpdate.dll (3729 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\68905108990c088c31aead3b6d1651be.bdt (519 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Download\bdcomproxy.dll (70 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMBase.dll (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsusplugins\BDMSOAccSusPlugin.dll (3737 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca (3820 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerConfig.dat (6 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\BDMSWManagerFrame.dll (3725 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMMainFrame.dll (9606 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\BDAVCache.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SysOptDict.dat (4 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMSusPlugin.dll (3745 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\BDMSysFixerPlugin.dll (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDCooly.dll (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMSkin.dll (36698 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_3_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMTinyXml.dll (181 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMSOAccTrayPlugin.dll (3733 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\CommonRes.rdb (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\HotPlugins.xml (386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\GameNoDisturb.ini (215 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SysFixer.rdb (87 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\BDMSOLiveAccEngine.dll (111 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\RTPPlugins\RtpContainerConfig.xml (474 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_blank_speed.png (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDLogicUtils.dll.bdl (40821 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BaiduAnTray1.exe (12289 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SORegCleanerConfig.dat (900 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x64\BDMNetMon_WIN7_x64.sys (109 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\hu.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMDownload.dll (5520 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_acc.dat (3 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerPreScan.dat (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_minute_speed.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\System.dll (784 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\BDMProcessRunningTime.dll (82 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMFrameWork.dll (271 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerScript.dat (58 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\vcredist_x86.exe (17629 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMNet.dll (6392 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\BDEnhanceBoost.sys (59 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\BDMSOManagerPlugins\BDMSOCleanerPlugin.dll (15801 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BaiduAnSvc1.exe (7972 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDASWAcc.exe (46 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDSWShellExt.dll (1720 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDMUpdate.rdb (1630 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\app.ico (1623 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\BDMKVMainPlugin.dll (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_6_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SOManager.rdb (1741 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\RTPPlugins\BDMSOAccServicePlugin.dll (1859 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_2_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BaiduAn1.exe (1683 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmswmanagerplugins\BDMSWManagerView.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOTraceCleanerConfig.dat (5 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Download\dl.dll (12289 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\KVCommonRes.rdb (109 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmpatcherplugins\PatcherContainer.xml (563 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMTips.exe (3743 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMSkin.dll (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SiteInspection.rdb (1868 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\BDMCoolyPlugins\BDMCoolyContainerConfig.xml (465 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\Softmgr.rdb (690 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x86\bd00021.sys (206 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\SysFixer.dll (267 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDALeakfixer.exe (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\sd\BDLogicUtils.dll (3832 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\SysFixerLuaScript.dat (145 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\sd\FileMon.dll (7972 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerCheckItem.dat (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsusplugins\SusPluginContainerConfig.xml (605 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\PluginSetup.xml (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\804.dat (3 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMTrayTipsPlugin.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMDownload.dll (324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\dl.dll (65930 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\systemfile.dat (3 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOGarbageCleanerConfig.dat (12 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\pluginUnit.dat (727 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\BDMCoolyPlugins\BDMSOAccCoolyPlugin.dll (1834 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmkvscanplugin\BDMKVScanPluginContainerConfig.xml (380 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_5_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\PluginManager.dll (6359 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x86\bd0001.sys (70 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMSWNestCore.dll (6428 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\3d47db2aaf2f15af6b0fdabd9474d2cd.bdt (3 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SysAccelerator.rdb (1742 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMCommon.dll (1609 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\ad.dll (6379 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SysAccLiveStrategy.dat (93 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x86\BDMNetMon_WIN7_x86.sys (94 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_property.dat (267 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_extlist.dat (3 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x64\bd0001.sys (160 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\licenses\duilib license.txt (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_0_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOHomePageCleanerConfig.dat (12 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BaiduAnUpdate.exe (7972 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SOTurbo.rdb (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nswB3.tmp (110649 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\BDMSOManagerPlugins\BDMSOAcceleratorPlugin.dll (6424 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Download\7z.dll (1652 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\TrayPluginContainerConfig.xml (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\SysRepLib.dat (22 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BP.dll (30058 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\kav_compatible.dat (25 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMWindowsLib.dll (99 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\GCCallbackBind.dll (24 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\SysFixerConfig1.dat (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmpatcherplugins\BDMConnect.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\SafePluginContainerConfig.xml (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\StartupDict.dat (1783 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\KVMain.rdb (55 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\bduf.dll (3823 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\BDMAVEng.dll (6420 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDMTray\TrayPlugin.rdb (3 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\BDKitUtils.dll (62 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\SysFixerXMLScript.dat (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\res\onlineWnd.zip (14184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\f2d00606824cd42a1c03eb9caa15e29f.bdt (631 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\BDMRepBase.dll (3897 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDASoftmgr1.exe (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bg_tips_speed_win8.png (4 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\patch\publish.db (30058 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOGarbageConfig.xml (14 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_appassext.dat (2 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\PluginManager\PluginConfig.db (12289 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SORegCleanerScript.dat (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMReport.dll.bdl (30090 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMNet.dll.bdl (28543 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOPluginCleanerConfig.dat (442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\hips.xml (1 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsrB2.tmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (0 bytes)

The process vcredist_x86.exe:608 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\vcredis1.cab (6255 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\vcredist.msi (42423 bytes)

Registry activity

The process %original file name%.exe:1344 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKCR\metnsd\clsid]
"SequenceID" = "C0 0D FA 98 20 1D 52 4B 80 2D EE 6D 5E F0 97 3B"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c14c4f6-74da-11e2-81b0-000c29ec7fc5}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225]
"vcredist_x86.exe" = "IExpress Setup"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "96 28 3F 62 06 8E 80 B0 6B 21 28 48 61 6C 94 39"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\C:]
"%original file name%.exe" = "C:\%original file name%.exe:*:Enabled:ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«ÃƒÂ¥Ã…â€œÃ‚Â¨ÃƒÂ§Ã‚ÂºÃ‚Â¿ÃƒÂ¥Ã‚Â®Ã¢â‚¬Â°ÃƒÂ¨Ã‚Â£Ã¢â‚¬Â¦ÃƒÂ§Ã‚Â¨Ã¢â‚¬Â¹ÃƒÂ¥Ã‚ÂºÃ‚Â"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:]
"%original file name%.exe" = "C:\%original file name%.exe:*:Enabled:ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«ÃƒÂ¥Ã…â€œÃ‚Â¨ÃƒÂ§Ã‚ÂºÃ‚Â¿ÃƒÂ¥Ã‚Â®Ã¢â‚¬Â°ÃƒÂ¨Ã‚Â£Ã¢â‚¬Â¦ÃƒÂ§Ã‚Â¨Ã¢â‚¬Â¹ÃƒÂ¥Ã‚ÂºÃ‚Â"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp]
"tgqdy.dll" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\tgqdy.dll:*:Enabled:ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«ÃƒÂ¥Ã‚Â®Ã¢â‚¬Â°ÃƒÂ¨Ã‚Â£Ã¢â‚¬Â¦ÃƒÂ§Ã‚Â¨Ã¢â‚¬Â¹ÃƒÂ¥Ã‚ÂºÃ‚Â"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp]
"tgqdy.dll" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\tgqdy.dll:*:Enabled:ÃƒÂ§Ã¢â€žÂ¢Ã‚Â¾ÃƒÂ¥Ã‚ÂºÃ‚Â¦ÃƒÂ¥Ã‚ÂÃ‚Â«ÃƒÂ¥Ã‚Â£Ã‚Â«ÃƒÂ¥Ã‚Â®Ã¢â‚¬Â°ÃƒÂ¨Ã‚Â£Ã¢â‚¬Â¦ÃƒÂ§Ã‚Â¨Ã¢â‚¬Â¹ÃƒÂ¥Ã‚ÂºÃ‚Â"

The process vcredist_x86.exe:608 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AF 62 14 35 1A 3B 4B 2A BA 06 FA D8 56 18 32 DF"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0" = "rundll32.exe %System%\advpack.dll,DelNodeRunDLL32 C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\"

The process MsiExec.exe:680 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B6 55 7A 94 6F 8A 81 89 4D F5 2F 3B 4A 4F 08 6B"

Dropped PE files

MD5	File path
44edff85d12e091f0b129f05a3f2a042	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\BDLogicUtils.dll
d184763cb4e62d531193978de7b82db2	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\BDMDownload.dll
c8b0dca29d7b9aff1b801af86212c586	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\BDMNet.dll
12f98be1d919784370eb0f87e78b60d8	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\BDMNetGetInfo.dll
30cbc602ada7cdfb0346038c05996d84	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\BDMReport.dll
b540a866191f7fd20f5e6355bc2b094e	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\BDMSkin.dll
f52eb281e29da8065e18805617ac2cbc	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\System.dll
763b532d651f0ad5e135d9b57bf4fba4	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\dl.dll
ebfe7c9594e300bb0c16e7bb99a7e66d	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\hu.dll
f32de2a845f461e07a95656fa0873b92	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\tgqdy.dll
f728bab4ed737e85ad5134c5a3b8c359	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmB4.tmp\tmpmdszir.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):
vcredist_x86.exe:608
MsiExec.exe:680
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x64\bd00021.sys (218 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDAFileHelper1.exe (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmpatcherplugins\BDMPatcher.dll (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\GCCommunicate.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\tmpmdszir.dll (29256 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\GCScriptBind.dll (3815 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\BDMPatcherPlugin.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SWManager.rdb (1812 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\homepage.ini (361 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (32 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_second_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOTraceConfig.xml (9 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsusplugins\BDMNetMonSusPlugin.dll (3721 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\BDMWrench.sys (122 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\Pizmdb.7z (213482 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_4_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\MainframePluginContainerConfig.xml (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SafePlugin.rdb (4 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\Mainpage.rdb (3831 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDMTips.rdb (183 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\scan_mgr_config.dat (2 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_8_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\BDMSafePlugin1.dll (6420 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDKV1.rdb (29 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\CompatibilityChecker.dll (140 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Bkfg.dll (3811 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BaiduAnBugRpt.exe (6437 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\Unknownfile.rdb (48 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDSWShellExt64.dll (3664 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\EnhanceBoost.dll (275 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SYSAccMgrDll.dll (3761 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDMSetting.rdb (85 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMSWParseDetect.dll (1613 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDKVLogs.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_1_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMPatchAgent.dll (37 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SYSCleaner.dll (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMNetGetInfo.dll (11344 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\DriverManager.dll (119 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDNetMisc.dll (67 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x86\BDArKit.sys (91 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDMTray.rdb (20 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMMsg.dll (49 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\GlobalPluginInfo.xml (25 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDLogicUtils.dll (3833 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMSOCleanerTrayPlugin.dll (3757 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\BDMNetMonMgrDll.dll (62 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_class_filter.db (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bd0001.dll (131 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bd0002.dll (1749 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x86\BDMNetMon_XP_x86.sys (95 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMNet.dll (3024 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\blacksign.dat (537 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\NetService.ini (590 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (1209 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\TrustAndIso.dll (262 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\SWCatalogDataItem.xml (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x64\BDArKit.sys (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\tgqdy.dll (4 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\{F5E93978-539C-476B-9A7B-B6C32025A557}.png (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmkvscanplugin\BDMKVScanPlugin.dll (3745 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\LocalPluginInfo.xml (14 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\uninst.exe (9606 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\tgqdy.dll.bdl (620140 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\websafe\WebSafe.dll (6428 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\BDMSOLiveAccDataMgr.dll (168 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\RTPPlugins\HIPS.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Download\bddownloader.exe (7972 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMReport.dll (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMStringUtils.dll (66 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMScriptVM.dll (213 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\BDMRepMgr.dll (3733 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\BDMSOLiveAccStrategyMgr.dll (107 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SusPlugin.rdb (163 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\licenses\directui license.txt (593 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\virus_type.dat (485 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_7_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_9_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOSilentCleanerConfig.dat (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\33f59beac1c942dd19f41a7fd30f3f9b.bdt (647 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_repairproperty.dat (2 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (24 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\Patcher.rdb (143 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMUpdate.dll (3729 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\68905108990c088c31aead3b6d1651be.bdt (519 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Download\bdcomproxy.dll (70 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMBase.dll (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsusplugins\BDMSOAccSusPlugin.dll (3737 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerConfig.dat (6 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\BDMSWManagerFrame.dll (3725 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMMainFrame.dll (9606 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\BDAVCache.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SysOptDict.dat (4 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMSusPlugin.dll (3745 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\BDMSysFixerPlugin.dll (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDCooly.dll (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMSkin.dll (36698 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_3_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMTinyXml.dll (181 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMSOAccTrayPlugin.dll (3733 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\CommonRes.rdb (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\HotPlugins.xml (386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\GameNoDisturb.ini (215 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SysFixer.rdb (87 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\BDMSOLiveAccEngine.dll (111 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\RTPPlugins\RtpContainerConfig.xml (474 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_blank_speed.png (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDLogicUtils.dll.bdl (40821 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BaiduAnTray1.exe (12289 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SORegCleanerConfig.dat (900 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x64\BDMNetMon_WIN7_x64.sys (109 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\hu.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMDownload.dll (5520 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_acc.dat (3 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerPreScan.dat (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_minute_speed.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\System.dll (784 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\BDMProcessRunningTime.dll (82 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMFrameWork.dll (271 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerScript.dat (58 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\vcredist_x86.exe (17629 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMNet.dll (6392 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\BDEnhanceBoost.sys (59 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\BDMSOManagerPlugins\BDMSOCleanerPlugin.dll (15801 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BaiduAnSvc1.exe (7972 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDASWAcc.exe (46 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDSWShellExt.dll (1720 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDMUpdate.rdb (1630 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\app.ico (1623 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\BDMKVMainPlugin.dll (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_6_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SOManager.rdb (1741 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\RTPPlugins\BDMSOAccServicePlugin.dll (1859 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_2_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BaiduAn1.exe (1683 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmswmanagerplugins\BDMSWManagerView.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOTraceCleanerConfig.dat (5 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Download\dl.dll (12289 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\KVCommonRes.rdb (109 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmpatcherplugins\PatcherContainer.xml (563 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMTips.exe (3743 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMSkin.dll (5442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SiteInspection.rdb (1868 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\BDMCoolyPlugins\BDMCoolyContainerConfig.xml (465 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\Softmgr.rdb (690 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x86\bd00021.sys (206 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\SysFixer.dll (267 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDALeakfixer.exe (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\sd\BDLogicUtils.dll (3832 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\SysFixerLuaScript.dat (145 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\sd\FileMon.dll (7972 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOCleanerCheckItem.dat (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsusplugins\SusPluginContainerConfig.xml (605 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmmainframeplugins\PluginSetup.xml (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\804.dat (3 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\BDMTrayTipsPlugin.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMDownload.dll (324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\dl.dll (65930 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\systemfile.dat (3 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOGarbageCleanerConfig.dat (12 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\pluginUnit.dat (727 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\BDMCoolyPlugins\BDMSOAccCoolyPlugin.dll (1834 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmkvscanplugin\BDMKVScanPluginContainerConfig.xml (380 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_5_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\PluginManager.dll (6359 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x86\bd0001.sys (70 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMSWNestCore.dll (6428 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\3d47db2aaf2f15af6b0fdabd9474d2cd.bdt (3 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SysAccelerator.rdb (1742 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMCommon.dll (1609 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\ad.dll (6379 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SysAccLiveStrategy.dat (93 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x86\BDMNetMon_WIN7_x86.sys (94 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_property.dat (267 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_extlist.dat (3 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\drivers\x64\bd0001.sys (160 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\licenses\duilib license.txt (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Tips\win8_1_num_0_speed.png (15 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOHomePageCleanerConfig.dat (12 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BaiduAnUpdate.exe (7972 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\SOTurbo.rdb (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nswB3.tmp (110649 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\BDMSOManagerPlugins\BDMSOAcceleratorPlugin.dll (6424 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Download\7z.dll (1652 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmtrayplugins\TrayPluginContainerConfig.xml (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\SysRepLib.dat (22 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BP.dll (30058 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\kav_compatible.dat (25 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDMWindowsLib.dll (99 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\GCCallbackBind.dll (24 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\SysFixerConfig1.dat (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmpatcherplugins\BDMConnect.dll (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\plugins\bdmsafeplugins\SafePluginContainerConfig.xml (1 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\StartupDict.dat (1783 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\KVMain.rdb (55 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\bduf.dll (3823 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\BDMAVEng.dll (6420 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\Skins\Default\BDMTray\TrayPlugin.rdb (3 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\BDKitUtils.dll (62 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSysFixer\SysFixerXMLScript.dat (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\res\onlineWnd.zip (14184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\f2d00606824cd42a1c03eb9caa15e29f.bdt (631 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bdmantivirus1\BDMRepBase.dll (3897 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\BDASoftmgr1.exe (7386 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bg_tips_speed_win8.png (4 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\patch\publish.db (30058 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOGarbageConfig.xml (14 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSWManager\sw_appassext.dat (2 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\PluginManager\PluginConfig.db (12289 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SORegCleanerScript.dat (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMReport.dll.bdl (30090 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmB4.tmp\BDMNet.dll.bdl (28543 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\FTSOManager\SOPluginCleanerConfig.dat (442 bytes)
%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\hips.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\vcredis1.cab (6255 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\vcredist.msi (42423 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0" = "rundll32.exe %System%\advpack.dll,DelNodeRunDLL32 C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\"
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

Company Name:
Product Name:
Product Version: 1.0.385.633
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 1.0.385.633
File Description:
Comments:
Language: Chinese (Simplified, PRC)

Company Name: Product Name: Product Version: 1.0.385.633Legal Copyright: Legal Trademarks: Original Filename: Internal Name: File Version: 1.0.385.633File Description: Comments: Language: Chinese (Simplified, PRC)

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	28432	28672	4.50399	f569e353af0ed51bf4c216faa9bed4e7
.rdata	32768	10898	11264	3.04561	91eee43954e068e650f7b73a8b0e6915
.data	45056	425660	512	1.02085	db9f7acbf1c3ddfe255077b699955dfa
.ndata	471040	610304	0	0	d41d8cd98f00b204e9800998ecf8427e
.rsrc	1081344	23536	23552	3.58455	ca33c34b6d496334ebf60c8854c0207f
.reloc	1105920	3978	4096	3.79583	5dfbb8318f00f7e72ed7b2505c450360

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Network Activity

URLs

URL	IP
hxxp://baidubrs.dlmix.glb0.lxdns.com/client/dllw5/BDLogicUtils.dll
hxxp://baidubrs.dlmix.glb0.lxdns.com/client/dllv5/BDMReport.dll
hxxp://baidubrs.dlmix.glb0.lxdns.com/client/dllws/BDMNet.dll
hxxp://sxsw.n.shifen.com/
hxxp://swdownload.jomodns.com/sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll
hxxp://dlsw.baidu.com/sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll	180.76.22.47
hxxp://dl1sw.baidu.com/client/dllw5/BDLogicUtils.dll	8.37.234.9
hxxp://dl1sw.baidu.com/client/dllws/BDMNet.dll	8.37.234.9
hxxp://s.x.baidu.com/	180.76.2.46
hxxp://dl1sw.baidu.com/client/dllv5/BDMReport.dll	8.37.234.9

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=22282240-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:18:53 GMT

Content-Type: application/x-msdownload

Content-Length: 7265104

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29678

Content-Range: bytes 22282240-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

.^...Y......l......d............xB....G9...SN..s...U..hM....:..z>=.....2....{Z6."...mo..e.^.F.c....=K/.Pn....TC.VpJ...X....Pl.....`3.......!...C...9..y........B.{.Mn..jI.1.QM.o.z..C:g...*..U.(./I........q'.. P.`..q6...3...............8.....t.{oH.$..u..).I..6H.K..7[..zzRWW..|iMh...\... ......2......$W.8....N NG...$.H..qA|q....1...8....a...../.*d...R.........,....<..h...7u/.....8.<nhYp....,.tIHF.sz.....`.Q..?.Y_.I..-..[.2..c...4t...5!.......J.^..O.r/..I....6l*z...n.:.o.F..Q...<..*QA......l.3..........He....8.....Q..9Q.&....I7.>.$F.-..V.O.R|...2..... .U.... .~.G.^..'..z<.._j.........k.o...........!d..(..O.{..J...?.3D.k......C.\.p..T..... :L..TGd .t..jS......o.So.A.M....K4......rT/_.m..:..O$..k..........t.}81...Wb|..X.P.B..N....9..h../%~.C.pp.9..0..C/.&......oL..@....TS#7.A.sY.*....u...o.......x...O.9..L?c.R.&wH._....0T.t..x..n.d....)....^I.....6 .:K.Q..dm...U.-.H.!2.\|..T.....F&.....Ut........s..>..).L...&...u.C.D.KSoo...,..}b.d.....YV....rD.QR..m.) P.. |....8..3.."...$......!.S..Y......=..=.............._.]..."..%....f........D.}p..F.; R.....|.b....b.....#..............R./..../.......k.)-];.:&..5.1.....[?.@..H.j.OSh...Y..T.E..:..Q.>.*G>.e......D]../.Z...&..#..e"..n.}.....b.=.......a^...L......Q.x....h)Sar.N.%.k..8DT&).{..o*v.T/...V.....B....6.k.3.t...%X..k....[<...F...C;..}..U.o..m.......4....R:.z.7a...%G..5......../.L&F.m@..zQ............l5... ..>..l..E.0}^w....P..;9../....h..6 ...^.5..98./..H..8...}.]7...{....~.x........7]..[..6..t...w....h.[..Xv......K...v..c0.N.a..}zIes.!.....

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=28180480-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:19:28 GMT

Content-Type: application/x-msdownload

Content-Length: 1366864

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29713

Content-Range: bytes 28180480-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

.0...d]Z7.....BmG.g~.@. ....,{}..j....x4...Xur...{..ru.B.....a..Xs..W`._.>.......No.,a\%i...@....b.K..6.^,..pTJ.]u.....l}S.N..j.g....y(.u.9...3.ma...Tz.|...A..TuO.....85M...C............T...Ok..H.Nk;.c.)....b....4...A.D...X.'..^a..!7.hk:X<.h.J.H.....).e.........7....?.8.C......=.q(t.....>.m_....@..@?;.3..v.]..2..T3-.t[*:.#.>..<..&=....R.k...q....y..@.c%.4..X.a.z......g..)....;!.U\.U..X]_..0.8^..1...{......\....pI.....fA..3..>m...2r....-....f.}...F..k.>.....n.{?...v.....o%.!.a@#..|\.^.........d.... :yl^...@.~.k.$t;.2!n.*...m...v........P...z... ....@.'..Q.t.J...{..W...3.~...8Fm.J...vM\(..4......]........{..^.S..i.C.Y..Sk}D............7.,t..s...s......o...6....\..j......"r....Q|q......M....P..V!.....n%ux.c....t4...AA&..p."H..<0Q......s..K.....E.. ..L5...?.7....Z...l,?...S.....0..[X.N)....ky...%n. .1.e.ju|.9.....$.b.8.9MN..O..\.r.S.Jk.y.n.5o..`.......e.mX`?..Z.a@...D4.......r.....4.z.[f\[..u..j.1Fm..[9.).......,OQ7...q...E.t........~0uVs.....?..75..../...)..?..e.V.sx......&....C..f"q)xc).%..W........u.gl4.... 5R..r......#...;......g.<|.U~>.<..zS.vS.. .....#.R.cB.J))..}...0.fr...........H}..vK-...&.3..-.:...wk.......ui0..j....."....9....-_.J......C>....B..:l.Q...h.J..k.x.|....5..&.}z..dW.."..|v{}Q.............BB..=S*.|0......#[...M3\..,p....x5.l....... <f.....1...W......i[..g..b..<4.,../39MA....M.GM.....]....?....g......C|....7n\G......@..l.....x....l..q_......#..lc..f..... .u.......]%..L.i...j...w...<.#...._Q.~......,us]... ..jC..5$...<..u.V#.oy.~a....<8s..2...;y;

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=27525120-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:19:24 GMT

Content-Type: application/x-msdownload

Content-Length: 2022224

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29709

Content-Range: bytes 27525120-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

"3.,..0N..$nTU{...2.......a%......7........p....t..Fl_...)...=...of.R.:...P...9......k.h......6.db....y....>.6....!c."$.W.j..}...~.....K.V...>C.6.. ..F..l...d.s..!.@.er.P......n2...$..d7N.}...^U....t....F..c...l...id?...._.....##.......\!......-..w...{.0#..6.....6.d...pEF4......... F.Ask..%.g.s.u...?.....1]p9..g-.&.J..8,.Z%_.Oa..z(....D.a.X..,.-*..L...U.K.y..M(.....1.....*...x.u..5H...6I.!E.n..9.l........."!.....rS ce....q ....Ja...CK.?_#..o.nr...v.. .....2R...........&.}>.......j,?Aj..m&..U".Lg..K..dx.Xw.4.I.(].....f9c.M(S..#....[2k!.....6..J.9..?.a.....:..Z..s...u...K$.....4.|....1].c]- ;.S..vM....V...8.d....w:....q.....c...\.8...m^............m..<.G...`..4f.~.an.U.s.0..<a.5...._2.S)y.,.......x.........9...............)...IglN..lifk.TjAO._....W...".uT....AS.......w.F3.=.|......^.W.....e(..g.$\A.1.rqh.@...82.G.%....p..~.lP......BH|..6&.[.r.XQ..9 p...... .3.......z.X....:.e.=G..m.....d`G...\ .?..l...1..<.J,d]...1.j.@."T..!...N...C..E..#....,#gl.%.............7.W......].._..%..2..p..e.)j.@S4.OI5@.7[a.....X..*.$....../"......Fd`....QI..z...9uy.k....sB.0.O.......PZ..}.......28`3y.nv...2...$#Sd.......x ...^N.s......QY.sj.e...o..c...F..9.R.. y-%...c/. ....|.Vc....Y[H...}....Yb..Y.F.....u.v.1..a..P-.rc'....<[u.z....q.MG}.t.....Tr.w....Bg..^R.~.....LZ....^M=`....7V{....`....L.FC.My......mM...${..\....@...y...&..F.....~=..ym&.S.....2.5$!.fQ d.w.<,....m....X...<.|.."PU'...P...Z.B..].b....Q ...f.t.....7...6NN....cvl....w5...#..n`.b...!...A.........gK.U..@.Xv....6.1Q..._.2...t8.c.5.2...........j

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=26214400-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:19:18 GMT

Content-Type: application/x-msdownload

Content-Length: 3332944

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29703

Content-Range: bytes 26214400-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

.^..j`.$...G..lC.W...aBs.>.*?.l.Z.C..3....E...L.O.%I.7(f..G{....v.......~.>.............$.......P.;.........b").....z.......%..*<...k..u.;..r..\.Sk..3".@.....]....&...(.m..'(..a........"}rw...2.@...b...;&......A8W.4....K...fT~B..[.v...Y-d.@..!.-7.._...;...P..Hy.Og.!.k..A.'..MH...x....<Y$w...Ih.t.......98....... Mo.g@.{G.gK.(....W._..Y.e..l.k..%.!qVDt8?.... .RH...._..j..O........JP.e_~...}....aZ3.V.i[.Ft.....4..$.".b...J%p.....W.S..=.E...P!..c~..."...a.|o.vBT!<K.."%..}.1..f.\HH.....T'........9u..'.X.....0).....R...->..,..v.W...X..".B..IhF...D..%c....q;.BY /..`t.:....Y($.^..w.A..*$..2@.....4.1N......H....W0.dk......2....H..5.D(n2.(.).E~....... ......sT.... .,7......,.U.!.N..*.``u...........1_./.<.{...D.t..[.IZK.D..s..s..~.6...h...\.uvq.x.#8....)GW..0.....y!'.fc.G ....".........X..>..u..s....|.r..I$U....UHi.j..'p..z....m...K%f.".'...k.j?.F...o...Q..Fm.......M.....b....%Ma3)C.D.....x...._.y....q....Y...%'i.tL......1. ....#AE..u.q.B..D..0.?H..3....I.V.N..}....a..a...........*.d........|..M.?..*.....t'F.s*.n.y@P}..&........~...*S...|>u"..`...R ...4.,......?.....F%.I}...v....."|.QT#"6.=.Gz..4..!.Z...."..]F.`\(p......>..dbF..~q.R7..|6.d...]...2.g.&....=.;..P.33q.}N.3...%.)..y..V(._#6L..6...%3..2r....T.>B..._.>L...T...>.....J.Z..*Y@u..0.....tNQX.4L......a.........?I...q?.RD'.-.s.y..qy...RJx^z.....zx3..\..".....^...p......3.^..T.^A.....q.6....v-.....[2T......._..&.....-....j....wt...L...>.,...(.88......6d....y........<............|g.n3...U.x....F..N..a......hV..C.{-e...{.(E.&g

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=26869760-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:19:21 GMT

Content-Type: application/x-msdownload

Content-Length: 2677584

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29706

Content-Range: bytes 26869760-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

./{..K8*.MS...9C......_...@..k..e.......^.g.*v. ...O......%.....!....../Z..|....?>..E......{|......L...l.,.f..I.%JZ... .....)...ye..t\..F.' ....Q{dKZp...@W4.....4Q4...O.8L.t.......~J[.}.h).....b.%.C.~i..Rd.{.-.......\....~..../...........ap....J........{%io...q...]....F.0.....F....4...j.M...d.Q.......r.5.` 1l..4..po^_.>q.m.d.../...7e=......r.,f{.....JP.w..@@...3........B.ku..E.&.5....qr8...xm.h`N..u./..`&...).g..ua%<.u...B.{-`%..QV..X.d.....B.......xC.d. dG.....$..C...g....hw(.1~<.-......3.....sg&....(.X.....$i1f.77...q..3?.Q..........0 m.[.F......q.....X....y...u....H}ap...\_..m...U.}..:....b.%P.....k...tU.]....<.. f6.$.........mR...o....^.K.#.*^...)..c...L.....wa(.......%)....Z..".t.U.&..?...Q.../s.....8a[...b.....Hel..o)..;...#..`R..Z....{Z.W.......)a".ss.......jam........Gg4S}...X....S...!`.m.851Wm.....=...n.5L..Y...[.j)...o..Z...m.'>..;..j...v._..$..D..ynn.w5...E.....}-.3.[ ......@.......g.3....Yj$X#...._.?.<..E.g..4S!*..5[......6...bK....20 .Si.9j$..5@.N.=.wX-..@....:...0...^.`...1...=...g{..}f5.<(...D[.B...."H.$.Qcp..yI;.S..vTB....iF.hd..4..Z#..hhHC..qlM..V%...h>...-.U..^...........dp..."D...g....~iJw.;.zl.....B.z..Z2..;N..R-. .C_..=.*..k:C.$Rkg.9.z.8.$(%2..jR....5t)..}}.. ......-0.F...2..._.. ......(Q0......j.O...4.....Yc/~.L...zd....*....3.z..1....Mx.....^...Y.M6w...D-`.....j...f)F....K....BL.g.L5..9..Y.(m.(.>............R......^.j..`5....eM.N@.........p..a ..[."..L.....D.{......../.sD..h..z.hA..w....8.p*...7Hs......Q......<.j.{...T....5!...7l"..K...O.WU...L.QZ.......A.

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=29491200-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:19:34 GMT

Content-Type: application/x-msdownload

Content-Length: 56144

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29719

Content-Range: bytes 29491200-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=29491200-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:19:34 GMT

Content-Type: application/x-msdownload

Content-Length: 56144

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29719

Content-Range: bytes 29491200-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=22151168-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:18:49 GMT

Content-Type: application/x-msdownload

Content-Length: 7396176

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29674

Content-Range: bytes 22151168-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

..?.....Q|....."./.... ..e......TK..;..s.....Nx_(.2.b......./#/.....(....O....fv..AG.A...).v.2..t.{.J.....H...g_.......>.7.UW....}..{7.h.p...o0R/g.l.dF.k...@....Tn.U.....Pu...I.(9ss.[nW.,..-...".?=.q...o.Q{.....}.".l.....t.....36...V.-4.........).h.@. U...*c...R!......'&..^>>...l..?...T.d....uf.......1..7.PK.\6...]..]..a.R..v.....d....k.X.v.^......o.S2...2...i...2@...6......-.....m........A.&.. ?.S....~G.[z.......#.yU....6!......O......;. ./n.....}d.uN..G...X.2...d.....E.....F-......w-p.7..=....R)..Ii.aC....... ...irs^..X..3....wE..:......{E...}nR-..d....K1.[.:....o>.Pd..ISzs`fe."..=(.?...B....:...F......y".$.....0S.&K...p8a.K..c..2.2.X.$.....6.;....l-.}@..3..0_K*.G...p(.......\.(......!E..<'Pz.|..e..i....~j3....jm..."<..'.....n.....z......./L[...x.<....q.....mi;.XR$fs.].A&y:N.w...W.D...........E...L1..1.G.#..{.A{=.......$..k................:..F...s....Qf..y.......N...|.....Q...CH...Cf...%T.z"T.*R?.'...=...W"*............5....Gh..../...Y...v.{@.[.L...O.Q.%...J{<!|.*...._WH;.p..p...m(v.. v..-.0...w..;V .....#.....*w.l.....nMe...#.i..b.....yc!a..).V..}.uAVjX.T.0...We..b}......a{.4.x..qY.BZ.4.nr....FP...!;.[m..7....{....J.q?..V...98.{......>..EP..Z.}Q..i..^A...:'.~..@r_!.T>q.....V..#e..Lm.&u..;..i...B.Z.>..o3...J.....s.(...T..?..f.U.U......id..H.....G.x.Q<v.!...........M..*F...NA....U.h2k0.[...K...K..v.;...(.oP........A.X..m.W....d.u....&.....(.m._...\NhSB......u.yY..).....^.h......p..O........~@..>1...-...A<......;.J....Bb......bz.#.c..:.N..j.j.Z..d...@M.,..>.=._...Q.L

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=28704768-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:19:30 GMT

Content-Type: application/x-msdownload

Content-Length: 842576

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29715

Content-Range: bytes 28704768-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

.,.r..i0,...c..*.B.....}...?..z.. ...:3...:..4.%Q....7*.q..u...&..T...(]..z.....)k1U3i.`@.K. C<.b.. ....g.#......@...(.........0.\;: .....cV....\.R...v..6Q.X}.G.LU.-r....$...oR........,....U...yR.l.G..)...P..F..Z..1fC.............@Fd.....@.~`..K..X-.Y...c...R.wk.8..qy..U....G...C.JRD...|k..f..=.....d.nS_J........~).X.j.......N.....,xx...i..'....<.j.q.y.....Yzj ....i.....s...n..X"r.... .\S!..[...r>h[....!B.....-uET3j].5R.O.@b..37z.5/.J.......x"..hvj.g...k.._....._.....4(....#MS.....YbN`FJ9...]......lq.h.:....'.f......3GyX......%.....i....V..]....Pm....K?..!/.Z.)...U.....0z..D(.'CM..4.........>.>}[o..l5....C..y4^..]../-t0.....p@pG...(...k&....)..r.cs2....K..L.Y...>H..J....}#J..)..7..I[b.2...S..tAB...lL.X...,.x...G...A.....F.6LTcWQu...N...-...!N.6.......|...>...U.c.K.U-JIl..:J}...>.i...}au4.Z.mn.9]D...2.e....L..C.`.v>L..l....b.'..R.;...RD..\q$......M\...X..L...$`..7...A........$yg...c{.......G.......F.Hd\s.5.n.x.}.&4..0.I.(H..F..A=Q..ak7....p.....J....=............... .g......d..%y.......Q.....9..5_.y......?Ke.;...?s.#.~!U../7KY..GK`...=.4..B|..8N.H.&.r..N..Y.M....0x9.).M...Jz....z..S..xJ..$.%.c.. L.|....r..@.GfMi.hj.}.......n...t.._.e%3@.`A........#.H.s..!......=...j.dt.[.H0.......jb ...q.x.7K.w...A!..r..>.E...a..eo .<.:.e.Y.1.J.........<Z.^.?X.[....~..T7....ga~X..{a4..c[...Gb....'.<...{K...}..V..X.<......;......3..;>..D%[2.Bg....G...[...-41.J2.#.e....=j. .....&?"..bIh..WHK...|....Pb.!..U.....`l.h.AI.]......{i~@.*.....!...;..t....8yD..v.o.ho.^WF.L.CL..2.... ..,<%c.q

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=7471104-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:18:49 GMT

Content-Type: application/x-msdownload

Content-Length: 22076240

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29674

Content-Range: bytes 7471104-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

.Sd.D[%g..9.i..F......Gq}l..-........2ur......wG...t)i.l:.aZ;.!...V...C...#5..(uhm.....dE........6...D..<....z.._....\n(.}..../..S...AQt......u......v..G..0.jY.Y.O.*.PW...h..V.^..T../.r..5w.p.S.....rg&..`..4.`.r.pD...z..s.B....ig.#i)..........%/,...X...*_[..........R...0.d{.5[..P....3..v......C.\.v.....x...........\nb...:..........%-.guMM...{...~ta..C....~...S.U...e..m5.Sz./A.g.S.xX..jpo..e%.....D....(..8..s.)J...........p.....q~...U.3l....>.(9....j0..<......(9..S.3L..^...1E7.Q...VqG...:...Bq7Pnc...f.V......x..})..T..?.......F.ZBI.F.6@.vo.R..8.L.....].O..y.y.91~p..Y.S...v. aE. .........>W.....B.........D.......?r......B.P...v..!...........9..*..A^{....x..>....C.........P...C{...>...|.W....r.g...........Y8,........q..`a.-....d... v.s8. ..B.y............/..3...]....xZ3.~,...=._.....I...Bo...H........N*...(.S.;.....8......%]{%@a.........Pp...B.Q.&.p~.z.."e.C..Eq......RU..-..2.G....vS..v..../Q..L.......Y.. _vA.2A..........3..2......8h...G. S.1..........&..:....c..P.^........i\.D..bv&."O.j..as...M.Q..rsd.b(..`.)JL..yR.......,B.QO7......Za...i&.F..Jz..p ......%...n..x?p...0>iP......v:?.....*..Z.f.......t.C...I.......(_...R!.h......c.L....B........6.k.......~.j..y.:..s[.~.q........<..>....WK4..>uG............B.y,...D.._....E....._...-...1z.../.~/...&.s.P....a5\....!......_V.`..d..I.W...yr/...Wy..A.'@.n.rj.7.....Xo...}......vk......U-...l.BLs......55-./'.......fT.u...1.{.6...........F..aL...QhL5.........oz..D........q.]w..t...K.(W:.".../..-.....h...O..G....&.q(!... ....}..B....i.STn.K..#..

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=27262976-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:19:23 GMT

Content-Type: application/x-msdownload

Content-Length: 2284368

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29708

Content-Range: bytes 27262976-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

.qu.....n.`. ..AX.PM.TZ.$....Z.u.dlaN0H.....p..R..fY.....P....Hc...g=E...........:.V.J..t.BS.Y,.....M2.._.]N,......V.f..~c`u.i..........).. ..p`.}..ziz....1L..D...7.).........X.......cZ.....mA...}yq....L.(.a...i.W .....!S.............:D.\6...s>.T#.p.u.yE......%..k9\.....J........<..B.@&..k<.....I..........7.$..fqq...j4WM...X.;G........9.....F....I@[..5Q..X....".B.....W.O .z..L.c....H.S.V.P..yj.U..nu./?|......j_\'".^..<..t...%,.d...QQ.?..[.IY?.....T."..-!.....`..[j..s=&".}bB....a...Oi.J......v....4.I...._H.....A.............3.f-R?.._>...6..........'.T.....<._..;>.e.@:.SFS...Ik......fB<^W...N.9.,...~y..R.g4..8.kd1...$..h..!.i.....2.(H....:..6$.q....g.s-...Em.>R.M*..di;.@t......"..V........w).^...ev.-<............&/.:.........z. .E....j.Uj....5...u...?..2..q....<..b...]....q..g...E.....A..\.4..vW.7K... ..i9..|....98.....o.....,...n......o/P..../.s..7.W.=.1}...dp.O.o.Q....r.k...9......@"R.Gd..r..@jT...\V.......r.L..........\.4..v.C7..@..q...Dz.Wi1r..k.&.....?..... d ..R3Kt.c.h.....&G.0.D.;.\....kR..H1>..3.b.P| c..6....yy.....Q..aQ61v.....<eF&.....n..'....{.........{_.R...`... ..O..nc..v..E=i..3i..8)."\.|,.D:.[......C.|......;..F(..;..".].....$^!...>.w.>.}......0......<......RPS.....qV.......%.5D...79..\.i3.....W..3V.\VwJ...l{.._...&.7[...Z....^..z..l.L........;._.l..Y...Z.e.../R..O..h.Y.i..Q...,......i8..J.}.C.q.. e.o.............h..Qni..v.....%.8./5}.0.......On|.kB.,.Z.zK.......zJ].T._]..]..P{.a.!.I..B.3...j.JX._cA2.._T...d.......wY>U.y"m.......%b.$../..D...j.....

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=25296896-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:19:14 GMT

Content-Type: application/x-msdownload

Content-Length: 4250448

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29699

Content-Range: bytes 25296896-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

8....N.;.1...u\...,..* ............[.z..E{....36.........6/.4$...7zt.g.qw"8.......\...$.i.f .t.WuD@.......k...].....5=W'...wP$..3..t..>uS......I .U[(...I}. .......u.....X..M:.)o..C....6.I~...X,1.M.r.....v.*..v.....>e..-..5.A..o.......D<.W.I.&.....}cFS.Tx..1.|..B/>:..z..c...L'..IvV. k."X...{u_r..T6...W....O...l......V38Nth...{.f..`.>.6...7oX@>; xTzu.phAo......d.....JQ{N0;.B.Aa..|.Q.n....'.... ...........$...../..)PtT.,...KV....W.k(.D..x........e.}.-h.......Z?..h.P...~j .....x.3q`...&.[,........%..C..de.q.5..U..5.....Q....Zc....#n..u....#.#.(.....@`.5..y..X...%U.X(...I.".sG..|...tj^....@iI0..B....#......... .Q'.4.4...?S..8R8........}~.WqdD7...s..i_...&...n)..= .gncT..Y.....mc._.r.f..../..Y.>.S/k5...E..f^.....&^P....M..v}B....hJL...g.......d..Z$U.../<.:.J......).....>..,\{...%9#._h..Bw....0..l...T...hf...L.VY.M .~.1.r..j...............1y.b...<v.g...KY.... h.....q..j...)]..n-1...._......G..j7;...t.k....M.....@........N.~..Pi..l.}j ..h...l~o..Z67...;... 1!....-/...u!t=......F..-lB.r.......i.[.khu.y. ....-G#.J..$...g..C..J...}!J.QH............._...c......D.U.<C/.|....M`....=.$.v..Z....~...n{..X...N...@.m).w.m=..V..O...18P.t...... .2..\....[.....l....;...R...U....o......y>..k~LFI.$......f6Q....I.^.c...K.q/~Ac\.{...l..j...=.c.dc.S.n.E.Qu*.H(.......B>...JA....l...i....<.6.{!......`.. y..).6.Y.....)l.n@.,o.M@_..?HMH2...%F...Uq.W2.~..2.V...w3..Bj.ye.......iv.[..U......$.ZX..F..S.=75...?#.r.Y.6..1.Z..8{Bz;u.5...."e.....l..$...|.N.......4. .x...........7."./n.G..%...7.!{[@.1T.V.7..

<<< skipped >>>

GET /client/dllv5/BDMReport.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dl1sw.baidu.com

Referer: hXXp://dl1sw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.0 200 OK

Expires: Thu, 09 Oct 2014 15:53:58 GMT

Date: Tue, 09 Sep 2014 15:53:58 GMT

Server: nginx

Content-Type: application/octet-stream

Content-Length: 1207520

Last-Modified: Wed, 30 Apr 2014 05:24:32 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

Age: 1297486

Via: 1.0 sdytwt85:88 (Cdn Cache Server V2.0), 1.0 tswt79:80 (Cdn Cache Server V2.0), 1.0 shiben14:10001 (Cdn Cache Server V2.0)

Connection: close

Content-Disposition: attachment;filename="BDMReport.dll"

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M......S...S...S.Y.S...S.[.S...S.[.S...S...S...S.[.S!..S...S...S...S...S.[.Sd..S.[.S...S.[.S...S...S...S.[.S...SRich...S........................PE..L....!.Q...........!.....P... ......u........`.......................................................................j.......V.......................P..........l...@d...............................R..@............`..t............................text....O.......P.................. ..`.rdata..1....`.......`..............@..@.data....d...p...@...p..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

<<< skipped >>>

GET /client/dllw5/BDLogicUtils.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dl1sw.baidu.com

Range: bytes=688128-

Referer: hXXp://dl1sw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.0 206 Partial Content

Expires: Wed, 08 Oct 2014 06:27:12 GMT

Date: Mon, 08 Sep 2014 06:27:12 GMT

Server: nginx

Content-Type: application/octet-stream

Last-Modified: Tue, 06 May 2014 06:31:30 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

Content-Range: bytes 688128-924495/924496

Content-Length: 236368

Age: 1417891

Via: 1.0 wzpy220:8080 (Cdn Cache Server V2.0), 1.0 shiben10:10001 (Cdn Cache Server V2.0)

Connection: close

Content-Disposition: attachment;filename="BDLogicUtils.dll"

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD

..T$..B..J.3...r....b....................E...........e...M..H.....T$..B..M...@...E...........e...M.../....T$..B..J.3.......8D...0........M...@...M...@....t.........M..]/...T$...l.....h...3..w....\D....................M..8@...T$..B..J.3..H.....D.....................T$..B..J.3.. .....E.............T$..B..J.3.......hE...q.........E.P.M.Q.s........T$..B..J.3........E...@........M...?...E.P.M.Q.;........T$..B..J.3.......J.3........F..........E.P.....Y..E.P.....Y..E.P.....Y..E.P.....Y..T$..B..J.3..D....|F.................M.....U....T$..B..J.3........F..................M...>...M...>...M...>...M...>...M...>...E...........e...M...>....T$..B..J.3........F... ........M..x>...T$..B..J.3.......J.3..~....@G...........M.......T$..B..J.3..X....J.3..N.....G...........M..xY...M...... ...M...8.B....M...`......M...p......M.............M.............M.............M.............M........&....M.............M.............M...,.........T$..B..J.3.......HH.........M..8....T$..B..J.3..h.....H.....................M...,..........=..........=...M...=..........<..........<....T.....<...M...<..........<...M...<....p.....<....8.....<..........<...T$.............3........I...(.................h....u<....h....j<...M..b<...M..Z<...M..R<...M..J<...T$...X.....T...3..T.....I........................<..........<..........;..........;..........;..........;..........;..........;..........;..........;..........;..........;..........;..........;.........{;.........p;.........e;....$..

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=23855104-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:19:07 GMT

Content-Type: application/x-msdownload

Content-Length: 5692240

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29692

Content-Range: bytes 23855104-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

.....h..S...\.5CU.Av...../A.#.".XHL5.E..E.....`...5A..tg...[.A|b.2@y.8....1......ghu~.e.!4.......UW....a......pV..& ..|%J0.....K........._iY $..o...ao.KX.N......N(.NM..].......[..9.....r...X...:P..S..F./ ..".%......}R@_ :..v.v@c.:F!..!.iH..m..^[.-.....{..........t..F.o1.q.IW ..D..yw.x.BP..a.k."......K/......d..9..& r.}..O...ir.G ...{./.y.2yz.....(<....(q"....`V.........).U..$...;..}...../..I.vB..CP.i...}........=..D..'..=./....o..)0b..q.....9YH.7}.5.C.2.t.h'.?.....H.H|s......`3>.V..d...L.P6....p./y.....a z....i8..}..1.$v.iQ..~&.si..X.....~D. .I....p......6..7.g-8.q.l.....H.;0n..{....c..K.;:..ZG...>.}p`D8.....M...PQ.(.NX..5m.&..(R.....2.Fm.. n..;.\7..8../#m.n[.q.6#..i.3.......^..S.....k.s)C.."0... .......>.l.Q=.s........4.z..P......(.......\[iO# ...Y...=....m...EH..b....(]..=r.p...yKOt..A.BN.q.[...3...\e..Bv.g...`..[...h...f5.s...(.....K...Z..;\. ...D..H..*|.......'4.qXf/.....4..V..`..z..P..Xp......\..K...Z...$..Y..(......P3...G.AQs s;%L...u......_..a......~&.O..8r..U..3.k.2._../..G....2....,mh.Y..'.....x......iX.m...OY...A19.(.]p...;....Z....)....&O...6..J.t...u^0.?z....pzlFUM&....9.......MTTVt.T.X.@.8SQ.F....TA*.k.;Js.#]...#.r..l..@;|."!.....`G_.;s.......v.u.X...-..rx,..$...1.....e...B`....WQ.... &.Y......^:pm...$..6.... .&..:...`q.,...U^.gp.n.....lf..m...T.i..?~...B..X.?.m*T/..uE.$y....m....AUWA.5...$L..13..T..HGB/...m.V.W.\'>].,q56.;...X.Q..)N..2.Dc?9g..Y.b...U.Co..lCj...Y.&,........~Q..G.....a..........p..V..~.k...GWV.'.P(]B.>.PU.WM<4j{k...-..Gb..s~..6....Q@ ...X!..v......'.Q....n...

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=24379392-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:19:09 GMT

Content-Type: application/x-msdownload

Content-Length: 5167952

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29694

Content-Range: bytes 24379392-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

.3.. !<......^.VT.....$.?R.9).....P..;.kp..`.$-}.%T.Y|..;.....B'.z......ER.x.%..PT./)......JJ.|...p..}1"R..ZR...D.pB..\.o.....T.,..W-..#,|.B..H..s..:W.. z.:......m%..&x..9..X..aA...p.*..c*t...YZ...h.{......n.\..........B2...R<.........x...o.1....0..E.*o..|9..Ra..$..,1............-5.......R4.r.h.]W..F.".....&.'[........s......O.\...vK`.].D......nk...%Kb.......S.......*3....o.....h>....I..apH!..L.}....d....o.]......jZ'...%.X...E..6.B.'._wG......b$m.?..w....z.;.D.r.5...X..y..(G.#6_O......s.2.c........i....Da .h...{...5.xl_..zN#^.6*f.....riP2...B..._D.&......%)%;...(...5.4@a.:....~O....zjGC<....*3..Y<...d..$.Jk.2......R..?.....l...*..9.b..N~.4..7.l\....p&N.$...I'V"..L.D.......W...9.\.a......^c..ny.......d.8..d..hX.m...\.....;/.=..L..Kr.{I7.....i@8......h...|.....)r.......}........P..R.fN.l...{.).....Dk...i%...... .....B..d..t.s.U...V.....0.t.G-.......m'E..S....k........%.b.pVM.u... `0.'.............z.mMkA.........9b..GU.......!-.bf.tn.@E;YJ&..1...s..v...H....&.M9...6.......p..q..s}F..Y..]........s.{.#.."I2A1l.....^Q....~..#.x..1..q.}".7.L.....(......(6}q.....9./0.w.=tn....I.........."d.@{OJp.h...".k.....O.......|N........(..(...?.%h`..T.Ggm]F...?.~...e.-. ...<...p.tx|.........N...Chk.f.).5...i...!..-X..1BC.#..S.ndL....P3..K...A$..... ...V....I.i.....^...o1t,...-...9.....^.......].H.CXQ..R..l....<..8...H"L..'i...X.K..MxG...[T...W.tj.&........7....m.`..3....]&t.......,.H"....l.ys........U......`...-.xv.43t...@-.=..;.Z.(.LC.<8..VP`..J.I..t....._.<..._?;...9..*I..a{.H...TNrS.xKH..h.1.q....#d.

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=24117248-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:19:08 GMT

Content-Type: application/x-msdownload

Content-Length: 5430096

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29693

Content-Range: bytes 24117248-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

..dev...jc&.=.a."....u..`.{... s=S.%...[%b.g.z..9..w....Cg.ZR.Q7......8.2r.....V.|.K....O.a...l...v..j.-.....%!..l.Bg.C.....5.......v..5/Z..:.)..L=.z..S. lBAG]..9.....'...d....c........~UL.h.....K..D.sA..<...........i.?!Mp.Q..^G .H'...kMQ...j.m.]..r..-.C.......'.....2j..i.S.un...v..L./...n.^QQl......m..[..q.T....E..I.?.-...W......V.t1..!,.v....:..........j.\.......$......xl.....[1....L.s..^h.{..T..*....y..L...9....%d..F..huW....7".{a..........Y...........R..AT....,......t..].. .>y.N.!R..i.C.!.F..-...... ..$.L...]..l.?..Bz.-..J..."7.49.ay......!o..Jp.ue.......O..'`H.... ....$.,4h.Q.$1".?q....u?........8EN..uVxM.'"O.T*A..5..o..........h.....mX.H_.A...B.../....$...i<.1,..k"... :.i..k)1.6.d.%..1.ds...._HE6.LbYR.H.. o.....*.......7.E......NF6U...5U.m.V[.}O.2...t.,.;.g. .y..=.d.s...i1.S...cU...8...7P}.....'.).....syIw....U.Q..>...j..Lk..;\..3....\...3.R..K.\6.....A6.H..l..."...)...CZz>..uz...(.r.f..j. l.1...w.c....84..U.QhmQ..@..i..2.F....)...)...#.........H.H.. ... .O|...i....\.....s......?*m.!............S.X....H!^..ua.....}.H.....\.p.i.?O....4.9..,..O..*.(&@.:...0....O/"9._............4.w}L.ji|#6.[........Q...7.j..D..Qz....q........ ...!f..d..@...*../..^..qx7..,k-...F...^.&j@.\...a......K..=.5.. .`:_..I3.....V ..>TO.].4u..w../F...uX..-4....xA."A.e....s.\=D..a1.(.......(KO)...4..K.:xi.L.T.....N..o...3...J..M.,...x%zO..g...98.....>.............wxVel.H..c. .l=O..Z.c%..aM.;....u...*S...@..GY ....O...*I.2.enE.c|?.H.i .&....H....f.yb./.@.....*.... n\.......p|9.c[5.>.G....O...W.....LWK.......H...]

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=15335424-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:19:01 GMT

Content-Type: application/x-msdownload

Content-Length: 14211920

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29686

Content-Range: bytes 15335424-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

Q....o.A......}....o..Q...5E..nL. .)....D$....&7...$..C..I@3-..$M...x......~.j....=.....U1.}F.Z>...R.........`.... n............;..[)..{S..!...0..`....;$......e.....:.. .3..&@.ko.....:..............u..6F...Lc2.L....O[>J...Xm...<.P.......=,.y!.=`.<B.2<M.|^O......8I.!.!_...l.b...Z.EI..d.......s........Wv.n..n5T.6.....7...u|]Nx..D.K..Tv..v..7.c.X._6..R./.C..........5~B!......yYR=u....4..4.t..>..R.x#..W..6s..}V...O...._......_.Q-..g.....6.......qC..JF....TcV Z..I..8Wd...7.hJ........s<.5.G...\x&....._..=....:..L..................`...Tl.....w.H}Lfl.'g0M\.D............Yv.[.G3.zC....yh/.....?<.........lB..........m.........O..Z....L....uL...d..PX.".S.......g.K......}...8.a.....=....=.WD......5..~..kX6:.>..H...8d.k.6......%A.....K.."/^..........?V.).<....D.w.X..1..L.S..8.j........(...S....?.....R.%..............|.&...J.k. ..n!...59&._i.i.!.....or.i.8T..Ioj.....p7%C..j...z3...Hb.<b".....eK........*.....f.. .ea>A.r....M.pn...;.oU.Z.I.T...S.5Y[.*!U.MQ......!J*...IE...Y...h..5Z............Hw..k9..,..x|..4O..4].>&...o.e.M.....tf:...J...K./(D..f...}...-..K...}. M..G%.2t...m......\Z.......W^.L....aK..D..=............;.0|<..N.../.S........\._k......=........{Q..=...{v..\*..|......O..cE.{.U.(!Y4.,.........$K.s.........F..T..[.FSDj....N._....c.B`S...h.\.v....X>...C.^h.Ls.......gt<.vd_....EV.(MI.JX..A....d-...I...J...&.=.-1p#...l.....u..*.c.S...T......5....6...ln&....}....g.D#..U.H..#.z.8...e...T..........].zQ.....#..p...I5..... ....P..c..l..!.u..=:.)....P.....G....6.4..#......'.=...

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=29491200-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:19:34 GMT

Content-Type: application/x-msdownload

Content-Length: 56144

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29719

Content-Range: bytes 29491200-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=29360128-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:19:33 GMT

Content-Type: application/x-msdownload

Content-Length: 187216

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29718

Content-Range: bytes 29360128-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

..0...(....-b{........../.~..e..2...,A...A.@.E%%M......`..L.....;:o...@......I..|...Z....Tf...r.a.......G..."f{...D.....wui0$z"..D...... .^..n..#oT/.^I.(........L.f..F..Kjh.B.Av..a~d.-7..Dh...Z|.0......g.. ../..5..u..7#e_....w...!D......#....d...7.T...Vu..=.y.!{.I.%O..........0...H.@.j.....h.._......1L........&N|........."v......m...j,Y...%..LJ..r....@.b`...V.%..R8.m.Lg......s!6w!q.fu...1.Y..>A.=.K...U........@.....4if.....`.bN.....<.......P..`...Yw..<...../.%W.....;{]...IX.[LcM(X.).................Z....G..W.......r.E.F;..|-.Me2...I...........%..GZ..^......h.<.K..I{.u.z.....G@W..Y._F.s......e'...)o....P.......J..d....D]r.p.....=..GY..=i^n&.......Z7....X.e..u....m6.7.,GU..5......Q...Q...w.......dO........K.........]B.. ..97.MvZ...d...i.Ti.~....,.gH3...B.........x.?....7~......./.....Y.m..72.>.p..I).YD.0@..0g..H...ySx.-E..............m_.[.f...@.k.)C..R...L.gj].]x.#.WGT.L..tj...*.6.wt........4<#.g?.T....3...k.9....t.^s<<5.#.|u../.OM...3..f....M..O...i..Hq4......$.........T....jt<....DwI...?)UT....E..x..#...Xk.......U.M.!...}.......#......fQpU.......U6.!..i...[E3[.'<y....9P..-...t..!.bz.......N....*.%k9...>}.....O.U.k..h..X0.....n...Q...C.fH.....B.....NF.B...e7...$....-k..L1...(......8...[..m.....*..*@.2...A..h.4z.3(cet..Nq. p.....hpiL............."X.........\...$J.N.cF.U..t.!.....m.P2.{l..o..~a.wj...#.....ZR.b..z.pY..|C(`p...B..&K...&...N..i....3.`_..&.C1:p.",..[a.:....M..t*..e....bA,....hhPq.....j.....IsD..a...[..(.&....5_uE....6....s...PJ .(ta.O...#..9e........C.....u..6.........

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=22544384-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:18:57 GMT

Content-Type: application/x-msdownload

Content-Length: 7002960

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29682

Content-Range: bytes 22544384-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

v.y8|e..s....r..V.XA/....z..UAYj....FgO.,..kUp..M...8......j.....o....z.;..../.w.(.D....V.B$.......X........}..Tx..........6..xx%b.......^=Z...[(.....S.....JN.. .sd. D.'...I.. ..J64....4.J..h<...R)J@........s..,(.e.K6U1......rJw.....o..!rl....W5p...........R;..L......<...")%$g^.>a.n_y.C.}.. .j.q.........j....Z..QNE..........W=..Q..f....<...A.x.Ms.8.... ..1b..........d.AP).W,..].y.h..%4U..,....J.xG...f..P..Vqm.W.2:.).7.........Y9..|.(v.n-8............<.W.XY0o..=mr....|i].....W^..Y.[....A.s.....0T.}..AO.,.....X .....( _[h.q...m.O..V.0.K&k2@.0oX.G.c..u..t.....G..p.....7.X?.......JU....=k....o.,....1I.....)p.`/C..mr}wQ.{.}.sF.....t.6s......^..r..........,.}..'uq..9.c..~......Y...d.8..'.(".._...c..F..;.C\.$.....K.:.p.....[..yr...YS.A.:.|...u.[..Q..G4..F./...a...N........N.w....@.c.......D\..S.H....>8...Y,J.......f.H.......qg..zA..w.c<......OFB.&...y..66...%.t......n....W.Q.Dh.GP.)3....r2P..........x..{<.).N]....M&VJ..,..A.....%......\./...........C..9U.}3.VZ M.P..Lq.{.Fx...).As......@<$A.......x...^RC~.!.by..hY.,.6N.<d.~H&2...P.,BP.#.D_ ..|........V........M..FB.&Q..k.U.s................m....O...*f.R.)...E..oq.uJ..I....,.R.*F.\...........!K.p.e.@..z..!J,.5.. .....rE.k}.~.|....!.yb...`..r.@.n..p9.2..G.Z_jNP.=...".x.i...2ui...../..:.......<....O[..t.<...5}....*.H..f.......n..."v._q.0.NW.R7..k..(.[.I-....DC.U(...I.S.>.8.1....0.v...bo.:..^.....rM!..]V.@.#.-...a<._...".p."....Dt.c.^......f.!..._..O...W.....k.l. .e.'...a...-.T.qyio.....JH..P.y....x..a.*..".u-....J.5Q$.|..w...p0..)

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=28442624-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:19:29 GMT

Content-Type: application/x-msdownload

Content-Length: 1104720

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29714

Content-Range: bytes 28442624-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

.Oh...T.Y ....Vciv.Ck~..9.Y.}....{./.<...3.]y5..l....{......K2..N.gdn..].'.....vy...6..:.9....K.i......f..^..].....|..._&!.u.|......l.......".XB6.{..............D.3%.R.....4.Y..... .vT...6$....(.................T..V.Q..rFE......NA9..6#...Sg.s9:b.1.Z.<`....,..(|(j6..j..m....].>1G.%.w|.'......S......#..~....P|.....6........J...?.Z.?.....s.......Q...........F.o..U1....P.$.G?...'.{.q2.......=...5......?~..-..=..6..'Vh.y.Y.]%.($`. .......V8V.l...JY...j..}S.7...l.b....i!_..Fot=H..Z.z.r...>8z.xD[.......8.Pl......&.R(.%e.T. [h>...N.."Q.;.j...).@2h.&f.a..kf..=4. X.X.?{.7.m......h.\..6...w..p|..C.<.. .b.._..U.............d.U.O..al..........]...c}....f....q..o....b.....$;.G..q"...:.....X..F.N.m..Z.#)\...A.T[.CC.I4|).oW6.....>..M......}ZB........m;...FN.....N....v.}d... st..'.......C..7.w'....@.S.Y..E..b........W.....3..#C...Z...v\.N.]*....)n'.VqY..\.Wuu..h.m.3.'....u..T.......yPh...V...&...@S...@Y.?6bN5..*..n.a.....,E\.....m..A_.[%.........E/h..q.......`..=.../........I...1_..........n.z-.,e.}iY......(...F..x.......V..:.M.f.<..............ocG.:z.V3..JzV.....V.GU.....g..#.'Y...t.5.....@....q....xW?OTeNa..M~..(&..0.....D......*...%m....oLF...\......kSM.......s.....!|'.|..!.3c....$....`.u|G..EU]....X.0.(........l.....:w..?.....f.....i........FS.D..V..\.CD.1zh.,.e....v..P..st*..I...cM.(..jC1..>.K...K;....U..j|.D....)Z.2...?.*.-..u.Pg.rm......8./.".^....ecy........x..X.lS..y,3.8...G..47.."E0_..R.f.Ql!...?lB.;<........ X.h....q.s.>...#.7..t.f......p...,..8.=....{..&Z5n..x.X.$.c.........#........

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=27918336-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:19:27 GMT

Content-Type: application/x-msdownload

Content-Length: 1629008

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29712

Content-Range: bytes 27918336-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

.c..PT.T...6..n$.a..j..w......4.!..B......../..6.<...J..".*...D...vs....W.0P....5.]liZ....P._KQ......*a&..UxO..V..wp..M9.l..j^.<2.8.d{n.iu.l{p=h%Qf..R=....._\q..3.!@..-n.e........W._A......Lb..[^..n.S.......;.4..iR.A...{5u...s). -..I....U..................>.E$..{...g.0i....j...M..5....... 7i-.9..E..v. .l..V.. CIB.....N.hA.Q.f..q...-.......... .P.N..,....).*^\...l..f..B...l...w.... f....3"5..&...AeU...K..........v..|...u...x..zY..^.{i'|Y...K.......h.....E,9.F.E'nD......v.t.d]. .... .H...h....9....2.Z....SP{\;.B`.i-&.....K......d....(w$.W.......\'.#gL....a...Fm...@: .& 18.]...........Je.}....q..........D... ..Nh....d.r\.j.i!....59?j,..p.VrP...3.d5..|p7..3WDz.x...B.{..."......,.7.w.....q...q...D.1....................7L.>.....5=.....J...$..;..!.nc..d7 ..n..3....54c..s....=..Ll.u...\...&....mn.....~.mh..P......=...a.>.......O.8..F..3..']..;C......#.P.^.<. Ps.......w_...X..U~...5...8...8._.0....5..(."............%..........U..d#...q........../U.....7..6B.....Hi..0 ..rpn....7...U.l.....5N.#......?....U....0.V...~. 'C.g.SPDA.Z...O./wc1../......po?.....;..}.......Y.:...4[.W!&.qu.c8h...P?..I..(^<{.2..w..AN.]..teB..`QO.m..0..5!..D......N......h.....tV.}..C.b.\..-.s.>..I...G..E,zE....u.EY./.t(..b...#6.aw.[.X..] .....G.,...&|.. ..I...:....D.j.=e...<m%.R5.....[c...v.rtce.V......[..{...u...=..|..d...9..-o..... ..M..3.m.......DZ/..4..>...l.[.]....0....5...h...C....]...l...I. .t..KNYv..$B.. ....S#N...#..s.......G...yt..6...7...4.[F..)!rz..Y.H.,;..\d.... .....E.......h.B.....k.-|G.&.g........<...

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=23199744-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:19:04 GMT

Content-Type: application/x-msdownload

Content-Length: 6347600

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29689

Content-Range: bytes 23199744-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

.}.|....&.G...yOI}...P..W...o......PJ........D.r:s_......(G..P.....c4.......%.Z....)...W..i:.......\...c....N.....z...H.]....1.$..uQ...*...*.Z......Z..th.Ghk.t.".=..2....`.l.....H.BG.e........K....V.u.F..j..8....^.WL]..k....W.}.....(.8....../...Uf..9<*.;..:.P...r..H.. .D.E..Q.x...<Wq.?H.l"hK...02N.)rhL./..e.j...Q.z1G.O...(8.....#...p:......g.n....eO.L.R.... ....n........R.....0.>..G...... .)n.E..{jYb...`......e...............L.L21>...J...?..aS.N..........&...N...ijn/..[.1....."..3..]~...f......./~u#..s.=R.i....g...i.W}..M...D..;..M...o...;Q.. ..:&.]jP.e..JZ..($.......$....j..a.m(E].c..iH.I..g0ySD/.l..Q,.(W.!...N.C$J(:o.QTsi..?^.!{X...~%.:lB.#..W........`........O..yD..(............/..Q-..s..vzb9%$l.8.AM'..uk^.S&.!....(S...._.....r......zg`..$....!.....%...mW...%.....5pe.....I.o.S8..v...{....X1w.t.[.I.....'......@..Z............@..8..Y.o..4.3.O2...p.Z..`..G.tu.k"...M.N.E.fQ>rS......F..wd.D|..\.5..aU..k(] ..r.8.......JE..y...g._.........p..<O.<"O....t..9.3Qa...F%.hX.f.jo!...,(..q..{ -.......>.. .(..k..MA.._..\.....R.kKl.....i...@......V..9.R.........a....D.$.|.E.X.!....ja.. .{.......PW...k ....g.T.M./....I.R....y..e$W.h..\c.......(.7SUE#M...u... ..f.....).......)I..k.....@.F...?.Y.p.vXoUS..B.....&...1..q4^ l.L...........L....?..}. _V..Z.>../..1...i.F........|S&q...Z.J...V..}.........z`.(VmX."..s.8.........WM.. .t.LT..x..-...>.(.....y-:4-.r.Jt.h.....d....W.V......&....3..g........ MK.....4....T.......*.X..s..O..J.$e.;Kh....V..z..h.(...E..k...............AF...)...{....r.5jn..5P.J} aY..

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=24772608-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:19:11 GMT

Content-Type: application/x-msdownload

Content-Length: 4774736

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29696

Content-Range: bytes 24772608-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

GgC....@.S..x...J0![.......0.k.j.YI..qm[...r$.../.....#DW...........1..uQ.~..\.hq..v...n8....L.u...E..m/...G......n .w....{..............HRU.W.-5|.9.^..1#.-........d-.......}..x...L"........./,.:.Z.3`w.......6.o.._j..x..\.hKt..G.....!.1....:.........Gy;.7.;4p.;X.<!.Y&P..!)d\..en...2......h........(V.......m!..[D..1ri.....X....4....N.<...pe...p.F|.Dq...}..rh..l-...p....3.........werV;..u.B.c.2p....F5..../.....!d.....Z00..@...^...B.A..........S8..............W...)..t].{O....[.:t.....7.........!.R....@...o...h(..#ji.pK.g.=5?.../.....$6B........../6....(.......P.@..e..@0....".S....$bu..I\..u.7d.K8R...'*...o..=.vP........r...M^o...O.....Q...\.9......g...u...A.8..N.(Zx.^8F2......)...\]t..i).4E..EPiO.l.......{...{e....H....a}QW.7I.T.]..3...Lp..:...9/bP....d".Z..{|..z.7}U.r.od...J..Kv..:i.z..|......r.....L.xA5.....N.....Vub.4........!...q..N....l[9..n.f....1..q..q.............lx J\.>..fTI{tx.h..B& ..P.../33!..../q..G..o.....X..W..v}s..a.....}.....W....C..5....Q.|.w4J#.mJ..'S....`.r..Y.3.T.q;.e.X...vq .)!C.Z.`.ck.Sa.G.}.....E.%...b..c....`.=...Z.Y-WV:.u..).gt...y..1.@...g#...m..6..."....SD...u%....sb...o=j.^..^.C..(5...K%..Y.b...d..cV......qHB,_...;.{Ps......S.F)$C.^.}d.Z..KN|..f\`Tc...:..2,\..l...q..~........;|....k.X...w......'C........$...9.8=T7.6...]d....b;..K.t.k2.J.......k...<.o.........o..2...[C...."6.d.FEc....By~...O.f>.%......'.y. ,....<t $..u7.:.[..._.W.9...]o..@......U......y..2.Y..6.^.O.),i....JK.......&.......@.....<.."h......W...D....E?.)..k..}n%......KV.b...nc.COL...LNZ$I.lw-..../....

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=23461888-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:19:05 GMT

Content-Type: application/x-msdownload

Content-Length: 6085456

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29690

Content-Range: bytes 23461888-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

J[.Z.....=5.c.b.....%E..A..b....;6vA..j6*.x.,..>.._.....Y.S..@.r...xU}....6.G..........|bG.M$..........o.....P......D?W.Q.....0.$......I...Q<..........p^Z.9..d....U..Go.?W...A65.....mo...lS.5...M...F.."A2z.....p....!.f.h...~.OzC....Po.G...O..^...k.>./...X:dV,.,..t..HM.....H.r........k......?....NL..H....R._.......6...37..%.jG....K...T.......a.nIY.F.g...........9..Y..(.[...RD..a.i..{...:.I/..?O";.k....W^k...}3.%1.fY.."..a.k.....G......pc.zO...G...`...b..T....fk<2..0........W.|..[A..ha.FS..OnD..Gi.P..c.;..........J2N6.}.5 ..O9_........*..?)....B.....Ih.......S..:Z...J;O.....oF.]S...z..\.1._%k/%C.f..e[=..../1...!..wX...1.}.......nH.lo=.r..`..:{E..WmB.z...r..PX....x........C..q........Z....6. t..D... .\|....$.M.<D..~..EY@.4.Z..I4j...B......~.K..%.1 .;...'.3.H.]..8..#Uv_....F....g...Q.c.jK... ...............Z.lAgA....E2.S......9...-*....w..)..A....*.../K....#P.oi...[..A...L.....9o...zD...n..0.%i>*l.Eg..r.Z..l.<..P...[.S..0.GU...V...K.. J......b...)."w.[..y".....\.iz..2Hz.a.X7$,.\`......&.8......U..YB>..Im\......LM'3v...........T.2E]t87..|.`.....u:....(.........`.Q...xN...b........L.../.E......$.g....I!`...q......8....-.]X...PS...........@..`.....b.r..J~.q^.l..UtN.>.N......Ql..oJ..w....e...EFyn.M........yK.)............}fe...Q.s.W.[............/.Z....36....no.V....`.....-.S.........s.....U...|...C..k ..5WF....S4..!om^.e....*......v.:.... 1...X.;F..>..H...&.F...1"..N.`..f.it...5.ew..N...cS.1........A...A6^..N8..a....Q..Q.f.{.n;.N..3..;AF.......f..(..wQ...1.....t.@...z.d...b.......].....

<<< skipped >>>

GET /client/dllws/BDMNet.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dl1sw.baidu.com

Referer: hXXp://dl1sw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.0 200 OK

Expires: Fri, 26 Sep 2014 23:19:04 GMT

Date: Wed, 27 Aug 2014 23:19:04 GMT

Server: nginx

Content-Type: application/octet-stream

Content-Length: 1178448

Last-Modified: Thu, 10 Apr 2014 08:10:19 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

Age: 2393980

Via: 1.0 wzpy201:80 (Cdn Cache Server V2.0), 1.0 shiben9:8888 (Cdn Cache Server V2.0)

Connection: close

Content-Disposition: attachment;filename="BDMNet.dll"

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>.^._..._..._..._..._...P..._..T...._......._......._......y_......._......._......._......._..Rich._..........PE..L....>ES...........!................W................................................{..................................-...............................P...........@9..................................@............................................text...;........................... ..`.rdata..-...........................@..@.data...............................@....tls................................@....rsrc...............................@..@.reloc...3.......@..................@..B..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

<<< skipped >>>

GET /client/dllw5/BDLogicUtils.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dl1sw.baidu.com

Range: bytes=557056-

Referer: hXXp://dl1sw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.0 206 Partial Content

Expires: Wed, 08 Oct 2014 06:27:12 GMT

Date: Mon, 08 Sep 2014 06:27:12 GMT

Server: nginx

Content-Type: application/octet-stream

Last-Modified: Tue, 06 May 2014 06:31:30 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

Content-Range: bytes 557056-924495/924496

Content-Length: 367440

Age: 1417891

Via: 1.0 wzpy220:8080 (Cdn Cache Server V2.0), 1.0 shiben10:10001 (Cdn Cache Server V2.0)

Connection: close

Content-Disposition: attachment;filename="BDLogicUtils.dll"

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD

..........M.d......Y_^[..]....U.R.<......j.j..g.....................T$...$PR...Q.D$......D$......[......@......u.2.......PQ.L$... ..............j.h.|..d.....P..HSUVW.....3.P.D$\d........\$..D$t.x1.tLj.3.h.....L$ .D$8.....t$4.D$$.......D$.P.L$8.t$h.d?..h.z...L$8Q.D$<..........L$p........E..x1.t..}....U..z1.t......L$t;..y.ug..1..u.u..w..C.9h.u..x...9.u..>...~..[.9 u...1.t.....W...........D$..X.9k.us..1.t....C..fW.M!......C..X.H..U...;M.u.......1..q.u..w..>.E..A..U..J..C.9h.u..H....E.9(u......H..E..A..U0.A0.Q0.E0..8]0.......L$..A.;x.........8_0........;.ug.F..x0.u..X0V.F0.......F..L$..x1.uv..8Z0u..P.8Z0tc.P.8Z0u....Z0P.@0..8....F..L$..V0.P0.^0.@.V.X0......v.x0.u..X0V.F0.........L$..x1.u..P.8Z0u...8Z0u..@0..A...;x..v...G....1..8Z0u..P..Z0P.@0..N......L$..V0.P0.^0..V.X0......_0.}$.r..M.Q.D.......E$.....E ....U.E...)....L$..A......v.....A..D$l.T$p.L$t...H..L$\d......Y_^][..T...............j.h.|..d.....P..HSUVW.....3.P.D$\d........\$..D$t.x5.tLj.3.h.....L$ .D$8.....t$4.D$$.......D$.P.L$8.t$h.t<..h.z...L$8Q.D$<..........L$p...b....E..x5.t..}....U..z5.t......L$t;..y.ug..5..u.u..w..C.9h.u..x...9.u..>...~..[.9 u...5.t.....W...........D$..X.9k.us..5.t....C..fW.........C..X.H..U...;M.u.......5..q.u..w..>.E..A..U..J..C.9h.u..H....E.9(u......H..E..A..U4.A4.Q4.E4..8]4.......L$..A.;x.........8_4........;.ug.F..x4.u..X4V.F4.......F..L$..x5.uv..8Z4u..P.8Z4tc.P.8Z4u....Z4P.@4..8....F..L$..V4.P4.^4.@.V.X4......v.x4.u..X4V.F4.........L$..x5.u..P.8Z4u...8Z4u..@4..A...;x..v...G....1..8Z4u..P..Z4P.@4.........L$.

<<< skipped >>>

GET /client/dllw5/BDLogicUtils.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dl1sw.baidu.com

Range: bytes=819200-

Referer: hXXp://dl1sw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.0 206 Partial Content

Expires: Wed, 08 Oct 2014 06:27:12 GMT

Date: Mon, 08 Sep 2014 06:27:12 GMT

Server: nginx

Content-Type: application/octet-stream

Last-Modified: Tue, 06 May 2014 06:31:30 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

Content-Range: bytes 819200-924495/924496

Content-Length: 105296

Age: 1417891

Via: 1.0 wzpy220:8080 (Cdn Cache Server V2.0), 1.0 shiben10:10001 (Cdn Cache Server V2.0)

Connection: close

Content-Disposition: attachment;filename="BDLogicUtils.dll"

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD

........"...........................................".......,...................................".......X..................................."..........................................."..........................................."...........................................".......................................*...".......4...............................<.......G.......R.......]...".......`...............................r..."..................................................."..................................................."...........................................................".......8...................................".......t...................................".......................................(...".......................................=...".......................................R.......Z.......s.......~...................".......$...................................".......x..................................."..........................................."..................................................................."....................................... ...".......@...............................2...".......l...............................D...".......................................V.......^...".......................................p.......x..................."...........................................".......<...................................".......h..................................."...............................................".............................................

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=25952256-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:19:17 GMT

Content-Type: application/x-msdownload

Content-Length: 3595088

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29702

Content-Range: bytes 25952256-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

Y..<..(....6UUFr{.h..N!.T.``....gc...... ..G.T..$.J?...S@.F.... ...Lc.....*.5..@....@a...0h2........r..#3..Pb.}...F.....%:...^.E..f....JN.....?g.@8.H...Ui?./...r.^...."..7.....b..:.l..ngotT:X....=.\g......n.8......P .j..<.i.<.G.v.q.J....F.....9..kK 7M...[........E......S%Y.a..P...Os..R.<0=P..SuC..aL.:P..dG.Hk....w_3... =.y..k..@D..L,.....yy.[......N=.'....#..':vx...p <.bi.@..{[..H....b.Z)..`.yF.^..q.B...._%Q...p:.8......d/...q:neJ..........G..i...>7ge..o....h.\l..:...8..L.\..r..v ....g....b.....A......2..A../..:..EK..ptP;.@.zf.O..IlrQb.B.......D..R.E..\..${3...[Iz.R^...._..h.B.7o..W...O.....C..e.t...Hf~NVwA.?..w...........x....j8.$.`..fl........AU.l=.C.P#............'\.....d{.x...}Dv...oh....}..f.k......@..Eh.|...vZ..}...A*....ek.C.%@N...........w....r..K....@.^o.&....{~..*./....? .O .U..=?`..I....4..%}LD...LM...j.,...3|.N...pe.o....._$?C?\5..c..{[..L)...._t.....O..S.....#.M...T.. .0>.@.wF.}C.H......gvM.'.t.m.....L..l.u2.3...?.9.W..gLF4?.Kn..Q!<.4_...#..&. ........Y........k.....Fb&f.^.U..o.=.9........'..&..Bb2..W(..'.R.....d.....3........|\..Oi..v..d..]yr.#.,MG........pR.....V,..b..}.L..A.55..zW...f{.S.Y[X...C.F..:].."....!_0.T.b8.Wkv.}m.%.cVt."nn=.~w.u...vRX.....j.A....S.,f...u`....8...C..U.Q.m..f.!..&?N.H..E..gs...|0..Xx2.9..].&....P4..u.....s.:H...e....>U...Y{..2..h.0].v...Ak......J..b.!..8.8Q.....^.....!.:.T......i...U-..z.e...aI.H7D....-......G/e.!.~AmS..K [..m>.f.Ay..r<n..$.Fp....F...G}....f.........<q.H.....AU]...:.N.""}$R%}Y.t.../Y.h....a.b..Q..\..b.x.=Z..@...A]]..

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=131072-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:18:49 GMT

Content-Type: application/x-msdownload

Content-Length: 29416272

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29674

Content-Range: bytes 131072-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

_^[..V.t$...t~.F.;.L...t.P..\..Y.F.;.P...t.P..\..Y.F.;.T...t.P..\..Y.F.;.X...t.P..\..Y.F.;.\...t.P..\..Y.F ;.`...t.P.{\..Y.v$;5d...t.V.i\..Y^.U.....SV.u.W3.9~..}..u..}.u.9~.u..}..}..@....6...j0j..k.....;.YYu.3.@.u...j......;.Y.E.u.S..\..Y...89~.......j......;.Y.E.u.S..[...u...[..Y...8..v8.C.Pj.V.E.j.P.eB.....C.Pj.V.E.j.P.QB.....C.Pj.V.E.j.P.=B.....C.Pj.V.E.j.P.)B....P...C.Pj.V.E.j.P..B.....C PjPV.E.j.P..A.....C$PjQV.E.j.P..A.....C(Pj.V.E.j.P..A....P...C)Pj.Vj..E.P..A.....C*PjTV.E.j.P..A.....C PjUV.E.j.P..A.....C,PjVV.E.j.P..A....P...C-PjWV.E.j.P.lA.....C.PjRV.E.j.P.XA.....C/PjSV.E.j.P.DA....<..t$S.....S..Z...u...Z...u..}Z......Q....C.......0|...9....0..@.8.u..#..;u....~........>.u...j.Y.@........E..u...............I..K....@..M..C.3.@3.9}...t..M.........;.t.P..|1........;.t#P..|1....u.........Y..........Y..YY.E........E.............3._^[..3..-....t"...t....t.Ht.3..........................SUVW.......U3..^.WS..[...~..~..~.3..~............ ......CMu.................ANu._^][.U..$d..........,...3.......SW.E.P.v....0...............3........@;.r..E......... t .].......;.w. .@P.......j R.4[.....C..C..u.j..v..E..v.PW......Pj.j...'..3.S.v.......WPW......PW.v.S.......DS.v.......WPW......Ph.....v.S.......$3...LE....t..L...............t..L.. ........................@;.r..M.......E.....3.)E..U...........Z ...w..L....... .....w..L.. .... .......A;.r......._3.[.xP..........j.h({...m...........t....Gpt...l.t..wh..u.j .p...Y........j......Y.e...wh.u.;5....t6..t.V..|1....u.......t.V. W..Y......Gh.5.....u.V..t1...E...........

<<< skipped >>>

GET /client/dllw5/BDLogicUtils.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dl1sw.baidu.com

Range: bytes=524288-

Referer: hXXp://dl1sw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=25690112-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:19:16 GMT

Content-Type: application/x-msdownload

Content-Length: 3857232

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29701

Content-Range: bytes 25690112-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

... r..Cj@....@u..b.l.......m..L.X.d.f.... ~*.}).e}...k...c.2.h.}{CY.. nn.....#..E.9...G0,.F.4..<. G.....Ip..)./...|!P.....8...s..#D..J..D....^,'......?y%.lE."...D5.......3K.SJ..e.=z{..Y./...@*..S..Ew)..6.c...pds......Nh..{5...\......7..........G...e....I.d. ).f..~...h.o.....4....XP.)..z:j=x.........CE.2.n.....N.;..".."I.....r.R.....S..i.].aH;.L.BsB:.fa............-..^A!.r.._h....a.. j....on}.#.....~......<...F..j.T:...O.:_.C.z.d{7.T.Z#...E.r........c.....P.1'.'>[^ .r.R.aL....psV..F..Y....~k].^5......p...n#.}}...A.b...$..D...Kj....\[...}..O.f(49..|^..'...0.....S. W.`W.).9M...Ta...o5.;T....b').....h...o.=......r5.x.........V.r...Y.....!......N..G."~k&..rG....^B..mx3.A7..1D...g......\t..B..b<p........UA@.p.I...\...mCx.......5...F.z>............,,cN...]...y..m.Bj...Z..uSO..(..C4.i.~..9..5.LJ.!E.4:.rB.>}.....`'.......~.dq_.E._.n....s..I:..>.|..r.b{Q...r..#.......3.Ln.M..@..|....,%'.@h(y.Kr....4_.8a.....V...Q.Q@..=r.:.lV.e......l."...#.$.\.0V.......z....d. ....K.H.f".... Rp.5...h7.`..x....U..\'.A........iw..vC.?....z.|....p.&"..A...N...,.M.........wd.gy2..|.HjH..7._.7@..../,....*..BG.E...~F.....H.h8d.h.e....qk...F...!...l_......Zk.4..()....a.....-......-t...}BU....v....?.....\...g...d...T.BXc.3..Q..:).....=G.O.E....'...AA.^. R..2Z..-.....n..$........C_......P..F..^..lG....<........S.t.P.w.M8.*......{.!TF........nl...&a...N.......%}..==l...M..,...9..x.G..........y.J.5...5..6......%[...h....9.O....\&..8..d.H..\T.!Jb...sY....m.1..Z.Q.E..HL.y.g.......O..$.@<.>E]Qp.e...v..s.C............./..

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=25034752-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:19:13 GMT

Content-Type: application/x-msdownload

Content-Length: 4512592

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29698

Content-Range: bytes 25034752-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

?..o.H:......;...... n....|.}m.3c.&....1..I..D.,mv...X.k.~..A..u .Dr.5C./...Z"8..$'..W...i....z...... .Dl..t. ..^.#4o.9.k..Ij..T.}...i.b..4......Z..=B......*..N.l..?H.......Ix.k.......%.............>R&.....o..).......w.....Z.L...u>..2..0AF~.j.W...(.....t...jo.1k...)....|t~R...M8Qd.n.V....*Z...5.[\....'..S Gj....v.IN..Eq..1..H..~1g.....CFt.I.'...H.t:.8OpH......$%..l(n<S.}....c.......:..a|.8rzL<*....l.........~=S.....h./_ ...]WG.Va..OkS..P...x..}Q.o.0..t..|.&.60.D2.n3..k\!.<....!. ...7Z.nQ..o.Y...q.....X.6.......e.1.l%u.1..J....8...&....Qw...">........../<...c.........c..N.7......}-.I.q......2..u..;5t.....%.....=.....NC..'.......Nf"..G...f;.L.}bV..j..,43q......d3.9....^...1....'........Q.....H...3..:.%E..y.1.w....P#...C................2f@"..>R..l-..IYa....3`.C.;.$.....Q\... KW&.........G ...\.............~T._J...a..B....F.5.....CB.......K3.O@.<#.......B;.4. .I..e'"....Q...? ....m..}..s...^k|.x.u......a....E.............!B..q>...\...]J.0..^U.a..p...Of..".h.f.z.D.Z...o.8U.h.B.....R.(.B[.-^t;./.&..glY..V.6Y...9.<.J.=.Fq...y......1....#.>.s.Sj.F.t.."....&..6.[_...b.rVb......]... .8.:o'.-:.v.g......P....... ..;i...8..wA.p.8N.y...pw........y..Vz.nh\.(6]...>.A.F.Y.9..a.kG....U..y8..s.iv.9.r...P4aN`r88..E|......E/.o.h.0..<..a.BM.Y.. .D;`.....:...P...V...xY.......oc"#...._.N....|F.E.{1..z...2.0.F%i1lf..^..D......m.O\Fnf.d.=zG..d.\.5.{............!...>f3P=D.....H...m.b..^.Gm!....A_o6.[.s$.i.*.]...Y.NS.8?t..-..*..C...T! L......z...v. .?..#.n.@.l...4..oU.\.(.b.p..HW~...s..l.......

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=29097984-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:19:32 GMT

Content-Type: application/x-msdownload

Content-Length: 449360

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29717

Content-Range: bytes 29097984-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

....N."....m.4?.d..<FeQ.....(@...N..n....7....'.`7.).....OKW.L!0.i..U....Ig..E...^8......~..{Il..5....Q.jk..f..-..]..Oo...'..~<..n&.,K.Iy.Y..J..b.....!...0.....^.....k}......j.y.-......._...D..["....jD...........f.......*.8....B.......g.......w1.B...z}L...h.y...l..(....Ze..be..o.........F#.......i.d..,....:3..n....".y..,'<P...%q...a0L.Q.. ......HF .)....S.....S....._.$Z..3..!.....y........"..2..M...`Z.|......OlB*@.)-...I..;.9Z....J.f..{..Y.. {.r.Y ]...#..P.......Bj<3... Tq.0i.....{.^A..*#...e.....O...JB`o.:csg....Uk...Z..>..h.F.....H .B..s ;* .........t9.....5H..|K.~WQC........hv.(..........>&.H..c.^.O..3>jR...6.%........GK....rT.... ..._3........S.TB.E.......~..D[(6S@....I.|U./....:.....A... ..o.......s|.b....2..mW....\...4u.v....].J.].E.v..<..<gj..c...q.......V..........t..g.e..3..S*/.z..t].."7^Eg_t.6.8..s3..U.G\7&.*.;.{._.\.tk.tX..........wB......B...Bz......|.U...J....e`..GF.....O.s. .... .;.U...D.s..U..C..._..X._.8.C.UJ.......I..].,...'C-..Q...g#(..<..Q..i.a<..,.....K...2k...z'#W=..c....V....".i.2z......J!.#.5.pi.I.c.........{.X..9E3[,..-x.D...Ob..} .o.cH.)V..o..Q...M[s........=.pX...l..........h..a ..(}..l....wL......))..1V......u3.H<........ZG.....J.EN........N.b..n.\.5..pu..F.Y.4.w..`P.O ..b..&K..K....)c .............S*.8.;.&........R8..e...5..<"....E..L03r.^...u.J^......)O.5...........d.z..#.u.7....e.@.........B....6.....&_..$.....q~.!..e.-.:.b'..%.n.v-...4...e?cE...;..o..Ki>...B.......<*.CU.|....\......Q...z\ e1dG.A..,a.o6.D.O...L..rlu.?..^....<..2T.....

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=14811136-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:18:49 GMT

Content-Type: application/x-msdownload

Content-Length: 14736208

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29674

Content-Range: bytes 14811136-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

....".M..11.Q.$|.o#.nR..&^).~..j.t(....K..D.....fbzi...5,.R.wA0.J.#.L..d.%......?9........$.'.L..M..j..o..".qFI.\.5.zU...W.#....7.... .b.D&..*ch........|L\_p..B. M..19X..P./5. .6..Q..8S<.UD.,...4.5..G?B...U....^.2.Uo:...{.Q..S.`..^`.A..>($%e^-P......BX.>Jo.P.z.T...9./t..O... ......1.,H..rpTP.L~.....n.\Q.>.s.........!;[:5.G.&...3...z..-P......... ..... 9.Q.......'...*.}&.Dc.D.QgLf....*wQ@..2...A....s...Q..S.a.....QL.m^.....T..I..O..T......l..a|/.Z.v.f2`@.........(.IW.....N....{..J....6...N....-.$.......t......g..u..o..0.FT;........._dPY.!.U..r...#..t....Mat.4L.HnVIr.p..#.g..,.E.#.Wm.l5....D5..nN5...)4Hq......8.,.??..........i.TM..^|......\.sq.....OW.@........[.......#.>nm.P{..9...It.8..F........[W.y\...;{...p.BM.H$.f...g...A.......:..H.....ON...;f...l....0VE`h..........BRh...$..X.V.~......#Wfj....ga...s..@..>`....8.h.n.9.yZ..,..).....@JM..L-7.DWw.S.y...8J..P~6.O.<>.P..G. ....-....yp............T.j.c.B..xp.;........t|.m.E...~...f`9.$X.@ ..Qs.d0...Wn.|A......f....,...f......a{<]....N@.a.....]..|=.S.T,.........Y.b......K........}.[.}..........5.Z....F........3...........7. ,.>J.a.....S.8.F{.5....;....XL6..%Uac\..H....w....4..@.9(.. .B ..a.....L....j..g. dNH.....H..e.r{.A.B.Y..z...a...........,.j..hd.f....6Tf..=..hn...R ...&.&.....O..$_...cU.L.....G..s..h.kh.FZ...Cz({......3-T.w.0GRMq............*.dA'..nlo2.,B.0..0.8s..&...A alM}*...C.@q.~C.%3.....K(&s..Kl...o.j..W.....UZ..10.c`s0{8...... ".(.&...(..\w.....Z.........4._..C...~.....`...lw..Y3...8..v....g..W~....Y...CcR:.z4a_...'.<...)

<<< skipped >>>

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 68

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...8........" c0205aca635d4bb7638c184e1bd81562(.2.8.@.H.P.X.` ......

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 124

...p........" c0205aca635d4bb7638c184e1bd81562(.28.....Y.5...R...^fRw?0<.3...9)...PG..m...0.OV...{f.O. DM.8.@.H.P.X.` ........

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=26607616-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:19:20 GMT

Content-Type: application/x-msdownload

Content-Length: 2939728

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29705

Content-Range: bytes 26607616-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

.G<.O....(b.~..E....T/..o.......]Tde(..YB.....g..C.I...%..*Scj.t:.K...Nx....-D._.aL#,.....E......a..2....g........d..j...Z.yG.&6...h......;.. .R.&...dY......y[....#...........)....!0..j...:.(I1%..{x....}u.U......O.._.7.g|......,@....'....<.).u.kF........?...~G.n..".._....e.F...S...Rh.....t}.Wh.......z.g..r.\eq......f..<..0...{F8.X.|T...:Z..?...X..G#...xlI5cW.E....%....}...k.m.qkx.\.. ,........~.....mI.t..y:.QEc%a..VA......~V.....Q.Ua...?.^...../k_....b.@....p:..ha...'.P...3X.....B.80.#.. .........LH0....k.X.r.:....C...oe9%7U.:.8.......n.(.....m`;.....`.......8.F..u'&?.D........<,.GJ.....QE.%.A.*.y...:..l%.Q...|..k.._..*O............C...s...#b.`.N...m.!qD...Lm.r..n.V.T0....) $.N..wE%......6........v^'....Kj.\.*...R3iT...tL..I..2.x...........7.'. ....d.@......p..\...OEh3.9.}^B.u... .`....?...u).m...^.NT..!..r......T..'.:.~.0.......<. .{#...z....;.t$D.?.F....5..... ...%.....6..9b~....w.:....s..lw..&...^.DmOq}1-s...D....xk-.|.&[c....<.......Z...3.O......=@.#.h.0.{....4......aDE.C8..0Zr...'...a..x..#.l'.6...tNc...@..d&.`c....&..&.4...*.,>X4...P....-0.C...30,B....44...R88.6IS&]h(6.....?.E..&. J.P./r.]{..Xq:.R`...;.._....;W6..~......<R.f6Fov^{.........g..T.N~].. .wB..T..3..I.@.....;8.........nW9....6..#..p.}....~Ko.cm....c.;.....RM.t.FL.......7..<...3.W..1,V....E}.bee$..,.........*.s.........$-...0.a9..t.w........zB....J.X`....%.T&Tq.*..):....l._U.Kb..l.uw...?i....,.}h.l!".C...{Z...i.8...G...........`;m..<W.O%F......o......"y.F.&L.M....4!~..^.n..J.H%.S.n...z...-<.n........y..*s...n4..

<<< skipped >>>

GET /client/dllw5/BDLogicUtils.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dl1sw.baidu.com

Referer: hXXp://dl1sw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 200 OK

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:18:47 GMT

Content-Type: application/x-msdownload

Content-Length: 29547344

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29672

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U57w.TY$.TY$.TY$..'$.TY$6.$$.TY$6.7${TY$6.4$.TY$.[.$.TY$.[.$.TY$.TX$.TY$6. $UTY$6.#$.TY$6.%$.TY$.TY$.TY$6.!$.TY$Rich.TY$................PE..L....u"T...........!..... ...................0..........................................................................M...,...........x...............P....p...c...3..............................`P..@............0...............................text............ .................. ..`.rdata.......0.......0..............@..@.data...Xr.......0..................@....rsrc...x............0..............@..@.reloc..Z....p....... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

<<< skipped >>>

GET /sw-search-sp/client2/common/install/31744610784/BDMZipWSNewBP.dll HTTP/1.1

Accept: */*

Accept-Language: zh-CN,zh,en-US

Connection: Keep-Alive

Host: dlsw.baidu.com

Range: bytes=17170432-

Referer: hXXp://dlsw.baidu.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 206 Partial Content

Server: JSP3/2.0.0-b

Date: Wed, 24 Sep 2014 16:19:10 GMT

Content-Type: application/x-msdownload

Content-Length: 12376912

Connection: close

ETag: db95d0a2c92d20b05b97bce9bbc6473d

Last-Modified: Wed, 24 Sep 2014 07:44:11 GMT

Expires: Sat, 27 Sep 2014 08:04:14 GMT

Age: 29695

Content-Range: bytes 17170432-29547343/29547344

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: A1859930A384C85DB3A9A4C39561205F

x-bs-request-id: MTAuMzguMTI5LjE0OjgwODA6OTk2MjA3MTkyOjI0L1NlcC8yMDE0IDE2OjA0OjE0IA==

x-bs-meta-crc32: 1450853511

Content-MD5: db95d0a2c92d20b05b97bce9bbc6473d

x-bs-client-ip: MTgwLjc2LjIyLjE1MQ==

`-Z... I..3... ....D=......c....7\.T..x...........!i..{......b.....H.....h.flzE........!..C.h.8j[/....a}~%]t..,.....q..d..$c;......]=\......QJ.g.....|.....?....(JM*..^..!..h..{..k.....$c...ud..>.!....,........Bf{;...q|?......-'.H...4y.v....c........V........)..........@e>=7.f.C....8.....F....'4. ?'...S..Zs.l.g...L..s.43.wJ.x.X....3r..}.z.H.m.F..Jt0..uzp.....`..A.G..FB6.t...e!,eK..}.;.....\....p...K\.Sq1... ...Q'.t.7J.3..46...i5...E?..........;..c...3d2......k..].P..].x.Yi...z.....S...X}......2......sQ.@m..:....l.z..$z{~R(.T.. 0........X$.v*./....OZ...m......%........".B?...u........-0.Y..lKx^...\.>.4...\S8..l.B5....y].?9E.....<k..:.Br...1...E.p....i...._...ECv..j.N./.b\-.jn...b............). ^.s>.o...xw....2%..G..........uO.cB.\....b#...-)z~^.C.c.....-...]..`...Y=...X._.G...7..t:..,._.v.<]EggL.u..............;.....4......5RM...,.....T(. W..f...[..,.aHn.'....S..V.....h..07yn.qggP#v#W[5......G.....\.gm....3....H..|D...&.bE~.....;....'..m.........Le.j.}~..ZE2..|QG.T'.0.....$K ,...........j.&.q'..)..u..&.....)|D..}...R....Kv.;._=....POk..W.&..] %m.`J..`...C......S.......}..?...s3...e..-G.....b.T*...n?MJ.k...vf........>.0@.w...VE...D.de..~.O.....9.BfrT......J.C.!4s.'[p..p.E.....C.......@.k3p.I......J.f.....t.F..;.4.@|F.P.o...k.(......*.h....tN.&.................-q.....Z-H..I.....y},..GK..X..<r...........L..QI..X&.4.cf...^.....]CB....D...z[?DQ%..8y..e.U.?R.Wf.N,X.zh.\.R.....}.|i.U.:...............bR.,..&..Q..S.k....H..O`...nYE.2P,....pZ=....o.]..-R...........x`:.z.;$.*.....y}........CW..6Z..I.

<<< skipped >>>

POST / HTTP/1.1

Connection: Keep-Alive

Content-Length: 228

Content-Type: application/octet-stream

Host: s.x.baidu.com

Keep-Alive: timeout=600,max=1000

...p........" c0205aca635d4bb7638c184e1bd81562(.28.....Y.5...R...^fRw?0<.3...9)...PG.m...0.OV...{f.O. DM.8.@.H.P.X.` ...h.%h...C}.K{T\QZa.L.`. .P!..~...L.<4.av.P.#....w..p.U...Q..Kk.b...].....=....3.pj....n.Z.o.&M.Ao.=/....N.V.

HTTP/1.1 200 OK

Server: iYuntianSvr

Content-Type: application/octet-stream

Keep-Alive: timeout=30

Connection: Keep-Alive

Content-Length: 140

...p........" c0205aca635d4bb7638c184e1bd81562(.28.....Y.5...R...^fRw?0<.3...9)...PG..m...0.OV...{f.O. DM.8.@.H.P.X.` .....%........o`H.BE7.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 140.....p........" c0205aca635d4bb7638c184e1bd81562(.28.....Y.5...R...^fRw?0<.3...9)...PG..m...0.OV...{f.O. DM.8.@.H.P.X.` .....%........o`H.BE7...

Map

The Trojan connects to the servers at the folowing location(s):

Strings from Dumps

%original file name%.exe_1344:

.text

`.rdata

@.data

.ndata

.rsrc

@.reloc

RegDeleteKeyExW

Kernel32.DLL

PSAPI.DLL

%s=%s

GetWindowsDirectoryW

KERNEL32.dll

ExitWindowsEx

GetAsyncKeyState

USER32.dll

GDI32.dll

SHFileOperationW

ShellExecuteW

SHELL32.dll

RegDeleteKeyW

RegCloseKey

RegEnumKeyW

RegOpenKeyExW

RegCreateKeyExW

ADVAPI32.dll

COMCTL32.dll

ole32.dll

VERSION.dll

.knjZL

3$3,383\3|3

Thawte Certification1

hXXp://ocsp.thawte.com0

.hXXp://crl.thawte.com/ThawteTimestampingCA.crl0

hXXp://ts-ocsp.ws.symantec.com07

hXXp://ts-aia.ws.symantec.com/tss-ca-g2.cer0

hXXp://ts-crl.ws.symantec.com/tss-ca-g2.crl0(

.Class 3 Public Primary Certification Authority0

hXXp://crl.verisign.com/pca3.crl0

hXXps://VVV.verisign.com/cps0

#hXXp://logo.verisign.com/vslogo.gif04

hXXp://ocsp.verisign.com0>

DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0

n.aAHu

2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,

2Beijing baidu Netcom science and technology co.ltd1>0

2Beijing baidu Netcom science and technology co.ltd0

/hXXp://csc3-2010-crl.verisign.com/CSC3-2010.crl0D

hXXps://VVV.verisign.com/rpa0

hXXp://ocsp.verisign.com0;

/hXXp://csc3-2010-aia.verisign.com/CSC3-2010.cer0

hXXps://VVV.verisign.com/cps0*

#hXXp://crl.verisign.com/pca3-g5.crl04

hXXp://ocsp.verisign.com0

BBB.DDD

4&;6;];};

Nullsoft Install System v2.46.5-Unicode

logging set to %d

settings logging to %d

created uninstaller: %d, "%s"

WriteReg: error creating key "%s\%s"

WriteReg: error writing into "%s\%s" "%s"

WriteRegBin: "%s\%s" "%s"="%s"

WriteRegDWORD: "%s\%s" "%s"="0xx"

WriteRegExpandStr: "%s\%s" "%s"="%s"

WriteRegStr: "%s\%s" "%s"="%s"

DeleteRegKey: "%s\%s"

DeleteRegValue: "%s\%s" "%s"

WriteINIStr: wrote [%s] %s=%s in %s

CopyFiles "%s"->"%s"

CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d

Error registering DLL: Could not load %s

Error registering DLL: %s not found in %s

GetTTFFontName(%s) returned %s

GetTTFVersionString(%s) returned %s

Exec: failed createprocess ("%s")

Exec: success ("%s")

Exec: command="%s"

ExecShell: success ("%s": file:"%s" params:"%s")

ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d

Exch: stack

RMDir: "%s"

MessageBox: %d,"%s"

Delete: "%s"

File: wrote %d to "%s"

File: skipped: "%s" (overwriteflag=%d)

File: error creating "%s"

File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"

Rename failed: %s

Rename on reboot: %s

Rename: %s

IfFileExists: file "%s" does not exist, jumping %d

IfFileExists: file "%s" exists, jumping %d

CreateDirectory: "%s" created

CreateDirectory: can't create "%s" - a file already exists

CreateDirectory: can't create "%s" (err=%d)

CreateDirectory: "%s" (%d)

SetFileAttributes: "%s":X

Sleep(%d)

detailprint: %s

Call: %d

Aborting: "%s"

Jump: %d

verifying installer: %d%%

unpacking data: %d%%

... %d%%

hXXp://nsis.sf.net/NSIS_Error

~nsu.tmp

install.log

%u.%u%s%s

Skipping section: "%s"

Section: "%s"

New install of "%s" to "%s"

.DEFAULT\Control Panel\International

Software\Microsoft\Windows\CurrentVersion

*?|/":

invalid registry key

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

HKEY_PERFORMANCE_DATA

HKEY_USERS

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

x%c

RMDir: RemoveDirectory failed("%s")

RMDir: RemoveDirectory on Reboot("%s")

RMDir: RemoveDirectory("%s")

RMDir: RemoveDirectory invalid input("%s")

Delete: DeleteFile failed("%s")

Delete: DeleteFile on Reboot("%s")

Delete: DeleteFile("%s")

%s: failed opening file "%s"

LOCALS~1\Temp\nsmB4.tmp\tmpmdszir.dll

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsmB4.tmp\tmpmdszir.dll

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsmB4.tmp

Nullsoft Install System v2.46.5-Unicode

%Program Files%\

smB4.tmp

File: skipped: "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsmB4.tmp\tmpmdszir.dll" (overwriteflag=1)

p\tmpmdszir.dll"

1376516

\%original file name%.exe

c:\%original file name%.exe

%Program Files%\Baidu\BaiduAn

%original file name%.exe

CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsrB2.tmp

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\

-586546794

1.0.385.633

BaiduAnSvc.exe_220:

.text

`.rdata

@.data

.rsrc

@.reloc

T$xRSSh

;9u.SWj

8.uwS

n<.ut>

..\src\google\protobuf\message_lite.cc

CHECK failed: !coded_out.HadError():

%d.%d.%d

libprotobuf %s %s:%d] %s

..\src\google\protobuf\stubs\common.cc

CHECK failed: (from.GetDescriptor()) == (descriptor):

..\src\google\protobuf\message.cc

: Tried to copy from a message with a different type.to:

..\src\google\protobuf\io\coded_stream.cc

..\src\google\protobuf\generated_message_reflection.cc

..\src\google\protobuf\wire_format.cc

..\src\google\protobuf\reflection_ops.cc

..\src\google\protobuf\descriptor.cc

". To use it here, please add the necessary import.

", which is not imported by "

$0$1 = $2

$0$1 $2 $3 = $4

.PLACEHOLDER_VALUE

.placeholder.proto

map key must name a scalar or string field.

map_key must not name a repeated field.

CHECK failed: dynamic.get() != NULL:

.foo = value".

.dummy

FieldDescriptorProto.extendee set for non-extension field.

FieldDescriptorProto.extendee not set for extension field.

Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "

CHECK failed: !out.HadError():

" is repeated. Repeated options are not supported.

Import "

Missing field: FileDescriptorProto.name.

File recursively imports itself:

..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc

\xx

..\src\google\protobuf\stubs\strutil.cc

..\src\google\protobuf\extension_set.cc

CHECK failed: iter != extensions_.end():

..\src\google\protobuf\extension_set_heavy.cc

..\src\google\protobuf\descriptor.pb.cc

google/protobuf/descriptor.proto

google.protobuf"G

2$.google.protobuf.FileDescriptorProto"

2 .google.protobuf.DescriptorProto

2$.google.protobuf.EnumDescriptorProto

2'.google.protobuf.ServiceDescriptorProto

2%.google.protobuf.FieldDescriptorProto

.google.protobuf.FileOptions

.google.protobuf.SourceCodeInfo"

2/.google.protobuf.DescriptorProto.ExtensionRange

.google.protobuf.MessageOptions

2 .google.protobuf.FieldDescriptorProto.Label

2*.google.protobuf.FieldDescriptorProto.Type

.google.protobuf.FieldOptions"

2).google.protobuf.EnumValueDescriptorProto

.google.protobuf.EnumOptions"l

2!.google.protobuf.EnumValueOptions"

2&.google.protobuf.MethodDescriptorProto

.google.protobuf.ServiceOptions"

.google.protobuf.MethodOptions"

2).google.protobuf.FileOptions.OptimizeMode:

2$.google.protobuf.UninterpretedOption":

2$.google.protobuf.UninterpretedOption*

2#.google.protobuf.FieldOptions.CType:

experimental_map_key

2$.google.protobuf.UninterpretedOption"/

2-.google.protobuf.UninterpretedOption.NamePart

2(.google.protobuf.SourceCodeInfo.Location

com.google.protobufB

Tokenizer::ParseInteger() passed text that could not have been tokenized as an integer:

..\src\google\protobuf\io\tokenizer.cc

Tokenizer::ParseFloat() passed text that could not have been tokenized as a float:

Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:

..\src\google\protobuf\stubs\substitute.cc

..\src\google\protobuf\dynamic_message.cc

..\src\google\protobuf\text_format.cc

..\src\google\protobuf\descriptor_database.cc

Invalid file descriptor data passed to EncodedDescriptorDatabase::Add().

{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}

c:\clientci\workspace\bdm_v2.3fix_compile\stable_proj\include\thirdInclude\google/protobuf/repeated_field.h

config_service.proto

.\BDMConfig\Protocol\config_service.pb.cc

config_service.proto"(

cmd_list

.ConfigItem"@

.ResultSet

Content-Length:%d

s.x.baidu.com

c:\clientci\workspace\bdm_v2.3fix_compile\main_proj\Source\MiniUpdate\thirdparty\google/protobuf/repeated_field.h

c:\clientci\workspace\bdm_v2.3fix_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp

.\update.pb.cc

%s:%u

1.0.0.1

.\header.pb.cc

%u.%u.%u.%u

addr %s not good...

Unsupported Media Type

HTTP Version not supported

HTTP/1.0

HTTP/1.1

https

ftpes

ftps

tftp

% ;?:@=&,$/-_!.~*()

System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

%s\Connection

c:\clientci\workspace\bdm_v2.3fix_compile\basic\Output\BinRelease\BaiduAnSvc.pdb

?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ

BDLogicUtils.dll

?BDMGetWindowsVersion@BDMMisc@@YAHAAKPA_WH@Z

BDMBase.dll

?GetWindowsDirectoryW@utils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

BDMFrameWork.dll

BDMStringUtils.dll

?BDMMsgGetModule@@YGJPAPAX@Z

BDMMsg.dll

BDMSkin.dll

KERNEL32.dll

USER32.dll

RegCloseKey

RegCreateKeyExW

RegOpenKeyExW

ADVAPI32.dll

SHFileOperationW

ShellExecuteExW

ShellExecuteW

SHELL32.dll

ole32.dll

MSVCP80.dll

PSAPI.DLL

WS2_32.dll

SHLWAPI.dll

MSVCR80.dll

_amsg_exit

_crt_debugger_hook

USERENV.dll

WTSAPI32.dll

HttpSendRequestW

InternetCrackUrlW

HttpOpenRequestW

HttpQueryInfoW

WININET.dll

NETAPI32.dll

BDMTinyXml.dll

RegOpenKeyExA

BaiduAnSvc.exe

.?AV?$CSingleton@VCRtpPluginContainer@@@BDMBase@@

.?AVCRtpPluginContainer@@

.?AV?$CSingleton@VCRTPServer@@@utils@@

.?AVCRTPServer@@

.?AVCBDMOptionsReportRecord@@

.?AVCBDMLauchReportRecord@@

.?AVCCmdPluginLauncher@@

.?AVCExePluginLauncher@@

.?AVIPluginCmdExecutor@@

.?AUPluginInfoPassiveSaver@@

.?AVheader@http@bena@@

.?AVresponse@http@bena@@

.?AVrequest@http@bena@@

Ã¿F=

5%6s6

7 828=8{8

4%5X5b5w5

8!8'8-838

050=0"151

9!:4:]:|:

5h6D6~6s7

2%3U3

2&2-2:2?2

> >$>(>,>0>4>8>

4 4$4(4,40444]4

5"6 656]6

1$2-23292

8%9U9z9

0%0U0u0

5 5$5(5,5054585

9 9$9(9,9094989

1 1$1(1,10181|1

\PluginSetup.xml

/handle=%d /supplyid=%d /installmode=2 /S /D=%s

BDMDownload.dll

PackCache.xml

##cmd:

UninstalledPlugins.xml

%d.%d

\GlobalPluginInfo.xml

\LocalPluginInfo.xml

\HotPlugins.xml

\HotPlugin.bnr

PluginSetup.xml

explorer.exe

winlogon.exe

SOFTWARE\Microsoft\Windows\CurrentVersion

ntdll.dll

BaiduAnTray.exe

"{0}\{1}" {2}

SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN

EXPLORER.EXE

BaiduAn.exe

BaiduAnUpdate.exe

BaiduAnBugRpt.exe

Global\BDMMutex{B2F10594-7119-4649-9326-AF1890C5CE56}

BDAFileHelper.exe

Global\BDMEvent{8C345A9A-F601-405d-AB4A-B459CD5E369E}

BDALeakfixer.exe

Global\TBD_SERVICE_{4A9CAFF9-6834-419c-AFB1-139AC49FF55E}

\\.\pipe\{B99F6A00-E6C9-4253-9708-C6EFB939FD53}

BDASoftmgr.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduAn

\RTPPlugins\RtpContainerConfig.xml

C:\test.exe

d-d-d d:d:d d

d:d:d

%s(%d)

Last Error : %u(%s)

Global\BDMMutex{32EB1BC7-A5CD-4356-A6B1-54D7BF690CA7}

Global\{74B41C93-AC9A-4a9e-85E0-27A02EA509FA}

BDMNet.dll

BDMUPDATE_{626ADED9-5989-4e97-A482-09AC95C17D47}

BDMUpdate.dll

.bdtmp

.old_

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0

kernel32.dll

\Global.db

Diphlpapi.dll

D\\.\PhysicalDrive%d

\\.\Scsi%d:

%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\Config\

2.3.0.2224

BaiduanSvc.exe

BaiduAnTray.exe_2280:

.text

`.rdata

@.data

.rsrc

@.reloc

u%SVW

;9u.SWj

8.uwS

n<.ut>

;:u.SWj

SSSSSh

L$.UQf

%D|MJC|

%d.%d.%d

libprotobuf %s %s:%d] %s

..\src\google\protobuf\stubs\common.cc

..\src\google\protobuf\message_lite.cc

CHECK failed: !coded_out.HadError():

..\src\google\protobuf\io\coded_stream.cc

CHECK failed: (from.GetDescriptor()) == (descriptor):

..\src\google\protobuf\message.cc

: Tried to copy from a message with a different type.to:

..\src\google\protobuf\wire_format.cc

..\src\google\protobuf\reflection_ops.cc

..\src\google\protobuf\generated_message_reflection.cc

..\src\google\protobuf\descriptor.cc

". To use it here, please add the necessary import.

", which is not imported by "

$0$1 = $2

$0$1 $2 $3 = $4

.PLACEHOLDER_VALUE

.placeholder.proto

map key must name a scalar or string field.

map_key must not name a repeated field.

CHECK failed: dynamic.get() != NULL:

.foo = value".

.dummy

FieldDescriptorProto.extendee set for non-extension field.

FieldDescriptorProto.extendee not set for extension field.

Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "

CHECK failed: !out.HadError():

" is repeated. Repeated options are not supported.

Import "

Missing field: FileDescriptorProto.name.

File recursively imports itself:

..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc

\xx

..\src\google\protobuf\stubs\strutil.cc

..\src\google\protobuf\extension_set.cc

CHECK failed: iter != extensions_.end():

..\src\google\protobuf\extension_set_heavy.cc

..\src\google\protobuf\descriptor.pb.cc

google/protobuf/descriptor.proto

google.protobuf"G

2$.google.protobuf.FileDescriptorProto"

2 .google.protobuf.DescriptorProto

2$.google.protobuf.EnumDescriptorProto

2'.google.protobuf.ServiceDescriptorProto

2%.google.protobuf.FieldDescriptorProto

.google.protobuf.FileOptions

.google.protobuf.SourceCodeInfo"

2/.google.protobuf.DescriptorProto.ExtensionRange

.google.protobuf.MessageOptions

2 .google.protobuf.FieldDescriptorProto.Label

2*.google.protobuf.FieldDescriptorProto.Type

.google.protobuf.FieldOptions"

2).google.protobuf.EnumValueDescriptorProto

.google.protobuf.EnumOptions"l

2!.google.protobuf.EnumValueOptions"

2&.google.protobuf.MethodDescriptorProto

.google.protobuf.ServiceOptions"

.google.protobuf.MethodOptions"

2).google.protobuf.FileOptions.OptimizeMode:

2$.google.protobuf.UninterpretedOption":

2$.google.protobuf.UninterpretedOption*

2#.google.protobuf.FieldOptions.CType:

experimental_map_key

2$.google.protobuf.UninterpretedOption"/

2-.google.protobuf.UninterpretedOption.NamePart

2(.google.protobuf.SourceCodeInfo.Location

com.google.protobufB

Tokenizer::ParseInteger() passed text that could not have been tokenized as an integer:

..\src\google\protobuf\io\tokenizer.cc

Tokenizer::ParseFloat() passed text that could not have been tokenized as a float:

Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:

..\src\google\protobuf\stubs\substitute.cc

..\src\google\protobuf\dynamic_message.cc

..\src\google\protobuf\text_format.cc

..\src\google\protobuf\descriptor_database.cc

Invalid file descriptor data passed to EncodedDescriptorDatabase::Add().

unsupported version

1.2.5

{C6642F75-8DBE-473d-A98B-940F84EF702C}

.\Global\ReportBase\msg.pb.cc

datapkg.FieldsList

datapkg.DataType

CreateReportClient

ReleaseReportClient

{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}

kernel32.dll

.\filedispatch\FileDispatch.pb.cc

c:\clientci\workspace\bdm_v2.3fix_compile\stable_proj\include\thirdInclude\google/protobuf/repeated_field.h

config_service.proto

.\BDMConfig\Protocol\config_service.pb.cc

config_service.proto"(

cmd_list

.ConfigItem"@

.ResultSet

Content-Length:%d

s.x.baidu.com

c:\clientci\workspace\bdm_v2.3fix_compile\main_proj\Source\MiniUpdate\thirdparty\google/protobuf/repeated_field.h

c:\clientci\workspace\bdm_v2.3fix_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp

.\update.pb.cc

%s:%u

%u.%u.%u.%u

addr %s not good...

Unsupported Media Type

HTTP Version not supported

HTTP/1.0

HTTP/1.1

1.0.0.1

.\header.pb.cc

https

ftpes

ftps

tftp

% ;?:@=&,$/-_!.~*()

System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

%s\Connection

c:\clientci\workspace\bdm_v2.3fix_compile\basic\Output\BinRelease\BaiduAnTray.pdb

BDMSkin.dll

?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ

BDLogicUtils.dll

?BDMRegSmartCreateKey@BDMRegisterUtils@@YAHPB_WKPAPAUHKEY__@@PAK@Z

?BDMGetWindowsVersion@BDMMisc@@YAHAAKPA_WH@Z

BDMBase.dll

?GetWindowsDirectoryW@utils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

BDMFrameWork.dll

BDMStringUtils.dll

?BDMMsgGetModule@@YGJPAPAX@Z

BDMMsg.dll

GetWindowsDirectoryW

KERNEL32.dll

USER32.dll

GDI32.dll

RegOpenKeyExW

RegCloseKey

RegOpenKeyW

RegCreateKeyExW

RegDeleteKeyW

RegFlushKey

ADVAPI32.dll

ShellExecuteW

SHFileOperationW

ShellExecuteExW

SHELL32.dll

ole32.dll

OLEAUT32.dll

SHLWAPI.dll

MSVCP80.dll

MSVCR80.dll

_amsg_exit

_wcmdln

_crt_debugger_hook

PSAPI.DLL

WTSAPI32.dll

USERENV.dll

InternetCrackUrlW

HttpOpenRequestW

HttpQueryInfoW

HttpSendRequestW

WININET.dll

NETAPI32.dll

VERSION.dll

WS2_32.dll

BDMTinyXml.dll

GetProcessHeap

RegOpenKeyExA

BaiduAnTray.exe

??_B?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@51

?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ

?get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ

?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ

?instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@0AAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@A

?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ

?t@?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@4V?$singleton_wrapper@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@detail@34@A

.?AVCBDCmdParser@BDMLogicMisc@@

.?AVCBDMConfigReportRecord@@

.?AVCPluginMenuItemExecutor@@

.?AVIPluginCmdExecutor@@

.?AVCBDMLauchReportRecord@@

.?AVReportMessageBase@ns_reportbase@ns_global@@

.?AVRegSystemCallPassThrough@ns_common@@

.?AVReportClient@ns_reportbase@ns_global@@

.?AUPluginInfoPassiveSaver@@

.?AVCCmdPluginLauncher@@

.?AVCExePluginLauncher@@

.?AVheader@http@bena@@

.?AVresponse@http@bena@@

.?AVrequest@http@bena@@

#include "windows.h"

Ã¿F=

6t7X7^7g7s7

; ;;;_;|;

3%4S4_4w4

2 2%2.282

8Â8N8i8v8

:":):3:`:

4O4u4

>%>'?1?8?

3G4C4S4h4y4

1.2@2]2~2

4%4S4d4

=!=;=_=|=

6%7S7

6o6V6q6

: :$:(:,:0:4:8:<:>

3#3(3.343

1 1$1(1,1014181

8â€°8S8c8v8

0!1&161|1

8â€ž8u8

;&;-;4;?;

2/343>3\3

8Å’8

283D3z3

=$=,=8=\=|=

0 0(000

:$:,:4:@:|:

\PluginSetup.xml

PackCache.xml

##cmd:

UninstalledPlugins.xml

BDMDownload.dll

/handle=%d /supplyid=%d /installmode=2 /S /D=%s

%d.%d

\GlobalPluginInfo.xml

\LocalPluginInfo.xml

\HotPlugins.xml

\HotPlugin.bnr

PluginSetup.xml

%d.%d.%d.%d

ntdll.dll

EXPLORER.EXE

explorer.exe

BDMNet.dll

BaiduHips.exe

UDP-ADM_DRVE_ISTL_FID

UDP-ADM_DRVE_OPEN_FID

bdmantivirus\BDKitUtils.dll

system32\DRIVERS\BDMWrench.sys

BaiduSdSvc.exe

"%s\BaiduSdSvc.exe" -r

%Program Files% (x86)\Baidu

%Program Files%\Baidu

D:\Program Files (x86)\Baidu

D:\Program Files\Baidu

E:\Program Files (x86)\Baidu

E:\Program Files\Baidu

F:\Program Files (x86)\Baidu

F:\Program Files\Baidu

BaiduAnSvc.exe

"%s\BaiduAnSvc.exe" -r

BDMReport.dll

%s\baidu\baiduan\Config\8001.dat

%s\BaiduHips.exe

BaiduProtect.exe

"%s\BaiduProtect.exe" -r

%Program Files% (x86)\Common Files\Baidu

%Program Files%\Common Files\Baidu

D:\Program Files (x86)\Common Files\Baidu

D:\Program Files\Common Files\Baidu

E:\Program Files (x86)\Common Files\Baidu

E:\Program Files\Common Files\Baidu

F:\Program Files (x86)\Common Files\Baidu

F:\Program Files\Common Files\Baidu

%s\baidu\baidusd\Config\900.dat

BaiduSdTray.exe

\\.\BDMWrench

Global\BDDefenseDriver{80438582-0F66-44E0-3D2B-2D7E872CBFBB}

CD61BB3A-403D-7650-5D9A-4E57EA1035E6

UDP-ADM_KITUTL_PH_SET_INVALID

UDP-ADM_WMWCH_PH_SET_INVALID

UDP-ADM_ST_ID:%d

UDP-ADM_DRVE_RUN

UDP-ADM_CLIENT_RUN

UDP-ADM_CPY_SYS_FID

UDP-ADM_OPEN_SYS_FID

UDP-ADM_INST_SYS_FID

UDP-ADM_SED_PAVER_FID

UDP-ADM_ATR_SET

UDP-ADM_SED_ATR_FID

UDP-ADM_SED_FSD

UDP-ADM_RPT_FID

UDP-ADM_FSD

\BaiduSdSvc.exe

\BaiduAnSvc.exe

UDP-ADM_RPT_INIT_FID

\system32\drivers\BDMWrench.sys

drivers\BDMWrench.sys

UDP-EVT_WFR

UDP-EVT_WFID

UDP-ADM_SED_PAVER2_FID

\BaiduSdTray.exe" -stmd=3

\BaiduAnTray.exe" -stmd=3

SOFTWARE\Microsoft\Windows\CurrentVersion\Run

C9521EC1-6642-5CF6-8FB9-DE04639593BD

UDP-PS_KITUTI_PH_SET_INVALID

UDP-PS_LD_FID

UDP-PL_SRV_ID:%d

UDP-PL_SRV_RUN

UDP-PL_SRV_INSTPH_FID

UDP-PL_SRV_CK_REG_DAMG

UDP-PL_SRV_REPT01_FID

UDP-PL_SRV_REGREPIR_FID

UDP-PL_SRV_PL_FID

UDP-PL_SRV_REPT02_FID

UDP-PL_SRV_FSD

UDP-PL_TRY_ID:%d

UDP-PL_TRY_RUN

UDP-PL_TRY_INSTPH_FID

UDP-PL_TRY_UN_ATRUN

UDP-PL_TRY_REPT01_FID

UDP-PL_TRY_PL_FID

UDP-PL_TRY_REPT02_FID

UDP-PL_TRY_FSD

UDP-PL_RPT_INIT_FID

UDP-ADM_SET_KITU

UDP-ADM_SET_MWR_PATH

UDP-ADM_OS_ERR

UDP-ADM_PROC_DIR_UN_EXIST

UDP-ADM_PROC_GT_VER_FID

UDP-ADM_PROC_MATCH_FID

%s%d\%ld\

Download.data

download.db

publish.db

profile.db

%s_%d

%s%d\

metadata.db

\updateTips.dat

Baiduan.exe -stmd=2 -selplugin={BFB3F7A3-4FA1-466f-AB97-A96EFA9EFA6E}\{D8CD8DC5-D053-402a-99D9-47554C744B0C}

BDMQueryObj is faild is 0x%x

QueryIpcAddressHelper is faild is 0x%x

QueryIpcAddressHelper is success ,but IpcAddress List is Empty

{AF849809-EC94-47CB-80E9-1452BEC92ADA}

{1CB69707-E42B-4128-8A00-7336B93DC262}

baiduan.exe -stmd=6

ActivateMainApp_{BFB3F7A3-4FA1-466f-AB97-A96EFA9EFA6E}\

{E9C9ED70-127F-4BE4-9821-74160A768A90}

{7576896A-4E2F-4665-AB7D-95938D2632F1}

{F5E93978-539C-476B-9A7B-B6C32025A557}

{716CE9AE-35B9-4639-B585-47F6B47B4E2D}

{D8CD8DC5-D053-402a-99D9-47554C744B0C}

BDMgr.exe -stmd=7

BDMgr.exe -stmd=6

BDMgr.exe -stmd=7 -selplugin={914438D6-1EC4-434A-B6EC-20F84894C395}

hXXp://weishi.baidu.com/feedback/

TrayPluginContainerConfig.xml

{E059A29F-D2ED-4f28-849A-851AA9D5A05C}

QQ.exe

screen_snapshot.exe

SnippingTool.exe

CommonRes.rdb

BDMUpdate.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduAn

1800000

ic_question_48_48.png

file='skin_image1.png' xtiled='true' ytiled='true'

BDASoftmgr.exe

BDASWAcc.exe

BaiduAnBugRpt.exe

BDMgr.exe -stmd=61 -prel

BaiduAn.exe

BaiduAnUpdate.exe

Client.exe

\GameNoDisturb.ini

Shell32.dll

FreeDistractionTips.xml

BaiduAn{D8A4131D-3A7A-48a1-B080-28E1DC04F7C2}

ic_title_logo.png

btn_exit_hover_16_16.png

btn_opennodisturb_hover_16_16.png

btn_nodisturb_hover_16_16.png

btn_acc_hover_16_16.png

ico_mainpage_normal.png

btn_exit_normal_16_16.png

btn_acc_normal_16_16.png

btn_opennodisturb_normal_16_16.png

btn_nodisturb_normal_16_16.png

TrayMenu.xml

Config\config.ini

%d-%d-%d

ActivateTrayApp_{E6F42A49-F45B-4FDF-ADD8-DFAE10011BD1}

2.3.1.2681

hXXp://weishi.baidu.com

hXXp://weishi.baidu.com/privacy.html

about.xml

@advapi32.dll

QueryIpcAddressHelper

testtips.xml

D:\BDdownloads

Global\{74B41C93-AC9A-4a9e-85E0-27A02EA509FA}

B\\.\pipe\{B99F6A00-E6C9-4253-9708-C6EFB939FD53}

BDMUPDATE_{626ADED9-5989-4e97-A482-09AC95C17D47}

.bdtmp

.old_

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0

\Global.db

Fiphlpapi.dll

F\\.\PhysicalDrive%d

\\.\Scsi%d:

0123456789

%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\Config\

BaiduanTray.exe

services.exe_760_rwx_006E0000_00001000:

%Program Files%\BaiduAn2.3\BaiduAn\2.3.0.2225\bd0001.dll