Trojan.Win32.Swrort.3_f08e82938d

by malwarelabrobot on July 13th, 2017 in Malware Descriptions.

Trojan.GenericKD.5272065 (BitDefender), Backdoor:MSIL/Bladabindi!rfn (Microsoft), HEUR:Trojan.Win32.Generic (Kaspersky), Trojan.DownLoader11.18111 (DrWeb), Trojan.GenericKD.5272065 (B) (Emsisoft), Trojan.MSIL.Injector (Ikarus), Trojan.GenericKD.5272065 (FSecure), AutoIt:Injector-DF [Trj] (AVG), AutoIt:Injector-DF [Trj] (Avast), Trojan.Win32.Swrort.3.FD, GenericInjector.YR (Lavasoft MAS)
Behaviour: Trojan, Backdoor

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: f08e82938d8179524efc5c4103211fcf
SHA1: 57ac3f64d024de6e38f17f40c32af93e13a6efea
SHA256: 2f6de697f740f0df218b4ce70db09ee13047361f451d65bee70fc582a725eb30
SSDeep: 24576:TCdxte/80jYLT3U1jfsWahl7uCHNocgi0K1dIoCSntcKAOsPdeVLrwgy1SEch1Q:6w80cTsjkWahl71yVK1QEAjsVoguv
Size: 2132480 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: Mail.Ru
Created at: 2017-06-30 17:27:51
Analyzed on: Windows7 SP1 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

00.exe:684
netsh.exe:3168
%original file name%.exe:2936

The Trojan injects its code into the following process(es):

InjectorGadget.exe:2932
System.exe:3452

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process InjectorGadget.exe:2932 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\ww3_riukuzaki_com[1].htm (9192 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\slave[1].htm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\caf[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\bullet_lime[1].gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\XRHXQXAV.txt (92 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\jquery-1.11.3.custom.min[1].js (31821 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\f[1].txt (25907 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\XPMTF293.txt (97 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\caf[1].js (175500 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\prompt_embed_static[1].js (203236 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\domainpark[1].htm (181 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\slave[1].htm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\injectorgadget[1].htm (719 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\logo_2016_white[1].svg (4 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\caf[1].gif (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\injectorgadget[1].htm (0 bytes)

The process 00.exe:684 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\System.exe (120 bytes)

The process %original file name%.exe:2936 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\InjectorGadget.exe (7482 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aut7F0E.tmp (1960 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aut7F1E.tmp (9446 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\00.exe (806 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aut7F0E.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aut7F1E.tmp (0 bytes)

Registry activity

The process InjectorGadget.exe:2932 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Tracing\InjectorGadget_RASAPI32]
"EnableFileTracing" = "0"
"EnableConsoleTracing" = "0"
"ConsoleTracingMask" = "4294901760"
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\Tracing\InjectorGadget_RASMANCS]
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm]
"cFormatTags" = "2"

[HKLM\SOFTWARE\Microsoft\Tracing\InjectorGadget_RASAPI32]
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm]
"aFormatTagCache" = "01 00 00 00 10 00 00 00 55 00 00 00 1E 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3C 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Tracing\InjectorGadget_RASMANCS]
"FileDirectory" = "%windir%\tracing"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\InjectorGadget_RASMANCS]
"EnableConsoleTracing" = "0"
"EnableFileTracing" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\InjectorGadget_RASMANCS]
"MaxFileSize" = "1048576"
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\InjectorGadget_RASAPI32]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm]
"cFilterTags" = "0"
"fdwSupport" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process 00.exe:684 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
"AutoDetect" = "1"

[HKCU]
"di" = "!"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

The process netsh.exe:3168 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@%SystemRoot%\system32]
"napipsec.dll,-1" = "IPsec Relying Party"
"napipsec.dll,-3" = "Microsoft Corporation"
"napipsec.dll,-2" = "Provides IPsec based enforcement for Network Access Protection"
"napipsec.dll,-4" = "1.0"

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E]
"LanguageList" = "en-US, en"

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@%SystemRoot%\system32]
"eapqec.dll,-102" = "1.0"
"eapqec.dll,-103" = "Microsoft Corporation"
"eapqec.dll,-100" = "EAP Quarantine Enforcement Client"
"eapqec.dll,-101" = "Provides Network Access Protection enforcement for EAP authenticated network connections, such as those used with 802.1X and VPN technologies."
"dhcpqec.dll,-102" = "Microsoft Corporation"
"dhcpqec.dll,-103" = "1.0"
"dhcpqec.dll,-100" = "DHCP Quarantine Enforcement Client"
"dhcpqec.dll,-101" = "Provides DHCP based enforcement for NAP"
"tsgqec.dll,-102" = "1.0"
"tsgqec.dll,-103" = "Microsoft Corporation"
"tsgqec.dll,-100" = "RD Gateway Quarantine Enforcement Client"
"tsgqec.dll,-101" = "Provides RD Gateway enforcement for NAP"

The process System.exe:3452 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Environment]
"SEE_MASK_NOZONECHECKS" = "1"

[HKCU]
"di" = "!"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"df26615a887170ce403cbb9682fc8d74" = "C:\Users\"%CurrentUserName%"\AppData\Local\Temp\System.exe .."

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"df26615a887170ce403cbb9682fc8d74" = "C:\Users\"%CurrentUserName%"\AppData\Local\Temp\System.exe .."

Dropped PE files

MD5	File path
248d9da5f01942977ea69a29c08b45a9	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\00.exe
66caf9d53b54d4c13317ea807e7ece77	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\InjectorGadget.exe
248d9da5f01942977ea69a29c08b45a9	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\System.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name:
Product Version:
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version:
File Description:
Comments:
Language: English (United States)

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	580910	581120	4.62736	c2c2260508750422d20cd5cbb116b146
.rdata	585728	188686	188928	3.99304	4513b58651e3d8d87c81a396e5b2f1d1
.data	778240	36724	20992	0.830952	c2de4a3d214eae7e87c7bfc06bd79775
.rsrc	815104	1310964	1311232	5.52613	f342df82b2cc371bf49812372e197ac7
.reloc	2129920	28976	29184	4.70119	1254908a9a03d2bcf12045d49cd572b9

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://www.riukuzaki.com/downloads/injectorgadget/	208.91.196.105
hxxp://ww3.riukuzaki.com/	91.195.241.117
hxxp://vip1.g5.cachefly.net/js/jquery-1.11.3.custom.min.js
hxxp://www.google.com/adsense/domains/caf.js	216.58.214.228
hxxp://ww3.riukuzaki.com/search/tsc.php?200=MjE3ODQ0NTE2&21=MTk0LjI0Mi45Ni4yMTg=&681=MTQ5OTg2Mzk5NWQ0YmZkMmM4NjQzOWI3Njk3N2Q4Mzc5YWY0MzJmZjI4&crc=76d80d8d2f41e15d02cc23eeb0246cd7248c911f&cv=1	91.195.241.117
hxxp://vip1.g5.cachefly.net/templates/brick_gfx/common/logo_2016_white.svg
hxxp://www.gstatic.com/domainads/tracking/caf.gif?ts=1499864001983&rid=8839252	216.58.214.227
hxxp://pagead.l.doubleclick.net/static/caf/slave.html
hxxp://pagead.l.doubleclick.net/apps/domainpark/domainpark.cgi?r=m&fexp=21404&client=dp-sedo85_3ph&channel=exp-0051,auxa-control-1,542547&hl=en&adtest=off&type=3&kw=riukuzaki&drid=as-drid-2874340134507496&uiopt=true&oe=UTF-8&ie=UTF-8&format=r5\|s&adrep=0&num=0&output=caf&domain_name=ww3.riukuzaki.com&v=3&preload=true&adext=as1,sr1&bsl=8&u_his=0&u_tz=180&dt=1499864001989&u_w=1276&u_h=846&biw=236&bih=72&psw=236&psh=61&frm=0&uio=uv3cs1vp1sl1sr1-st24sa18lt45-&jsv=45118&rurl=http://ww3.riukuzaki.com/&ref=http://www.riukuzaki.com/downloads/injectorgadget/
hxxp://appspot.l.google.com/async_survey?site=kv4ic6olrzkr6
hxxp://appspot.l.google.com/insights/consumersurveys/static/402582926546309904/prompt_embed_static.js
hxxp://appspot.l.google.com/gk/prompt?t=a&site=kv4ic6olrzkr6&random=1499864002183&ref=http://www.riukuzaki.com/downloads/injectorgadget/
hxxp://googlehosted.l.googleusercontent.com/dp-sedo/bullet_lime.gif
hxxp://survey.g.doubleclick.net/gk/prompt?t=a&site=kv4ic6olrzkr6&random=1499864002183&ref=http://www.riukuzaki.com/downloads/injectorgadget/	216.58.214.241
hxxp://afs.googleusercontent.com/dp-sedo/bullet_lime.gif	216.58.214.225
hxxp://survey.g.doubleclick.net/insights/consumersurveys/static/402582926546309904/prompt_embed_static.js	216.58.214.241
hxxp://dp.g.doubleclick.net/apps/domainpark/domainpark.cgi?r=m&fexp=21404&client=dp-sedo85_3ph&channel=exp-0051,auxa-control-1,542547&hl=en&adtest=off&type=3&kw=riukuzaki&drid=as-drid-2874340134507496&uiopt=true&oe=UTF-8&ie=UTF-8&format=r5\|s&adrep=0&num=0&output=caf&domain_name=ww3.riukuzaki.com&v=3&preload=true&adext=as1,sr1&bsl=8&u_his=0&u_tz=180&dt=1499864001989&u_w=1276&u_h=846&biw=236&bih=72&psw=236&psh=61&frm=0&uio=uv3cs1vp1sl1sr1-st24sa18lt45-&jsv=45118&rurl=http://ww3.riukuzaki.com/&ref=http://www.riukuzaki.com/downloads/injectorgadget/
hxxp://survey.g.doubleclick.net/async_survey?site=kv4ic6olrzkr6	216.58.214.241
hxxp://dp.g.doubleclick.net/static/caf/slave.html
hxxp://img.sedoparking.com/js/jquery-1.11.3.custom.min.js	205.234.175.175
hxxp://img.sedoparking.com/templates/brick_gfx/common/logo_2016_white.svg	205.234.175.175

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /static/caf/slave.html HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://ww3.riukuzaki.com/

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: dp.g.doubleclick.net

Connection: Keep-Alive

Cookie: id=2206a0d5d509001b||t=1476353233|et=730|cs=002213fd48e2d5669ef0404555; IDE=AHWqTUlcWb2mFPnBgaR7YetstmfkXAgGb1NF2XG87DnwqAsvzVoh0uw46Q


HTTP/1.1 200 OK

Accept-Ranges: bytes

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/html

Content-Length: 637

Date: Wed, 12 Jul 2017 11:56:51 GMT

Expires: Wed, 12 Jul 2017 12:56:51 GMT

Last-Modified: Thu, 01 Jun 2017 13:45:00 GMT

X-Content-Type-Options: nosniff

Server: sffe

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=3600

Age: 3385
...........T.n.L...S.....3T....J.D...Q...\G..`..]..N\ .^-`.v........g~
<....i.#$...#....d.....$D....|.... .4..s4 ... |"W.=........b..h(..0
0.....}.6.^M..........z.......`.T..Q..!q)z...'R` ..[....:.F...b..h..%.
Z.#..|t.b.f<C.....g...mg....=..9..[.....c?. .Q`..4..O.#....T...l...
RT.........a.^.....r%b..4........>XE.V8.......]..c.*.I.Uin....z.~a.
.... .4.2...../.....i......}.........m....Sn...Ck2.......i..!].X...R9S
(.....X*.4.C..<..7p'E....>....@j}...g..CX.US.....m...R...7.<.
.=CXu.m....V..p.{....17.PX..h. h.....S.Pu/;...@...A.77..Ks._...>.N.
......[........-.....|.W.?;.y.....a.....D2,3=.K.....t}.Yf......p!P].n.
a..v;.Y[..r.M..'....v...........


GET /static/caf/slave.html HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://ww3.riukuzaki.com/

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: dp.g.doubleclick.net

Connection: Keep-Alive

Cookie: id=2206a0d5d509001b||t=1476353233|et=730|cs=002213fd48e2d5669ef0404555; IDE=AHWqTUlcWb2mFPnBgaR7YetstmfkXAgGb1NF2XG87DnwqAsvzVoh0uw46Q


HTTP/1.1 200 OK

Accept-Ranges: bytes

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/html

Content-Length: 637

Date: Wed, 12 Jul 2017 11:56:51 GMT

Expires: Wed, 12 Jul 2017 12:56:51 GMT

Last-Modified: Thu, 01 Jun 2017 13:45:00 GMT

X-Content-Type-Options: nosniff

Server: sffe

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=3600

Age: 3385
...........T.n.L...S.....3T....J.D...Q...\G..`..]..N\ .^-`.v........g~
<....i.#$...#....d.....$D....|.... .4..s4 ... |"W.=........b..h(..0
0.....}.6.^M..........z.......`.T..Q..!q)z...'R` ..[....:.F...b..h..%.
Z.#..|t.b.f<C.....g...mg....=..9..[.....c?. .Q`..4..O.#....T...l...
RT.........a.^.....r%b..4........>XE.V8.......]..c.*.I.Uin....z.~a.
.... .4.2...../.....i......}.........m....Sn...Ck2.......i..!].X...R9S
(.....X*.4.C..<..7p'E....>....@j}...g..CX.US.....m...R...7.<.
.=CXu.m....V..p.{....17.PX..h. h.....S.Pu/;...@...A.77..Ks._...>.N.
......[........-.....|.W.?;.y.....a.....D2,3=.K.....t}.Yf......p!P].n.
a..v;.Y[..r.M..'....v.......HTTP/1.1 200 OK..Accept-Ranges: bytes..Var
y: Accept-Encoding..Content-Encoding: gzip..Content-Type: text/html..C
ontent-Length: 637..Date: Wed, 12 Jul 2017 11:56:51 GMT..Expires: Wed,
 12 Jul 2017 12:56:51 GMT..Last-Modified: Thu, 01 Jun 2017 13:45:00 GM
T..X-Content-Type-Options: nosniff..Server: sffe..X-XSS-Protection: 1;
 mode=block..Cache-Control: public, max-age=3600..Age: 3385...........
..T.n.L...S.....3T....J.D...Q...\G..`..]..N\ .^-`.v........g~<....i
.#$...#....d.....$D....|.... .4..s4 ... |"W.=........b..h(..00.....}.6
.^M..........z.......`.T..Q..!q)z...'R` ..[....:.F...b..h..%.Z.#..|t.b
.f<C.....g...mg....=..9..[.....c?. .Q`..4..O.#....T...l...RT.......
..a.^.....r%b..4........>XE.V8.......]..c.*.I.Uin....z.~a..... .4.2
...../.....i......}.........m....Sn...Ck2.......i..!].X...R9S(.....X*.
4.C..<..7p'E....>....@j}...g..CX.US.....m...R...7.<..=CXu<<< skipped >>>

GET / HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://VVV.riukuzaki.com/downloads/injectorgadget/

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: ww3.riukuzaki.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Wed, 12 Jul 2017 12:53:15 GMT

Content-Type: text/html; charset=UTF-8

Content-Length: 19731

Connection: keep-alive

X-Powered-By: PHP/5.6.30-1~dotdeb 7.1

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Last-Modified: Wed, 12 Jul 2017 12:53:15 GMT

Cache-Control: no-store, no-cache, must-revalidate

Cache-Control: post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: tu=653b3d6003462a38dd5a5a037b9c5cba; expires=Tue, 31-Dec-2019 23:00:00 GMT; Max-Age=77969205; path=/; domain=riukuzaki.com; httponly

X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_M0P8DUyu0ixlZHYPz/xzFK2Mf7ZGdtFkiEcSECRJNmOw9O8k7CkQZgKn/EiBDdd9rp07D4O i0evN/ENlM0b/g==

Vary: Accept-Encoding

Content-Encoding: gzip

X-Cache: MISS from 550555
.............Z...0....E3C.A...v./.C`.9.. l.N.e..#.6..y.m...W...[RK....
..{..2.X.CuuuuuUuu........yC..Ck... X...E...]..5EW-G.....<.N..nO.p.
.{...{.....=...N.vO.v[.....&.....]..6./.P{..u&...}O?....~.{R.._o... ~.
..:[...I...^<=:.*..F.4.....6Z...icw.B..........`>Yw.o...O.......
.#.?.......y...M.g[.....]..;.0..t........U.`LZ.F.j..|W.....o...."h=...
_......O..[..k...ge`.4g.b....F~.=.......!.c.q.O...|...pix....OPl]8...P
.M..}...>......g..|..f|...Yt..kx=Q...7l_..ua.Z2.....i9..4....v.....
.|............w..`..n<I...r...X...p....w....t..~Taj.~O.....k.E2m.7.
k...trQ.*O.p<.......E..B......".m,..!F....x....|2$...t.H-...t...p..
.Z.......`9....X6'....k...X...L...a.@A.2.)>........idh>........R
.......H...C.9#.. .Bp......z.....,...=`.Y.i\3.J....n]U<c."._.....?.
....i]]...]x.......&.:...6>.}.<..|.VKw..t8.....;..wW{'...}......
\.4.:.......^..Ql..[..j.G..W......4o|....|K..3.n.../.......7.;(._.....
.....Q.{...K..._..G...58.o...<U......-...5...j77...8Mn......|).^m..
...Pf..y....@-.X........Z....qs..o..>....N..B.`P8..v.......S....f..
..Sl=;...n.x...W...O.w...e.6.G.^...N.........e.|jk.....n..t....>..N
..g._..Y|6n..._.>..sp.w_[}mhA...j....n7noN&.....y.......icF..m....{
=..s..... ...X{.........|.,h......xRZ....Vn..N.W..i.....6......m.x. ..
w7Ng..6.........pz...:W..|..wW. .....G^.3.0N0.......~T.}9.NT........7.
.g..:=n.......!....h..7....5..z..e]].}.W..G...F......(..'.f....><
;l.....n.u.;l.....6k..9x.~....c........wn.n.......G_f..;..q7..t..7...g
.......%.....-...s.q].<.Jg...V...y}.<.;j.t.g..b..w..^..~....<<< skipped >>>

GET /search/tsc.php?200=MjE3ODQ0NTE2&21=MTk0LjI0Mi45Ni4yMTg=&681=MTQ5OTg2Mzk5NWQ0YmZkMmM4NjQzOWI3Njk3N2Q4Mzc5YWY0MzJmZjI4&crc=76d80d8d2f41e15d02cc23eeb0246cd7248c911f&cv=1 HTTP/1.1

x-requested-with: XMLHttpRequest

Accept-Language: en-us

Referer: hXXp://ww3.riukuzaki.com/

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: ww3.riukuzaki.com

Connection: Keep-Alive

Cookie: tu=653b3d6003462a38dd5a5a037b9c5cba


HTTP/1.1 200 OK

Server: nginx

Date: Wed, 12 Jul 2017 12:53:16 GMT

Content-Type: text/html; charset=UTF-8

Content-Length: 20

Connection: keep-alive

X-Powered-By: PHP/5.6.30-1~dotdeb 7.1

Vary: Accept-Encoding

Content-Encoding: gzip

X-Cache: MISS from 550555

....................HTTP/1.1 200 OK..Server: nginx..Date: Wed, 12 Jul 
2017 12:53:16 GMT..Content-Type: text/html; charset=UTF-8..Content-Len
gth: 20..Connection: keep-alive..X-Powered-By: PHP/5.6.30-1~dotdeb 7.1
..Vary: Accept-Encoding..Content-Encoding: gzip..X-Cache: MISS from 55
0555........................

GET /dp-sedo/bullet_lime.gif HTTP/1.1

Accept: */*

Referer: hXXp://dp.g.doubleclick.net/static/caf/slave.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: afs.googleusercontent.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: image/gif

Content-Length: 1399

Date: Wed, 12 Jul 2017 06:01:04 GMT

Expires: Thu, 13 Jul 2017 05:01:04 GMT

Last-Modified: Thu, 12 Sep 2013 14:21:06 GMT

X-Content-Type-Options: nosniff

Server: sffe

X-XSS-Protection: 1; mode=block

Age: 24732

Cache-Control: public, max-age=82800
GIF89a..... .efenley.S..7..Fx.R...u....HiieQlB..^.....8...y.SN..Rw2U.,
Ns5x}ZLo8q....G...NhG..:PjEz.SR.......H.....7O..ai[...lld...Z.,......f
ff...............................................................!..XM
P DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> &
lt;x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c061
 64.140949, 2010/12/07-10:57:01        "> <rdf:RDF xmlns:rdf="ht
tp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf
:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http:/
/ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sT
ype/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5.1 Windows" xmpM
M:InstanceID="xmp.iid:657015FDB3EA11E2BA75EF5881196696" xmpMM:Document
ID="xmp.did:657015FEB3EA11E2BA75EF5881196696"> <xmpMM:DerivedFro
m stRef:instanceID="xmp.iid:657015FBB3EA11E2BA75EF5881196696" stRef:do
cumentID="xmp.did:657015FCB3EA11E2BA75EF5881196696"/> </rdf:Desc
ription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?&
gt;...................................................................
...............................................................~}|{zyx
wvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:98
76543210/.-, *)('&%$#"! .................................!..... .,....
......x..pH,....ryT9.L.%..4.Q...J...(`........:.G..C@/....7...W.{]]||.
^.a.l.{.${.B"(....l..L%....L..]..K..(.Q...Q.&....Y.....KA.;..<<< skipped >>>

GET /apps/domainpark/domainpark.cgi?r=m&fexp=21404&client=dp-sedo85_3ph&channel=exp-0051,auxa-control-1,542547&hl=en&adtest=off&type=3&kw=riukuzaki&drid=as-drid-2874340134507496&uiopt=true&oe=UTF-8&ie=UTF-8&format=r5|s&adrep=0&num=0&output=caf&domain_name=ww3.riukuzaki.com&v=3&preload=true&adext=as1,sr1&bsl=8&u_his=0&u_tz=180&dt=1499864001989&u_w=1276&u_h=846&biw=236&bih=72&psw=236&psh=61&frm=0&uio=uv3cs1vp1sl1sr1-st24sa18lt45-&jsv=45118&rurl=http://ww3.riukuzaki.com/&ref=http://VVV.riukuzaki.com/downloads/injectorgadget/ HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://ww3.riukuzaki.com/

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: dp.g.doubleclick.net

Connection: Keep-Alive

Cookie: id=2206a0d5d509001b||t=1476353233|et=730|cs=002213fd48e2d5669ef0404555; IDE=AHWqTUlcWb2mFPnBgaR7YetstmfkXAgGb1NF2XG87DnwqAsvzVoh0uw46Q


HTTP/1.1 200 OK

P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Content-Type: text/html; charset=UTF-8

X-Content-Type-Options: nosniff

Content-Encoding: gzip

Date: Wed, 12 Jul 2017 12:53:16 GMT

Server: domainserver

Cache-Control: private

Content-Length: 1393

X-XSS-Protection: 1; mode=block
...........XkS.8.......8: "....N...@....0..4....\<....0..s.={vvV..&
lt;I...'......X|.".p.....?.......8.8..h..YA)....':b...U..p..I9..X....B
..'r.ZD.}TPZ.fv......(..G.a.f.f......!O..#.c.l-...!.*.DLb..!....2.p.W.
.......i........w..@...h.J..............J..er.........x...m<...(..&
lt;b..I..;.]...o...e $a....w.....`-R('....l.X.C...4...U./...q. Z..k...
@....RR..C6....)..-.Sh.8.(.........'.j.......&..h..'.c..U....I.2$@.a$.
..b....RJ.#.P.zk..q....'......A.O..'...N...sj....V.i....]/.R.....'.?99
M...L.<.Q.S.5...1_ ..t..$.=..f.V..z{h.-.^.N.c.GB{..D..C..ODE....G. 
.;@.bps.@.bJQ.-D..*..w......B....2....j}D...%.[]O.V.c{...jE.n..c...K..
.S)....x... jy.....p.uMz.L..w.[-.J..P...W~.zM~.m.{......".9p(......g..
.....u?...8?.np.MW.t.-c...y...1.3. .g..C.0......ay>.I.c.......-{...
C .....wf..T............P.rw.,n.m.M.|qV......:...Z.g~..r.S..f...uz.V5S
u^Gr...yp..'.;.........."NLq<......~..z.....Y>.x........q..5o.".
y6.......C.0q_s...qq...y|....;........p.k.....\1....S}......cif.g...o.
.#g...H.....P.""-Z..E..#.._......$..*..0...[.....2X.g .....Z..$.....~.
1.y..%%.r6.}.l..o......TR.V...@....1.....f.......v>.F...MI....CH...
...I(....iEE...h.v..q.L.g.E:5.n.3.\.~..L}.X....{.6....#J.Aj9@..\....r.
9.....CQ...lP[].B....Y...dr>..O..x.X..IQ....$...P... I.4...8\.&.sh.
..M.pl.G. HIB....=B..r.....}Q..b.....$w6L.... t.7,..P(..D.f. o..];l.i.
.....:lD.6..\..j]......^..U.2.y...77&Bv\..-.......c..VAy.<....,i...
.S.{......).e%~w...D].......<<< skipped >>>

GET /js/jquery-1.11.3.custom.min.js HTTP/1.1

Accept: */*

Referer: hXXp://ww3.riukuzaki.com/

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: img.sedoparking.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Wed, 12 Jul 2017 12:53:15 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Vary: Accept-Encoding

Access-Control-Allow-Origin: *

X-CFHash: "7dd2fc9525d32ef5c44abe9036c98ad1"

X-CFF: B

Last-Modified: Mon, 20 Feb 2017 07:40:17 GMT

X-CF3: H

CF4Age: 131942

CF4ttl: 31536000.000

X-CF2: H

Server: CFS 0215

X-CF1: 11696:fB.fra2:cf:cacheN.fra2-01:H

Content-Encoding: gzip
6258..............g{#....~>...P@..Z....".....dw...H.)...$....d..?..
.....J..s......B...^9.<.....m>....h..h.....l....l.!../...A6..)_~
5.]~=tw....o...A>.n'.W...$s......|...b...o.I._........l.t./..kw.>
;.......l:(n.._Y[...U6...7..W....>...C..#.q......g6._e.|..T<....
...b<...l8\..t._...>.....[.. .......3.l?bswsM0...Y....j..om=?<
;.<.........N.........}^...............g...=....^3Kz....w...i..p...
[W...$..y....L...~...`..e..N....[.....x...^i-.....i~..z>.....I...v&
lt;..[...x:......_..F.x./o..-zi=...f.....4.4..<......<./......~.
=K.i....Jr...){.....].'#..J~..09O...qz....]...Qr...l.......:./?$.zi.6.
.C........\....0"....N......1...?wO...o^.ysz..........Q2......Ar...5..
.l.....h..l...T.x.....y..x.......l9..J...lO..l.........Gq.F#......}.,g
_.............l2i....(_VNZ...d..f.....7.........@t..v.1A..e...4...c&W.
|.[.:%a..V........7.......e~.~..I.1...y..a#?..}=....kW...Y.X....1.v.Ex
.%..n.V.[....g.~......g....~D..!...............y.;..7_.;...f...v,....n
S..k............N....t.gg........e..... ...0.s-q{., Cm...0.ZK./.xL...%
..(.8..... (b3Y.A.'C. ..-d..l..k..G..x.. Hv..x(2...&y6-..hg.y..*....vw
[.....VW....@.G...9.e..=M..7r.{...:........KK..6.....Z-.k.5.n..,.u.g.T
.?..4.kx;;..^..d..;.Pq:.../..s...4{...B.....a..d..v._n...~.....7/Xd.m.
...[.~4..w......|...>....7v...o....\......<.O.....W`.F.........&
gt;Lr......=.:..f....I.....7....LN.TD.......*.Ve....F.7....1..:.r;..g)
|.. ..w@.|....vy..n.:./.7.Y..i..q,............ .'H.Zn.@....K;..k..V...
lw\..*.....;.....;C zZ.?.K.E..}gg....,i..7Z.'...b.4.p.|...EO..W ..<<< skipped >>>

GET /templates/brick_gfx/common/logo_2016_white.svg HTTP/1.1

Accept: */*

Referer: hXXp://ww3.riukuzaki.com/

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: img.sedoparking.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Wed, 12 Jul 2017 12:53:16 GMT

Content-Type: image/svg xml

Transfer-Encoding: chunked

Connection: keep-alive

Vary: Accept-Encoding

Access-Control-Allow-Origin: *

Cache-Control: max-age=604800

Expires: Wed, 19 Jul 2017 12:53:16 GMT

X-CFHash: "6c6f150b2ff9877c51e648631d6ac19e"

X-CFF: B

Last-Modified: Mon, 20 Feb 2017 07:40:17 GMT

X-CF3: H

CF4Age: 131953

CF4ttl: 31536000.000

X-CF2: H

Server: CFS 0215

X-CF1: 11696:fB.fra2:cf:cacheN.fra2-01:H

Content-Encoding: gzip
81c..............[o.....e..a.y..;....A..(Y.`%..(.S@.k...I.KR...w.wh..b
>.{z..z.T..w..s5<n..w7.'.?....>...]_.,..?....?.....V....zsw..
.;..rq.q3...z.......F............~x..p.z{=.....9..t........4..........
...p.x9..........z..x.^......._._.u1,.....z...4>....r....v.;._#.. .
.(.~.._,dC.?../......G..7/d.... ..sN.."G..v..|M.....................iw
...,j....m..]n.'.P....<....1.8.tm..C(........../.w7...~.y..W.e....o
..7'.......qcy......l..~.]].,....-.T..u.y...K8wK?..rc.e..).U.......|..
\.2>..D]....*.M.,1...&.t.8z...O...TOq:.XY.<._d1,Cb./..i..H......
..c[....73O.p...3.U....).l..q.......IE....#.H..GW....L)....K<.o.$g.
.YS...D .BL.I..X.,).@.d.e.S_.h:w.......v..-....../}[;5.` ....P......$.
.Y.4.AB].k...$..Du].Yr.\..l#....i.)d..4........'Ai.k.....U..8.......C.
s-vh.j-E;2-3V.#k..'..Y...uI........|e.."..>!.q...........q..a.$....
..............8..."."..9..'.Gx..L.fk...`El9..AE..;..s...B3........O...
.... 8....G.....I....S..N..kU..)..~yF..i........xad .j5{....e.....-}
.c._:.,...|".Q~?.-.m. . 9nR-.BE....l..Z.f.LE5R6)[S].........3f\.Y ...m
)Ql. .?..D...V"..I..S...g.|.ux7.N.R...v...o.L..XP...aE..Y.@...F......G
' ...^G.......R1..a......`{JJ..q.Y...F\..(T(..,.*..y..B.4O...Q.....5..
.SDh.S.SG..A...hm... V.....b.WNM..F..U......p.b...pm.....'.a]F'...3..d
.....Xh.H....s.1...r.z.<..R...i&n@...(....d....mjV.....bK....2.G1g.
a2...;M.H...R.....X.....g..e.....>..$.6.....Z........*.z[.....~*...
..@4...l.F...D....3|>.I.y.j}f.>.....b-....o....6."s@....xH.....?
J.F.)....hm.....R... .B\.y.1..gY....s...\..Y.......$....h....=....<<< skipped >>>

GET /gk/prompt?t=a&site=kv4ic6olrzkr6&random=1499864002183&ref=http://VVV.riukuzaki.com/downloads/injectorgadget/ HTTP/1.1

Accept: */*

Referer: hXXp://ww3.riukuzaki.com/

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: survey.g.doubleclick.net

Connection: Keep-Alive

Cookie: id=2206a0d5d509001b||t=1476353233|et=730|cs=002213fd48e2d5669ef0404555; IDE=AHWqTUlcWb2mFPnBgaR7YetstmfkXAgGb1NF2XG87DnwqAsvzVoh0uw46Q


HTTP/1.1 200 OK

Content-Disposition: attachment; filename="f.txt"

Content-Encoding: gzip

Content-Type: text/javascript; charset=utf-8

X-Content-Type-Options: nosniff

X-Frame-Options: SAMEORIGIN

X-Why: User-Agent not supported.

X-Xss-Protection: 1; mode=block

Date: Wed, 12 Jul 2017 12:53:16 GMT

Content-Length: 23

.......................HTTP/1.1 200 OK..Content-Disposition: attachmen
t; filename="f.txt"..Content-Encoding: gzip..Content-Type: text/javasc
ript; charset=utf-8..X-Content-Type-Options: nosniff..X-Frame-Options:
 SAMEORIGIN..X-Why: User-Agent not supported...X-Xss-Protection: 1; mo
de=block..Date: Wed, 12 Jul 2017 12:53:16 GMT..Content-Length: 23.....
......................

GET /downloads/injectorgadget/ HTTP/1.1

Accept: */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.riukuzaki.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Wed, 12 Jul 2017 12:53:14 GMT

Server: Apache

Set-Cookie: vsid=929vr2474095949620859; expires=Mon, 11-Jul-2022 12:53:14 GMT; Max-Age=157680000; path=/; domain=VVV.riukuzaki.com; HttpOnly

Expires: Mon, 22 Jul 2002 11:12:01 GMT

Cache-Control: private, no-cache

Pragma: no-cache

ntCoent-Length: 719

Keep-Alive: timeout=5, max=49

Connection: Keep-Alive

Content-Type: text/html; charset=UTF-8

Content-Encoding: gzip

Content-Length:        416
...........RMo.0.={...%).X.wKe.F.~.K..^....j...<E........(..8.....|
$E*...T...4.2..m..g'.12...}..ke..1..w..}.........._l'C.....UZ$pU..i...
.m....*...u.g_.x#].1Zg..k..~..Y..w..<.\%...... x.H.6.yz....j.Q._...
.,..|1...9\.......{].A.{....T.Y.#.....=7..P3...V..Gv`.8.{l.b....`j..K.
~.np....7I.a..0G.......}hu...3 ...hk....8......j,..h}.....R..q..{#....
.{h.x....}.....b.^.....Z..T.....V.V....=. xh....Y..../...[. .../.f. ..
..HTTP/1.1 200 OK..Date: Wed, 12 Jul 2017 12:53:14 GMT..Server: Apache
..Set-Cookie: vsid=929vr2474095949620859; expires=Mon, 11-Jul-2022 12:
53:14 GMT; Max-Age=157680000; path=/; domain=VVV.riukuzaki.com; HttpOn
ly..Expires: Mon, 22 Jul 2002 11:12:01 GMT..Cache-Control: private, no
-cache..Pragma: no-cache..ntCoent-Length: 719..Keep-Alive: timeout=5, 
max=49..Connection: Keep-Alive..Content-Type: text/html; charset=UTF-8
..Content-Encoding: gzip..Content-Length:        416.............RMo.0
.={...%).X.wKe.F.~.K..^....j...<E........(..8.....|$E*...T...4.2..m
..g'.12...}..ke..1..w..}.........._l'C.....UZ$pU..i....m....*...u.g_.x
#].1Zg..k..~..Y..w..<.\%...... x.H.6.yz....j.Q._....,..|1...9\.....
..{].A.{....T.Y.#.....=7..P3...V..Gv`.8.{l.b....`j..K.~.np....7I.a..0G
.......}hu...3 ...hk....8......j,..h}.....R..q..{#.....{h.x....}.....b
.^.....Z..T.....V.V....=. xh....Y..../...[. .../.f. ......<<< skipped >>>

GET /domainads/tracking/caf.gif?ts=1499864001983&rid=8839252 HTTP/1.1

Accept: */*

Referer: hXXp://ww3.riukuzaki.com/

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.gstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: image/gif

Content-Length: 43

Date: Wed, 12 Jul 2017 12:53:16 GMT

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Thu, 21 Apr 2016 03:17:22 GMT

X-Content-Type-Options: nosniff

Server: sffe

X-XSS-Protection: 1; mode=block

GIF89a.............!.......,........@..D..;HTTP/1.1 200 OK..Accept-Ran
ges: bytes..Content-Type: image/gif..Content-Length: 43..Date: Wed, 12
 Jul 2017 12:53:16 GMT..Pragma: no-cache..Expires: Fri, 01 Jan 1990 00
:00:00 GMT..Cache-Control: no-cache, must-revalidate..Last-Modified: T
hu, 21 Apr 2016 03:17:22 GMT..X-Content-Type-Options: nosniff..Server:
 sffe..X-XSS-Protection: 1; mode=block..GIF89a.............!.......,..
......@..D..;..

GET /adsense/domains/caf.js HTTP/1.1

Accept: */*

Referer: hXXp://ww3.riukuzaki.com/

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Accept-Ranges: bytes

Vary: Accept-Encoding

Content-Type: text/javascript; charset=UTF-8

Date: Wed, 12 Jul 2017 12:53:15 GMT

Expires: Wed, 12 Jul 2017 12:53:15 GMT

Cache-Control: private, max-age=3600

ETag: "4511812025087226616"

X-Content-Type-Options: nosniff

Content-Encoding: gzip

Transfer-Encoding: chunked

Server: sffe

X-XSS-Protection: 1; mode=block
180e.............;kW..... .Ooj7.I.c.6j.....Aw..'.,Y...c..I...~g$.V....
.u..bK..fF..D..[.(..y..0M.1?~........K....oh.M.r.......[H`....sz2J.{ap
2.f..t=3.&........#....aJ...'..f...r.;#..N.....|...............vv.?.&g
t;...i0.9@. .=.........c.%._M9...4...6=.W.....K..O..y6.......n.8-'Tp..
...e.G^.|.R...x1..F-.......I7...b..}:.......B...(1...!....a....Y..<
...%K'< "..6._..zj.6.n....2z.L..H.e..}j..i..? ...x......i"...VI.T.f
S>.P.......>.S...f2..-"[=.pqP-....R...8uN..~.....;.QKH*..S..i.5.
sX..Y....-.......h..xP.9...L...j.'*xF.4.`...C.e.e.aY^.r.. ...h6.j.t...
ai.F.iF...[.{.EE....]W..j.........j...BA.|....Ss...K..'.b........)A!Z.
..U..... ....=Jn.~U.t......d..,.J. .......W......0..0.....H.PH.^..M;."
..amZ....E.t..l#..5G..KM.%...........M.......&...K.H.ax.0.L..e!..f.N..
..J.........R.@. gS.-..r..X.....4....:.$..z...rN...@...7.[.?..D.6.&...
.J.%...Ea.....j.*K_.8..Ji..{ ..V...Kd.e.W..\.Z.2=~HO.id.i..FoIn0;...F 
....q...z.N.J......x......V....: ... ....nI..)%%L....;.i>r.d._..]..
.R..... #...L..$....9.V.6-4.1W.......L..~...^.t.....=.x..gS.Q...?&D...
.a.43..@....Z.....d...._<.jYA.o..H...k...&6P..v...n.........O.....}
b...O..'.3...}n.L......bQ..k%/...9.0.$.. MbH!...,...Q....3.k.....m.^u.
. .Y8.d*Z(.uGzE.Ii5)....5%.JF....u..(&y....5\...MY.a..=.....x.7Q.%..:.
"F......o1L......s...a.l{w.......hn..j..Z.x.o..w.L"..Q.7.....?Ky..<
.....h0.%..dy]..t..........)f=.G....8cZ...6..u....m....8..EE..|..?....
!..:.E....a./....t...N.u..p....o.......CB.!..|.R..d!.v}cB....0.......G
......p.f.'..>..`9I..jo.5.....k.{.......lw......W.A.z.e...x....<<< skipped >>>

GET /async_survey?site=kv4ic6olrzkr6 HTTP/1.1

Accept: */*

Referer: hXXp://ww3.riukuzaki.com/

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: survey.g.doubleclick.net

Connection: Keep-Alive

Cookie: id=2206a0d5d509001b||t=1476353233|et=730|cs=002213fd48e2d5669ef0404555; IDE=AHWqTUlcWb2mFPnBgaR7YetstmfkXAgGb1NF2XG87DnwqAsvzVoh0uw46Q


HTTP/1.1 200 OK

Content-Disposition: attachment; filename="f.txt"

Content-Encoding: gzip

Content-Type: text/javascript; charset=utf-8

X-Content-Type-Options: nosniff

X-Frame-Options: SAMEORIGIN

X-Xss-Protection: 1; mode=block

Date: Wed, 12 Jul 2017 12:49:15 GMT

Cache-Control: public, max-age=300

Content-Length: 16188

Age: 241
...........}{w.......2.uaM.....k..I......W...@.V#K.$..H..=.t.....>.
....a.a........a.Ct}NS..SJ(-...G$_..^.*.E....i..'...{......@..a<...
W ...-1.].........3RB.l..9..@^..P..H.....E...y(.`....aS>CL.x"..c.._
=..J.7*B.%...WWb......}.<..0Y.E.....YNc....).B.iT..o3....,.........
$Od.n...>t9."H.B`.1p>...\..!..fpkeS..\E...n$.y...w.:.E........t.
.....4Y.4.z.....H).D.........v.T.>1.o...V....J.T...zP6(.H....$.U&BX
....psPj.K.&...B.C.J.w....m.fE...~.......{.......wS..(U..o.(Z]S.E..f.W
.Cw.KW...R....i:_/E.g....K...Q./...9L.$.j6.yP.3....D.}c.e...D.E.......
.?U.y.....D.i..U.......v.[...R..V.... ..eO.....M. .......<. .i....'
..h....ov....G.rk...c.o...n.vF.......:[tt.f..%..^:.@..9\.v^.EX..Q....:
c,...Lqy.gy..y...Q..5k.8@.v}2T.7it.........zb0@.T......T.*.Q#2.3;....R
-"Q{...T...t..Sq.S~v.R.....7#...3.b&...l...U..J.*.MY.,.sA..Q.J..F. ...
..... .`...R}....M....k!... .....i...Z7z.mw#. INK..Q......w.%a.k,.E...
...4;....o...\d.b.q..U..!t......'.M....MvGc..MF.....f^f..\.".Z.(.is.2$
..i....U......,..........&S......N@.H.jQ..Z...;`.......*..~.8 .y......
....AQLg. .....E.]...a.'y=*q..{.z..0Z... .h......?B..l{.b.R.1>.\...
.......3Or..l.....O....._4.b.%.. ....r....;......v.Jp.?iw./.(.%g.....~
..XH..)d.....a.sh......).B......a.......EA..S..Y.\.....i`..9Lhs.......
..f1..Ir&%.. UL....i#.,..-[....#B.a..Z.....xw..l|...V...` .).....t.gD*
W.27..;*..6.. ......M......1C/x.{.`..Y....n<.b..p.%'...;.f..A..2d..
...d...\..a.....j.Z3..b....]3"<..z...........D......4..!Cc:e..?....
.z..d.>.> .]..."...V......"._..N......S .Ng-i.q.RQ.@.....J..<<< skipped >>>

GET /insights/consumersurveys/static/402582926546309904/prompt_embed_static.js HTTP/1.1

Accept: */*

Referer: hXXp://ww3.riukuzaki.com/

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: survey.g.doubleclick.net

Connection: Keep-Alive

Cookie: id=2206a0d5d509001b||t=1476353233|et=730|cs=002213fd48e2d5669ef0404555; IDE=AHWqTUlcWb2mFPnBgaR7YetstmfkXAgGb1NF2XG87DnwqAsvzVoh0uw46Q


HTTP/1.1 200 OK

Date: Tue, 11 Jul 2017 02:25:53 GMT

Expires: Thu, 10 Aug 2017 02:25:53 GMT

ETag: "V57aeQ"

X-Cloud-Trace-Context: 64351a7111d4d2ab391058783e324e82

Content-Type: application/javascript

Content-Encoding: gzip

Server: Google Frontend

Content-Length: 109597

Cache-Control: public, max-age=2592000

Age: 124043
.............z...(..O!.......t.Z-.........m.| .Q..H..X..~.....Iz.uN...
.1.P...W.q<.j|....1.........O..HDz.......b......n/...e...Nt. ...I..
&..Q..E.?....T.......oZ.R.B.y.|=.....td.N....HS..D.... j\..Bx .Bg.cY{.
...\..66.o.....m......'!.nl....z ......X..k..o ?....Q8....y.b...<h.
......H...s1.&...9....].\:.W..^_.^.EX..~.....T.x:..P....%..Ns<.....
@a..x.....d...m4.w..b...h.7.....gZ...q9.Z..8..j.....V.....f.4}U...r}..
o..8I{..x2...U....zg.R.Mhq....z8.<......W>.).]'(..CX.~.....V....
....v...p..Z0 .#...`.oWlJp..U.K.r..k.. ..gU.4Og.q..H.7...p2..>...U.
./F..A..,.8....1.....4...Nf...)...?....&..w]...........\........[...Mr
`..f....l.......C1..T.5..L.(..D....)..B.._..9.>o.....,m......9...*X
........,...G.y.o.?..|...........<..yz2....:l...Zt.Q..3...G.}..I.[S
}.e..P.@?f.......X...r.#..._.......fA(ccc.......C.&.....|...fq6.K]....
......A.u$$cW-...z..{X\.../..... .&......._(..4e@.=.k.Wl^.........n...
.Q.......bWU-....w...oP._b.. ..p2_...E?F..}...W<.5f.`}.z..?nz@...^.
5K..lm....N.7.o..O..%...@..M.$..:.l.C{...)..P.E\.f.s.l.Mu..P.U..dE.T..
...c..jh..M.\..hV.r..l.....UiF......q*766....h0..5.U\...3.i.R..I.{.}.[
7..jW.?.>.5.._..2ml..i.......ac...*..8.D.C...2..k.z.v.{lSO..S?:kv..
Z.\...q-..h.......:X..c....?2...8.I{...g_......D'.[q......X.".....~kQ~
d...F..j.R.( ...3.......)....p.@........r.....UCV;.-.......C_.v./.u...
....o0:....G..%` .VD.......!...)..')........t.1{...d(.SH.1.l> L.%_.
.Xq.2..9OD...........j..={".|$.g.1O'#.....9...!R.@.x.....#.CC..-wX....
...........{Q.....P.{q=...0\..b\.....X..bO..Hc&.C.......5ov.[.sj..<<< skipped >>>

The Trojan connects to the servers at the folowing location(s):

InjectorGadget.exe_2932:

`.rsrc

;8u%S

8X%u7

s%Sh,

</tt<-tp<.tl<_th<~td<0r

Ht.Hu/

SSSSHPj

FTpr

xSSSh

FTPjKS

FtPj;S

C.PjRV

Bv.SCv`

123456789

@^/(_:<[}|

@-;>,')!~ {]

. @#$%&* =

23 20 86 1

[ } | 1 2 3 4 5 6 7

! ~ { ] ^ / ( _ : <

$ % & * = - ; > , ' )

7.8.9.0.a.b.c.d.e.f.g.h.3 i.

_.:.<.[.}.|.1.2.3.4.5.0 6.^.

_ : < [ } | 1 2 3 4 # 5 6 7 8

> , . ' ) ! ~ { ] , ^ / (

.   @ # $ % & * = - ;

36 20 237 2

4.{.5.6.7.8.9.0.a.b.c.d.e.f.

!.~.{.].^./.(._.:.<.[.}.|.1.2.3.

... .@.#.$.%.&.*.=.-.;.>.,.'.).

/ ( _ : < [ } | 1 2 3 4

> , ' ) ! ! ~ { ] ^

$ % & * * = - ;

16 16 179 2

/(_:<[}}[|1234

16 16 89 1

. @#$%&*=

~{]^/(_:<

16 16 26 1

16 16 1 1

3.4.5.6.7.8.9.0.a.b.c.d.e.f.g.h.

: < [ } | 1 2 3 4 5 5 5 6 7 8 9

! ~ ~ ~ { { { ] { { { ^ ^ / ( _

.   @ # $ % & * = - ; > , ' )

16 16 177 2

2.9.2 (wchar_t,Visual C   1600,wx containers,compatible with 2.8)

The import table referenced an invalid index in the data directory.

Error: Import table could not be located

Size of import directory entry was 0

Error: Import Directory size is 0

Injector Gadget doesn't support ROM images.

Image is a PE32  executable.

Injector Gadget doesn't support PE32  executables yet.

Error: Image is not a PE32 executable

VVV.riukuzaki.com

riukuzaki.com

*.dll

Enter a process name to watch for, such as explorer.exe, notepad.exe, etc.

maplestory.exe

hXXp://VVV.riukuzaki.com/downloads/injectorgadget/

wxWebView

dll_helper.dll

Not a valid executable file.

LocationURL

INET_E_INVALID_CERTIFICATE

INET_E_INVALID_URL

webview\wxIETest2\wxiepanel.cpp

..\..\src\msw\toplevel.cpp

wx.sys_error

..\..\src\common\wincmn.cpp

..\..\src\msw\window.cpp

Can't create window of class %s

..\..\src\msw\nativdlg.cpp

msw.font.no-proof-quality

..\..\src\msw\gdiimage.cpp

C:\wxWidgets-2.9.2\include\wx/msw/ole/oleutils.h

..\..\src\msw\listctrl.cpp

Couldn't retrieve information about list control item %d.

Please install a newer version of comctl32.dll

(at least version 4.70 is required but you have %d.d)

or this program won't operate correctly.

..\..\src\msw\imaglist.cpp

..\..\src\common\textcmn.cpp

..\..\src\msw\textctrl.cpp

Impossible to create a rich edit control, using simple text control instead. Please reinstall riched32.dll

..\..\src\msw\filedlg.cpp

All files (%s)|%s

%s files (%s)|%s

Save %s file

Load %s file

..\..\src\msw\ole\automtn.cpp

OLE Automation error in %s: %s

Unknown error x

Type mismatch in argument %u.

Argument %u not found.

Object implementation does not support named arguments.

12 11 2 1

..\..\src\common\windowid.cpp

user32.dll

No font for displaying text in encoding '%s' found.

No font for displaying text in encoding '%s' found,

but an alternative encoding '%s' is available.

..\..\src\common\fontmap.cpp

Failed to remember the encoding for the charset '%s'.

The charset '%s' is unknown. You may select

..\..\src\msw\dib.cpp

Failed to save the bitmap image to file "%s".

..\..\src\common\image.cpp

Failed to load image from file "%s".

Can't save image to file '%s': unknown extension.

No image handler for type %d defined.

This is not a %s.

Image is not of type %s.

No image handler for type %s defined.

%s Warning

%s Error

%s Information

wx.frame

Append log to file '%s' (choosing [No] will overwrite it)?

..\..\src\generic\logg.cpp

Log saved to the file '%s'.

..\..\src\common\imagbmp.cpp

..\..\src\common\imagpng.cpp

AUnknown PNG resolution unit %d

1.4.4

..\..\src\common\imaggif.cpp

..\..\src\common\imagpcx.cpp

PCX: image format unsupported

..\..\src\common\imagjpeg.cpp

..\..\src\common\imagtga.cpp

..\..\src\common\imagpnm.cpp

"%s c #XXX",

"%s c None",

"%s c Black",

.XoO @#$%&*=-;:>,<1234567890qwertyuipasdfghjklzxcvbnmMNBVCZASDFGHJKLPIUYTREWQ!~^/()_`'][{}|

(in module "%s")

..\..\src\common\imagtiff.cpp

Unknown TIFF resolution unit %d ignored

bad quoting for value of "%s"

invalid font weight "%s"

invalid font style "%s"

invalid font size "%s"

tag "%s" can't have attributes

Unmatched closing tag "%s" at %lu.

Bad attributes for "%s" at %lu: %s.

%s at %lu.

Missing closing tag for "%s"

WINDOWS_MENU

WINDOWS_RIGHT

WINDOWS_LEFT

&Execute

?}:11555

s;u&%sr

hXXp://jimmac.musichall.cz

hXXp://VVV.gimp.orgg

P.NNR

X,V.wuuuuu

rKww.gt

'    /^4

VVV.inkscape.org

.NN,H

.Wcc4:<

Failed to load embedded PNG image for "%s"

wxART_EXECUTABLE_FILE

12>678392%

12>-345-#%

.&#*==-;@@

 @###$ %

.XooXO

16 15 42 1

12>678392%

12>-345-#%

.&#*==-;@@

 @###$ %

.XooXO

16 15 41 1

..XXXXXXXXXX

16 15 69 1

12 10 2 1

......XX......

 123 @<2222&

&>:$ @:>>>@

@:=  @=:=*:@

.XoooO

$1111<# 213

#>>>:# &:>$

#:-=:=#  =:#

.XXXoO

16 15 37 1

.::::6752340

.:::67523419

.::6752341<8

.:6752341<,8

.XoOO @#.

16 15 29 1

;#& 2#>.

&@@$ :@@1

<#@*. .@@=

.>@#%@@.

=@= .*@*.

 @#. $@%

.Xo OO

.6453<>----.

.<<>--##.21,:;.

.<>--## .1,:;&.

.>--##  .,:;&*.

.--##  $.:;....

.-##  $$.;&.==.

.##  $$%.&*.=.

.XoOOOOoo.

6225 522>

23,<5 5<,32

<, ,2 2, ,<

,2 4< <5 2,

><23<1 1<32<1

>,,<, ,<,,1

16 15 25 1

.***-432,.

.32<.*-432,>:.

.32<.*432,>:=.

.2<1.*32,>:=&.

.<1:.*2,>:=&#.

.:=&.*>;=&....

.=&%.*;=&#.--.

.oO @X#X

.....XX

##&***=-;: &# @

##%%%%%%.X%.X .

#O $$$$$XX...XX

@@$%X;;<12O$@ .

@@$%X;;:>,O$@ .

@@$%X;;*=-O$@ .

16 15 21 1

10 10 2 1

#38459736,%X

.%%&*=-;:;>

..XooO @#$

16 16 32 1

.oO @#$%XX

16 16 51 1

..564*=-;:>,<1.

. .4*=-;:>,<12$.

.OOOOOOO@ooo.$

.OOOO#OO@ooo.$

.OOOOOO@@ooo..

.OO ....ooooo.

.... X.ooo.

.<.1@#$%2*=-;:23

.XXXXXXXXXXXX.

.XXXXO........

.XXXo.

16 15 31 1

.oO @#$%&*=-.

.XXXX.

.XoO @#$%.

16 15 23 1

.XoooooooXO

16 15 18 1

.XooOo

1111111111111111

### 67;;78242

&$*==-;$$$&

.XoooXO @

o @#$%&*XX...XX

oOOOOo XX...XX

.X .XX.

16 15 22 1

.XXX. o o .

.XXX. o .

.XXX. o o .

.XXX..........

16 15 4 1

.XXXXXXXXXXX...

.XXXXXXXXXX....

........XX. ...

...XXXXXXXXXXX.

....XXXXXXXXXX.

... .XX........

16 16 3 1

.XXXXXXX. .X.

.XXXXXXXXXXXX.

.XXXXXo..

..XXXXXXo..

.XXXXXXXXo.

.XXXX   XXoo.

.XXXXX   XXXoo.

.XXXXXXXXXXXXo.

.XXXXXXX XXXXXXo.

.XXXXXX   XXXXXo.

.XXXXXXX   XXXXXoo.

.XXXXXXX   XXXXXXo.

.XXXXXXX   XXXXXXX.

.XOOXXXX   XXXXXXo.

.XOOOXXX   XXXXXXo.

.XOOXXX   XXXXXo.

.XOOOXX   XXXXoo.

.XOOXXX XXXXXo.

.XXXOXXXXXXXoo.

..XXXXXXXXo..

..XXXXX..

32 32 9 1

    OOOOOOOOOo..oOOOOOOOOO XXXX

  XOOOOOOOOOO....OOOOOOOOOO XXX

 XoOOOOOOOOOO....OOOOOOOOOOo XXX

 XOOOOOOOOOOOo..oOOOOOOOOOOO XXX

XOOOOOOOOOOOOO..OOOOOOOOOOOOO XX

XOOOOOOOOOOOOO..oOOOOOOOOOOOO XX

XOOOOOOOOOOOOO...OOOOOOOOOOOO XX

XOOOOOOOOOOOOOo...OOOOOOOOOOO XX

XOOOOOOOOOo..oO....OOOOOOOOOO X

XoOOOOOOOO....Oo....OOOOOOOOo X

 XOOOOOOOO....OO....OOOOOOOO X

 XoOOOOOOO..OOOO....OOOOOOOo

  XOOOOOOOo.oOO....oOOOOOOO

   XOOOOOOOo......oOOOOOOO

32 32 6 1

XXX*iiiiiii%XXX

.44.5678.96$44.

$=-;:>,<123$-=$

.OOOOOOOX

.oooooooX

.XXXXXXXX

16 15 39 1

XXXXX .oo.

16 15 36 1

.XXXXXXXX.

.XXXX.....

....XXXX....

.XXXXXXXX.

.XXXXXX.

.XXXX.

....XXXX....

.XXXXXXXX.

.XXXXXX.

.XXXX.

.XXXXXXXXXXX.

........XX.

.XXXXXXXXXXX.

.XXXXXXXXXX.

.XX........

. .XXXXX.

... .XXXXX.

.. .. .XXXXX.

. . .XXXXX.

.XX.XX.

...... .XXXXX.

.. .XXXXX.

.XXXXX.

16 15 3 1

.ooOOOOOOOOOOOOOOOOOO.........

.ooOOOOOOOOOOOOOOOO..

.ooOOOOOOOOOOOOOO..

.ooOOOO..........

.ooO... XXX

.ooOOOOOOOXOOOOOOOOOOOOOOOOooX

.ooOOOOOOOOOOOOOOOOOOOOOOOOooX

.ooooooooooooooooooooooooooooX

32 32 5 1

.X........Xo

.XXXXXXXXXXo

.X......XXXo

.XXXXXXXXooo

.XXXXXXXX..

16 16 4 1

.XX.o o..

.XXX.O   o..

.XXXXo..O  o..

.XXXXoXXX..O O

.XXXXoXXXXXX..O

.XXXoXXXXXXXXX..

.XXoXXXXXXXXXX.

.XoXXXXXXXXXX.

.oXXXXXXXXXX.

..XXXXXXXX.

..XXXXX.

..XX.

16 16 6 1

16 15 2 1

.XOXX.o. ...o.

.OOOO.ooooooo.

.XOXX.o... .o.

.XXXX.o.. ooo.

.XOXX.ooooooo.

.OOOO.o... .o.

.XXOX.ooooooo.

.XOXX.oo...oo.

.XXXX.ooooooo.

16 15 6 1

wxART_REPORT_VIEW

..\..\src\msw\ole\oleutils.cpp

..\..\src\msw\fontdlg.cpp

..\..\src\msw\colordlg.cpp

TaskDialogIndirect

comctl32.dll

Enter Password

..\..\src\msw\helpchm.cpp

Page %d

Page %d of %d

burlywood

XPM: truncated image data at line %d!

XPM: incorrect colour description in line %d

..\..\src\common\xpmdecod.cpp

XPM: malformed colour definition '%s' at line %d!

%u %u %u %u

..\..\src\common\gifdecod.cpp

Incorrect GIF frame size (%u, %d) for the frame #%u

oX=-;:>,<1%X

.XXXXXXXXXXX

16 16 42 1

Operation not permitted.

..\..\src\msw\clipbrd.cpp

..\..\src\msw\notebook.cpp

'%s' is invalid

'%s' should be numeric.

'%s' should only contain digits.

'%s' should only contain alphabetic or numeric characters.

'%s' should only contain alphabetic characters.

'%s' should only contain ASCII characters.

..\..\src\msw\printwin.cpp

wxWindowsPrinter::Print

..\..\src\msw\dragimag.cpp

..\..\src\msw\volume.cpp

..\..\src\msw\enhmeta.cpp

Failed to load metafile from file "%s".

Gfailed to initialize GDI , missing gdiplus.dll?

?456789:;<=

!"#$%&'()* ,-./0123

string "%s"%s not found in %slocale '%s'.

domain '%s'

..\..\src\common\appbase.cpp

..\..\src\msw\thread.cpp

(error %ld: %s)

Module "%s" initialization failed

Dependency "%s" of module "%s" doesn't exist.

..\..\src\common\module.cpp

Circular dependency involving module "%s" detected.

..\..\src\common\dynlib.cpp

Couldn't find symbol '%s' in a dynamic library

Failed to load shared library '%s'

Win32s on Windows 3.1

Windows 95 OSR2

Windows 95

Windows 98 SE

Windows 98

Windows ME

Windows 9x (%d.%d)

Windows NT %lu.%lu

Windows 2000

Windows XP

Windows Server 2003

Windows Vista

Windows Server 2008

Windows 7

Windows Server 2008 R2

unexpected MsgWaitForMultipleObjects() return value %lu

Usage: %s

The required parameter '%s' was not specified.

The value for the option '%s' must be specified.

%s (or %s)

Unexpected parameter '%s'

Option '%s': '%s' cannot be converted to a date.

'%s' is not a correct numeric value for option '%s'.

Option '%s' requires a value.

Separator expected after the option '%s'.

Unexpected characters following option '%s'.

Unknown option '%s'

Unknown long option '%s'

..\..\src\common\init.cpp

..\..\src\msw\timer.cpp

..\..\src\common\config.cpp

'%s' has extra '..', ignored.

Invalid value %ld for a boolean key "%s" in config file.

..\..\src\common\filename.cpp

Failed to open '%s' for writing

Failed to open '%s' for reading

Failed to retrieve file times for '%s'

Files (%s)

..\..\src\common\filefn.cpp

Cannot enumerate files '%s'

Failed to copy the file '%s' to '%s'

Failed to rename the file '%s' to '%s' because the destination file already exists.

..\..\src\common\ffile.cpp

can't close file '%s'

Read error on file '%s'

Write error on file '%s'

failed to flush the file '%s'

Seek error on file '%s'

Can't find current position in file '%s'

can't open file '%s'

%%x

MacKeyboardGlyphs

Windows/DOS OEM (CP 437)

Windows Baltic (CP 1257)

Windows Arabic (CP 1256)

Windows Hebrew (CP 1255)

Windows Turkish (CP 1254)

Windows Greek (CP 1253)

Windows Western European (CP 1252)

Windows Cyrillic (CP 1251)

Windows Central European (CP 1250)

Windows Chinese Traditional (CP 950) or Big-5

Windows Korean (CP 949)

Windows Chinese Simplified (CP 936) or GB-2312

Windows Japanese (CP 932) or Shift-JIS

Windows Thai (CP 874)

Windows/DOS OEM Cyrillic (CP 866)

Unknown encoding (%d)

unknown-%d

..\..\src\msw\registry.cpp

wxRegKey::Create

Can't create registry key '%s'

wxRegKey::Close

Can't close registry key '%s'

wxRegKey::GetNextValue

Can't enumerate values of key '%s'

wxRegKey::GetNextKey

Can't enumerate subkeys of key '%s'

wxRegKey::Open

Can't open registry key '%s'

wxRegKey::DeleteValue

Can't delete value '%s' from key '%s'

wxRegKey::GetValueType

Can't read value of key '%s'

wxRegKey::SetValue

Can't set value of '%s'

wxRegKey::QueryValue

Can't read value of '%s'

wxRegKey::CopyValue

Can't copy values of unsupported type %d.

Registry key '%s' is needed for normal system operation,

operation aborted.

wxRegKey::DeleteSelf

Can't delete key '%s'

Failed to rename registry value '%s' to '%s'.

wxRegKey::RenameValue

Registry value '%s' already exists.

Failed to copy the contents of registry key '%s' to '%s'.

Failed to copy registry value '%s'

wxRegKey::Copy

Failed to copy the registry subkey '%s' to '%s'.

Failed to rename the registry key '%s' to '%s'.

Registry key '%s' already exists.

wxRegKey::Rename

Registry key '%s' does not exist, cannot rename it.

%$%a%b%V%U%c%Q%W%]%\%[%

%<%^%_%Z%T%i%f%`%P%l%g%h%d%e%Y%X%R%S%k%j%

%$%,%4%<%

S%T%U%V%W%X%Y%Z%[%\%]%^%_%`%a%

b%c%d%e%f%g%h%i%j%k%l%

W%X%Y%Z%[%

..\..\src\common\file.cpp

can't close file descriptor %d

can't read from file descriptor %d

can't write to file descriptor %d

can't seek on file descriptor %d

can't get seek position on file descriptor %d

can't commit changes to file '%s'

can't remove file '%s'

can't remove temporary file '%s'

can't create file '%s'

can't find length of file on file descriptor %d

%H:%M:%S

Cannot read typename from '%s'!

Failed to load mpr.dll.

..\..\src\msw\dir.cpp

Cannot enumerate files in directory '%s'

%I:%M:%S %p

..\..\src\msw\regconf.cpp

..\..\src\common\fileconf.cpp

entry '%s' appears more than once in group '%s'

attempt to change immutable key '%s' ignored.

trailing backslash ignored in '%s'

unexpected " at position %d in '%s'.

file '%s', line %d: key '%s' was first found at line %d.

file '%s', line %d: value for immutable key '%s' ignored.

file '%s', line %d: '=' expected.

file '%s', line %d: '%s' ignored after group header.

file '%s': unexpected character %c at line %d.

Config entry name cannot start with '%c'.

Changes won't be saved to avoid overwriting the existing file "%s"

can't open user configuration file '%s'.

can't open global configuration file '%s'.

can't delete user configuration file '%s'

Unknown DDE error x

an invalid transaction identifier was passed to a DDEML function.

a request for a synchronous execute transaction has timed out.

or an application initialized as APPCMD_CLIENTONLY has

was passed to a DDEML function.

..\..\src\msw\dde.cpp

Failed to register DDE server '%s'

Failed to unregister DDE server '%s'

Failed to create connection to server '%s' on topic '%s'

..\..\src\common\textfile.cpp

can't write buffer '%s' to disk.

Failed to convert file "%s" to Unicode.

"%s": Bad mode

Not a TIFF file, bad version number %d (0x%x)

This is a BigTIFF file. This format not supported

Not a TIFF or MDI file, bad magic number %d (0x%x)

%s: Out of memory (TIFF structure)

%s: Cannot determine size of unknown tag type %d

%s: TIFF directory is missing required "%s" field

incorrect count for field "%s" (%lu, expecting %lu); tag trimmed

incorrect count for field "%s" (%lu, expecting %lu); tag ignored

Error fetching data for field "%s"

%s: Rational with zero denominator (num = %lu)

cannot read TIFF_ANY type %d for field "%s"

Cannot handle different per-sample values for field "%s"

%s: cannot handle zero strip size

%s: cannot handle zero tile size

%s: cannot handle zero scanline size

%s: Wrong "%s" field, ignoring and calculating from imagelength

%s: Bogus "%s" field, ignoring and calculating from imagelength

%s: TIFF directory is missing required "%s" field, calculating from imagelength

%s: cannot handle zero number of %s

%s: wrong data type %d for "%s"; tag ignored

%s: unknown field with tag %d (0x%x) encountered

%s: invalid TIFF directory; tags are not sorted in ascending order

%s: Can not read TIFF directory

%s: Can not read TIFF directory count

%s: Seek error accessing TIFF directory

%s: Failed to allocate space for IFD list

LIBTIFF, Version 3.8.2

Sorry, can not handle images with %d-bit samples

Sorry, can not handle LogLuv images with %s=%d

Sorry, LogLuv data must have %s=%d or %d

Sorry, can not handle image with %s=%d

Sorry, LogL data must have %s=%d

Sorry, can not handle separated image with %s=%d

Sorry, can not handle RGB image with %s=%d

Sorry, can not handle YCbCr images with %s=%d

Sorry, can not handle contiguous data with %s=%d, and %s=%d and Bits/Sample=%d

Missing needed %s tag

No space %s

%s: Invalid InkNames value; expecting %d names, found %d

%s: Bad value %ld for "%s"

%s: Invalid %stag "%s" (not supported by codec)

%s: Bad field type %d for "%s"

%s: Failed to allocate space for list of custom values

%s: Sorry, cannot nest SubIFDs

Nonstandard tile length %d, convert file

Nonstandard tile width %d, convert file

%s: Bad value %d for "%s"

Bad value %lu for "%s" tag ignored

%s: Cannot modify tag "%s" while writing

%s: Unknown %stag %u

%s: Error fetching directory count

%s: Error fetching directory link

%s: Must set "PlanarConfiguration" before writing data

%s: No space for %s arrays

%s: Must set "ImageWidth" before writing data

%s: File not open for writing

%s: No space for output buffer

%s: No space to expand strip arrays

%s: Write error at scanline %lu

%s: Seek error at scanline %lu

%d: Sample out of range, max %d

Integer overflow in %s

Compression algorithm does not support random access

%s %s encoding is not implemented

Compression scheme %u %s encoding is not implemented

%s %s decoding is not implemented

Compression scheme %u %s decoding is not implemented

AsShotPreProfileMatrix

AsShotICCProfile

AsShotWhiteXY

AsShotNeutral

InteroperabilityIFDOffset

Internal error, unknown tag 0x%x

Tag %d

%s: Read error at scanline %lu, strip %lu; got %lu bytes, expected %lu

%s: Read error at scanline %lu; got %lu bytes, expected %lu

%s: Seek error at scanline %lu, strip %lu

%s: Read error at row %ld, col %ld, tile %ld; got %lu bytes, expected %lu

%s: Read error at row %ld, col %ld; got %lu bytes, expected %lu

%s: Seek error at row %ld, col %ld, tile %ld

%s: No space for data buffer at scanline %ld

%s: Data buffer too small to hold strip %lu

%s: Read error on strip %lu; got %lu bytes, expected %lu

%s: Data buffer too small to hold tile %ld

%s compression support is not configured

Error writing data for field "%s"

%s: Error writing SubIFD directory link

"%s": Information lost writing value (%g) as (unsigned) RATIONAL

LogL16Decode: Not enough data at row %d (short %d pixels)

LogLuvDecode24: Not enough data at row %d (short %d pixels)

LogLuvDecode32: Not enough data at row %d (short %d pixels)

?%s: No space for SGILog translation buffer

No support for converting user data format to LogL

No support for converting user data format to LogLuv

Inappropriate photometric interpretation %d for SGILog compression; %s

SGILog compression supported only for %s, or raw data

Unknown data format %d for LogLuv compression

Unknown encoding %d for LogLuv compression

%s: No space for LogLuv state block

?%s: %s

1.2.3

PixarLog compression can't handle bits depth/data format combination (depth: %d)

%d bit input not supported in PixarLog

PixarLogDecode: unsupported bits/sample: %d

%s: zlib error: %s

%s: Not enough data at scanline %d (short %d bytes)

%s: Decoding error at scanline %d, %s

PixarLog compression can't handle %d bit linear encodings

@%s: Encoder error: %s

%s: Bad code word at line %lu of %s %lu (x %lu)

%s: Uncompressed data (not supported) at line %lu of %s %lu (x %lu)

%s: %s at line %lu of %s %lu (got %lu, expected %lu)

%s: Premature EOF at line %lu of %s %lu (x %lu)

%s: No space for Group 3/4 reference line

@ Fax DCS: %s

Fax SubAddress: %s

(%u = 0x%x)

%suncompressed data

%sEOL padding

%s2-d encoding

%s: No space for state block

Decompressor will try reading with sampling %d,%d.

Improper JPEG sampling factors %d,%d

Apparently should be %d,%d.

Improper JPEG strip/tile size, expected %dx%d, got %dx%d

RowsPerStrip must be multiple of %d for JPEG

JPEG tile width must be multiple of %d

JPEG tile height must be multiple of %d

BitsPerSample %d not allowed for JPEG

PhotometricInterpretation %d not allowed for JPEG

ThunderDecode: %s data at scanline %ld (%lu != %lu)

PackBitsDecode: discarding %d bytes to avoid buffer overrun

LZWDecode: Bogus encoding, loop in the code table; scanline %d

LZWDecode: Corrupted LZW table at scanline %d

LZWDecode: Wrong length of decoded string: data probably corrupted at scanline %d

LZWDecode: Strip %d not terminated with EOI code

LZWDecode: Not enough data at scanline %d (short %d bytes)

LZWDecodeCompat: Corrupted LZW table at scanline %d

LZWDecodeCompat: Wrong length of decoded string: data probably corrupted at scanline %d

LZWDecodeCompat: Not enough data at scanline %d (short %d bytes)

DumpModeDecode: Not enough data for scanline %d

Horizontal differencing "Predictor" not supported with %d-bit samples

Floating point "Predictor" not supported with %d data format

"Predictor" value %d not supported

%u (0x%x)

Corrupt JPEG data: found marker 0xx instead of RST%d

Warning: unknown JFIF revision number %d.d

Corrupt JPEG data: %u extraneous bytes before marker 0xx

Inconsistent progression sequence for component %d coefficient %d

Unknown Adobe color transform code %d

Obtained XMS handle %u

Freed XMS handle %u

Unrecognized component IDs %d %d %d, assuming YCbCr

JFIF extension marker: RGB thumbnail image, length %u

JFIF extension marker: palette thumbnail image, length %u

JFIF extension marker: JPEG-compressed thumbnail image, length %u

Opened temporary file %s

Closed temporary file %s

Ss=%d, Se=%d, Ah=%d, Al=%d

Component %d: dc=%d ac=%d

Start Of Scan: %d components

Component %d: %dhx%dv q=%d

Start Of Frame 0xx: width=%u, height=%u, components=%d

Smoothing not supported with nonstandard sampling ratios

RST%d

At marker 0xx, recovery action %d

Selected %d colors for quantization

Quantizing to %d colors

Quantizing to %d = %d*%d*%d colors

%4u %4u %4u %4u %4u %4u %4u %4u

Unexpected marker 0xx

Miscellaneous marker 0xx, length %u

with %d x %d thumbnail image

JFIF extension marker: type 0xx, length %u

Warning: thumbnail image size does not match data length %u

JFIF APP0 marker: version %d.d, density %dx%d %d

= = = = = = = =

Obtained EMS handle %u

Freed EMS handle %u

Define Restart Interval %u

Define Quantization Table %d precision %d

Define Huffman Table 0xx

Define Arithmetic Table 0xx: 0xx

Unknown APP14 marker (not Adobe), length %u

Unknown APP0 marker (not JFIF), length %u

Adobe APP14 marker: version %d, flags 0xx 0xx, transform %d

Unsupported marker type 0xx

Failed to create temporary file %s

Unsupported JPEG process: SOF type 0xx

Cannot quantize to more than %d colors

Cannot quantize to fewer than %d colors

Cannot quantize more than %d color components

Insufficient memory (case %d)

Not a JPEG file: starts with 0xx 0xx

Quantization table 0xx was not defined

Huffman table 0xx was not defined

Backing store not supported

Cannot transcode due to multiple use of quantization table %d

Maximum supported image dimension is %u pixels

Empty JPEG image (DNL not supported)

Bogus DQT index %d

Bogus DHT index %d

Bogus DAC value 0x%x

Bogus DAC index %d

Unsupported color conversion request

Too many color components: %d, max %d

Buffer passed to JPEG library is too small

JPEG parameter struct mismatch: library thinks size is %u, caller expects %u

Improper call to JPEG library in state %d

Invalid scan script at entry %d

Invalid progressive parameters at scan script entry %d

Invalid progressive parameters Ss=%d Se=%d Ah=%d Al=%d

Unsupported JPEG data precision %d

Invalid memory pool code %d

Wrong JPEG library version: library is %d, caller expects %d

IDCT output block size %d not supported

Invalid component ID %d in SOS

Bogus message code %d

%ld%c

NULL row buffer for row %ld, pass %d

0123456789ABCDEFlibpng error: %s

libpng warning: %s

Buffer error in compressed datastream in %s chunk

Data error in compressed datastream in %s chunk

Incomplete compressed datastream in %s chunk

Unknown zTXt compression type %d

gamma = (%d/100000)

gx=%f, gy=%f, bx=%f, by=%f

wx=%f, wy=%f, rx=%f, ry=%f

incorrect gamma=(%d/100000)

Unknown compression type %d

zero length keyword

keyword length must be 1 - 79 characters

Zero length keyword

extra interior spaces removed from keyword

leading spaces removed from keyword

trailing spaces removed from keyword

invalid keyword character 0xX

Out of memory while procesing keyword

deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly

inflate 1.2.3 Copyright 1995-2005 Mark Adler

Visual C   CRT: Not enough memory to complete call to strerror.

portuguese-brazilian

Broken pipe

Inappropriate I/O control operation

Operation not permitted

?#%X.y

operator

GetProcessWindowStation

C:\Users\Ryokko\Documents\Visual Studio 2008\Projects\InjectorGadget\Release\InjectorGadget.pdb

.?AVwxWebNavigationEvent@@

.?AVwxWebView@@

.?AV?$wxEventFunctorMethod@V?$wxEventTypeTag@VwxActiveXEvent@@@@VwxEvtHandler@@VwxEvent@@V2@@@

.?AV?$wxEventFunctorMethod@V?$wxEventTypeTag@VwxKeyEvent@@@@VwxEvtHandler@@VwxEvent@@V2@@@

.?AV?$wxEventFunctorMethod@V?$wxEventTypeTag@VwxNavigationKeyEvent@@@@VwxEvtHandler@@VwxEvent@@V2@@@

.?AVwxNavigationKeyEvent@@

.?AVwxTextUrlEvent@@

.?AVwxKeyboardState@@

.?AV?$wxEventFunctorMethod@V?$wxEventTypeTag@VwxKeyEvent@@@@VwxTextAutoCompleteData@@VwxKeyEvent@@V2@@@

.?AU?$HandlerImpl@VwxTextAutoCompleteData@@VwxKeyEvent@@$0A@@wxPrivate@@

.?AVwxKeyEvent@@

.?AVwxActiveXEvents@@

.?AVwxActiveXEvent@@

.?AVwxMsgList@@

.?AVwxwxMsgListNode@@

.?AVwxWindowsArtProvider@@

.?AVwxWindowsPrinter@@

.?AVwxWindowsPrintPreview@@

.?AVwxWindowsPrintDialog@@

.?AVwxWindowsPageSetupDialog@@

.?AVwxWindowsPrintNativeData@@

.?AVwxExecuteModule@@

zcÁ

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\InjectorGadget.exe

GetCPInfo

GetProcessHeap

RegEnumKeyW

RegCreateKeyExW

RegOpenKeyExW

RegCloseKey

RegDeleteKeyW

SetViewportExtEx

SetViewportOrgEx

keybd_event

MsgWaitForMultipleObjects

UnhookWindowsHookEx

SetWindowsHookExA

SetWindowsHookExW

UnregisterHotKey

RegisterHotKey

GetKeyState

GetAsyncKeyState

VkKeyScanW

MapVirtualKeyW

CreateDialogIndirectParamW

5.'  % /&

X?e%F

96C

]<%X`4

|,08(080(00

9=F8%s

$$$$,$( $ $ ($$ ((

($,,4,,,,8<,88\$(,00((4,0

.text

`.rdata

@.data

.rsrc

@.reloc

/"`.rm

.jh`H

%%$_6760

 -.Xxzk

&333/??>>

<requestedExecutionLevel level="highestAvailable" uiAccess="false"></requestedExecutionLevel>

<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>

KERNEL32.DLL

ADVAPI32.dll

COMCTL32.dll

COMDLG32.dll

GDI32.dll

ole32.dll

OLEAUT32.dll

SHELL32.dll

SHLWAPI.dll

USER32.dll

WINSPOOL.DRV

-Windows

wxWidgets 2.9.2

.*.dll

%s failed with error %d: %s at line %d

wxWebNavigationEvent

Constraints not satisfied for %s named '%s'.

Unknown WM_POWERBROADCAST(%d) event

msw.window.no-clip-children

Don't know how to convert from Windows class

Windows bitmap file

Windows bitmap resource

Returning false from wxICOFileHandler::Load because of the size mismatch: actual (%d, %d), requested (%d, %d)

Failed to load icon from the file '%s'

No small icons found in the file '%s'.

No large icons found in the file '%s'.

Can't load bitmap '%s' from resources! Check .rc file.

This program uses Unicode and requires Windows NT/2000/XP.

cmd.exe

kernel32.dll

Windows icon file

Windows cursor file

Windows animated cursor file

#XXX

rgba(%d, %d, %d, %s)

rgb(%d, %d, %d)

wxColour::Set - couldn't set to colour string '%s'

( %d , %d , %d )

( %d , %d , %d , %

Set last focus to %s(%s)

OnFocus on wxPanel 0x%p, name: %s

Failed to insert the column '%s' into listview!

Ignoring invalid search start position %d in list control with %d items.

%d-%d

wxTextUrlEvent

shlwapi.dll

Unknown edit control '%s'.

RichEditÐ%c

Invalid menu string '%s'

10:55:54

wxWidgets Library (%s port)

Version %d.%d.%d (Unicode: %s, debug level: %d),

compiled at %s %s

Runtime version of toolkit used is %d.%d.

wxKeyEvent

wxNavigationKeyEvent

error code %u

Increasing ref count of ID %d to %d

Decreasing ref count of ID %d to %d

egdi32.dll

Failed to create the tooltip '%s'

uxtheme.dll

msw.staticbox.optimized-paint

msw.staticbox.htclient

corrupted config data: string '%s' is not a valid font encoding info

Adding duplicate image handler for '%s'

log.txt

.GifComment

TGA: image format unsupported.

Invalid key string "%s"

No accel key found, accel string ignored.

Unrecognized accel key '%s', accel string ignored.

Unknown accel modifier: '%s'

msw.remap

wxAutomationObject::ConvertOleToVariant: Unknown variant value type %X -> %X

wxAutomationObject::ConvertOleToVariant: [as yet] unhandled reference %X

unhandled VT_ARRAY type %x in wxConvertOleToVariant

wxIDataObject::QueryGetData: %s unsupported

wxIDataObject::QueryGetData: %s != %s

wxIDataObject::QueryGetData: %s ok

In wxFileDropTarget::OnDrop DragQueryFile returned %d characters, %d expected.

.wxColourDialog

wxPasswordEntryDialog

HHCTRL.OCX

unexpected code %d in TVN_ITEMEXPAND message

application/x-executable

Can't create the notebook page '%s'.

wxWindowsPrinter

wxWindowsPrintPreview

wxWindowsPrintNativeData

wxWindowsPrintDialog

wxWindowsPageSetupDialog

.wxEnhMetaFile

Software\Policies\Microsoft\Windows\Control Panel

GdipGetStringFormatHotkeyPrefix

GdipSetStringFormatHotkeyPrefix

GdipSetImageAttributesColorKeys

GdipGetCustomLineCapStrokeJoin

GdipSetCustomLineCapStrokeJoin

GdipGetPenLineJoin

GdipSetPenLineJoin

GdiplusShutdown

gdiplus.dll

Unexpected NUL length %d

encoding "%s" is not supported by this system

creating conversion for %s

The library used %s,

and %s used %s.

Last repeated message ("%s", %lu times) wasn't output

%s(%p)

Registering module %s

Cleanup module %s

Module "%s" initialized

.wxModule

wxWindows

b\\?\Volume{

Microsoft Windows CE

Microsoft Windows Micro

Microsoft Windows NT

Microsoft Windows 9X

WINDOWS-437

WINDOWS-1257

WINDOWS-1256

WINDOWS-1255

WINDOWS-1254

WINDOWS-1253

WINDOWS-1252

WINDOWS-1251

WINDOWS-1250

WINDOWS-950

WINDOWS-949

WINDOWS-936

WINDOWS-932

WINDOWS-874

WINDOWS-866

WINDOWS

8859-%u

corrupted config data: invalid encoding %ld for charset '%s' ignored

/wxWindows/FontMapper

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

HKEY_PERFORMANCE_DATA

HKEY_USERS

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

RegDeleteKeyEx

._wxExecute_Internal_Class

Failed to stop all wxExecute monitor threads

Failed to set shutdown event in wxExecuteModule

wxExecuteModule

.WNetCloseEnum

mpr.dll

%d/%m/%Y

%m/%d/%Y

%x %X

%X %x

%a %b %d %H:%M:%S %Y

User value for immutable key '%s' ignored.

Can't change immutable entry '%s'.

Failed to load %s.dll

Portuguese (Brazilian)

Portuguese

tail: %s

head: %s

** Adding Line '%s'

** Inserting Line '%s' after '%s'

** Removing Line '%s'

No line entry for Group '%s'?

Removing from group '%s' : '%s'

Removing line for group '%s' : '%s'

text: '%s'

Deleting group '%s' from '%s'

@_/-!.*%

checking parent '%s'

GetGroupLine() for Group '%s'

GetLastEntryLine() for Group '%s'

Setting value %s

Adding Entry %s

Creating group %s

Writing String '%s' = '%s' to Group '%s'

DDE execute request failed

mscoree.dll

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

WUSER32.DLL

InjectorGadget.exe_2932_rwx_009C1000_00351000:

;8u%S

8X%u7

s%Sh,

</tt<-tp<.tl<_th<~td<0r

Ht.Hu/

SSSSHPj

FTpr

xSSSh

FTPjKS

FtPj;S

C.PjRV

Bv.SCv`

123456789

@^/(_:<[}|

@-;>,')!~ {]

. @#$%&* =

23 20 86 1

[ } | 1 2 3 4 5 6 7

! ~ { ] ^ / ( _ : <

$ % & * = - ; > , ' )

7.8.9.0.a.b.c.d.e.f.g.h.3 i.

_.:.<.[.}.|.1.2.3.4.5.0 6.^.

_ : < [ } | 1 2 3 4 # 5 6 7 8

> , . ' ) ! ~ { ] , ^ / (

.   @ # $ % & * = - ;

36 20 237 2

4.{.5.6.7.8.9.0.a.b.c.d.e.f.

!.~.{.].^./.(._.:.<.[.}.|.1.2.3.

... .@.#.$.%.&.*.=.-.;.>.,.'.).

/ ( _ : < [ } | 1 2 3 4

> , ' ) ! ! ~ { ] ^

$ % & * * = - ;

16 16 179 2

/(_:<[}}[|1234

16 16 89 1

. @#$%&*=

~{]^/(_:<

16 16 26 1

16 16 1 1

3.4.5.6.7.8.9.0.a.b.c.d.e.f.g.h.

: < [ } | 1 2 3 4 5 5 5 6 7 8 9

! ~ ~ ~ { { { ] { { { ^ ^ / ( _

.   @ # $ % & * = - ; > , ' )

16 16 177 2

2.9.2 (wchar_t,Visual C   1600,wx containers,compatible with 2.8)

The import table referenced an invalid index in the data directory.

Error: Import table could not be located

Size of import directory entry was 0

Error: Import Directory size is 0

Injector Gadget doesn't support ROM images.

Image is a PE32  executable.

Injector Gadget doesn't support PE32  executables yet.

Error: Image is not a PE32 executable

VVV.riukuzaki.com

riukuzaki.com

*.dll

Enter a process name to watch for, such as explorer.exe, notepad.exe, etc.

maplestory.exe

hXXp://VVV.riukuzaki.com/downloads/injectorgadget/

wxWebView

dll_helper.dll

Not a valid executable file.

LocationURL

INET_E_INVALID_CERTIFICATE

INET_E_INVALID_URL

webview\wxIETest2\wxiepanel.cpp

..\..\src\msw\toplevel.cpp

wx.sys_error

..\..\src\common\wincmn.cpp

..\..\src\msw\window.cpp

Can't create window of class %s

..\..\src\msw\nativdlg.cpp

msw.font.no-proof-quality

..\..\src\msw\gdiimage.cpp

C:\wxWidgets-2.9.2\include\wx/msw/ole/oleutils.h

..\..\src\msw\listctrl.cpp

Couldn't retrieve information about list control item %d.

Please install a newer version of comctl32.dll

(at least version 4.70 is required but you have %d.d)

or this program won't operate correctly.

..\..\src\msw\imaglist.cpp

..\..\src\common\textcmn.cpp

..\..\src\msw\textctrl.cpp

Impossible to create a rich edit control, using simple text control instead. Please reinstall riched32.dll

..\..\src\msw\filedlg.cpp

All files (%s)|%s

%s files (%s)|%s

Save %s file

Load %s file

..\..\src\msw\ole\automtn.cpp

OLE Automation error in %s: %s

Unknown error x

Type mismatch in argument %u.

Argument %u not found.

Object implementation does not support named arguments.

12 11 2 1

..\..\src\common\windowid.cpp

user32.dll

No font for displaying text in encoding '%s' found.

No font for displaying text in encoding '%s' found,

but an alternative encoding '%s' is available.

..\..\src\common\fontmap.cpp

Failed to remember the encoding for the charset '%s'.

The charset '%s' is unknown. You may select

..\..\src\msw\dib.cpp

Failed to save the bitmap image to file "%s".

..\..\src\common\image.cpp

Failed to load image from file "%s".

Can't save image to file '%s': unknown extension.

No image handler for type %d defined.

This is not a %s.

Image is not of type %s.

No image handler for type %s defined.

%s Warning

%s Error

%s Information

wx.frame

Append log to file '%s' (choosing [No] will overwrite it)?

..\..\src\generic\logg.cpp

Log saved to the file '%s'.

..\..\src\common\imagbmp.cpp

..\..\src\common\imagpng.cpp

AUnknown PNG resolution unit %d

1.4.4

..\..\src\common\imaggif.cpp

..\..\src\common\imagpcx.cpp

PCX: image format unsupported

..\..\src\common\imagjpeg.cpp

..\..\src\common\imagtga.cpp

..\..\src\common\imagpnm.cpp

"%s c #XXX",

"%s c None",

"%s c Black",

.XoO @#$%&*=-;:>,<1234567890qwertyuipasdfghjklzxcvbnmMNBVCZASDFGHJKLPIUYTREWQ!~^/()_`'][{}|

(in module "%s")

..\..\src\common\imagtiff.cpp

Unknown TIFF resolution unit %d ignored

bad quoting for value of "%s"

invalid font weight "%s"

invalid font style "%s"

invalid font size "%s"

tag "%s" can't have attributes

Unmatched closing tag "%s" at %lu.

Bad attributes for "%s" at %lu: %s.

%s at %lu.

Missing closing tag for "%s"

WINDOWS_MENU

WINDOWS_RIGHT

WINDOWS_LEFT

&Execute

?}:11555

s;u&%sr

hXXp://jimmac.musichall.cz

hXXp://VVV.gimp.orgg

P.NNR

X,V.wuuuuu

rKww.gt

'    /^4

VVV.inkscape.org

.NN,H

.Wcc4:<

Failed to load embedded PNG image for "%s"

wxART_EXECUTABLE_FILE

12>678392%

12>-345-#%

.&#*==-;@@

 @###$ %

.XooXO

16 15 42 1

12>678392%

12>-345-#%

.&#*==-;@@

 @###$ %

.XooXO

16 15 41 1

..XXXXXXXXXX

16 15 69 1

12 10 2 1

......XX......

 123 @<2222&

&>:$ @:>>>@

@:=  @=:=*:@

.XoooO

$1111<# 213

#>>>:# &:>$

#:-=:=#  =:#

.XXXoO

16 15 37 1

.::::6752340

.:::67523419

.::6752341<8

.:6752341<,8

.XoOO @#.

16 15 29 1

;#& 2#>.

&@@$ :@@1

<#@*. .@@=

.>@#%@@.

=@= .*@*.

 @#. $@%

.Xo OO

.6453<>----.

.<<>--##.21,:;.

.<>--## .1,:;&.

.>--##  .,:;&*.

.--##  $.:;....

.-##  $$.;&.==.

.##  $$%.&*.=.

.XoOOOOoo.

6225 522>

23,<5 5<,32

<, ,2 2, ,<

,2 4< <5 2,

><23<1 1<32<1

>,,<, ,<,,1

16 15 25 1

.***-432,.

.32<.*-432,>:.

.32<.*432,>:=.

.2<1.*32,>:=&.

.<1:.*2,>:=&#.

.:=&.*>;=&....

.=&%.*;=&#.--.

.oO @X#X

.....XX

##&***=-;: &# @

##%%%%%%.X%.X .

#O $$$$$XX...XX

@@$%X;;<12O$@ .

@@$%X;;:>,O$@ .

@@$%X;;*=-O$@ .

16 15 21 1

10 10 2 1

#38459736,%X

.%%&*=-;:;>

..XooO @#$

16 16 32 1

.oO @#$%XX

16 16 51 1

..564*=-;:>,<1.

. .4*=-;:>,<12$.

.OOOOOOO@ooo.$

.OOOO#OO@ooo.$

.OOOOOO@@ooo..

.OO ....ooooo.

.... X.ooo.

.<.1@#$%2*=-;:23

.XXXXXXXXXXXX.

.XXXXO........

.XXXo.

16 15 31 1

.oO @#$%&*=-.

.XXXX.

.XoO @#$%.

16 15 23 1

.XoooooooXO

16 15 18 1

.XooOo

1111111111111111

### 67;;78242

&$*==-;$$$&

.XoooXO @

o @#$%&*XX...XX

oOOOOo XX...XX

.X .XX.

16 15 22 1

.XXX. o o .

.XXX. o .

.XXX. o o .

.XXX..........

16 15 4 1

.XXXXXXXXXXX...

.XXXXXXXXXX....

........XX. ...

...XXXXXXXXXXX.

....XXXXXXXXXX.

... .XX........

16 16 3 1

.XXXXXXX. .X.

.XXXXXXXXXXXX.

.XXXXXo..

..XXXXXXo..

.XXXXXXXXo.

.XXXX   XXoo.

.XXXXX   XXXoo.

.XXXXXXXXXXXXo.

.XXXXXXX XXXXXXo.

.XXXXXX   XXXXXo.

.XXXXXXX   XXXXXoo.

.XXXXXXX   XXXXXXo.

.XXXXXXX   XXXXXXX.

.XOOXXXX   XXXXXXo.

.XOOOXXX   XXXXXXo.

.XOOXXX   XXXXXo.

.XOOOXX   XXXXoo.

.XOOXXX XXXXXo.

.XXXOXXXXXXXoo.

..XXXXXXXXo..

..XXXXX..

32 32 9 1

    OOOOOOOOOo..oOOOOOOOOO XXXX

  XOOOOOOOOOO....OOOOOOOOOO XXX

 XoOOOOOOOOOO....OOOOOOOOOOo XXX

 XOOOOOOOOOOOo..oOOOOOOOOOOO XXX

XOOOOOOOOOOOOO..OOOOOOOOOOOOO XX

XOOOOOOOOOOOOO..oOOOOOOOOOOOO XX

XOOOOOOOOOOOOO...OOOOOOOOOOOO XX

XOOOOOOOOOOOOOo...OOOOOOOOOOO XX

XOOOOOOOOOo..oO....OOOOOOOOOO X

XoOOOOOOOO....Oo....OOOOOOOOo X

 XOOOOOOOO....OO....OOOOOOOO X

 XoOOOOOOO..OOOO....OOOOOOOo

  XOOOOOOOo.oOO....oOOOOOOO

   XOOOOOOOo......oOOOOOOO

32 32 6 1

XXX*iiiiiii%XXX

.44.5678.96$44.

$=-;:>,<123$-=$

.OOOOOOOX

.oooooooX

.XXXXXXXX

16 15 39 1

XXXXX .oo.

16 15 36 1

.XXXXXXXX.

.XXXX.....

....XXXX....

.XXXXXXXX.

.XXXXXX.

.XXXX.

....XXXX....

.XXXXXXXX.

.XXXXXX.

.XXXX.

.XXXXXXXXXXX.

........XX.

.XXXXXXXXXXX.

.XXXXXXXXXX.

.XX........

. .XXXXX.

... .XXXXX.

.. .. .XXXXX.

. . .XXXXX.

.XX.XX.

...... .XXXXX.

.. .XXXXX.

.XXXXX.

16 15 3 1

.ooOOOOOOOOOOOOOOOOOO.........

.ooOOOOOOOOOOOOOOOO..

.ooOOOOOOOOOOOOOO..

.ooOOOO..........

.ooO... XXX

.ooOOOOOOOXOOOOOOOOOOOOOOOOooX

.ooOOOOOOOOOOOOOOOOOOOOOOOOooX

.ooooooooooooooooooooooooooooX

32 32 5 1

.X........Xo

.XXXXXXXXXXo

.X......XXXo

.XXXXXXXXooo

.XXXXXXXX..

16 16 4 1

.XX.o o..

.XXX.O   o..

.XXXXo..O  o..

.XXXXoXXX..O O

.XXXXoXXXXXX..O

.XXXoXXXXXXXXX..

.XXoXXXXXXXXXX.

.XoXXXXXXXXXX.

.oXXXXXXXXXX.

..XXXXXXXX.

..XXXXX.

..XX.

16 16 6 1

16 15 2 1

.XOXX.o. ...o.

.OOOO.ooooooo.

.XOXX.o... .o.

.XXXX.o.. ooo.

.XOXX.ooooooo.

.OOOO.o... .o.

.XXOX.ooooooo.

.XOXX.oo...oo.

.XXXX.ooooooo.

16 15 6 1

wxART_REPORT_VIEW

..\..\src\msw\ole\oleutils.cpp

..\..\src\msw\fontdlg.cpp

..\..\src\msw\colordlg.cpp

TaskDialogIndirect

comctl32.dll

Enter Password

..\..\src\msw\helpchm.cpp

Page %d

Page %d of %d

burlywood

XPM: truncated image data at line %d!

XPM: incorrect colour description in line %d

..\..\src\common\xpmdecod.cpp

XPM: malformed colour definition '%s' at line %d!

%u %u %u %u

..\..\src\common\gifdecod.cpp

Incorrect GIF frame size (%u, %d) for the frame #%u

oX=-;:>,<1%X

.XXXXXXXXXXX

16 16 42 1

Operation not permitted.

..\..\src\msw\clipbrd.cpp

..\..\src\msw\notebook.cpp

'%s' is invalid

'%s' should be numeric.

'%s' should only contain digits.

'%s' should only contain alphabetic or numeric characters.

'%s' should only contain alphabetic characters.

'%s' should only contain ASCII characters.

..\..\src\msw\printwin.cpp

wxWindowsPrinter::Print

..\..\src\msw\dragimag.cpp

..\..\src\msw\volume.cpp

..\..\src\msw\enhmeta.cpp

Failed to load metafile from file "%s".

Gfailed to initialize GDI , missing gdiplus.dll?

?456789:;<=

!"#$%&'()* ,-./0123

string "%s"%s not found in %slocale '%s'.

domain '%s'

..\..\src\common\appbase.cpp

..\..\src\msw\thread.cpp

(error %ld: %s)

Module "%s" initialization failed

Dependency "%s" of module "%s" doesn't exist.

..\..\src\common\module.cpp

Circular dependency involving module "%s" detected.

..\..\src\common\dynlib.cpp

Couldn't find symbol '%s' in a dynamic library

Failed to load shared library '%s'

Win32s on Windows 3.1

Windows 95 OSR2

Windows 95

Windows 98 SE

Windows 98

Windows ME

Windows 9x (%d.%d)

Windows NT %lu.%lu

Windows 2000

Windows XP

Windows Server 2003

Windows Vista

Windows Server 2008

Windows 7

Windows Server 2008 R2

unexpected MsgWaitForMultipleObjects() return value %lu

Usage: %s

The required parameter '%s' was not specified.

The value for the option '%s' must be specified.

%s (or %s)

Unexpected parameter '%s'

Option '%s': '%s' cannot be converted to a date.

'%s' is not a correct numeric value for option '%s'.

Option '%s' requires a value.

Separator expected after the option '%s'.

Unexpected characters following option '%s'.

Unknown option '%s'

Unknown long option '%s'

..\..\src\common\init.cpp

..\..\src\msw\timer.cpp

..\..\src\common\config.cpp

'%s' has extra '..', ignored.

Invalid value %ld for a boolean key "%s" in config file.

..\..\src\common\filename.cpp

Failed to open '%s' for writing

Failed to open '%s' for reading

Failed to retrieve file times for '%s'

Files (%s)

..\..\src\common\filefn.cpp

Cannot enumerate files '%s'

Failed to copy the file '%s' to '%s'

Failed to rename the file '%s' to '%s' because the destination file already exists.

..\..\src\common\ffile.cpp

can't close file '%s'

Read error on file '%s'

Write error on file '%s'

failed to flush the file '%s'

Seek error on file '%s'

Can't find current position in file '%s'

can't open file '%s'

%%x

MacKeyboardGlyphs

Windows/DOS OEM (CP 437)

Windows Baltic (CP 1257)

Windows Arabic (CP 1256)

Windows Hebrew (CP 1255)

Windows Turkish (CP 1254)

Windows Greek (CP 1253)

Windows Western European (CP 1252)

Windows Cyrillic (CP 1251)

Windows Central European (CP 1250)

Windows Chinese Traditional (CP 950) or Big-5

Windows Korean (CP 949)

Windows Chinese Simplified (CP 936) or GB-2312

Windows Japanese (CP 932) or Shift-JIS

Windows Thai (CP 874)

Windows/DOS OEM Cyrillic (CP 866)

Unknown encoding (%d)

unknown-%d

..\..\src\msw\registry.cpp

wxRegKey::Create

Can't create registry key '%s'

wxRegKey::Close

Can't close registry key '%s'

wxRegKey::GetNextValue

Can't enumerate values of key '%s'

wxRegKey::GetNextKey

Can't enumerate subkeys of key '%s'

wxRegKey::Open

Can't open registry key '%s'

wxRegKey::DeleteValue

Can't delete value '%s' from key '%s'

wxRegKey::GetValueType

Can't read value of key '%s'

wxRegKey::SetValue

Can't set value of '%s'

wxRegKey::QueryValue

Can't read value of '%s'

wxRegKey::CopyValue

Can't copy values of unsupported type %d.

Registry key '%s' is needed for normal system operation,

operation aborted.

wxRegKey::DeleteSelf

Can't delete key '%s'

Failed to rename registry value '%s' to '%s'.

wxRegKey::RenameValue

Registry value '%s' already exists.

Failed to copy the contents of registry key '%s' to '%s'.

Failed to copy registry value '%s'

wxRegKey::Copy

Failed to copy the registry subkey '%s' to '%s'.

Failed to rename the registry key '%s' to '%s'.

Registry key '%s' already exists.

wxRegKey::Rename

Registry key '%s' does not exist, cannot rename it.

%$%a%b%V%U%c%Q%W%]%\%[%

%<%^%_%Z%T%i%f%`%P%l%g%h%d%e%Y%X%R%S%k%j%

%$%,%4%<%

S%T%U%V%W%X%Y%Z%[%\%]%^%_%`%a%

b%c%d%e%f%g%h%i%j%k%l%

W%X%Y%Z%[%

..\..\src\common\file.cpp

can't close file descriptor %d

can't read from file descriptor %d

can't write to file descriptor %d

can't seek on file descriptor %d

can't get seek position on file descriptor %d

can't commit changes to file '%s'

can't remove file '%s'

can't remove temporary file '%s'

can't create file '%s'

can't find length of file on file descriptor %d

%H:%M:%S

Cannot read typename from '%s'!

Failed to load mpr.dll.

..\..\src\msw\dir.cpp

Cannot enumerate files in directory '%s'

%I:%M:%S %p

..\..\src\msw\regconf.cpp

..\..\src\common\fileconf.cpp

entry '%s' appears more than once in group '%s'

attempt to change immutable key '%s' ignored.

trailing backslash ignored in '%s'

unexpected " at position %d in '%s'.

file '%s', line %d: key '%s' was first found at line %d.

file '%s', line %d: value for immutable key '%s' ignored.

file '%s', line %d: '=' expected.

file '%s', line %d: '%s' ignored after group header.

file '%s': unexpected character %c at line %d.

Config entry name cannot start with '%c'.

Changes won't be saved to avoid overwriting the existing file "%s"

can't open user configuration file '%s'.

can't open global configuration file '%s'.

can't delete user configuration file '%s'

Unknown DDE error x

an invalid transaction identifier was passed to a DDEML function.

a request for a synchronous execute transaction has timed out.

or an application initialized as APPCMD_CLIENTONLY has

was passed to a DDEML function.

..\..\src\msw\dde.cpp

Failed to register DDE server '%s'

Failed to unregister DDE server '%s'

Failed to create connection to server '%s' on topic '%s'

..\..\src\common\textfile.cpp

can't write buffer '%s' to disk.

Failed to convert file "%s" to Unicode.

"%s": Bad mode

Not a TIFF file, bad version number %d (0x%x)

This is a BigTIFF file. This format not supported

Not a TIFF or MDI file, bad magic number %d (0x%x)

%s: Out of memory (TIFF structure)

%s: Cannot determine size of unknown tag type %d

%s: TIFF directory is missing required "%s" field

incorrect count for field "%s" (%lu, expecting %lu); tag trimmed

incorrect count for field "%s" (%lu, expecting %lu); tag ignored

Error fetching data for field "%s"

%s: Rational with zero denominator (num = %lu)

cannot read TIFF_ANY type %d for field "%s"

Cannot handle different per-sample values for field "%s"

%s: cannot handle zero strip size

%s: cannot handle zero tile size

%s: cannot handle zero scanline size

%s: Wrong "%s" field, ignoring and calculating from imagelength

%s: Bogus "%s" field, ignoring and calculating from imagelength

%s: TIFF directory is missing required "%s" field, calculating from imagelength

%s: cannot handle zero number of %s

%s: wrong data type %d for "%s"; tag ignored

%s: unknown field with tag %d (0x%x) encountered

%s: invalid TIFF directory; tags are not sorted in ascending order

%s: Can not read TIFF directory

%s: Can not read TIFF directory count

%s: Seek error accessing TIFF directory

%s: Failed to allocate space for IFD list

LIBTIFF, Version 3.8.2

Sorry, can not handle images with %d-bit samples

Sorry, can not handle LogLuv images with %s=%d

Sorry, LogLuv data must have %s=%d or %d

Sorry, can not handle image with %s=%d

Sorry, LogL data must have %s=%d

Sorry, can not handle separated image with %s=%d

Sorry, can not handle RGB image with %s=%d

Sorry, can not handle YCbCr images with %s=%d

Sorry, can not handle contiguous data with %s=%d, and %s=%d and Bits/Sample=%d

Missing needed %s tag

No space %s

%s: Invalid InkNames value; expecting %d names, found %d

%s: Bad value %ld for "%s"

%s: Invalid %stag "%s" (not supported by codec)

%s: Bad field type %d for "%s"

%s: Failed to allocate space for list of custom values

%s: Sorry, cannot nest SubIFDs

Nonstandard tile length %d, convert file

Nonstandard tile width %d, convert file

%s: Bad value %d for "%s"

Bad value %lu for "%s" tag ignored

%s: Cannot modify tag "%s" while writing

%s: Unknown %stag %u

%s: Error fetching directory count

%s: Error fetching directory link

%s: Must set "PlanarConfiguration" before writing data

%s: No space for %s arrays

%s: Must set "ImageWidth" before writing data

%s: File not open for writing

%s: No space for output buffer

%s: No space to expand strip arrays

%s: Write error at scanline %lu

%s: Seek error at scanline %lu

%d: Sample out of range, max %d

Integer overflow in %s

Compression algorithm does not support random access

%s %s encoding is not implemented

Compression scheme %u %s encoding is not implemented

%s %s decoding is not implemented

Compression scheme %u %s decoding is not implemented

AsShotPreProfileMatrix

AsShotICCProfile

AsShotWhiteXY

AsShotNeutral

InteroperabilityIFDOffset

Internal error, unknown tag 0x%x

Tag %d

%s: Read error at scanline %lu, strip %lu; got %lu bytes, expected %lu

%s: Read error at scanline %lu; got %lu bytes, expected %lu

%s: Seek error at scanline %lu, strip %lu

%s: Read error at row %ld, col %ld, tile %ld; got %lu bytes, expected %lu

%s: Read error at row %ld, col %ld; got %lu bytes, expected %lu

%s: Seek error at row %ld, col %ld, tile %ld

%s: No space for data buffer at scanline %ld

%s: Data buffer too small to hold strip %lu

%s: Read error on strip %lu; got %lu bytes, expected %lu

%s: Data buffer too small to hold tile %ld

%s compression support is not configured

Error writing data for field "%s"

%s: Error writing SubIFD directory link

"%s": Information lost writing value (%g) as (unsigned) RATIONAL

LogL16Decode: Not enough data at row %d (short %d pixels)

LogLuvDecode24: Not enough data at row %d (short %d pixels)

LogLuvDecode32: Not enough data at row %d (short %d pixels)

?%s: No space for SGILog translation buffer

No support for converting user data format to LogL

No support for converting user data format to LogLuv

Inappropriate photometric interpretation %d for SGILog compression; %s

SGILog compression supported only for %s, or raw data

Unknown data format %d for LogLuv compression

Unknown encoding %d for LogLuv compression

%s: No space for LogLuv state block

?%s: %s

1.2.3

PixarLog compression can't handle bits depth/data format combination (depth: %d)

%d bit input not supported in PixarLog

PixarLogDecode: unsupported bits/sample: %d

%s: zlib error: %s

%s: Not enough data at scanline %d (short %d bytes)

%s: Decoding error at scanline %d, %s

PixarLog compression can't handle %d bit linear encodings

@%s: Encoder error: %s

%s: Bad code word at line %lu of %s %lu (x %lu)

%s: Uncompressed data (not supported) at line %lu of %s %lu (x %lu)

%s: %s at line %lu of %s %lu (got %lu, expected %lu)

%s: Premature EOF at line %lu of %s %lu (x %lu)

%s: No space for Group 3/4 reference line

@ Fax DCS: %s

Fax SubAddress: %s

(%u = 0x%x)

%suncompressed data

%sEOL padding

%s2-d encoding

%s: No space for state block

Decompressor will try reading with sampling %d,%d.

Improper JPEG sampling factors %d,%d

Apparently should be %d,%d.

Improper JPEG strip/tile size, expected %dx%d, got %dx%d

RowsPerStrip must be multiple of %d for JPEG

JPEG tile width must be multiple of %d

JPEG tile height must be multiple of %d

BitsPerSample %d not allowed for JPEG

PhotometricInterpretation %d not allowed for JPEG

ThunderDecode: %s data at scanline %ld (%lu != %lu)

PackBitsDecode: discarding %d bytes to avoid buffer overrun

LZWDecode: Bogus encoding, loop in the code table; scanline %d

LZWDecode: Corrupted LZW table at scanline %d

LZWDecode: Wrong length of decoded string: data probably corrupted at scanline %d

LZWDecode: Strip %d not terminated with EOI code

LZWDecode: Not enough data at scanline %d (short %d bytes)

LZWDecodeCompat: Corrupted LZW table at scanline %d

LZWDecodeCompat: Wrong length of decoded string: data probably corrupted at scanline %d

LZWDecodeCompat: Not enough data at scanline %d (short %d bytes)

DumpModeDecode: Not enough data for scanline %d

Horizontal differencing "Predictor" not supported with %d-bit samples

Floating point "Predictor" not supported with %d data format

"Predictor" value %d not supported

%u (0x%x)

Corrupt JPEG data: found marker 0xx instead of RST%d

Warning: unknown JFIF revision number %d.d

Corrupt JPEG data: %u extraneous bytes before marker 0xx

Inconsistent progression sequence for component %d coefficient %d

Unknown Adobe color transform code %d

Obtained XMS handle %u

Freed XMS handle %u

Unrecognized component IDs %d %d %d, assuming YCbCr

JFIF extension marker: RGB thumbnail image, length %u

JFIF extension marker: palette thumbnail image, length %u

JFIF extension marker: JPEG-compressed thumbnail image, length %u

Opened temporary file %s

Closed temporary file %s

Ss=%d, Se=%d, Ah=%d, Al=%d

Component %d: dc=%d ac=%d

Start Of Scan: %d components

Component %d: %dhx%dv q=%d

Start Of Frame 0xx: width=%u, height=%u, components=%d

Smoothing not supported with nonstandard sampling ratios

RST%d

At marker 0xx, recovery action %d

Selected %d colors for quantization

Quantizing to %d colors

Quantizing to %d = %d*%d*%d colors

%4u %4u %4u %4u %4u %4u %4u %4u

Unexpected marker 0xx

Miscellaneous marker 0xx, length %u

with %d x %d thumbnail image

JFIF extension marker: type 0xx, length %u

Warning: thumbnail image size does not match data length %u

JFIF APP0 marker: version %d.d, density %dx%d %d

= = = = = = = =

Obtained EMS handle %u

Freed EMS handle %u

Define Restart Interval %u

Define Quantization Table %d precision %d

Define Huffman Table 0xx

Define Arithmetic Table 0xx: 0xx

Unknown APP14 marker (not Adobe), length %u

Unknown APP0 marker (not JFIF), length %u

Adobe APP14 marker: version %d, flags 0xx 0xx, transform %d

Unsupported marker type 0xx

Failed to create temporary file %s

Unsupported JPEG process: SOF type 0xx

Cannot quantize to more than %d colors

Cannot quantize to fewer than %d colors

Cannot quantize more than %d color components

Insufficient memory (case %d)

Not a JPEG file: starts with 0xx 0xx

Quantization table 0xx was not defined

Huffman table 0xx was not defined

Backing store not supported

Cannot transcode due to multiple use of quantization table %d

Maximum supported image dimension is %u pixels

Empty JPEG image (DNL not supported)

Bogus DQT index %d

Bogus DHT index %d

Bogus DAC value 0x%x

Bogus DAC index %d

Unsupported color conversion request

Too many color components: %d, max %d

Buffer passed to JPEG library is too small

JPEG parameter struct mismatch: library thinks size is %u, caller expects %u

Improper call to JPEG library in state %d

Invalid scan script at entry %d

Invalid progressive parameters at scan script entry %d

Invalid progressive parameters Ss=%d Se=%d Ah=%d Al=%d

Unsupported JPEG data precision %d

Invalid memory pool code %d

Wrong JPEG library version: library is %d, caller expects %d

IDCT output block size %d not supported

Invalid component ID %d in SOS

Bogus message code %d

%ld%c

NULL row buffer for row %ld, pass %d

0123456789ABCDEFlibpng error: %s

libpng warning: %s

Buffer error in compressed datastream in %s chunk

Data error in compressed datastream in %s chunk

Incomplete compressed datastream in %s chunk

Unknown zTXt compression type %d

gamma = (%d/100000)

gx=%f, gy=%f, bx=%f, by=%f

wx=%f, wy=%f, rx=%f, ry=%f

incorrect gamma=(%d/100000)

Unknown compression type %d

zero length keyword

keyword length must be 1 - 79 characters

Zero length keyword

extra interior spaces removed from keyword

leading spaces removed from keyword

trailing spaces removed from keyword

invalid keyword character 0xX

Out of memory while procesing keyword

deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly

inflate 1.2.3 Copyright 1995-2005 Mark Adler

Visual C   CRT: Not enough memory to complete call to strerror.

portuguese-brazilian

Broken pipe

Inappropriate I/O control operation

Operation not permitted

?#%X.y

operator

GetProcessWindowStation

C:\Users\Ryokko\Documents\Visual Studio 2008\Projects\InjectorGadget\Release\InjectorGadget.pdb

.?AVwxWebNavigationEvent@@

.?AVwxWebView@@

.?AV?$wxEventFunctorMethod@V?$wxEventTypeTag@VwxActiveXEvent@@@@VwxEvtHandler@@VwxEvent@@V2@@@

.?AV?$wxEventFunctorMethod@V?$wxEventTypeTag@VwxKeyEvent@@@@VwxEvtHandler@@VwxEvent@@V2@@@

.?AV?$wxEventFunctorMethod@V?$wxEventTypeTag@VwxNavigationKeyEvent@@@@VwxEvtHandler@@VwxEvent@@V2@@@

.?AVwxNavigationKeyEvent@@

.?AVwxTextUrlEvent@@

.?AVwxKeyboardState@@

.?AV?$wxEventFunctorMethod@V?$wxEventTypeTag@VwxKeyEvent@@@@VwxTextAutoCompleteData@@VwxKeyEvent@@V2@@@

.?AU?$HandlerImpl@VwxTextAutoCompleteData@@VwxKeyEvent@@$0A@@wxPrivate@@

.?AVwxKeyEvent@@

.?AVwxActiveXEvents@@

.?AVwxActiveXEvent@@

.?AVwxMsgList@@

.?AVwxwxMsgListNode@@

.?AVwxWindowsArtProvider@@

.?AVwxWindowsPrinter@@

.?AVwxWindowsPrintPreview@@

.?AVwxWindowsPrintDialog@@

.?AVwxWindowsPageSetupDialog@@

.?AVwxWindowsPrintNativeData@@

.?AVwxExecuteModule@@

zcÁ

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\InjectorGadget.exe

GetCPInfo

GetProcessHeap

RegEnumKeyW

RegCreateKeyExW

RegOpenKeyExW

RegCloseKey

RegDeleteKeyW

SetViewportExtEx

SetViewportOrgEx

keybd_event

MsgWaitForMultipleObjects

UnhookWindowsHookEx

SetWindowsHookExA

SetWindowsHookExW

UnregisterHotKey

RegisterHotKey

GetKeyState

GetAsyncKeyState

VkKeyScanW

MapVirtualKeyW

CreateDialogIndirectParamW

5.'  % /&

X?e%F

96C

]<%X`4

|,08(080(00

9=F8%s

$$$$,$( $ $ ($$ ((

($,,4,,,,8<,88\$(,00((4,0

.text

`.rdata

@.data

.rsrc

@.reloc

-Windows

wxWidgets 2.9.2

.*.dll

%s failed with error %d: %s at line %d

wxWebNavigationEvent

Constraints not satisfied for %s named '%s'.

Unknown WM_POWERBROADCAST(%d) event

msw.window.no-clip-children

Don't know how to convert from Windows class

Windows bitmap file

Windows bitmap resource

Returning false from wxICOFileHandler::Load because of the size mismatch: actual (%d, %d), requested (%d, %d)

Failed to load icon from the file '%s'

No small icons found in the file '%s'.

No large icons found in the file '%s'.

Can't load bitmap '%s' from resources! Check .rc file.

This program uses Unicode and requires Windows NT/2000/XP.

cmd.exe

kernel32.dll

Windows icon file

Windows cursor file

Windows animated cursor file

#XXX

rgba(%d, %d, %d, %s)

rgb(%d, %d, %d)

wxColour::Set - couldn't set to colour string '%s'

( %d , %d , %d )

( %d , %d , %d , %

Set last focus to %s(%s)

OnFocus on wxPanel 0x%p, name: %s

Failed to insert the column '%s' into listview!

Ignoring invalid search start position %d in list control with %d items.

%d-%d

wxTextUrlEvent

shlwapi.dll

Unknown edit control '%s'.

RichEditÐ%c

Invalid menu string '%s'

10:55:54

wxWidgets Library (%s port)

Version %d.%d.%d (Unicode: %s, debug level: %d),

compiled at %s %s

Runtime version of toolkit used is %d.%d.

wxKeyEvent

wxNavigationKeyEvent

error code %u

Increasing ref count of ID %d to %d

Decreasing ref count of ID %d to %d

egdi32.dll

Failed to create the tooltip '%s'

uxtheme.dll

msw.staticbox.optimized-paint

msw.staticbox.htclient

corrupted config data: string '%s' is not a valid font encoding info

Adding duplicate image handler for '%s'

log.txt

.GifComment

TGA: image format unsupported.

Invalid key string "%s"

No accel key found, accel string ignored.

Unrecognized accel key '%s', accel string ignored.

Unknown accel modifier: '%s'

msw.remap

wxAutomationObject::ConvertOleToVariant: Unknown variant value type %X -> %X

wxAutomationObject::ConvertOleToVariant: [as yet] unhandled reference %X

unhandled VT_ARRAY type %x in wxConvertOleToVariant

wxIDataObject::QueryGetData: %s unsupported

wxIDataObject::QueryGetData: %s != %s

wxIDataObject::QueryGetData: %s ok

In wxFileDropTarget::OnDrop DragQueryFile returned %d characters, %d expected.

.wxColourDialog

wxPasswordEntryDialog

HHCTRL.OCX

unexpected code %d in TVN_ITEMEXPAND message

application/x-executable

Can't create the notebook page '%s'.

wxWindowsPrinter

wxWindowsPrintPreview

wxWindowsPrintNativeData

wxWindowsPrintDialog

wxWindowsPageSetupDialog

.wxEnhMetaFile

Software\Policies\Microsoft\Windows\Control Panel

GdipGetStringFormatHotkeyPrefix

GdipSetStringFormatHotkeyPrefix

GdipSetImageAttributesColorKeys

GdipGetCustomLineCapStrokeJoin

GdipSetCustomLineCapStrokeJoin

GdipGetPenLineJoin

GdipSetPenLineJoin

GdiplusShutdown

gdiplus.dll

Unexpected NUL length %d

encoding "%s" is not supported by this system

creating conversion for %s

The library used %s,

and %s used %s.

Last repeated message ("%s", %lu times) wasn't output

%s(%p)

Registering module %s

Cleanup module %s

Module "%s" initialized

.wxModule

wxWindows

b\\?\Volume{

Microsoft Windows CE

Microsoft Windows Micro

Microsoft Windows NT

Microsoft Windows 9X

WINDOWS-437

WINDOWS-1257

WINDOWS-1256

WINDOWS-1255

WINDOWS-1254

WINDOWS-1253

WINDOWS-1252

WINDOWS-1251

WINDOWS-1250

WINDOWS-950

WINDOWS-949

WINDOWS-936

WINDOWS-932

WINDOWS-874

WINDOWS-866

WINDOWS

8859-%u

corrupted config data: invalid encoding %ld for charset '%s' ignored

/wxWindows/FontMapper

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

HKEY_PERFORMANCE_DATA

HKEY_USERS

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

RegDeleteKeyEx

._wxExecute_Internal_Class

Failed to stop all wxExecute monitor threads

Failed to set shutdown event in wxExecuteModule

wxExecuteModule

.WNetCloseEnum

mpr.dll

%d/%m/%Y

%m/%d/%Y

%x %X

%X %x

%a %b %d %H:%M:%S %Y

User value for immutable key '%s' ignored.

Can't change immutable entry '%s'.

Failed to load %s.dll

Portuguese (Brazilian)

Portuguese

tail: %s

head: %s

** Adding Line '%s'

** Inserting Line '%s' after '%s'

** Removing Line '%s'

No line entry for Group '%s'?

Removing from group '%s' : '%s'

Removing line for group '%s' : '%s'

text: '%s'

Deleting group '%s' from '%s'

@_/-!.*%

checking parent '%s'

GetGroupLine() for Group '%s'

GetLastEntryLine() for Group '%s'

Setting value %s

Adding Entry %s

Creating group %s

Writing String '%s' = '%s' to Group '%s'

DDE execute request failed

mscoree.dll

KERNEL32.DLL

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

WUSER32.DLL

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):

00.exe:684
netsh.exe:3168
%original file name%.exe:2936
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\ww3_riukuzaki_com[1].htm (9192 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\slave[1].htm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\caf[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\bullet_lime[1].gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\XRHXQXAV.txt (92 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\jquery-1.11.3.custom.min[1].js (31821 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\f[1].txt (25907 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\XPMTF293.txt (97 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\caf[1].js (175500 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\prompt_embed_static[1].js (203236 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\domainpark[1].htm (181 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\slave[1].htm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\injectorgadget[1].htm (719 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\logo_2016_white[1].svg (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\System.exe (120 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\InjectorGadget.exe (7482 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aut7F0E.tmp (1960 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aut7F1E.tmp (9446 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\00.exe (806 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"df26615a887170ce403cbb9682fc8d74" = "C:\Users\"%CurrentUserName%"\AppData\Local\Temp\System.exe .."

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"df26615a887170ce403cbb9682fc8d74" = "C:\Users\"%CurrentUserName%"\AppData\Local\Temp\System.exe .."
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Permalink

Back to the blog

e-mail

Google+

Twitter

Facebook

Trojan.Win32.Swrort.3_f08e82938d

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet

Trojan.Win32.Swrort.3_f08e82938d

E-mail

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet