mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Malware
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 344387b34f1ba91163b99a48e6b6deba
SHA1: d300bfa42dfdcc80252e31a5d376004e8a2405ee
SHA256: 5196c4f5226d32bb8df294568cacd4df4cdb4e7236beaa1ca91f805f3377f6e3
SSDeep: 24576:AOeohf6Uf7cHcgoRg2vs66b1U90isTu74prMRe6PL7IY8cX2HisNFbyFgVKCM:mAiUfI8nu2E66bgR3L7r8iZuP2
Size: 1906424 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2012-02-24 21:19:59
Analyzed on: WindowsXPESX SP3 32-bit
Summary: Malware. Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Malware creates the following process(es):
BaiduSd.exe:1376
regsvr32.exe:2632
BaiduHips.exe:1164
BaiduHips.exe:1888
BaiduSdSvc.exe:1600
BaiduSdSvc.exe:1112
BDSGBugRpt.exe:1112
BaiduProtect.exe:2980
RegSvr32.exe:452
RegSvr32.exe:1528
RegSvr32.exe:1440
%original file name%.exe:632
netsh.exe:2588
BDKVWsc.exe:2680
BDKVWsc.exe:1980
mscorsvw.exe:172
bddownloader.exe:2172
MsiExec.exe:1760
MsiExec.exe:948
The Malware injects its code into the following process(es):
bddownloader.exe:2932
services.exe:764
svchost.exe:1088
Explorer.EXE:2032
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process BaiduHips.exe:1164 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.1.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.7.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduAn_HipsClient_2.1.xml (2 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (18 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.6.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.8.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\hips_customer.xml (220 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.7.dll (3897 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.3.dll (6347 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\MANIFEST-000002 (4 bytes)
%WinDir%\Temp\TarC8.tmp (2784 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.6.dll (3897 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduAn_HipsClient_2.2.xml (2 bytes)
%WinDir%\Temp\CabC7.tmp (56 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduAn_HipsClient_2.3.dll (6841 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.8.dll (2321 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.3.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.2.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\smr.dat (37839 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduAn_HipsClient_2.3.xml (2 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (56 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.6.dll (5873 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.6.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.2.dll (7972 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduAn_HipsClient_2.2.dll (9098 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduAn_HipsClient_2.1.dll (9098 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.7.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.8.dll (1728 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (408 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.8.xml (17 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\MANIFEST-000002 (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.1.dll (7972 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.5.dll (7972 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.5.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.5.dll (8657 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.7.dll (5873 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (408 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.5.xml (17 bytes)
The Malware deletes the following file(s):
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.1.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.7.xml (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\CURRENT (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.6.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.8.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.7.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.3.dll (0 bytes)
%WinDir%\Temp\TarC8.tmp (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.6.dll (0 bytes)
%WinDir%\Temp\CabC7.tmp (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.3.xml (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.2.xml (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\CURRENT (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.2.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.8.dll (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\MANIFEST-000001 (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.1.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.5.dll (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\MANIFEST-000001 (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.5.xml (0 bytes)
The process BaiduHips.exe:1888 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMUpdate.dll (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMReport.dll (1425 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\hips_customer.xml (75 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMNet.dll (5873 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDConfig.dll (3073 bytes)
%System%\drivers\bd0002.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\bd0002.dll (3073 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMFrameWork.dll (1425 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch.7z (7433 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMAVEng.dll (4545 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\systemfile.dat (3 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMDownload.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMBase.dll (7345 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDLogicUtils.dll (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\x64\bd0001.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMPatchAgent.dll (41 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\hips_product.xml (291 bytes)
%System%\drivers\bd0001.sys (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\NetService.ini (615 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BaiduHips.exe (8657 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\x86\bd0001.sys (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\hips_self_enc.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\DriverManager.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\x86\bd0002.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMMsg.dll (49 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMTinyXml.dll (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMLog.dll (45 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\bd0001.dll (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\bd0002.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\blacksign.dat (852 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDPerflog.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\TrustAndIso.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BaiduHipsUpdate.exe (39 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\cache_config.dat (469 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMStringUtils.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BaiduHipsBugRpt.exe (3361 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\bd0001.sys (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\x64\bd0002.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\placeholder_tmp (11 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\InstallCfg.xml (177 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMAVCached.dll (1425 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\wverify.dat (15019 bytes)
The Malware deletes the following file(s):
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\x64\bd0001.sys (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\x86 (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\x86\bd0001.sys (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\x64 (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\x64\bd0002.sys (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\x86\bd0002.sys (0 bytes)
The process BaiduSdSvc.exe:1600 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\FileSignDB\MANIFEST-000002 (4 bytes)
%System%\config\SYSTEM.LOG (15411 bytes)
%System%\config\software (38871 bytes)
%System%\config\SOFTWARE.LOG (39198 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\IsolationDB.db-journal (532 bytes)
%System%\drivers\BDMWrench.sys (601 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\privacy.db-journal (532 bytes)
%System%\config\system (7919 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\white_list.db (145 bytes)
C:\$Directory (688 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\CachedDB_1\MANIFEST-000002 (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\privacy.db (149 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\IsolationDB.db (149 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\white_list.db-journal (512 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\FileSignDB\MANIFEST-000001 (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\FileSignDB\CURRENT (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\IsolationDB.db-journal (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\privacy.db-journal (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\CachedDB_1\CURRENT (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\CachedDB_1\MANIFEST-000001 (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\white_list.db-journal (0 bytes)
The process BaiduProtect.exe:2980 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Data\cache.db (149 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Data\kv.db-journal (532 bytes)
%System%\drivers\BDSafeBrowser.sys (54 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Data\kv.db (149 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Data\apps.db-journal (10908 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Data\apps.db (3134 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Data\cache.db-journal (532 bytes)
The Malware deletes the following file(s):
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Data\kv.db-journal (0 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Data\apps.db (0 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Data\cache.db-journal (0 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Data\apps.db-journal (0 bytes)
The process %original file name%.exe:632 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDSGBugRpt.exe (5441 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\drivers\BDArKit.sys (673 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdRepair.exe (1744 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\app.ico (34 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\BaiduProtect.exe (12288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\SafeBrowserDll.dll (287 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\websafe\WebMonBHO.dll (1609 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMSkin.dll (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\699a753a89cb10ec8ba7f17426d84102.bdt (4 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\vcrt.msi (3742 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDShellExt.dll (1707 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdSvc1.exe (3889 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDCooly.dll (90 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\Config\806.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\GCCommunicate.dll (41 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\ad.dll (1859 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\BDMNet.dll.bdl (29010 bytes)
%System%\drivers\bd0004.sys (673 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (32 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\Config\804.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsClient.xml (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\BDLogicUtils.dll (30968 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMUpdate.dll (160 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Budv.dll (95 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMDownload.dll (1625 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMUpdate.dll (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.crt\msvcr80.dll (3705 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\patch\placeholder_tmp (11 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\TrayPlugin.rdb (268 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvtrayplugins\UserDetectionPlugin.dll (156 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDMNet.dll (7726 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkv\BDKVVirusPlugins.dll (1625 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\websafe\user_trusted_list.dat (125 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdTray1.exe (12289 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\plugins\BDSGRtp_PluginConfig.xml (680 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\cache_config.dat (469 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x64\win7\bd0003.map (34 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMMsg.dll (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.crt\microsoft.vc80.crt.manifest (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmsysrepair\BDMSREng.dll (291 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\7z.dll (2105 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\DriverManager.dll (673 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\百度æ€毒\百度æ€毒.lnk (770 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe (9605 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\bd64_x86.dll (39 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\iexplore.exe.xml (528 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\virus_type.dat (1 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.ATL\microsoft.vc80.atl.manifest (466 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.CRT\msvcp80.dll (3361 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\KVCommonRes.rdb (28502 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDConfig.dll (1781 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\kav_verify.dat (677 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x86\win7\bd0003.sys (56 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\TrustAndIso.dll (312 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\BDMRepBase.dll (6371 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvrtpplugins\PrivacyProtect.dll (172 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\BavScanV.dll (66 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMAVCached.dll (303 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDPerflog.dll (123 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Download\7z.dll (1652 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\SafeExplorer.dll (176 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\tuopan.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\tmpx9occh.dll (71670 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\uninst.exe (1685 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.crt\msvcm80.dll (1760 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDMReport.dll (7433 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\app.ico (1623 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\bd0003.sys (55 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\LKHelper.7z (22433 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x86\winxp\bd0003.sys (55 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSd1.exe (1658 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.crt (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86\bd0004.sys (182 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDKVDownloadProtect_x64.dll (178 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\cache_config.dat (469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\bd0001.sys (104 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMAVEng.dll (3733 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\DriverManager.dll (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86\bd0001.sys (73 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\FTSysFixer\SysFixerConfig1.dat (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\BDArKit.sys (673 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\blacksign.dat (852 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\Config\810.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\monitor_config.dat (559 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDKitUtils.dll (601 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (1237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\hips.xml (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMDownload.dll (99 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.CRT\msvcr80.dll (4185 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\websafe\white_list.dat (1636 bytes)
%Documents and Settings%\All Users\Desktop\百度æ€毒.lnk (758 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\DriverManager.dll (174 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMLog.dll (45 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\BavFrame.dll (66 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.CRT\msvcp80.dll (3361 bytes)
%System%\drivers\bd0003.sys (55 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\bduf.dll (1691 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvtrayplugins\BDKVRmvDevPlugin.dll (242 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.CRT\msvcm80.dll (3073 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\SafeExplorer_x64.dll (2321 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\hips_self_enc.xml (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKVUpdate.rdb (1674 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\drivers\BDMWrench.sys (1281 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\wverify.dat (12289 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\BavScanS.dll (66 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\drivers\x86\bd0002.sys (196 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\KVMainframe_PluginConfig1.xml (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMFrameWork.dll (283 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\BDMSkin.dll (38495 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\explugin\ieBaiduSDDetectPlug.dll (115 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\bdsg0002.dll (1708 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKV1.rdb (89 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMTinyXml.dll (181 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDKVDeskBand64.dll (125 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\hips.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\BDMDownload.dll (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\bd0004.sys (168 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\websafe\WebSafePlugin.dll (226 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\百度æ€毒\å¸载百度æ€毒.lnk (743 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\BDMNet.dll (30 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.ATL\microsoft.vc80.atl.manifest (466 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\Pizmdb.7z (132160 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BP.dll (30058 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\33f59beac1c942dd19f41a7fd30f3f9b.bdt (647 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\TrayDldProtect.rdb (113 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\websafe\DllInject.dll (45 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\System.dll (784 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\scan_mgr_config.dat (5 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\licenses\directui license.txt (593 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\809.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\806.dat (3 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\baiduRepair.dll (673 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\drivers\x64\bd0002.sys (190 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\BDSGRtp_PluginConfig.xml (680 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\BDMAVEng.dll (3786 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\hips_customer.xml (75 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca (3626 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\BDMDownload.dll (108 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\NetService.ini (615 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\repairplugins\RepairPluginContainerConfig.xml (228 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\BDMRepMgr.dll (1634 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86 (4 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x64\win7\bd0003.sys (65 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\Config\811.dat (8 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\systemfile.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\BDKitUtils.dll (66 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\DesktopToast.exe (103 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.CRT\microsoft.vc80.crt.manifest (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\BDMReport.dll (5442 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Download\bddownloader.exe (7972 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\ad.dll (1746 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMNet.dll (6351 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\plugins\baiduRepair.dll (178 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMStringUtils.dll (66 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkv\KVMainframePluginContainerConfig.xml (384 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMReport.dll (287 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\BavEngine.dll (82 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64 (4 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKVQuarantine.rdb (10 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDLogicUtils.dll (316 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\bdcomproxy.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\SafeExplorer.dll (673 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDConfig.dll (1867 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\Database\bdmp.dat (32 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvtrayplugins\BDDownLoadProtectPlugin.dll (1752 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\SafeBrowserDll.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\plugins\BDSGRtp_ContainerConfig.xml (347 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\BDSGRtp_ContainerConfig.xml (347 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BaiduProtect.exe (14022 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\plugins\HIPS.dll (12288 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKVTray\TrayPlugin.rdb (1812 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.CRT\msvcr80.dll (4185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\SafeExplorer_x64.dll (1710 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDKVWsc1.exe (1671 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\bd0001.dll (131 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\FTSysFixer\SysFixerXMLScript.dat (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.atl\atl80.dll (97 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\dynplugins\BDSGRtpDyn_PluginConfig.xml (104 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\BDMPerfMon.dll (209 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\uninst.exe (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\BDLogicUtils.dll (3833 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\BavScanH.dll (49 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmsysrepair\BDMSRCore.dll (287 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDLogicUtils.dll (164 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\safebrowser.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\BDSGRtpDyn_ContainerConfig.xml (145 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x86\BDArKit.sys (132 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.ATL\atl80.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.CRT\msvcm80.dll (3073 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdUpdate.exe (5442 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Download\bdcomproxy.dll (70 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\ToastImage.png (5 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\websafe\WebMonHook.dll (320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\fileverify.xml (1 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\Config\901.dat (8 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\app.ico (34 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\Config\809.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\BDMNetGetInfo.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsdB5.tmp (161100 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\bd0002.dll (1749 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\dl.dll (14988 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\7z.dll (1649 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\res\onlineWnd.zip (16424 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\Database\bdvs.dat (5 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\patch.7z (5442 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\BDDownload\2032233599\Setting\host.dat (306 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.CRT\microsoft.vc80.crt.manifest (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMPatchAgent.dll (41 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\KVRtp_PluginConfig.xml (2 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\websafe\WebSafe.dll (7386 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\NetService.ini (615 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\Config\900.dat (8 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.CRT\microsoft.vc80.crt.manifest (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\804.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvtrayplugins\TrayPluginContainerConfig.xml (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMPatchAgent.dll (45 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\BDUDiskGuard.dll (201 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\BDMNet.dll (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fixsvc.dll (23407 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\explugin\npBaiduSDDetectPlug.dll (99 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86\BDMWrench.sys (209 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKVTray.rdb (40 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMWindowsLib.dll (99 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86\BDArKit.sys (132 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\GCCallbackBind.dll (41 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\Cooly_PluginConfig.xml (726 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\BavCommon.dll (226 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKVMC.rdb (161 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvrtpplugins\FileMon.dll (3700 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\drivers\BDSafeBrowser.sys (54 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.CRT\msvcr80.dll (4185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86\BDSafeBrowser.sys (54 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDMDownload.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.crt\msvcp80.dll (1835 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvrtpplugins\fm.dat (597 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\KVTray_PluginConfig.xml (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMBase.dll (6400 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\updlog.dll (15 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDKVMainFrame.dll (5442 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdBugRpt.exe (3782 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BaiduHipsUpdate.exe (39 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.ATL\atl80.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\BDMReport.dll.bdl (28762 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMEvents.dll (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\bd64_x64.dll (41 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\GameNoDisturb.ini (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\BDKitUtils.dll (66 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDShellExt64.dll (1720 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\Repair_PluginConfig1.xml (411 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDPerflog.dll (156 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.CRT\msvcm80.dll (3073 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKVTips.rdb (69 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\TrustAndIso.dll (78 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\ToastLogo.ico (1623 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\slbynsdh.dll.bdl (316550 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\HIPS.dll (14022 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\safebrowser.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\BDSGRtpDyn_PluginConfig.xml (104 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\SearchProtection.rdb (132 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\fileverify.xml (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\vatl.msi (182 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\repairplugins\baidusdRepair1.dll (168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\c1e34f06c619c930edcb862b30719b3f.bdt (631 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\dl.dll (65930 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\drivers\x86\bd0001.sys (70 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\ccesign.dat (1611 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\CompatibilityChecker.dll (160 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDLogicUtils.dll (5441 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\900.dat (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\BDArKit.sys (141 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x86\win7\bd0003.map (40 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmsysrepair\BSRLib.dat (141 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\dl.dll (14988 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMScriptVM.dll (213 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMFrameWork.dll (308 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMNet.dll (3901 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\uninst.exe (3913 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\FTSysFixer\SysFixerLuaScript.dat (117 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\blacksign.dat (852 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\drivers\bd0001.sys (601 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\drivers\bd0004.sys (673 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDKVDeskBand.dll (136 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\KavUpdate.dll (1658 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\901.dat (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.atl\microsoft.vc80.atl.manifest (466 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\811.dat (8 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKVConfig.rdb (144 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Download\dl.dll (12289 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\drivers\x64\bd0001.sys (174 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\BDSGBugRpt.exe (3858 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdUProxy64.exe (3791 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMReport.dll (1666 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x86\winxp\bd0003.map (38 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\GCScriptBind.dll (6400 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\InstallCfg.xml (177 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\hips_product1.xml (291 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMSDWrench.dll (99 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\SafeBrowserHelper.dll (55 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\coolyplugins\CoolyContainerConfig.xml (329 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\BDMAVCached.dll (1658 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\810.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\tips.xml (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMNetGetInfo.dll (322 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\systemfile.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BaiduHipsBugRpt.exe (1843 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\licenses\duilib license.txt (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvtrayplugins\BDKVTrayTipsPlugin.dll (197 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\BDSafeBrowser.sys (51 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x64\BDArKit.sys (141 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.ATL\atl80.dll (601 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMAVE.dll (258 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\hu.dll (3312 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\bdsg0001.dll (601 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\wverify.dat (12289 bytes)
%System%\drivers\BDArKit.sys (1346 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.ATL\microsoft.vc80.atl.manifest (466 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\KVFixerConfigMgr.dll (234 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.CRT\msvcp80.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\bdsg0001.dll (115 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMDbSqlite.dll (1867 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDKVDownloadProtect.dll (152 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvrtpplugins\RtpContainerConfig.xml (818 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\DriverManager.dll (115 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\ad.dll (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\dynplugins\BDSGRtpDyn_ContainerConfig.xml (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\plugins (4 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\BDMWrench.sys (726 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvrtpplugins\HIPSClient.dll (1740 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\BavScanM.dll (66 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BaiduHips1.exe (7972 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\7z.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\SafeBrowserHelper.dll (55 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\plugins\BDSGRtp_ContainerConfig.xml (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers_back\x86 (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers_back\x86\winxp\bd0003.map (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\plugins (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\vatl.msi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fixsvc.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.atl\microsoft.vc80.atl.manifest (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers_back\x86\win7\bd0003.map (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\vcrt.msi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\dynplugins\BDSGRtpDyn_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86\BDArKit.sys (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\900.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\BDArKit.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers_back\x86\BDArKit.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\dynplugins\BDSGRtpDyn_ContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.atl (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers_back\x64 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64 (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Download\bdcomproxy.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\plugins\HIPS.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86\BDMWrench.sys (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\901.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\plugins\baiduRepair.dll (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\811.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\plugins\BDSGRtp_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\bd0001.sys (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers_back\x64\win7\bd0003.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\Pizmdb.7z (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.crt (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers_back\x86\winxp\bd0003.sys (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers_back\x64\win7\bd0003.map (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.crt\microsoft.vc80.crt.manifest (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\bd64_x86.dll (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\809.dat (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Download\dl.dll (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\810.dat (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\806.dat (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\804.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\LKHelper.7z (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\BDSafeBrowser.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.crt\msvcr80.dll (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers_back\x86\win7\bd0003.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86\BDSafeBrowser.sys (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Download\7z.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsyB4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\dynplugins (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers_back\x86\win7 (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Download\bddownloader.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.crt\msvcm80.dll (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers_back\BDMWrench.sys (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers_back\x86\winxp (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers_back\x64\win7 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\bd0004.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\bd64_x64.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86\bd0004.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.crt\msvcp80.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.atl\atl80.dll (0 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers_back\x64\BDArKit.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86\bd0001.sys (0 bytes)
The process bddownloader.exe:2932 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%WinDir%\Temp\bdt\a698a77d83bc1d0bd60da931227c7d5a.bdt (71 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\dnw.xml.tmp.bdl (309 bytes)
The Malware deletes the following file(s):
%Program Files%\BaiduSd2.1\2.1.0.2625\dnw.xml.tmp.bdl (0 bytes)
Registry activity
The process BaiduSd.exe:1376 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EB 7C 08 8A D1 99 71 90 45 15 32 11 0E 64 21 D0"
The process regsvr32.exe:2632 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "25 65 E6 0B 09 53 DB 05 17 76 03 1A 3B 26 75 91"
[HKCR\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}]
"(Default)" = "IDownloader_2"
[HKCR\CLSID\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\InProcServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}]
"(Default)" = "PSFactoryBuffer"
[HKCR\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}\ProxyStubClsid32]
"(Default)" = "{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}"
[HKCR\CLSID\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\InProcServer32]
"(Default)" = "%Program Files%\Common Files\Baidu\BDDownload\108\bdcomproxy.dll"
[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}]
"(Default)" = "IDownloader"
[HKCR\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}\NumMethods]
"(Default)" = "6"
[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\NumMethods]
"(Default)" = "15"
[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid32]
"(Default)" = "{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}"
The process BaiduHips.exe:1164 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\System\CurrentControlSet\Services\bd0002]
"Description" = "bd0002"
[HKLM\System\CurrentControlSet\Services\bd0001]
"Tag" = "1"
[HKLM\System\CurrentControlSet\Services\bd0002]
"Type" = "1"
"ImagePath" = "system32\DRIVERS\bd0002.sys"
[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bddriver" = "02 00 00 00 01 00 00 00 02 00 00 00"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKLM\System\CurrentControlSet\Services\bd0002]
"DisplayName" = "bd0002"
[HKLM\System\CurrentControlSet\Services\bd0001]
"Type" = "1"
[HKLM\System\CurrentControlSet\Services\bd0002]
"ErrorControl" = "0"
"Group" = "bddriver"
"Tag" = "2"
[HKLM\System\CurrentControlSet\Services\bd0001]
"ImagePath" = "system32\DRIVERS\bd0001.sys"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "99 1B CA 5C 40 C2 4B 86 12 8B 41 2E C1 04 5B 2B"
[HKLM\System\CurrentControlSet\Services\bd0001]
"Group" = "bddriver"
"DisplayName" = "bd0001"
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640.bak, , \??\%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch.bak,"
[HKLM\System\CurrentControlSet\Services\bd0002]
"InstallDir_hips" = "%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640"
[HKLM\System\CurrentControlSet\Services\bd0001]
"ErrorControl" = "0"
"Description" = "bd0001"
[HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ParseAutoexec" = "1"
The following driver will be automatically launched by the NT Native code (IoInitSystem method):
[HKLM\System\CurrentControlSet\Services\bd0002]
"Start" = "1"
[HKLM\System\CurrentControlSet\Services\bd0001]
"Start" = "1"
The Malware deletes the following value(s) in system registry:
[HKLM\System\CurrentControlSet\Services\bd0002]
"DeleteFlag"
[HKLM\System\CurrentControlSet\Services\bd0001]
"DeleteFlag"
The process BaiduHips.exe:1888 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\System\CurrentControlSet\Services\bd0002]
"Description" = "bd0002"
[HKLM\SOFTWARE\Baidu\BaiduHips]
"InstallPath" = "%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BaiduHips.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKLM\SOFTWARE\Baidu\BaiduHips]
"Version" = "1.0.0.640"
[HKLM\System\CurrentControlSet\Services\bd0002]
"Type" = "1"
"ImagePath" = "system32\DRIVERS\bd0002.sys"
[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bddriver" = "02 00 00 00 01 00 00 00 02 00 00 00"
[HKLM\System\CurrentControlSet\Services\bd0001]
"Tag" = "1"
[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bdsvcorder" = "04 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00"
[HKLM\System\CurrentControlSet\Services\bd0002]
"DisplayName" = "bd0002"
[HKLM\System\CurrentControlSet\Services\bd0001]
"Type" = "1"
[HKLM\System\CurrentControlSet\Services\bd0002]
"ErrorControl" = "0"
"Group" = "bddriver"
"Tag" = "2"
[HKLM\System\CurrentControlSet\Services\bd0001]
"ImagePath" = "system32\DRIVERS\bd0001.sys"
[HKLM\System\CurrentControlSet\Services\BaiduHips]
"Group" = "bdsvcorder"
[HKLM\System\CurrentControlSet\Services\BDKVRTP]
"Tag" = "2"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "72 73 69 7B 1A 54 9D E6 1F F4 C2 28 11 45 18 B9"
[HKLM\System\CurrentControlSet\Control\ServiceGroupOrder]
"List" = "System Reserved, Boot Bus Extender, System Bus Extender, SCSI miniport, Port, Primary Disk, SCSI Class, SCSI CDROM Class, FSFilter Infrastructure, FSFilter System, FSFilter Bottom, FSFilter Copy Protection, FSFilter Security Enhancer, FSFilter Open File, FSFilter Physical Quota Management, FSFilter Encryption, FSFilter Compression, FSFilter HSM, FSFilter Cluster File System, FSFilter System Recovery, FSFilter Quota Management, FSFilter Content Screener, FSFilter Continuous Backup, FSFilter Replication, bddriver, FSFilter Anti-Virus, FSFilter Undelete, FSFilter Activity Monitor, FSFilter Top, Filter, Boot File System, Base, Pointer Port, Keyboard Port, Pointer Class, Keyboard Class, Video Init, Video, Video Save, File System, Event Log, Streams Drivers, NDIS Wrapper, bdsvcorder, COM Infrastructure, UIGroup, LocalValidation, PlugPlay, PNP_TDI, NDIS, TDI, NetBIOSGroup, ShellSvcGroup, SchedulerGroup, SpoolerGroup, AudioGroup, SmartCardGroup, NetworkProvider, RemoteValidation, NetDDEGroup, Parallel arbitrator, Extended Base, PCI Configuration, MS Transactions"
[HKLM\System\CurrentControlSet\Services\bd0001]
"Group" = "bddriver"
"DisplayName" = "bd0001"
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640.bak,"
[HKLM\System\CurrentControlSet\Services\bd0002]
"InstallDir_hips" = "%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640"
[HKLM\System\CurrentControlSet\Services\bd0001]
"ErrorControl" = "0"
[HKLM\System\CurrentControlSet\Services\BaiduHips]
"Tag" = "1"
[HKLM\System\CurrentControlSet\Services\bd0001]
"Description" = "bd0001"
[HKLM\System\CurrentControlSet\Services\BDKVRTP]
"Group" = "bdsvcorder"
[HKLM\SOFTWARE\Baidu\BaiduHips]
"InstallDir" = "%Program Files%\Common Files\Baidu\BaiduHips"
The following driver will be automatically launched by the NT Native code (IoInitSystem method):
[HKLM\System\CurrentControlSet\Services\bd0002]
"Start" = "1"
[HKLM\System\CurrentControlSet\Services\bd0001]
"Start" = "1"
The Malware deletes the following value(s) in system registry:
[HKLM\System\CurrentControlSet\Services\bd0002]
"DeleteFlag"
[HKLM\System\CurrentControlSet\Services\bd0001]
"DeleteFlag"
The process BaiduSdSvc.exe:1600 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\System\CurrentControlSet\Services\bd0003]
"Group" = "FSFilter Anti-Virus"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"Description" = "BDArKit"
[HKLM\System\CurrentControlSet\Services\BDMWrench]
"DisplayName" = "BDMWrench"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"Type" = "1"
"Group" = "bddriver"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"ImagePath" = "system32\DRIVERS\BDArKit.sys"
[HKLM\System\CurrentControlSet\Services\BDMWrench]
"ImagePath" = "system32\DRIVERS\BDMWrench.sys"
[HKLM\System\CurrentControlSet\Services\bd0003]
"ErrorControl" = "1"
[HKLM\System\CurrentControlSet\Services\BDMWrench]
"Description" = "BDMWrench"
[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bddriver" = "02 00 00 00 01 00 00 00 02 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\System\CurrentControlSet\Services\bd0003]
"ImagePath" = "system32\DRIVERS\bd0003.sys"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKLM\System\CurrentControlSet\Services\bd0003]
"Description" = "百度æ€毒功能组件"
[HKLM\System\CurrentControlSet\Services\BDMWrench]
"Tag" = "5"
[HKLM\System\CurrentControlSet\Services\bd0003\Instances]
"DefaultInstance" = "bd0003 Instance"
[HKLM\System\CurrentControlSet\Services\BDMWrench]
"Type" = "1"
[HKLM\System\CurrentControlSet\Services\bd0003]
"Type" = "2"
[HKLM\System\CurrentControlSet\Services\BDKVRTP]
"ImagePath" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdSvc.exe -r"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Services\BDMWrench]
"Group" = "bddriver"
[HKLM\System\CurrentControlSet\Services\bd0003]
"Tag" = "3"
[HKLM\System\CurrentControlSet\Services\bd0003\Instances\bd0003 Instance]
"Altitude" = "326912"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"DisplayName" = "BDArKit"
"Tag" = "4"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A1 CA 4C F6 13 EC ED 83 E0 E0 C0 92 67 7A 3D 54"
[HKLM\System\CurrentControlSet\Services\bd0002]
"InstallDir_sd" = "%Program Files%\BaiduSd2.1\2.1.0.2625"
[HKLM\System\CurrentControlSet\Services\bd0003]
"DependOnService" = "FltMgr"
[HKLM\System\CurrentControlSet\Services\BDMWrench]
"ErrorControl" = "0"
[HKLM\System\CurrentControlSet\Services\bd0003\Instances\bd0003 Instance]
"Flags" = "0"
[HKLM\System\CurrentControlSet\Services\bd0003]
"DisplayName" = "bd0003"
[HKLM\System\CurrentControlSet\Services\BDKVRTP]
"Group" = "COM Infrastructure"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"ErrorControl" = "0"
The following service will be launched automatically at system boot up:
[HKLM\System\CurrentControlSet\Services\BDArKit]
"Start" = "2"
To automatically run itself each time Windows is booted, the Malware adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"baidusdTray" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdTray.exe -stmd=3"
"baidusdTray" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdTray.exe -stmd=3"
The following driver will be automatically launched by the NT Native code (IoInitSystem method):
[HKLM\System\CurrentControlSet\Services\bd0003]
"Start" = "1"
[HKLM\System\CurrentControlSet\Services\BDMWrench]
"Start" = "1"
The Malware deletes the following value(s) in system registry:
[HKLM\System\CurrentControlSet\Services\bd0003]
"DeleteFlag"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"DeleteFlag"
[HKLM\System\CurrentControlSet\Services\BDMWrench]
"DeleteFlag"
The process BaiduSdSvc.exe:1112 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "95 79 49 DF 19 C9 E2 D5 AD 40 65 4B 4C E9 4B 8D"
The process BDSGBugRpt.exe:1112 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DE 13 25 6A 95 8C 26 3D 70 ED 3F C9 FF 06 4D 35"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\LocalService\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\LocalService\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files"
The process BaiduProtect.exe:2980 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "73 CA 29 09 6D DA 60 35 DB C6 85 47 4B 35 36 56"
[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bddriver" = "02 00 00 00 01 00 00 00 02 00 00 00"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files"
"Cookies" = "%Documents and Settings%\LocalService\Cookies"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = ""
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486]
"BDSGBugRpt.exe" = "异常报告程åºÂÂ"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = ""
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"
The Malware modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
The Malware modifies IE settings for security zones to map all urls to the Intranet Zone:
"IntranetName" = "1"
The Malware modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
The process RegSvr32.exe:452 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKCR\AppID\ieCommonPlugin.DLL]
"AppID" = "{6B4447CA-C33E-4E65-914D-C7B346D73F80}"
[HKCR\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\InprocServer32]
"(Default)" = "%Program Files%\BaiduSd2.1\2.1.0.2625\explugin\ieBaiduSDDetectPlug.dll"
[HKCR\Interface\{C7777CD6-0F43-49E4-B988-F62E3BA5130A}\TypeLib]
"Version" = "1.0"
"(Default)" = "{9A93865B-4314-47AE-8C4A-850748CCC6BF}"
[HKCR\Interface\{C7777CD6-0F43-49E4-B988-F62E3BA5130A}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\VersionIndependentProgID]
"(Default)" = "ieCommonPlugin.Implement"
[HKCR\TypeLib\{9A93865B-4314-47AE-8C4A-850748CCC6BF}\1.0\FLAGS]
"(Default)" = "0"
[HKCR\ieCommonPlugin.Implement]
"(Default)" = "Implement Class"
[HKCR\TypeLib\{9A93865B-4314-47AE-8C4A-850748CCC6BF}\1.0\HELPDIR]
"(Default)" = ""
[HKCR\ieCommonPlugin.Implement\CurVer]
"(Default)" = "ieCommonPlugin.Implement.1"
[HKCR\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\ProgID]
"(Default)" = "ieCommonPlugin.Implement.1"
[HKCR\ieCommonPlugin.Implement\CLSID]
"(Default)" = "{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}"
[HKCR\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}]
"(Default)" = "Implement Class"
[HKCR\Interface\{C7777CD6-0F43-49E4-B988-F62E3BA5130A}]
"(Default)" = "IImplement"
[HKCR\AppID\{6B4447CA-C33E-4E65-914D-C7B346D73F80}]
"(Default)" = "ieCommonPlugin"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "ED 2F 12 B5 E1 44 D7 9E 57 A6 EA 57 B3 89 16 66"
[HKCR\TypeLib\{9A93865B-4314-47AE-8C4A-850748CCC6BF}\1.0\0\win32]
"(Default)" = "%Program Files%\BaiduSd2.1\2.1.0.2625\explugin\ieBaiduSDDetectPlug.dll"
[HKCR\ieCommonPlugin.Implement.1\CLSID]
"(Default)" = "{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}"
[HKCR\ieCommonPlugin.Implement.1]
"(Default)" = "Implement Class"
[HKCR\Interface\{C7777CD6-0F43-49E4-B988-F62E3BA5130A}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\TypeLib]
"(Default)" = "{9A93865B-4314-47AE-8C4A-850748CCC6BF}"
[HKCR\TypeLib\{9A93865B-4314-47AE-8C4A-850748CCC6BF}\1.0]
"(Default)" = "ieCommonPlugin 1.0 Type Library"
[HKCR\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\InprocServer32]
"ThreadingModel" = "Apartment"
The process RegSvr32.exe:1528 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "76 FD E1 D5 0D 00 48 B5 D8 B2 BA 9F 5C 16 0F 2C"
[HKCR\CLSID\{15DEE173-1BE9-4424-81E0-58A87076E9B1}\InprocServer32]
"ThreadingModel" = "Apartment"
"(Default)" = "%Program Files%\BaiduSd2.1\2.1.0.2625\websafe\WebMonBHO.dll"
[HKCR\CLSID\{15DEE173-1BE9-4424-81E0-58A87076E9B1}]
"(Default)" = "WebMonBHO"
It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15DEE173-1BE9-4424-81E0-58A87076E9B1}]
"(Default)" = "BDHOOK"
"NoExplorer" = "1"
The process RegSvr32.exe:1440 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKCR\TypeLib\{45D1EEF3-7713-48FA-B7A5-B77229C7D330}\1.0]
"(Default)" = "BDShellExt 1.0 Type Library"
[HKCR\BDShellExt.BDShellExtMenu\CurVer]
"(Default)" = "BDShellExt.BDShellExtMenu.1"
[HKCR\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\NumMethods]
"(Default)" = "3"
[HKCR\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}]
"(Default)" = "IBDShellExtMenu"
[HKCR\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\TypeLib\{45D1EEF3-7713-48FA-B7A5-B77229C7D330}\1.0\FLAGS]
"(Default)" = "0"
[HKCR\CLSID\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\InProcServer32]
"(Default)" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BDShellExt.dll"
[HKCR\BDShellExt.BDShellExtMenu.1]
"(Default)" = "BDShellExtMenu Class"
[HKCR\BDShellExt.BDShellExtMenu]
"(Default)" = "BDShellExtMenu Class"
[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}\InprocServer32]
"(Default)" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BDShellExt.dll"
[HKCR\BDShellExt.BDShellExtMenu.1\CLSID]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"
[HKCR\lnkfile\shellex\ContextMenuHandlers\BDShellExt]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"
[HKCR\AppID\BDShellExt.DLL]
"AppID" = "{FBE0E29B-01DB-4876-B147-46F5AABA6823}"
[HKCR\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\TypeLib]
"Version" = "1.0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00890530-6A9F-4be2-B1BB-73F01E2BB986}" = "BDShellExtMenu Class"
[HKCR\BDShellExt.BDShellExtMenu\CLSID]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"
[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}\TypeLib]
"(Default)" = "{45D1EEF3-7713-48fa-B7A5-B77229C7D330}"
[HKCR\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\TypeLib]
"(Default)" = "{45D1EEF3-7713-48FA-B7A5-B77229C7D330}"
[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}\VersionIndependentProgID]
"(Default)" = "BDShellExt.BDShellExtMenu"
[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}\ProgID]
"(Default)" = "BDShellExt.BDShellExtMenu.1"
[HKCR\AllFilesystemObjects\shellex\ContextMenuHandlers\BDShellExt]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"
[HKCR\CLSID\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}]
"(Default)" = "PSFactoryBuffer"
[HKCR\AppID\{FBE0E29B-01DB-4876-B147-46F5AABA6823}]
"(Default)" = "BDShellExt"
[HKCR\TypeLib\{45D1EEF3-7713-48FA-B7A5-B77229C7D330}\1.0\0\win32]
"(Default)" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BDShellExt.dll"
[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}]
"AppID" = "{FBE0E29B-01DB-4876-B147-46F5AABA6823}"
[HKCR\CLSID\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\InProcServer32]
"ThreadingModel" = "Both"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DA C4 FE 4E AF 25 BA 19 18 DB 8A 95 B3 54 97 D6"
[HKCR\Folder\shellex\ContextMenuHandlers\BDShellExt]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"
[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}]
"(Default)" = "BDShellExtMenu Class"
[HKCR\TypeLib\{45D1EEF3-7713-48FA-B7A5-B77229C7D330}\1.0\HELPDIR]
"(Default)" = ""
[HKCR\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}\InprocServer32]
"ThreadingModel" = "Apartment"
The process %original file name%.exe:632 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin\MimeTypes\application/np-BaiduSDDetect]
"Description" = "BaidusdDetectNPPlugin"
[HKLM\SOFTWARE\Baidu\BaiduSd]
"InstallDate" = "2014-9-24"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度æ€毒]
"UninstallString" = "%Program Files%\BaiduSd2.1\2.1.0.2625\uninst.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKLM\SOFTWARE\Baidu\BaiduSd]
"Version" = "2.1.0.2625"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度æ€毒]
"DisplayVersion" = "2.1.0.2625"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\iexplore\AllowedDomains\*]
"(Default)" = ""
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Common Files\Baidu\BDDownload\108]
"bddownloader.exe" = "百度高速下载引擎"
[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"vendor" = "Beijing baidu Netcom science and technology co.ltd"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Services\bd0003]
"Description" = "百度æ€毒功能组件"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度æ€毒]
"Publisher" = "百度在线网络技术(åŒâ€â€ÃƒÂ¤Ã‚ºÂ¬Ã¯Â¼â€°Ã¦Å“䎪ÂÂå…¬å¸"
[HKLM\System\CurrentControlSet\Services\bd0001]
"Type" = "1"
[HKLM\System\CurrentControlSet\Services\bd0003\Instances]
"DefaultInstance" = "bd0003 Instance"
[HKLM\System\CurrentControlSet\Services\bd0003\Instances\bd0003 Instance]
"Altitude" = "326912"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"Tag" = "4"
[HKLM\System\CurrentControlSet\Services\bd0004]
"ErrorControl" = "0"
[HKLM\SOFTWARE\Baidu\BaiduProtect]
"Version" = "1.3.0.486"
"INSTLANG" = "2052"
[HKLM\System\CurrentControlSet\Services\bd0004]
"Tag" = "2"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"ErrorControl" = "0"
[HKLM\System\CurrentControlSet\Services\bd0003]
"Group" = "FSFilter Anti-Virus"
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640.bak, , \??\%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch.bak, , \??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\ypvsy\BaiduProtect\7z.dll,"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"Description" = "BDArKit"
[HKCR\metnsd\clsid]
"SequenceID" = "E3 BD 82 45 CB D4 B3 41 99 5C F7 DB 45 A3 8D 69"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Baidu\BaiduProtect]
"InstallDir" = "%Program Files%\Common Files\Baidu\BaiduProtect1.3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
[HKLM\SOFTWARE\Baidu\BaiduSd]
"InstallDir" = "%Program Files%\BaiduSd2.1"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "54 A0 E1 63 F3 06 3C BF 4A 9B 9B 21 6B 2E 65 82"
[HKLM\System\CurrentControlSet\Services\bd0001]
"DisplayName" = "bd0001"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Services\bd0003]
"DependOnService" = "FltMgr"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\BaiduSd2.1\2.1.0.2625]
"BaiduSdSvc.exe" = "百度æ€毒æœÂÂ务程åºÂÂ"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"Group" = "bddriver"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\System\CurrentControlSet\Services\bd0004]
"Description" = "bd0004"
[HKLM\SOFTWARE\Baidu\BaiduProtect]
"SupplyID" = "10000201"
"RtpFlag" = "273"
[HKLM\System\CurrentControlSet\Services\bd0003]
"ImagePath" = "system32\DRIVERS\bd0003.sys"
[HKLM\System\CurrentControlSet\Services\bd0004]
"ImagePath" = "system32\DRIVERS\bd0004.sys"
[HKLM\System\CurrentControlSet\Services\bd0001]
"Tag" = "1"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"ImagePath" = "system32\DRIVERS\BDArKit.sys"
[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bddriver" = "02 00 00 00 01 00 00 00 02 00 00 00"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\BaiduSd2.1\2.1.0.2625]
"BaiduSd.exe" = "百度æ€毒主程åºÂÂ"
[HKLM\System\CurrentControlSet\Services\bd0004]
"DisplayName" = "bd0004"
[HKLM\System\CurrentControlSet\Services\bd0003]
"Type" = "2"
[HKLM\System\CurrentControlSet\Services\bd0004]
"Type" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKLM\System\CurrentControlSet\Services\bd0001]
"ImagePath" = "system32\DRIVERS\bd0001.sys"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度æ€毒]
"DisplayIcon" = "%Program Files%\BaiduSd2.1\2.1.0.2625\app.ico"
[HKLM\System\CurrentControlSet\Services\bd0003]
"Tag" = "3"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"Type" = "1"
[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"Path" = "%Program Files%\BaiduSd2.1\2.1.0.2625\explugin\npBaiduSDDetectPlug.dll"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"msiexec.exe" = "Windows® installer"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度æ€毒]
"DisplayName" = "百度æ€毒2.1"
[HKLM\SOFTWARE\Baidu\BaiduSd]
"VirusTime" = "2013.11.28 0110"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Services\bd0001]
"ErrorControl" = "0"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\BaiduSd2.1\2.1.0.2625]
"BDKVWsc.exe" = "百度æ€毒安全ä¸ÂÂ心接å£"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine]
"BaiduHips.exe" = "百度安全程åºÂÂ"
[HKLM\System\CurrentControlSet\Services\bd0003]
"ErrorControl" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKLM\SOFTWARE\Baidu\BaiduSd]
"INSTLANG" = "2052"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKLM\SOFTWARE\Baidu\BaiduProtect]
"InstallDate" = "2014-9-24"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Services\bd0004]
"Group" = "bddriver"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"regsvr32.exe" = "Microsoft(C) Register Server"
[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"ProductName" = "BaiduSd"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKLM\System\CurrentControlSet\Services\bd0004]
"InstallDir_sd" = "%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"DisplayName" = "BDArKit"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"Description" = "Baidusd detect NPAPI plugin"
[HKLM\System\CurrentControlSet\Control\ServiceGroupOrder]
"List" = "System Reserved, Boot Bus Extender, System Bus Extender, SCSI miniport, Port, Primary Disk, SCSI Class, SCSI CDROM Class, FSFilter Infrastructure, FSFilter System, FSFilter Bottom, FSFilter Copy Protection, FSFilter Security Enhancer, FSFilter Open File, FSFilter Physical Quota Management, FSFilter Encryption, FSFilter Compression, FSFilter HSM, FSFilter Cluster File System, FSFilter System Recovery, FSFilter Quota Management, FSFilter Content Screener, FSFilter Continuous Backup, FSFilter Replication, bddriver, FSFilter Anti-Virus, FSFilter Undelete, FSFilter Activity Monitor, FSFilter Top, Filter, Boot File System, Base, Pointer Port, Keyboard Port, Pointer Class, Keyboard Class, Video Init, Video, Video Save, File System, Event Log, Streams Drivers, NDIS Wrapper, COM Infrastructure, UIGroup, LocalValidation, PlugPlay, PNP_TDI, NDIS, TDI, NetBIOSGroup, ShellSvcGroup, SchedulerGroup, SpoolerGroup, AudioGroup, SmartCardGroup, NetworkProvider, RemoteValidation, NetDDEGroup, Parallel arbitrator, Extended Base, PCI Configuration, MS Transactions"
[HKLM\System\CurrentControlSet\Services\bd0001]
"Description" = "bd0001"
"Group" = "bddriver"
[HKLM\System\CurrentControlSet\Services\bd0003\Instances\bd0003 Instance]
"Flags" = "0"
[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"Version" = "1.0.0.1"
[HKLM\System\CurrentControlSet\Services\bd0003]
"DisplayName" = "bd0003"
[HKLM\SOFTWARE\Baidu\BaiduSd]
"SupplyID" = "11111"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Common Files\Baidu\BDDownload\108]
"bddownloader.exe" = "%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe:*:Enabled:百度高速下载器"
The following driver will be automatically launched by the NT Native code (IoInitSystem method):
[HKLM\System\CurrentControlSet\Services\bd0001]
"Start" = "1"
The Malware modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The following driver will be automatically launched by the NT Native code (IoInitSystem method):
[HKLM\System\CurrentControlSet\Services\bd0003]
"Start" = "1"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:]
"%original file name%.exe" = "C:\%original file name%.exe:*:Enabled:百度æ€毒在线安装程åºÂÂ"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\BaiduSd2.1\2.1.0.2625]
"BaiduSdBugRpt.exe" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdBugRpt.exe:*:Enabled:百度æ€毒BUG上报程åºÂÂ"
The Malware adds process executable file it works in to the list of trusted Windows Firewall applications:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp]
"slbynsdh.dll" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\slbynsdh.dll:*:Enabled:百度æ€毒安装程åºÂÂ"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\BaiduSd2.1\2.1.0.2625]
"BaiduSdSvc.exe" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdSvc.exe:*:Enabled:百度æ€毒æœÂÂ务程åºÂÂ"
"BaiduSdTray.exe" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdTray.exe:*:Enabled:百度æ€毒托盘程åºÂÂ"
"BaiduSdUpdate.exe" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdUpdate.exe:*:Enabled:百度æ€毒更新程åºÂÂ"
"BaiduSdUProxy64.exe" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdUProxy64.exe:*:Enabled:百度æ€毒代ç†程åºÂÂ"
The following driver will be automatically launched by the NT Native code (IoInitSystem method):
[HKLM\System\CurrentControlSet\Services\bd0004]
"Start" = "1"
The Malware adds process executable file it works in to the list of trusted Windows Firewall applications:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\BaiduSd2.1\2.1.0.2625]
"BaiduSdSvc.exe" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdSvc.exe:*:Enabled:百度æ€毒æœÂÂ务程åºÂÂ"
The following service will be launched automatically at system boot up:
[HKLM\System\CurrentControlSet\Services\BDArKit]
"Start" = "2"
The Malware adds process executable file it works in to the list of trusted Windows Firewall applications:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Common Files\Baidu\BDDownload\108]
"bddownloader.exe" = "%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe:*:Enabled:百度高速下载器"
The Malware modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Malware adds process executable file it works in to the list of trusted Windows Firewall applications:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\C:]
"%original file name%.exe" = "C:\%original file name%.exe:*:Enabled:百度æ€毒在线安装程åºÂÂ"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp]
"slbynsdh.dll" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\slbynsdh.dll:*:Enabled:百度æ€毒安装程åºÂÂ"
The Malware modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
The Malware adds process executable file it works in to the list of trusted Windows Firewall applications:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\BaiduSd2.1\2.1.0.2625]
"BaiduSdUpdate.exe" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdUpdate.exe:*:Enabled:百度æ€毒更新程åºÂÂ"
"BaiduSdUProxy64.exe" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdUProxy64.exe:*:Enabled:百度æ€毒代ç†程åºÂÂ"
"BaiduSdBugRpt.exe" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdBugRpt.exe:*:Enabled:百度æ€毒BUG上报程åºÂÂ"
"BaiduSdTray.exe" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdTray.exe:*:Enabled:百度æ€毒托盘程åºÂÂ"
The Malware deletes the following value(s) in system registry:
[HKLM\System\CurrentControlSet\Services\bd0004]
"DeleteFlag"
[HKLM\SOFTWARE\Baidu\BaiduProtect]
"RtpFlag"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp]
"slbynsdh.dll"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp]
"slbynsdh.dll"
[HKLM\System\CurrentControlSet\Services\bd0001]
"DeleteFlag"
[HKLM\System\CurrentControlSet\Services\bd0003]
"DeleteFlag"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:]
"%original file name%.exe"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\C:]
"%original file name%.exe"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"DeleteFlag"
The process netsh.exe:2588 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"MaxFileSize" = "1048576"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"ConsoleTracingMask" = "4294901760"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"BitNames" = " NAP_TRACE_BASE NAP_TRACE_NETSH"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"EnableFileTracing" = "0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"Guid" = "710adbf0-ce88-40b4-a50d-231ada6593f0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"Guid" = "b0278a28-76f1-4e15-b1df-14b209a12613"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"EnableConsoleTracing" = "0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7B 49 22 9C 4B 73 3E EB BF 5C 1B 7C 55 9B 58 9B"
[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"FileDirectory" = "%windir%\tracing"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"FileTracingMask" = "4294901760"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
The Malware adds process executable file it works in to the list of trusted Windows Firewall applications:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Common Files\Baidu\BDDownload\108]
"bddownloader.exe" = "%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe:*:Enabled:百度高速下载器"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Common Files\Baidu\BDDownload\108]
"bddownloader.exe" = "%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe:*:Enabled:百度高速下载器"
The Malware deletes the following value(s) in system registry:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Common Files\Baidu\BDDownload\108]
"bddownloader.exe"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Common Files\Baidu\BDDownload\108]
"bddownloader.exe"
The process BDKVWsc.exe:2680 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "45 01 C2 47 60 C1 40 41 12 19 5D 58 3C AF 6E AD"
The process BDKVWsc.exe:1980 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "ED E9 69 5B BA C9 0E DE 2B 47 84 54 9E 52 D4 3B"
The process mscorsvw.exe:172 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\State]
"AccumulatedWaitIdleTime" = "1260000"
The process bddownloader.exe:2172 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\0\win32]
"(Default)" = "%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe"
[HKCR\BDDownloadProxy.Downloader\CLSID]
"(Default)" = "{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}"
[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\TypeLib]
"(Default)" = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"
[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\LocalServer32]
"(Default)" = "%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCR\BDDownloadProxy.Downloader.1]
"(Default)" = "Downloader Class"
[HKCR\BDDownloadProxy.Downloader.1\CLSID]
"(Default)" = "{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}"
[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\BDDownloadProxy.Downloader]
"(Default)" = "Downloader Class"
[HKCR\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}]
"(Default)" = "DownloadProxy"
[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}]
"(Default)" = "Downloader Class"
[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\ProgID]
"(Default)" = "BDDownloadProxy.Downloader.1"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"netsh.exe" = "Network Command Shell"
[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\TypeLib]
"Version" = "1.0"
[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\TypeLib]
"(Default)" = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"
[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\TypeLib]
"Version" = "1.0"
[HKCR\AppID\DownloadProxy.EXE]
"AppID" = "{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}"
[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\HELPDIR]
"(Default)" = ""
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D3 E5 C1 EF D3 F0 81 A0 E4 1A 89 38 42 27 5D 7A"
[HKCR\BDDownloadProxy.Downloader\CurVer]
"(Default)" = "BDDownloadProxy.Downloader.1"
[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\TypeLib]
"(Default)" = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"
[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}]
"(Default)" = "_IDownloaderEvents"
[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}]
"AppID" = "{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}"
[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0]
"(Default)" = "DownloadProxy 1.0 Type Library"
[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\FLAGS]
"(Default)" = "0"
[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\VersionIndependentProgID]
"(Default)" = "BDDownloadProxy.Downloader"
[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}]
"(Default)" = "IDownloader"
The Malware modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Malware modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The Malware modifies IE settings for security zones to map all urls to the Intranet Zone:
"IntranetName" = "1"
The process bddownloader.exe:2932 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "10 FC 0A E4 8C FB F6 D6 CC CB 60 1C E5 B5 83 50"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\LocalService\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
The process MsiExec.exe:1760 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F7 EF 6F 82 4A 5F E2 72 27 F7 49 AD E8 A1 CD 33"
The process MsiExec.exe:948 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2F 66 26 61 9F 42 A5 DB 51 54 65 19 A1 5C 61 E2"
Dropped PE files
| MD5 | File path |
|---|---|
| 05ca3b250b1108f1f64c2771cf25a9b6 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsiB6.tmp\BDLogicUtils.dll |
| b62367fe2d02b8f47914b088a006d50c | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsiB6.tmp\BDMDownload.dll |
| 06597a9f16b163c97b8f95d457bce8b2 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsiB6.tmp\BDMNet.dll |
| 12f98be1d919784370eb0f87e78b60d8 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsiB6.tmp\BDMNetGetInfo.dll |
| 30cbc602ada7cdfb0346038c05996d84 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsiB6.tmp\BDMReport.dll |
| 39257175ac9c90199c69aea1a7bcbda0 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsiB6.tmp\BDMSkin.dll |
| 1c951bbcbc780046d6be1079a04870a4 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsiB6.tmp\System.dll |
| 763b532d651f0ad5e135d9b57bf4fba4 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsiB6.tmp\dl.dll |
| ebfe7c9594e300bb0c16e7bb99a7e66d | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsiB6.tmp\hu.dll |
| 1eda7fb9be218d03f4f280d076c308b1 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsiB6.tmp\slbynsdh.dll |
| 4c3b7cab2c258724ed198a7fdfce524b | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsiB6.tmp\tmpx9occh.dll |
| 484e797cb0d7091f3d7b756c55b9ad75 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\7z.dll |
| df636a0b62a7b2627fc9b2d350b4bc97 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\BDKitUtils.dll |
| 22e50e5996418ee28c045e03e8317c1e | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\BDLogicUtils.dll |
| cab11c2c6400a84ed2b44d49a17f566d | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\BDMDownload.dll |
| 0c7731a8c922383486d692c4ba8d605d | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\BDMNet.dll |
| a9980d90e8f335fead9f6c56e5dd2fa0 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\BDMReport.dll |
| b17e9ce6a38e30ea726d329d4ecf7be8 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\BDSGBugRpt.exe |
| 72ecf429b94ef8c8b707785918c4d0f0 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\BaiduProtect.exe |
| e4c14afa9238cfce3f340ecfb6507cde | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\DriverManager.dll |
| ccb0c6b32e52970c2fa951eef3fe7241 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\SafeBrowserDll.dll |
| 442a27b8c9b736bd5edc19a45d935855 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\SafeBrowserHelper.dll |
| ad299e12f03562d712fb5e7e3b27148e | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\SafeExplorer.dll |
| 87157a389c35166ea44b445d67627504 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\SafeExplorer_x64.dll |
| 8a6f76a77cfaefc99103eb72667e1ed3 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\ad.dll |
| 0e44262751095514f0901ef58371dd31 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\bdsg0001.dll |
| 6cb0b19da38d75f7f014d333fcb750d5 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\bdsg0002.dll |
| be591266430719de0c05383841c2913c | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ypvsy\BaiduProtect\uninst.exe |
| bd41d5bb8e1a290fc17cb963522c0099 | c:\Program Files\BaiduSd2.1\2.1.0.2625\BAV\BavCommon.dll |
| 1b8c4af1ac0cee8301b10e5aa15751e7 | c:\Program Files\BaiduSd2.1\2.1.0.2625\BAV\BavEngine.dll |
| f01e5681328e98ea61465eb3d894078e | c:\Program Files\BaiduSd2.1\2.1.0.2625\BAV\BavFrame.dll |
| 2794ecd5040fcd59772d215c10f56470 | c:\Program Files\BaiduSd2.1\2.1.0.2625\BAV\BavScanH.dll |
| fd875b7677013cb59776fb1633c061bc | c:\Program Files\BaiduSd2.1\2.1.0.2625\BAV\BavScanM.dll |
| 0f893b451ce2e3dcc6fb17eb6ddf7e43 | c:\Program Files\BaiduSd2.1\2.1.0.2625\BAV\BavScanS.dll |
| 6075d26c90a855f6a852f435d8e695eb | c:\Program Files\BaiduSd2.1\2.1.0.2625\BAV\BavScanV.dll |
| 9d135e78639be2012fa5ffe96f05d67e | c:\Program Files\BaiduSd2.1\2.1.0.2625\BDConfig.dll |
| c837509362fbb54537dc5f055862abcf | c:\Program Files\BaiduSd2.1\2.1.0.2625\BDCooly.dll |
| 5093b3af46ddf04c9d37f39a8c3de19e | c:\Program Files\BaiduSd2.1\2.1.0.2625\BDKVDeskBand.dll |
| e7089f56cb4a01681fd26240c7073e97 | c:\Program Files\BaiduSd2.1\2.1.0.2625\BDKVDeskBand64.dll |
| 7169568c9d40e606231eda197db86d9f | c:\Program Files\BaiduSd2.1\2.1.0.2625\BDKVDownloadProtect.dll |
| 79e8dc5bff7304f2e749bd7a3ede966e | c:\Program Files\BaiduSd2.1\2.1.0.2625\BDKVDownloadProtect_x64.dll |
| ea9a4f53bc2cbc6d96b57bc7dbd5d010 | c:\Program Files\BaiduSd2.1\2.1.0.2625\BDKVMainFrame.dll |
| e5f00370504ac92ea324a7e228a864bc | c:\Program Files\BaiduSd2.1\2.1.0.2625\BDKVWsc.exe |
| e224f2c705db1d5dc2a6833987471b3d | c:\Program Files\BaiduSd2.1\2.1.0.2625\BDLogicUtils.dll |
| 475f62e609de1bb0a6b80a1cd6497457 | c:\Program Files\BaiduSd2.1\2.1.0.2625\BDMAVE.dll |
| 7256ca0513070efb47ed80ecd4429059 | c:\Program Files\BaiduSd2.1\2.1.0.2625\BDMDbSqlite.dll |
| 418d49b8e0300e76fe06f4eda9a9d2b5 | c:\Program Files\BaiduSd2.1\2.1.0.2625\BDMDownload.dll |
| 68e4ebe183d32eff69d83aca52fdb335 | c:\Program Files\BaiduSd2.1\2.1.0.2625\BDMEvents.dll |
| f8cebb784bc08068b98bbcc445476bb5 | c:\Program Files\BaiduSd2.1\2.1.0.2625\BDMFrameWork.dll |
| eb723541a974391eb23da02ac217e18f | c:\Program Files\BaiduSd2.1\2.1.0.2625\BDMNet.dll |
| 12f98be1d919784370eb0f87e78b60d8 | c:\Program Files\BaiduSd2.1\2.1.0.2625\BDMNetGetInfo.dll |
| 03cd546574a5d78612a4a730a726dfe2 | c:\Program Files\BaiduSd2.1\2.1.0.2625\BDMPatchAgent.dll |
| 9c2df6f04bd07f42274f79f45d132065 | c:\Program Files\BaiduSd2.1\2.1.0.2625\BDMReport.dll |
| 510d71d11fcd1a92ef5470b09cbd5ca6 | c:\Program Files\BaiduSd2.1\2.1.0.2625\BDMSDWrench.dll |
| 429f82b1713a659b84043a5e14b3f0eb | c:\Program Files\BaiduSd2.1\2.1.0.2625\BDMScriptVM.dll |
| b8e15a6d8b5208a0d0dee8b93dbf2160 | c:\Program Files\BaiduSd2.1\2.1.0.2625\BDMSkin.dll |
| fbcf33e8388bcadd5a98186cb1a954a5 | c:\Program Files\BaiduSd2.1\2.1.0.2625\BDMUpdate.dll |
| 4e455aad51b3a5f5e57974b0794c7ab0 | c:\Program Files\BaiduSd2.1\2.1.0.2625\BDMWindowsLib.dll |
| 0b9483044c40d82ea2b3b501d6784115 | c:\Program Files\BaiduSd2.1\2.1.0.2625\BDPerflog.dll |
| e5ac01857ca5b9239398b9412c5f2183 | c:\Program Files\BaiduSd2.1\2.1.0.2625\BDShellExt.dll |
| a502f71a2ab45b8f321d88697532208e | c:\Program Files\BaiduSd2.1\2.1.0.2625\BDShellExt64.dll |
| 944e147a57125dfd794a196a9e902d77 | c:\Program Files\BaiduSd2.1\2.1.0.2625\BP.dll |
| 6bf6776c3f619858098edb4793f5d48f | c:\Program Files\BaiduSd2.1\2.1.0.2625\BaiduSd.exe |
| 3de4ef51eb03f914a05cae3817110989 | c:\Program Files\BaiduSd2.1\2.1.0.2625\BaiduSdBugRpt.exe |
| 6a9766f5b15ce63bca734cf0da6b9c09 | c:\Program Files\BaiduSd2.1\2.1.0.2625\BaiduSdRepair.exe |
| 053ffc062010ce2f02531750daadfebb | c:\Program Files\BaiduSd2.1\2.1.0.2625\BaiduSdSvc.exe |
| 92dfb1874e8e19101bfe69443d39baa8 | c:\Program Files\BaiduSd2.1\2.1.0.2625\BaiduSdTray.exe |
| dc8314e0e9719013ea5ce12fad2fc5fd | c:\Program Files\BaiduSd2.1\2.1.0.2625\BaiduSdUProxy64.exe |
| bcec2665c4523a25ce29742b5db7d460 | c:\Program Files\BaiduSd2.1\2.1.0.2625\BaiduSdUpdate.exe |
| 6af4d5b392aaaa910d1f41255c89b9d6 | c:\Program Files\BaiduSd2.1\2.1.0.2625\Budv.dll |
| 23e5fbdc96d55dfb9a26e36081a5569f | c:\Program Files\BaiduSd2.1\2.1.0.2625\DesktopToast.exe |
| 7bc6dc9fe5852949dd9355636a088589 | c:\Program Files\BaiduSd2.1\2.1.0.2625\DriverManager.dll |
| 0000822e5a61823fe43ebcda9616f3aa | c:\Program Files\BaiduSd2.1\2.1.0.2625\GCCallbackBind.dll |
| 566b845b5b0aaf08ba99ecb3d133662d | c:\Program Files\BaiduSd2.1\2.1.0.2625\GCCommunicate.dll |
| 0b695fd68c2f0dede1088d6464b13896 | c:\Program Files\BaiduSd2.1\2.1.0.2625\GCScriptBind.dll |
| 04c06fb11fc4d19312e354d473144eda | c:\Program Files\BaiduSd2.1\2.1.0.2625\KVFixerConfigMgr.dll |
| b1f17f8bad22aba168933291d264d8b0 | c:\Program Files\BaiduSd2.1\2.1.0.2625\ad.dll |
| df636a0b62a7b2627fc9b2d350b4bc97 | c:\Program Files\BaiduSd2.1\2.1.0.2625\bdmantivirus\BDKitUtils.dll |
| 39c2b62ba4ed8d8a7d5f58d12dcff408 | c:\Program Files\BaiduSd2.1\2.1.0.2625\bdmantivirus\BDMAVCached.dll |
| f524a12edabbc9896597e62e9ed2ba52 | c:\Program Files\BaiduSd2.1\2.1.0.2625\bdmantivirus\BDMAVEng.dll |
| ccbfec786fce5ea2a3a666a92e6ec36e | c:\Program Files\BaiduSd2.1\2.1.0.2625\bdmantivirus\BDMPerfMon.dll |
| bb65a15f2d1c62d2f2a46b4de32911c0 | c:\Program Files\BaiduSd2.1\2.1.0.2625\bdmantivirus\BDMRepBase.dll |
| 7228c306b9cb258307dd3239cc32c9b3 | c:\Program Files\BaiduSd2.1\2.1.0.2625\bdmantivirus\BDMRepMgr.dll |
| ec0fbb8317ab055f1c98380a746fabd2 | c:\Program Files\BaiduSd2.1\2.1.0.2625\bdmantivirus\BDUDiskGuard.dll |
| cd798bf3c37deeafa4427304e3a07ad7 | c:\Program Files\BaiduSd2.1\2.1.0.2625\bdmantivirus\CompatibilityChecker.dll |
| c28d1dfe8c0c89b9e9fe031929b4f263 | c:\Program Files\BaiduSd2.1\2.1.0.2625\bdmantivirus\KavUpdate.dll |
| ef82355ec6c9c40dbdff8c02b3ce2721 | c:\Program Files\BaiduSd2.1\2.1.0.2625\bdmantivirus\TrustAndIso.dll |
| 4a38e8467179b9e015956fdabf160ed6 | c:\Program Files\BaiduSd2.1\2.1.0.2625\bdmantivirus\bduf.dll |
| 015714268c9e13eb93d6ada5021959c0 | c:\Program Files\BaiduSd2.1\2.1.0.2625\bdmsysrepair\BDMSRCore.dll |
| 7a216b041703797b6d000bd870b16349 | c:\Program Files\BaiduSd2.1\2.1.0.2625\bdmsysrepair\BDMSREng.dll |
| 2619bdb16bafaec8304fae07e459f321 | c:\Program Files\BaiduSd2.1\2.1.0.2625\dl.dll |
| 34e11d25672bdf576c0bf780ee757ec5 | c:\Program Files\BaiduSd2.1\2.1.0.2625\drivers\BDArKit.sys |
| 239e82ca6b4a17adc47b22aa68605114 | c:\Program Files\BaiduSd2.1\2.1.0.2625\drivers\BDMWrench.sys |
| 233c96e5369ef4b58ab606c2b150b65a | c:\Program Files\BaiduSd2.1\2.1.0.2625\drivers\bd0003.sys |
| d620be8483f68c0546d0c5143b02c3c6 | c:\Program Files\BaiduSd2.1\2.1.0.2625\explugin\ieBaiduSDDetectPlug.dll |
| 41e65f916c4cf270ea703e0468cc8ed3 | c:\Program Files\BaiduSd2.1\2.1.0.2625\explugin\npBaiduSDDetectPlug.dll |
| e136ce722d87e651908d2f8f5595848c | c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDConfig.dll |
| c358cb50d5479eaa0280e9e975e7cdcf | c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDLogicUtils.dll |
| c2d7977ac9a4e37b12517329b49de788 | c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDMAVCached.dll |
| 935c5325cd0261ab15e767b37d33b2d0 | c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDMAVEng.dll |
| f32ef9ec93cc70ddcb66bd435c01f39f | c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDMBase.dll |
| 56bf2578c56b40e9453203a745d92655 | c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDMDownload.dll |
| c9457528a89e074a56cee081dc640bde | c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDMFrameWork.dll |
| 6875451bc343fd7aa8ec7f3b9557bb69 | c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDMLog.dll |
| 6429c5c9044cd456b2e0d465074c7765 | c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDMMsg.dll |
| bdf1ca8b5dd0d5ab10003a453f11129c | c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDMNet.dll |
| 345d3cec4cf4d36994b64ecb59ec4aaa | c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDMPatchAgent.dll |
| 35cf305786664fdc2dd4923f5d219eab | c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDMReport.dll |
| fc7e6fa8257cc9d6dd902251fd69e2ff | c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDMStringUtils.dll |
| 07550c9285702edaee590fa6c3ea5a03 | c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDMTinyXml.dll |
| d543e6653f1c0bf7799978a6e15fb5f9 | c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDMUpdate.dll |
| 34709c4b09d9bf8168b18a20b8fd29f6 | c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BDPerflog.dll |
| 789c9c53cb7756e51027f68c6021504f | c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BaiduHips.exe |
| 45f038cb1ad73dc777852f3d9a8e874a | c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BaiduHipsBugRpt.exe |
| 7000e9ad04a4b0e2c0bc8b9c614cd07b | c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\BaiduHipsUpdate.exe |
| 6ecc9432e370e56bca97d6a754d37dca | c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\DriverManager.dll |
| 1f05025913e4633451d96e5bc082da4f | c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\TrustAndIso.dll |
| ae1a7564004beadae09bd097b8a38a38 | c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\bd0001.dll |
| c97b746b8bc001a2ff3c6b72149d78b9 | c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\bd0002.dll |
| 94e2246531b2e5c3319da7ab79372d2f | c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\drivers\x64\bd0001.sys |
| d1895f7555fff550e20bbf92146e17cf | c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\drivers\x64\bd0002.sys |
| 04116475cff6d3305a8233c8342ffa88 | c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\drivers\x86\bd0001.sys |
| c39fa78d836fcc2c62d16bac891394f8 | c:\Program Files\BaiduSd2.1\2.1.0.2625\hipsengine\drivers\x86\bd0002.sys |
| 80e74f4acebe3fcf63215c49dd0e4015 | c:\Program Files\BaiduSd2.1\2.1.0.2625\plugins\bdkv\BDKVVirusPlugins.dll |
| 34c200b090d1cce20603cb802d0802b6 | c:\Program Files\BaiduSd2.1\2.1.0.2625\plugins\bdkvrtpplugins\FileMon.dll |
| 2cee9d49bca0c09936c7f9ee2bfa6a0b | c:\Program Files\BaiduSd2.1\2.1.0.2625\plugins\bdkvrtpplugins\HIPSClient.dll |
| a206c24181d4a1f27c06cd0e29d05028 | c:\Program Files\BaiduSd2.1\2.1.0.2625\plugins\bdkvrtpplugins\PrivacyProtect.dll |
| 07a4615d67805fa2c70529f8247abaa7 | c:\Program Files\BaiduSd2.1\2.1.0.2625\plugins\bdkvtrayplugins\BDDownLoadProtectPlugin.dll |
| 8cf046aec1b3e8774fe30ec71fe1297d | c:\Program Files\BaiduSd2.1\2.1.0.2625\plugins\bdkvtrayplugins\BDKVRmvDevPlugin.dll |
| ac132cd5ec22b1d2d1f99410f4c1b1a4 | c:\Program Files\BaiduSd2.1\2.1.0.2625\plugins\bdkvtrayplugins\BDKVTrayTipsPlugin.dll |
| e929f3c74dd5838c4e3f3bbd28aa01e2 | c:\Program Files\BaiduSd2.1\2.1.0.2625\plugins\bdkvtrayplugins\UserDetectionPlugin.dll |
| ea98336db5a7c2da6b313c807e53b07f | c:\Program Files\BaiduSd2.1\2.1.0.2625\plugins\repairplugins\baidusdRepair.dll |
| d7fae249db5ff018e90508996e5d9174 | c:\Program Files\BaiduSd2.1\2.1.0.2625\uninst.exe |
| 3d5e90a3c4eb46f66bda1931a9907006 | c:\Program Files\BaiduSd2.1\2.1.0.2625\updlog.dll |
| e3408ea25c8e17a6b6f9910187958f5a | c:\Program Files\BaiduSd2.1\2.1.0.2625\websafe\DllInject.dll |
| 1c478ffbaa60518d1d4ff20f978c94be | c:\Program Files\BaiduSd2.1\2.1.0.2625\websafe\WebMonBHO.dll |
| 36f72e68688e83d6803123c60f0edb44 | c:\Program Files\BaiduSd2.1\2.1.0.2625\websafe\WebMonHook.dll |
| 27abe07e9ecbffb7f29e24226303fe3f | c:\Program Files\BaiduSd2.1\2.1.0.2625\websafe\WebSafe.dll |
| 5e9f80b1049bba37a7b5514790d8f586 | c:\Program Files\BaiduSd2.1\2.1.0.2625\websafe\WebSafePlugin.dll |
| 123df1ab69a1d32b42a9d6c797ac5447 | c:\Program Files\Common Files\Baidu\BDDownload\108\7z.dll |
| c7ac6fdc3f233399708cdf5edb4f7343 | c:\Program Files\Common Files\Baidu\BDDownload\108\bdcomproxy.dll |
| 2ecb6110aade861f16c9ca210f3ea005 | c:\Program Files\Common Files\Baidu\BDDownload\108\bddownloader.exe |
| 2619bdb16bafaec8304fae07e459f321 | c:\Program Files\Common Files\Baidu\BDDownload\108\dl.dll |
| e136ce722d87e651908d2f8f5595848c | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDConfig.dll |
| c358cb50d5479eaa0280e9e975e7cdcf | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDLogicUtils.dll |
| c2d7977ac9a4e37b12517329b49de788 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDMAVCached.dll |
| 935c5325cd0261ab15e767b37d33b2d0 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDMAVEng.dll |
| f32ef9ec93cc70ddcb66bd435c01f39f | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDMBase.dll |
| 56bf2578c56b40e9453203a745d92655 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDMDownload.dll |
| c9457528a89e074a56cee081dc640bde | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDMFrameWork.dll |
| 6875451bc343fd7aa8ec7f3b9557bb69 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDMLog.dll |
| 6429c5c9044cd456b2e0d465074c7765 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDMMsg.dll |
| bdf1ca8b5dd0d5ab10003a453f11129c | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDMNet.dll |
| 345d3cec4cf4d36994b64ecb59ec4aaa | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDMPatchAgent.dll |
| 35cf305786664fdc2dd4923f5d219eab | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDMReport.dll |
| fc7e6fa8257cc9d6dd902251fd69e2ff | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDMStringUtils.dll |
| 07550c9285702edaee590fa6c3ea5a03 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDMTinyXml.dll |
| d543e6653f1c0bf7799978a6e15fb5f9 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDMUpdate.dll |
| 34709c4b09d9bf8168b18a20b8fd29f6 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BDPerflog.dll |
| 789c9c53cb7756e51027f68c6021504f | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BaiduHips.exe |
| 45f038cb1ad73dc777852f3d9a8e874a | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BaiduHipsBugRpt.exe |
| 7000e9ad04a4b0e2c0bc8b9c614cd07b | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\BaiduHipsUpdate.exe |
| 6ecc9432e370e56bca97d6a754d37dca | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\DriverManager.dll |
| 1f05025913e4633451d96e5bc082da4f | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\TrustAndIso.dll |
| ae1a7564004beadae09bd097b8a38a38 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\bd0001.dll |
| c97b746b8bc001a2ff3c6b72149d78b9 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\bd0002.dll |
| 04116475cff6d3305a8233c8342ffa88 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\bd0001.sys |
| c39fa78d836fcc2c62d16bac891394f8 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\bd0002.sys |
| 85e228f2d13456e145dd756b4d7fc6e2 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduAn_HipsClient_2.1.dll |
| d5402c14fd9a98a47614f2e8fdfdfbca | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduAn_HipsClient_2.2.dll |
| 947ccea3196c6d67babd6c4d5ca71d50 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduAn_HipsClient_2.3.dll |
| 3f40b1504d7696ba7341f7ba465e3b56 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.5.dll |
| 1c7a49db64849cdfaf0d9010661e6385 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.6.dll |
| 9b664677838ed675f52337e910e0dc6c | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.7.dll |
| 3b4ef9c679537e2632ffbdbb0186f1b0 | c:\Program Files\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.8.dll |
| 484e797cb0d7091f3d7b756c55b9ad75 | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\7z.dll |
| df636a0b62a7b2627fc9b2d350b4bc97 | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDKitUtils.dll |
| 22e50e5996418ee28c045e03e8317c1e | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDLogicUtils.dll |
| cab11c2c6400a84ed2b44d49a17f566d | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDMDownload.dll |
| 0c7731a8c922383486d692c4ba8d605d | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDMNet.dll |
| a9980d90e8f335fead9f6c56e5dd2fa0 | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDMReport.dll |
| b17e9ce6a38e30ea726d329d4ecf7be8 | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDSGBugRpt.exe |
| 72ecf429b94ef8c8b707785918c4d0f0 | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BaiduProtect.exe |
| e4c14afa9238cfce3f340ecfb6507cde | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\DriverManager.dll |
| 3e9a33113d663d8bd5ed38858e669652 | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.ATL\atl80.dll |
| 75f2a9b695ef3ef22d731f059920f636 | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.CRT\msvcm80.dll |
| 8c53ccd787c381cd535d8dcca12584d8 | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.CRT\msvcp80.dll |
| 1169436ee42f860c7db37a4692b38f0e | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.CRT\msvcr80.dll |
| ccb0c6b32e52970c2fa951eef3fe7241 | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\SafeBrowserDll.dll |
| 442a27b8c9b736bd5edc19a45d935855 | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\SafeBrowserHelper.dll |
| ad299e12f03562d712fb5e7e3b27148e | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\SafeExplorer.dll |
| 87157a389c35166ea44b445d67627504 | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\SafeExplorer_x64.dll |
| 8a6f76a77cfaefc99103eb72667e1ed3 | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\ad.dll |
| 0e44262751095514f0901ef58371dd31 | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\bdsg0001.dll |
| 34e11d25672bdf576c0bf780ee757ec5 | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\drivers\BDArKit.sys |
| 2faa81c2a727604ff68d6b57fa7f352d | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\drivers\BDMWrench.sys |
| 4d6f4a3243506c60a69e176d1ca150fa | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\drivers\BDSafeBrowser.sys |
| affec9e725e6cf9762c6bc2fd35c6ae4 | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\drivers\bd0001.sys |
| 30d5d35c0496cb8b8357fd8ff9d098fc | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\drivers\bd0004.sys |
| 3e9a33113d663d8bd5ed38858e669652 | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.ATL\atl80.dll |
| 75f2a9b695ef3ef22d731f059920f636 | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.CRT\msvcm80.dll |
| 8c53ccd787c381cd535d8dcca12584d8 | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.CRT\msvcp80.dll |
| 1169436ee42f860c7db37a4692b38f0e | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.CRT\msvcr80.dll |
| a15ea9c8fe8a3b4b0706da8fb2e1a7b1 | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\HIPS.dll |
| 3e9a33113d663d8bd5ed38858e669652 | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.ATL\atl80.dll |
| 75f2a9b695ef3ef22d731f059920f636 | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.CRT\msvcm80.dll |
| 8c53ccd787c381cd535d8dcca12584d8 | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.CRT\msvcp80.dll |
| 1169436ee42f860c7db37a4692b38f0e | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.CRT\msvcr80.dll |
| 0a786745000c626ae21e19b008f67457 | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\baiduRepair.dll |
| be591266430719de0c05383841c2913c | c:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\uninst.exe |
| 3e9a33113d663d8bd5ed38858e669652 | c:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll |
| 75f2a9b695ef3ef22d731f059920f636 | c:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll |
| 8c53ccd787c381cd535d8dcca12584d8 | c:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll |
| 1169436ee42f860c7db37a4692b38f0e | c:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll |
| 34e11d25672bdf576c0bf780ee757ec5 | c:\WINDOWS\system32\drivers\BDArKit.sys |
| 239e82ca6b4a17adc47b22aa68605114 | c:\WINDOWS\system32\drivers\BDMWrench.sys |
| 4d6f4a3243506c60a69e176d1ca150fa | c:\WINDOWS\system32\drivers\BDSafeBrowser.sys |
| 04116475cff6d3305a8233c8342ffa88 | c:\WINDOWS\system32\drivers\bd0001.sys |
| c39fa78d836fcc2c62d16bac891394f8 | c:\WINDOWS\system32\drivers\bd0002.sys |
| 233c96e5369ef4b58ab606c2b150b65a | c:\WINDOWS\system32\drivers\bd0003.sys |
| 30d5d35c0496cb8b8357fd8ff9d098fc | c:\WINDOWS\system32\drivers\bd0004.sys |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
Using the driver "%System%\DRIVERS\bd0003.sys" the Malware controls creation and closing of processes by installing the process notifier.
Using the driver "%System%\DRIVERS\bd0001.sys" the Malware controls creation and closing of processes by installing the process notifier.
Using the driver "%System%\DRIVERS\bd0001.sys" the Malware controls creation and closing of threads by installing the thread notifier.
Using the driver "%System%\DRIVERS\bd0001.sys" the Malware controls loading executable images into a memory by installing the Load image notifier.
The Malware installs the following kernel-mode hooks:
ZwUnloadKey
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Scan a system with an anti-rootkit tool.
- Terminate malicious process(es) (How to End a Process With the Task Manager):
BaiduSd.exe:1376
regsvr32.exe:2632
BaiduHips.exe:1164
BaiduHips.exe:1888
BaiduSdSvc.exe:1600
BaiduSdSvc.exe:1112
BDSGBugRpt.exe:1112
BaiduProtect.exe:2980
RegSvr32.exe:452
RegSvr32.exe:1528
RegSvr32.exe:1440
%original file name%.exe:632
netsh.exe:2588
BDKVWsc.exe:2680
BDKVWsc.exe:1980
mscorsvw.exe:172
bddownloader.exe:2172
MsiExec.exe:1760
MsiExec.exe:948 - Delete the original Malware file.
- Delete or disinfect the following files created/modified by the Malware:
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.1.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.7.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduAn_HipsClient_2.1.xml (2 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (18 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.6.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.8.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\hips_customer.xml (220 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.7.dll (3897 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.3.dll (6347 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\FileSignDB\MANIFEST-000002 (4 bytes)
%WinDir%\Temp\TarC8.tmp (2784 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.6.dll (3897 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduAn_HipsClient_2.2.xml (2 bytes)
%WinDir%\Temp\CabC7.tmp (56 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduAn_HipsClient_2.3.dll (6841 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.8.dll (2321 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.3.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.2.xml (2 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\smr.dat (37839 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduAn_HipsClient_2.3.xml (2 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (56 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.6.dll (5873 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.6.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.2.dll (7972 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduAn_HipsClient_2.2.dll (9098 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduAn_HipsClient_2.1.dll (9098 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.7.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.8.dll (1728 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (408 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.8.xml (17 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduHips\CachedDB_1\MANIFEST-000002 (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduAn_HipsClient_2.1.dll (7972 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.5.dll (7972 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.5.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.5.dll (8657 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\BaiduSd_HipsClient_1.7.dll (5873 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (408 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\un7zpatch\patch\BaiduSd_HipsClient_1.5.xml (17 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMUpdate.dll (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMReport.dll (1425 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMNet.dll (5873 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDConfig.dll (3073 bytes)
%System%\drivers\bd0002.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\bd0002.dll (3073 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMFrameWork.dll (1425 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch.7z (7433 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMAVEng.dll (4545 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\systemfile.dat (3 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMDownload.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMBase.dll (7345 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDLogicUtils.dll (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\x64\bd0001.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMPatchAgent.dll (41 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\hips_product.xml (291 bytes)
%System%\drivers\bd0001.sys (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\NetService.ini (615 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BaiduHips.exe (8657 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\x86\bd0001.sys (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\hips_self_enc.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\DriverManager.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\x86\bd0002.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMMsg.dll (49 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMTinyXml.dll (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMLog.dll (45 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\bd0001.dll (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\bd0002.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\blacksign.dat (852 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDPerflog.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\TrustAndIso.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BaiduHipsUpdate.exe (39 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\cache_config.dat (469 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMStringUtils.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BaiduHipsBugRpt.exe (3361 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\bd0001.sys (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\drivers\x64\bd0002.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\patch\placeholder_tmp (11 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\InstallCfg.xml (177 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\BDMAVCached.dll (1425 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\wverify.dat (15019 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\FileSignDB\MANIFEST-000002 (4 bytes)
%System%\config\SYSTEM.LOG (15411 bytes)
%System%\config\software (38871 bytes)
%System%\config\SOFTWARE.LOG (39198 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\IsolationDB.db-journal (532 bytes)
%System%\drivers\BDMWrench.sys (601 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\privacy.db-journal (532 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\white_list.db (145 bytes)
C:\$Directory (688 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\CachedDB_1\MANIFEST-000002 (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\white_list.db-journal (512 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Data\cache.db (149 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Data\kv.db-journal (532 bytes)
%System%\drivers\BDSafeBrowser.sys (54 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Data\apps.db-journal (10908 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Data\cache.db-journal (532 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDSGBugRpt.exe (5441 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\drivers\BDArKit.sys (673 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdRepair.exe (1744 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\app.ico (34 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\BaiduProtect.exe (12288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\SafeBrowserDll.dll (287 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\websafe\WebMonBHO.dll (1609 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMSkin.dll (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\699a753a89cb10ec8ba7f17426d84102.bdt (4 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\vcrt.msi (3742 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDShellExt.dll (1707 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdSvc1.exe (3889 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDCooly.dll (90 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\Config\806.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\GCCommunicate.dll (41 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\ad.dll (1859 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\BDMNet.dll.bdl (29010 bytes)
%System%\drivers\bd0004.sys (673 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (32 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\Config\804.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsClient.xml (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\BDLogicUtils.dll (30968 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMUpdate.dll (160 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Budv.dll (95 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMDownload.dll (1625 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMUpdate.dll (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.crt\msvcr80.dll (3705 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\patch\placeholder_tmp (11 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\TrayPlugin.rdb (268 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvtrayplugins\UserDetectionPlugin.dll (156 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDMNet.dll (7726 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkv\BDKVVirusPlugins.dll (1625 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\websafe\user_trusted_list.dat (125 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdTray1.exe (12289 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\plugins\BDSGRtp_PluginConfig.xml (680 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\cache_config.dat (469 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x64\win7\bd0003.map (34 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMMsg.dll (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.crt\microsoft.vc80.crt.manifest (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmsysrepair\BDMSREng.dll (291 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\7z.dll (2105 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\DriverManager.dll (673 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\百度æ€毒\百度æ€毒.lnk (770 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe (9605 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\bd64_x86.dll (39 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\iexplore.exe.xml (528 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\virus_type.dat (1 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.ATL\microsoft.vc80.atl.manifest (466 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.CRT\msvcp80.dll (3361 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\KVCommonRes.rdb (28502 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDConfig.dll (1781 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\kav_verify.dat (677 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x86\win7\bd0003.sys (56 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\TrustAndIso.dll (312 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\BDMRepBase.dll (6371 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvrtpplugins\PrivacyProtect.dll (172 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\BavScanV.dll (66 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMAVCached.dll (303 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDPerflog.dll (123 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Download\7z.dll (1652 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\SafeExplorer.dll (176 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\tuopan.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\tmpx9occh.dll (71670 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\uninst.exe (1685 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.crt\msvcm80.dll (1760 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDMReport.dll (7433 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\app.ico (1623 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\bd0003.sys (55 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\LKHelper.7z (22433 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x86\winxp\bd0003.sys (55 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSd1.exe (1658 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86\bd0004.sys (182 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDKVDownloadProtect_x64.dll (178 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\cache_config.dat (469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\bd0001.sys (104 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMAVEng.dll (3733 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\DriverManager.dll (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86\bd0001.sys (73 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\FTSysFixer\SysFixerConfig1.dat (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\BDArKit.sys (673 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\blacksign.dat (852 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\Config\810.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\monitor_config.dat (559 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDKitUtils.dll (601 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (1237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\hips.xml (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMDownload.dll (99 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.CRT\msvcr80.dll (4185 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\websafe\white_list.dat (1636 bytes)
%Documents and Settings%\All Users\Desktop\百度æ€毒.lnk (758 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\DriverManager.dll (174 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMLog.dll (45 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\BavFrame.dll (66 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.CRT\msvcp80.dll (3361 bytes)
%System%\drivers\bd0003.sys (55 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\bduf.dll (1691 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvtrayplugins\BDKVRmvDevPlugin.dll (242 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.CRT\msvcm80.dll (3073 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\SafeExplorer_x64.dll (2321 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\hips_self_enc.xml (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKVUpdate.rdb (1674 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\drivers\BDMWrench.sys (1281 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\wverify.dat (12289 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\BavScanS.dll (66 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\drivers\x86\bd0002.sys (196 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\KVMainframe_PluginConfig1.xml (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMFrameWork.dll (283 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\BDMSkin.dll (38495 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\explugin\ieBaiduSDDetectPlug.dll (115 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\bdsg0002.dll (1708 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKV1.rdb (89 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMTinyXml.dll (181 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDKVDeskBand64.dll (125 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\hips.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\BDMDownload.dll (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\bd0004.sys (168 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\websafe\WebSafePlugin.dll (226 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\百度æ€毒\å¸载百度æ€毒.lnk (743 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.ATL\microsoft.vc80.atl.manifest (466 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\Pizmdb.7z (132160 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BP.dll (30058 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\33f59beac1c942dd19f41a7fd30f3f9b.bdt (647 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\TrayDldProtect.rdb (113 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\websafe\DllInject.dll (45 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\System.dll (784 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\scan_mgr_config.dat (5 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\licenses\directui license.txt (593 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\809.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\806.dat (3 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\baiduRepair.dll (673 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\drivers\x64\bd0002.sys (190 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\BDSGRtp_PluginConfig.xml (680 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\BDMAVEng.dll (3786 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\hips_customer.xml (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\BDMDownload.dll (108 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\NetService.ini (615 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\repairplugins\RepairPluginContainerConfig.xml (228 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\BDMRepMgr.dll (1634 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x64\win7\bd0003.sys (65 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\Config\811.dat (8 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\systemfile.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\BDKitUtils.dll (66 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\DesktopToast.exe (103 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.CRT\microsoft.vc80.crt.manifest (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\BDMReport.dll (5442 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Download\bddownloader.exe (7972 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\ad.dll (1746 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMNet.dll (6351 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\plugins\baiduRepair.dll (178 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMStringUtils.dll (66 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkv\KVMainframePluginContainerConfig.xml (384 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMReport.dll (287 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\BavEngine.dll (82 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKVQuarantine.rdb (10 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDLogicUtils.dll (316 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\bdcomproxy.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\SafeExplorer.dll (673 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDConfig.dll (1867 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\Database\bdmp.dat (32 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvtrayplugins\BDDownLoadProtectPlugin.dll (1752 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\SafeBrowserDll.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\plugins\BDSGRtp_ContainerConfig.xml (347 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\BDSGRtp_ContainerConfig.xml (347 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BaiduProtect.exe (14022 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\plugins\HIPS.dll (12288 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKVTray\TrayPlugin.rdb (1812 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.CRT\msvcr80.dll (4185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\SafeExplorer_x64.dll (1710 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDKVWsc1.exe (1671 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\bd0001.dll (131 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\FTSysFixer\SysFixerXMLScript.dat (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.atl\atl80.dll (97 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\dynplugins\BDSGRtpDyn_PluginConfig.xml (104 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\BDMPerfMon.dll (209 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\uninst.exe (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\BDLogicUtils.dll (3833 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\BavScanH.dll (49 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmsysrepair\BDMSRCore.dll (287 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDLogicUtils.dll (164 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\safebrowser.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\BDSGRtpDyn_ContainerConfig.xml (145 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x86\BDArKit.sys (132 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.ATL\atl80.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.CRT\msvcm80.dll (3073 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdUpdate.exe (5442 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Download\bdcomproxy.dll (70 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\ToastImage.png (5 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\websafe\WebMonHook.dll (320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\fileverify.xml (1 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\Config\901.dat (8 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\app.ico (34 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\Config\809.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\BDMNetGetInfo.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsdB5.tmp (161100 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\bd0002.dll (1749 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\dl.dll (14988 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\7z.dll (1649 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\res\onlineWnd.zip (16424 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\Database\bdvs.dat (5 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\patch.7z (5442 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\BDDownload\2032233599\Setting\host.dat (306 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.CRT\microsoft.vc80.crt.manifest (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMPatchAgent.dll (41 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\KVRtp_PluginConfig.xml (2 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\websafe\WebSafe.dll (7386 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\NetService.ini (615 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\baidusd\Config\900.dat (8 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.CRT\microsoft.vc80.crt.manifest (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\804.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvtrayplugins\TrayPluginContainerConfig.xml (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMPatchAgent.dll (45 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\BDUDiskGuard.dll (201 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\BDMNet.dll (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fixsvc.dll (23407 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\explugin\npBaiduSDDetectPlug.dll (99 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86\BDMWrench.sys (209 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKVTray.rdb (40 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMWindowsLib.dll (99 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86\BDArKit.sys (132 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\GCCallbackBind.dll (41 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\Cooly_PluginConfig.xml (726 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\BavCommon.dll (226 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKVMC.rdb (161 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvrtpplugins\FileMon.dll (3700 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\drivers\BDSafeBrowser.sys (54 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.CRT\msvcr80.dll (4185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x86\BDSafeBrowser.sys (54 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDMDownload.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.crt\msvcp80.dll (1835 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvrtpplugins\fm.dat (597 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\KVTray_PluginConfig.xml (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMBase.dll (6400 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\updlog.dll (15 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDKVMainFrame.dll (5442 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdBugRpt.exe (3782 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BaiduHipsUpdate.exe (39 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.ATL\atl80.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\BDMReport.dll.bdl (28762 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMEvents.dll (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\bd64_x64.dll (41 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\GameNoDisturb.ini (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\BDKitUtils.dll (66 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDShellExt64.dll (1720 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\Repair_PluginConfig1.xml (411 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDPerflog.dll (156 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.CRT\msvcm80.dll (3073 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKVTips.rdb (69 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\TrustAndIso.dll (78 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\ToastLogo.ico (1623 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\slbynsdh.dll.bdl (316550 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\HIPS.dll (14022 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\safebrowser.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\BDSGRtpDyn_PluginConfig.xml (104 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\SearchProtection.rdb (132 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\fileverify.xml (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\vatl.msi (182 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\repairplugins\baidusdRepair1.dll (168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\c1e34f06c619c930edcb862b30719b3f.bdt (631 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\dl.dll (65930 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\drivers\x86\bd0001.sys (70 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\ccesign.dat (1611 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\CompatibilityChecker.dll (160 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\BDLogicUtils.dll (5441 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\900.dat (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\BDArKit.sys (141 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x86\win7\bd0003.map (40 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmsysrepair\BSRLib.dat (141 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\dl.dll (14988 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMScriptVM.dll (213 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMFrameWork.dll (308 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BDMNet.dll (3901 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\uninst.exe (3913 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\FTSysFixer\SysFixerLuaScript.dat (117 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\blacksign.dat (852 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\drivers\bd0001.sys (601 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\drivers\bd0004.sys (673 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDKVDeskBand.dll (136 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\KavUpdate.dll (1658 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\901.dat (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\microsoft.vc80.atl\microsoft.vc80.atl.manifest (466 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\811.dat (8 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Skins\Default\BDKVConfig.rdb (144 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Download\dl.dll (12289 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\drivers\x64\bd0001.sys (174 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\BDSGBugRpt.exe (3858 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdUProxy64.exe (3791 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMReport.dll (1666 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x86\winxp\bd0003.map (38 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\GCScriptBind.dll (6400 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\InstallCfg.xml (177 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\hips_product1.xml (291 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMSDWrench.dll (99 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\SafeBrowserHelper.dll (55 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\coolyplugins\CoolyContainerConfig.xml (329 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\BDMAVCached.dll (1658 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\Config\810.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\tips.xml (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMNetGetInfo.dll (322 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\systemfile.dat (3 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BaiduHipsBugRpt.exe (1843 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\licenses\duilib license.txt (1 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvtrayplugins\BDKVTrayTipsPlugin.dll (197 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\drivers\x64\BDSafeBrowser.sys (51 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\x64\BDArKit.sys (141 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\Microsoft.VC80.ATL\atl80.dll (601 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMAVE.dll (258 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB6.tmp\hu.dll (3312 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\bdsg0001.dll (601 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\bdmantivirus1\wverify.dat (12289 bytes)
%System%\drivers\BDArKit.sys (1346 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\dynplugins\Microsoft.VC80.ATL\microsoft.vc80.atl.manifest (466 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\KVFixerConfigMgr.dll (234 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\plugins\Microsoft.VC80.CRT\msvcp80.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\bdsg0001.dll (115 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDMDbSqlite.dll (1867 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BDKVDownloadProtect.dll (152 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvrtpplugins\RtpContainerConfig.xml (818 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\DriverManager.dll (115 bytes)
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\ad.dll (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\dynplugins\BDSGRtpDyn_ContainerConfig.xml (145 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\drivers\BDMWrench.sys (726 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\plugins\bdkvrtpplugins\HIPSClient.dll (1740 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\BAV\BavScanM.dll (66 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\hipsengine\BaiduHips1.exe (7972 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\7z.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ypvsy\BaiduProtect\SafeBrowserHelper.dll (55 bytes)
%WinDir%\Temp\bdt\a698a77d83bc1d0bd60da931227c7d5a.bdt (71 bytes)
%Program Files%\BaiduSd2.1\2.1.0.2625\dnw.xml.tmp.bdl (309 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"baidusdTray" = "%Program Files%\BaiduSd2.1\2.1.0.2625\BaiduSdTray.exe -stmd=3" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name:
Product Name:
Product Version: 1.0.334.548
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 1.0.334.548
File Description:
Comments:
Language: Chinese (Simplified, PRC)
Company Name: Product Name: Product Version: 1.0.334.548Legal Copyright: Legal Trademarks: Original Filename: Internal Name: File Version: 1.0.334.548File Description: Comments: Language: Chinese (Simplified, PRC)
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 4096 | 28432 | 28672 | 4.50399 | f569e353af0ed51bf4c216faa9bed4e7 |
| .rdata | 32768 | 10898 | 11264 | 3.04561 | 91eee43954e068e650f7b73a8b0e6915 |
| .data | 45056 | 425660 | 512 | 1.02085 | db9f7acbf1c3ddfe255077b699955dfa |
| .ndata | 471040 | 708608 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
| .rsrc | 1179648 | 22800 | 23040 | 2.38678 | 8bd0512dbc5ab778effa672da5af003c |
| .reloc | 1204224 | 3978 | 4096 | 3.73676 | c6e2afa2982abb7e027c0165ea782a0e |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
| URL | IP |
|---|---|
| hxxp://pxsw.n.shifen.com/ | |
| hxxp://baidubrs.dlmix.glb0.lxdns.com/client/dllv5/BDMReport.dll | |
| hxxp://baidubrs.dlmix.glb0.lxdns.com/client/dllv5/BDMNet.dll | |
| hxxp://sxsw.n.shifen.com/ | |
| hxxp://baidubrs.dlmix.glb0.lxdns.com/client1/common/install/31744421716/BDMZip.dll | |
| hxxp://a26.d.akamai.net/msdownload/update/v3/static/trustedr/en/authrootseq.txt | |
| hxxp://a26.d.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab | |
| hxxp://e6845.ce.akamaiedge.net/pca3.crl | |
| hxxp://e6845.ce.akamaiedge.net/pca3-g5.crl | |
| hxxp://e6845.ce.akamaiedge.net/CSC3-2010.crl | |
| hxxp://swsd.n.shifen.com/ | |
| hxxp://hy.n.shifen.com/ | |
| hxxp://baidubrs.dlmix.glb0.lxdns.com/client1/common/patch/24946961047/dnw.xml | |
| hxxp://gsdr.n.shifen.com/ | |
| hxxp://dl1sw.baidu.com/client1/common/install/31744421716/BDMZip.dll | 8.37.234.10 |
| hxxp://s.x.baidu.com/ | 180.76.2.46 |
| hxxp://dl1sw.baidu.com/client1/common/patch/24946961047/dnw.xml | 8.37.234.10 |
| hxxp://d.x.baidu.com/ | 123.125.115.130 |
| hxxp://hb.sg.baidu.com/ | 123.125.70.59 |
| hxxp://csc3-2010-crl.verisign.com/CSC3-2010.crl | 23.9.117.163 |
| hxxp://dr.sg.baidu.com/ | 123.125.70.59 |
| hxxp://up.hy.baidu.com/ | 112.80.248.17 |
| hxxp://crl.verisign.com/pca3.crl | 23.9.117.163 |
| hxxp://dl1sw.baidu.com/client/dllv5/BDMReport.dll | 8.37.234.10 |
| hxxp://p.x.baidu.com/ | 123.125.65.152 |
| hxxp://crl.verisign.com/pca3-g5.crl | 23.9.117.163 |
| hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | 184.84.243.34 |
| hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt | 184.84.243.34 |
| hxxp://upt.sg.baidu.com/ | 123.125.70.59 |
| hxxp://dl1sw.baidu.com/client/dllv5/BDMNet.dll | 8.37.234.10 |
| jp.download.iyuntian.com | 123.125.65.154 |
| tk.download.iyuntian.com | 123.125.69.209 |
| rc.download.iyuntian.com | 123.125.65.153 |
| up.download.iyuntian.com | 123.125.65.148 |
| res.download.iyuntian.com | 123.125.65.129 |
| dtrp.download.iyuntian.com | 123.125.65.150 |
| utk.download.iyuntian.com | 123.125.65.147 |
| cfg.download.iyuntian.com | 123.125.65.132 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 77
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...A........" 34774fbda3add406d6894c6154e2b3d7(.........2.8.@.H.P.X.V` ......
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 133
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ......HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 133.....y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 236
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...x..
...." 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` ...h..p......M.k...P...F.g..R{1f\.h.7..>O.O.5....F.s..8...s.j.....x.&........%/.QE..:=...!.........,F&...K...POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 228
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...x..
...." 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` ...`..(a.,\f
]...>..W..`[..K..S....DH.x.v..$z..ZM.../....&${)...=..9..bS'...nNy.S.P8..:...W.'.../W..
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 196
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` ...@...-.t.D .........x.....J9.j.u..P..W{.....R3.................}...fHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 196.....x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` ...@...-.t.D .........x.....J9.j.u..P..W{.....R3.................}...fHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 196.....x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` ...@.....2......t...vk. ..'..uw.b..C......T.,....7......#.lm.6....?!..HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 196.....x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` ...@.....2......t...vk. ..'..uw.b..C......T.,....7......#.lm.6....?!....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 196
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.L.@[^..&p..2Yd:.\.kC....Z|%...8..E.,...KKufFS..........8.@.H.P.X.` ...@. h...C}.K..!F........L......5.'..k=;$?.#V.~.......!.K...o.x....f.POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 188
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.L.@[^..&p..2Yd:.\.kC....Z|%...8..E.,...KKufFS..........8.@.H.P.X.` ...8..BW...lH..?..f...M..O.P.r.{PFpg......,.".U..\ XXk...,...*POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 188
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.L.@[^..&p..2Yd:.\.kC....Z|%...8..E.,...KKufFS..........8.@.H.P.X.` ...8.....u...F$.[.<.I15.. Y...9..z{7(.6...nG..@.O...i~r*
..N.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 148
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.0......G"7.../,....:$.....^1Qa./z..>..."..z.k9.BYHO.S..8.@.H.P.X.` ..... .&.~.I.....sL...HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 148.....x........" 34774fbda3add406d6894c6154e2b3d7(.........28.0......G"7.../,....:$.....^1Qa./z..>..."..z.k9.BYHO.S..8.@.H.P.X.` ..... .&.~.I.....sL...HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 148.....x........" 34774fbda3add406d6894c6154e2b3d7(.........28J..loRN.0EE..<Su&......n......A..)..#z...2.m.....r.<6.`.8.@.H.P.X.` ...........'!~O.|...V.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 148.....x........" 34774fbda3add406d6894c6154e2b3d7(.........28..n...!.YOz...T!.....jj...>.D.6.... =../I......d...".C..8.@.H.P.X.` ..........yJ.5.?..jOR[....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 212
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.L.@[^..&p..2Yd:.\.kC....Z|%...8..E.,...KKufFS..........8.@.H.P.X.` ...P. ..Kb....OA.#..#...w....E..s2=....m..3..K.....i..X...&............J.J .h..Y.U.j..
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 148
...x........" 34774fbda3add406d6894c6154e2b3d7(.........284...S....i....F.T.....da....v.5...E....y...5TD...C...~..8.@.H.P.X.` ..... .b3...EE..q....-....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 212
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` ...P.,nL.H..Z...^).p).W.Q.9....$....@..9Tv...Q;.t.H.8..k..~.=.2. ..7..r$.......n......
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 148
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` .....,o...0........0....
GET /client1/common/install/31744421716/BDMZip.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Range: bytes=5898240-
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.0 206 Partial Content
Expires: Fri, 24 Oct 2014 07:50:34 GMT
Date: Wed, 24 Sep 2014 07:50:34 GMT
Server: nginx
Content-Type: application/octet-stream
Last-Modified: Wed, 24 Sep 2014 07:40:21 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Range: bytes 5898240-18154311/18154312
Content-Length: 12256072
Age: 32616
Via: 1.0 sdbz30:88 (Cdn Cache Server V2.0), 1.0 shiben13:51020 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BDMZip.dll"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
An/..tN..x..sW?...!.........~.sY...1...vOt.p...xJ[B..Y.8P..G.4.&.Z.........S.5.K.[.&.......@R.z...3.s.%.@u...f..7X.u..c4$.2..._..PC.0?...n.M.%v.]N4..9.{`.d.m91.E.-._.c....QrX.......H..v.,..:.....j.Q.u.z..X.5wsNff.C.\..u...b..v0....s ....6....Q]....wCC.j.Gw..S]V..G.`g....$..J%.U%..]...2....0.._.NM..L.wF...u..rE..V.p..X.F.D.......t...@ai..2..d%..OZY....&..i~]..=.:m.....\...u...>.....3..m..2~..F..Y...$...0....B.*:Y.B.vhwwq.!OW%^9..z.-'.2.r)......jq.q!....i.e...p.....=....[#{.3z..,...q....]......M..){....4..../.Nf..>?.Z8..9F..k....S.B2...eIh1.o!<.....U.....5s..x...J..\1"..<..... .P..e...4..}n...m.B.....F...D...G.^......?\...?.f......5a.......`...[.....iz..d.M....E.......v..W....^.........5[../gUig.....c...)..`...h<.{\X_3.o$>......NG...3q....T......I.S....Si~..d....w....y..CF..._).~...8.eA..._..8..3.....z..[..2!..cZ.....-.e;..Or...f-.=?.2.k.w.X([...../.(L.......7..=z..:.5.0be$:........v...c........q.I...D..Z..@OD..me.d....".....>J..H.5S"S..W...j..;IB?....V..i.9..2.J?.$p.n......|4J........R.y>.t?...r..8q...0..s...Z.... T7..,.i..."N..L..........C...K.....IQJ8. 3.f...d..{In.9....#\...5.p%.l...p.....$ .......n...........j...........:r.B.D..b.m=(.....>..........).)....V.....U..}M.hs..]..T7..m]3....Zi.]F..yAk.q....Y....uR.vy...1:.................)..F.....L.L.d@........H.R.{.]L...c.).n^LJ...^:o....*.2.i....M....~...d..,.b.p.....,.OK..4....I.7.8-=n.-.P7w9......-......\EN..........b.2.;...J..p=.6....v..nf.y.D3O[....}a..Q..{e....s.C..%.v.c.._....0. ..G..u1.L.l..Q....;:......u.&....t..#)f...'....Qa7.
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 173
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ...(.....{. ZS\.....TJr........Y.X.j`.H%..A.P
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 149
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ......\/....0l@E..9ZR-HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 149.....y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ......\/....0l@E..9ZR-..
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 160
Content-Type: application/octet-stream
Host: upt.sg.baidu.com
Keep-Alive: timeout=600,max=1000
...|....N...." 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2..
$bso..-~.r.2........p{.S..oj.58.@.H.P.X....` ....'..`..f&O..t.U6.......tq./
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 160
...|....N...." 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2....$bso..-~.r.2........p{.S..oj.58.@.H.P.X....` ....'...u. ^.% @.6?.....r..5|.HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 160.....|....N...." 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2....$bso..-~.r.2........p{.S..oj.58.@.H.P.X....` ....'...u. ^.% @.6?.....r..5|...
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 188
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...p........" 34774fbda3add406d6894c6154e2b3d7(.28...G..SB|.e.J-iT.....m........MH....T..4M...BV....v.....8.@.H.P.X.` ...@.%.6...3H.Yo...6'.ic'....0.e.W..S..-..|
C.=-.........H).c......G
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 140
...p........" 34774fbda3add406d6894c6154e2b3d7(.28...G..SB|.e.J-iT.....m........MH....T..4M...BV....v.....8.@.H.P.X.` .....%...K..B....I.U..HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 140.....p........" 34774fbda3add406d6894c6154e2b3d7(.28...G..SB|.e.J-iT.....m........MH....T..4M...BV....v.....8.@.H.P.X.` .....%...K..B....I.U......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 220
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...p........" 34774fbda3add406d6894c6154e2b3d7(.28...G..SB|.e.J-iT.....m........MH....T..4M...BV....v.....8.@.H.P.X.` ...`.%Pq.)..3%....Z.d.?S..X........Jk.j0G...H`@...B.N...r2....L.......3._.....#.\>....2.>.L.r....L.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 140
...p........" 34774fbda3add406d6894c6154e2b3d7(.28...G..SB|.e.J-iT.....m........MH....T..4M...BV....v.....8.@.H.P.X.` .....%.B....!....OY...HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 140.....p........" 34774fbda3add406d6894c6154e2b3d7(.28...G..SB|.e.J-iT.....m........MH....T..4M...BV....v.....8.@.H.P.X.` .....%.B....!....OY.....
GET /client1/common/install/31744421716/BDMZip.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Range: bytes=14090240-
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.0 206 Partial Content
Expires: Fri, 24 Oct 2014 07:50:34 GMT
Date: Wed, 24 Sep 2014 07:50:34 GMT
Server: nginx
Content-Type: application/octet-stream
Last-Modified: Wed, 24 Sep 2014 07:40:21 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Range: bytes 14090240-18154311/18154312
Content-Length: 4064072
Age: 32616
Via: 1.0 sdbz30:88 (Cdn Cache Server V2.0), 1.0 shiben13:51020 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BDMZip.dll"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
D:..B....eI.....Uu]99...Km;F.....uXD.w.ToC._...fd9."..h.......s.V.W.r?.w8\.\...L(.......@Ov_...K...zc.}T...?!........L....&o]q........c.GNl.`.b-............q.w.7..T....V?$|.N...z.Re.&...@...,R.1.<mj...W.&....l.h..$..)..G....J......a.t..i.9.nr.....bP..;XHc.i..G.>..f....}X.....A$..*......d.e".;jG%hL..tHy.U......`C..J.9.j/...Zi.....N...!w{..E&~.r.0A..2& .f..... .#).&.:...!.Usg....Q...cE7...j<=.=uB.".6 ..>..]..[dP..b..#-.M.........N.....g3jd..~@.!...&...]..y..m...........I].>.;....VO.....S....:...k...@Mb....M.y...qW&Oc.J.)...a.Xl......8.e.mCR./'s.b.ZX..Av.'Y..bA.... .b;.....m ......O.....~SQ....9.R...3.[p........u.....b..Q9.e.!./g........O.}Ww[...WV*..I.<....-..p.....B.....P.dLRz..O....E.P.....y|.|..W/:.V.....'...Mk......\.5)v....g#.i<E....{.....A...@.;.J. aC^...G.D...sw.....;M..7i..I..{./._.@j4..p....&..~..t.vD......B': (.....|.r..cLd.__.@h.P$..Gu ....1...b.|./..d......K..#..E.&..1..&..}y.:..(=c...."I.^...U.;5........i:./...C...(.....(.zD;Y.Z...Som.,.gqi..k5..d......j.E.\.3.bZ{P..a...K...#....0....M.|$.{iE.R=.....Y.s.....25l./I#.U..b.6..).4...P...[...`.......;..;AvV.P.r...d............9...W>P...s.i...............]].k..4h.......T2..bX..2-...p..5.s...H.....<.r.....*.......-.. .j.5..$K.....^:.q7U....B.P.X.E.i*.9 #,..`.....W.h..T..w../.:....~p/.{:^/z...z..v...mS}....p.,....R..T,4..A(.o...EMm.)/....(....Z.k.....l1..]..I.@....D.@.s..o.........)d..........@..e.N.W........v.Fr._~..\`qaB.N.......{..(.,1...&'....R..E..0o...P&.:..a.G.....6~YS.FC/.B5.D,S.J4.a!.....FA..Y.v.....fVzQO..h.:...d^.h..Cw.G
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 173
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ...(..W.._....{..9g.v.I.1Mk.....}..2G}^...U.b.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 149
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ......x)v(.......E.['.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 149.....y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ......x)v(.......E.['...
GET /client1/common/install/31744421716/BDMZip.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Range: bytes=7733248-
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.0 206 Partial Content
Expires: Fri, 24 Oct 2014 07:50:34 GMT
Date: Wed, 24 Sep 2014 07:50:34 GMT
Server: nginx
Content-Type: application/octet-stream
Last-Modified: Wed, 24 Sep 2014 07:40:21 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Range: bytes 7733248-18154311/18154312
Content-Length: 10421064
Age: 32619
Via: 1.0 sdbz30:88 (Cdn Cache Server V2.0), 1.0 shiben13:51020 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BDMZip.dll"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
%.>V..{}8.p.;X.1Y..5....@".e...{........{3.W..;l....e."z/v...ZL.Bm..=M.....`.P.YV.X...=O.P.CV..9J..r...5A&.3..d.9G.B...Dgz..Jw......a.*.R...#..UN.o.j...@*.?...&.b...E.....<)...E...0...b.tc.H.WR2i..|.P.......J.h......V...q.%F...%....w...s9&B.....<._..V....P[.o.t3Y..1..mf............>...vc@W.....%....L.d0..r9.p.. *]...ta......of.d.Y.,.Z.G4\S.M9.y..'*..\....)..?...k.r..n..t.s..2.*V.2....f\....OA...el."...*...{....o... B..T...s...Z..N.G.o..9/...Kq.....g.x.....AOB...JC.[.@8.g...6V....6.lrs....u...x..%........A......|#f.......z...R.>.......}s..]..Dl.@KI.W.#;...?..`.2.!Llx...L...l..2............z.rYo....f?x..6e.i. .....Gl.P-S.....50.x....tk.#..P!.vR...@%|....?!."9..n.lb..Uq...a.D@)....[...".1..!u"...w...g...4..L.........B...L.I.]...2..ok..x........P.j../M/.#.i.H..Z....K../...,*..h...........1Bv......... .pp....s........m.j.}..o..y..![.....]&7. ...>.b...X.XB8;[T.e..mb.S..M.}nGQ.......W..#z$By..m.y..!E..j~.d.9.^.LX..i....G_H.r....^._.......o....D5.uP...YP.....o.....d. ...l.P......|.j.0h.iqy.G...%7>..9a%...W.}.....X}.~.].......%....D;.j..6..Xi..|,Ni.(.n.B|U.....mVy'.S...!q.0_p..S.......x\....IF..a..7l.C}..Z..d..M._RD|.N/..(-...$*...b....G.$.8.~*t>.XD..@......K..x.b..b....u...B.../.w".j.....`..Zx.#8f........."cI...>...-........5K.dJ............6..V.^/\ZJ...e$....Oh......oT....W.3B..K...8..x...9B.5..}F.(l..R..C./*..P3.K|da."..|.b;..IS?...RS...9.......x.Q.$%.....b.....i.5...7yt..Fn.:...*.n..{.9Bh=|Mx...W.|zI.4.........J......." L.z..1...|.P...#P....@~.....I..V9..2*.P~..c.U....."..d...5@<...-v.)
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 132
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.L.@[^..&p..2Yd:.\.kC....Z|%...8..E.,...KKufFS..........8.@.H.P.X.` ......
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 132
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` ........
GET /CSC3-2010.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: csc3-2010-crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "6dfdae41fcd222e6fc98e0cdfd2d59ee:1411549812"
Last-Modified: Wed, 24 Sep 2014 09:10:12 GMT
Date: Wed, 24 Sep 2014 16:54:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Connection: Transfer-Encoding
Content-Type: application/pkix-crl
00006000..0...80.......0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at https://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Signing 2010 CA..140924090004Z..141008090004Z0....0!.....S.@.k....6..c..140730092631Z0!....c..k....D.k.....120708062201Z0!... _...u.t.=.<.&...130218061114Z0!...&..].....P.k.:...120125130117Z0!...7P.x....8.Q...s..130227010252Z0!...J.....Q..Y.[.....110404153956Z0!...d...=..q!_...g9..130729145216Z0!...d....Y.......o...140711083257Z0!...l.....h2<.H......120329152211Z0!...q.9...`H.*.Y.C...120525202212Z0!...s...TM.......0...121221080842Z0!...t..,.. ...eL.....130314222305Z0!...y..r.HW.v.....w..140423054643Z0!..../u.......A..5...101214165045Z0!.....0.Xc...%...iM..121102230226Z0!.......S.a&.X5t.E]..111206083350Z0!....c.(....B.[M83...140108164517Z0!....A.Sv.....f,.....110609003155Z0!.....z......!.ID{]..101228182208Z0!....b^......{d.J'...130102154110Z0!.......n........'u..140521222808Z0!......0..........I..130912181631Z0!....6e...~..T.......130131012247Z0!.....|.....t.l.o....140827175301Z0!.........bD#*u......130226223939Z0!.......@..'$.).;}\..130121172259Z0!....7.v..........n..120724160733Z0!....P;.Y..d...c.(...120209181451Z0!.....].bb[.....!....140328205453Z0!.....a...L`..IV.....130402103508Z0!......fFW.z.....@T..130117000242Z0!...........].{7.....120730000000Z0!...".......Z.V.,.e..121031192224Z0!...'....[.1......g..130318195659Z0!...,GI.jH.|...J.....120518121623Z0!...<%a.=.d.......O..120424164254Z0!...@.....
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 228
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...x..
...." 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` ...`..(...a'x.v/n?.....u......'o."DQ..e#t.kT.d..2....D..;o..0v?6gG
#.=.(.".q...s._.....E5........=_..
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 196
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` ...@....^j....Xll......x..A.i.K..2/..........5..f.!...Mlb......zD....2....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 268
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...x..
...." 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` .........u....;M........ovn.A.|$o....4.......w....217..LI.K..
d.~.G......#:J._*.."pf..r.sO. .....:...zl2.>
t.Z.\`n...3..c...x9..b....h.E..we
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 196
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` ...@... ...).......{... ...Y,.Hog1..v... vu.u...i.8..~......=.-.&2.(?.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 228
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...x..
...." 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` ...`..=........u4.Dq..P..8...3..?-2M....-......v.....u....SA=..a@.#....6.B&..F.BQ.C...X...c7...r......
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 196
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` ...@.........,...x....nD./.q .....[7r.-.P...T..f..R.........4dG....5.0....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 212
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...x..
...." 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` ...P.. Ss.l...}........M...<I32...,{1.,.H..f....r..O....>jk.....a5.:.....\j..k.....m
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 196
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` ...@.........!.5W..<.z...f..K3W5r...&....).....,9N.R..*[..S..K.R."........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 252
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...x..
...." 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` ...x..........m._`=..X.=:#e..9#..~i...`.*..F..v..>....?..rROwO........-l...@]...T.DI...7bb.....4Pj..m..h..R....6x1.<x~..../VPOST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 228
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...x..
...." 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` ...`....z,|L...F8.uS.!.(.gkYJ^.c.I.WA.!..P*.8~.V.....I..U....j.mj]...O`.8...U..].@.EPj.DL;.P........U.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 196
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` ...@....1...r4[..2r..S....`c..;.H....^.N..T\.*.p.......;l......._...m.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 196.....x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` ...@.......m~j..]5]...9...].I...U.K..uO.2.........o...I.c.`.=r.l..5./t....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 276
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...x..
...." 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` ......l%.|......\6i.C.<...A.....*tPY...$.W.S^........nU..A.......]`.....;.@.jfqHU...SJ.....1e\..d.w.&I.%...&i>.........q!!.:.2.
j.D.S.....)Nm.i.Q
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 196
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` ...@....9D....bL.op..E.?..C..i.....>......... -.1=.[.dC........g..9..u..
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 156
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.L.@[^..&p..2Yd:.\.kC....Z|%...8..E.,...KKufFS..........8.@.H.P.X.` .......8A .....[..H..P.e.'6.~.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 132
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.L.@[^..&p..2Yd:.\.kC....Z|%...8..E.,...KKufFS..........8.@dH.P.X.` ......HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 132.....x........" 34774fbda3add406d6894c6154e2b3d7(.........28.L.@[^..&p..2Yd:.\.kC....Z|%...8..E.,...KKufFS..........8.@dH.P.X.` ........
GET /client/dllv5/BDMReport.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.0 200 OK
Expires: Thu, 02 Oct 2014 13:54:11 GMT
Date: Tue, 02 Sep 2014 13:54:11 GMT
Server: nginx
Content-Type: application/octet-stream
Content-Length: 1207520
Last-Modified: Wed, 30 Apr 2014 05:24:32 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Age: 1911593
Via: 1.0 wzpy185:88 (Cdn Cache Server V2.0), 1.0 jg9:10001 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BDMReport.dll"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M......S...S...S.Y.S...S.[.S...S.[.S...S...S...S.[.S!..S...S...S...S...S.[.Sd..S.[.S...S.[.S...S...S...S.[.S...SRich...S........................PE..L....!.Q...........!.....P... ......u........`.......................................................................j.......V.......................P..........l...@d...............................R..@............`..t............................text....O.......P.................. ..`.rdata..1....`.......`..............@..@.data....d...p...@...p..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 175
Content-Type: application/octet-stream
Host: hb.sg.baidu.com
Keep-Alive: timeout=600,max=1000
...{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2..
$bso..-~.r.2........p{.S..oj.58.@.H.P.X....` ...(..D)..-.....=.eo;...h.c.[\.......).\\Wk..
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 351
...{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2....$bso..-~.r.2........p{.S..oj.58.@.H.P.X....` .........IWW1.&..p. (>..4B.....\.\..z..j.../..4.&.~s#.T..jIH.`.......}utq......y..np...B..m.k...i#*Lr....n..&.q......&....q..}....rE.Rs.........=1[.'Q..*...n...O..@v)i..L..%}.....A......J..B.c...Y......*../..........5...).HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 351.....{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2....$bso..-~.r.2........p{.S..oj.58.@.H.P.X....` .........IWW1.&..p. (>..4B.....\.\..z..j.../..4.&.~s#.T..jIH.`.......}utq......y..np...B..m.k...i#*Lr....n..&.q......&....q..}....rE.Rs.........=1[.'Q..*...n...O..@v)i..L..%}.....A......J..B.c...Y......*../..........5...)...
GET /client1/common/install/31744421716/BDMZip.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Range: bytes=8650752-
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.0 206 Partial Content
Expires: Fri, 24 Oct 2014 07:50:34 GMT
Date: Wed, 24 Sep 2014 07:50:34 GMT
Server: nginx
Content-Type: application/octet-stream
Last-Modified: Wed, 24 Sep 2014 07:40:21 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Range: bytes 8650752-18154311/18154312
Content-Length: 9503560
Age: 32620
Via: 1.0 sdbz30:88 (Cdn Cache Server V2.0), 1.0 shiben13:51020 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BDMZip.dll"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
.Y...tU|F.BM..2g....F..t.Wf... .~.. ..T.........P.v....i,..j....&..z.....x......G_x}lO..w.:....../.4.P............0...J.\...i.3...M......u_.C{...pt.F..8.}J..d......p:oc[b....'.......;..A..v.W. 3..6...i.....yg.bx...%(=....Q.?.U......sh....F.).z.(..j..r.[*.n."o..(.C.:.\.......jo.........@.......8...G..m. {~[8o........g#|a.^.:.......fX...X..16..=..0VThD....YF,.r.z9|....F."..F.......qF=..B..%.71.....gc...<.]V....b......D....rr.....0b......jL..wK.z..C..C&M...J..(.......O".)<.)*>*sk..s.,I.6..JSt.uF..a{...w#Y......LE..l|...g\x.^'X...;@n,.!....FK.....;"`6p............:.%.GhZ..~.]C$Z..{.z.GX.X....N..`X.4.......{,w.........A.o.k.R,02..F.....h....e../...wk.....^...{..y....8...J..f<x.K\..-......L.P2.k7Bv.2.p*..Gs...' . ..c.Q..B.t.....4...?..]..e>.aDhn.BA.H.......C..Ks{.L.K.T.2.{....g......U.~}.^4.../~D...9ic..i.d...W..v\{......E..W.kS.>._FJ...f,..1.!..F.....9..r~lE...F...w.....{...S..wA<..Z..#..."...9....y....s...[....].,td..,...../..d....U.j..`1.."...w ../V......u..[....0;..:Ufr<.p.Q.g.!...p.C..W../D.)IA....Pc..`."..`.'{L!W..oIF...?..)J:D.......Evy#...^}...M2..2:..q.._A8........d....Z...V.,.a...F...$21..r.1F..o.B..A...u.wfs.....].b.......|M8(...^......s..l.o!2.....rW..3`..u.M..DW. .mLH.<-p.....'o..Wl..5..&.......=.%..AT...b.b...r..........|....*..........}..o.O.q.N.......r..d.T<.[.i.%.[ %....I.m._.p..z"=y<X....MO..J/....O."....y...0".N.......C*a..<..4...l....u...<.9s...C..#....[...A.!8.a..:.K...l)0..n.g.N...........o|..Vm-....../.s...d.u..6...{..].....s...X.$..A...k.E.....?...2..E...
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 77
Content-Type: application/octet-stream
Host: p.x.baidu.com
Keep-Alive: timeout=600,max=1000
...A........." 34774fbda3add406d6894c6154e2b3d7(.........2.8.@.H.P.X.` ......
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 133
...y........." 34774fbda3add406d6894c6154e2b3d7(.........28................H.....g...8pBl ......R@ ..'..~0......;..8.@.H.P.X.` ..........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 157
Content-Type: application/octet-stream
Host: p.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y........." 34774fbda3add406d6894c6154e2b3d7(.........28................H.....g...8pBl .....R@ ..'..~0......;..8.@.H.P.X.` .......Y..95( ....t....|.3*...
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 837
...y........." 34774fbda3add406d6894c6154e2b3d7(.........28................H.....g...8pBl ......R@ ..'..~0......;..8.@.H.P.X.` ............F...#T..&...}..&.t.. ..I....`..6.H3-./}..].......<.@k/..]..a$........,....:.y.].![.*/6..p.....9Q.......M......9....gr@...a.Tl....K.f.......G......;H..D....jf..'.hL.xb.u.|....z...m.|.............a.">...P!F.a..%|$.......G..q......:oo.$.p..7.*m.>&.Ve...~....x....r..>z.I...9......w.)f}..H.q.>..^..X...[nm.=d@,.......k..HfL{.L....$..K... <u.....!..T.0...g......y......`....s.k...b....Tl.<..JC1.&..&...i-.k.~.%....l.E..}}.J..|..E..K#..z..[....F&..S#.|........I.4A........S........0./4..H.A.....h........3.VH..........Xo.0K...A.?.p..?9..=....S.s.K.....*...w.*...5....."..;.[.Dn...R. u.D"...... a].p..Wy.....v|..^.1&.9...w..D...&...cP..............*.$...........h.......;J8.b......nw..4.l.d.k.25`...........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 117
Content-Type: application/octet-stream
Host: up.hy.baidu.com
Keep-Alive: timeout=600,max=1000
...9....N...." 34774fbda3add406d6894c6154e2b3d7(.2.8.@.H.P.X.` ...0...Y..95( .s....d....\..7Y#dp....#:..X<ksX.rO...aG
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 85
...9....N...." 34774fbda3add406d6894c6154e2b3d7(.2.8.@.H.P.X.` ......r...m_.....r.A..HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 85.....9....N...." 34774fbda3add406d6894c6154e2b3d7(.2.8.@.H.P.X.` ......r...m_.....r.A....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 173
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ...(..[.dD.2.....O.4L.JG.....L/%.=.Z.^.j.:.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 149
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ......*.K.... .hG..rg.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 149.....y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ......*.K.... .hG..rg...
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 167
Content-Type: application/octet-stream
Host: dr.sg.baidu.com
Keep-Alive: timeout=600,max=1000
...{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2..
$bso..-~.r.2........p{.S..oj.58.@.H.P.X....` ... ....L.1#V.MV..;.<l<.&.Z...N.c....
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 151
...{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2....$bso..-~.r.2........p{.S..oj.58.@.H.P.X....` ..........ir.<;e...Zr?HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 151.....{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2....$bso..-~.r.2........p{.S..oj.58.@.H.P.X....` ..........ir.<;e...Zr?..
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 77
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...A........" 34774fbda3add406d6894c6154e2b3d7(.........2.8.@.H.P.X.V` ......
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 133
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28.!.PH._..4dH...d]r dT`..1........<.[.:...}.:... ;.8.Q.-.8.@.H.P.X.V` ......HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 133.....y........" 34774fbda3add406d6894c6154e2b3d7(.........28.!.PH._..4dH...d]r dT`..1........<.[.:...}.:... ;.8.Q.-.8.@.H.P.X.V` ........
GET /client1/common/install/31744421716/BDMZip.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Range: bytes=11272192-
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.0 206 Partial Content
Expires: Fri, 24 Oct 2014 07:50:38 GMT
Date: Wed, 24 Sep 2014 07:50:38 GMT
Server: nginx
Content-Type: application/octet-stream
Last-Modified: Wed, 24 Sep 2014 07:40:21 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Range: bytes 11272192-18154311/18154312
Content-Length: 6882120
Age: 32614
Via: 1.0 sdbz30:88 (Cdn Cache Server V2.0), 1.0 jg11:8888 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BDMZip.dll"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
#.....n..S....|.2...H.\A......./..._...1.$=..{.C...)...y.C.2..6.~.0d.P.a...G.;a6.....x.........m..~.!....O..,...K.Q..\.9.S...0L..b|.H.0.............>m..&9...a.R.x...Z.$....[....h....J...yh..=7.<...M..nL..%$7..Y.}.%././.#!M...P........\.W7.i....XW....W..4_...<.}[Kn#.-k..Na>.x..~....:.(-......T#9.9..J1...7.s...^.b....'.R..\...(...2.X..\o.r.f-.xfB....}......[9&4..v(...Z.... f..SJ.q..\.~2...o.Y...N...v....R...6....g....8\;.t...%.Bl..h....#.M.=J".....J...7~.W7cz.*'..`o1...*.eh...~R..........v....^t...... 9#.....M.PY.LrEG..GQ...^\.!/..J...C.,,.....`..R........d|....c.....K........r.ax'A$...\-....B.....\......^k.V../y.....,v../..M)t8E..?..(...cO...| ..:......%..L....{.jo".$.....%6u.:.p.5@.-Q..cbY*..V;S}25.K..359.%.Y...Uj.;.~ .4F....{u$.s.sD...M0*PQE......9.g*]..M..}.m....9M.~.A....*.E...8;..}...\...gw......'r4..J...O.~. .....\_QO..p......./....2.:....7..)mq;.P..|:.......P.....#.............o%...J..3.~...A....gQX..N[..6..!......i.l.h8n....B.....a<..i-..T_5P.....U.B.......3B....E/.mY.Gz..lSg.:...!.BV....R|-R$av'{.&..x.,!...w......d.....f.U..\).'..I..s.^5....... u.g.g....ao......x............Av....qq.K`...L......a..(<...d<aNH\.....#X..=....V....3 .7..lI....>KR.Q|.z..f^}P....A.H..vB....YZZ.\.C .0e.....z....1...R.N..oY.........n...%r_}.z....-.mN...5...4...r..y.!....*.A..W.[.^H.c.'....@;E...f...Q.H...:J.c.n....R.K......2.g}..vb ..*....}..0...M..rM.nx.A.#........,...P.6:....*..$W$74H...#.....0...G.,.%...@t.D..6...P\a...>...e*.....ly.../C...[.<`LlZ`..x..[cC|....B[.w.L*..Y*6|X...m..}...PkX...qK.
<<< skipped >>>
GET /pca3.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "8f6b3bcd9bb64555001fba64f5b01b92:1411517716"
Last-Modified: Wed, 24 Sep 2014 00:15:16 GMT
Date: Wed, 24 Sep 2014 16:54:26 GMT
Content-Length: 933
Connection: keep-alive
Content-Type: application/pkix-crl
0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority..140922000000Z..141231235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.......fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!............R.e.53..010207212458Z0!..!......Y...ISi....010706171411Z0!..$-..I{r....u<._...080403172226Z0!..&.."?..y..51}..1..010706172118Z0!..4....2....{W......080605175030Z0!..B....c............070411175910Z0!..H.Py...N....* ....010207212031Z0!..N....-.1Gq.@...C..040401175251Z0!..Y......w`G........070411175657Z0!..Z`..H.@B....Z.*q..080403172017Z0!..l....I...Y..] .c..010706171749Z0"......T=deQ...1u.]...010207212247Z0".....p..1..7<.....e..010207211822Z0...*.H............M....s#..Lo...TU...tM.3...'.U......:Z...w.x.=....K.0;...!....D....9...,!....B.t. <..........-.....k.$<i{O.<.E...*.......Ow _..J.....
GET /pca3-g5.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "bd6753109994fa1bef1833b34f3e263b:1411514416"
Last-Modified: Tue, 23 Sep 2014 23:20:16 GMT
Date: Wed, 24 Sep 2014 16:54:26 GMT
Content-Length: 533
Connection: keep-alive
Content-Type: application/pkix-crl
0...0..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Public Primary Certification Authority - G5..140922000000Z..141231235959Z0...*.H.............O...i.i(.#..s.T....F....${|...xLT.k...(....AC.#.....Y.Ht..}.n..* ...b.Gs...G..N.|2*.9l....\..H.Y....Wh. .....A.......?/...}.......z.Q..qP_.-..~......!.UBW...ER..6....:.p...[...../..h...9.J(..<.;i.......?c.I.t....LV.uD....B..z...~I .6..aR[..(..q..............
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 157
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ...........d...O.Y."..0A.aE...
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 149
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ......F.<$.Q.SA'..._..HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 149.....y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ......F.<$.Q.SA'..._....
GET /client1/common/install/31744421716/BDMZip.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Range: bytes=1703936-
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.0 206 Partial Content
Expires: Fri, 24 Oct 2014 07:50:34 GMT
Date: Wed, 24 Sep 2014 07:50:34 GMT
Server: nginx
Content-Type: application/octet-stream
Last-Modified: Wed, 24 Sep 2014 07:40:21 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Range: bytes 1703936-18154311/18154312
Content-Length: 16450376
Age: 32616
Via: 1.0 sdbz30:88 (Cdn Cache Server V2.0), 1.0 shiben13:51020 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BDMZip.dll"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
....6S..'....B."....Wiv.............y..n9|.K.3z.33....J..|..<....)...wE...}K.Blh..BQR.h'.,...e.?v.-.:-..K.vL....-.0.r(.{\._jr..b...[...u.<....=...-...z.8pPm...C^.i..j....4.C.p.....A&....2.!?.......%..p$N.0..-.q.)j.`c..U.@..m....s....]......g.f>..s5.r...eUs.......ev......Z...C...@0...G..d`.3N........u2.V...6y.\/P%3>.xQB.pF..."'...U .&.....Y....".F.~.7[aq C.u..j....6...a..H.......P.i."Xz.KM.....YZ`B`..N.;...X|....5W............i......p.3..4C....N#RO).m.<8.gV...1...X.a..K.<.......a..?F...n..x0.j.9L..;m7.>..{..2..f^...o...}..N0_........ ..6*.\..p#.O.'.Hv~..j.;._...,....^......<.D|..$.R.y.i|.?.....*.N..h...(....XX.MYQX....w?S'.6.N.......T.'T6Kc`P....O*...(d.n"......D...#...V6.j,,... ..H,.if.%h.k.L..f/...K..K...gW)...N.t..;=..X3.R5#..L.. -P...t.B).L..K......~..H...[...y*.\pyZ...>...1%~u......;.h.0a......~.E..P.^......w.E.G]T........I^.-Aa.vH..NJ......~'<T.3.c.;d..?..9...9.J.~...BA...^....D^W.y.G....]..M...T...}.U.@4.....N:.....o.....O...T9....~,....u..1 ..!..t. b...J{...6H1..*.Y,X....8.....#....2.....A=S._....8...|...b.=:W0..6 ......mgEa.'....o..z...vOz...rP..........sOv9fR....-b..d'..e>L%*....p..;.*..=...........6...(.A.9?O.x.&..E.T......V;k...I.7.p.-,'..v....f.... ?B..&-...M........`w........}.8.W.ht$J$.x... ....NeA.. ...jr.....p.b6X.....m[>|.nl.H|k...h(.. .*.x)..##~j...Z.=.v....I(D.eH.Y...9......K(.5:. ....../u.%...N.l:2...z@....D......X....Y.....w....5..=.q..^...q..q.XV\.(....[...-....M...B....y...d.|.Q..}8...F.&....%3.j.LU.....M.[w..:'<.h........U..........}nO.....eFNH..}0D
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 79
Content-Type: application/octet-stream
Host: hb.sg.baidu.com
Keep-Alive: timeout=600,max=1000
...C........" 34774fbda3add406d6894c6154e2b3d7(.........2.8.@.H.P.X....` ......
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 135
...{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2....$bso..-~.r.2........p{.S..oj.58.@.H.P.X....` ......HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 135.....{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2....$bso..-~.r.2........p{.S..oj.58.@dH.P.X....` ......HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 135.....{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2....$bso..-~.r.2........p{.S..oj.58.@.H.P.X....` ......HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 135.....{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2....$bso..-~.r.2........p{.S..oj.58.@dH.P.X....` ........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 167
Content-Type: application/octet-stream
Host: dr.sg.baidu.com
Keep-Alive: timeout=600,max=1000
...{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2..
$bso..-~.r.2........p{.S..oj.58.@.H.P.X....` ... ..y....-..j.....;.$.6...v.l)_...z0
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 151
...{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2....$bso..-~.r.2........p{.S..oj.58.@.H.P.X....` ...........,!..]..-.pfHTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 151.....{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2....$bso..-~.r.2........p{.S..oj.58.@.H.P.X....` ...........,!..]..-.pf..
GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 12 Sep 2014 18:02:51 GMT
Accept-Ranges: bytes
ETag: "80179bc4b3cecf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 18
Cache-Control: max-age=1954
Date: Wed, 24 Sep 2014 16:54:47 GMT
Connection: keep-alive
X-CCC: US
X-CID: 2
1401CFCEB3C4C42958....
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Last-Modified: Fri, 12 Sep 2014 18:47:05 GMT
Accept-Ranges: bytes
ETag: "805a83f2b9cecf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 56928
Cache-Control: max-age=6001
Date: Wed, 24 Sep 2014 16:54:48 GMT
Connection: keep-alive
X-CCC: US
X-CID: 2
MSCF....`.......,...................I.................,E.Y .authroot.stl..Y-..8..CK...<T...g.v!M.d..f.%d..}K..5..F. ...T..%.,YJ.,!T......_..x.<=O.....yy....;3..>.|..~..\.....|......;..8..~.za...."A...q.......g..m......<X........j"I........!..-w.....w....P...H..(.?}..2.N. .u..a. ...=.C..D.F>rC.. ..|).=.. ..3b.8H.M...(...u8.%...W.g...\YB.m:.....dE.........V....$....Dn:....0...S."...o..q.....K...I..K...(x%....>A.R...`.0 .........<`L0mp...%....y.....g.n...R0Op..<..,....`0$z.@..&.x"....T..H...<........~..E..".....<<.\B(.....................@.....L.........KNAy8/"...f.......k..Jm7j....R.5q....Rz..!@...].......Y.[........4.. .D8..&...t.J^O..Q.._..1.J.m5<'k.,....%T....i.\.;.;q..S./ 8.?Bu.............}D.Q....L....*..[.."e......15m..._.0.M........#..v!..<...@..?sc.y....*.....tX[........{.W4.Q...^u@..*..QP.......~.L9N....2r...4.....B..-\(...b.d...K...O.8..Un.......V.<.......A...V.....(..s..f..q.{N0.hS.,..;M.|G|.@.M.._.....7._6...C.0...A;L....%...M=Y.....f.JV.(.5.....0..?*...KZ....jM...8.6U...#...ew.?..?...........WE.Or..O>..{.'W2.........3m.O.u..Z8....H4@.w}.o:?~....]<!...%....}@.d...L.p.a.g ..K."..N1!%..S.bT.H.-.....e..`.0$...0t..DX..{.....#./...8.5..M...T.......D......V\C.zy.....3E:..>.{..).QW......q....9..n..1....8%,.........r.p@.>. ...Q.?.p..7.?..7...&..!.........`. .=....Sf..q.l.A.....L...t.}g..;...f....=.e.~.z....C..*R....H-..=...f..(t'.."....F...g._....n.J..U.4vr`}.....1..o@.....@.#...R. L8....z..].|......3..y..-./....K..6{...s.<R`.}6....?.......-..@.g..S....
<<< skipped >>>
GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 12 Sep 2014 18:02:51 GMT
Accept-Ranges: bytes
ETag: "80179bc4b3cecf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 18
Cache-Control: max-age=1975
Date: Wed, 24 Sep 2014 16:54:26 GMT
Connection: keep-alive
X-CCC: US
X-CID: 2
1401CFCEB3C4C42958....
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Last-Modified: Fri, 12 Sep 2014 18:47:05 GMT
Accept-Ranges: bytes
ETag: "805a83f2b9cecf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 56928
Cache-Control: max-age=6023
Date: Wed, 24 Sep 2014 16:54:26 GMT
Connection: keep-alive
X-CCC: US
X-CID: 2
MSCF....`.......,...................I.................,E.Y .authroot.stl..Y-..8..CK...<T...g.v!M.d..f.%d..}K..5..F. ...T..%.,YJ.,!T......_..x.<=O.....yy....;3..>.|..~..\.....|......;..8..~.za...."A...q.......g..m......<X........j"I........!..-w.....w....P...H..(.?}..2.N. .u..a. ...=.C..D.F>rC.. ..|).=.. ..3b.8H.M...(...u8.%...W.g...\YB.m:.....dE.........V....$....Dn:....0...S."...o..q.....K...I..K...(x%....>A.R...`.0 .........<`L0mp...%....y.....g.n...R0Op..<..,....`0$z.@..&.x"....T..H...<........~..E..".....<<.\B(.....................@.....L.........KNAy8/"...f.......k..Jm7j....R.5q....Rz..!@...].......Y.[........4.. .D8..&...t.J^O..Q.._..1.J.m5<'k.,....%T....i.\.;.;q..S./ 8.?Bu.............}D.Q....L....*..[.."e......15m..._.0.M........#..v!..<...@..?sc.y....*.....tX[........{.W4.Q...^u@..*..QP.......~.L9N....2r...4.....B..-\(...b.d...K...O.8..Un.......V.<.......A...V.....(..s..f..q.{N0.hS.,..;M.|G|.@.M.._.....7._6...C.0...A;L....%...M=Y.....f.JV.(.5.....0..?*...KZ....jM...8.6U...#...ew.?..?...........WE.Or..O>..{.'W2.........3m.O.u..Z8....H4@.w}.o:?~....]<!...%....}@.d...L.p.a.g ..K."..N1!%..S.bT.H.-.....e..`.0$...0t..DX..{.....#./...8.5..M...T.......D......V\C.zy.....3E:..>.{..).QW......q....9..n..1....8%,.........r.p@.>. ...Q.?.p..7.?..7...&..!.........`. .=....Sf..q.l.A.....L...t.}g..;...f....=.e.~.z....C..*R....H-..=...f..(t'.."....F...g._....n.J..U.4vr`}.....1..o@.....@.#...R. L8....z..].|......3..y..-./....K..6{...s.<R`.}6....?.......-..@.g..S....
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 165
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ... ....!..!..U....OG..`.~p..4...h....
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 285
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ........J...%....j....J....O...>..."A..0....OZ..m..?_O...P$....Z;HsY5...s.w ..4...'.F...sK^.$F<C...g.=......=.}.R..Pv.........?.)~k.Xge...b".I..%.A..4sF.9.. ...
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 68
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...8........" 34774fbda3add406d6894c6154e2b3d7(.2.8.@.H.P.X.` ......
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 124
...p........" 34774fbda3add406d6894c6154e2b3d7(.28...G..SB|.e.J-iT.....m........MH....T..4M...BV....v.....8.@.H.P.X.` ......HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 124.....p........" 34774fbda3add406d6894c6154e2b3d7(.28...G..SB|.e.J-iT.....m........MH....T..4M...BV....v.....8.@.H.P.X.` ........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 76
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...@........" 34774fbda3add406d6894c6154e2b3d7(.........2.8.@.H.P.X.` ......
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 132
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28i.e.p.qA<...O.....V....;.._....{.i.f....k.....6\...]....8.@.H.P.X.` ......HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 132.....x........" 34774fbda3add406d6894c6154e2b3d7(.........28i.e.p.qA<...O.....V....;.._....{.i.f....k.....6\...]....8.@.H.P.X.` ........
GET /client1/common/install/31744421716/BDMZip.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Range: bytes=5832704-
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
<<< skipped >>>
GET /client/dllv5/BDMNet.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.0 200 OK
Expires: Thu, 09 Oct 2014 15:58:48 GMT
Date: Tue, 09 Sep 2014 15:58:48 GMT
Server: nginx
Content-Type: application/octet-stream
Content-Length: 1176520
Last-Modified: Wed, 30 Apr 2014 05:24:32 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Age: 1299316
Via: 1.0 sdytwt87:8080 (Cdn Cache Server V2.0), 1.0 tswt79:88 (Cdn Cache Server V2.0), 1.0 jg14:10001 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BDMNet.dll"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
MZ......................@................/..............................!..L.!This program cannot be run in DOS mode....$..........^.a...a...a...a..za...n...a..T....a.......a.......a......ya.......a.......a.......a.......a..Rich.a..........PE..L.....3S...........!................................................................O...................................-...0...........................H#......T....9..............................X...@............................................text............................... ..`.rdata..-...........................@..@.data...............................@....tls.................p..............@....rsrc...............................@..@.reloc...3.......@..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 188
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...p........" 34774fbda3add406d6894c6154e2b3d7(.28...G..SB|.e.J-iT.....m........MH....T..4M...BV....v.....8.@.H.P.X.` ...@.%.Y..95( ......2d>...l....e.!O..l..{.B....6\..>0......)'.....v...
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 140
...p........" 34774fbda3add406d6894c6154e2b3d7(.28...G..SB|.e.J-iT.....m........MH....T..4M...BV....v.....8.@.H.P.X.` .....%...p.A(2..C.........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 188
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...p........" 34774fbda3add406d6894c6154e2b3d7(.28...G..SB|.e.J-iT.....m........MH....T..4M...BV....v.....8.@.H.P.X.` ...@.%9...p...z....3.Z. ....h.W.....~
...[...y.h..C.5E..I. ....?..p.q
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 140
...p........" 34774fbda3add406d6894c6154e2b3d7(.28...G..SB|.e.J-iT.....m........MH....T..4M...BV....v.....8.@.H.P.X.` .....%].t$/..N.....|......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 188
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...p........" 34774fbda3add406d6894c6154e2b3d7(.28...G..SB|.e.J-iT.....m........MH....T..4M...BV....v.....8.@.H.P.X.` ...@.%N..$.*o..E.@.,{P^5..=.6...e...C.....U.....,.s<...y..I.2=.r).$O..
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 140
...p........" 34774fbda3add406d6894c6154e2b3d7(.28...G..SB|.e.J-iT.....m........MH....T..4M...BV....v.....8.@.H.P.X.` .....%.t........"..D....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 204
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28i.e.p.qA<...O.....V....;.._....{.i.f....k.....6\...]....8.@.H.P.X.` ...H. $t....o-.........Q....;z....X*..>...|..mM[....5....s...@I./JV.....L..V.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 148
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.. .`.....(.kN9<./E.xV.....s.P..S..J5..6.#Q..y...,C....n8.@.H.P.X.` ..... ......m...1.c.G.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 148.....x........" 34774fbda3add406d6894c6154e2b3d7(.........28.. .`.....(.kN9<./E.xV.....s.P..S..J5..6.#Q..y...,C....n8.@.H.P.X.` ..... ......m...1.c.G...
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 76
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...@........" 34774fbda3add406d6894c6154e2b3d7(.........2.8.@.H.P.X.` ......
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 132
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.L.@[^..&p..2Yd:.\.kC....Z|%...8..E.,...KKufFS..........8.@.H.P.X.` ......HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 132.....x........" 34774fbda3add406d6894c6154e2b3d7(.........28.L.@[^..&p..2Yd:.\.kC....Z|%...8..E.,...KKufFS..........8.@.H.P.X.` ........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 716
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` ...H..Gn.o9D...,LI..q.3....&.............@b...H..\.......5..i.0T.....0.4..&.D...5./?.<.z>.xk.....q....f..'lq..}...%e.N.C.T_'-q<@#w5L.<..}.5...Lo5...b...[.:..X
..<b.vn..2L....8...C.o.m<O..7F.U..1Ms8b.9....c.c"... .........\..7.....t...8...I.!Lb...XbX}$..$...q.iI$......Z...{.........`{y.........o............ ...2..R....TMN`...&.....3....)..,:..P.m,.q..j.|........QfJzC|:&.....K.=....-q\..m.^.[..xb...`/...7d.....y.OC5.V..s..9.@........-..T....$.(...).....l..2
JG*...,;4U.kz..V.......dD.1.S.....]T.`.....$.h..uxg_..>IN.M.ZL.:..E.1..OS.....y........J......|f..~.
..'...JQ.....T..s-*8.9k
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 156
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` ........f>.p.z...r.u..V.....O.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 156.....x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` ........f>.p.z...r.u..V.....O...
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 175
Content-Type: application/octet-stream
Host: dr.sg.baidu.com
Keep-Alive: timeout=600,max=1000
...{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2..
$bso..-~.r.2........p{.S..oj.58.@.H.P.X....` ...(..G.......;`..~E{../R.l|;~..e...y.........
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 151
...{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2....$bso..-~.r.2........p{.S..oj.58.@.H.P.X....` .......-..f....;I..%R9HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 151.....{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2....$bso..-~.r.2........p{.S..oj.58.@.H.P.X....` .......-..f....;I..%R9....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 167
Content-Type: application/octet-stream
Host: dr.sg.baidu.com
Keep-Alive: timeout=600,max=1000
...{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2..
$bso..-~.r.2........p{.S..oj.58.@.H.P.X....` ... ...e
...G..G.....kr3...u9}02..q#WPOST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 167
Content-Type: application/octet-stream
Host: dr.sg.baidu.com
Keep-Alive: timeout=600,max=1000
...{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2..
$bso..-~.r.2........p{.S..oj.58.@.H.P.X....` ... ......2..(o......~#......y...}.C.|
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 151
...{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2....$bso..-~.r.2........p{.S..oj.58.@.H.P.X....` .......9...IZV..<.....HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 151.....{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2....$bso..-~.r.2........p{.S..oj.58.@.H.P.X....` .......9...IZV..<.....HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 151.....{........" 34774fbda3add406d6894c6154e2b3d7(.........28..4..x.|..II.z..r.1.m2....$bso..-~.r.2........p{.S..oj.58.@.H.P.X....` .......T.$$.T...Z.% ,...
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 77
Content-Type: application/octet-stream
Host: p.x.baidu.com
Keep-Alive: timeout=600,max=1000
...A........." 34774fbda3add406d6894c6154e2b3d7(.........2.8.@.H.P.X.` ......
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 133
...y........." 34774fbda3add406d6894c6154e2b3d7(.........28?.....p......p.... ..F.T_".l..w...^.g...=TJ.....O!.Gr.M.8.@.H.P.X.` ..........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 157
Content-Type: application/octet-stream
Host: p.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y........." 34774fbda3add406d6894c6154e2b3d7(.........28?.....p.
...p.... ..F.T_".l..w...^.g...=TJ.....O!.Gr.M.8.@.H.P.X.` .......Y..95( ..0.....Y.D.x.{>
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 845
...y........." 34774fbda3add406d6894c6154e2b3d7(.........28?.....p......p.... ..F.T_".l..w...^.g...=TJ.....O!.Gr.M.8.@.H.P.X.` ..........{.....*a.-Ewy.Y2_.g..k....".B,.....l.m..(.g.3Y...K~v9:p...[.'!....(......c../..T.X.....y..7...]U....U{.w.^H..>...Q..N..Z...E&N.#..y....z.y.Z&B.4...v....z..,...#..A.;CR...Q...:*.!.}%ur..d..^.....L..."....I.6L......i<.KT...@....k...a..I..0<.......3........y..._......n..H...rO_1......)w.$J.J...]cD...*2...|.......e.>......i5.#....&........5.2K.=..W.&...m/..5.M_dc.TC&W*.........(.a V.KFl...b5Q..x....g.....6<iz. r.o.#...(.laG....1.R...~.<.. ...Wx.}....|....&$..../....l.......B...NK..rTc......a..........J..........H....,ZK.!z?....K.Y...p....NE5.{.?....f........j.pB>...QF.-&..jP....n.......>|F.`9S.B.R....3'C..n.c.N..[.Aj...Z...Msk.....Bq~~...w..'0.^.R..Sp#.u...Hk ..e.z[Uc....;.1....Yp.K.[.].F.^X......<.R.....
GET /client1/common/install/31744421716/BDMZip.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Range: bytes=10354688-
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.0 206 Partial Content
Expires: Fri, 24 Oct 2014 07:50:38 GMT
Date: Wed, 24 Sep 2014 07:50:38 GMT
Server: nginx
Content-Type: application/octet-stream
Last-Modified: Wed, 24 Sep 2014 07:40:21 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Range: bytes 10354688-18154311/18154312
Content-Length: 7799624
Age: 32613
Via: 1.0 sdbz30:88 (Cdn Cache Server V2.0), 1.0 jg11:8888 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BDMZip.dll"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
n.Q.x....(%..G.....H.........N.d.....K`.1..ZM..>t5.E.n....!.l.MK..$7....A.q....D..2..Q!.z/...TX...u...$....d$...CM:.']..h.t..G).O..U..C..cU./%...03.eg..y..g....!..1c.}/........,=.S.N......._2..rB.S..&.C.E.cg@......)v..........H.TC.j......0..*X.'........76q.v...15m._.5b.....#...G.Y...FU.....Y.X#.....i....|....u...5.*,...g..........F$.}le.........|."..1....S.....N.COw..k-V1....5.*@.\Nq..!..l|Z....|...ZAD.9.W..S`..9.vj...TF..tK...-......h(.c.._dN...%y............P'.2l.\k.<....=..b2.....b......l.../......#.J.........uzz...].BL5N6;..<Q..3y..P....w.....(...^...1..$Fm..1*:..$...5e-C!%...XF.........}q..rl.'g@......?){[.z.r.......... ......u...x.Q..K..y....E-r...........X/.\.5DYe: ..%f.... Yx...~.....u2...........Mj.Vl47....F.J.=...).d.n...8....3......X<F^.GS?.q... 8....p*W..._.....M.../5.wU:].].J..1!..%QH.qT ........3b,..vq.2......7c.._.........D.....u..y....B.(....OJ..5....I.'.c......-...7...r(?....X..e..9*9... L.iw1.......&.9.>)...).....T^8..g.*..f......O.j.......n,5S.....>.8._.#.*6......6^....y....B...z.:.Mj..#.... .gg.r@.K*9FV.A.K..8G...!.h.2..B0.Xt..o......FKy.S.a..>....a....d..#~.%l........S.Qq..R.F.F..Vb......#.*-@..,.x....M...7..?..^..........)\.....V5.H.D'........fm.......h..tw.u......z.>... ..M2..P...S.....m*........e..t[.MZ...B...W..Y..V.Fd\.Tp9...Zz..B@5n95..V...6.a..R..sps.Z.q....Y....E1'..Y.v.}e.V.\Q....q...VC....X..T./1.J&?.X;.dvuwZ..)n/p"/...1K..V]R./'e.....2.....X0..W3....%!..{tZMm..zyc....@....qn.1........%...I..i.V...B.<...*4.~rP............F.i.....,....l........*...Nx....-
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 247
Content-Type: application/octet-stream
Host: dr.sg.baidu.com
Keep-Alive: timeout=600,max=1000
...{........" 34774fbda3add406d6894c6154e2b3d7(.........28s....I.......}[.$. .7......Y...O....,.S....7.'..N....u.B8.@.H.P.X....` ...p.."...>.[...n.....$.0pu.Fh....w.......7.v09X..}.x.....f.o.W?.|L......v.........Z.....D..N......}.b.....L.&.U3.-.$Z
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 151
...{........" 34774fbda3add406d6894c6154e2b3d7(.........28s....I.......}[.$. .7......Y...O....,.S....7.'..N....u.B8.@.H.P.X....` ..........0d..YZ..... HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 151.....{........" 34774fbda3add406d6894c6154e2b3d7(.........28s....I.......}[.$. .7......Y...O....,.S....7.'..N....u.B8.@.H.P.X....` ..........0d..YZ..... ..
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 252
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...x..
...." 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` ...x.......4.......H.vM.J>......Ek...............s.."EQ...l..b.
..i.....G{-...0Q
c..X.Qb.....D....#.........J..p_....T.[N..
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 196
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` ...@...VD..#m......`.n..Y...]<2H...\M....v.xs7...W....@.z.0.-....(.gq.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 196.....x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` ...@...VD..#m......`.n..Y...]<2H...\M....v.xs7...W....@.z.0.-....(.gq...
GET /client1/common/install/31744421716/BDMZip.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Range: bytes=5111808-
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.0 206 Partial Content
Expires: Fri, 24 Oct 2014 07:50:38 GMT
Date: Wed, 24 Sep 2014 07:50:38 GMT
Server: nginx
Content-Type: application/octet-stream
Last-Modified: Wed, 24 Sep 2014 07:40:21 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Range: bytes 5111808-18154311/18154312
Content-Length: 13042504
Age: 32617
Via: 1.0 sdbz30:88 (Cdn Cache Server V2.0), 1.0 jg11:8888 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BDMZip.dll"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
........r_.?..........O....R....p.D.!E...3.......y...tn.L..Y...[.JUN..6....s.......C.g..[3...R.#s..q......zKW..y............L.. uG .{F.]...c}s.BD..7&.(.D.i.......`....&.4z.....a....K.#..........T....[.!...x..,...@..@.A......C.....A.V....).'C].qN_....|...$C4...\..[........Og~Ze..........l."V~.[A.Y..y.*...n&_....%.j.[.xP..".J-.Ys.......D.||Q........g..........Dp<...S.=...........d.~..z.$...1....E."..F...63...J..Pe..x2bE...).....@..........d>..D.R...>.6..4...S.?.2.gt.o...n...#.'..g'.O......o..........Ob.S..\...w..j..sI..=.VC...ZH...-.....t.@%k....?...*...)k...........#mp..h.......ZU@.j...5....r..d.G..6c.U*....n..iC.2k.?v.3n....N.@Z.i^*.....e`..~.j.S.s)}.;...s.V8.^.t..J:...J..V%p.QW...#.r...h.`1U.m......].....e..e...?.AhjT.W9..._q.... -.&.<..{ ..%yv.....a..~N.d6A..s.a.....$.E .O9d....../=;......<Fl.....Qn;be.._......L]].r........vL.m.7."`.LU. ...Zi""S.....r|v5/j...D.8.i.$C.. F..b]..6n..pMF.{~XKE.t!`].....}..(.#..Jsq"..I.o..^...z.7.............Mf..........y...Vt..&.e.3L..8w..-...&..........n....P..yXbg.R..u.J4.{*....0.g....AM.&"r...]Y.....8.Dw.FVy........e.C.....?.>...~.;G;.\...=.B.{........!.o..u"M....U..d).....s.V.9..g......-...>M......x?...k.....{.....I..j;....:.%......0GkO..V............ ......f`.....E..i.........~..!.......8'S<Io.=.fm"..`...~]m_T.....5. S.....u,........6).{D..|.._\J/..!0.Q.....jMj.9S:|<..?..B38.T6..q.......Y]..#^..s......'\.@..xK.9o.to{....C..Z..F.).*...?6.I.a_.j.d.. \ H...)...=.9.-..y..p !..6)4 .D...I..H....-.h.f.....p.M.....{t..t.g..... _@.....Tq..o ....6.BC...P....
<<< skipped >>>
GET /client1/common/install/31744421716/BDMZip.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Range: bytes=9961472-
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 156
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` .......8A .....[..H..P.e.'6.~.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 156
...x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` ............{..Q.4.. ...V.lU.WHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 156.....x........" 34774fbda3add406d6894c6154e2b3d7(.........28.d...U...Lm.FS.~.B...c....B.;..v.........^.(.M...S.!.5..8.@.H.P.X.` ............{..Q.4.. ...V.lU.W..
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 79
Content-Type: application/octet-stream
Host: dr.sg.baidu.com
Keep-Alive: timeout=600,max=1000
...C........" 34774fbda3add406d6894c6154e2b3d7(.........2.8.@.H.P.X....` ......
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 135
...{........" 34774fbda3add406d6894c6154e2b3d7(.........28s....I.......}[.$. .7......Y...O....,.S....7.'..N....u.B8.@.H.P.X....` ......HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 135.....{........" 34774fbda3add406d6894c6154e2b3d7(.........28s....I.......}[.$. .7......Y...O....,.S....7.'..N....u.B8.@dH.P.X....` ......HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 135.....{........" 34774fbda3add406d6894c6154e2b3d7(.........28s....I.......}[.$. .7......Y...O....,.S....7.'..N....u.B8.@.H.P.X....` ......HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 135.....{........" 34774fbda3add406d6894c6154e2b3d7(.........28s....I.......}[.$. .7......Y...O....,.S....7.'..N....u.B8.@dH.P.X....` ........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 357
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28.!.PH._..4dH...d]r dT`..1........<.[.:...}.:... ;.8.Q.-.8.@.H.P.X.V` ......D.........Q..L-5.s.k..[....;.3.4..j{..,.....!b...^$.. W.`8&w.5%<....8o.:.....m..d.. ....9Ob..:.F.#...u(\.~.u..t....~S.G..AG..."2....H..$A6<,...qi...k..[_E..X".K..3.&.......n.V.......~.AX.g...H).8..{h.^...@..i0..!=
..A.f...
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 149
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28{...~.....Z....j...d.gx!..EV..W....o.y.% .7M.M30.._.kL..8.@.H.P.X.V` .......sqJ.......e...aHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 149.....y........" 34774fbda3add406d6894c6154e2b3d7(.........28{...~.....Z....j...d.gx!..EV..W....o.y.% .7M.M30.._.kL..8.@.H.P.X.V` .......sqJ.......e...a..
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 247
Content-Type: application/octet-stream
Host: dr.sg.baidu.com
Keep-Alive: timeout=600,max=1000
...{........" 34774fbda3add406d6894c6154e2b3d7(.........28s....I.......}[.$. .7......Y...O....,.S....7.'..N....u.B8.@.H.P.X....` ...p..$t....o-T....E...VQ...*.yE.....0..Kz"....;..Tr.r4.F^...R... 8.."B..].......h..p..-5...X&......%NX(..x?w.F...]..
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 151
...{........" 34774fbda3add406d6894c6154e2b3d7(.........28s....I.......}[.$. .7......Y...O....,.S....7.'..N....u.B8.@.H.P.X....` ...........3~.6.&.....HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 151.....{........" 34774fbda3add406d6894c6154e2b3d7(.........28s....I.......}[.$. .7......Y...O....,.S....7.'..N....u.B8.@.H.P.X....` ...........3~.6.&.......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 229
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ...`..A.`..KN..U...c..o....#1.\|TN
.....*-.]L..Z..&b.......7^s[z.8...M..Z.[...U..m.>PRk.y...*..|....POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 189
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ...8....-.H8...!....1.Z...Lj.;...,q?z0...I......&(.nW[..-R'V:POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 189
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ...8...Bj76..R...,...........sD.........?.:_.....@.T0...P....VPOST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 237
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ...h.....da4..8.UA.)..w"......%Qu..qk.Z.W.r..1....9M.#.....L...M.%...%.6.../5FA2Ze2gv.^*#........5U..%'...G..POST / HTTP/1.1
Connection: Keep-Alive
Content-Leng
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 149
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ................`.pT..HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 149.....y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ................`.pT..HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 149.....y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ........U...b...t.. ^.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 149.....y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ......i.|P....3..6...\HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 149.....y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ......xw.........YME..HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 149.....y........" 34774fbda3add406d6894c6154e2b3d7(.........
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 237
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ...h.........s.!^d...$.=R0..~=._.p~]..s...#....D2..o.[..gP.$9v(
Z.UGse.jw/P.a..[.-C.3.......n..../.o.....}'."POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 237
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ...h....^.I..P...hr../...J.kj.. .|.5....iN...{...k.J{\...A....<`.5K.I..b..C(...=?L~0......i.]G...1..Er..5..X
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 149
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ........Z...c9."YWx..cHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 149.....y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ........Z...c9."YWx..cHTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 149.....y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ......>.({K..r.N..#h......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ...0..Tu..Y..<...t.jH...M.P...!._o.D94.Q#....EhS.N. [.POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ...0....7{.V.......K..$.[...[0N?...7..?........{...POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y......
" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ...0...W...qdZ....G.d..OKF?..d;r..Yb..#._....;D.G.....
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 149
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ......`.z3t.|1E1/.'...HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 149.....y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ........ ..=.#..R`.C..HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 149.....y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ......~].fh...!../...T....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ...0....
..*....dL...4...&..N.Egq-..|...j..`.f.|..D.POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y......." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ...0....Q=A.".*.Y]..........^V..K.7A ##L..`.h....&.|..POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y......." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ...0......;...,...!.w..^.............'fKe..FW .c...nkr
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 149
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ..........G.X8..V...k.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 149.....y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ......Lr...b... g=..."HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 149.....y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ......>.r....W...T......
GET /client1/common/patch/24946961047/dnw.xml HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.0 200 OK
Expires: Sun, 05 Oct 2014 15:52:38 GMT
Date: Fri, 05 Sep 2014 15:52:38 GMT
Server: nginx
Content-Type: text/xml
Content-Length: 165
Last-Modified: Mon, 07 Jul 2014 15:29:21 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Age: 1645333
Via: 1.0 zhjzh55:8080 (Cdn Cache Server V2.0), 1.0 tswt79:8104 (Cdn Cache Server V2.0), 1.0 jg13:8888 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="dnw.xml"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
..}..a.Pr.DN...R.x.,....*Z....R...@.9=gJbC.z....M..Z.A .A....[........oh.*Fi:....ki.c1...(.(3:...5..........}.,.U>...{{...... .]k/".}*D.?>a.#c..3.....[..9..r#.u|`.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ......PH....N.....L@....l.q=.6u.^...w..7rIwB...p"#p...i....#.R.xJ...7...(....D..N.i..W.\..}....o.YxMk..0..
...Zu...K..uE.Kg,Z....N.....oH...C.V.
........"S..|x....z}...b.L.q\....p
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@.....m./.b.L ........S.I..S.....2f.s|&..TcS...y..]2Yb^..F.4.B.PB!.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ........@@..i<.S....J...X....L;.B....k3..j.b...W.R.Veo..Y05.l...al*..t&8.k.e..!P.......=....Q@.y..>h[.c...L.|..7....,.f0.4..D...J....~...!.V......J.d...G[....RD....P..".>........1.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@.....%...?r..cN..d.{.S7....K{......... ..1M..d..nn..KQ..J....O...Y....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ......<.............,........]....I.C.#X?....O....P/..KQ....
.W......L.-..^...-.R... ..Ml[........r..u...k.......x.(..?..,....FA.1..F1.{..k.....F....1*l...u.'f..s.Vm.....iV...,J.a.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@...e...Jxju}.E.......N.>.z|N.j.5..c...8.r.h.\..%..w..... X..c.)..T....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ......M....k}.H.
v.j..,PI.U....rq.Z...o...!...../...l../6"......O...L...k.4....<'.....n@\L...l5...tf...vr`.LCt....6N...?Bo....... 0.......t...L...i.7&.A.-N 8;.h.U.....x....8..(.4ib
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@.....&..x.!y'a-..R.....3j...9......`.O.I.u!..o..P.T.s........^........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 301
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ..........K;d55.<..W~$.X......;....\.Z4......=b6Z..U..wN./f7B..|.......*..D.o<B......Y.sS.......t.a..@}&..>k-2..1e#}6...)\......U[...wgQ.......&4.v...La....pK.y...t......<..
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@..p..".CJ... ......R..G.K...2.y.W.4..,...v.%Rs..5..........U..........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ......|.C.
"..j.|dxW.a.u.U.:-..tO..ox..WmC.......Px. Vss.A.9..o...{8.k..P.(..../.e...0.....4-....I..y.c.Ywzu.~v.=I.U...^u.h(.......r.sg2.q............D... .l.X..t...v.5,....H
q.C.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@...7....1..|3....S<.G.h*..3.v...u..2G...e.......'2B.....3>.U.F.[Gd....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` .......v..w.1t...B..L.......qA..;.5...bo.@..>......{..$..<.,......L.n~..i.8..i6..~...J..B".R........E.W./J..[..#p.M> ...S...q...<>W..d5'..gz.l..3)...A.k......y.........>....|..w^c..
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@..k>.#Q.J#.|^.`..Ã’.j0.v_.....3..:..A.LZ..K..Wr.#.v9....l.."D:L@.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ......r.....*.J^-..S.@=...{/...\...X..)...b.G.*...............Ft......#..0R_ZPQ.i..O....E7..<_... Z.ma.578.(b.|...n#T,.c.....9.r.nZMS.L..........Ms.PH..i^=A...M?......%...R.,@.....
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@...)x..K:............{2u..t.DI.E..m..:.gV.*..u.<..C<.........p.0......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` .....
..&.........A.E...i...>K..`!Ke...qaz..N.3.á..I..E.]......k..z.M8.'...4...u:.1U....d....k....".J..'........h.r..z..1..1X.....w.$....!-p.)..>,...n(.H.....H0..<..a!z..U}.....I
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@..wX.Dn.c..g.."..... V.\......z|.2o...k..r`...5H.m#........3Q...b.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ..........b..u......H.9nV.MTVe..PG..Q.oF8....Oo..S.!.vH#.-.sK[.#={...I.i.7p... .6......70[N.~S...M..P......Z..iq....C"<BTb...D.T........>=/..6>.v'3....Os.[O...L.*.I.O.. .S.....~.i
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@...Coo2..3A:..V...D.`....T.@._i.q.X....Y,.f6...*'I...) .V ...q[.......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 453
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
..
" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ...@.....5C.s..i......4..O.......&...i.;.kCa.......I..J...l9... ..| 7..lp.\..
E.J...@.J...Z.u..M%..,.
.|..mZ.j..8,.^..]....oEN..q*.Y .<.!R.......?..].2...{Ym8.......~V.U.N.{.8..9Y'__...{...#..Q.p...........Ei.......Zy.....zQU.5Vu.......a.....R/.i....0...>.{5&!
......@...2...R.1...f.x..|}].c..*w../....)..A......w. [{..
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 245
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...p...}..Pm..>...q.*\..]... .... .F..*c%.........D.../{Q.tnI........1.. .e......0i...... Ui...<.j....l.@..Q........P.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ......z...A......0i...St..m..e?...@..pq.-...Yw.E....O'.L......{B..(.F...Nt.....|..u.
....$Ax...0(.N\O/../K..<cw]1.M.q_....d...'..7.!....C....q.....v.O........W..W\..tB#..Z.....Z...
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@....&.....FE3.w.~..(V..:PF.X.X!#M....}.........#u.4.X*^...'.;;...k....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
..." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ...... .IM..=..1....=&...=.g$.X.K:._....q..a..}.A.J.....,..>.y....1...L..E.[@.....j..H.(........G..!..E...6..u.a./....)%....:.[.%......iXp......|..f..T.9].{...CK.{Z....#..s...K....
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@...I.f..S=. /.....V....q.a.:...A..DX..4P....@.b..r..YJ........qr.^....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
..." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ......$=3..<.lAt.....|.I.i.......b.......X..X.....r...'....%o............M...[A..ay..@/D.i.....n.Ies.|....... 8EF...#...........4...z.{fK....<..L._(<&.......H..!.<&...6...bW.sl......
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@..v(..j6.6.8.....B.z."..x.`...I{ #%.e..C..?............_Ui&.{.R..>....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` .......e....M.<...(0..iy.!..a....%`...0..@...G..3r.V...&.Gu..1..{rSS2...Q...F...b.oP..3DF&.7C...;..&...*?.R"........Gp8h$. .@x..D."...D.$K........]...|....x.....h...)RuE.>.oDlI.R.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@......;U..'.}.r...O..A.t.S..,..E&...r..I...U.Lq]|6W.........m...H=....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` .......?p.{.4.v.Q.n..L...s....)..-#....Z=....XDO2uz..s9..{......h..r._..L..M......2U.f.......*...[X.]D.Q$;kktT.b...U..:]Nd...b....6.......y.4@..(..q.J.....h>.>......#.D4......]c{P...
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@..T.....5s....x-.}.\0......VOGB...L.c8........-cWc.t.....G.....{=;....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ......h...A...0..U.... ..W.)Q..8..s...j..6.p.p...e....]wA..m.A.#}.41.QeH9S...XM.q...(.%..qK....[H....3....;J....n"a4.b....9.!..N0.u.v.c.w.S*t(...E.K.Py.....Q.ry<..S..
T...=}..}...
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@......I.tD.A..n....e..({...kS.W...m..n..2...%&.......s...-.3..........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ......D... '.....mr(p.n........]#2....G.2W&.....t.n.". E...].... .oX..{"..GDp..H.U^....S}......r.[....v....S..;J.i.K.k.*..{f.DI<A.k.._.f.3l../.R|.fH......I`...u...! E.&
z......W.e
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@..a...z..L..E?....q&^.....#b....uU..k...............d...M..1.w9.......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ......Z..j.c.0 *.R.M.S...H....W..4.!..`R ..3..."K...2)..K..54..7I.<.e3j.h.:/.'2.....iC3. ..;"T.i......O....).d....AE.9.... .p.V...,./........iY]q.<....pY#E.T>.../..}A%....v.=p..}.k
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@....$.../...&......&..6..H..m..rp...^_...X.6a....Zmnl.S..I... ........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ......H......."..^.pUU.ZV..ltU.]..L....H:.../...7...M=....."o.......9\./../I(X../...sE.@9. ...t...;#.n...b...=.?.F3.4#.n..c(.W..M..=........2..&oB).?......]..Rc9.c.nV!L....g|. ..."8.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@..L ..'P..n...V......!8....I.J..Mz...9!.-;d...Z"....9=....h..1...e....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ......y..5..UP.Cr.m:...G_@..#...jC.C..$ ..c...jF......y..L..y...A.....{...X/.....W_vI..'....b?.h..2.....y".Z..le=.2n-f....=.t.M...0.4K...;.{....Qu..
.R$.W.D.6..k.t..=9Z{.....n...?w.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@.....#..l...4d`x...(...uL:..ca.$....O.=...;. .cIm.......3..4{.."......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` .......... L{S....=."_08..y]F.....2.|.ua.Es<...tX-8.1...vga.x..|U._#....A.e......H..v)....z..wW.....F...S...m&.SpM~....z>. .=y#..8}.bC............V..G@.i.q#.....yhWL.<.]N..X...5Z.y..
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@......=..7..a6..$......V..w..;..........d...4.An@J..B..../.F.]a.......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` .............".p..}.V8.....T.z.. ......K.).7J..l...M:4&..Q.K_...%._p../.,..T..w...c. ...y&.m....f g.[.wM[s....X.q...E....$.R..[.P.........Z......r..m.-J"d.Z.%$.....a..n....q0..2..
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@..F..WF..e./G.X...2C...G#..{.pC. ur.4e.5.p..y..k....yLn.*..@..`..?....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` .......fE......\..5{B..`#`-....}.1r w.:.........A\.i.....>8Pl[.b...I.x...rF.....H.M.mWX..c.{....Z....".b./..$..&4..U......Js..i5.tBme..g..z..b....Zon...Z.|.K..L..Z.._c......c|.*.AE..
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@...z...l..|y..x..."..<V..SL..d%....0.9..`=.Q4.......U......3j.".b.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` .......~Uf....#.a.......5(......Av..p.P5..W....:..Rk.~...K.f.....C%.l?....(....g.%.>sQ.....g.)..K3WT.RY..R.h..Ad.....S.....kD.=...|Lp.\Q..4Z..C!.._..4x..\"...g[..I.........{;R....
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@.. .;V.a..K..(. a..DK...e"cD..8&a.....b...P.%;tV...[.x1.2.."..$6Xb....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ......x.O...au...A.YBeUI.......f4........_...m.m...i....l........}..9..G.......5.WgX .`..7....Y.n.;...).y..v.Gw..E`....sz......^..Jg.x.'..`v..B....4.xGN.[.R6........a.V.n.a.q0d
..
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@.....r..T.......P.Xn.L.].s#....!*...a\6_..... .7.......Z.WG ..-.......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` .......a.Mh.3}..J0R...:.0...w p.f.T..tqVr7.......m.i..k...b...2..Wo...^#.....2IO.Y&..x..x.ynQ9.w&,.*...)..1..Z.......k.az......l.....q....MM.3..-.u.K..r...S.......... z.DBJ4X...uf.<
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@..E#.......i.....2.8..y..._o....).4rG..D........L...~./.CPv=[.........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` .......3.....5. ...c....x..@..._L].Q..}Q.fyzP....x....a..._R...zw...a. !..@..H.,..........-..g...v..U".W.8(....v..........&.M...............a.p.-...c3J.skPi.8...bx.#K....8V.....<{..
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@..L.S...b. ].n.....Av...IM{........].....FeY.z-.T.p_I.....~y.L>8G,....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ......l..G8I%...dXy.".............q.d...P.8...........6....j\.jC.]..D.D^.....Jk....nJ(&b..F.E..........(r..%U..R..8.......KF....=80/y........g...G.ZW.H.i..............m...<.V. ..r.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@....SF....s._1....Q-6m9r.`T..P.V.}.......5).~.v.............H...M.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ............D<kvb6f.#..q......z.....%E..... .../.....H|....M$.*P...{.... p.n.2...~..M..f.iI.1X...r.).i.5Z..a...C.,....WM.|.....=..b....}WL*..<X.r....*..U..W.q6.4.M,./.-...e.P6.?e.s
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@..(..$..?....:...k.3P.......t?..l..Y.3....].$0...G...7..R..4W..>......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ........"....*..MO| .-V.Xh...........]..a.<...5.........t}q.Ls.w.....d7m`5s..\.C..8__X.....].. ..5.BK.x.`......W.9..!k#f.P.....&. c..#.H.....:D.......7......b..Y)...b~7....>l..#a..L
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@.."X{|zr]..]..X.*S[WS.5.....V...0*.V."...%.*.2.y.r......`&...S.t......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ...........SI'JK/.v.*....51..3...J./.G.Cb..ljk...x...i..s..U.......\G&....q..vb:N.rq.{.>..v..e ..-..I..kJ^....{]N.....1...Ie....G.x..h.P..$.8..}..*...[..N.y.0[>.coC..C.>{GX.w......
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@.....oS. AS.....AM.1x..%['.>...`.n.....u.N. .*...@^.y.....L..v........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
... " 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` .......'.c.].]..~.n..=..U[ ...{w(I.db....*"......Oc.....-..[.o..#.&. ...r.H.r......<c.............x"O..Q..j,....FL..s...P2..^b....Jk....pl.m[...)U..iMk.,..Q.....v.._.L.........<....
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y....... " 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@...B.z..F..s(.U..1h...*r...Ow..,.=........$_.....-..E.V.......o,.q....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 301
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...!" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ......A'.MX.R.3......M.I.....8.s.&
..wL..0}..#.!.s.T..VH1*{S.&k..A..z..&..*...x%...t.A.....*.#--.G.I8.\gU..c.<.1.e..`.. ....z..82q.p.m...O.E.SL.....Z...k...^/.g.:>.C .m...".
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y.......!" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@..g.T....omOi.v9...8NJ.=..A.\3C.....9G....{Vr._..).......J.......I....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
..."" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ........S..-....C}^d\s.....1@
.........f...c~..]/..........k......'....f.......I.w.W.u.U*"...i.(.."?...J...-.<..'_1.|....v.V ....../gh.Bj.pbbm........TT...Y{...$(]5>.]...$7....n.S
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y......."" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@..2..x.kyY.t.h.`.0*........U....~.-...~_..*.[...G....j........r".y....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...#" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ........
....C....<.T..`GgM.6L...6.....5V.Kz..@a.Rl.*..S,....~.3q[M..s..!..M.`.I*.=..U.2.)b..6..S..Sd~.i.2-i.Ow....z..<i.I........i.6..\3..!..B.....5......?E..l..f.Y...R.~D.Dt..F...
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y.......#" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@..}........C...s.'...c.m...Z.1.;._..|..>KR..X]...m..\4.m.&.:....(.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...$" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` .......bZ.e.2..{...t..O.u. }..?.H.i.Jk
M..F..]...........&C...h.rz.....S...f..,......>..:}.'.l..E*=..V.X...KQ.[.-...m....3z0m._@R.....
g......#9p..H.
..).#...~......;X.........P.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y.......$" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@...r;..(.I...W..2T.......d...j)...I..@.....@?T.$...ZgB{.t. c...0}.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...%" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` .......|I..`.bh ..(C.H.j...RJp.F...Zn}\..#3T*2T.t...?6...^....8.*.".9...Z.-....r.Q......_Hf.q
W..X.I.T ..Y.M..i..YkW...K.'b....E
[0..#...0iYm....]...B
3......./c.s.U. ......{..~
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y.......%" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@..K7..J.K..H...w...T.R..c.1...&...t...i.>......I2N...L.zc"}.....g ....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 301
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...&" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ......VR....yNG.... ..u#..54C.O.......^. oC.6.D..jc...........U.V1Ry......).....E.f.p...Z$,)k...1..b|.......KH).IU...#i..b.D.^.3%.-..."..Z...g.k..{..7n.].<4..IC....r......H
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y.......&" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@..$*.a.....e....d.q.kl.....:......?..#....s..L......q:...Qe.j ........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 301
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...'" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ......[..h.bQIU.@5U..(X..".M"_|..:.....j..Afm.~l..#}0:..'..h...I.b <..N....
>W.-".;o.....b..E.o..
.-=gL.&(.=.4 .8'......j!b>.......;5.....z.v....T.u.....y.....)g.y.p...
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y.......'" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@..w<..0.....kM0|..w..V..t*...F].".I...4.....x Bf.........C.kW..J.W....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...(" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ......%`...Q..@...........&g......e'.]s.EQ@.k...f...G.F.....npA...ha..\..8.BCb.p."w.[.NY... .......C.(..T.91c...Ad.Z.#.....o"..%..<80..
..h.]... .zP`l
.Si.*..y....$.(...%^..t....
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y.......(" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@..x..z)u....KA...kw......Z,.....&....<.SU.K.d.Q......]V.E.............
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...)" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` .......)...$..i.9.../.u._.$yq.S .u.'...O<...y(U\9...}\..I35X.....-.:..'xi.%...e.....[...K2..`.....Il#.....u.........A..D b#.........P C.} ..v........y{".3.W '.(....'6...L4!.Kt.t[
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y.......)" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@.....].\,B.....rs...5..u:.....:~....6'Z.l.."-......W-.M...B@.j........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...*" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ......U....L\"K.U2...5<...,..a.....p5&%I...W..`...fX.s..Z.hP.<..a.m..(...s.6...1..y-....." ...._..E.....J..Hx.....<....{oh..?y$M<.ul..M.1....l.....;.....CK....7..#.S...f..6._.....
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y.......*" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@..R......G#...&9....jM.2...].y.u.F.OOv.k*xf...Bxes.|.s.j......q.......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
... " 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ......p
.z\m..Zi;....U.d......8..W.......c;..>...?....].j...... .W...=7.......|5...f........... ../...z1....H..wL...U..'.x.....dm ...^..c..fG.....|'.4.m.d.>.(B.<..$...h.v.5/~...db.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y....... " 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@....3....U.6.P3>9l'j.......j.3...{.{.0I..u..Lx..Bz......N6{.F@...q....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...," 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ........
H..sb.q.m..>.V.k..t.)_.v?.4U............ .v..8.Tx.~<........l8..E...9$.n..=.7..b...qq}..@ 3..41...h...u!....O.ej."*7....$...._.........j.v._.........\..m..(............1|.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y.......," 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@...CxS..f..\....."....0..1>$?..CM......w.e.]..u.I..$...`....e3A..f....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...-" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ..........'...2.OF..F...I.p>er].!.wl..i1.....:v.y..<. ..Ev.tS|aO.Y..CdY. .x*..Q...IcL?..........B.o..E.a@.vT..x>6..\......$..)........g`.n.,t.;...j....C\4@..$i...5'..Qx0!...0...].[.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y.......-" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@.....v...e5 V...u[..N..Kl.~.....Rp.cS*.).....NJL.w2...$..i.`}.^.\.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...." 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` .......7....~...v...D..c......./R..u.......(..0,q.2.....[........>;|..>...l.Q?..u.L....9....t..ih....W.cj...2.....B.J{Ko......z.]
..!......1....$.hW.f)*.!v.,.;..t....&5..~f.T. =..:
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@...[R...9...'.y{./Lu.e.v.(......G...:..f. ....U.s9.#0.....wRu=.Y......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
.../" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ......R..U..W3>._..F.^r..:.P._.O{.Q..E.D..W"....Bz,.......G.AT.x..{... Sh.<..6J..*........S..J.....2y.$.$k
#..=....)K....9*2..%dN.9.l;...(.HB.|).l,......U.t../..P.`. ......._.....
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y......./" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@..4......z.[7.{...nH........<G.J.l[.Q.. ..>.0.. ..r.....@n..!.k.......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...0" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ............;....f.a.'`..Q...0M..n.....aS.....\..^....G.@Y...o.....:....G.?.-:z
..;....i.\.R...u.0_Z.[P....`6:$z:Q[u_}...c5F..`....).....>4.4...#...8.O.1..)v...H..I.w.=..M.`:d?..*.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y.......0" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@..o.|.....~.......)..2..W...<.Y./..(T.*\.%/9p/i.Zhl.....Kr(.....G.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...1" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` .....
h"x.D..V...0<../..T.*_...\......N....c....".n_..C...&D..........&5?7(.}....R....M..F.Z.!Q.O..(..#...1.DtI...&.4... .r..T........q. F.....1...X....
....'2...V.x...~......P8.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y.......1" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@..F.Abl...=.c..Au...B...g@.........\....B.....*@..3.....|?:..BxU......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...2" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ........i..<.....b~.#.(.D...RK..nmg....u...@gN....h.YL`..x..L.\......0p.....g...&,?..N......LRpb.......^,..O...<...4......=$S.. 8.@.Mc3..:[o.'0. Z.G......]..P..'a..E.}CH. ........v..
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y.......2" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@.....{.....IbKE..}.Ep..<h.#._.F.$A.V.E...........F.1.7....I.....mL....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...3" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` .......0...,.....mN..|E2..<.G.....).z..C.W3;.2........(....t.T...I.<...w1.~.y.....1m.....7aQ.OQ;4{..K.:....-....7._.9...5.9b...g/...-....._/....}.3.R.S...K..$....V..._6<v.`...n.;7.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y.......3" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@...u.Q.4F...|K.......f..........,..$..R..o@v.S........P.e.... S4......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...4" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` .......~.P3.*....h<T.z4.64Kra. !..t.........V
..i...A7.[H.>..:m.M.x..J...v.!.r.g#......fyy.X...@...T..d...'...nz-.{]7...dS....|.C2..B.
..:K7:R.&..{p.....^y.]._.........N..bA~.._.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y.......4" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@....P.gjZ2.M.....x4.E.6....Av2...09..x...=Mhk...sN.^Y......6.o........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...5" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ...................,...P...5.(.g.n.xT..%..&.&.@..I>[.......U.4k.m".G.......2.}\*b.A.S....>z...{....|.....N.=.......`V....V
........).'.j5.B....,.< .8.,...f.....!C......r..aN..S..".
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y.......5" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@..G.t\..........{)...lq.H.l&...:b\...FJ..~...G....S.*|.0........Y.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...6" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ..........Tq..HZE.K}f4f..Z;...Jg...2.....p..........tP.."....[n-.........P.-
.B.... ..8d..^.....E....$.u.. . ..(.r!....^.hK.."<..X~z..HF....?K..b..^.....9.J.'...h...Z.{.B>..6p(.#g.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 197
...y.......6" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...@..v.....".:H....,.r...\..Z}..w].WW&.<...`8.._.....0..<..........tQ....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 469
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y..
...7" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ...P..?.o.a.....'....2m.P_..z.z..*7n8..bU.._c..2}O...A...\!..T}.../.f...~NR.Je.)....B.9...c2...Q.q..l
.S.AzZQ.....{]Q$3....6J..I.h8TU.x~........c-0yWk...1 O6.......Z..V...;....!.r.... ...I...CQ.....g.s..&.j...A....q/es.3.loa....?...R[.H.$.v..Wuo,.g-G..P.c;.`9|.5..k}l5.....8..yc.C{..P.A.9...> !.s...<I...A..|..{.......}.t2......n2...s.}.
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 245
...y.......7" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` ...p.. ..r.t..e.}8.n4.~?....nK#.jA.4..D.5..,7@.f.08......,7~wV..E....Q..M....k.......Q")...~.#e6{.q..Oh..4...t.p.>..U*....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 165
Content-Type: application/octet-stream
Host: s.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ... ..s.1E. ....e.7..#}...P.VD..C.....
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 301
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` .............F...!N......X.C....m.~......K.....O...A...kO......1g..k..`n.....X3..f.l...e..p7.....r..w..}..,g7iF...X..{.P.D.`X~f.m...j.....G..7@.&..2EPW...k.WH........?.]{^.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 173
Content-Type: application/octet-stream
Host: d.x.baidu.com
Keep-Alive: timeout=600,max=1000
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X........X.."...AlY....f8.@.H.P.X.V` ...(....~.P@._...z....BA..t.S.t@#.h......A.o..
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 149
...y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` .......Tb..rop.%....t.HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 149.....y........" 34774fbda3add406d6894c6154e2b3d7(.........28j..C.....d.B."h...[w.H.[....L".X.........X.."...AlY....f8.@.H.P.X.V` .......Tb..rop.%....t...
GET /client1/common/install/31744421716/BDMZip.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Referer: hXXp://dl1sw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
HTTP/1.0 200 OK
Expires: Fri, 24 Oct 2014 07:50:34 GMT
Date: Wed, 24 Sep 2014 07:50:34 GMT
Server: nginx
Content-Type: application/octet-stream
Content-Length: 18154312
Last-Modified: Wed, 24 Sep 2014 07:40:21 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Age: 32615
Via: 1.0 sdbz30:88 (Cdn Cache Server V2.0), 1.0 shiben13:51020 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BDMZip.dll"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Z...4N..4N..4NC.JN..4N..IN..4N..YN..4N..ZN..4N..kN..4N..iN..4N..5Nd.4N..FN..4N..NN..4N..HN..4N..LN..4NRich..4N........................PE..L....s"T...........!..... .......... ".......0............................... .......P..................................M............`..................H#...@...)..@3..................................@............0...............................text............ .................. ..`.rdata.......0.......0..............@..@.data....Q....... ..................@....rsrc........`....... ..............@..@.reloc..n....@......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
<<< skipped >>>
Map
The Malware connects to the servers at the folowing location(s):
Strings from Dumps
BaiduSdSvc.exe_1600:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
%d.%d.%d
%d.%d.%d
libprotobuf %s %s:%d] %s
libprotobuf %s %s:%d] %s
..\src\google\protobuf\stubs\common.cc
..\src\google\protobuf\stubs\common.cc
..\src\google\protobuf\message_lite.cc
..\src\google\protobuf\message_lite.cc
CHECK failed: !coded_out.HadError():
CHECK failed: !coded_out.HadError():
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
Content-Length:%d
Content-Length:%d
s.x.baidu.com
s.x.baidu.com
c:\clientci\workspace\bdkv_v2.1_fix_compile\avmain_proj\Source\MiniUpdate\thirdparty\google/protobuf/repeated_field.h
c:\clientci\workspace\bdkv_v2.1_fix_compile\avmain_proj\Source\MiniUpdate\thirdparty\google/protobuf/repeated_field.h
c:\clientci\workspace\bdkv_v2.1_fix_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp
c:\clientci\workspace\bdkv_v2.1_fix_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp
.\update.pb.cc
.\update.pb.cc
%s:%u
%s:%u
Unsupported Media Type
Unsupported Media Type
HTTP Version not supported
HTTP Version not supported
HTTP/1.0
HTTP/1.0
HTTP/1.1
HTTP/1.1
1.0.0.1
1.0.0.1
.\header.pb.cc
.\header.pb.cc
%u.%u.%u.%u
%u.%u.%u.%u
addr %s not good...
addr %s not good...
https
https
ftpes
ftpes
ftps
ftps
tftp
tftp
% ;?:@=&,$/-_!.~*()
% ;?:@=&,$/-_!.~*()
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
%s\Connection
%s\Connection
1.0.1.1
1.0.1.1
%d.%d
%d.%d
d-d-d d:d:d
d-d-d d:d:d
RegKey
RegKey
CryptMsgGetParam
CryptMsgGetParam
CryptMsgClose
CryptMsgClose
CertFindCertificateInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertFreeCertificateContext
CertCloseStore
CertCloseStore
CertGetNameStringW
CertGetNameStringW
CryptCATCatalogInfoFromContext
CryptCATCatalogInfoFromContext
RootKey
RootKey
SubKey
SubKey
IsNative64Key
IsNative64Key
X;
X;
%s>
%s>
%s="%s"
%s="%s"
%s='%s'
%s='%s'
version="%s"
version="%s"
encoding="%s"
encoding="%s"
standalone="%s"
standalone="%s"
c:\clientci\workspace\bdkv_v2.1_fix_compile\basic\KVOutput\binrelease\BaiduSdSvc.pdb
c:\clientci\workspace\bdkv_v2.1_fix_compile\basic\KVOutput\binrelease\BaiduSdSvc.pdb
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
BDLogicUtils.dll
BDLogicUtils.dll
BDMFrameWork.dll
BDMFrameWork.dll
SHLWAPI.dll
SHLWAPI.dll
BDMSkin.dll
BDMSkin.dll
GetWindowsDirectoryW
GetWindowsDirectoryW
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
ADVAPI32.dll
ADVAPI32.dll
MSVCP80.dll
MSVCP80.dll
PSAPI.DLL
PSAPI.DLL
WS2_32.dll
WS2_32.dll
MSVCR80.dll
MSVCR80.dll
_amsg_exit
_amsg_exit
_crt_debugger_hook
_crt_debugger_hook
USERENV.dll
USERENV.dll
WTSAPI32.dll
WTSAPI32.dll
SensApi.dll
SensApi.dll
HttpSendRequestW
HttpSendRequestW
InternetCrackUrlW
InternetCrackUrlW
HttpOpenRequestW
HttpOpenRequestW
HttpQueryInfoW
HttpQueryInfoW
WININET.dll
WININET.dll
NETAPI32.dll
NETAPI32.dll
SHDeleteKeyW
SHDeleteKeyW
GetSystemWindowsDirectoryW
GetSystemWindowsDirectoryW
RegOpenKeyExA
RegOpenKeyExA
RegQueryInfoKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyExW
RegSetKeySecurity
RegSetKeySecurity
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
RegGetKeySecurity
RegGetKeySecurity
RegDeleteKeyW
RegDeleteKeyW
RegFlushKey
RegFlushKey
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
imagehlp.dll
imagehlp.dll
BaiduSdSvc.exe
BaiduSdSvc.exe
.?AV?$CSingleton@VCRtpPluginContainer@@@BDMBase@@
.?AV?$CSingleton@VCRtpPluginContainer@@@BDMBase@@
.?AVCRtpPluginContainer@@
.?AVCRtpPluginContainer@@
.?AV?$CSingleton@VCRTPServer@@@utils@@
.?AV?$CSingleton@VCRTPServer@@@utils@@
.?AVCRTPServer@@
.?AVCRTPServer@@
.?AVCBDMOptionsReportRecord@@
.?AVCBDMOptionsReportRecord@@
.?AVCBDMLauchReportRecord@@
.?AVCBDMLauchReportRecord@@
.?AVTSMsg@@
.?AVTSMsg@@
.?AVIBDMMsg@@
.?AVIBDMMsg@@
.?AVTSMsgMap@@
.?AVTSMsgMap@@
.?AVITSMsgMap@@
.?AVITSMsgMap@@
.?AVTSMsgDispatcher@@
.?AVTSMsgDispatcher@@
.?AVITSMsgDispatcher@@
.?AVITSMsgDispatcher@@
.?AVTSMsgStub@@
.?AVTSMsgStub@@
.?AVITSMsgStub@@
.?AVITSMsgStub@@
.?AVheader@http@bena@@
.?AVheader@http@bena@@
.?AVrequest@http@bena@@
.?AVrequest@http@bena@@
.?AVresponse@http@bena@@
.?AVresponse@http@bena@@
3!3-393]3}3
3!3-393]3}3
0#0 172^2
0#0 172^2
0(0-0F0V0h0}0
0(0-0F0V0h0}0
8 8$8(8,8084888
8 8$8(8,8084888
1 1$1(1,1014181
1 1$1(1,1014181
HKEY_LOCAL_MACHINE\Software
HKEY_LOCAL_MACHINE\Software
HKEY_CURRENT_USER\Software\Classes\CLSID
HKEY_CURRENT_USER\Software\Classes\CLSID
HKEY_CURRENT_USER\Software\Classes\DirectShow
HKEY_CURRENT_USER\Software\Classes\DirectShow
HKEY_CURRENT_USER\Software\Classes\Interface
HKEY_CURRENT_USER\Software\Classes\Interface
HKEY_CURRENT_USER\Software\Classes\Media Type
HKEY_CURRENT_USER\Software\Classes\Media Type
HKEY_CURRENT_USER\Software\Classes\MediaFoundation
HKEY_CURRENT_USER\Software\Classes\MediaFoundation
HKEY_CLASSES_ROOT\CLSID
HKEY_CLASSES_ROOT\CLSID
HKEY_CLASSES_ROOT\DirectShow
HKEY_CLASSES_ROOT\DirectShow
HKEY_CLASSES_ROOT\Interface
HKEY_CLASSES_ROOT\Interface
HKEY_CLASSES_ROOT\Media Type
HKEY_CLASSES_ROOT\Media Type
HKEY_CLASSES_ROOT\MediaFoundation
HKEY_CLASSES_ROOT\MediaFoundation
explorer.exe
explorer.exe
HKEY_LOCAL_MACHINE\Software\Wow6432Node
HKEY_LOCAL_MACHINE\Software\Wow6432Node
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\CLSID
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\CLSID
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\DirectShow
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\DirectShow
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Interface
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Interface
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Media Type
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Media Type
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\MediaFoundation
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\MediaFoundation
HKEY_CLASSES_ROOT\Wow6432Node\CLSID
HKEY_CLASSES_ROOT\Wow6432Node\CLSID
HKEY_CLASSES_ROOT\Wow6432Node\DirectShow
HKEY_CLASSES_ROOT\Wow6432Node\DirectShow
HKEY_CLASSES_ROOT\Wow6432Node\Interface
HKEY_CLASSES_ROOT\Wow6432Node\Interface
HKEY_CLASSES_ROOT\Wow6432Node\Media Type
HKEY_CLASSES_ROOT\Wow6432Node\Media Type
HKEY_CLASSES_ROOT\Wow6432Node\MediaFoundation
HKEY_CLASSES_ROOT\Wow6432Node\MediaFoundation
\BDConfig.dll
\BDConfig.dll
winlogon.exe
winlogon.exe
SOFTWARE\Microsoft\Windows\CurrentVersion
SOFTWARE\Microsoft\Windows\CurrentVersion
ntdll.dll
ntdll.dll
BaiduSdTray.exe
BaiduSdTray.exe
"{0}\{1}" {2}
"{0}\{1}" {2}
SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
EXPLORER.EXE
EXPLORER.EXE
Global\BDKVMutex{B2F10594-7119-4649-9326-AF1890C5CE56}
Global\BDKVMutex{B2F10594-7119-4649-9326-AF1890C5CE56}
Global\BDKVEvent{8C345A9A-F601-405d-AB4A-B459CD5E369E}
Global\BDKVEvent{8C345A9A-F601-405d-AB4A-B459CD5E369E}
Global\TAV_SERVICE_{4A9CAFF9-6834-419c-AFB1-139AC49FF55E}
Global\TAV_SERVICE_{4A9CAFF9-6834-419c-AFB1-139AC49FF55E}
\\.\pipe\{5EA6312A-0014-4160-AF85-E26361D6281E}
\\.\pipe\{5EA6312A-0014-4160-AF85-E26361D6281E}
BaiduSd.exe
BaiduSd.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduSd
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduSd
\bdkvrtpplugins\RtpContainerConfig.xml
\bdkvrtpplugins\RtpContainerConfig.xml
C:\test.exe
C:\test.exe
d-d-d d:d:d d
d-d-d d:d:d d
d:d:d
d:d:d
%s(%d)
%s(%d)
Last Error : %u(%s)
Last Error : %u(%s)
\BDMAVE.dll
\BDMAVE.dll
Global\BDKVMutex{32EB1BC7-A5CD-4356-A6B1-54D7BF690CA7}
Global\BDKVMutex{32EB1BC7-A5CD-4356-A6B1-54D7BF690CA7}
JoinBaiduCloundPlan
JoinBaiduCloundPlan
\kernel32.dll
\kernel32.dll
Windows 8.1
Windows 8.1
Windows 8.0
Windows 8.0
Windows 7
Windows 7
Windows Vista
Windows Vista
Windows 7
Windows 7
Windows Vista
Windows Vista
Windows Server 2003,
Windows Server 2003,
Windows XP
Windows XP
Windows 2000
Windows 2000
Windows NT
Windows NT
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009
Windows 95
Windows 95
Windows 98
Windows 98
Windows ME
Windows ME
BaiduSdUpdate.exe
BaiduSdUpdate.exe
CX
CX
{X-X-X-XX-XXXXXX}
{X-X-X-XX-XXXXXX}
CD823ABCA-A92F-429d-9E11-3779B5F682AA
CD823ABCA-A92F-429d-9E11-3779B5F682AA
BDMUPDATE_{626ADED9-5989-4e97-A482-09AC95C17D47}
BDMUPDATE_{626ADED9-5989-4e97-A482-09AC95C17D47}
BDMUpdate.dll
BDMUpdate.dll
BDMNet.dll
BDMNet.dll
.bdtmp
.bdtmp
.old_
.old_
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0
Akernel32.dll
Akernel32.dll
\Global.db
\Global.db
Aiphlpapi.dll
Aiphlpapi.dll
A\\.\PhysicalDrive%d
A\\.\PhysicalDrive%d
\\.\Scsi%d:
\\.\Scsi%d:
BHKEY_LOCAL_MACHINE
BHKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
oHKEY_USERS
oHKEY_USERS
Wintrust.dll
Wintrust.dll
Crypt32.dll
Crypt32.dll
Software\Microsoft\Windows NT\CurrentVersion\Time Zones\
Software\Microsoft\Windows NT\CurrentVersion\Time Zones\
Software\Microsoft\Windows NT\CurrentVersion\ProfileList\
Software\Microsoft\Windows NT\CurrentVersion\ProfileList\
Software\Microsoft\Windows NT\CurrentVersion\Print\
Software\Microsoft\Windows NT\CurrentVersion\Print\
Software\Microsoft\Windows NT\CurrentVersion\Ports\
Software\Microsoft\Windows NT\CurrentVersion\Ports\
Software\Microsoft\Windows NT\CurrentVersion\Perflib\
Software\Microsoft\Windows NT\CurrentVersion\Perflib\
Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\
Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\
Software\Microsoft\Windows NT\CurrentVersion\Language Pack\
Software\Microsoft\Windows NT\CurrentVersion\Language Pack\
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Software\Microsoft\Windows NT\CurrentVersion\Gre_Initialize\
Software\Microsoft\Windows NT\CurrentVersion\Gre_Initialize\
Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\
Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\
Software\Microsoft\Windows NT\CurrentVersion\Fonts\
Software\Microsoft\Windows NT\CurrentVersion\Fonts\
Software\Microsoft\Windows NT\CurrentVersion\FontMapper\
Software\Microsoft\Windows NT\CurrentVersion\FontMapper\
Software\Microsoft\Windows NT\CurrentVersion\FontLink\
Software\Microsoft\Windows NT\CurrentVersion\FontLink\
Software\Microsoft\Windows NT\CurrentVersion\FontDpi\
Software\Microsoft\Windows NT\CurrentVersion\FontDpi\
Software\Microsoft\Windows NT\CurrentVersion\Console\
Software\Microsoft\Windows NT\CurrentVersion\Console\
Software\Microsoft\Windows\CurrentVersion\Telephony\Locations\
Software\Microsoft\Windows\CurrentVersion\Telephony\Locations\
Software\Microsoft\Windows\CurrentVersion\Setup\
Software\Microsoft\Windows\CurrentVersion\Setup\
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\
Software\Microsoft\Windows\CurrentVersion\Policies\
Software\Microsoft\Windows\CurrentVersion\Policies\
Software\Microsoft\Windows\CurrentVersion\Group Policy\
Software\Microsoft\Windows\CurrentVersion\Group Policy\
Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap\
Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap\
Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\
Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\
Software\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes\
Software\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes\
Software\Microsoft\Windows\CurrentVersion\App Paths\
Software\Microsoft\Windows\CurrentVersion\App Paths\
Software\Microsoft\SystemCertificates\
Software\Microsoft\SystemCertificates\
Software\Microsoft\EnterpriseCertificates\
Software\Microsoft\EnterpriseCertificates\
system32\winlogon.exe
system32\winlogon.exe
D6BE417DD-264A-4678-A036-74D2173ECCEB
D6BE417DD-264A-4678-A036-74D2173ECCEB
2.1.0.2625
2.1.0.2625
BaidusdSvc.exe
BaidusdSvc.exe
BaiduHips.exe_1164:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
t6;)u%Sj
t6;)u%Sj
N,SSSh
N,SSSh
;9u.SWj
;9u.SWj
SSSh(hL
SSSh(hL
asio.misc
asio.misc
asio.misc error
asio.misc error
\\.\Pipe\
\\.\Pipe\
thread.exit_event
thread.exit_event
thread.entry_event
thread.entry_event
exception:%s:%d, unknown exception!
exception:%s:%d, unknown exception!
exception:%s:%d, %s
exception:%s:%d, %s
Kernel32.dll
Kernel32.dll
Can't terminate a sub-expression with an alternation operator |.
Can't terminate a sub-expression with an alternation operator |.
A regular expression can start with the alternation operator |.
A regular expression can start with the alternation operator |.
Alternation operators are not allowed inside a DEFINE block.
Alternation operators are not allowed inside a DEFINE block.
More than one alternation operator | was encountered inside a conditional expression.
More than one alternation operator | was encountered inside a conditional expression.
A repetition operator cannot be applied to a zero-width assertion.
A repetition operator cannot be applied to a zero-width assertion.
Invalid alternation operators within (?...) block.
Invalid alternation operators within (?...) block.
The \c and \C escape sequences are not supported by POSIX basic regular expressions: try the Perl syntax instead.
The \c and \C escape sequences are not supported by POSIX basic regular expressions: try the Perl syntax instead.
Found a closing repetition operator } with no corresponding {.
Found a closing repetition operator } with no corresponding {.
The repeat operator " " cannot start a regular expression.
The repeat operator " " cannot start a regular expression.
The repeat operator "?" cannot start a regular expression.
The repeat operator "?" cannot start a regular expression.
The repeat operator "*" cannot start a regular expression.
The repeat operator "*" cannot start a regular expression.
right-curly-bracket
right-curly-bracket
left-curly-bracket
left-curly-bracket
0123456789
0123456789
Unmatched quantified repeat operator { or \{.
Unmatched quantified repeat operator { or \{.
Invalid preceding regular expression prior to repetition operator.
Invalid preceding regular expression prior to repetition operator.
..\src\google\protobuf\message_lite.cc
..\src\google\protobuf\message_lite.cc
CHECK failed: !coded_out.HadError():
CHECK failed: !coded_out.HadError():
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\io\coded_stream.cc
%d.%d.%d
%d.%d.%d
libprotobuf %s %s:%d] %s
libprotobuf %s %s:%d] %s
..\src\google\protobuf\stubs\common.cc
..\src\google\protobuf\stubs\common.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
.\hipsad\Global\CloudControl_AD\ad.pb.cc
.\hipsad\Global\CloudControl_AD\ad.pb.cc
CreateReportClient
CreateReportClient
ReleaseReportClient
ReleaseReportClient
.\hipsad\Global\ReportBase\msg.pb.cc
.\hipsad\Global\ReportBase\msg.pb.cc
datapkg.FieldsList
datapkg.FieldsList
datapkg.DataType
datapkg.DataType
xxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxx
c:\clientci\workspace\hips_v1.0_fix_forAd_compile\stable_proj\include\thirdInclude\boost/algorithm/hex.hpp
c:\clientci\workspace\hips_v1.0_fix_forAd_compile\stable_proj\include\thirdInclude\boost/algorithm/hex.hpp
c:\clientci\workspace\hips_v1.0_fix_forAd_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp
c:\clientci\workspace\hips_v1.0_fix_forAd_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp
{CEA7F4FD-F5F6-4F4D-B7B0-18AD6070B910}
{CEA7F4FD-F5F6-4F4D-B7B0-18AD6070B910}
{943569E1-477F-4c1f-9710-A34533FC527B}
{943569E1-477F-4c1f-9710-A34533FC527B}
bdkvrtpplugins\HIPSClient.dll
bdkvrtpplugins\HIPSClient.dll
{5BD380DD-860B-45CB-83E9-8F3987E9C750}
{5BD380DD-860B-45CB-83E9-8F3987E9C750}
HipsClient.dll
HipsClient.dll
{FBF8E387-B470-4aaf-9122-B91F3E9BA5B7}
{FBF8E387-B470-4aaf-9122-B91F3E9BA5B7}
operation
operation
asyncreport
asyncreport
operator
operator
%d.%d.%d.%d
%d.%d.%d.%d
%s\%s
%s\%s
BaiduHips.exe
BaiduHips.exe
DriverManager.dll
DriverManager.dll
BaiduHips_CS_{94208c7a-2988-436f-8317-0a7873feb993}
BaiduHips_CS_{94208c7a-2988-436f-8317-0a7873feb993}
param%d
param%d
Error: SetFilePointer, errcode=%d
Error: SetFilePointer, errcode=%d
Error: Malloc buffer, code=%d
Error: Malloc buffer, code=%d
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
boost thread: trying joining itself
boost thread: trying joining itself
CryptCATCatalogInfoFromContext
CryptCATCatalogInfoFromContext
WTHelperGetProvCertFromChain
WTHelperGetProvCertFromChain
ERROR: %s
ERROR: %s
%s %s s
%s %s s
decoder doesn't support this archive
decoder doesn't support this archive
ERROR #%d
ERROR #%d
c:\clientci\workspace\hips_v1.0_fix_forAd_compile\basic\Output\release\BaiduHips.pdb
c:\clientci\workspace\hips_v1.0_fix_forAd_compile\basic\Output\release\BaiduHips.pdb
?Is64BitWindows@CBDMWin64Helper@BDMBase@@QAEHXZ
?Is64BitWindows@CBDMWin64Helper@BDMBase@@QAEHXZ
BDMBase.dll
BDMBase.dll
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
BDLogicUtils.dll
BDLogicUtils.dll
BDMTinyXml.dll
BDMTinyXml.dll
?GetWindowsDirectory_DLL@BDMStringUtils@@YA_NPA_WH@Z
?GetWindowsDirectory_DLL@BDMStringUtils@@YA_NPA_WH@Z
BDMStringUtils.dll
BDMStringUtils.dll
GetProcessHeap
GetProcessHeap
CreateIoCompletionPort
CreateIoCompletionPort
CreateNamedPipeA
CreateNamedPipeA
GetNamedPipeInfo
GetNamedPipeInfo
DisconnectNamedPipe
DisconnectNamedPipe
ConnectNamedPipe
ConnectNamedPipe
WaitNamedPipeA
WaitNamedPipeA
SetNamedPipeHandleState
SetNamedPipeHandleState
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteKeyW
RegEnumKeyW
RegEnumKeyW
RegOpenKeyW
RegOpenKeyW
RegEnumKeyExW
RegEnumKeyExW
ADVAPI32.dll
ADVAPI32.dll
SHELL32.dll
SHELL32.dll
MSVCP80.dll
MSVCP80.dll
SHLWAPI.dll
SHLWAPI.dll
MSVCR80.dll
MSVCR80.dll
_amsg_exit
_amsg_exit
_wcmdln
_wcmdln
_crt_debugger_hook
_crt_debugger_hook
PSAPI.DLL
PSAPI.DLL
NETAPI32.dll
NETAPI32.dll
ImageGetCertificateHeader
ImageGetCertificateHeader
imagehlp.dll
imagehlp.dll
CertGetNameStringW
CertGetNameStringW
CRYPT32.dll
CRYPT32.dll
VERSION.dll
VERSION.dll
WS2_32.dll
WS2_32.dll
?BDMGetProcessCmdLineAndImgPathW@BDMBase@@YGHKPA_WK0K@Z
?BDMGetProcessCmdLineAndImgPathW@BDMBase@@YGHKPA_WK0K@Z
?BDMGetWindowsVersion@BDMMisc@@YAHAAKPA_WH@Z
?BDMGetWindowsVersion@BDMMisc@@YAHAAKPA_WH@Z
.?AVpipe_acceptor@ipc@baidu@@
.?AVpipe_acceptor@ipc@baidu@@
.?AV?$service_base@Vstream_handle_service@windows@asio@boost@@@detail@asio@boost@@
.?AV?$service_base@Vstream_handle_service@windows@asio@boost@@@detail@asio@boost@@
.?AV?$typeid_wrapper@Vstream_handle_service@windows@asio@boost@@@detail@asio@boost@@
.?AV?$typeid_wrapper@Vstream_handle_service@windows@asio@boost@@@detail@asio@boost@@
.?AVstream_handle_service@windows@asio@boost@@
.?AVstream_handle_service@windows@asio@boost@@
.?AV?$bind_t@XV?$mf4@XVpipe_channel@ipc@baidu@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$function@$$A6AXVerror_code@system@boost@@@Z@boost@@H_J@_mfi@boost@@V?$list5@V?$value@PAVpipe_channel@ipc@baidu@@@_bi@boost@@V?$value@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@23@V?$value@V?$function@$$A6AXVerror_code@system@boost@@@Z@boost@@@23@V?$value@H@23@V?$value@_J@23@@_bi@3@@_bi@boost@@
.?AV?$bind_t@XV?$mf4@XVpipe_channel@ipc@baidu@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$function@$$A6AXVerror_code@system@boost@@@Z@boost@@H_J@_mfi@boost@@V?$list5@V?$value@PAVpipe_channel@ipc@baidu@@@_bi@boost@@V?$value@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@23@V?$value@V?$function@$$A6AXVerror_code@system@boost@@@Z@boost@@@23@V?$value@H@23@V?$value@_J@23@@_bi@3@@_bi@boost@@
.?AVpipe_channel@ipc@baidu@@
.?AVpipe_channel@ipc@baidu@@
.?AV?$basic_stream_handle@Vstream_handle_service@windows@asio@boost@@@windows@asio@boost@@
.?AV?$basic_stream_handle@Vstream_handle_service@windows@asio@boost@@@windows@asio@boost@@
.?AV?$basic_handle@Vstream_handle_service@windows@asio@boost@@@windows@asio@boost@@
.?AV?$basic_handle@Vstream_handle_service@windows@asio@boost@@@windows@asio@boost@@
.?AV?$basic_io_object@Vstream_handle_service@windows@asio@boost@@@asio@boost@@
.?AV?$basic_io_object@Vstream_handle_service@windows@asio@boost@@@asio@boost@@
.?AVSourceTargetCmdParamFilter@@
.?AVSourceTargetCmdParamFilter@@
.?AVSetWindowsHookFilter@@
.?AVSetWindowsHookFilter@@
.?AV?$sp_counted_impl_p@VSetWindowsHookFilter@@@detail@boost@@
.?AV?$sp_counted_impl_p@VSetWindowsHookFilter@@@detail@boost@@
.?AV?$sp_counted_impl_p@VSourceTargetCmdParamFilter@@@detail@boost@@
.?AV?$sp_counted_impl_p@VSourceTargetCmdParamFilter@@@detail@boost@@
.?AV?$factory@V?$shared_ptr@VSourceTargetCmdParamFilter@@@boost@@PQnone_helper@detail@2@H$0A@@boost@@
.?AV?$factory@V?$shared_ptr@VSourceTargetCmdParamFilter@@@boost@@PQnone_helper@detail@2@H$0A@@boost@@
.?AV?$factory@V?$shared_ptr@VSetWindowsHookFilter@@@boost@@PQnone_helper@detail@2@H$0A@@boost@@
.?AV?$factory@V?$shared_ptr@VSetWindowsHookFilter@@@boost@@PQnone_helper@detail@2@H$0A@@boost@@
.?AVOnSwitchMsg@@
.?AVOnSwitchMsg@@
.?AVSwitchMsg@@
.?AVSwitchMsg@@
.?AVOnSetActionReplyMsg@@
.?AVOnSetActionReplyMsg@@
.?AVSetActionReplyMsg@@
.?AVSetActionReplyMsg@@
.?AVOnGetFileCloudMsg@@
.?AVOnGetFileCloudMsg@@
.?AVGetFileCloudMsg@@
.?AVGetFileCloudMsg@@
.?AVOnGetStatusMsg@@
.?AVOnGetStatusMsg@@
.?AVGetStatusMsg@@
.?AVGetStatusMsg@@
.?AVOnSetStatusMsg@@
.?AVOnSetStatusMsg@@
.?AVSetStatusMsg@@
.?AVSetStatusMsg@@
.?AVOnRemoveProductMsg@@
.?AVOnRemoveProductMsg@@
.?AVRemoveProductMsg@@
.?AVRemoveProductMsg@@
.?AVOnAddProductMsg@@
.?AVOnAddProductMsg@@
.?AVAddProductMsg@@
.?AVAddProductMsg@@
.?AVProductAckMsgBase@@
.?AVProductAckMsgBase@@
.?AVProductMsgBase@@
.?AVProductMsgBase@@
.?AVOnUnRegisterMsg@@
.?AVOnUnRegisterMsg@@
.?AVUnRegisterMsg@@
.?AVUnRegisterMsg@@
.?AVOnRegisterMsg@@
.?AVOnRegisterMsg@@
.?AVRegisterMsg@@
.?AVRegisterMsg@@
.?AVCustomerAckMsgBase@@
.?AVCustomerAckMsgBase@@
.?AVCustomerMsgBase@@
.?AVCustomerMsgBase@@
.?AVClientMsgBase@@
.?AVClientMsgBase@@
.?AVEventNotifyMsg@@
.?AVEventNotifyMsg@@
.?AVEventQueryMsg@@
.?AVEventQueryMsg@@
.?AVReportClient@ns_reportbase@ns_global@@
.?AVReportClient@ns_reportbase@ns_global@@
.?AVReportMessageBase@ns_reportbase@ns_global@@
.?AVReportMessageBase@ns_reportbase@ns_global@@
.?AVBaseSynCloudPacket@ns_basecloud@ns_global@@
.?AVBaseSynCloudPacket@ns_basecloud@ns_global@@
.?AVBaseCloudPacket@ns_basecloud@ns_global@@
.?AVBaseCloudPacket@ns_basecloud@ns_global@@
ÿfH
ÿfH
2(2.242:2@2
2(2.242:2@2
1#2[2|2&383
1#2[2|2&383
4 5R5d5
4 5R5d5
2 2;2_2|2
2 2;2_2|2
:':-:3:>:
:':-:3:>:
3(3.343{3
3(3.343{3
5 5$5(5,505
5 5$5(5,505
5$5*565=5
5$5*565=5
14181
14181
; ;$;(;,;
; ;$;(;,;
3 323F3K3S3m3
3 323F3K3S3m3
6 6(676~6
6 6(676~6
8"90999\9
8"90999\9
5!5'51575
5!5'51575
: :$:(:,:0:4:
: :$:(:,:0:4:
; ;$;(;,;0;4;8;|;
; ;$;(;,;0;4;8;|;
2 2$2(2,202
2 2$2(2,202
3 3(303
3 3(303
1 1(101
1 1(101
3 3(343\3
3 3(343\3
;$;,;4;@;|;
;$;,;4;@;|;
aac3894f-8186-4845-bbe1-a8a363c8e7ea
aac3894f-8186-4845-bbe1-a8a363c8e7ea
0b24b311-6267-4907-8da3-9e58e539a561
0b24b311-6267-4907-8da3-9e58e539a561
BDMReport.dll
BDMReport.dll
xx
xx
smr.dat
smr.dat
BDMNet.dll
BDMNet.dll
BaiduHipsUpdate.exe
BaiduHipsUpdate.exe
\BDConfig.dll
\BDConfig.dll
Register Service Main Function Error!ErrorCode=%d
Register Service Main Function Error!ErrorCode=%d
BDHIPS_Mutex_Service_F678C9B0-9A8D-4f66-9108-0DA121F30FBF
BDHIPS_Mutex_Service_F678C9B0-9A8D-4f66-9108-0DA121F30FBF
)\BDMAVCached.dll
)\BDMAVCached.dll
\TrustAndIso.dll
\TrustAndIso.dll
)\BDConfig.dll
)\BDConfig.dll
\hips_customer.xml
\hips_customer.xml
%d.%d
%d.%d
plugins\KVRtp_PluginConfig.xml
plugins\KVRtp_PluginConfig.xml
plugins\Cooly_PluginConfig.xml
plugins\Cooly_PluginConfig.xml
plugins\bdkvrtpplugins\RtpContainerConfig.xml
plugins\bdkvrtpplugins\RtpContainerConfig.xml
plugins\LocalPluginInfo.xml
plugins\LocalPluginInfo.xml
dplugins\GlobalPluginInfo.xml
dplugins\GlobalPluginInfo.xml
kernel32.dll
kernel32.dll
.default
.default
S-%d-%x-%lu-%lu-%lu-%lu-%lu-%lu-%lu-%lu
S-%d-%x-%lu-%lu-%lu-%lu-%lu-%lu-%lu-%lu
MSGTYPE
MSGTYPE
BDHIPS_Mutex_Install_4b2e6131-f986-4081-b993-2b7b20ee910e
BDHIPS_Mutex_Install_4b2e6131-f986-4081-b993-2b7b20ee910e
InstallCfg.xml
InstallCfg.xml
BDHIPS_Mutex_UnInstall_173e33b8-97b4-4b95-bb6a-1e8373862a60
BDHIPS_Mutex_UnInstall_173e33b8-97b4-4b95-bb6a-1e8373862a60
}aac3894f-8186-4845-bbe1-a8a363c8e7ea
}aac3894f-8186-4845-bbe1-a8a363c8e7ea
f1b029df-912d-47ef-bfb8-788c9c32b777
f1b029df-912d-47ef-bfb8-788c9c32b777
\hips_self_enc.xml
\hips_self_enc.xml
\BaiduSd.exe
\BaiduSd.exe
\BaiduAn.exe
\BaiduAn.exe
BaiduHipsBugRpt.exe
BaiduHipsBugRpt.exe
_X64.DLL
_X64.DLL
SourceTargetCmdParamFilter
SourceTargetCmdParamFilter
SetWindowsHookFilter
SetWindowsHookFilter
FileSignLog.txt
FileSignLog.txt
Error: Sign file failed: [%s]
Error: Sign file failed: [%s]
BDMAVEng.dll
BDMAVEng.dll
\ad.dll
\ad.dll
Iwintrust.dll
Iwintrust.dll
ntdll.dll
ntdll.dll
explorer.exe
explorer.exe
1.0.0.640
1.0.0.640
bddownloader.exe_2932:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
8%uvP
8%uvP
;*u.SUj
;*u.SUj
PSSSSSSh
PSSSSSSh
>.uTV
>.uTV
j SSSSSSSh
j SSSSSSSh
aSSSh
aSSSh
FTPjK
FTPjK
FtPj;
FtPj;
C.PjRV
C.PjRV
tGHt.Ht&
tGHt.Ht&
YYtCP
YYtCP
asio.ssl
asio.ssl
asio.misc
asio.misc
D:\dl\boost_1_44_0_build\include\boost/exception/detail/exception_ptr.hpp
D:\dl\boost_1_44_0_build\include\boost/exception/detail/exception_ptr.hpp
asio.misc error
asio.misc error
asio.ssl error
asio.ssl error
dtrp.download.iyuntian.com
dtrp.download.iyuntian.com
res.download.iyuntian.com
res.download.iyuntian.com
tk.download.iyuntian.com
tk.download.iyuntian.com
utk.download.iyuntian.com
utk.download.iyuntian.com
thread.exit_event
thread.exit_event
thread.entry_event
thread.entry_event
%s\Connection
%s\Connection
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
VVV.baidu.com.cn
VVV.baidu.com.cn
HTTP/1.1
HTTP/1.1
$MD5Version: 1.0.0 November-19-1997 $
$MD5Version: 1.0.0 November-19-1997 $
$Id: md5.c,v 1.1.1.1 2004/05/17 13:23:36 rcrittenden0569 Exp $
$Id: md5.c,v 1.1.1.1 2004/05/17 13:23:36 rcrittenden0569 Exp $
%s>
%s>
standalone="%s"
standalone="%s"
encoding="%s"
encoding="%s"
version="%s"
version="%s"
X;
X;
%s='%s'
%s='%s'
%s="%s"
%s="%s"
PKEY_CUSTOMNAME
PKEY_CUSTOMNAME
PKEY_PRODUCTNAME
PKEY_PRODUCTNAME
PKEY_ISSHOW
PKEY_ISSHOW
PKEY_EXITTIME
PKEY_EXITTIME
PKEY_CUSTOMID
PKEY_CUSTOMID
PKEY_START_STATUS
PKEY_START_STATUS
PKEY_GUID
PKEY_GUID
PKEY_MINORVERSION
PKEY_MINORVERSION
PKEY_MAJORVERSION
PKEY_MAJORVERSION
PKEY_COREVERSION
PKEY_COREVERSION
PKEY_EXEVERSION
PKEY_EXEVERSION
PKEY_UPDATESERVERPORT
PKEY_UPDATESERVERPORT
PKEY_UPDATESERVERIP
PKEY_UPDATESERVERIP
PKEY_PSHASH
PKEY_PSHASH
PKEY_PSNAME
PKEY_PSNAME
PKEY_EXHASH
PKEY_EXHASH
PKEY_EXNAME
PKEY_EXNAME
PKEY_TNHASH
PKEY_TNHASH
PKEY_TNNAME
PKEY_TNNAME
PKEY_COREHASH
PKEY_COREHASH
PKEY_CORENAME
PKEY_CORENAME
PKEY_EXEHASH
PKEY_EXEHASH
PKEY_EXENAME
PKEY_EXENAME
PKEY_UPDATEURL
PKEY_UPDATEURL
PKEY_FILENAME
PKEY_FILENAME
PKEY_RESULT
PKEY_RESULT
up.download.iyuntian.com
up.download.iyuntian.com
PKEY_TTL
PKEY_TTL
PKEY_ISFIX
PKEY_ISFIX
PKEY_VERSION
PKEY_VERSION
PKEY_FILEEMULE_HASH
PKEY_FILEEMULE_HASH
PKEY_FILEEMULE_SIZE
PKEY_FILEEMULE_SIZE
PKEY_FILEEMULE_NAME
PKEY_FILEEMULE_NAME
PKEY_FILEBT_HASH
PKEY_FILEBT_HASH
PKEY_FILEBT_SIZE
PKEY_FILEBT_SIZE
PKEY_FILEBT_NAME
PKEY_FILEBT_NAME
PKEY_FILECORE_HASH
PKEY_FILECORE_HASH
PKEY_FILECORE_SIZE
PKEY_FILECORE_SIZE
PKEY_FILECORE_NAME
PKEY_FILECORE_NAME
PKEY_URL
PKEY_URL
PKEY_PERIOD
PKEY_PERIOD
kernel32.dll
kernel32.dll
.mixcrt
.mixcrt
KERNEL32.DLL
KERNEL32.DLL
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
mscoree.dll
mscoree.dll
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
operator
operator
portuguese-brazilian
portuguese-brazilian
FhModule = %u, pfunc = %u
FhModule = %u, pfunc = %u
DbgHelp.dll
DbgHelp.dll
crash.dmp
crash.dmp
0xX
0xX
DlBugReport.ini
DlBugReport.ini
DlBugReport.dat
DlBugReport.dat
%Y-%m-%d %H:%M:%S
%Y-%m-%d %H:%M:%S
%d.%d.%d.%d
%d.%d.%d.%d
,d-d-d d:d:d
,d-d-d d:d:d
[ 0xX ] %s [%s]
[ 0xX ] %s [%s]
Error: Write address 0xX
Error: Write address 0xX
Error: Read address 0xX
Error: Read address 0xX
version = %s
version = %s
%s-----------------------------------
%s-----------------------------------
Type: %s
Type: %s
Address: 0xX
Address: 0xX
bddownloader.exe
bddownloader.exe
EXCEPTION_FLT_INVALID_OPERATION
EXCEPTION_FLT_INVALID_OPERATION
EXCEPTION_FLT_DENORMAL_OPERAND
EXCEPTION_FLT_DENORMAL_OPERAND
(%d,%d,%d,%d)
(%d,%d,%d,%d)
0xX:
0xX:
%s::x;
%s::x;
0xX[%X] %s:
0xX[%X] %s:
%s::x
%s::x
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
Visual C CRT: Not enough memory to complete call to strerror.
Visual C CRT: Not enough memory to complete call to strerror.
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
d:\dl\DownloadProxy_proj\Output\Release\bddownloader.pdb
d:\dl\DownloadProxy_proj\Output\Release\bddownloader.pdb
GetProcessHeap
GetProcessHeap
CreateIoCompletionPort
CreateIoCompletionPort
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegDeleteKeyW
RegDeleteKeyW
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyExW
RegOpenKeyW
RegOpenKeyW
RegOpenKeyExA
RegOpenKeyExA
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteW
ShellExecuteW
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
SHLWAPI.dll
SHLWAPI.dll
COMCTL32.dll
COMCTL32.dll
WS2_32.dll
WS2_32.dll
VERSION.dll
VERSION.dll
NetWkstaTransportEnum
NetWkstaTransportEnum
NETAPI32.dll
NETAPI32.dll
PSAPI.DLL
PSAPI.DLL
imagehlp.dll
imagehlp.dll
zcÃ
zcÃ
'DownloadProxy.EXE'
'DownloadProxy.EXE'
BDDownloadProxy.Downloader.1 = s 'Downloader Class'
BDDownloadProxy.Downloader.1 = s 'Downloader Class'
CLSID = s '{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}'
CLSID = s '{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}'
BDDownloadProxy.Downloader = s 'Downloader Class'
BDDownloadProxy.Downloader = s 'Downloader Class'
CurVer = s 'BDDownloadProxy.Downloader.1'
CurVer = s 'BDDownloadProxy.Downloader.1'
ForceRemove {91B5E4DE-4C97-41CD-9F94-84BFAABB7371} = s 'Downloader Class'
ForceRemove {91B5E4DE-4C97-41CD-9F94-84BFAABB7371} = s 'Downloader Class'
ProgID = s 'BDDownloadProxy.Downloader.1'
ProgID = s 'BDDownloadProxy.Downloader.1'
VersionIndependentProgID = s 'BDDownloadProxy.Downloader'
VersionIndependentProgID = s 'BDDownloadProxy.Downloader'
'TypeLib' = s '{DA624F8F-98BF-4B03-AD11-A12D07119E81}'
'TypeLib' = s '{DA624F8F-98BF-4B03-AD11-A12D07119E81}'
stdole2.tlbWWW
stdole2.tlbWWW
cuiMsgTypeWWW
cuiMsgTypeWWW
pMsgParamWWWd
pMsgParamWWWd
6|pTaskUrl
6|pTaskUrl
Created by MIDL version 6.00.0366 at Thu May 22 14:49:00 2014
Created by MIDL version 6.00.0366 at Thu May 22 14:49:00 2014
&UU*&&&&&&&&*UU(%%%%%%%%(UU)%%%%%%%%)UU.$$$$$$$$.UU1''''''''1UU
&UU*&&&&&&&&*UU(%%%%%%%%(UU)%%%%%%%%)UU.$$$$$$$$.UU1''''''''1UU
"7,,11,,7"
"7,,11,,7"
2222222222222222
2222222222222222
11///20.
11///20.
##!!! !!!##
##!!! !!!##
.02///11
.02///11
mM............................................................Mm
mM............................................................Mm
mM..........................................Mm
mM..........................................Mm
(((((((JgT..TgJ(((((((
(((((((JgT..TgJ(((((((
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
bdpunchproxy.dll
bdpunchproxy.dll
bddownload_config.xml
bddownload_config.xml
dl.dll
dl.dll
\bddownloader.exe
\bddownloader.exe
{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
CLSID\%s\LocalServer32
CLSID\%s\LocalServer32
{%X-%X-%X-%X-%X%X}
{%X-%X-%X-%X-%X%X}
B.tlb
B.tlb
Mscoree.dll
Mscoree.dll
BDDownloadProxy.Downloader.1
BDDownloadProxy.Downloader.1
\Installlog.txt
\Installlog.txt
\bdcomproxy.dll
\bdcomproxy.dll
\7z.dll
\7z.dll
\bdpunchproxy.dll
\bdpunchproxy.dll
\dl.dll
\dl.dll
regsvr32.exe
regsvr32.exe
Kernel32.dll
Kernel32.dll
7z.dll
7z.dll
C\StringFileInfo\xx\
C\StringFileInfo\xx\
netsh.exe
netsh.exe
\\.\PhysicalDrive%d
\\.\PhysicalDrive%d
\\.\Scsi%d:
\\.\Scsi%d:
oiphlpapi.dll
oiphlpapi.dll
\Global.db
\Global.db
PBDD_Temp_Exe
PBDD_Temp_Exe
%*.*f
%*.*f
: %s/s
: %s/s
%s: %s
%s: %s
\TDConfig.ini
\TDConfig.ini
H\set.log
H\set.log
%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe
%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe
(1-10240)
(1-10240)
1.0.108.0
1.0.108.0
BaiduProtect.exe_2980:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
RSShPeW
RSShPeW
;9u.SWj
;9u.SWj
8.uwS
8.uwS
n<.ut>
n<.ut>
|$0)|$,3
|$0)|$,3
,4,56,789
,4,56,789
WSSh|,W
WSSh|,W
..\src\google\protobuf\message_lite.cc
..\src\google\protobuf\message_lite.cc
CHECK failed: !coded_out.HadError():
CHECK failed: !coded_out.HadError():
%d.%d.%d
%d.%d.%d
libprotobuf %s %s:%d] %s
libprotobuf %s %s:%d] %s
..\src\google\protobuf\stubs\common.cc
..\src\google\protobuf\stubs\common.cc
CHECK failed: (from.GetDescriptor()) == (descriptor):
CHECK failed: (from.GetDescriptor()) == (descriptor):
..\src\google\protobuf\message.cc
..\src\google\protobuf\message.cc
: Tried to copy from a message with a different type.to:
: Tried to copy from a message with a different type.to:
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\generated_message_reflection.cc
..\src\google\protobuf\generated_message_reflection.cc
..\src\google\protobuf\wire_format.cc
..\src\google\protobuf\wire_format.cc
..\src\google\protobuf\reflection_ops.cc
..\src\google\protobuf\reflection_ops.cc
..\src\google\protobuf\descriptor.cc
..\src\google\protobuf\descriptor.cc
". To use it here, please add the necessary import.
". To use it here, please add the necessary import.
", which is not imported by "
", which is not imported by "
$0$1 = $2
$0$1 = $2
$0$1 $2 $3 = $4
$0$1 $2 $3 = $4
.PLACEHOLDER_VALUE
.PLACEHOLDER_VALUE
.placeholder.proto
.placeholder.proto
map key must name a scalar or string field.
map key must name a scalar or string field.
map_key must not name a repeated field.
map_key must not name a repeated field.
CHECK failed: dynamic.get() != NULL:
CHECK failed: dynamic.get() != NULL:
.foo = value".
.foo = value".
.dummy
.dummy
FieldDescriptorProto.extendee set for non-extension field.
FieldDescriptorProto.extendee set for non-extension field.
FieldDescriptorProto.extendee not set for extension field.
FieldDescriptorProto.extendee not set for extension field.
Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "
Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "
CHECK failed: !out.HadError():
CHECK failed: !out.HadError():
" is repeated. Repeated options are not supported.
" is repeated. Repeated options are not supported.
Import "
Import "
Missing field: FileDescriptorProto.name.
Missing field: FileDescriptorProto.name.
File recursively imports itself:
File recursively imports itself:
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
\xx
\xx
..\src\google\protobuf\stubs\strutil.cc
..\src\google\protobuf\stubs\strutil.cc
..\src\google\protobuf\extension_set.cc
..\src\google\protobuf\extension_set.cc
CHECK failed: iter != extensions_.end():
CHECK failed: iter != extensions_.end():
..\src\google\protobuf\extension_set_heavy.cc
..\src\google\protobuf\extension_set_heavy.cc
..\src\google\protobuf\descriptor.pb.cc
..\src\google\protobuf\descriptor.pb.cc
google/protobuf/descriptor.proto
google/protobuf/descriptor.proto
google/protobuf/descriptor.proto
google/protobuf/descriptor.proto
google.protobuf"G
google.protobuf"G
2$.google.protobuf.FileDescriptorProto"
2$.google.protobuf.FileDescriptorProto"
2 .google.protobuf.DescriptorProto
2 .google.protobuf.DescriptorProto
2$.google.protobuf.EnumDescriptorProto
2$.google.protobuf.EnumDescriptorProto
2'.google.protobuf.ServiceDescriptorProto
2'.google.protobuf.ServiceDescriptorProto
2%.google.protobuf.FieldDescriptorProto
2%.google.protobuf.FieldDescriptorProto
.google.protobuf.FileOptions
.google.protobuf.FileOptions
.google.protobuf.SourceCodeInfo"
.google.protobuf.SourceCodeInfo"
2/.google.protobuf.DescriptorProto.ExtensionRange
2/.google.protobuf.DescriptorProto.ExtensionRange
.google.protobuf.MessageOptions
.google.protobuf.MessageOptions
2 .google.protobuf.FieldDescriptorProto.Label
2 .google.protobuf.FieldDescriptorProto.Label
2*.google.protobuf.FieldDescriptorProto.Type
2*.google.protobuf.FieldDescriptorProto.Type
.google.protobuf.FieldOptions"
.google.protobuf.FieldOptions"
2).google.protobuf.EnumValueDescriptorProto
2).google.protobuf.EnumValueDescriptorProto
.google.protobuf.EnumOptions"l
.google.protobuf.EnumOptions"l
2!.google.protobuf.EnumValueOptions"
2!.google.protobuf.EnumValueOptions"
2&.google.protobuf.MethodDescriptorProto
2&.google.protobuf.MethodDescriptorProto
.google.protobuf.ServiceOptions"
.google.protobuf.ServiceOptions"
.google.protobuf.MethodOptions"
.google.protobuf.MethodOptions"
2).google.protobuf.FileOptions.OptimizeMode:
2).google.protobuf.FileOptions.OptimizeMode:
2$.google.protobuf.UninterpretedOption":
2$.google.protobuf.UninterpretedOption":
2$.google.protobuf.UninterpretedOption*
2$.google.protobuf.UninterpretedOption*
2#.google.protobuf.FieldOptions.CType:
2#.google.protobuf.FieldOptions.CType:
experimental_map_key
experimental_map_key
2$.google.protobuf.UninterpretedOption"/
2$.google.protobuf.UninterpretedOption"/
2-.google.protobuf.UninterpretedOption.NamePart
2-.google.protobuf.UninterpretedOption.NamePart
2(.google.protobuf.SourceCodeInfo.Location
2(.google.protobuf.SourceCodeInfo.Location
com.google.protobufB
com.google.protobufB
Tokenizer::ParseInteger() passed text that could not have been tokenized as an integer:
Tokenizer::ParseInteger() passed text that could not have been tokenized as an integer:
..\src\google\protobuf\io\tokenizer.cc
..\src\google\protobuf\io\tokenizer.cc
Tokenizer::ParseFloat() passed text that could not have been tokenized as a float:
Tokenizer::ParseFloat() passed text that could not have been tokenized as a float:
Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:
Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:
..\src\google\protobuf\stubs\substitute.cc
..\src\google\protobuf\stubs\substitute.cc
..\src\google\protobuf\dynamic_message.cc
..\src\google\protobuf\dynamic_message.cc
..\src\google\protobuf\text_format.cc
..\src\google\protobuf\text_format.cc
..\src\google\protobuf\descriptor_database.cc
..\src\google\protobuf\descriptor_database.cc
Invalid file descriptor data passed to EncodedDescriptorDatabase::Add().
Invalid file descriptor data passed to EncodedDescriptorDatabase::Add().
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
X;
X;
%s>
%s>
%s='%s'
%s='%s'
%s="%s"
%s="%s"
standalone="%s"
standalone="%s"
encoding="%s"
encoding="%s"
version="%s"
version="%s"
F3.7.16
F3.7.16
SQLite format 3
SQLite format 3
CREATE TABLE sqlite_master(
CREATE TABLE sqlite_master(
sql text
sql text
CREATE TEMP TABLE sqlite_temp_master(
CREATE TEMP TABLE sqlite_temp_master(
REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY
REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY
inflate 1.2.5 Copyright 1995-2010 Mark Adler
inflate 1.2.5 Copyright 1995-2010 Mark Adler
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
1.2.5
1.2.5
.\RTPServer.cpp
.\RTPServer.cpp
CRTPServer Run start
CRTPServer Run start
CRTPServer Run stop
CRTPServer Run stop
CRTPServer StartSystemModules Finish
CRTPServer StartSystemModules Finish
.\RegHelper.cpp
.\RegHelper.cpp
.\ProxyLogicMgr.cpp
.\ProxyLogicMgr.cpp
Str = %s
Str = %s
CustomID = %s
CustomID = %s
d:\jenkins\workspace\bdsg_trunk_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp
d:\jenkins\workspace\bdsg_trunk_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp
RTP HandleHeartbeat. CommandType = %d
RTP HandleHeartbeat. CommandType = %d
.\HeartbeatObserver.cpp
.\HeartbeatObserver.cpp
Data = %s
Data = %s
.\BDSGCoreSvr.cpp
.\BDSGCoreSvr.cpp
asio.misc
asio.misc
asio.misc error
asio.misc error
iLen length : %d
iLen length : %d
%d.%d.%d.%d
%d.%d.%d.%d
{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}
{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}
.\BDMConfig\BDMConfig.cpp
.\BDMConfig\BDMConfig.cpp
config_service.proto
config_service.proto
.\BDMConfig\Protocol\config_service.pb.cc
.\BDMConfig\Protocol\config_service.pb.cc
config_service.proto"(
config_service.proto"(
cmd_list
cmd_list
.ConfigItem"@
.ConfigItem"@
.ResultSet
.ResultSet
.\BDMConfig\CompoundDoc\CompoundDoc.cpp
.\BDMConfig\CompoundDoc\CompoundDoc.cpp
.\PluginMgr\SafeBrowser.cpp
.\PluginMgr\SafeBrowser.cpp
.\PluginMgr\PluginContainerImp.cpp
.\PluginMgr\PluginContainerImp.cpp
supportsys
supportsys
.\PluginMgr\PluginMgr.cpp
.\PluginMgr\PluginMgr.cpp
ipcmsg
ipcmsg
winmsg
winmsg
CKVStorage::GetValue, Data Folder not Exist : %s
CKVStorage::GetValue, Data Folder not Exist : %s
.\PluginMgr\KVStorage.cpp
.\PluginMgr\KVStorage.cpp
create table IF NOT EXISTS kvs (key TEXT, value TEXT, primary key(key))
create table IF NOT EXISTS kvs (key TEXT, value TEXT, primary key(key))
select value from kvs where key=?
select value from kvs where key=?
CKVStorage::GetValue, Sqlite3 Exec Error: %s
CKVStorage::GetValue, Sqlite3 Exec Error: %s
replace into kvs(key,value) values (?,?)
replace into kvs(key,value) values (?,?)
boost thread: trying joining itself
boost thread: trying joining itself
bdmlog%dddddd_%d.log
bdmlog%dddddd_%d.log
(%d) d:d:d.d %s %s_%s: %s
(%d) d:d:d.d %s %s_%s: %s
.\SGPluginMgr.cpp
.\SGPluginMgr.cpp
.\RTPDynPluginContainer.cpp
.\RTPDynPluginContainer.cpp
thread.entry_event
thread.entry_event
thread.exit_event
thread.exit_event
[CDynPluginCloudCtrl::Start]recv data : %s
[CDynPluginCloudCtrl::Start]recv data : %s
.\DynPluginCloudCtrl.cpp
.\DynPluginCloudCtrl.cpp
[CDynPluginCloudCtrl::CheckMD5]Check MD5, file MD5 : %s, MD5 msg : %s
[CDynPluginCloudCtrl::CheckMD5]Check MD5, file MD5 : %s, MD5 msg : %s
.\DynPluginContainerImp.cpp
.\DynPluginContainerImp.cpp
7z.dll
7z.dll
.\DynPluginCloudScan.cpp
.\DynPluginCloudScan.cpp
.\CheckHelper.cpp
.\CheckHelper.cpp
,iType:%d, strPath:%s, strFileName:%s
,iType:%d, strPath:%s, strFileName:%s
,iType:%d, strValue:%s
,iType:%d, strValue:%s
mainkey
mainkey
subkey
subkey
keyname
keyname
,iType:%d, strMainKey:%s, strSubKey:%s, strKeyName:%s
,iType:%d, strMainKey:%s, strSubKey:%s, strKeyName:%s
,iType:%d, strMainKey:%s, strSubKey:%s, strKeyName:%s, strFileName:%s
,iType:%d, strMainKey:%s, strSubKey:%s, strKeyName:%s, strFileName:%s
,iType:%d, strMainKey:%s, strSubKey:%s, strKeyName:%s, strVersion:%s, strFileName:%s
,iType:%d, strMainKey:%s, strSubKey:%s, strKeyName:%s, strVersion:%s, strFileName:%s
main_key
main_key
sub_key
sub_key
key_name
key_name
,iType:%d, version=%s
,iType:%d, version=%s
d:\jenkins\workspace\bdsg_trunk_compile\safeguard_client_proj\source\checksystem\CheckItemBase.h
d:\jenkins\workspace\bdsg_trunk_compile\safeguard_client_proj\source\checksystem\CheckItemBase.h
.\BDSGInstall.cpp
.\BDSGInstall.cpp
GetBDMInstallReportRecord
GetBDMInstallReportRecord
GetBDMUnInstallReportRecord
GetBDMUnInstallReportRecord
.\BDSGInstallConfig.cpp
.\BDSGInstallConfig.cpp
[CBDSGInstallConfig::CheckMD5]Check MD5, file MD5 : %s, MD5 msg : %s
[CBDSGInstallConfig::CheckMD5]Check MD5, file MD5 : %s, MD5 msg : %s
.\updatemgr.cpp
.\updatemgr.cpp
[CUpdateMgr::Start]recv data : %s
[CUpdateMgr::Start]recv data : %s
bddownloader.exe
bddownloader.exe
[CUpdateMgr::DoResponse]ParseBDSGInstallCmd success : %s
[CUpdateMgr::DoResponse]ParseBDSGInstallCmd success : %s
[CUpdateMgr::DoResponse]ParseBDSGInstallCmd fail : %s
[CUpdateMgr::DoResponse]ParseBDSGInstallCmd fail : %s
.\NetRequestHelper.cpp
.\NetRequestHelper.cpp
[CNetRequestHelper::CNetRequestHelper]strVer=%s, iSoftID=%d, iSupplyID=%d
[CNetRequestHelper::CNetRequestHelper]strVer=%s, iSoftID=%d, iSupplyID=%d
.\Downloader.cpp
.\Downloader.cpp
1.0.0.1
1.0.0.1
.\GlobalConfigMgr.cpp
.\GlobalConfigMgr.cpp
.\DownloadComCheck.cpp
.\DownloadComCheck.cpp
.\ProtobufDef\zeus.pb.cpp
.\ProtobufDef\zeus.pb.cpp
sw.zeus.ExtendedInfo
sw.zeus.ExtendedInfo
sw.zeus.KeyVersion
sw.zeus.KeyVersion
sw.zeus.BasicInfo
sw.zeus.BasicInfo
sw.zeus.SubRequest
sw.zeus.SubRequest
sw.zeus.CCRequest
sw.zeus.CCRequest
sw.zeus.KeyValue
sw.zeus.KeyValue
sw.zeus.FileItem
sw.zeus.FileItem
sw.zeus.FileGroup
sw.zeus.FileGroup
sw.zeus.KVConfig
sw.zeus.KVConfig
sw.zeus.Action
sw.zeus.Action
sw.zeus.ActionMap
sw.zeus.ActionMap
sw.zeus.NetInfo
sw.zeus.NetInfo
sw.zeus.CCResponse
sw.zeus.CCResponse
sw.zeus.HBRequest
sw.zeus.HBRequest
sw.zeus.HBResponse
sw.zeus.HBResponse
1.0.1.1
1.0.1.1
%d.%d
%d.%d
d-d-d d:d:d
d-d-d d:d:d
RegKey
RegKey
large file support is disabled
large file support is disabled
unknown operation
unknown operation
SQL logic error or missing database
SQL logic error or missing database
foreign_keys
foreign_keys
sqlite_compileoption_get
sqlite_compileoption_get
sqlite_compileoption_used
sqlite_compileoption_used
sqlite_log
sqlite_log
sqlite_source_id
sqlite_source_id
sqlite_version
sqlite_version
sqlite_attach
sqlite_attach
sqlite_detach
sqlite_detach
sqlite_stat1
sqlite_stat1
sqlite_rename_parent
sqlite_rename_parent
sqlite_rename_trigger
sqlite_rename_trigger
sqlite_rename_table
sqlite_rename_table
GetProcessHeap
GetProcessHeap
RowKey
RowKey
SQLITE_
SQLITE_
d:d:d
d:d:d
d-d-d
d-d-d
failed to allocate %u bytes of memory
failed to allocate %u bytes of memory
failed memory resize %u to %u bytes
failed memory resize %u to %u bytes
922337203685477580
922337203685477580
API call with %s database connection pointer
API call with %s database connection pointer
OsError 0x%x (%u)
OsError 0x%x (%u)
os_win.c:%d: (%d) %s(%s) - %s
os_win.c:%d: (%d) %s(%s) - %s
delayed %dms for lock/sharing conflict
delayed %dms for lock/sharing conflict
%s-shm
%s-shm
%s\etilqs_
%s\etilqs_
%s\%s
%s\%s
Recovered %d frames from WAL file %s
Recovered %d frames from WAL file %s
cannot limit WAL size: %s
cannot limit WAL size: %s
invalid page number %d
invalid page number %d
2nd reference to page %d
2nd reference to page %d
Failed to read ptrmap key=%d
Failed to read ptrmap key=%d
Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)
Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)
%d of %d pages missing from overflow list starting at %d
%d of %d pages missing from overflow list starting at %d
failed to get page %d
failed to get page %d
freelist leaf count too big on page %d
freelist leaf count too big on page %d
Page %d:
Page %d:
unable to get the page. error code=%d
unable to get the page. error code=%d
btreeInitPage() returns error code %d
btreeInitPage() returns error code %d
On tree page %d cell %d:
On tree page %d cell %d:
On page %d at right child:
On page %d at right child:
Corruption detected in cell %d on page %d
Corruption detected in cell %d on page %d
Multiple uses for byte %d of page %d
Multiple uses for byte %d of page %d
Fragmentation of %d bytes reported as %d on page %d
Fragmentation of %d bytes reported as %d on page %d
Page %d is never used
Page %d is never used
Pointer map page %d is referenced
Pointer map page %d is referenced
Outstanding page count goes from %d to %d during this analysis
Outstanding page count goes from %d to %d during this analysis
unknown database %s
unknown database %s
keyinfo(%d
keyinfo(%d
%s(%d)
%s(%d)
%s-mjXXXXXX9XXz
%s-mjXXXXXX9XXz
MJ delete: %s
MJ delete: %s
MJ collide: %s
MJ collide: %s
-mjX9X
-mjX9X
foreign key constraint failed
foreign key constraint failed
unable to use function %s in the requested context
unable to use function %s in the requested context
bind on a busy prepared statement: [%s]
bind on a busy prepared statement: [%s]
zeroblob(%d)
zeroblob(%d)
abort at %d in [%s]: %s
abort at %d in [%s]: %s
constraint failed at %d in [%s]
constraint failed at %d in [%s]
cannot open savepoint - SQL statements in progress
cannot open savepoint - SQL statements in progress
no such savepoint: %s
no such savepoint: %s
cannot release savepoint - SQL statements in progress
cannot release savepoint - SQL statements in progress
cannot commit transaction - SQL statements in progress
cannot commit transaction - SQL statements in progress
sqlite_temp_master
sqlite_temp_master
sqlite_master
sqlite_master
SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid
SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid
cannot change %s wal mode from within a transaction
cannot change %s wal mode from within a transaction
database table is locked: %s
database table is locked: %s
statement aborts at %d: [%s] %s
statement aborts at %d: [%s] %s
cannot open value of type %s
cannot open value of type %s
cannot open virtual table: %s
cannot open virtual table: %s
cannot open view: %s
cannot open view: %s
no such column: "%s"
no such column: "%s"
foreign key
foreign key
indexed
indexed
cannot open %s column for writing
cannot open %s column for writing
misuse of aliased aggregate %s
misuse of aliased aggregate %s
%s: %s.%s.%s
%s: %s.%s.%s
%s: %s.%s
%s: %s.%s
%s: %s
%s: %s
not authorized to use function: %s
not authorized to use function: %s
%r %s BY term out of range - should be between 1 and %d
%r %s BY term out of range - should be between 1 and %d
too many terms in %s BY clause
too many terms in %s BY clause
Expression tree is too large (maximum depth %d)
Expression tree is too large (maximum depth %d)
variable number must be between ?1 and ?%d
variable number must be between ?1 and ?%d
too many SQL variables
too many SQL variables
too many columns in %s
too many columns in %s
EXECUTE %s%s SUBQUERY %d
EXECUTE %s%s SUBQUERY %d
misuse of aggregate: %s()
misuse of aggregate: %s()
%.*s"%w"%s
%.*s"%w"%s
%s%.*s"%w"
%s%.*s"%w"
%s OR name=%Q
%s OR name=%Q
type='trigger' AND (%s)
type='trigger' AND (%s)
sqlite_
sqlite_
table %s may not be altered
table %s may not be altered
there is already another table or index with this name: %s
there is already another table or index with this name: %s
view %s may not be altered
view %s may not be altered
UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
sqlite_sequence
sqlite_sequence
UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q
UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q
UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Cannot add a PRIMARY KEY column
Cannot add a PRIMARY KEY column
UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q
UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q
sqlite_altertab_%s
sqlite_altertab_%s
CREATE TABLE %Q.%s(%s)
CREATE TABLE %Q.%s(%s)
DELETE FROM %Q.%s WHERE %s=%Q
DELETE FROM %Q.%s WHERE %s=%Q
SELECT tbl,idx,stat FROM %Q.sqlite_stat1
SELECT tbl,idx,stat FROM %Q.sqlite_stat1
invalid name: "%s"
invalid name: "%s"
too many attached databases - max %d
too many attached databases - max %d
database %s is already in use
database %s is already in use
Invalid key value
Invalid key value
unable to open database: %s
unable to open database: %s
no such database: %s
no such database: %s
cannot detach database %s
cannot detach database %s
database %s is locked
database %s is locked
%s %T cannot reference objects in database %s
%s %T cannot reference objects in database %s
access to %s.%s.%s is prohibited
access to %s.%s.%s is prohibited
access to %s.%s is prohibited
access to %s.%s is prohibited
object name reserved for internal use: %s
object name reserved for internal use: %s
there is already an index named %s
there is already an index named %s
too many columns on %s
too many columns on %s
duplicate column name: %s
duplicate column name: %s
default value of column [%s] is not constant
default value of column [%s] is not constant
table "%s" has more than one primary key
table "%s" has more than one primary key
AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY
AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY
CREATE %s %.*s
CREATE %s %.*s
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d
CREATE TABLE %Q.sqlite_sequence(name,seq)
CREATE TABLE %Q.sqlite_sequence(name,seq)
view %s is circularly defined
view %s is circularly defined
UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d
UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d
sqlite_stat%d
sqlite_stat%d
DELETE FROM %Q.sqlite_sequence WHERE name=%Q
DELETE FROM %Q.sqlite_sequence WHERE name=%Q
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
sqlite_stat
sqlite_stat
table %s may not be dropped
table %s may not be dropped
use DROP TABLE to delete table %s
use DROP TABLE to delete table %s
use DROP VIEW to delete view %s
use DROP VIEW to delete view %s
foreign key on %s should reference only one column of table %T
foreign key on %s should reference only one column of table %T
number of columns in foreign key does not match the number of columns in the referenced table
number of columns in foreign key does not match the number of columns in the referenced table
unknown column "%s" in foreign key definition
unknown column "%s" in foreign key definition
indexed columns are not unique
indexed columns are not unique
table %s may not be indexed
table %s may not be indexed
views may not be indexed
views may not be indexed
virtual tables may not be indexed
virtual tables may not be indexed
there is already a table named %s
there is already a table named %s
index %s already exists
index %s already exists
sqlite_autoindex_%s_%d
sqlite_autoindex_%s_%d
table %s has no column named %s
table %s has no column named %s
CREATE%s INDEX %.*s
CREATE%s INDEX %.*s
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
no such index: %S
no such index: %S
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
DELETE FROM %Q.%s WHERE name=%Q AND type='index'
DELETE FROM %Q.%s WHERE name=%Q AND type='index'
a JOIN clause is required before %s
a JOIN clause is required before %s
unable to identify the object to be reindexed
unable to identify the object to be reindexed
no such collation sequence: %s
no such collation sequence: %s
table %s may not be modified
table %s may not be modified
cannot modify %s because it is a view
cannot modify %s because it is a view
foreign key mismatch - "%w" referencing "%w"
foreign key mismatch - "%w" referencing "%w"
table %S has %d columns but %d values were supplied
table %S has %d columns but %d values were supplied
%d values for %d columns
%d values for %d columns
table %S has no column named %s
table %S has no column named %s
%s.%s may not be NULL
%s.%s may not be NULL
constraint %s failed
constraint %s failed
PRIMARY KEY must be unique
PRIMARY KEY must be unique
sqlite3_extension_init
sqlite3_extension_init
unable to open shared library [%s]
unable to open shared library [%s]
no entry point [%s] in shared library [%s]
no entry point [%s] in shared library [%s]
error during initialization: %s
error during initialization: %s
automatic extension loading failed: %s
automatic extension loading failed: %s
foreign_key_list
foreign_key_list
foreign_key_check
foreign_key_check
*** in database %s ***
*** in database %s ***
unsupported encoding: %s
unsupported encoding: %s
rekey
rekey
hexkey
hexkey
hexrekey
hexrekey
malformed database schema (%s)
malformed database schema (%s)
%s - %s
%s - %s
unsupported file format
unsupported file format
SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid
SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid
database schema is locked: %s
database schema is locked: %s
unknown or unsupported join type: %T %T%s%T
unknown or unsupported join type: %T %T%s%T
RIGHT and FULL OUTER JOINs are not currently supported
RIGHT and FULL OUTER JOINs are not currently supported
a NATURAL join may not have an ON or USING clause
a NATURAL join may not have an ON or USING clause
cannot have both ON and USING clauses in the same join
cannot have both ON and USING clauses in the same join
cannot join using column %s - column not present in both tables
cannot join using column %s - column not present in both tables
USE TEMP B-TREE FOR %s
USE TEMP B-TREE FOR %s
COMPOUND SUBQUERIES %d AND %d %s(%s)
COMPOUND SUBQUERIES %d AND %d %s(%s)
%s.%s
%s.%s
%s:%d
%s:%d
ORDER BY clause should come after %s not before
ORDER BY clause should come after %s not before
LIMIT clause should come after %s not before
LIMIT clause should come after %s not before
SELECTs to the left and right of %s do not have the same number of result columns
SELECTs to the left and right of %s do not have the same number of result columns
no such index: %s
no such index: %s
sqlite_subquery_%p_
sqlite_subquery_%p_
too many references to "%s": max 65535
too many references to "%s": max 65535
%s.%s.%s
%s.%s.%s
no such table: %s
no such table: %s
SCAN TABLE %s %s%s(~%d rows)
SCAN TABLE %s %s%s(~%d rows)
sqlite3_get_table() called with two or more incompatible queries
sqlite3_get_table() called with two or more incompatible queries
cannot create %s trigger on view: %S
cannot create %s trigger on view: %S
cannot create INSTEAD OF trigger on table: %S
cannot create INSTEAD OF trigger on table: %S
INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')
INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')
no such trigger: %S
no such trigger: %S
-- TRIGGER %s
-- TRIGGER %s
no such column: %s
no such column: %s
cannot VACUUM - SQL statements in progress
cannot VACUUM - SQL statements in progress
PRAGMA vacuum_db.synchronous=OFF
PRAGMA vacuum_db.synchronous=OFF
SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'
SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'
SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'
SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)
INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)
UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d
UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d
vtable constructor failed: %s
vtable constructor failed: %s
vtable constructor did not declare schema: %s
vtable constructor did not declare schema: %s
no such module: %s
no such module: %s
table %s: xBestIndex returned an invalid plan
table %s: xBestIndex returned an invalid plan
%s SUBQUERY %d
%s SUBQUERY %d
%s TABLE %s
%s TABLE %s
%s AS %s
%s AS %s
%s USING %s%sINDEX%s%s%s
%s USING %s%sINDEX%s%s%s
%s USING INTEGER PRIMARY KEY
%s USING INTEGER PRIMARY KEY
%s (rowid=?)
%s (rowid=?)
%s (rowid>? AND rowid)
%s (rowid>? AND rowid)
%s (rowid>?)
%s (rowid>?)
%s (rowid)
%s (rowid)
%s VIRTUAL TABLE INDEX %d:%s
%s VIRTUAL TABLE INDEX %d:%s
%s (~%lld rows)
%s (~%lld rows)
at most %d tables in a join
at most %d tables in a join
cannot use index: %s
cannot use index: %s
the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers
the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers
the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers
the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers
unknown database: %s
unknown database: %s
no such %s mode: %s
no such %s mode: %s
%s mode not allowed: %s
%s mode not allowed: %s
no such vfs: %s
no such vfs: %s
database corruption at line %d of [%.10s]
database corruption at line %d of [%.10s]
misuse at line %d of [%.10s]
misuse at line %d of [%.10s]
cannot open file at line %d of [%.10s]
cannot open file at line %d of [%.10s]
xxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxx
RootKey
RootKey
SubKey
SubKey
IsNative64Key
IsNative64Key
CryptMsgGetParam
CryptMsgGetParam
CryptMsgClose
CryptMsgClose
CertFindCertificateInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertFreeCertificateContext
CertCloseStore
CertCloseStore
CertGetNameStringW
CertGetNameStringW
CryptCATCatalogInfoFromContext
CryptCATCatalogInfoFromContext
d:\jenkins\workspace\bdsg_trunk_compile\basic\Output\BinRelease\BaiduProtect.pdb
d:\jenkins\workspace\bdsg_trunk_compile\basic\Output\BinRelease\BaiduProtect.pdb
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
BDLogicUtils.dll
BDLogicUtils.dll
SetProcessShutdownParameters
SetProcessShutdownParameters
GetWindowsDirectoryW
GetWindowsDirectoryW
CreateIoCompletionPort
CreateIoCompletionPort
SetNamedPipeHandleState
SetNamedPipeHandleState
WaitNamedPipeW
WaitNamedPipeW
ConnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
CreateNamedPipeW
GetCPInfo
GetCPInfo
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegOpenKeyW
RegOpenKeyW
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteW
ShellExecuteW
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
MSVCP80.dll
MSVCP80.dll
PSAPI.DLL
PSAPI.DLL
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
MSVCR80.dll
MSVCR80.dll
_amsg_exit
_amsg_exit
_crt_debugger_hook
_crt_debugger_hook
USERENV.dll
USERENV.dll
WTSAPI32.dll
WTSAPI32.dll
SensApi.dll
SensApi.dll
VERSION.dll
VERSION.dll
GetSystemWindowsDirectoryW
GetSystemWindowsDirectoryW
RegEnumKeyExW
RegEnumKeyExW
RegSetKeySecurity
RegSetKeySecurity
RegQueryInfoKeyW
RegQueryInfoKeyW
RegEnumKeyW
RegEnumKeyW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
RegGetKeySecurity
RegGetKeySecurity
RegDeleteKeyW
RegDeleteKeyW
RegFlushKey
RegFlushKey
ShellExecuteExW
ShellExecuteExW
SHDeleteKeyW
SHDeleteKeyW
imagehlp.dll
imagehlp.dll
BaiduProtect.exe
BaiduProtect.exe
.?AV?$CSingleton@VCRtpPluginContainer@@$00@BDMBase@@
.?AV?$CSingleton@VCRtpPluginContainer@@$00@BDMBase@@
.?AVCRtpPluginContainer@@
.?AVCRtpPluginContainer@@
.?AVCBDMOptionsReportRecord@@
.?AVCBDMOptionsReportRecord@@
.?AVCBDMLauchReportRecord@@
.?AVCBDMLauchReportRecord@@
.?AVIReportHelper@@
.?AVIReportHelper@@
.?AV?$sp_counted_impl_p@Vsqlite3_connection@BDMDatabase@@@detail@boost@@
.?AV?$sp_counted_impl_p@Vsqlite3_connection@BDMDatabase@@@detail@boost@@
.?AUIPluginMsgBus@@
.?AUIPluginMsgBus@@
.?AV?$CSingleton@VCPluginMsgBus@@$00@BDMBase@@
.?AV?$CSingleton@VCPluginMsgBus@@$00@BDMBase@@
.?AVCPluginMsgBus@@
.?AVCPluginMsgBus@@
.?AVPipeServer@IPC@@
.?AVPipeServer@IPC@@
.?AVCIpcPipeServer@IPC@@
.?AVCIpcPipeServer@IPC@@
.PA_W
.PA_W
.?AVWorkerThread@PipeServer@IPC@@
.?AVWorkerThread@PipeServer@IPC@@
.?AVCPluginMsg@@
.?AVCPluginMsg@@
.?AVTSMsg@@
.?AVTSMsg@@
.?AVIBDMMsg@@
.?AVIBDMMsg@@
.?AVTSMsgDispatcher@@
.?AVTSMsgDispatcher@@
.?AVITSMsgDispatcher@@
.?AVITSMsgDispatcher@@
.?AVTSMsgMap@@
.?AVTSMsgMap@@
.?AVITSMsgMap@@
.?AVITSMsgMap@@
.?AVTSMsgStub@@
.?AVTSMsgStub@@
.?AVITSMsgStub@@
.?AVITSMsgStub@@
.?AV?$CSingleton@VCRtpDynPluginContainer@@$00@BDMBase@@
.?AV?$CSingleton@VCRtpDynPluginContainer@@$00@BDMBase@@
.?AVCRtpDynPluginContainer@@
.?AVCRtpDynPluginContainer@@
.?AUICryptoGetTextPassword@@
.?AUICryptoGetTextPassword@@
.?AVKeyValue@zeus@sw@@
.?AVKeyValue@zeus@sw@@
.?AVKeyVersion@zeus@sw@@
.?AVKeyVersion@zeus@sw@@
71787_7{7
71787_7{7
7(828=8}8
7(828=8}8
8#9=9`9}9
8#9=9`9}9
6$7(7,70747
6$7(7,70747
4$4)4[4`4
4$4)4[4`4
2,2U2
2,2U2
; ;$;(;,;0;4;8;
; ;$;(;,;0;4;8;
4P5c5v5
4P5c5v5
5`6c6v6
5`6c6v6
6p7c7v7
6p7c7v7
?'?-?3?9?
?'?-?3?9?
7%7 7074787
7%7 7074787
9 9,92979=9
9 9,92979=9
? ?$?(?,?
? ?$?(?,?
2,2d2|2
2,2d2|2
9â€9C9J9i9n9
9â€9C9J9i9n9
6 6*626:6
6 6*626:6
9Å“9
9Å“9
515=5_607
515=5_607
6$707>7|7
6$707>7|7
8,9094989
8,9094989
-0R0s0}0
-0R0s0}0
8%8U8
8%8U8
=->3>@>}>
=->3>@>}>
5"5'51565@5
5"5'51565@5
8$888@8`8
8$888@8`8
8,888@8\8
8,888@8\8
@01234567
@01234567
888816666554443
888816666554443
6666554443
6666554443
!6666554443
!6666554443
HKEY_LOCAL_MACHINE\Software
HKEY_LOCAL_MACHINE\Software
HKEY_CURRENT_USER\Software\Classes\CLSID
HKEY_CURRENT_USER\Software\Classes\CLSID
HKEY_CURRENT_USER\Software\Classes\DirectShow
HKEY_CURRENT_USER\Software\Classes\DirectShow
HKEY_CURRENT_USER\Software\Classes\Interface
HKEY_CURRENT_USER\Software\Classes\Interface
HKEY_CURRENT_USER\Software\Classes\Media Type
HKEY_CURRENT_USER\Software\Classes\Media Type
HKEY_CURRENT_USER\Software\Classes\MediaFoundation
HKEY_CURRENT_USER\Software\Classes\MediaFoundation
HKEY_CLASSES_ROOT\CLSID
HKEY_CLASSES_ROOT\CLSID
HKEY_CLASSES_ROOT\DirectShow
HKEY_CLASSES_ROOT\DirectShow
HKEY_CLASSES_ROOT\Interface
HKEY_CLASSES_ROOT\Interface
HKEY_CLASSES_ROOT\Media Type
HKEY_CLASSES_ROOT\Media Type
HKEY_CLASSES_ROOT\MediaFoundation
HKEY_CLASSES_ROOT\MediaFoundation
HKEY_LOCAL_MACHINE\Software\Wow6432Node
HKEY_LOCAL_MACHINE\Software\Wow6432Node
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\CLSID
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\CLSID
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\DirectShow
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\DirectShow
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Interface
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Interface
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Media Type
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Media Type
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\MediaFoundation
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\MediaFoundation
HKEY_CLASSES_ROOT\Wow6432Node\CLSID
HKEY_CLASSES_ROOT\Wow6432Node\CLSID
HKEY_CLASSES_ROOT\Wow6432Node\DirectShow
HKEY_CLASSES_ROOT\Wow6432Node\DirectShow
HKEY_CLASSES_ROOT\Wow6432Node\Interface
HKEY_CLASSES_ROOT\Wow6432Node\Interface
HKEY_CLASSES_ROOT\Wow6432Node\Media Type
HKEY_CLASSES_ROOT\Wow6432Node\Media Type
HKEY_CLASSES_ROOT\Wow6432Node\MediaFoundation
HKEY_CLASSES_ROOT\Wow6432Node\MediaFoundation
explorer.exe
explorer.exe
Advapi32.dll
Advapi32.dll
winlogon.exe
winlogon.exe
SOFTWARE\Microsoft\Windows\CurrentVersion
SOFTWARE\Microsoft\Windows\CurrentVersion
ntdll.dll
ntdll.dll
BDSGTray.exe
BDSGTray.exe
"{0}\{1}" {2}
"{0}\{1}" {2}
SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
EXPLORER.EXE
EXPLORER.EXE
BDSG.exe
BDSG.exe
BDSGUpdate.exe
BDSGUpdate.exe
BDSGBugRpt.exe
BDSGBugRpt.exe
pGlobal\BDSGMutex{4DDC7CE5-B8F6-4D54-8F3C-AE1BBC251CA6}
pGlobal\BDSGMutex{4DDC7CE5-B8F6-4D54-8F3C-AE1BBC251CA6}
Global\BDSGEvent{FED312EE-4C82-4B56-B88F-C3051E50B619}
Global\BDSGEvent{FED312EE-4C82-4B56-B88F-C3051E50B619}
BDMNet.dll
BDMNet.dll
pGlobal\TBD_SERVICE_{4A9CAFF9-6834-419c-AFB1-139AC49FF55E}
pGlobal\TBD_SERVICE_{4A9CAFF9-6834-419c-AFB1-139AC49FF55E}
pGlobal\BDSGEvent{FED312EE-4C82-4B56-B88F-C3051E50B619}
pGlobal\BDSGEvent{FED312EE-4C82-4B56-B88F-C3051E50B619}
Global\BDSGMutex{4DDC7CE5-B8F6-4D54-8F3C-AE1BBC251CA6}
Global\BDSGMutex{4DDC7CE5-B8F6-4D54-8F3C-AE1BBC251CA6}
\\.\pipe\{2BDE5E3F-7442-42AE-A1BB-FE3F35210C96}
\\.\pipe\{2BDE5E3F-7442-42AE-A1BB-FE3F35210C96}
HKEY_LOCAL_MACHINE\SOFTWARE\baidu\BaiduProtect
HKEY_LOCAL_MACHINE\SOFTWARE\baidu\BaiduProtect
\BDSGRtp_ContainerConfig.xml
\BDSGRtp_ContainerConfig.xml
{943569E1-477F-4C1F-9710-A34533FC527B}
{943569E1-477F-4C1F-9710-A34533FC527B}
BDKitUtils.dll
BDKitUtils.dll
CRegHelper::SetValue, hRootKey=%x, strSubKey=%s
CRegHelper::SetValue, hRootKey=%x, strSubKey=%s
pCRegHelper::RegOpenKey %x, %s: NULL == m_pSysKit
pCRegHelper::RegOpenKey %x, %s: NULL == m_pSysKit
CRegHelper::RegSetValue %x, %s, %s: NULL == m_pSysKit
CRegHelper::RegSetValue %x, %s, %s: NULL == m_pSysKit
CRegHelper::RegSetValue: RegCreateKeyExWByPass %x, %s, %s: return %d, GetLastError=%d
CRegHelper::RegSetValue: RegCreateKeyExWByPass %x, %s, %s: return %d, GetLastError=%d
CRegHelper::RegSetValue: RegSetValueExWByPass %x, %s, %s, %d: return %d, GetLastError=%d
CRegHelper::RegSetValue: RegSetValueExWByPass %x, %s, %s, %d: return %d, GetLastError=%d
CRegHelper::RegSetValue: RegSetValueExWByPass %x, %s, %s, %s: return %d, GetLastError=%d
CRegHelper::RegSetValue: RegSetValueExWByPass %x, %s, %s, %s: return %d, GetLastError=%d
CProxyLogicMgr::ProcessHipsEvents, Customid=%d NotifyID = %d SrcFileName = %s
CProxyLogicMgr::ProcessHipsEvents, Customid=%d NotifyID = %d SrcFileName = %s
pCProxyLogicMgr::ProcessHipsGetStatus, Customid=%d StatusListSize = %d
pCProxyLogicMgr::ProcessHipsGetStatus, Customid=%d StatusListSize = %d
pCProxyLogicMgr::ProcessHipsGetCustomID. Size = %d
pCProxyLogicMgr::ProcessHipsGetCustomID. Size = %d
pCProxyLogicMgr::ProcessHipsGetCustomID. ID = %d
pCProxyLogicMgr::ProcessHipsGetCustomID. ID = %d
CProxyLogicMgr::ProcessHipsGetStatus, Customid=%d StatusListSize = %d
CProxyLogicMgr::ProcessHipsGetStatus, Customid=%d StatusListSize = %d
pCProxyLogicMgr::ProcessHipsProductRemoveEmpty. Begin to UnInstall
pCProxyLogicMgr::ProcessHipsProductRemoveEmpty. Begin to UnInstall
uninst.exe"
uninst.exe"
pCProxyLogicMgr::ProcessProxyRegisterCmd. CustomID = %d
pCProxyLogicMgr::ProcessProxyRegisterCmd. CustomID = %d
CProxyLogicMgr::ProcessProxyUnRegisterCmd. CustomID = %d
CProxyLogicMgr::ProcessProxyUnRegisterCmd. CustomID = %d
pCProxyLogicMgr::ProcessProxySetStatusCmd. CustomID = %d vItemStatusList.size = %d
pCProxyLogicMgr::ProcessProxySetStatusCmd. CustomID = %d vItemStatusList.size = %d
pCProxyLogicMgr::ProcessProxyGetStatusCmd. CustomID = %d
pCProxyLogicMgr::ProcessProxyGetStatusCmd. CustomID = %d
pCProxyLogicMgr::ProcessProxyServiceProbeCmd. CustomID = %d
pCProxyLogicMgr::ProcessProxyServiceProbeCmd. CustomID = %d
CProxyLogicMgr::ProcessProxyGetFileCloudStatusCmd. CustomID = %d vFileCloudItemStatusList.size = %d
CProxyLogicMgr::ProcessProxyGetFileCloudStatusCmd. CustomID = %d vFileCloudItemStatusList.size = %d
pCProxyLogicMgr::ProcessProxyRegSetValueCmd. CustomID = %d wszSubKeyName = %s
pCProxyLogicMgr::ProcessProxyRegSetValueCmd. CustomID = %d wszSubKeyName = %s
CProxyLogicMgr::ProcessProxySetActionReplyCmd. CustomID = %d m_dwMsgIndex = %d
CProxyLogicMgr::ProcessProxySetActionReplyCmd. CustomID = %d m_dwMsgIndex = %d
pCProxyLogicMgr::ProcessProxySetAdStatusCmd. CustomID = %d vAdItemStatusList.size = %d
pCProxyLogicMgr::ProcessProxySetAdStatusCmd. CustomID = %d vAdItemStatusList.size = %d
pCProxyLogicMgr::ProcessProxyGetAdStatusCmd. CustomID = %d
pCProxyLogicMgr::ProcessProxyGetAdStatusCmd. CustomID = %d
pCProxyLogicMgr::ProcessProxyGetInstalledBrowserCmd. CustomID = %d
pCProxyLogicMgr::ProcessProxyGetInstalledBrowserCmd. CustomID = %d
pCProxyLogicMgr::ProcessProxyLockDefaultBrowserCmd. CustomID = %d BrowserID = %d
pCProxyLogicMgr::ProcessProxyLockDefaultBrowserCmd. CustomID = %d BrowserID = %d
Lock Default Browser Result = %d BrowserID = %d
Lock Default Browser Result = %d BrowserID = %d
pCProxyLogicMgr::ProcessProxyLockIEMainPageCmd. CustomID = %d
pCProxyLogicMgr::ProcessProxyLockIEMainPageCmd. CustomID = %d
Lock IE MainPage Result = %d
Lock IE MainPage Result = %d
pCProxyLogicMgr::ProcessProxyUnlockDefaultBrowserCmd. CustomID = %d
pCProxyLogicMgr::ProcessProxyUnlockDefaultBrowserCmd. CustomID = %d
Unlock Default Browser Result = %d
Unlock Default Browser Result = %d
pCProxyLogicMgr::ProcessProxyUnlockIEMainPageCmd. CustomID = %d
pCProxyLogicMgr::ProcessProxyUnlockIEMainPageCmd. CustomID = %d
Unlock IE MainPage Result = %d
Unlock IE MainPage Result = %d
pCProxyLogicMgr::ProcessProxyRegSetValueExCmd. CustomID = %d, ListSize = %d
pCProxyLogicMgr::ProcessProxyRegSetValueExCmd. CustomID = %d, ListSize = %d
CProxyLogicMgr::ProcessProxyLockBDClientByBDBrowserCmd. CustomID = %d
CProxyLogicMgr::ProcessProxyLockBDClientByBDBrowserCmd. CustomID = %d
pLock BDClient Result = %d
pLock BDClient Result = %d
pCProxyLogicMgr::ProcessProxyUnLockBDClientByBDBrowserCmd. CustomID = %d
pCProxyLogicMgr::ProcessProxyUnLockBDClientByBDBrowserCmd. CustomID = %d
pUnlock BDClient Result = %d
pUnlock BDClient Result = %d
pCProxyLogicMgr::ProcessProxyGetLockedDefaultBrowserCmd. CustomID = %d
pCProxyLogicMgr::ProcessProxyGetLockedDefaultBrowserCmd. CustomID = %d
pBrowserID = %d
pBrowserID = %d
pCProxyLogicMgr::ProcessHeartbeatData. CmdType = %d
pCProxyLogicMgr::ProcessHeartbeatData. CmdType = %d
CProxyLogicMgr::ProcessHeartbeatData HB_CMD_BDSG_UPDATE
CProxyLogicMgr::ProcessHeartbeatData HB_CMD_BDSG_UPDATE
pCProxyLogicMgr::ProcessHeartbeatData HB_CMD_BDSG_UPDATE SET pHIPS SUCCESS!! dwFlags = %d
pCProxyLogicMgr::ProcessHeartbeatData HB_CMD_BDSG_UPDATE SET pHIPS SUCCESS!! dwFlags = %d
CProxyLogicMgr::ProcessHeartbeatData HB_CMD_BDSG_BINCONFIG
CProxyLogicMgr::ProcessHeartbeatData HB_CMD_BDSG_BINCONFIG
vIntCustomID.size = %d
vIntCustomID.size = %d
pvDWCustomID is empty, update all products. vIntCustomID.size = %d
pvDWCustomID is empty, update all products. vIntCustomID.size = %d
pCProxyLogicMgr::ProcessHeartbeatData HB_CMD_BDSG_DYNPLUGIN
pCProxyLogicMgr::ProcessHeartbeatData HB_CMD_BDSG_DYNPLUGIN
BDSGRtpDyn_ContainerConfig.xml
BDSGRtpDyn_ContainerConfig.xml
CProxyLogicMgr::ProcessHeartbeatData HB_CMD_BDSG_DYNPLUGIN Init
CProxyLogicMgr::ProcessHeartbeatData HB_CMD_BDSG_DYNPLUGIN Init
p.log
p.log
C:\test.exe
C:\test.exe
d-d-d d:d:d d
d-d-d d:d:d d
Last Error : %u(%s)
Last Error : %u(%s)
04CBB498-153C-4DED-BBA4-B1AA14FDBCE2
04CBB498-153C-4DED-BBA4-B1AA14FDBCE2
\ad.dll
\ad.dll
plugins\HIPS.dll
plugins\HIPS.dll
Global\BDSGMutex{B492DF06-1331-4FFD-83ED-E31FDDBD8C80}
Global\BDSGMutex{B492DF06-1331-4FFD-83ED-E31FDDBD8C80}
kernel32.dll
kernel32.dll
@\kernel32.dll
@\kernel32.dll
Windows 8
Windows 8
Windows 7
Windows 7
Windows Vista
Windows Vista
Windows 7
Windows 7
Windows Vista
Windows Vista
Windows Server 2003,
Windows Server 2003,
Windows XP
Windows XP
Windows 2000
Windows 2000
Windows NT
Windows NT
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009
Windows 95
Windows 95
Windows 98
Windows 98
Windows ME
Windows ME
Kernel32.dll
Kernel32.dll
%u.%u.%u.%u
%u.%u.%u.%u
Global\{74B41C93-AC9A-4a9e-85E0-27A02EA509FA}
Global\{74B41C93-AC9A-4a9e-85E0-27A02EA509FA}
p---COMPOUDDOC---pStream->Stat error %x
p---COMPOUDDOC---pStream->Stat error %x
---COMPOUDDOC---pStream->Write error %x
---COMPOUDDOC---pStream->Write error %x
---COMPOUDDOC---pStream->SetSize error %x
---COMPOUDDOC---pStream->SetSize error %x
SafeBrowserDll.dll
SafeBrowserDll.dll
pCSafeBrowser::CSafeBrowser, LoadLibrary Failed, GetLastError = %d
pCSafeBrowser::CSafeBrowser, LoadLibrary Failed, GetLastError = %d
CSafeBrowser::Start, return %d
CSafeBrowser::Start, return %d
CSafeBrowser::Stop, return %d
CSafeBrowser::Stop, return %d
CSafeBrowser::Lock, return %d
CSafeBrowser::Lock, return %d
CSafeBrowser::Lock, Browser %d Not Exists
CSafeBrowser::Lock, Browser %d Not Exists
CSafeBrowser::Unlock, return %d
CSafeBrowser::Unlock, return %d
\safebrowser.xml
\safebrowser.xml
row=%d,col=%d
row=%d,col=%d
CSafeBrowser::LockBaiduProductByBaiduBrowser, funLockBaiduProductByBaiduBrowser return %d
CSafeBrowser::LockBaiduProductByBaiduBrowser, funLockBaiduProductByBaiduBrowser return %d
CSafeBrowser::UnlockBaiduProductByBaiduBrowser, funCancelBaiduProduct return %d
CSafeBrowser::UnlockBaiduProductByBaiduBrowser, funCancelBaiduProduct return %d
CSafeBrowser::Report, pJson=%s, nCount=%d
CSafeBrowser::Report, pJson=%s, nCount=%d
CSafeBrowserUnload::CSafeBrowserUnload, LoadLibrary Failed, GetLastError = %d
CSafeBrowserUnload::CSafeBrowserUnload, LoadLibrary Failed, GetLastError = %d
CSafeBrowserUnload::Unload, return %d
CSafeBrowserUnload::Unload, return %d
\\.\pipe\{0F98C369-2D5B-4445-8D05-42E727DEA4D5}
\\.\pipe\{0F98C369-2D5B-4445-8D05-42E727DEA4D5}
ApluginConfig.xml
ApluginConfig.xml
RX
RX
{X-X-X-XX-XXXXXX}
{X-X-X-XX-XXXXXX}
kv.db
kv.db
0 is an invalid value for completionKey
0 is an invalid value for completionKey
SendLoopbackMessage FAILED, MSGID:{0}, Reason: Service disabled
SendLoopbackMessage FAILED, MSGID:{0}, Reason: Service disabled
PostLoopbackMessage FAILED, MSGID:{0}, Reason: Service disabled
PostLoopbackMessage FAILED, MSGID:{0}, Reason: Service disabled
PostLoopbackMessage FAILED, MSGID:{0}
PostLoopbackMessage FAILED, MSGID:{0}
/{0}/{1}/{2}
/{0}/{1}/{2}
SendIpcMessage Begin, MSGID:{0}, TARGET:{1}
SendIpcMessage Begin, MSGID:{0}, TARGET:{1}
SendIpcMessage FAILED, MSGID:{0}, TARGET:{1}, Reason: Service disabled
SendIpcMessage FAILED, MSGID:{0}, TARGET:{1}, Reason: Service disabled
PostIpcMessage FAILED, MSGID:{0}, TARGET:{1}, Reason: Service disabled
PostIpcMessage FAILED, MSGID:{0}, TARGET:{1}, Reason: Service disabled
ForwardMessage - Forward Message, MsgId:{0}, FROM:/{1}/{2}/{3} TO {4}
ForwardMessage - Forward Message, MsgId:{0}, FROM:/{1}/{2}/{3} TO {4}
ForwardMessage - Forward Message Failed, MsgId:{0}, FROM:/{1}/{2}/{3} TO {4}
ForwardMessage - Forward Message Failed, MsgId:{0}, FROM:/{1}/{2}/{3} TO {4}
/%d/%d/%d
/%d/%d/%d
ACreateNamedPipe
ACreateNamedPipe
PipeServer::Run() - ConnectNamedPipe:
PipeServer::Run() - ConnectNamedPipe:
PipeServer::CreateListeningPipe Start Listen
PipeServer::CreateListeningPipe Start Listen
PipeServer::Run() - GetOverlappedResult:
PipeServer::Run() - GetOverlappedResult:
PipeServer::Run() - WaitForMultipleObjects:
PipeServer::Run() - WaitForMultipleObjects:
PipeServer::Run() - Exception:
PipeServer::Run() - Exception:
PipeServer::Run() - Unexpected exception
PipeServer::Run() - Unexpected exception
PipeServer::ReleaseTunnel()
PipeServer::ReleaseTunnel()
PipeServer::WorkerThread::WriteCompleted - Tunnel write where not all data was written
PipeServer::WorkerThread::WriteCompleted - Tunnel write where not all data was written
PipeServer::Tunnel::Tunnel()
PipeServer::Tunnel::Tunnel()
PipeServer::WorkerThread::Run() - Exception:
PipeServer::WorkerThread::Run() - Exception:
PipeServer::WorkerThread::Run() - Unexpected exception
PipeServer::WorkerThread::Run() - Unexpected exception
PipeServer::WorkerThread::Run() - Unexpected operation
PipeServer::WorkerThread::Run() - Unexpected operation
PipeServer::WorkerThread::Run() - Unexpected - pBuffer is 0
PipeServer::WorkerThread::Run() - Unexpected - pBuffer is 0
CIOCompletionPort::CIOCompletionPort() - CreateIoCompletionPort
CIOCompletionPort::CIOCompletionPort() - CreateIoCompletionPort
CIOCompletionPort::AssociateDevice() - CreateIoCompletionPort
CIOCompletionPort::AssociateDevice() - CreateIoCompletionPort
CIOCompletionPort::PostStatus() - PostQueuedCompletionStatus
CIOCompletionPort::PostStatus() - PostQueuedCompletionStatus
CIOCompletionPort::GetStatus() - GetQueuedCompletionStatus
CIOCompletionPort::GetStatus() - GetQueuedCompletionStatus
Global\{17ED6DA0-0902-461c-B763-F00FF209066B}
Global\{17ED6DA0-0902-461c-B763-F00FF209066B}
Global\{FA6FBBB1-8C8E-43b1-B8EC-35573A94C231}
Global\{FA6FBBB1-8C8E-43b1-B8EC-35573A94C231}
D823ABCA-A92F-429d-9E11-3779B5F682AA
D823ABCA-A92F-429d-9E11-3779B5F682AA
Q_PluginConfig.xml
Q_PluginConfig.xml
[CRtpDynPluginContainer::SetALLPluginsState]StartExtract Fail, m_szPluginDir: %s, strFileName: %s, errorcode: %d
[CRtpDynPluginContainer::SetALLPluginsState]StartExtract Fail, m_szPluginDir: %s, strFileName: %s, errorcode: %d
p[CRtpDynPluginContainer::SetALLPluginsState]DYN_PLUGIN_MSG_INSTALL %s, errorcode: %d
p[CRtpDynPluginContainer::SetALLPluginsState]DYN_PLUGIN_MSG_INSTALL %s, errorcode: %d
[CRtpDynPluginContainer::SetALLPluginsState]DYN_PLUGIN_MSG_REMOVE %s, errorcode: %d
[CRtpDynPluginContainer::SetALLPluginsState]DYN_PLUGIN_MSG_REMOVE %s, errorcode: %d
[CDynPluginCloudCtrl::DoResponse]tmpDownloadFileName : %s
[CDynPluginCloudCtrl::DoResponse]tmpDownloadFileName : %s
[CDynPluginCloudCtrl::EnsureConfigFile]Ensure Config file : %s
[CDynPluginCloudCtrl::EnsureConfigFile]Ensure Config file : %s
[CDynPluginCloudCtrl::Download]FILE_EXIST==false, dwAttr : %d, error : %d, file : %s
[CDynPluginCloudCtrl::Download]FILE_EXIST==false, dwAttr : %d, error : %d, file : %s
[CDynPluginCloudCtrl::CheckMD5]strConfigPath doesn't exist: %s
[CDynPluginCloudCtrl::CheckMD5]strConfigPath doesn't exist: %s
[CDynPluginCloudCtrl::GetWaitTime]uiRtn : %d
[CDynPluginCloudCtrl::GetWaitTime]uiRtn : %d
[CDynPluginCloudCtrl::DynPluginInfo2SubRequests]file %s, GUID : %s, cmd : %d
[CDynPluginCloudCtrl::DynPluginInfo2SubRequests]file %s, GUID : %s, cmd : %d
[CDynPluginCloudCtrl::SubRequests2DynPluginInfo]file : %s, GUID : %s, cmd : %d
[CDynPluginCloudCtrl::SubRequests2DynPluginInfo]file : %s, GUID : %s, cmd : %d
[CDynPluginCloudScan::HandResp]ParseDynPluginCloudScanRespData success %d
[CDynPluginCloudScan::HandResp]ParseDynPluginCloudScanRespData success %d
[CDynPluginCloudScan::HandResp]errorCode %d
[CDynPluginCloudScan::HandResp]errorCode %d
[CDynPluginCloudScan::DoResponse]strCloudScanKey %s
[CDynPluginCloudScan::DoResponse]strCloudScanKey %s
SYSTEM\CurrentControlSet\services\%s
SYSTEM\CurrentControlSet\services\%s
[CCheckItemBase::Service]path:%s, retcode=%d
[CCheckItemBase::Service]path:%s, retcode=%d
[CCheckItemBase::Process]get procss : %s
[CCheckItemBase::Process]get procss : %s
T.\BDSGInstall.cpp
T.\BDSGInstall.cpp
[CBDSGInstall::CopyFolder]pFrom : %s, pTo : %s
[CBDSGInstall::CopyFolder]pFrom : %s, pTo : %s
[CBDSGInstall::CopyExeFilePath]pFrom : %s, pTo : %s, pFileName : %s
[CBDSGInstall::CopyExeFilePath]pFrom : %s, pTo : %s, pFileName : %s
fileverify.xml
fileverify.xml
[CBDSGInstall::Install]CreateMutex Fail, lasterror : %d
[CBDSGInstall::Install]CreateMutex Fail, lasterror : %d
[CBDSGInstall::StartService]OpenService error : %d
[CBDSGInstall::StartService]OpenService error : %d
[CBDSGInstall::StartService]StartService error : %d
[CBDSGInstall::StartService]StartService error : %d
[CBDSGInstall::StartService]QueryServiceStatus success : %d
[CBDSGInstall::StartService]QueryServiceStatus success : %d
[CBDSGInstall::StartService]QueryServiceStatus error : %d
[CBDSGInstall::StartService]QueryServiceStatus error : %d
[CBDSGInstall::DoInstall]lastdir = %s
[CBDSGInstall::DoInstall]lastdir = %s
[CBDSGInstall::DoInstall]kill baiduprotect.exe
[CBDSGInstall::DoInstall]kill baiduprotect.exe
[CBDSGInstall::DoInstall]uninstall server : %d
[CBDSGInstall::DoInstall]uninstall server : %d
\Data\*.*
\Data\*.*
\bdsg0001.dll
\bdsg0001.dll
\bdsg0002.dll
\bdsg0002.dll
[CBDSGInstall::DoInstall]rename and delete bdsg0001.dll/bdsg0002.dll
[CBDSGInstall::DoInstall]rename and delete bdsg0001.dll/bdsg0002.dll
\Config\810.dat
\Config\810.dat
\Config\8000.dat
\Config\8000.dat
[CBDSGInstall::DoInstall]delete lastdir : %s
[CBDSGInstall::DoInstall]delete lastdir : %s
\*.xml
\*.xml
\*.dll
\*.dll
\Microsoft.VC80.ATL\*.*
\Microsoft.VC80.ATL\*.*
\Microsoft.VC80.ATL
\Microsoft.VC80.ATL
\plugins\Microsoft.VC80.ATL
\plugins\Microsoft.VC80.ATL
\dynplugins\Microsoft.VC80.ATL
\dynplugins\Microsoft.VC80.ATL
\Microsoft.VC80.CRT\*.*
\Microsoft.VC80.CRT\*.*
\Microsoft.VC80.CRT
\Microsoft.VC80.CRT
\plugins\Microsoft.VC80.CRT
\plugins\Microsoft.VC80.CRT
\dynplugins\Microsoft.VC80.CRT
\dynplugins\Microsoft.VC80.CRT
\*.ico
\*.ico
\BaiduProtect.exe
\BaiduProtect.exe
\BDSGBugRpt.exe
\BDSGBugRpt.exe
\uninst.exe
\uninst.exe
\BDLogicUtils.dll
\BDLogicUtils.dll
\BDMNet.dll
\BDMNet.dll
\BDMReport.dll
\BDMReport.dll
\DriverManager.dll
\DriverManager.dll
\BDMDownload.dll
\BDMDownload.dll
\BDKitUtils.dll
\BDKitUtils.dll
\SafeExplorer.dll
\SafeExplorer.dll
\SafeExplorer_x64.dll
\SafeExplorer_x64.dll
\SafeBrowserDll.dll
\SafeBrowserDll.dll
\SafeBrowserHelper.dll
\SafeBrowserHelper.dll
\7z.dll
\7z.dll
[CBDSGInstall::DoInstall]argc : %d
[CBDSGInstall::DoInstall]argc : %d
[CBDSGInstall::DoInstall]argv[2] : %s
[CBDSGInstall::DoInstall]argv[2] : %s
[CBDSGInstall::DoInstall]strSupplyID : %s
[CBDSGInstall::DoInstall]strSupplyID : %s
[CBDSGInstall::DoInstall]strSupplyID 1 : %s
[CBDSGInstall::DoInstall]strSupplyID 1 : %s
[CBDSGInstall::DoInstall]Version %s
[CBDSGInstall::DoInstall]Version %s
[CBDSGInstall::DoInstall]InstallDir %s
[CBDSGInstall::DoInstall]InstallDir %s
[CBDSGInstall::DoInstall]SupplyID %s
[CBDSGInstall::DoInstall]SupplyID %s
\drivers\x86\*.sys
\drivers\x86\*.sys
\drivers\x64\*.sys
\drivers\x64\*.sys
\bd64_x64.dll
\bd64_x64.dll
\bd64_x86.dll
\bd64_x86.dll
\drivermanager.dll
\drivermanager.dll
[CBDSGInstall::DoInstall]install server : %d
[CBDSGInstall::DoInstall]install server : %d
[CBDSGInstall::DoInstall]start server : %d
[CBDSGInstall::DoInstall]start server : %d
[CBDSGInstall::DoInstall]data report
[CBDSGInstall::DoInstall]data report
dep360.exe
dep360.exe
[CBDSGInstall::Uninstall]SupplyID = %s
[CBDSGInstall::Uninstall]SupplyID = %s
[CBDSGInstall::Uninstall]strUninstallDir = %s
[CBDSGInstall::Uninstall]strUninstallDir = %s
[CBDSGInstall::Uninstall]Data Report
[CBDSGInstall::Uninstall]Data Report
[CBDSGInstall::Uninstall]kill baiduprotect.exe
[CBDSGInstall::Uninstall]kill baiduprotect.exe
[CBDSGInstall::Uninstall]RMDir %s
[CBDSGInstall::Uninstall]RMDir %s
bd64_x64.dll
bd64_x64.dll
bd64_x86.dll
bd64_x86.dll
drivers\bd0001.sys
drivers\bd0001.sys
drivers\bd0004.sys
drivers\bd0004.sys
drivers\BDArKit.sys
drivers\BDArKit.sys
drivers\BDMWrench.sys
drivers\BDMWrench.sys
[CBDSGInstall::Uninstall]Delete drivers %s
[CBDSGInstall::Uninstall]Delete drivers %s
LoadFileConfig, path=%s
LoadFileConfig, path=%s
[CBDSGInstallConfig::CheckMD5]strConfigPath doesn't exist: %s
[CBDSGInstallConfig::CheckMD5]strConfigPath doesn't exist: %s
********* m_dwFileVerifyVer = %u **********
********* m_dwFileVerifyVer = %u **********
p[CUpdateMgr::CUpdateMgr]m_strTempPath : %s, iRtn = %d
p[CUpdateMgr::CUpdateMgr]m_strTempPath : %s, iRtn = %d
[CUpdateMgr::DoUpdate]m_dwFlags : %d
[CUpdateMgr::DoUpdate]m_dwFlags : %d
[CUpdateMgr::DoResponse]m_vUpdateRespItem.size()
[CUpdateMgr::DoResponse]m_vUpdateRespItem.size()
[CUpdateMgr::DoResponse]m_vUpdateItem.size()
[CUpdateMgr::DoResponse]m_vUpdateItem.size()
[CUpdateMgr::CUpdateMgr]m_strBDSDTempPath : %s ,iRtn = %d
[CUpdateMgr::CUpdateMgr]m_strBDSDTempPath : %s ,iRtn = %d
[CUpdateMgr::EnsureExeFile]Ensure Exe file: %s
[CUpdateMgr::EnsureExeFile]Ensure Exe file: %s
[CUpdateMgr::EnsureExeFile]delete success
[CUpdateMgr::EnsureExeFile]delete success
[CUpdateMgr::EnsureExeFile]delete fail
[CUpdateMgr::EnsureExeFile]delete fail
[CUpdateMgr::DoResponse]Download Fail, iRetryTime : %d, stop download
[CUpdateMgr::DoResponse]Download Fail, iRetryTime : %d, stop download
[CUpdateMgr::DoResponse]Download Fail, retry %d
[CUpdateMgr::DoResponse]Download Fail, retry %d
[CUpdateMgr::Download]wstrExePath ; %s
[CUpdateMgr::Download]wstrExePath ; %s
[CUpdateMgr::Download]file md5 : %s, resp md5 : %s
[CUpdateMgr::Download]file md5 : %s, resp md5 : %s
[CUpdateMgr::Install]strFilePath : %s, strParam : %s
[CUpdateMgr::Install]strFilePath : %s, strParam : %s
[CUpdateMgr::CheckBDSD]m_dwFlags = %d
[CUpdateMgr::CheckBDSD]m_dwFlags = %d
[CUpdateMgr::CheckBDMAssist]m_dwFlags = %d
[CUpdateMgr::CheckBDMAssist]m_dwFlags = %d
[CUpdateMgr::Check360Assist]m_dwFlags = %d
[CUpdateMgr::Check360Assist]m_dwFlags = %d
[CUpdateMgr::CheckTencent]m_dwFlags = %d
[CUpdateMgr::CheckTencent]m_dwFlags = %d
[CUpdateMgr::Install]OnBDSGDownloadFinish : %s, strParam : %s
[CUpdateMgr::Install]OnBDSGDownloadFinish : %s, strParam : %s
[CUpdateMgr::GetWaitTime]wait %d
[CUpdateMgr::GetWaitTime]wait %d
[CNetRequestHelper::CNetRequestHelper]GetProcAddress Failed !!! errCode = %u
[CNetRequestHelper::CNetRequestHelper]GetProcAddress Failed !!! errCode = %u
[CNetRequestHelper::CNetRequestHelper]Load Net Dll Failed !!! errCode = %u
[CNetRequestHelper::CNetRequestHelper]Load Net Dll Failed !!! errCode = %u
[CNetRequestHelper::RpcRequestData]serviceID= %u, requestCmd = %u
[CNetRequestHelper::RpcRequestData]serviceID= %u, requestCmd = %u
192.168.100.100
192.168.100.100
[CDownloader::UnInit]CloseHandle Fail!!! errorcode : %d
[CDownloader::UnInit]CloseHandle Fail!!! errorcode : %d
[CDownloader::UnInit]FreeLibrary Fail!!! errorcode : %d
[CDownloader::UnInit]FreeLibrary Fail!!! errorcode : %d
[CDownloader::StartDownload]url = %s, filename = %s, max_speed = %d
[CDownloader::StartDownload]url = %s, filename = %s, max_speed = %d
[CDownloader::OnDownloadFileSize]dwTaskID = %d, dwFileSize = %d
[CDownloader::OnDownloadFileSize]dwTaskID = %d, dwFileSize = %d
[CDownloader::OnDownloadFileName]dwTaskID = %d, strFileName = %d
[CDownloader::OnDownloadFileName]dwTaskID = %d, strFileName = %d
[CDownloader::OnDownloadPercent]dwTaskID = %d, dwPercent = %d, dwDownloadSpeed=%d
[CDownloader::OnDownloadPercent]dwTaskID = %d, dwPercent = %d, dwDownloadSpeed=%d
[CDownloader::OnDownloadComplete]dwTaskID = %d, dwErrorCode = %d
[CDownloader::OnDownloadComplete]dwTaskID = %d, dwErrorCode = %d
[CDownloader::OnFirstDataTime]dwTaskID = %d, dwFirstDataTime = %d
[CDownloader::OnFirstDataTime]dwTaskID = %d, dwFirstDataTime = %d
[CGlobalConfigMgr::GetCustomversion]dwFlagVersion ERROR: %d
[CGlobalConfigMgr::GetCustomversion]dwFlagVersion ERROR: %d
[CGlobalConfigMgr::GetSupplyID]dwFlagSupplyID ERROR: %d
[CGlobalConfigMgr::GetSupplyID]dwFlagSupplyID ERROR: %d
GameAccMgrDll.dll
GameAccMgrDll.dll
{%X-%X-%X-%X-%X%X}
{%X-%X-%X-%X-%X%X}
CLSID\%s\LocalServer32
CLSID\%s\LocalServer32
dl.dll
dl.dll
m_strLocalExeFileName = %s.
m_strLocalExeFileName = %s.
m_strLocalDllFileName = %s.
m_strLocalDllFileName = %s.
CheckComFile() bLocalExeExist = TRUE. LocalFileVersion = %d.
CheckComFile() bLocalExeExist = TRUE. LocalFileVersion = %d.
BDDownloadProxy.Downloader.1
BDDownloadProxy.Downloader.1
CheckComFile() %s not exist. bNeedRegLocalCom set to TRUE.
CheckComFile() %s not exist. bNeedRegLocalCom set to TRUE.
CheckComFile(). LocalFileVersion %d > CommFileVersion %d. bNeedRegLocalCom set to TRUE.
CheckComFile(). LocalFileVersion %d > CommFileVersion %d. bNeedRegLocalCom set to TRUE.
CheckComFile(). LocalFileVersion %d
CheckComFile(). LocalFileVersion %d
CheckComFile(). bLocalExe Exist, Ready to Install BDDownloader.
CheckComFile(). bLocalExe Exist, Ready to Install BDDownloader.
\StringFileInfo\xx\FileVersion
\StringFileInfo\xx\FileVersion
%USERPROFILE%\AppData\Local\
%USERPROFILE%\AppData\Local\
%USERPROFILE%\Local Settings\
%USERPROFILE%\Local Settings\
Dr%x.drt
Dr%x.drt
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
oHKEY_USERS
oHKEY_USERS
Software\Microsoft\Windows NT\CurrentVersion\Time Zones\
Software\Microsoft\Windows NT\CurrentVersion\Time Zones\
Software\Microsoft\Windows NT\CurrentVersion\ProfileList\
Software\Microsoft\Windows NT\CurrentVersion\ProfileList\
Software\Microsoft\Windows NT\CurrentVersion\Print\
Software\Microsoft\Windows NT\CurrentVersion\Print\
Software\Microsoft\Windows NT\CurrentVersion\Ports\
Software\Microsoft\Windows NT\CurrentVersion\Ports\
Software\Microsoft\Windows NT\CurrentVersion\Perflib\
Software\Microsoft\Windows NT\CurrentVersion\Perflib\
Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\
Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\
Software\Microsoft\Windows NT\CurrentVersion\Language Pack\
Software\Microsoft\Windows NT\CurrentVersion\Language Pack\
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Software\Microsoft\Windows NT\CurrentVersion\Gre_Initialize\
Software\Microsoft\Windows NT\CurrentVersion\Gre_Initialize\
Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\
Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\
Software\Microsoft\Windows NT\CurrentVersion\Fonts\
Software\Microsoft\Windows NT\CurrentVersion\Fonts\
Software\Microsoft\Windows NT\CurrentVersion\FontMapper\
Software\Microsoft\Windows NT\CurrentVersion\FontMapper\
Software\Microsoft\Windows NT\CurrentVersion\FontLink\
Software\Microsoft\Windows NT\CurrentVersion\FontLink\
Software\Microsoft\Windows NT\CurrentVersion\FontDpi\
Software\Microsoft\Windows NT\CurrentVersion\FontDpi\
Software\Microsoft\Windows NT\CurrentVersion\Console\
Software\Microsoft\Windows NT\CurrentVersion\Console\
Software\Microsoft\Windows\CurrentVersion\Telephony\Locations\
Software\Microsoft\Windows\CurrentVersion\Telephony\Locations\
Software\Microsoft\Windows\CurrentVersion\Setup\
Software\Microsoft\Windows\CurrentVersion\Setup\
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\
Software\Microsoft\Windows\CurrentVersion\Policies\
Software\Microsoft\Windows\CurrentVersion\Policies\
Software\Microsoft\Windows\CurrentVersion\Group Policy\
Software\Microsoft\Windows\CurrentVersion\Group Policy\
Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap\
Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap\
Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\
Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\
Software\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes\
Software\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes\
Software\Microsoft\Windows\CurrentVersion\App Paths\
Software\Microsoft\Windows\CurrentVersion\App Paths\
Software\Microsoft\SystemCertificates\
Software\Microsoft\SystemCertificates\
Software\Microsoft\EnterpriseCertificates\
Software\Microsoft\EnterpriseCertificates\
system32\winlogon.exe
system32\winlogon.exe
TWintrust.dll
TWintrust.dll
Crypt32.dll
Crypt32.dll
6BE417DD-264A-4678-A036-74D2173ECCEB
6BE417DD-264A-4678-A036-74D2173ECCEB
%Documents and Settings%\All Users\Application Data\Baidu\BDSG\Config\
%Documents and Settings%\All Users\Application Data\Baidu\BDSG\Config\
1.3.0.486
1.3.0.486
services.exe_764_rwx_00760000_00001000:
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\bd0001.dll
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\bd0001.dll
svchost.exe_1088_rwx_01E80000_00001000:
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\bd0001.dll
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.640\bd0001.dll
svchost.exe_1088_rwx_02740000_00001000:
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\bdsg0001.dll
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\bdsg0001.dll
Explorer.EXE_2032_rwx_00E70000_00001000:
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\SafeExplorer.dll
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\SafeExplorer.dll
Explorer.EXE_2032_rwx_00E83000_00001000:
ComSpec=%System%\cmd.exe
ComSpec=%System%\cmd.exe
OS=Windows_NT
OS=Windows_NT
Path=C:\Perl\site\bin;C:\Perl\bin;%System%;%WinDir%;%WinDir%\System32\Wbem;c:\Program Files\Wireshark
Path=C:\Perl\site\bin;C:\Perl\bin;%System%;%WinDir%;%WinDir%\System32\Wbem;c:\Program Files\Wireshark
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
SystemRoot=%WinDir%
SystemRoot=%WinDir%
windir=%WinDir%
windir=%WinDir%
360Tray.exe
360Tray.exe
kxetray.exe
kxetray.exe
QQPCTray.exe
QQPCTray.exe
baidu.com
baidu.com
hao123.com
hao123.com
Explorer.EXE_2032_rwx_00E90000_00001000:
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\SafeExplorer.dll
%Program Files%\Common Files\Baidu\BaiduProtect1.3\1.3.0.486\SafeExplorer.dll