Worm.Win32.Vobfus.11.FD, TrojanDropperVtimrun.YR (Lavasoft MAS)Behaviour: Trojan-Dropper, Trojan, Worm
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 05c61b4defa0de8dab9055b8194cbc1b
SHA1: 822a6b6e850f099676e9b18490bc46d0f0f8c124
SHA256: c3326bba8e2801ec5fa9b3804c9dcad17ce60e9c85d67bf251ff0e2047bdea07
SSDeep: 49152:qZ8KbJwymCckYVH4RmP0OgZVAQOOreGqDr:qZhwxZVHpMZVsSbq/
Size: 1703824 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2004-08-04 09:01:37
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan-Dropper. Trojan program, intended for stealth installation of other malware into user's system.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan-Dropper creates the following process(es):No processes have been created.The Trojan-Dropper injects its code into the following process(es):
%original file name%.exe:172
SMPCSetup.exe:1076
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:172 makes changes in the file system.
The Trojan-Dropper creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\VNCHooks.dll (1836 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\smpcvndat (23 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\TIPOFDAY.TXT (797 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\mm2.res (3516 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\smvnview.exe (9923 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\smpcvc.exe (1568 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\settings.ini (2538 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\spcplink.exe (6390 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\i_vbtnstr_JPN (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\ijl11.dll (3194 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\i_sbtnstr_JPN (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\SMPCSetup.exe (58525 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\MSRC4Plugin.dsm (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\smwg.exe (7324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\smwinvnc.exe (13128 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\MSWINSCK.OCX (2650 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\i_obtnstr_JPN (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\MSRC4Plugin_NoReg.dsm (600 bytes)
The process SMPCSetup.exe:1076 makes changes in the file system.
The Trojan-Dropper creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\logo-showmypc-210-50[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ui.base[1].css (257 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ui.progressbar[1].css (172 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\s[1] (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\en[1].png (1184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\f[1].txt (8972 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ui.tabs[1].js (6868 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\f[3].txt (6433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\s[1].htm (143 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@download3.showmypc[1].txt (3677 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\jquery-1.3.2[1].js (61513 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ui.datepicker[1].css (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\f[1].txt (15005 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@doubleclick[2].txt (725 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAUUOD6T.htm (3400 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\zrt_lookup[1].html (2822 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\appheader[1].htm (831 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ui.dialog[1].css (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\x_button_blue2[1].png (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ui.all[1].css (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAH0KBL9 (12863 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\_4uxRUNeSH9c_Oxod8Ksh0O7XY50emxWlN7xg2zLfxk[1].js (3860 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ui.accordion[1].css (739 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\f[3].txt (10854 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\about-us[1].htm (879 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\mobile_unified_button_icon_white[1].png (283 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\f[1].txt (8460 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@download3.showmypc[2].txt (4030 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ui.tabs[1].css (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\googlelogo_color_112x36dp[1].png (63 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ui.theme[1].css (5665 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\f[2].txt (7979 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ui.core[1].js (3769 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\zrt_lookup[1].htm (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\f[2].txt (9387 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ui.slider[1].css (947 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ga[1].js (1892 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@doubleclick[1].txt (1406 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ui.core[1].css (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ui.resizable[1].css (1 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (11580 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\icon[1].png (344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\f[2].txt (460 bytes)
The Trojan-Dropper deletes the following file(s):
%Documents and Settings%\%current user%\Cookies\Current_User@doubleclick[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\s[1] (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@download3.showmypc[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\f[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@download3.showmypc[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\f[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014041520140416\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014041520140416 (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@doubleclick[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\f[1].txt (0 bytes)
Registry activity
The process %original file name%.exe:172 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "85 CD CE 9D 97 40 8F 4C 0F 87 1F 74 91 EA BE EA"
To automatically run itself each time Windows is booted, the Trojan-Dropper adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0" = "rundll32.exe %System%\advpack.dll,DelNodeRunDLL32 C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\"
The process SMPCSetup.exe:1076 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016052120160522]
"CacheRepair" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016052120160522]
"CacheLimit" = "8192"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016052120160522]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012016052120160522\"
"CachePrefix" = ":2016052120160522:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016052120160522]
"CacheOptions" = "11"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7A 14 89 A1 8C AF 94 2D 96 72 BE 37 A7 4B CF 55"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\VB and VBA Program Settings\SmpcApp\Common]
"astart" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Trojan-Dropper modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan-Dropper modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan-Dropper modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan-Dropper deletes the following registry key(s):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014041520140416]
The Trojan-Dropper deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
Dropped PE files
MD5 | File path |
---|---|
41ae075a833527788ddd1e0e2e18e611 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\IXP000.TMP\MSRC4Plugin.dsm |
64f63dc9be64060c6610db7e5c2fffb5 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\IXP000.TMP\MSRC4Plugin_NoReg.dsm |
9484c04258830aa3c2f2a70eb041414c | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\IXP000.TMP\MSWINSCK.OCX |
ef785cc629542a683097301f075b8f1b | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\IXP000.TMP\SMPCSetup.exe |
2e5356f7c8938730dd5a639893d325f1 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\IXP000.TMP\VNCHooks.dll |
a0ce0247d48fecaac607edb1e2d87fd8 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\IXP000.TMP\ijl11.dll |
0ceb92bc938674df03d1ad51f8ece6e1 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\IXP000.TMP\smpcvc.exe |
52541baa5793f240603b6afa1b908ae5 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\IXP000.TMP\smvnview.exe |
491e99207bba55d1bbb03346b0ae3a4e | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\IXP000.TMP\smwg.exe |
87e700bd9fc23ed4286ac473e3979785 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\IXP000.TMP\smwinvnc.exe |
63c46d69f98b1bbf21a782e75308d9a6 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\IXP000.TMP\spcplink.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
- Delete the original Trojan-Dropper file.
- Delete or disinfect the following files created/modified by the Trojan-Dropper:
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\VNCHooks.dll (1836 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\smpcvndat (23 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\TIPOFDAY.TXT (797 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\mm2.res (3516 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\smvnview.exe (9923 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\smpcvc.exe (1568 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\settings.ini (2538 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\spcplink.exe (6390 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\i_vbtnstr_JPN (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\ijl11.dll (3194 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\i_sbtnstr_JPN (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\SMPCSetup.exe (58525 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\MSRC4Plugin.dsm (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\smwg.exe (7324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\smwinvnc.exe (13128 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\MSWINSCK.OCX (2650 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\i_obtnstr_JPN (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\MSRC4Plugin_NoReg.dsm (600 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\logo-showmypc-210-50[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ui.base[1].css (257 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ui.progressbar[1].css (172 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\s[1] (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\en[1].png (1184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\f[1].txt (8972 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ui.tabs[1].js (6868 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\f[3].txt (6433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\s[1].htm (143 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@download3.showmypc[1].txt (3677 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\jquery-1.3.2[1].js (61513 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ui.datepicker[1].css (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\f[1].txt (15005 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@doubleclick[2].txt (725 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAUUOD6T.htm (3400 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\zrt_lookup[1].html (2822 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\appheader[1].htm (831 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ui.dialog[1].css (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\x_button_blue2[1].png (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ui.all[1].css (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAH0KBL9 (12863 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\_4uxRUNeSH9c_Oxod8Ksh0O7XY50emxWlN7xg2zLfxk[1].js (3860 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ui.accordion[1].css (739 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\f[3].txt (10854 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\about-us[1].htm (879 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\mobile_unified_button_icon_white[1].png (283 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\f[1].txt (8460 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@download3.showmypc[2].txt (4030 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ui.tabs[1].css (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\googlelogo_color_112x36dp[1].png (63 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ui.theme[1].css (5665 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\f[2].txt (7979 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ui.core[1].js (3769 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\zrt_lookup[1].htm (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\f[2].txt (9387 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ui.slider[1].css (947 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ga[1].js (1892 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@doubleclick[1].txt (1406 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ui.core[1].css (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ui.resizable[1].css (1 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (11580 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\icon[1].png (344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\f[2].txt (460 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0" = "rundll32.exe %System%\advpack.dll,DelNodeRunDLL32 C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name: Microsoft Corporation
Product Name: HD Player
Product Version: 6.00.2900.2180
Legal Copyright: (c) Microsoft Corporation. All rights reserved.
Legal Trademarks:
Original Filename: WEXTRACT.EXE
Internal Name: Wextract
File Version: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
File Description: Win32 Cabinet Self-Extractor
Comments:
Language: English (United States)
Company Name: Microsoft CorporationProduct Name: HD Player Product Version: 6.00.2900.2180Legal Copyright: (c) Microsoft Corporation. All rights reserved.Legal Trademarks: Original Filename: WEXTRACT.EXE Internal Name: Wextract File Version: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)File Description: Win32 Cabinet Self-Extractor Comments: Language: English (United States)
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 39212 | 39424 | 4.55052 | 17a6fbe18a834b6f3462304415675d36 |
.data | 45056 | 7140 | 1024 | 2.94449 | 99858e86526942a66950c7139f78a725 |
.rsrc | 53248 | 1658880 | 1656832 | 5.51294 | 8bba93f6daaaaf67a08365c6abd61afb |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://download3.showmypc.com/app/appheader.html?version=3055&lang=ENG | 64.22.103.52 |
hxxp://download3.showmypc.com/app/about-us.html?lang=ENG&version=3055&seq=5/21/20167:34:11 AM | 64.22.103.52 |
hxxp://www-google-analytics.l.google.com/ga.js | |
hxxp://s3-1.amazonaws.com/images/logo-showmypc-210-50.gif | |
hxxp://s3-1.amazonaws.com/js/themes/base/ui.all.css | |
hxxp://www-google-analytics.l.google.com/r/__utm.gif?utmwv=5.6.7&utms=1&utmn=565884732&utmhn=download3.showmypc.com&utmcs=utf-8&utmsr=1276x846&utmvp=544x54&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmhid=1995597227&utmr=-&utmp=/app/appheader.html?version=3055&lang=ENG&utmht=1463805253604&utmac=UA-3896280-1&utmcc=__utma=172476214.434589424.1463805253.1463805253.1463805253.1;+__utmz=172476214.1463805253.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmjid=1660193878&utmredir=1&utmu=DAAAAAAAAAAAAAAAAAAAAAAE~ | |
hxxp://s3-1.amazonaws.com/js/jquery-1.3.2.js | |
hxxp://s3-1.amazonaws.com/js/themes/base/ui.base.css | |
hxxp://s3-1.amazonaws.com/js/themes/base/ui.theme.css | |
hxxp://s3-1.amazonaws.com/js/themes/base/ui.core.css | |
hxxp://s3-1.amazonaws.com/js/themes/base/ui.accordion.css | |
hxxp://s3-1.amazonaws.com/js/themes/base/ui.resizable.css | |
hxxp://s3-1.amazonaws.com/js/themes/base/ui.dialog.css | |
hxxp://s3-1.amazonaws.com/js/themes/base/ui.slider.css | |
hxxp://s3-1.amazonaws.com/js/themes/base/ui.tabs.css | |
hxxp://s3-1.amazonaws.com/js/themes/base/ui.datepicker.css | |
hxxp://s3-1.amazonaws.com/js/themes/base/ui.progressbar.css | |
hxxp://s3-1.amazonaws.com/js/ui/ui.core.js | |
hxxp://s3-1.amazonaws.com/js/ui/ui.tabs.js | |
hxxp://pagead46.l.doubleclick.net/pagead/show_ads.js | |
hxxp://pagead46.l.doubleclick.net/pagead/js/r20160517/r20151006/show_ads_impl.js | |
hxxp://www-google-analytics.l.google.com/__utm.gif?utmwv=5.6.7&utms=2&utmn=93188622&utmhn=download3.showmypc.com&utmcs=utf-8&utmsr=1276x846&utmvp=488x298&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmhid=929702296&utmr=-&utmp=/app/about-us.html?lang=ENG&version=3055&seq=5/21/20167:34:11%2520AM&utmht=1463805259104&utmac=UA-3896280-1&utmcc=__utma=172476214.434589424.1463805253.1463805253.1463805253.1;+__utmz=172476214.1463805253.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmjid=&utmu=DAAAAAAAAAAAAAAAAAAAAABE~ | |
hxxp://s3.showmypc.com/js/themes/base/ui.progressbar.css | 54.231.98.123 |
hxxp://www.google-analytics.com/r/__utm.gif?utmwv=5.6.7&utms=1&utmn=565884732&utmhn=download3.showmypc.com&utmcs=utf-8&utmsr=1276x846&utmvp=544x54&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmhid=1995597227&utmr=-&utmp=/app/appheader.html?version=3055&lang=ENG&utmht=1463805253604&utmac=UA-3896280-1&utmcc=__utma=172476214.434589424.1463805253.1463805253.1463805253.1;+__utmz=172476214.1463805253.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmjid=1660193878&utmredir=1&utmu=DAAAAAAAAAAAAAAAAAAAAAAE~ | 173.194.113.193 |
hxxp://s3.showmypc.com/js/themes/base/ui.all.css | 54.231.98.123 |
hxxp://pagead2.googlesyndication.com/pagead/show_ads.js | 173.194.113.218 |
hxxp://s3.showmypc.com/js/themes/base/ui.slider.css | 54.231.98.123 |
hxxp://s3.showmypc.com/js/themes/base/ui.theme.css | 54.231.98.123 |
hxxp://pagead2.googlesyndication.com/pagead/js/r20160517/r20151006/show_ads_impl.js | 173.194.113.218 |
hxxp://s3.showmypc.com/js/themes/base/ui.accordion.css | 54.231.98.123 |
hxxp://s3.showmypc.com/js/themes/base/ui.datepicker.css | 54.231.98.123 |
hxxp://s3.showmypc.com/js/themes/base/ui.base.css | 54.231.98.123 |
hxxp://s3.showmypc.com/js/themes/base/ui.core.css | 54.231.98.123 |
hxxp://s3.showmypc.com/js/ui/ui.core.js | 54.231.98.123 |
hxxp://s3.showmypc.com/js/jquery-1.3.2.js | 54.231.98.123 |
hxxp://s3.showmypc.com/js/themes/base/ui.resizable.css | 54.231.98.123 |
hxxp://www.google-analytics.com/ga.js | 173.194.113.193 |
hxxp://s3.showmypc.com/images/logo-showmypc-210-50.gif | 54.231.98.123 |
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.6.7&utms=2&utmn=93188622&utmhn=download3.showmypc.com&utmcs=utf-8&utmsr=1276x846&utmvp=488x298&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmhid=929702296&utmr=-&utmp=/app/about-us.html?lang=ENG&version=3055&seq=5/21/20167:34:11%2520AM&utmht=1463805259104&utmac=UA-3896280-1&utmcc=__utma=172476214.434589424.1463805253.1463805253.1463805253.1;+__utmz=172476214.1463805253.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmjid=&utmu=DAAAAAAAAAAAAAAAAAAAAABE~ | 173.194.113.193 |
hxxp://s3.showmypc.com/js/themes/base/ui.tabs.css | 54.231.98.123 |
hxxp://s3.showmypc.com/js/themes/base/ui.dialog.css | 54.231.98.123 |
hxxp://s3.showmypc.com/js/ui/ui.tabs.js | 54.231.98.123 |
googleads.g.doubleclick.net | 173.194.113.217 |
www.google.com | 173.194.113.209 |
encrypted-tbn1.gstatic.com | 216.58.209.206 |
www.gstatic.com | 173.194.113.215 |
tpc.googlesyndication.com | 216.58.214.193 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /images/logo-showmypc-210-50.gif HTTP/1.1
Accept: */*
Referer: hXXp://download3.showmypc.com/app/appheader.html?version=3055&lang=ENG
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s3.showmypc.com
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: 2fsTgDwuoaho1oyiYco4UCQpQThf6jKEWs6Ap6yqXvYj7M2YZ z5ktKM4ckLSTDESzuEgMuU KQ=
x-amz-request-id: 1A00062E3340D419
Date: Sat, 21 May 2016 04:34:07 GMT
x-amz-meta-s3fox-filesize: 3934
x-amz-meta-s3fox-modifiedtime: 1326484442667
Last-Modified: Fri, 13 Jan 2012 20:36:03 GMT
ETag: "f11f9152cbccafb7623088ef6a2dd0e3"
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 3934
Server: AmazonS3
GIF89a..2.w..!.......,......2...r.......w.C..z.............h%...........D.-.3\.e.87.:..{.................w...Iv..J...l.v6...]. ..:....u!......g.Gm.n......4.Tk.3.....k.m....y.6..x...[.B..h.uH....b2..[......V.8U....XXz5..d`.$~.c.X..T3..r...s.>....{T.{*..i.......m2S....c...&{7.Z*Dj....N.g.R".k0...q...L).M.....W'....u5.jG>d....G.98`......W.]2....S*...In".x%.......@*....|-...@f........_$.H4....D.......d.5Y......s/w.Z......\....UX....g.zg......:a...rn.E....q ......Z..O.>...-W.....]&=b.....W5..........N4...Ru.Nq*........E..........P.......X. .h1_.#..I......M..W..L..>c.....b>......Bm....d.gb.%a.$...h./d.(X...o1<c.......a.%...`.?.{.~.M....w .|6o.8@.4]....s....r?.a7...K~5.]C...m.Op.R..a..vc.&.~.....pQ.g)..a.............j<e.[...w.PP.....O}.Z. ..Y.T&......?e...w...6^....>j...............`b.&..,.o7......Q..H......*\......#J.H.....3j...... C..I....(S.\.....0c..I..../........@...)....H..$.....Po",F....X.j......`...K.l..S..].....p..=.....x...k........@X...0.c(....}.. .K..e.|.^....g.YBgA.&J.:..$X.......\.M.6....>...7'!...6}..j?~:.h.c.>..X.=.j...I...N..@..x...B...#>f.......8.,8qu...w....c.....X.w.a..o.daH.O.W....bW..l..*.. ..x..BV...[...5M&.X...m. .*0..!.4..aV."..[.p3N)5. ....e....RD.L.ucVg...!e..J).."F3\6....h.V.3Ru...(9O.l..$VF....`..F.)@.....).95.2.......*..GU$....U.P.ëu.-$(....M3MVO,..Z]T@.<..`*Wi(!...$.y..XE..'.x5K......^....CTB'U.,".Vi....N0._..... ....V...L......TI0..I(..U.(.n...q..N.B.U........G.. .J.U....H.....,....]u....s...... ....3..2..Vu..*..7@ V.z..B.&D..t5K.LD.l.&lAN1OHC.U .3j
<<< skipped >>>
GET /js/themes/base/ui.base.css HTTP/1.1
Accept: */*
Referer: hXXp://download3.showmypc.com/app/about-us.html?lang=ENG&version=3055&seq=5/21/20167:34:11 AM
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s3.showmypc.com
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: 4MwcW/e2ZF2dHcuKeiP tW6fJmqwn9 tW1iXN2r/WWzKdL4meSpWVlC3pir0cVPCRR3LcwokPrc=
x-amz-request-id: 23C6C850D269637D
Date: Sat, 21 May 2016 04:34:07 GMT
Last-Modified: Fri, 13 Jan 2012 21:28:16 GMT
ETag: "b68871675bce768f26116a0c32b3e26e"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 257
Server: AmazonS3
@import url("ui.core.css");..@import url("ui.resizable.css");..@import url("ui.accordion.css");..@import url("ui.dialog.css");..@import url("ui.slider.css");..@import url("ui.tabs.css");..@import url("ui.datepicker.css");..@import url("ui.progressbar.css");....
GET /js/themes/base/ui.theme.css HTTP/1.1
Accept: */*
Referer: hXXp://download3.showmypc.com/app/about-us.html?lang=ENG&version=3055&seq=5/21/20167:34:11 AM
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s3.showmypc.com
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: e3U5J FtcusQbBQzxa/dGc4GvLwd k9yfrmWlDpbxOyW7AJqHWhgggIZR8jgE/hHBAyIeHgsmDc=
x-amz-request-id: CB9BD1F6CA57AA6D
Date: Sat, 21 May 2016 04:34:07 GMT
Last-Modified: Fri, 13 Jan 2012 21:28:18 GMT
ETag: "22179f609ede2c15e6610ee0713ece41"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 17981
Server: AmazonS3
/*..* jQuery UI CSS Framework..* Copyright (c) 2009 AUTHORS.txt (http://jqueryui.com/about)..* Dual licensed under the MIT (MIT-LICENSE.txt) and GPL (GPL-LICENSE.txt) licenses...* To view and modify this theme, visit hXXp://jqueryui.com/themeroller/..*/..../* Component containers..----------------------------------*/...ui-widget { font-family: Verdana,Arial,sans-serif/*{ffDefault}*/; font-size: 1em/*{fsDefault}*/; }...ui-widget input, .ui-widget select, .ui-widget textarea, .ui-widget button { font-family: Verdana,Arial,sans-serif/*{ffDefault}*/; font-size: 1em; }...ui-widget-content { border: 1px solid #aaaaaa/*{borderColorContent}*/; background: #ffffff/*{bgColorContent}*/ url(images/ui-bg_glass_75_ffffff_1x400.png)/*{bgImgUrlContent}*/ 0/*{bgContentXPos}*/ 0/*{bgContentYPos}*/ repeat-x/*{bgContentRepeat}*/; color: #222222/*{fcContent}*/; }...ui-widget-content a { color: #222222/*{fcContent}*/; }...ui-widget-header { border: 1px solid #aaaaaa/*{borderColorHeader}*/; background: #cccccc/*{bgColorHeader}*/ url(images/ui-bg_highlight-soft_75_cccccc_1x100.png)/*{bgImgUrlHeader}*/ 0/*{bgHeaderXPos}*/ 50%/*{bgHeaderYPos}*/ repeat-x/*{bgHeaderRepeat}*/; color: #222222/*{fcHeader}*/; font-weight: bold; }...ui-widget-header a { color: #222222/*{fcHeader}*/; }../* Interaction states..----------------------------------*/...ui-state-default, .ui-widget-content .ui-state-default { border: 1px solid #d3d3d3/*{borderColorDefault}*/; background: #e6e6e6/*{bgColorDefault}*/ url(images/ui-bg_glass_75_e6e6e6_1x400.png)/*{bgImgU
<<< skipped >>>
GET /js/themes/base/ui.core.css HTTP/1.1
Accept: */*
Referer: hXXp://download3.showmypc.com/app/about-us.html?lang=ENG&version=3055&seq=5/21/20167:34:11 AM
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s3.showmypc.com
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: puUaLIOutCK MigoPnUx2J1AGivhXWKaPa/ dMeKMWaLIuTP3tEwS8FMwY7sAhXHS9D1Pc4Ws30=
x-amz-request-id: 04381DB42FBE6868
Date: Sat, 21 May 2016 04:34:08 GMT
Last-Modified: Fri, 13 Jan 2012 21:28:16 GMT
ETag: "1f8b9323acc054d6e22907871e14a815"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 1387
Server: AmazonS3
/*..* jQuery UI CSS Framework..* Copyright (c) 2009 AUTHORS.txt (http://jqueryui.com/about)..* Dual licensed under the MIT (MIT-LICENSE.txt) and GPL (GPL-LICENSE.txt) licenses...*/../* Layout helpers..----------------------------------*/...ui-helper-hidden { display: none; }...ui-helper-hidden-accessible { position: absolute; left: -99999999px; }...ui-helper-reset { margin: 0; padding: 0; border: 0; outline: 0; line-height: 1.3; text-decoration: none; font-size: 100%; list-style: none; }...ui-helper-clearfix:after { content: "."; display: block; height: 0; clear: both; visibility: hidden; }...ui-helper-clearfix { display: inline-block; }../* required comment for clearfix to work in Opera \*/..* html .ui-helper-clearfix { height:1%; }...ui-helper-clearfix { display:block; }../* end clearfix */...ui-helper-zfix { width: 100%; height: 100%; top: 0; left: 0; position: absolute; opacity: 0; filter:Alpha(Opacity=0); }..../* Interaction Cues..----------------------------------*/...ui-state-disabled { cursor: default !important; }..../* Icons..----------------------------------*/../* states and images */...ui-icon { display: block; text-indent: -99999px; overflow: hidden; background-repeat: no-repeat; }..../* Misc visuals..----------------------------------*/../* Overlays */...ui-widget-overlay { position: absolute; top: 0; left: 0; width: 100%; height: 100%; }....
<<< skipped >>>
GET /js/themes/base/ui.resizable.css HTTP/1.1
Accept: */*
Referer: hXXp://download3.showmypc.com/app/about-us.html?lang=ENG&version=3055&seq=5/21/20167:34:11 AM
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s3.showmypc.com
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: oIuiQVxAdnEb p6Xw T4yInvx6gJTTqiN6dqUhdF5jgL6IoWcRh8H3bzlAmqdA/flWZ4xg5rk2g=
x-amz-request-id: E8F94F48323BECD1
Date: Sat, 21 May 2016 04:34:08 GMT
Last-Modified: Fri, 13 Jan 2012 21:28:17 GMT
ETag: "a91b7528cbbf7d45d86571fe1a446e7f"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 1005
Server: AmazonS3
/* Resizable..----------------------------------*/...ui-resizable { position: relative;}...ui-resizable-handle { position: absolute;font-size: 0.1px;z-index: 99999; display: block;}...ui-resizable-disabled .ui-resizable-handle, .ui-resizable-autohide .ui-resizable-handle { display: none; }...ui-resizable-n { cursor: n-resize; height: 7px; width: 100%; top: -5px; left: 0px; }...ui-resizable-s { cursor: s-resize; height: 7px; width: 100%; bottom: -5px; left: 0px; }...ui-resizable-e { cursor: e-resize; width: 7px; right: -5px; top: 0px; height: 100%; }...ui-resizable-w { cursor: w-resize; width: 7px; left: -5px; top: 0px; height: 100%; }...ui-resizable-se { cursor: se-resize; width: 12px; height: 12px; right: 1px; bottom: 1px; }...ui-resizable-sw { cursor: sw-resize; width: 9px; height: 9px; left: -5px; bottom: -5px; }...ui-resizable-nw { cursor: nw-resize; width: 9px; height: 9px; left: -5px; top: -5px; }...ui-resizable-ne { cursor: ne-resize; width: 9px; height: 9px; right: -5px; top: -5px;}....
GET /js/themes/base/ui.slider.css HTTP/1.1
Accept: */*
Referer: hXXp://download3.showmypc.com/app/about-us.html?lang=ENG&version=3055&seq=5/21/20167:34:11 AM
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s3.showmypc.com
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: FbrsabYYTxj5Ix1t3fcMzmmqNsGE50pJ4BGmK5VzmgiVr6kBWCowK4GCYdMvq/CHUXXYtBIkjYI=
x-amz-request-id: E0E9FB2EC399325C
Date: Sat, 21 May 2016 04:34:09 GMT
Last-Modified: Fri, 13 Jan 2012 21:28:17 GMT
ETag: "224d478712aa7addc59a6891d5db9f9e"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 947
Server: AmazonS3
/* Slider..----------------------------------*/...ui-slider { position: relative; text-align: left; }...ui-slider .ui-slider-handle { position: absolute; z-index: 2; width: 1.2em; height: 1.2em; cursor: default; }...ui-slider .ui-slider-range { position: absolute; z-index: 1; font-size: .7em; display: block; border: 0; }...ui-slider-horizontal { height: .8em; }...ui-slider-horizontal .ui-slider-handle { top: -.3em; margin-left: -.6em; }...ui-slider-horizontal .ui-slider-range { top: 0; height: 100%; }...ui-slider-horizontal .ui-slider-range-min { left: 0; }...ui-slider-horizontal .ui-slider-range-max { right: 0; }...ui-slider-vertical { width: .8em; height: 100px; }...ui-slider-vertical .ui-slider-handle { left: -.3em; margin-left: 0; margin-bottom: -.6em; }...ui-slider-vertical .ui-slider-range { left: 0; width: 100%; }...ui-slider-vertical .ui-slider-range-min { bottom: 0; }...ui-slider-vertical .ui-slider-range-max { top: 0; }....
GET /js/themes/base/ui.datepicker.css HTTP/1.1
Accept: */*
Referer: hXXp://download3.showmypc.com/app/about-us.html?lang=ENG&version=3055&seq=5/21/20167:34:11 AM
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s3.showmypc.com
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: OtcJZ YMbYYmgFHUNxuaABRLPlrNcZwjis/cF8rRCbzVmZaWaWMSMzu77otXxvfqPTZgyC5V nY=
x-amz-request-id: 6BCCB7B0D86A910E
Date: Sat, 21 May 2016 04:34:09 GMT
Last-Modified: Fri, 13 Jan 2012 21:28:16 GMT
ETag: "4663a45272bc95a9e7999103b233fdf8"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 3997
Server: AmazonS3
/* Datepicker..----------------------------------*/...ui-datepicker { width: 17em; padding: .2em .2em 0; }...ui-datepicker .ui-datepicker-header { position:relative; padding:.2em 0; }...ui-datepicker .ui-datepicker-prev, .ui-datepicker .ui-datepicker-next { position:absolute; top: 2px; width: 1.8em; height: 1.8em; }...ui-datepicker .ui-datepicker-prev-hover, .ui-datepicker .ui-datepicker-next-hover { top: 1px; }...ui-datepicker .ui-datepicker-prev { left:2px; }...ui-datepicker .ui-datepicker-next { right:2px; }...ui-datepicker .ui-datepicker-prev-hover { left:1px; }...ui-datepicker .ui-datepicker-next-hover { right:1px; }...ui-datepicker .ui-datepicker-prev span, .ui-datepicker .ui-datepicker-next span { display: block; position: absolute; left: 50%; margin-left: -8px; top: 50%; margin-top: -8px; }...ui-datepicker .ui-datepicker-title { margin: 0 2.3em; line-height: 1.8em; text-align: center; }...ui-datepicker .ui-datepicker-title select { float:left; font-size:1em; margin:1px 0; }...ui-datepicker select.ui-datepicker-month-year {width: 100%;}...ui-datepicker select.ui-datepicker-month, ...ui-datepicker select.ui-datepicker-year { width: 49%;}...ui-datepicker .ui-datepicker-title select.ui-datepicker-year { float: right; }...ui-datepicker table {width: 100%; font-size: .9em; border-collapse: collapse; margin:0 0 .4em; }...ui-datepicker th { padding: .7em .3em; text-align: center; font-weight: bold; border: 0; }...ui-datepicker td { border: 0; padding: 1px; }...ui-datepicker td span, .ui-datepicker td a { disp
<<< skipped >>>
GET /js/ui/ui.core.js HTTP/1.1
Accept: */*
Referer: hXXp://download3.showmypc.com/app/about-us.html?lang=ENG&version=3055&seq=5/21/20167:34:11 AM
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s3.showmypc.com
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: jX8Dlp2Q/u0cI4BCS7TC62LYEgk3Pcc/DMBLaScHH0zoEaf5Vi7MnN392sgV5DYiv c4VZE/iy8=
x-amz-request-id: CA1B81F106372474
Date: Sat, 21 May 2016 04:34:09 GMT
Last-Modified: Fri, 13 Jan 2012 21:28:31 GMT
ETag: "7ba404374e3e38ebd3e869c444a10fcd"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 13932
Server: AmazonS3
/*. * jQuery UI 1.7.1. *. * Copyright (c) 2009 AUTHORS.txt (hXXp://jqueryui.com/about). * Dual licensed under the MIT (MIT-LICENSE.txt). * and GPL (GPL-LICENSE.txt) licenses.. *. * hXXp://docs.jquery.com/UI. */.;jQuery.ui || (function($) {..var _remove = $.fn.remove,..isFF2 = $.browser.mozilla && (parseFloat($.browser.version) < 1.9);..//Helper functions and ui object.$.ui = {..version: "1.7.1",...// $.ui.plugin is deprecated. Use the proxy pattern instead...plugin: {...add: function(module, option, set) {....var proto = $.ui[module].prototype;....for(var i in set) {.....proto.plugins[i] = proto.plugins[i] || [];.....proto.plugins[i].push([option, set[i]]);....}...},...call: function(instance, name, args) {....var set = instance.plugins[name];....if(!set || !instance.element[0].parentNode) { return; }.....for (var i = 0; i < set.length; i ) {.....if (instance.options[set[i][0]]) {......set[i][1].apply(instance.element, args);.....}....}...}..},...contains: function(a, b) {...return document.compareDocumentPosition....? a.compareDocumentPosition(b) & 16....: a !== b && a.contains(b);..},...hasScroll: function(el, a) {....//If overflow is hidden, the element might have extra content, but the user wants to hide it...if ($(el).css('overflow') == 'hidden') { return false; }....var scroll = (a && a == 'left') ? 'scrollLeft' : 'scrollTop',....has = false;....if (el[scroll] > 0) { return true; }....// TODO: determine which cases actually cause this to happen...// if the element doesn't have the scroll set, s
<<< skipped >>>
GET /js/themes/base/ui.all.css HTTP/1.1
Accept: */*
Referer: hXXp://download3.showmypc.com/app/about-us.html?lang=ENG&version=3055&seq=5/21/20167:34:11 AM
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s3.showmypc.com
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: LKsYBv s5PNFlEkezBwRshPwadCobYrsx3/34PKI4TlKJLI/VU Kvbl38c8HcaRFIeCpgK6p9K4=
x-amz-request-id: A7F6A1FE97325DBA
Date: Sat, 21 May 2016 04:34:07 GMT
Last-Modified: Fri, 13 Jan 2012 21:28:15 GMT
ETag: "1bd7585503b70c200bf0aa5d9a5763d2"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 49
Server: AmazonS3
@import "ui.base.css";..@import "ui.theme.css";......
GET /js/jquery-1.3.2.js HTTP/1.1
Accept: */*
Referer: hXXp://download3.showmypc.com/app/about-us.html?lang=ENG&version=3055&seq=5/21/20167:34:11 AM
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s3.showmypc.com
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: /EiPEW92uZX2tTNoOyiyoEehf3/VvMGzJZIchOtVtEDVwY6XxBcGUjCzB8rcjSigSV2SqtEKUDc=
x-amz-request-id: A15A0E5607A52E9F
Date: Sat, 21 May 2016 04:34:07 GMT
Last-Modified: Fri, 13 Jan 2012 21:16:34 GMT
ETag: "e4af2b4805203f1ac490ad67531b848b"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 120619
Server: AmazonS3
/*!. * jQuery JavaScript Library v1.3.2. * hXXp://jquery.com/. *. * Copyright (c) 2009 John Resig. * Dual licensed under the MIT and GPL licenses.. * hXXp://docs.jquery.com/License. *. * Date: 2009-02-19 17:34:21 -0500 (Thu, 19 Feb 2009). * Revision: 6246. */.(function(){..var ..// Will speed up references to window, and allows munging its name...window = this,..// Will speed up references to undefined, and allows munging its name...undefined,..// Map over jQuery in case of overwrite.._jQuery = window.jQuery,..// Map over the $ in case of overwrite.._$ = window.$,...jQuery = window.jQuery = window.$ = function( selector, context ) {...// The jQuery object is actually just the init constructor 'enhanced'...return new jQuery.fn.init( selector, context );..},...// A simple way to check for HTML strings or ID strings..// (both of which we optimize for)..quickExpr = /^[^<]*(<(.|\s) >)[^>]*$|^#([\w-] )$/,..// Is it a simple selector..isSimple = /^.[^:#\[\.,]*$/;..jQuery.fn = jQuery.prototype = {..init: function( selector, context ) {...// Make sure that a selection was provided...selector = selector || document;....// Handle $(DOMElement)...if ( selector.nodeType ) {....this[0] = selector;....this.length = 1;....this.context = selector;....return this;...}...// Handle HTML strings...if ( typeof selector === "string" ) {....// Are we dealing with HTML string or an ID?....var match = quickExpr.exec( selector );.....// Verify a match, and that no context was specified for #id....if ( match && (match[1] || !c
<<< skipped >>>
GET /js/themes/base/ui.accordion.css HTTP/1.1
Accept: */*
Referer: hXXp://download3.showmypc.com/app/about-us.html?lang=ENG&version=3055&seq=5/21/20167:34:11 AM
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s3.showmypc.com
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: t6P/6YxcvMos4/maboVomYdo5PQa6dnXzcx0rWQI6daQFvD97kMz6ciI4HFjGrmomwIFgAFHkWY=
x-amz-request-id: CC51B24D042B9A31
Date: Sat, 21 May 2016 04:34:08 GMT
Last-Modified: Fri, 13 Jan 2012 21:28:15 GMT
ETag: "f9f6dc314c99503d328869a447fd3ee0"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 739
Server: AmazonS3
/* Accordion..----------------------------------*/...ui-accordion .ui-accordion-header { cursor: pointer; position: relative; margin-top: 1px; zoom: 1; }...ui-accordion .ui-accordion-li-fix { display: inline; }...ui-accordion .ui-accordion-header-active { border-bottom: 0 !important; }...ui-accordion .ui-accordion-header a { display: block; font-size: 1em; padding: .5em .5em .5em 2.2em; }...ui-accordion .ui-accordion-header .ui-icon { position: absolute; left: .5em; top: 50%; margin-top: -8px; }...ui-accordion .ui-accordion-content { padding: 1em 2.2em; border-top: 0; margin-top: -2px; position: relative; top: 1px; margin-bottom: 2px; overflow: auto; display: none; }...ui-accordion .ui-accordion-content-active { display: block; }....
GET /js/themes/base/ui.dialog.css HTTP/1.1
Accept: */*
Referer: hXXp://download3.showmypc.com/app/about-us.html?lang=ENG&version=3055&seq=5/21/20167:34:11 AM
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s3.showmypc.com
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: seNdRVBEj3/fecbe9/6si0MvQALuDGM3kGCqRzkBhTqPdzqt3M6nHn693xrMCZSFuW3qVjj srE=
x-amz-request-id: C754C263393A56C7
Date: Sat, 21 May 2016 04:34:08 GMT
Last-Modified: Fri, 13 Jan 2012 21:28:17 GMT
ETag: "1450ea3b2d0244a864357719557d5c5d"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 1177
Server: AmazonS3
/* Dialog..----------------------------------*/...ui-dialog { position: relative; padding: .2em; width: 300px; }...ui-dialog .ui-dialog-titlebar { padding: .5em .3em .3em 1em; position: relative; }...ui-dialog .ui-dialog-title { float: left; margin: .1em 0 .2em; } ...ui-dialog .ui-dialog-titlebar-close { position: absolute; right: .3em; top: 50%; width: 19px; margin: -10px 0 0 0; padding: 1px; height: 18px; }...ui-dialog .ui-dialog-titlebar-close span { display: block; margin: 1px; }...ui-dialog .ui-dialog-titlebar-close:hover, .ui-dialog .ui-dialog-titlebar-close:focus { padding: 0; }...ui-dialog .ui-dialog-content { border: 0; padding: .5em 1em; background: none; overflow: auto; zoom: 1; }...ui-dialog .ui-dialog-buttonpane { text-align: left; border-width: 1px 0 0 0; background-image: none; margin: .5em 0 0 0; padding: .3em 1em .5em .4em; }...ui-dialog .ui-dialog-buttonpane button { float: right; margin: .5em .4em .5em 0; cursor: pointer; padding: .2em .6em .3em .6em; line-height: 1.4em; width:auto; overflow:visible; }...ui-dialog .ui-resizable-se { width: 14px; height: 14px; right: 3px; bottom: 3px; }...ui-draggable .ui-dialog-titlebar { cursor: move; }......
<<< skipped >>>
GET /js/themes/base/ui.tabs.css HTTP/1.1
Accept: */*
Referer: hXXp://download3.showmypc.com/app/about-us.html?lang=ENG&version=3055&seq=5/21/20167:34:11 AM
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s3.showmypc.com
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: MS QVzVQxyumu1xYgLxffLD7vcDFyE70yxUHZ43 CwtdvKElI73/MMxQt2mWP8AzqGTFInSRQB0=
x-amz-request-id: A6221A21F2A13611
Date: Sat, 21 May 2016 04:34:09 GMT
Last-Modified: Fri, 13 Jan 2012 21:28:17 GMT
ETag: "9b89f005055f72900e73ca689d2d3ea2"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 1047
Server: AmazonS3
/* Tabs..----------------------------------*/...ui-tabs { padding: .2em; zoom: 1; }...ui-tabs .ui-tabs-nav { list-style: none; position: relative; padding: .2em .2em 0; }...ui-tabs .ui-tabs-nav li { position: relative; float: left; border-bottom-width: 0 !important; margin: 0 .2em -1px 0; padding: 0; }...ui-tabs .ui-tabs-nav li a { float: left; text-decoration: none; padding: .5em 1em; }...ui-tabs .ui-tabs-nav li.ui-tabs-selected { padding-bottom: 1px; border-bottom-width: 0; }...ui-tabs .ui-tabs-nav li.ui-tabs-selected a, .ui-tabs .ui-tabs-nav li.ui-state-disabled a, .ui-tabs .ui-tabs-nav li.ui-state-processing a { cursor: text; }...ui-tabs .ui-tabs-nav li a, .ui-tabs.ui-tabs-collapsible .ui-tabs-nav li.ui-tabs-selected a { cursor: pointer; } /* first selector in group seems obsolete, but required to overcome bug in Opera applying cursor: text overall if defined elsewhere... */...ui-tabs .ui-tabs-panel { padding: 1em 1.4em; display: block; border-width: 0; background: none; }...ui-tabs .ui-tabs-hide { display: none !important; }......
GET /js/themes/base/ui.progressbar.css HTTP/1.1
Accept: */*
Referer: hXXp://download3.showmypc.com/app/about-us.html?lang=ENG&version=3055&seq=5/21/20167:34:11 AM
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s3.showmypc.com
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: 5HJDPPTEIENsWVSARBNp/1IHgkoU3ebF3oWXg X/HFviuMHAZE/2yYrOHSHPeB0P ZTw DiVDdg=
x-amz-request-id: 3C74A7F42C865472
Date: Sat, 21 May 2016 04:34:09 GMT
Last-Modified: Fri, 13 Jan 2012 21:28:17 GMT
ETag: "c302fab2906c786b4cec8df7970e4cb2"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 172
Server: AmazonS3
/* Progressbar..----------------------------------*/...ui-progressbar { height:2em; text-align: left; }...ui-progressbar .ui-progressbar-value {margin: -1px; height:100%; }HTTP/1.1 200 OK..x-amz-id-2: 5HJDPPTEIENsWVSARBNp/1IHgkoU3ebF3oWXg X/HFviuMHAZE/2yYrOHSHPeB0P ZTw DiVDdg=..x-amz-request-id: 3C74A7F42C865472..Date: Sat, 21 May 2016 04:34:09 GMT..Last-Modified: Fri, 13 Jan 2012 21:28:17 GMT..ETag: "c302fab2906c786b4cec8df7970e4cb2"..Accept-Ranges: bytes..Content-Type: text/css..Content-Length: 172..Server: AmazonS3../* Progressbar..----------------------------------*/...ui-progressbar { height:2em; text-align: left; }...ui-progressbar .ui-progressbar-value {margin: -1px; height:100%; }....
GET /js/ui/ui.tabs.js HTTP/1.1
Accept: */*
Referer: hXXp://download3.showmypc.com/app/about-us.html?lang=ENG&version=3055&seq=5/21/20167:34:11 AM
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s3.showmypc.com
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: wkuPZhMOXAvOtOG6udcQ7QhLEcUUI/nfguFIEfY0C4sLp6OF44FGihV0Pz4aojhxJFeUPyBiqTE=
x-amz-request-id: 9EC993F8A7CEFEA9
Date: Sat, 21 May 2016 04:34:10 GMT
Last-Modified: Fri, 13 Jan 2012 21:28:34 GMT
ETag: "f07e6494dd1b6068a2d432af1ec208a8"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 19069
Server: AmazonS3
/*. * jQuery UI Tabs 1.7.2. *. * Copyright (c) 2009 AUTHORS.txt (http://jqueryui.com/about). * Dual licensed under the MIT (MIT-LICENSE.txt). * and GPL (GPL-LICENSE.txt) licenses.. *. * hXXp://docs.jquery.com/UI/Tabs. *. * Depends:. *.ui.core.js. */.(function($) {..$.widget("ui.tabs", {..._init: function() {...if (this.options.deselectable !== undefined) {....this.options.collapsible = this.options.deselectable;...}...this._tabify(true);..},..._setData: function(key, value) {...if (key == 'selected') {....if (this.options.collapsible && value == this.options.selected) {.....return;....}....this.select(value);...}...else {....this.options[key] = value;....if (key == 'deselectable') {.....this.options.collapsible = value;....}....this._tabify();...}..},..._tabId: function(a) {...return a.title && a.title.replace(/\s/g, '_').replace(/[^A-Za-z0-9\-_:\.]/g, '') ||....this.options.idPrefix $.data(a);..},..._sanitizeSelector: function(hash) {...return hash.replace(/:/g, '\\:'); // we need this because an id may contain a ":"..},..._cookie: function() {...var cookie = this.cookie || (this.cookie = this.options.cookie.name || 'ui-tabs-' $.data(this.list[0]));...return $.cookie.apply(null, [cookie].concat($.makeArray(arguments)));..},..._ui: function(tab, panel) {...return {....tab: tab,....panel: panel,....index: this.anchors.index(tab)...};..},..._cleanup: function() {...// restore all former loading tabs labels...this.lis.filter('.ui-state-processing').removeClass('ui-state-processing')......find('span:data(label.
<<< skipped >>>
GET /ga.js HTTP/1.1
Accept: */*
Referer: hXXp://download3.showmypc.com/app/appheader.html?version=3055&lang=ENG
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sat, 21 May 2016 04:22:49 GMT
Expires: Sat, 21 May 2016 06:22:49 GMT
Last-Modified: Mon, 09 May 2016 22:17:11 GMT
X-Content-Type-Options: nosniff
Content-Type: text/javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 16022
Age: 677
Cache-Control: public, max-age=7200
...........}kW....w~........pk..f......ZZ(O.,.!$$!q.....gft...>{....%.G..>..fF~2........;>..i...&.9.....v*.|x.|$....L.....y. 5.....!..R*i..........>..mAf.o..@.0L.....1....w.v<_-.|aa.......F.p,....yA.....Q.{'...kyA....^.S...'o.2......5K..2o'~.....F#....*.7...c.#.l.P. >.L.j.4....h...L~-....JW.Z..bm.I.9....s..;...=..Ue...b....r.................).......dO.c....v.f...^:....=.}.N'.-4.5m|h..tb.6v..W..r$.@.8................v......e...T.t.h.c:..(....~.e0.].....{Y.p.....K.@L..JZ.q.s.8...T...9..1r...u.KS..(xa!..{0!..5.4.^...7..."..........J8... .....O....t...q...|...a......a.V.q.5.e.([2..F[.........E...W.|....5a...0..0...Ma.ML.....d....3.....=/.z`....i....ku#.4.b.Ra.^.:.-.j.*..L.......A.;...Q.{2i.....}l..H.....T...Y._.Q!q ..V.y...9.@.R..8..!x!...p.e4...'$c......x....'..AF&*i.../..@...!..zx..bq.{<..9...~..]...cW.Q....@A...........U..}. .ihA..n..KK0:....b....@.D..U.....b.I>...-=...|..E.._.W.pS..5....4.Ma..|.B......w...b>X. ...a....gV.1...ra!ZX.).,...[..*[.....)s8.. .....X8.c..D6'ai.6..Q.u10..N...p...>V.............!V.......p#.....#.j...b......C....^........#..>E.`.........y.....%..M.D.e...Y.HB.....a.G(.b.P.=.......'...&.T._.B..C......T....8..Ra.5.o.*...!.o..t ....`"@...='..<.Z.n..}`...m...TY...-...&".!.p....j...H....z........|....H.....*...4"...K.0D8..2...`.O..R......../`2.6.F.W..,...2.....I..Y....o...8..yA].....G.....8..8[..U.*x..).]...=.\...0<.pu....7%.e?".P..f../.C??.h..8|Y.....W.j...^.O(.O.....3W\Q....~.N.G.Z.3.OO..W.....7i(....c...!.Az....*...*..pdo.c4.k.%..}.......". ..f...{_.z..
<<< skipped >>>
GET /r/__utm.gif?utmwv=5.6.7&utms=1&utmn=565884732&utmhn=download3.showmypc.com&utmcs=utf-8&utmsr=1276x846&utmvp=544x54&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmhid=1995597227&utmr=-&utmp=/app/appheader.html?version=3055&lang=ENG&utmht=1463805253604&utmac=UA-3896280-1&utmcc=__utma=172476214.434589424.1463805253.1463805253.1463805253.1;+__utmz=172476214.1463805253.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmjid=1660193878&utmredir=1&utmu=DAAAAAAAAAAAAAAAAAAAAAAE~ HTTP/1.1
Accept: */*
Referer: hXXp://download3.showmypc.com/app/appheader.html?version=3055&lang=ENG
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Date: Sat, 21 May 2016 04:34:06 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Server: Golfe2
Content-Length: 35
GIF89a.............,...........D..;....
GET /__utm.gif?utmwv=5.6.7&utms=2&utmn=93188622&utmhn=download3.showmypc.com&utmcs=utf-8&utmsr=1276x846&utmvp=488x298&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmhid=929702296&utmr=-&utmp=/app/about-us.html?lang=ENG&version=3055&seq=5/21/20167:34:11%2520AM&utmht=1463805259104&utmac=UA-3896280-1&utmcc=__utma=172476214.434589424.1463805253.1463805253.1463805253.1;+__utmz=172476214.1463805253.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmjid=&utmu=DAAAAAAAAAAAAAAAAAAAAABE~ HTTP/1.1
Accept: */*
Referer: hXXp://download3.showmypc.com/app/about-us.html?lang=ENG&version=3055&seq=5/21/20167:34:11 AM
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Date: Wed, 18 May 2016 09:36:06 GMT
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Server: Golfe2
Content-Length: 35
Age: 241084
Cache-Control: no-cache, no-store, must-revalidate
GIF89a.............,...........D..;HTTP/1.1 200 OK..Access-Control-Allow-Origin: *..Date: Wed, 18 May 2016 09:36:06 GMT..Pragma: no-cache..Expires: Mon, 01 Jan 1990 00:00:00 GMT..Last-Modified: Sun, 17 May 1998 03:00:00 GMT..X-Content-Type-Options: nosniff..Content-Type: image/gif..Server: Golfe2..Content-Length: 35..Age: 241084..Cache-Control: no-cache, no-store, must-revalidate..GIF89a.............,...........D..;..
GET /app/appheader.html?version=3055&lang=ENG HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: download3.showmypc.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sat, 21 May 2016 04:34:03 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Content-Length: 1859
Connection: close
Content-Type: text/html; charset=UTF-8
<html><head><smpcok></smpcok>.<style>.a.linksmall {color:green;text-decoration:underline;font-size: 11px;}.a.linksmallred {color:green;text-decoration:underline;font-size: 11px;}.a.colorlink {color:green;text-decoration:underline;font-size: 12px;}.a.linkclear {color:green;text-decoration:none;font-size: 12px;}.</style>.<script language="JavaScript">.<!--.var message="Function Disabled!";...function catchError() { return true; }.window.onerror = catchError;..function clickIE4(){.if (event.button==2){.return false;.}.}.function clickNS4(e){.if (document.layers||document.getElementById&&!document.all){.if (e.which==2||e.which==3){.return false;.}.}.}.try.{..if (document.layers){...document.captureEvents(Event.MOUSEDOWN);...document.onmousedown=clickNS4;..}..else if (document.all&&!document.getElementById){...document.onmousedown=clickIE4;..}..document.oncontextmenu=new Function("return false").}.catch(e){}.// -->.</script>.</head>.<body topmargin="0" leftmargin="0" scroll="no">.<table border="0" cellspacing="0" cellpadding="0">.<tr>.<td valign="bottom">..<a href="hXXp://showmypc.com?ref=header" target="_new"><img src="hXXp://s3.showmypc.com/images/logo-showmypc-210-50.gif" border="0"></a>.</td>.<td valign="bottom">..</td>...<td valign="middle">......<a href="hXXp://download3.showmypc.com/ShowMyPC3161.exe" class="linksmallred">Get Latest Version 3161</a>.....</td>..</tr&
<<< skipped >>>
GET /pagead/show_ads.js HTTP/1.1
Accept: */*
Referer: hXXp://download3.showmypc.com/app/about-us.html?lang=ENG&version=3055&seq=5/21/20167:34:11 AM
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive
HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 12933430863646048122
Date: Sat, 21 May 2016 03:44:19 GMT
Expires: Sat, 21 May 2016 04:44:19 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 10659
X-XSS-Protection: 1; mode=block
Age: 2991
Cache-Control: public, max-age=3600
...........}iw....w.../#...-....u........>..J.(Q!)/......7IN..3..XX.@.(......37...i.^.xwJ.q...h^..'.u..t..vY.ea.d.yxc.&.f.a.h1..4.V.o..|...t.GW.gq....@Y.8o...l.....}....9..4Jo..... ..f..t-G..6..?...u..,..~..../...2..j.9..XiAVd.. 3.\........;..*.i.9..........|...4...n....1fs.a=....aX...E.E....}.Ra5G"..L.l.V.%|.[F.,N..0b).....={....s.......m."nu....}..A...^...z.vW.c.....\.....u_%o.de.....?.6......c(...rG...S..c. .v{n.=..Z....4...a....3.N.c...E.*.6H.".....E....I%..:.fi......wA7(.....a....X.kX.4^.{.f*.h..0.....Z.D..........\."&.....J...i.L.9yc.i.........f... .\.....S.Z#..."1.W.L..............K.... ..\....Mo.L..1..........L........L..Le2..u..../.3.........,..b.C..v....'.. .l...I...~.f'.................:...N3*.S^k...L.%...DP#..hP..E....f2..Iv6#>m;..........]Q.s5.KD....0...;......is....K..Y..S..7.7..HD.d.L..~C.s..9<.l..V...0V...n...s9...~.....0.1.c..3_...!..4.{.....<.pg.........N"...k..:..FW">e.(.. .'A*...d.;........99etM@..z. .q.b`...w....(.v.@z....q.`E..-.=..x.9` ...f......4....ZMq-\....4..-Dq..F....[.z......q5.....w....u....o..:.|^..I><..M.......Z.^.x...9..M..s.{.....lTb'....S....s5..._....:c.u..i>g..$r...3....^2...W....kV.X./.X.....i........1....=.....A..t....t...e..<.mJy....yX.,G..#.\.....%'....].M........g.-.a#.E..t.Hv...Z..P|.z....9.U..R..... B5..:..E....p.L.v....r...Q. ..V.....uO..L........Z..q..l....2.>....7.CG.2...e.e..g.4....;..t.R`.o@..i<.....Ry..,}8%.zS!.7}c....$.rTY..*f......w..^..xi..~/..3...?G...b.El..^..=[....-^...<B..y..GZ..P..4..]s...Z.&......eR....... ..P..(..Bk.
<<< skipped >>>
GET /pagead/js/r20160517/r20151006/show_ads_impl.js HTTP/1.1
Accept: */*
Referer: hXXp://download3.showmypc.com/app/about-us.html?lang=ENG&version=3055&seq=5/21/20167:34:11 AM
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive
HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 4115156899196434771
Date: Sat, 21 May 2016 04:34:10 GMT
Expires: Sat, 21 May 2016 04:34:10 GMT
Cache-Control: private, max-age=1209600
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 109488
X-XSS-Protection: 1; mode=block
............w_.I.0.?..z.0.V!$...4z1.0N......_'.....Fz?.=.T.. .gw.s...u.|..2..a0.....x.M.......u.S6qU.g=N..|2\..u.....zK.xZ....z.\.<...3.(.....b1t.F......FP....2.t...B...v.(af.i.&&.C. ..a<.ln.!....g.e9.F.21}..4.....&|P.......ZW..%k{..y.8...Ng.0...b.^..Q......Fw.....k.....a......m...........A......%.v2.x..o..0`8.<....i.w.......d4.a....r6...r.....u..{..gw...Z..@.&......?.m.0....M ..&.......F.........T..8...^O...h..}..Q.`..2..O....1......l....U%..Ko,..4Z...9.q(...2..H..M.0.(r......C1...{..d...HiN.....v...i.*/....)m2-......U.d7.C..H...g.*=Q4.8....#..{.FE..{...Z,L.uK.>6..\#....It=...F....>}..:...gg`Z......=...y..@..g......W...1o..&.....$_....g.:.....d....n.H.. .."t..j'..'E.{Y.....g`|...J....5....c.X.Z.D..g..7........f...G[k..rss...*QA@.*C0....p.....z0......=.[h.^t..Oj.~.:$g..f..j.}7.%`q..x>..LFv>...q.N.3o......"7.%..0}..g..C...{kA...O...}.d"..X{......N.y0.M\.R>....,.......ff..V.b=...r....JV.....\.....LL:..Z....L.]....7.&..E..............XT......u@ .l......j`.J..^t.-.sm....=....)...Q...j{pO..U....s..2....V.Y......[Zf.nT..[%..d..f...$.(x..7.:.<.w..Q..mQ...=5.J.R3....2H....T).\..(x&.U..\.yM/2e_R.>_.$..FF..[...z. ....>..C:."=.?....N.L...N.S..._...K_.3.-...t......T.a:5.S.n.....2.B.?5...]?....Z.._..>3...........6.p.s1.\.(.3..|..1...#..&.=Y..p..x4....N.q9......6...hf.........`....>..n..m...Xx......)i.b.4.y..8wtq.m0........&^.Y .9h..........y...@l(......d. .N.....<.......j....#.Co....|:..(..!..U. ....._.f.d.K.......;...5.....L.D.>N.._...y.UZ...z..3......n....,..3c.....Rq?0.?..N0*
<<< skipped >>>
GET /app/about-us.html?lang=ENG&version=3055&seq=5/21/20167:34:11 AM HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: download3.showmypc.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sat, 21 May 2016 04:34:03 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Content-Length: 3630
Connection: close
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html>.<html><!-- <smpcok></smpcok><smpcw>8125</smpcw><smpch>6250</smpch>3300|6120<smpcft>1</smpcft> -->.<head>.<SCRIPT LANGUAGE="JavaScript">.<!--..function stopError() {. return true;.}..window.onerror = stopError;..// -->.</SCRIPT>. <link type="text/css" href="hXXp://s3.showmypc.com/style.css" />. <link type="text/css" href="hXXp://s3.showmypc.com/js/themes/base/ui.all.css" rel="stylesheet" / >. <script type="text/javascript" src="http://s3.showmypc.com/js/jquery-1.3.2.js"></script>. <script type="text/javascript" src="hXXp://s3.showmypc.com/js/ui/ui.core.js"></script>. <script type="text/javascript" src="hXXp://s3.showmypc.com/js/ui/ui.tabs.js"></script>. <script type="text/javascript">. $(document).ready(function(){. $("#tabs").tabs();. });. </script>.</head>.<style type="text/css">./*margin and padding on body element. can introduce errors in determining. element position and are not recommended;. we turn them off as a foundation for YUI. CSS treatments. */.body {..margin:0px;..padding:0pt;..height:100%;..font-family:arial,sans-serif;.}...yui-skin-sam .yui-navset .yui-content {.background:#ffffff none repeat scroll 0 0;.}.a.{..color:green;.}.h2 {.border-bottom:1px dotted green;.color:#E66C2C;.font-size:1.5em;.font-weight:bold;.margin-bottom:2px;.margin-top:8px;.padding:0 0 4px;.}.</style>.<body style="font-size:
<<< skipped >>>
Map
The Trojan-Dropper connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_172:
.text
.text
.data
.data
.rsrc
.rsrc
ADVAPI32.dll
ADVAPI32.dll
KERNEL32.dll
KERNEL32.dll
NTDLL.DLL
NTDLL.DLL
GDI32.dll
GDI32.dll
USER32.dll
USER32.dll
COMCTL32.dll
COMCTL32.dll
VERSION.dll
VERSION.dll
advapi32.dll
advapi32.dll
advpack.dll
advpack.dll
wininit.ini
wininit.ini
Software\Microsoft\Windows\CurrentVersion\App Paths
Software\Microsoft\Windows\CurrentVersion\App Paths
setupapi.dll
setupapi.dll
setupx.dll
setupx.dll
IXPd.TMP
IXPd.TMP
TMP4351$.TMP
TMP4351$.TMP
FINISHMSG
FINISHMSG
USRQCMD
USRQCMD
ADMQCMD
ADMQCMD
msdownld.tmp
msdownld.tmp
wextract.pdb
wextract.pdb
PSSSSSSh
PSSSSSSh
RegCloseKey
RegCloseKey
RegOpenKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegCreateKeyExA
RegQueryInfoKeyA
RegQueryInfoKeyA
GetWindowsDirectoryA
GetWindowsDirectoryA
ExitWindowsEx
ExitWindowsEx
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
rundll32.exe %s,InstallHinfSection %s 128 %s
rundll32.exe %s,InstallHinfSection %s 128 %s
SHELL32.DLL
SHELL32.DLL
Software\Microsoft\Windows\CurrentVersion\RunOnce
Software\Microsoft\Windows\CurrentVersion\RunOnce
PendingFileRenameOperations
PendingFileRenameOperations
System\CurrentControlSet\Control\Session Manager\FileRenameOperations
System\CurrentControlSet\Control\Session Manager\FileRenameOperations
wextract_cleanup%d
wextract_cleanup%d
%s /D:%s
%s /D:%s
rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"
rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"
Command.com /c %s
Command.com /c %s
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\
~~}}}|||3
~~}}}|||3
smpcvc.exe
smpcvc.exe
MSRC4Plugin.dsm
MSRC4Plugin.dsm
MSRC4Plugin_NoReg.dsm
MSRC4Plugin_NoReg.dsm
settings.ini
settings.ini
SMPCSetup.exe
SMPCSetup.exe
spcplink.exe
spcplink.exe
TIPOFDAY.TXT
TIPOFDAY.TXT
VNCHooks.dll
VNCHooks.dll
smvnview.exe
smvnview.exe
smwinvnc.exe
smwinvnc.exe
mm2.res
mm2.res
MSWINSCK.OCX
MSWINSCK.OCX
smwg.exe
smwg.exe
ijl11.dll
ijl11.dll
.nF&&
.nF&&
Fq=%f`{c
Fq=%f`{c
)|{^|*|`
)|{^|*|`
.rEcX
.rEcX
Dx%uM
Dx%uM
l.izX
l.izX
4%f^`
4%f^`
E%ug7
E%ug7
Fc.lK!
Fc.lK!
S.RBFVi;
S.RBFVi;
"ÂD3
"ÂD3
Q.CL
Q.CL
-]
-]
#.Ga03
#.Ga03
.YB\F|G
.YB\F|G
.csUA
.csUA
dG.Sr
dG.Sr
J.apC
J.apC
%.AD2
%.AD2
%c(!i
%c(!i
)?O%u
)?O%u
2,A%C'o
2,A%C'o
ED.sd
ED.sd
z=.Yr
z=.Yr
.NG`$
.NG`$
:%Cy9
:%Cy9
(w.yk V
(w.yk V
%U=ya
%U=ya
(7UDp
(7UDp
(.tC=v
(.tC=v
.zz>NL
.zz>NL
.ej$'
.ej$'
.zM){i
.zM){i
.RS'f
.RS'f
)m(9CQ%%f
)m(9CQ%%f
.aaD1M
.aaD1M
Iw.pQ
Iw.pQ
%U3
%U3
0.Xml}j,
0.Xml}j,
`Q.Ne(
`Q.Ne(
Ov]P1
Ov]P1
z.MCW\
z.MCW\
v$;(
v$;(
]'I.uU
]'I.uU
|m%cs
|m%cs
B .ZL_
B .ZL_
U%clt
U%clt
.Ey;[
.Ey;[
eymsG
eymsG
^kEyz
^kEyz
.vRSS
.vRSS
6.HSj
6.HSj
.kW =l
.kW =l
R.rYV
R.rYV
K.Ib&
K.Ib&
.wCkN
.wCkN
WH%d,
WH%d,
%CH J
%CH J
R\:,%dN
R\:,%dN
&.eKe
&.eKe
#q.mj
#q.mj
2%5X
2%5X
Ov).ap
Ov).ap
"[r.lp
"[r.lp
.Twd
.Twd
zi"%cs
zi"%cs
W8.LrZ
W8.LrZ
.ZIT-
.ZIT-
(F.hS
(F.hS
G.MAx
G.MAx
.fvAt?
.fvAt?
V.CUp
V.CUp
%U]zs
%U]zs
#h.OL2
#h.OL2
PM%d/
PM%d/
Rm.ye*
Rm.ye*
>^%xf
>^%xf
3D.gf
3D.gf
em%fk
em%fk
]%C}M
]%C}M
.ffg:
.ffg:
.Ju4m[gr
.Ju4m[gr
e.yfR
e.yfR
RkJ.qp
RkJ.qp
SSh;?
SSh;?
r.cS%
r.cS%
N0`(B.LsFT
N0`(B.LsFT
{n:.Sm
{n:.Sm
.Bp#yN
.Bp#yN
D`T%U
D`T%U
.OzeC
.OzeC
F_%d|%
F_%d|%
.co^:Y
.co^:Y
$-wJ}
$-wJ}
DMD7%S
DMD7%S
=.qFh
=.qFh
w-s}~,b
w-s}~,b
*%u}ly
*%u}ly
-&/&1&3&5&6&8
-&/&1&3&5&6&8
.RW U
.RW U
P.SuC
P.SuC
7`H%SJ
7`H%SJ
2:.fz
2:.fz
.dd9Y
.dd9Y
.UWS~
.UWS~
.ch[[
.ch[[
_?SbRsJ@Qa%S
_?SbRsJ@Qa%S
-9%u
-9%u
%c#w?
%c#w?
.EKMO
.EKMO
J%D
J%D
.Xr2P7LH
.Xr2P7LH
o.hDB
o.hDB
N@DT%d
N@DT%d
p=Q.sDvkE
p=Q.sDvkE
Y(.mb
Y(.mb
p.qK#
p.qK#
vhqi%s
vhqi%s
Qmsg
Qmsg
.tvIc)
.tvIc)
-M%1Xd
-M%1Xd
,
,
\~.OJ
\~.OJ
9%F;0)TO
9%F;0)TO
'ie.tl
'ie.tl
%Uwl/3
%Uwl/3
eHXkr%Xm
eHXkr%Xm
VY.kF
VY.kF
%X.A*
%X.A*
.rJ:KA
.rJ:KA
.nA3D
.nA3D
8%f~WWn
8%f~WWn
i/";%d
i/";%d
|p.nU
|p.nU
V.cs_K
V.cs_K
y.uad }#
y.uad }#
S.gc;.
S.gc;.
.nT
.nT
V8.Xw
V8.Xw
"SMPCSetup.exe"
"SMPCSetup.exe"
_}$%U
_}$%U
@%U#-
@%U#-
yftp
yftp
Please read the following license agreement. Press the PAGE DOWN key to see the rest of the agreement.
Please read the following license agreement. Press the PAGE DOWN key to see the rest of the agreement.
CFailed to get disk space information from: %s.
CFailed to get disk space information from: %s.
System Message: %s.&A required resource cannot be located. Are you sure you want to cancel?
System Message: %s.&A required resource cannot be located. Are you sure you want to cancel?
8Unable to retrieve operating system version information.!Memory allocation request failed.
8Unable to retrieve operating system version information.!Memory allocation request failed.
Filetable full.Ên not change to destination folder.
Filetable full.Ên not change to destination folder.
Setup could not find a drive with %s KB free disk space to install the program. Please free up some space first and press RETRY or press CANCEL to exit setup.KThat folder is invalid. Please make sure the folder exists and is writable.IYou must specify a folder with fully qualified pathname or choose Cancel.!Could not update folder edit box.5Could not load functions required for browser dialog.7Could not load Shell32.dll required for browser dialog.
Setup could not find a drive with %s KB free disk space to install the program. Please free up some space first and press RETRY or press CANCEL to exit setup.KThat folder is invalid. Please make sure the folder exists and is writable.IYou must specify a folder with fully qualified pathname or choose Cancel.!Could not update folder edit box.5Could not load functions required for browser dialog.7Could not load Shell32.dll required for browser dialog.
(Error creating process . Reason: %s1The cluster size in this system is not supported.,A required resource appears to be corrupted.QWindows 95 or Windows NT 4.0 Beta 2 or greater is required for this installation.
(Error creating process . Reason: %s1The cluster size in this system is not supported.,A required resource appears to be corrupted.QWindows 95 or Windows NT 4.0 Beta 2 or greater is required for this installation.
Error loading %shGetProcAddress() failed on function '%s'. Possible reason: incorrect version of advpack.dll being used./Windows 95 or Windows NT is required to install
Error loading %shGetProcAddress() failed on function '%s'. Possible reason: incorrect version of advpack.dll being used./Windows 95 or Windows NT is required to install
Could not create folder '%s'
Could not create folder '%s'
To install this program, you need %s KB disk space on drive %s. It is recommended that you free up the required disk space before you continue.
To install this program, you need %s KB disk space on drive %s. It is recommended that you free up the required disk space before you continue.
Error retrieving Windows folder
Error retrieving Windows folder
$NT Shutdown: OpenProcessToken error.)NT Shutdown: AdjustTokenPrivileges error.!NT Shutdown: ExitWindowsEx error.}Extracting file failed. It is most likely caused by low memory (low disk space for swapping file) or corrupted Cabinet file.aThe setup program could not retrieve the volume information for drive (%s) .
$NT Shutdown: OpenProcessToken error.)NT Shutdown: AdjustTokenPrivileges error.!NT Shutdown: ExitWindowsEx error.}Extracting file failed. It is most likely caused by low memory (low disk space for swapping file) or corrupted Cabinet file.aThe setup program could not retrieve the volume information for drive (%s) .
System message: %s.xSetup could not find a drive with %s KB free disk space to install the program. Please free up some space and try again.eThe installation program appears to be damaged or corrupted. Contact the vendor of this application.
System message: %s.xSetup could not find a drive with %s KB free disk space to install the program. Please free up some space and try again.eThe installation program appears to be damaged or corrupted. Contact the vendor of this application.
/C: -- Override Install Command defined by author.
/C: -- Override Install Command defined by author.
eAnother copy of the '%s' package is already running on your system. Do you want to run another copy?
eAnother copy of the '%s' package is already running on your system. Do you want to run another copy?
Could not find the file: %s.
Could not find the file: %s.
:The folder '%s' does not exist. Do you want to create it?hAnother copy of the '%s' package is already running on your system. You can only run one copy at a time.OThe '%s' package is not compatible with the version of Windows you are running.SThe '%s' package is not compatible with the version of the file: %s on your system.
:The folder '%s' does not exist. Do you want to create it?hAnother copy of the '%s' package is already running on your system. You can only run one copy at a time.OThe '%s' package is not compatible with the version of Windows you are running.SThe '%s' package is not compatible with the version of the file: %s on your system.
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
WEXTRACT.EXE
WEXTRACT.EXE
Windows
Windows
Operating System
Operating System
6.00.2900.2180
6.00.2900.2180
%original file name%.exe_172_rwx_01001000_00001000:
advapi32.dll
advapi32.dll
advpack.dll
advpack.dll
wininit.ini
wininit.ini
Software\Microsoft\Windows\CurrentVersion\App Paths
Software\Microsoft\Windows\CurrentVersion\App Paths
setupapi.dll
setupapi.dll
setupx.dll
setupx.dll
IXPd.TMP
IXPd.TMP
TMP4351$.TMP
TMP4351$.TMP
FINISHMSG
FINISHMSG
USRQCMD
USRQCMD
ADMQCMD
ADMQCMD
msdownld.tmp
msdownld.tmp
wextract.pdb
wextract.pdb
PSSSSSSh
PSSSSSSh
SMPCSetup.exe_1076:
.text
.text
`.data
`.data
.rsrc
.rsrc
MSVBVM60.DLL
MSVBVM60.DLL
shdocvw.dll
shdocvw.dll
SHDocVwCtl.WebBrowser
SHDocVwCtl.WebBrowser
WebBrowser
WebBrowser
MSWINSCK.OCX
MSWINSCK.OCX
MSWinsockLib.Winsock
MSWinsockLib.Winsock
CmdOutput
CmdOutput
ModuleWindows
ModuleWindows
frmLogin
frmLogin
frmLoginService
frmLoginService
FormSSHSettings
FormSSHSettings
ModMsgDisp
ModMsgDisp
cMsgDisp
cMsgDisp
frmLogin1
frmLogin1
ws2_32.dll
ws2_32.dll
ReadExeProperty
ReadExeProperty
iphlpapi.dll
iphlpapi.dll
urlmon
urlmon
URLDownloadToFileA
URLDownloadToFileA
SHFileOperationA
SHFileOperationA
wininet.dll
wininet.dll
HttpQueryInfoA
HttpQueryInfoA
HttpOpenRequestA
HttpOpenRequestA
HttpSendRequestA
HttpSendRequestA
comdlg32.dll
comdlg32.dll
shell32.dll
shell32.dll
ShellExecuteA
ShellExecuteA
advapi32.dll
advapi32.dll
%Program Files%\Microsoft Visual Studio\VB98\VB6.OLB
%Program Files%\Microsoft Visual Studio\VB98\VB6.OLB
PrepareDotSSHFolder
PrepareDotSSHFolder
LabelRemotePassword
LabelRemotePassword
TextRemotePassword
TextRemotePassword
.httpConCheck
.httpConCheck
.%System%\winhttp.dll
.%System%\winhttp.dll
WinHttp
WinHttp
ValueKey
ValueKey
httpConCheck1
httpConCheck1
winHttpReqObj
winHttpReqObj
ShowPortConnectorInfo
ShowPortConnectorInfo
WebBrowserFooter2
WebBrowserFooter2
%WinDir%\System32\shdocvw.oca
%WinDir%\System32\shdocvw.oca
ShowSerialPortConfigurations
ShowSerialPortConfigurations
WebBrowser1
WebBrowser1
ShowSerialPortInfo
ShowSerialPortInfo
ReportProblem
ReportProblem
SupportRemoteUsers
SupportRemoteUsers
DebugReport
DebugReport
ShowKeyboardInfo
ShowKeyboardInfo
ShowParallelPortInfo
ShowParallelPortInfo
psapi.dll
psapi.dll
WriteExeProperty
WriteExeProperty
IsLegacyPassword
IsLegacyPassword
StartMeetingAfterGettingPorts
StartMeetingAfterGettingPorts
ReadSSHSettings
ReadSSHSettings
ForceSSHLogin
ForceSSHLogin
SendTerminateMsg
SendTerminateMsg
InviteUsersViaWeb
InviteUsersViaWeb
StartServerWithCurrentSSHPort
StartServerWithCurrentSSHPort
SwitchToBackUpSSH
SwitchToBackUpSSH
SSHHostConnection
SSHHostConnection
SetupHTTPtunnel
SetupHTTPtunnel
StartClientProcessAfterGettingPorts
StartClientProcessAfterGettingPorts
VerifyViewerSSH
VerifyViewerSSH
SSHViewerConnection
SSHViewerConnection
GenerateHostKey
GenerateHostKey
GetServerFromHostKey
GetServerFromHostKey
VBA6.DLL
VBA6.DLL
CreateAdditionalEXEAssociations
CreateAdditionalEXEAssociations
RegOpenKeyExA
RegOpenKeyExA
CreateEXEAssociation
CreateEXEAssociation
RegCloseKey
RegCloseKey
RegCreateKeyA
RegCreateKeyA
RegDeleteKeyA
RegDeleteKeyA
RegOpenKeyA
RegOpenKeyA
RegEnumKeyExA
RegEnumKeyExA
ClassKey
ClassKey
%System%\msvbvm60.dll\3
%System%\msvbvm60.dll\3
RegCreateKeyExA
RegCreateKeyExA
SectionKey
SectionKey
RegEnumKeyA
RegEnumKeyA
RegQueryInfoKeyA
RegQueryInfoKeyA
KeyExists
KeyExists
CreateKey
CreateKey
DeleteKey
DeleteKey
__vbaStopExe
__vbaStopExe
CreatePipe
CreatePipe
EnumWindows
EnumWindows
EnumChildWindows
EnumChildWindows
WebBrowserMyList
WebBrowserMyList
kernel32.dll
kernel32.dll
cmdOK
cmdOK
cmdCancel
cmdCancel
TextLoginStatus
TextLoginStatus
SetSchPasswordOnServer
SetSchPasswordOnServer
user32.dll
user32.dll
3iTextURL
3iTextURL
LabelURL
LabelURL
StartMeetingWithNicePass
StartMeetingWithNicePass
txtPassword
txtPassword
cmdOK_Click
cmdOK_Click
SetCustomPass
SetCustomPass
cmdKick
cmdKick
cmdDeselect
cmdDeselect
menuPrivateMsg
menuPrivateMsg
cmdDisconnect
cmdDisconnect
LabelNickName
LabelNickName
cmdSend
cmdSend
%System%\MSWINSCK.oca
%System%\MSWINSCK.oca
cmdConnect
cmdConnect
cmdHost
cmdHost
SendMsgOnUserClick
SendMsgOnUserClick
FrameSSH
FrameSSH
LabelSSHPassword
LabelSSHPassword
LabelSSHPort
LabelSSHPort
LabelSSHServer
LabelSSHServer
ButtonSSHTest
ButtonSSHTest
TextSSHPort
TextSSHPort
TextSSHServer
TextSSHServer
TextSSHPassword
TextSSHPassword
TextProxyPass
TextProxyPass
TextPort
TextPort
TextSSHUserName
TextSSHUserName
CheckUseHttp
CheckUseHttp
RememberSSHSettings
RememberSSHSettings
ClearSSHSettings
ClearSSHSettings
winmm.dll
winmm.dll
CryptDeriveKey
CryptDeriveKey
CryptDestroyKey
CryptDestroyKey
GetNamedPipeInfo
GetNamedPipeInfo
ijl11.dll
ijl11.dll
olepro32.dll
olepro32.dll
msvbvm60.dll
msvbvm60.dll
msvfw32.dll
msvfw32.dll
F%WinDir%\System32\stdole2.tlb
F%WinDir%\System32\stdole2.tlb
Password
Password
Login
Login
~~}}}|||3
~~}}}|||3
&Password:
&Password:
ShowMyPC Web
ShowMyPC Web
Debug Report
Debug Report
Send Report
Send Report
Meeting Password:
Meeting Password:
Get password from presenter
Get password from presenter
Password:
Password:
Use Windows Remote Desktop
Use Windows Remote Desktop
00:00:00
00:00:00
Use HTTP Proxy Server
Use HTTP Proxy Server
HTTP Proxy Server
HTTP Proxy Server
Use SOCKS username/password
Use SOCKS username/password
Port:
Port:
Private SSH Server
Private SSH Server
HTTP / Proxy
HTTP / Proxy
Use HTTP to Connect (For Restrictive Firewalls)
Use HTTP to Connect (For Restrictive Firewalls)
Test Private SSH Server
Test Private SSH Server
SSH Server:
SSH Server:
TextURL
TextURL
Share URL
Share URL
Update Nick Name
Update Nick Name
Join
Join
Nick Name
Nick Name
SSH Encrypted
SSH Encrypted
div.tableContainer {
div.tableContainer {
html>body div.tableContainer {
html>body div.tableContainer {
div.tableContainer table {
div.tableContainer table {
html>body div.tableContainer table {
html>body div.tableContainer table {
thead.fixedHeader tr {
thead.fixedHeader tr {
/* this enables overflow to work on TBODY element. All other non-IE, non-Mozilla browsers */
/* this enables overflow to work on TBODY element. All other non-IE, non-Mozilla browsers */
html>body thead.fixedHeader tr {
html>body thead.fixedHeader tr {
thead.fixedHeader th {
thead.fixedHeader th {
thead.fixedHeader a, thead.fixedHeader a:link, thead.fixedHeader a:visited {
thead.fixedHeader a, thead.fixedHeader a:link, thead.fixedHeader a:visited {
thead.fixedHeader a:hover {
thead.fixedHeader a:hover {
html>body tbody.scrollContent {
html>body tbody.scrollContent {
/* hXXp://VVV.alistapart.com/articles/zebratables/ */
/* hXXp://VVV.alistapart.com/articles/zebratables/ */
tbody.scrollContent td, tbody.scrollContent tr.normalRow td {
tbody.scrollContent td, tbody.scrollContent tr.normalRow td {
tbody.scrollContent tr.alternateRow td {
tbody.scrollContent tr.alternateRow td {
/* hXXp://VVV.w3.org/TR/REC-CSS2/selector.html#adjacent-selectors */
/* hXXp://VVV.w3.org/TR/REC-CSS2/selector.html#adjacent-selectors */
html>body thead.fixedHeader th {
html>body thead.fixedHeader th {
html>body thead.fixedHeader th th {
html>body thead.fixedHeader th th {
html>body thead.fixedHeader th th th {
html>body thead.fixedHeader th th th {
html>body tbody.scrollContent td {
html>body tbody.scrollContent td {
html>body tbody.scrollContent td td {
html>body tbody.scrollContent td td {
html>body tbody.scrollContent td td td {
html>body tbody.scrollContent td td td {
Password for remote users
Password for remote users
Schedule using Web
Schedule using Web
Support Remote Users
Support Remote Users
File Transfer (Web based)...
File Transfer (Web based)...
Keyboard Info
Keyboard Info
Parallel Port Info
Parallel Port Info
Port Connector
Port Connector
Serial Port Configurations
Serial Port Configurations
Serial Port
Serial Port
Report a Problem...
Report a Problem...
HOME_URL
HOME_URL
callbackAfterGettingPorts
callbackAfterGettingPorts
attemptNumToGetPort
attemptNumToGetPort
httpConCheck
httpConCheck
supportID
supportID
hostkey
hostkey
sKeyNames
sKeyNames
iKeyCount
iKeyCount
sExePath
sExePath
bSupportPrint
bSupportPrint
bSupportNew
bSupportNew
bSupportInstall
bSupportInstall
eKey
eKey
sSectionKey
sSectionKey
sValueKey
sValueKey
viewerServiceURL
viewerServiceURL
LoginSucceeded
LoginSucceeded
AutoLogin
AutoLogin
meetingTypeSupport
meetingTypeSupport
remoteKey
remoteKey
sendPrivateMsg
sendPrivateMsg
uiMsg
uiMsg
o*\A\\kallu\m\vagish\ShowMyPC\current\FinalSMPCssh.vbp
o*\A\\kallu\m\vagish\ShowMyPC\current\FinalSMPCssh.vbp
2c49f800-c2dd-11cf-9ad6-0080c7e7b78d
2c49f800-c2dd-11cf-9ad6-0080c7e7b78d
\servicelog.txt
\servicelog.txt
WindowState
WindowState
smwinvnc.exe
smwinvnc.exe
smvnview.exe
smvnview.exe
winvncultra.exe
winvncultra.exe
vncultra.exe
vncultra.exe
hXXp://service1.showmypc.com/connectnow.php
hXXp://service1.showmypc.com/connectnow.php
f#p.x.gi52
f#p.x.gi52
hXXp://showmypc.com/ShowMyPCHelp.php?version=
hXXp://showmypc.com/ShowMyPCHelp.php?version=
hXXp://download3.showmypc.com/app/appheader.html?version=
hXXp://download3.showmypc.com/app/appheader.html?version=
hXXps://assured.showmypc.com/app/appheaderpr.html
hXXps://assured.showmypc.com/app/appheaderpr.html
hXXps://assured.showmypc.com/live/invite-users/index.php
hXXps://assured.showmypc.com/live/invite-users/index.php
hXXps://assured.showmypc.com/live/invite-users/screenshot-mail.php
hXXps://assured.showmypc.com/live/invite-users/screenshot-mail.php
hXXps://assured.showmypc.com/mac/meetnow.html
hXXps://assured.showmypc.com/mac/meetnow.html
hXXps://assured.showmyp.com/users/fixk.php?version=
hXXps://assured.showmyp.com/users/fixk.php?version=
hXXps://assured.showmypc.com/users/rsettings.php?vr=
hXXps://assured.showmypc.com/users/rsettings.php?vr=
hXXp://showmypc.com/users/rsettings.php?vr=
hXXp://showmypc.com/users/rsettings.php?vr=
up-msg
up-msg
pop-msg
pop-msg
no-pop-msg
no-pop-msg
SOFTWARE\Microsoft\Windows NT\CurrentVersion
SOFTWARE\Microsoft\Windows NT\CurrentVersion
smpcchat.ini
smpcchat.ini
[Joined]
[Joined]
Srv.exe
Srv.exe
ShowMyPC.com Remote Service
ShowMyPC.com Remote Service
-register PortNumber=7900 Password=
-register PortNumber=7900 Password=
Error occured during operation.
Error occured during operation.
Unsupported value type
Unsupported value type
Failed to delete requested subkey!
Failed to delete requested subkey!
Registry Key Delete
Registry Key Delete
Failed to delete requested main key!
Failed to delete requested main key!
\temp.html
\temp.html
Keyboard - Win32_Keyboard
Keyboard - Win32_Keyboard
ProtocolSupported
ProtocolSupported
Select * from Win32_Keyboard
Select * from Win32_Keyboard
Number of Function Keys
Number of Function Keys
NumberOfFunctionKeys
NumberOfFunctionKeys
Parallel ports - Win32_ParallelPort
Parallel ports - Win32_ParallelPort
Select * from Win32_ParallelPort
Select * from Win32_ParallelPort
Protocol Supported
Protocol Supported
Port connector - Win32_PortConnector
Port connector - Win32_PortConnector
Select * from Win32_PortConnector
Select * from Win32_PortConnector
Port Type
Port Type
PortType
PortType
Serial port configuration - Win32_SerialPortConfiguration
Serial port configuration - Win32_SerialPortConfiguration
Select * from Win32_SerialPortConfiguration
Select * from Win32_SerialPortConfiguration
Serial ports - Win32_SerialPort
Serial ports - Win32_SerialPort
Select * from Win32_SerialPort
Select * from Win32_SerialPort
Supports DTRDSR
Supports DTRDSR
Supports16BitMode
Supports16BitMode
Supports 16-Bit Mode
Supports 16-Bit Mode
SupportsDTRDSR
SupportsDTRDSR
Supports Elapsed Timeouts
Supports Elapsed Timeouts
SupportsElapsedTimeouts
SupportsElapsedTimeouts
Supports Int Timeouts
Supports Int Timeouts
SupportsIntTimeouts
SupportsIntTimeouts
Supports Parity Check
Supports Parity Check
SupportsParityCheck
SupportsParityCheck
Supports RLSD
Supports RLSD
SupportsRLSD
SupportsRLSD
Supports RTSCTS
Supports RTSCTS
SupportsRTSCTS
SupportsRTSCTS
Supports Special Characters
Supports Special Characters
SupportsSpecialCharacters
SupportsSpecialCharacters
Supports XOn XOff
Supports XOn XOff
SupportsXOnXOff
SupportsXOnXOff
Supports XOn XOff Setting
Supports XOn XOff Setting
SupportsXOnXOffSet
SupportsXOnXOffSet
Supports Hot Plug
Supports Hot Plug
SupportsHotPlug
SupportsHotPlug
VccMixedVoltageSupport
VccMixedVoltageSupport
VCC Mixed Voltage Support
VCC Mixed Voltage Support
VppMixedVoltageSupport
VppMixedVoltageSupport
VPP Mixed Voltage Support
VPP Mixed Voltage Support
Maximum Memory Supported
Maximum Memory Supported
MaxMemorySupported
MaxMemorySupported
Monochrome
Monochrome
Power Management Supported
Power Management Supported
PowerManagementSupported
PowerManagementSupported
SupportedSRAM
SupportedSRAM
Supported SRAM
Supported SRAM
Maximum Baud Rate To SerialPort
Maximum Baud Rate To SerialPort
MaxBaudRateToSerialPort
MaxBaudRateToSerialPort
Port SubClass
Port SubClass
PortSubClass
PortSubClass
Responses Key Name
Responses Key Name
ResponsesKeyName
ResponsesKeyName
Select * from Win32_OperatingSystem
Select * from Win32_OperatingSystem
Operating systems
Operating systems
Windows Directory
Windows Directory
WindowsDirectory
WindowsDirectory
winvnc.exe
winvnc.exe
Operating systems
Operating systems
Windows Directory
Windows Directory
hXXps://assured.showmypc.com/remotedb.php
hXXps://assured.showmypc.com/remotedb.php
hXXp://showmypc.com/remotedb.php
hXXp://showmypc.com/remotedb.php
hXXp://download3.showmypc.com/app/about-us.html
hXXp://download3.showmypc.com/app/about-us.html
hXXps://assured.showmypc.com/portxxxxxmlxxx-351.php
hXXps://assured.showmypc.com/portxxxxxmlxxx-351.php
download3.showmypc.com
download3.showmypc.com
ns2.showmypc.com
ns2.showmypc.com
winvnc4.exe
winvnc4.exe
hXXps://assured.showmypc.com/live/appsettings.php?ci=
hXXps://assured.showmypc.com/live/appsettings.php?ci=
connectnowurl
connectnowurl
hXXp://showmypc.appspot.com/connectnow.php
hXXp://showmypc.appspot.com/connectnow.php
Software\Microsoft\Windows\CurrentVersion\Policies\System
Software\Microsoft\Windows\CurrentVersion\Policies\System
RegKey
RegKey
&mtpass=
&mtpass=
Please visit hXXp://showmypc.com for help or update information.
Please visit hXXp://showmypc.com for help or update information.
/chat/index.php?myroom=
/chat/index.php?myroom=
showmypc.com
showmypc.com
hXXp://showmypc.com/users/
hXXp://showmypc.com/users/
\settings.ini
\settings.ini
Getting Port 1
Getting Port 1
hXXps://assured.showmypc.com
hXXps://assured.showmypc.com
hXXp://ns2.showmypc.com
hXXp://ns2.showmypc.com
Getting Port 2
Getting Port 2
hXXp://ns1.showmypc.com
hXXp://ns1.showmypc.com
Getting Port 3
Getting Port 3
UEMURL
UEMURL
InternetExplorer.Application
InternetExplorer.Application
hXXp://showmypc.com/emailHandler.php?seq=
hXXp://showmypc.com/emailHandler.php?seq=
AutoPortSelect
AutoPortSelect
PortNumber
PortNumber
?task=get&actionToPut=connect&keyToPut=
?task=get&actionToPut=connect&keyToPut=
/ok.html
/ok.html
hXXps://assured.showmypc.com/users/rsettings.php?vr=3055
hXXps://assured.showmypc.com/users/rsettings.php?vr=3055
hXXp://showmypc.com/users/rsettings.php?vr=3055
hXXp://showmypc.com/users/rsettings.php?vr=3055
hXXps://assured.
hXXps://assured.
hXXp://
hXXp://
hXXp://localhost:
hXXp://localhost:
/ok.html?seq=
/ok.html?seq=
Windows 2000
Windows 2000
hXXp://localhost:5800/?s=
hXXp://localhost:5800/?s=
?task=put&actionToPut=connect&keyToPut=
?task=put&actionToPut=connect&keyToPut=
?task=del&actionToPut=connect&keyToPut=
?task=del&actionToPut=connect&keyToPut=
hXXps://assured.showmypc.com/getClientStatus.php?ci=
hXXps://assured.showmypc.com/getClientStatus.php?ci=
\smpcvc.exe
\smpcvc.exe
\mm2.res
\mm2.res
Error closing key.
Error closing key.
WScript.Shell
WScript.Shell
Windows_NT
Windows_NT
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
Cannot enable Remote Desktop on Windows 2000, use VNC
Cannot enable Remote Desktop on Windows 2000, use VNC
smwg.exe --no-check-certificate -O
smwg.exe --no-check-certificate -O
01/01/2009
01/01/2009
HTTP/1.0
HTTP/1.0
VVV.example
VVV.example
/index.asp
/index.asp
mypassword
mypassword
HTTP/1.1
HTTP/1.1
Windows 95
Windows 95
Windows 98
Windows 98
Windows Millennium
Windows Millennium
Windows NT 3.51
Windows NT 3.51
Windows NT 4.0
Windows NT 4.0
Windows XP
Windows XP
Windows 7
Windows 7
Microsoft.XMLHTTP
Microsoft.XMLHTTP
application/x-www-form-urlencoded
application/x-www-form-urlencoded
Msxml2.XMLHTTP.6.0
Msxml2.XMLHTTP.6.0
Msxml2.XMLHTTP.3.0
Msxml2.XMLHTTP.3.0
Msxml2.XMLHTTP
Msxml2.XMLHTTP
\combo.exe
\combo.exe
N:\home\vagish\ShowMyPC\showmypc-windows-bin-src\combo.exe
N:\home\vagish\ShowMyPC\showmypc-windows-bin-src\combo.exe
N:\home\vagish\ShowMyPC\showmypc-windows-bin-src\ShowMyPCPremium.exe
N:\home\vagish\ShowMyPC\showmypc-windows-bin-src\ShowMyPCPremium.exe
N:\home\vagish\ShowMyPC\showmypc-windows-bin-src\setall.bmp
N:\home\vagish\ShowMyPC\showmypc-windows-bin-src\setall.bmp
Getting Port
Getting Port
_MSG_ST_SVR
_MSG_ST_SVR
ENG_MSG_GN_ERR
ENG_MSG_GN_ERR
hXXp://VVV.vb2themax.com/vbmaximizer/files/vbm_demo.zip
hXXp://VVV.vb2themax.com/vbmaximizer/files/vbm_demo.zip
c:\vbm_demo.zip
c:\vbm_demo.zip
hXXp://showmypc.com/ShowMyPCHelp.php?version=3055
hXXp://showmypc.com/ShowMyPCHelp.php?version=3055
supportView
supportView
Share Password
Share Password
Do you wish to update exe with new ID.
Do you wish to update exe with new ID.
explorer.exe
explorer.exe
Cannot connect, Check SSH settings file.
Cannot connect, Check SSH settings file.
spcplink.exe
spcplink.exe
Testing SSH Connection...
Testing SSH Connection...
\res.txt
\res.txt
SSH Test Failed
SSH Test Failed
_MSG_DISCON
_MSG_DISCON
_MSG_WARNING
_MSG_WARNING
_MSG_GN_ERR
_MSG_GN_ERR
Check UI or settings.ini file, SSHServer is missing
Check UI or settings.ini file, SSHServer is missing
Check UI or settings.ini file, SSHUserName is missing
Check UI or settings.ini file, SSHUserName is missing
Check UI or settings.ini file, SSHPassword is missing
Check UI or settings.ini file, SSHPassword is missing
Check UI or settings.ini file, SSHPort is missing, using default 22
Check UI or settings.ini file, SSHPort is missing, using default 22
smpc.com443
smpc.com443
hXXps://secure.showmypc.com/transfer/index.php?cl=app&ver=
hXXps://secure.showmypc.com/transfer/index.php?cl=app&ver=
hXXp://download3.showmypc.com/app/appheader.html?version=3055
hXXp://download3.showmypc.com/app/appheader.html?version=3055
\explorer.exe
\explorer.exe
hXXps://showmypc.appspot.com/connectnow.php
hXXps://showmypc.appspot.com/connectnow.php
generatepasscode
generatepasscode
msgdesp
msgdesp
_MSG_LOGIN_FRM
_MSG_LOGIN_FRM
_MSG_LBL_HOST
_MSG_LBL_HOST
_MSG_LBL_PASS
_MSG_LBL_PASS
_MSG_LBL_EMAIL
_MSG_LBL_EMAIL
_MSG_LBL_TOP
_MSG_LBL_TOP
_MSG_LBL_CK_SRV
_MSG_LBL_CK_SRV
_MSG_LBL_OK
_MSG_LBL_OK
_MSG_LBL_CANCEL
_MSG_LBL_CANCEL
_MSG_FRM_SCH_MT
_MSG_FRM_SCH_MT
_MSG_LBL_HOST_EMAIL
_MSG_LBL_HOST_EMAIL
_MSG_LBL_MT_PASS
_MSG_LBL_MT_PASS
_MSG_LBL_MT_INFO
_MSG_LBL_MT_INFO
_MSG_SHARE_APP
_MSG_SHARE_APP
_MSG_REFRESH
_MSG_REFRESH
_MSG_CLOSE
_MSG_CLOSE
smvi.exe
smvi.exe
LoginFrmCaption
LoginFrmCaption
LoginPasLabel
LoginPasLabel
LoginTopCaption
LoginTopCaption
HomeURL
HomeURL
smht.exe
smht.exe
SSH Protocol Version 2, AES 256
SSH Protocol Version 2, AES 256
rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,3
rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,3
hXXp://showmypc.com/ShowMyPCFeedBack.html?cl=app&ver=
hXXp://showmypc.com/ShowMyPCFeedBack.html?cl=app&ver=
outlook.exe
outlook.exe
Outlook.Application
Outlook.Application
Password:
Password:
Or visit hXXp://
Or visit hXXp://
.showmypc.com
.showmypc.com
Password:
Password:
Reconnecting SSH...
Reconnecting SSH...
Restarting SSH
Restarting SSH
Using HTTP...
Using HTTP...
\spcplink.exe
\spcplink.exe
-N -C -v -ssh -2 -P
-N -C -v -ssh -2 -P
Starting SSH Connection...
Starting SSH Connection...
\smsh.exe -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 443 -N
\smsh.exe -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 443 -N
\smsh.exe
\smsh.exe
_MSG_GENER
_MSG_GENER
_MSG_UN_ERR
_MSG_UN_ERR
HTTP Connect...
HTTP Connect...
Starting with current port
Starting with current port
passcodegenerated
passcodegenerated
_MSG_SHR_ST
_MSG_SHR_ST
hXXps://assured.showmypc.com/live/mailer.php?sa=1&et=
hXXps://assured.showmypc.com/live/mailer.php?sa=1&et=
\smht.exe
\smht.exe
-C -ssh -2 -P
-C -ssh -2 -P
Connecting via HTTP...
Connecting via HTTP...
hostKey=
hostKey=
_MSG_ST_SSH
_MSG_ST_SSH
_MSG_SSHRST
_MSG_SSHRST
PROXY_AUTH_PASSTHROUGH
PROXY_AUTH_PASSTHROUGH
PROXY_AUTH_PASS
PROXY_AUTH_PASS
PROXY_PORT
PROXY_PORT
PORTMAP
PORTMAP
443 ssh
443 ssh
80 ssh
80 ssh
hXXp://localhost:4080/ok.html?
hXXp://localhost:4080/ok.html?
_MSG_CONN
_MSG_CONN
_MSG_WR_PASS
_MSG_WR_PASS
Check Version or Incorrect Password.
Check Version or Incorrect Password.
_MSG_ST_VIEW
_MSG_ST_VIEW
_MSG_SSH_ERR
_MSG_SSH_ERR
-C -v -ssh -2 -P
-C -v -ssh -2 -P
mstsc.exe /v:127.0.0.1:
mstsc.exe /v:127.0.0.1:
/password
/password
host=127.0.0.1
host=127.0.0.1
Port =
Port =
password =
password =
_MSG_VIEW_ST
_MSG_VIEW_ST
Warning, check password or get latest version from hXXp://showmypc.com
Warning, check password or get latest version from hXXp://showmypc.com
hXXps://assured.showmypc.com/room.html?vr=
hXXps://assured.showmypc.com/room.html?vr=
Would you like to send full report, it can take upto 30 secs
Would you like to send full report, it can take upto 30 secs
Generating report please wait...
Generating report please wait...
hXXps://assured.showmypc.com/live/mailer.php
hXXps://assured.showmypc.com/live/mailer.php
&de=1&sb=Debug Report (
&de=1&sb=Debug Report (
Could not send report, please copy text and email it to support@showmypc.com
Could not send report, please copy text and email it to support@showmypc.com
Report Sent
Report Sent
Use standard password.
Use standard password.
Password cannot be blank.
Password cannot be blank.
Meeting Password cannot less than 6 characters.
Meeting Password cannot less than 6 characters.
Check Password, Check Network or Meeting may not have started.
Check Password, Check Network or Meeting may not have started.
_MSG_YOUR_EMAIL
_MSG_YOUR_EMAIL
WMEncEng.WMEncoder
WMEncEng.WMEncoder
Video files (*.wmv)|*.wmv|All files (*.*)|*.*
Video files (*.wmv)|*.wmv|All files (*.*)|*.*
Windows Media Encoder might not be installed.
Windows Media Encoder might not be installed.
New Password
New Password
WMENC_HELP_URL
WMENC_HELP_URL
hXXp://showmypc.com/service/wmencoder.html
hXXp://showmypc.com/service/wmencoder.html
Password must be atleast 2 characters. No Spaces.
Password must be atleast 2 characters. No Spaces.
Password must be atleast 8 characters. No Spaces.
Password must be atleast 8 characters. No Spaces.
\mmit.res
\mmit.res
smsh.exe
smsh.exe
SMPCSetupSrv.exe
SMPCSetupSrv.exe
@reconnect.session
@reconnect.session
\smpcvc.exe
\smpcvc.exe
\SMPCSetupSrv.exe
\SMPCSetupSrv.exe
\winvncultra.exe
\winvncultra.exe
\ultravnc.ini
\ultravnc.ini
\SMPCHelper.exe
\SMPCHelper.exe
\smwg.exe
\smwg.exe
c:\cygwin
c:\cygwin
d:\cygwin
d:\cygwin
e:\cygwin
e:\cygwin
\cygcrypto-0.9.8.dll
\cygcrypto-0.9.8.dll
\cygminires.dll
\cygminires.dll
\cygwin1.dll
\cygwin1.dll
\cygz.dll
\cygz.dll
passwd
passwd
Please Save Password.
Please Save Password.
\mmi.res
\mmi.res
c:\.ssh
c:\.ssh
c:\cygwin\.ssh
c:\cygwin\.ssh
d:\cygwin\.ssh
d:\cygwin\.ssh
d:\.ssh
d:\.ssh
Invalid Password, try again!
Invalid Password, try again!
sshremem
sshremem
sshusr
sshusr
sshaut
sshaut
Check your network. Server not available. Check version or Contact support@showmypc.com
Check your network. Server not available. Check version or Contact support@showmypc.com
joined.
joined.
One or more connections are currently open. Disconnect before attempting to change the port settings.
One or more connections are currently open. Disconnect before attempting to change the port settings.
.cRegistry
.cRegistry
Failed to create registry Key: '
Failed to create registry Key: '
Failed to delete registry Key: '
Failed to delete registry Key: '
Failed to open key '
Failed to open key '
',Key: '
',Key: '
Failed to set registry value Key: '
Failed to set registry value Key: '
Invalid parameter list passed to CreateAdditionalEXEAssociations - expected Name/Text/Command
Invalid parameter list passed to CreateAdditionalEXEAssociations - expected Name/Text/Command
Make sure you have Windows Remote Desktop Enabled on Remote Machine.
Make sure you have Windows Remote Desktop Enabled on Remote Machine.
surl
surl
spcplink.exe -v -ssh -2 -P
spcplink.exe -v -ssh -2 -P
hXXp://showmypc.com/service/how-to-install-service/index.html?cl=app&ver=
hXXp://showmypc.com/service/how-to-install-service/index.html?cl=app&ver=
hXXps://assured.showmypc.com/service/readpclist.php?task=pclstgoog&ci=
hXXps://assured.showmypc.com/service/readpclist.php?task=pclstgoog&ci=
hXXp://showmypc.com/service/readpclist.php?task=pclstgoog&ci=
hXXp://showmypc.com/service/readpclist.php?task=pclstgoog&ci=
Test Complete. If Command Window is open, the SSH test passed, failed if it is closed.
Test Complete. If Command Window is open, the SSH test passed, failed if it is closed.
\Test_Report_
\Test_Report_
.html
.html
assetauthkey
assetauthkey
hXXp://showmypc.com/ok.html
hXXp://showmypc.com/ok.html
Verify Remote Port Manager
Verify Remote Port Manager
test.ini
test.ini
smpctestkey
smpctestkey
smpcval1
smpcval1
\test.ini
\test.ini
Verify Get Parent Exe Name
Verify Get Parent Exe Name
Verify SSH to Host Connection
Verify SSH to Host Connection
Verify Web Browser Control
Verify Web Browser Control
hXXps://assured.showmypc.com/ok.html
hXXps://assured.showmypc.com/ok.html
Verify Get Windows Version Information
Verify Get Windows Version Information
\ShowMyPCSSH.exe
\ShowMyPCSSH.exe
hXXp://showmypc.com/ShowMyPCSSH.exe
hXXp://showmypc.com/ShowMyPCSSH.exe
Test Passed:
Test Passed:
temp.jpg
temp.jpg
.cDIBSection
.cDIBSection
Uploading Screen Shot to URL...
Uploading Screen Shot to URL...
hXXps://showmypcup.appspot.com/up?ac=sht&t=u&iid=
hXXps://showmypcup.appspot.com/up?ac=sht&t=u&iid=
hXXps://assured.showmypc.com/broadcast/screenshot.html?ac=sht&iid=
hXXps://assured.showmypc.com/broadcast/screenshot.html?ac=sht&iid=
.mIntelJPEGLibrary
.mIntelJPEGLibrary
ADODB.Stream
ADODB.Stream
MSXML2.XMLHTTP
MSXML2.XMLHTTP
hXXp://showmypc.appspot.com/up?iid=56406&t=u&img=
hXXp://showmypc.appspot.com/up?iid=56406&t=u&img=
hXXp://showmypc.appspot.com/up
hXXp://showmypc.appspot.com/up
ADODB.Recordset
ADODB.Recordset
wscript.shell
wscript.shell
Upload file using http And multipart/form-data
Upload file using http And multipart/form-data
[cscript|wscript] fupload.vbs file url [fieldname]
[cscript|wscript] fupload.vbs file url [fieldname]
url ... URL which can accept uploaded data
url ... URL which can accept uploaded data
curl -k -F img=@
curl -k -F img=@
hXXp:///
hXXp:///
A*\A\\kallu\m\vagish\ShowMyPC\current\FinalSMPCssh.vbp
A*\A\\kallu\m\vagish\ShowMyPC\current\FinalSMPCssh.vbp
ShowMyPC.com Comments
ShowMyPC.com Comments
ShowMyPC.com
ShowMyPC.com
6.01.0924
6.01.0924
SMPCSetup.exe
SMPCSetup.exe