Analysis Date2014-07-19 02:35:37
MD5f2995ed6e172967e1d8efdd47d2c7c52
SHA195fb1b5687005469bf2d1069c80b1a0eb98aca30

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 98df7a467a2cb862ba2a19bbd9f5c242 sha1: accad1eb95bdb827891af766ea42ef9b16a9b254 size: 69120
Section.rdata md5: 90d94df77c9e21088a75c511f9207775 sha1: b3958496538491095c05aca5af7fcdd4185e8b41 size: 2560
Section.data md5: 8b191b540bdbeaef0c17fac46fb517dc sha1: ba81dcaa16669593ff795da26964edcc6799ef27 size: 34304
Section.rsrc md5: 0ed5dba0da4e3699d32b5c12c9bd0e66 sha1: b9206ec8d0ad0b5a0dc6b6b6c203d9952b6875e1 size: 1024
Timestamp2005-09-30 20:46:01
VersionLegalCopyright: Copyright (C) 2010
ProductVersion: 1, 0, 0, 2
PrivateBuild: 1139
FileVersion: 1, 0, 0, 2
FileDescription: Windows Host Process
PEhasha707fe42b62b5ee43d674138859596b95148633f
IMPhasha454bbd4d514ab11858154f6be8c6fef
AV360 SafeTrojan.Generic.KDV.56450
AVAd-AwareTrojan.Generic.KDV.56450
AVAlwil (avast)MalOb-IJ [Cryp]
AVArcabit (arcavir)Packed.Krap.Hy
AVAuthentiumW32/Goolbot.A.gen!Eldorado
AVAvira (antivir)TR/Crypt.XPACK.Gen
AVCA (E-Trust Ino)Win32/FakeAV.S!generic
AVCAT (quickheal)Backdoor.Cycbot.B
AVClamAVTrojan.Agent-215982
AVDr. WebTrojan.Siggen2.6923
AVEmsisoftTrojan.Generic.KDV.56450
AVEset (nod32)Win32/Cycbot.AA
AVFortinetW32/Codepack.SJT!tr
AVFrisk (f-prot)W32/Goolbot.A.gen!Eldorado (generic, not disinfectable)
AVF-SecureTrojan.Generic.KDV.56450
AVGrisoft (avg)Cryptic.BEN
AVIkarusTrojan.Win32.FakeAV
AVK7Backdoor ( 003210941 )
AVKasperskyPacked.Win32.Krap.hy
AVMalwareBytesTrojan.Agent
AVMcafeeBackDoor-EXI
AVMicrosoft Security EssentialsBackdoor:Win32/Cycbot.G
AVMicroWorld (escan)Trojan.Generic.KDV.56450
AVNormanswizzor/Heur.I
AVRisingTrojan.Win32.Generic.125376B5
AVSophosMal/Agent-IY
AVSymantecBackdoor.Cycbot
AVTrend MicroBKDR_CYCBOT.SME
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
1
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\svchost ➝
C:\Documents and Settings\Administrator\Application Data\Microsoft\svchost.exe
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\svchost.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\stor.cfg
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe%C:\Documents and Settings\Administrator\Local Settings\Temp
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\shell.exe%C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows
Creates Mutex{A5B35993-9674-43cd-8AC7-5BC5013E617B}
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutex{61B98B86-5F44-42b3-BCA1-33904B067B81}
Creates Mutex{7791C364-DE4E-4000-9E92-9CCAFDDD90DC}
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutex{B37C48AF-B05C-4520-8B38-2FE181D5DC78}
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSwww.google.com
Winsock DNSbookknowlege.com
Winsock DNS127.0.0.1
Winsock DNSwww.8minutedating.com
Winsock DNSfreenetgameonline.com

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe%C:\Documents and Settings\Administrator\Local Settings\Temp

Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\shell.exe%C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows

Creates ProcessC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\shell.exe

Process
↳ C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\shell.exe

Network Details:

DNSwww.8minutedating.com
Type: A
69.9.181.104
DNSprotectyourpc-11.com
Type: A
69.43.161.170
DNSwww.google.com
Type: A
173.194.121.52
DNSwww.google.com
Type: A
173.194.121.48
DNSwww.google.com
Type: A
173.194.121.49
DNSwww.google.com
Type: A
173.194.121.50
DNSwww.google.com
Type: A
173.194.121.51
DNSfreenetgameonline.com
Type: A
DNSbookknowlege.com
Type: A
HTTP GEThttp://www.8minutedating.com/successStories.cgi?tq=pdT%2Ffq%2BTyQUW6KEaKyA%3D
User-Agent: gbot/2.3
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v41&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=main&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v41&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=err088_1_0&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v41&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=err073_2_1&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v41&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=err084&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v41&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=err095_1_8&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v41&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=err088_2_0&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v41&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=err073_2_2&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v41&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=err084&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v41&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=err095_2_5&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP GEThttp://www.google.com/
User-Agent:
HTTP GEThttp://www.google.com/
User-Agent:
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v41&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=err094_43_11001&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://protectyourpc-11.com/cgi-bin/cycle_report.cgi?type=g_v41&system=6.0.2900|5.1.2600|1033&id=C059900AFF044FFC75DE&status=err093_43_11001&n=0&extra=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Flows TCP192.168.1.1:1031 ➝ 69.9.181.104:80
Flows TCP192.168.1.1:1032 ➝ 69.43.161.170:80
Flows TCP192.168.1.1:1033 ➝ 69.43.161.170:80
Flows TCP192.168.1.1:1034 ➝ 69.43.161.170:80
Flows TCP192.168.1.1:1035 ➝ 69.43.161.170:80
Flows TCP192.168.1.1:1036 ➝ 69.43.161.170:80
Flows TCP192.168.1.1:1037 ➝ 69.43.161.170:80
Flows TCP192.168.1.1:1038 ➝ 69.43.161.170:80
Flows TCP192.168.1.1:1039 ➝ 69.43.161.170:80
Flows TCP192.168.1.1:1040 ➝ 69.43.161.170:80
Flows TCP192.168.1.1:1041 ➝ 173.194.121.52:80
Flows TCP192.168.1.1:1042 ➝ 173.194.121.52:80
Flows TCP192.168.1.1:1043 ➝ 69.43.161.170:80
Flows TCP192.168.1.1:1044 ➝ 69.43.161.170:80

Raw Pcap
0x00000000 (00000)   47455420 2f737563 63657373 53746f72   GET /successStor
0x00000010 (00016)   6965732e 6367693f 74713d70 64542532   ies.cgi?tq=pdT%2
0x00000020 (00032)   46667125 32425479 51555736 4b45614b   Ffq%2BTyQUW6KEaK
0x00000030 (00048)   79412533 44204854 54502f31 2e300d0a   yA%3D HTTP/1.0..
0x00000040 (00064)   436f6e6e 65637469 6f6e3a20 636c6f73   Connection: clos
0x00000050 (00080)   650d0a48 6f73743a 20777777 2e386d69   e..Host: www.8mi
0x00000060 (00096)   6e757465 64617469 6e672e63 6f6d0d0a   nutedating.com..
0x00000070 (00112)   41636365 70743a20 2a2f2a0d 0a557365   Accept: */*..Use
0x00000080 (00128)   722d4167 656e743a 2067626f 742f322e   r-Agent: gbot/2.
0x00000090 (00144)   330d0a0d 0a                           3....

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 31267379 7374656d   ype=g_v41&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d6d 61696e26 6e3d3026   status=main&n=0&
0x00000070 (00112)   65787472 613d3020 48545450 2f312e31   extra=0 HTTP/1.1
0x00000080 (00128)   0d0a486f 73743a20 70726f74 65637479   ..Host: protecty
0x00000090 (00144)   6f757270 632d3131 2e636f6d 0d0a5573   ourpc-11.com..Us
0x000000a0 (00160)   65722d41 67656e74 3a204d6f 7a696c6c   er-Agent: Mozill
0x000000b0 (00176)   612f342e 30202863 6f6d7061 7469626c   a/4.0 (compatibl
0x000000c0 (00192)   653b204d 53494520 362e303b 2057696e   e; MSIE 6.0; Win
0x000000d0 (00208)   646f7773 204e5420 352e3129 0d0a436f   dows NT 5.1)..Co
0x000000e0 (00224)   6e74656e 742d4c65 6e677468 3a20300d   ntent-Length: 0.
0x000000f0 (00240)   0a436f6e 6e656374 696f6e3a 20636c6f   .Connection: clo
0x00000100 (00256)   73650d0a 0d0a                         se....

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 31267379 7374656d   ype=g_v41&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723038 385f315f   status=err088_1_
0x00000070 (00112)   30266e3d 30266578 7472613d 30204854   0&n=0&extra=0 HT
0x00000080 (00128)   54502f31 2e310d0a 486f7374 3a207072   TP/1.1..Host: pr
0x00000090 (00144)   6f746563 74796f75 7270632d 31312e63   otectyourpc-11.c
0x000000a0 (00160)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x000000b0 (00176)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x000000c0 (00192)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x000000d0 (00208)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x000000e0 (00224)   31290d0a 436f6e74 656e742d 4c656e67   1)..Content-Leng
0x000000f0 (00240)   74683a20 300d0a43 6f6e6e65 6374696f   th: 0..Connectio
0x00000100 (00256)   6e3a2063 6c6f7365 0d0a0d0a            n: close....

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 31267379 7374656d   ype=g_v41&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723037 335f325f   status=err073_2_
0x00000070 (00112)   31266e3d 30266578 7472613d 30204854   1&n=0&extra=0 HT
0x00000080 (00128)   54502f31 2e310d0a 486f7374 3a207072   TP/1.1..Host: pr
0x00000090 (00144)   6f746563 74796f75 7270632d 31312e63   otectyourpc-11.c
0x000000a0 (00160)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x000000b0 (00176)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x000000c0 (00192)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x000000d0 (00208)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x000000e0 (00224)   31290d0a 436f6e74 656e742d 4c656e67   1)..Content-Leng
0x000000f0 (00240)   74683a20 300d0a43 6f6e6e65 6374696f   th: 0..Connectio
0x00000100 (00256)   6e3a2063 6c6f7365 0d0a0d0a            n: close....

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 31267379 7374656d   ype=g_v41&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723038 34266e3d   status=err084&n=
0x00000070 (00112)   30266578 7472613d 30204854 54502f31   0&extra=0 HTTP/1
0x00000080 (00128)   2e310d0a 486f7374 3a207072 6f746563   .1..Host: protec
0x00000090 (00144)   74796f75 7270632d 31312e63 6f6d0d0a   tyourpc-11.com..
0x000000a0 (00160)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x000000b0 (00176)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x000000c0 (00192)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x000000d0 (00208)   696e646f 7773204e 5420352e 31290d0a   indows NT 5.1)..
0x000000e0 (00224)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x000000f0 (00240)   300d0a43 6f6e6e65 6374696f 6e3a2063   0..Connection: c
0x00000100 (00256)   6c6f7365 0d0a0d0a 20746869 73207365   lose.... this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 31267379 7374656d   ype=g_v41&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723039 355f315f   status=err095_1_
0x00000070 (00112)   38266e3d 30266578 7472613d 30204854   8&n=0&extra=0 HT
0x00000080 (00128)   54502f31 2e310d0a 486f7374 3a207072   TP/1.1..Host: pr
0x00000090 (00144)   6f746563 74796f75 7270632d 31312e63   otectyourpc-11.c
0x000000a0 (00160)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x000000b0 (00176)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x000000c0 (00192)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x000000d0 (00208)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x000000e0 (00224)   31290d0a 436f6e74 656e742d 4c656e67   1)..Content-Leng
0x000000f0 (00240)   74683a20 300d0a43 6f6e6e65 6374696f   th: 0..Connectio
0x00000100 (00256)   6e3a2063 6c6f7365 0d0a0d0a            n: close....

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 31267379 7374656d   ype=g_v41&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723038 385f325f   status=err088_2_
0x00000070 (00112)   30266e3d 30266578 7472613d 30204854   0&n=0&extra=0 HT
0x00000080 (00128)   54502f31 2e310d0a 486f7374 3a207072   TP/1.1..Host: pr
0x00000090 (00144)   6f746563 74796f75 7270632d 31312e63   otectyourpc-11.c
0x000000a0 (00160)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x000000b0 (00176)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x000000c0 (00192)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x000000d0 (00208)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x000000e0 (00224)   31290d0a 436f6e74 656e742d 4c656e67   1)..Content-Leng
0x000000f0 (00240)   74683a20 300d0a43 6f6e6e65 6374696f   th: 0..Connectio
0x00000100 (00256)   6e3a2063 6c6f7365 0d0a0d0a 73207365   n: close....s se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 31267379 7374656d   ype=g_v41&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723037 335f325f   status=err073_2_
0x00000070 (00112)   32266e3d 30266578 7472613d 30204854   2&n=0&extra=0 HT
0x00000080 (00128)   54502f31 2e310d0a 486f7374 3a207072   TP/1.1..Host: pr
0x00000090 (00144)   6f746563 74796f75 7270632d 31312e63   otectyourpc-11.c
0x000000a0 (00160)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x000000b0 (00176)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x000000c0 (00192)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x000000d0 (00208)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x000000e0 (00224)   31290d0a 436f6e74 656e742d 4c656e67   1)..Content-Leng
0x000000f0 (00240)   74683a20 300d0a43 6f6e6e65 6374696f   th: 0..Connectio
0x00000100 (00256)   6e3a2063 6c6f7365 0d0a0d0a            n: close....

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 31267379 7374656d   ype=g_v41&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723038 34266e3d   status=err084&n=
0x00000070 (00112)   30266578 7472613d 30204854 54502f31   0&extra=0 HTTP/1
0x00000080 (00128)   2e310d0a 486f7374 3a207072 6f746563   .1..Host: protec
0x00000090 (00144)   74796f75 7270632d 31312e63 6f6d0d0a   tyourpc-11.com..
0x000000a0 (00160)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x000000b0 (00176)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x000000c0 (00192)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x000000d0 (00208)   696e646f 7773204e 5420352e 31290d0a   indows NT 5.1)..
0x000000e0 (00224)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x000000f0 (00240)   300d0a43 6f6e6e65 6374696f 6e3a2063   0..Connection: c
0x00000100 (00256)   6c6f7365 0d0a0d0a 0d0a0d0a 73207365   lose........s se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 31267379 7374656d   ype=g_v41&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723039 355f325f   status=err095_2_
0x00000070 (00112)   35266e3d 30266578 7472613d 30204854   5&n=0&extra=0 HT
0x00000080 (00128)   54502f31 2e310d0a 486f7374 3a207072   TP/1.1..Host: pr
0x00000090 (00144)   6f746563 74796f75 7270632d 31312e63   otectyourpc-11.c
0x000000a0 (00160)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x000000b0 (00176)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x000000c0 (00192)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x000000d0 (00208)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x000000e0 (00224)   31290d0a 436f6e74 656e742d 4c656e67   1)..Content-Leng
0x000000f0 (00240)   74683a20 300d0a43 6f6e6e65 6374696f   th: 0..Connectio
0x00000100 (00256)   6e3a2063 6c6f7365 0d0a0d0a            n: close....

0x00000000 (00000)   47455420 2f204854 54502f31 2e300d0a   GET / HTTP/1.0..
0x00000010 (00016)   436f6e6e 65637469 6f6e3a20 636c6f73   Connection: clos
0x00000020 (00032)   650d0a48 6f73743a 20777777 2e676f6f   e..Host: www.goo
0x00000030 (00048)   676c652e 636f6d0d 0a416363 6570743a   gle.com..Accept:
0x00000040 (00064)   202a2f2a 0d0a0d0a 6e74656e 742d5479    */*....ntent-Ty
0x00000050 (00080)   70653a20 74657874 2f68746d 6c0d0a44   pe: text/html..D
0x00000060 (00096)   6174653a 20536174 2c203139 204a756c   ate: Sat, 19 Jul
0x00000070 (00112)   20323031 34203031 3a33353a 34302047    2014 01:35:40 G
0x00000080 (00128)   4d540d0a 0d0a3c68 746d6c3e 0a20203c   MT....<html>.  <
0x00000090 (00144)   68656164 3e0a2020 20203c74 69746c65   head>.    <title
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f204854 54502f31 2e300d0a   GET / HTTP/1.0..
0x00000010 (00016)   436f6e6e 65637469 6f6e3a20 636c6f73   Connection: clos
0x00000020 (00032)   650d0a48 6f73743a 20777777 2e676f6f   e..Host: www.goo
0x00000030 (00048)   676c652e 636f6d0d 0a416363 6570743a   gle.com..Accept:
0x00000040 (00064)   202a2f2a 0d0a0d0a 6e74656e 742d5479    */*....ntent-Ty
0x00000050 (00080)   70653a20 74657874 2f68746d 6c0d0a44   pe: text/html..D
0x00000060 (00096)   6174653a 20536174 2c203139 204a756c   ate: Sat, 19 Jul
0x00000070 (00112)   20323031 34203031 3a33353a 34302047    2014 01:35:40 G
0x00000080 (00128)   4d540d0a 0d0a3c68 746d6c3e 0a20203c   MT....<html>.  <
0x00000090 (00144)   68656164 3e0a2020 20203c74 69746c65   head>.    <title
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 31267379 7374656d   ype=g_v41&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723039 345f3433   status=err094_43
0x00000070 (00112)   5f313130 3031266e 3d302665 78747261   _11001&n=0&extra
0x00000080 (00128)   3d302048 5454502f 312e310d 0a486f73   =0 HTTP/1.1..Hos
0x00000090 (00144)   743a2070 726f7465 6374796f 75727063   t: protectyourpc
0x000000a0 (00160)   2d31312e 636f6d0d 0a557365 722d4167   -11.com..User-Ag
0x000000b0 (00176)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x000000c0 (00192)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x000000d0 (00208)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x000000e0 (00224)   4e542035 2e31290d 0a436f6e 74656e74   NT 5.1)..Content
0x000000f0 (00240)   2d4c656e 6774683a 20300d0a 436f6e6e   -Length: 0..Conn
0x00000100 (00256)   65637469 6f6e3a20 636c6f73 650d0a0d   ection: close...
0x00000110 (00272)   0a766572 20636f75 6c64206e 6f742075   .ver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f6367 692d6269 6e2f6379   POST /cgi-bin/cy
0x00000010 (00016)   636c655f 7265706f 72742e63 67693f74   cle_report.cgi?t
0x00000020 (00032)   7970653d 675f7634 31267379 7374656d   ype=g_v41&system
0x00000030 (00048)   3d362e30 2e323930 307c352e 312e3236   =6.0.2900|5.1.26
0x00000040 (00064)   30307c31 30333326 69643d43 30353939   00|1033&id=C0599
0x00000050 (00080)   30304146 46303434 46464337 35444526   00AFF044FFC75DE&
0x00000060 (00096)   73746174 75733d65 72723039 335f3433   status=err093_43
0x00000070 (00112)   5f313130 3031266e 3d302665 78747261   _11001&n=0&extra
0x00000080 (00128)   3d302048 5454502f 312e310d 0a486f73   =0 HTTP/1.1..Hos
0x00000090 (00144)   743a2070 726f7465 6374796f 75727063   t: protectyourpc
0x000000a0 (00160)   2d31312e 636f6d0d 0a557365 722d4167   -11.com..User-Ag
0x000000b0 (00176)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x000000c0 (00192)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x000000d0 (00208)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x000000e0 (00224)   4e542035 2e31290d 0a436f6e 74656e74   NT 5.1)..Content
0x000000f0 (00240)   2d4c656e 6774683a 20300d0a 436f6e6e   -Length: 0..Conn
0x00000100 (00256)   65637469 6f6e3a20 636c6f73 650d0a0d   ection: close...
0x00000110 (00272)   0a766572 20636f75 6c64206e 6f742075   .ver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.


Strings
[.
z
.
040904b0
1, 0, 0, 2
1139
Copyright (C) 2010
FileDescription
FileVersion
LegalCopyright
&Main
MS Sans Serif
PrivateBuild
ProductVersion
S&top
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
Windows Host Process
0S;pkv@
,@0TlIb
1|PI,(
2*#3jz
23oMax
2v?Mqiv
3-!2y5
;3(JU?-
3PrcL#
3T)pWB
5KzKg1
5|tuA[Q
5uROvw&
5]x}<2
5y8myV"
5z<:UmC
6e-?}D
6=q5_0
9_3w]j%g
ADVAPI32.dll
a{$ik.
aU/PW.D
B|31m/
@CF@{BIYx
CoCreateInstance
CoInitialize
CoUninitialize
CreateClassMoniker
CreateConsoleScreenBuffer
CreateToolhelp32Snapshot
CreateWindowExW
@.data
DDRAW.dll
DefWindowProcW
DestroyWindow
DialogBoxParamW
DirectDrawCreate
DirectDrawCreateEx
DirectDrawEnumerateA
DispatchMessageW
E4Hq@r
ee;&G#
ei|4la
EndDialog
}$e"tx
ExitProcess
!Fg;lya
FindWindowW
@F@-Mh
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetCommandLineA
GetCurrentProcess
GetEnvironmentStrings
GetEnvironmentStringsW
GetMessageW
GetModuleFileNameA
GetModuleHandleA
>GetPh
GetProcessVersion
GetRunningObjectTable
GetStartupInfoA
GetStdHandle
GetSystemInfo
GetSystemMetrics
GetVersionExA
GetWindowRect
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
h]hC1@
HHjOpI
h`hX]@
hlAllh
hlFrehrm@
hLocah
hrotehE~@
!IA.MECg{
Io~XL)d
IsBadWritePtr
IsDlgButtonChecked
J*Dil7F
JJJ^[c
,^,J	V#
KERNEL32.dll
keu)Fd
,ko/,R
KT;0^d
@L7Ix#
LCMapStringA
LoadStringW
lP]|/=~
mgR]vV,
n2sMf8
n:u<K+
O_^-\$
"o4]O 
ole32.dll
/^.|OVb
OY*9="
&	P;3J|C=
PathAddBackslashW
PathAppendW
PathCombineW
PathFindExtensionW
PathRemoveFileSpecW
PhR([P)
PostMessageW
PostQuitMessage
PP1		Wk
PP"6]%
PP?aHb
PPP[gjo
qgR"nb
quwr=vwk
qw0}jI,
"-~r!@
R=C4[L	
`.rdata
RegCloseKey
RegCreateKeyExW
RegEnumValueA
RegEnumValueW
RegisterClassExW
RegisterWindowMessageA
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
}+RjJ0
RtlUnwind
rWe.m#6
SetUnhandledExceptionFilter
SetWindowPos
SHELL32.dll
ShellExecuteExW
SHLWAPI.dll
|s`{%)iB,
s^lu~J
S`<|NiV
:sT;r8`
t1(h6X@
t5a<5j
T-Fpzd<
!This program cannot be run in DOS mode.
ThLibr
ThLocah
ThSlee
T m?#R
tQg[SbQ*
TranslateMessage
tttLqY
Uj%:"g
Ul	OjF
UnhandledExceptionFilter
USER32.dll
U(?Tj@
	-~v_7
v#A[j2
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
vLgBo9
vrymew
Vv=-MQX
w1iBw#
wk[]:^a
wKVaI!
WP\iv(
WriteFile
~^wsc2>L
wsprintfW
WUvJV4
x|3vUn"
Y3|LqM<
]zL(;]S
zv;y_$
%zz5}7