Trojan.Win32.VobfusVB_28106431d5

by malwarelabrobot on September 25th, 2016 in Malware Descriptions.

Trojan-Downloader.Win32.Upatre.ftqn (Kaspersky), Trojan.Win32.Swrort.3.FD, TrojanVobfusVB.YR (Lavasoft MAS)
Behaviour: Trojan-Downloader, Trojan


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 28106431d5dc7ab08058d2a8da58ca20
SHA1: 03941411086aaabbed7e9e41ab657e54eb0f1af9
SHA256: 955ae91000a0fadc501181704c6e5d8a25af3de01557d814ac983a5fe1ca8899
SSDeep: 49152:LEC2lJmXbj5DIwbQea1LPEyK7r385JD3d6cIWh3xt3HKQ0u4z7BklsS7HUY5T:LEzlkbFDVrQMyOr3S3d6cLh3LS7KWxwT
Size: 3397920 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: IObit
Created at: 2015-02-09 23:57:00
Analyzed on: WindowsXP SP3 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

p11898.exe:136
%original file name%.exe:320

The Trojan injects its code into the following process(es):

keydown01.exe:1308
irsetup.exe:1628

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process keydown01.exe:1308 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\6PA9N5HW\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHUVO16Z\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\6PA9N5HW\normal_bg[1].jpg (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\ZSLJPB2M\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\ZSLJPB2M\appImg[1].jpg (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OXA3G9M3\desktop.ini (67 bytes)

The process irsetup.exe:1628 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\p11898.exe (1568 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\1474055528_Icon_Business_Set_00010_A.ico (1651 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\Font__19312_il6986.mox (10202 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\setup2.mox (192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.dat (99 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\keydown01.mox (5530 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\setup1.mox (53 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\keydown01.exe (11328 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.dat (0 bytes)

The process %original file name%.exe:320 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\lua5.1.dll (1610 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.exe (7972 bytes)

Registry activity

The process keydown01.exe:1308 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "keydown01.exe"

[HKCR\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32]
"(Default)" = "%System%\oleacc.dll"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1474019934"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DA B3 6C 6E 8B 17 1B AC DE 02 3F EE E2 3D 20 67"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process p11898.exe:136 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F1 53 36 F3 85 A5 33 81 FE 7C 8B FC E1 E5 9A 46"

[HKCR\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32]
"(Default)" = "%System%\oleacc.dll"

The process irsetup.exe:1628 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Video" = ""
"Fonts" = "%WinDir%\Fonts"
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"
"Common Documents" = "%Documents and Settings%\All Users\Documents"
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "33 08 A1 E3 98 C8 BB E1 EF 02 B6 3E 3C D9 F5 72"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

The process %original file name%.exe:320 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "59 5A 06 A9 78 B8 E8 BE DE 94 C2 5D 6F 65 CE 09"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\_ir_sf_temp_0]
"irsetup.exe" = "Setup Application"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Dropped PE files

MD5 File path
9bdcf813d65265255b820bc7a704da3c c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\_ir_sf_temp_0\irsetup.exe
c3f5f4a1fb69b5889f0bbb313cf6017f c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\_ir_sf_temp_0\lua5.1.dll
22e9bd995507458e1d38096dabea3b0c c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\keydown01.exe
84e07792f066ba005a7877f1a267d365 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\p11898.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name: Setup Factory Runtime
Product Version: 9.5.0.0
Legal Copyright: Setup Engine Copyright (c) 2004-2015 Indigo Rose Corporation
Legal Trademarks: Setup Factory is a trademark of Indigo Rose Corporation.
Original Filename: suf_launch.exe
Internal Name: suf_launch
File Version: 9.5.0.0
File Description: Setup Application
Comments: Created with Setup Factory
Language: English (United States)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 22296 22528 4.47735 c76b9ce587690b8a39ba7840b7dd540c
.rdata 28672 11906 12288 3.44864 e96aa4f970e6f6799910a72904df3100
.data 40960 6504 3072 1.79291 e504fdbba062ee9bbd9ac425a4f5c0f5
.rsrc 49152 388200 388608 1.62572 a358e37a45cf702d2a7e83857691e113
.reloc 438272 4242 4608 2.5731 a88bdb6f651ecf67b1b3db4a2866ea4e

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://wrenge.sodestiff.bid/h_redir.php?offer_id=4&aff_id=2075&source=1911&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=1341349918&url=http://wrenge.sodestiff.bid/offer.php?affId={aff_id}&trackingId=107654786&instId=1911&ho_trackingid={transaction_id}&cc={country_code}&cc_typ=ho&sb=x86&wv=xpsp3&db=InternetExplorer&uac=1&cid=707569c4c57c87d53171d83f71777ffd&v=2 52.85.185.80
hxxp://fold.ymeatburnt.bid/aff_c?offer_id=4&aff_id=1104&source=1092&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=1407399882&url=http://wrenge.sodestiff.bid/offer.php?affId={aff_id}&trackingId=107654786&instId=1092&ho_trackingid={transaction_id}&cc={country_code}&cc_typ=ho&sb=x86&wv=xpsp3&db=InternetExplorer&uac=1&cid=707569c4c57c87d53171d83f71777ffd&v=2 52.49.84.66
hxxp://wrenge.sodestiff.bid/offer.php?affId=1104&trackingId=107654786&instId=1092&ho_trackingid=102e49d1c6fab2f5d1f79695d882a2&cc=UA&cc_typ=ho&sb=x86&wv=xpsp3&db=InternetExplorer&uac=1&cid=707569c4c57c87d53171d83f71777ffd&v=2 52.85.185.80
hxxp://big.listbroadcasted.bid/installer.php?affId=1104&instId=1092&ho_trackingid=102e49d1c6fab2f5d1f79695d882a2&trackingId=107654786&cc=UA&uac=1&cid=707569c4c57c87d53171d83f71777ffd&v=2 52.85.185.84
hxxp://tiny.mimicryunscrape.bid/installer.php?affId=1104&instId=1092&ho_trackingid=102e49d1c6fab2f5d1f79695d882a2&trackingId=107654786&cc=UA&uac=1&cid=707569c4c57c87d53171d83f71777ffd&v=2 54.88.21.193
hxxp://d2adi7hu49xk5t.cloudfront.net/appImg.jpg 52.85.185.165
hxxp://d2adi7hu49xk5t.cloudfront.net/normal_bg.jpg 52.85.185.165
hxxp://tiny.mimicryunscrape.bidhxxp://tiny.mimicryunscrape.bid/installer.php?affId=1104&instId=1092&ho_trackingid=102e49d1c6fab2f5d1f79695d882a2&trackingId=107654786&cc=UA&uac=1&cid=707569c4c57c87d53171d83f71777ffd&v=2 54.88.21.193
hxxp://big.listbroadcasted.bidhxxp://big.listbroadcasted.bid/installer.php?affId=1104&instId=1092&ho_trackingid=102e49d1c6fab2f5d1f79695d882a2&trackingId=107654786&cc=UA&uac=1&cid=707569c4c57c87d53171d83f71777ffd&v=2 52.85.185.84
hxxp://wrenge.sodestiff.bidhxxp://wrenge.sodestiff.bid/h_redir.php?offer_id=4&aff_id=2075&source=1911&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=1341349918&url=http://wrenge.sodestiff.bid/offer.php?affId={aff_id}&trackingId=107654786&instId=1911&ho_trackingid={transaction_id}&cc={country_code}&cc_typ=ho&sb=x86&wv=xpsp3&db=InternetExplorer&uac=1&cid=707569c4c57c87d53171d83f71777ffd&v=2 52.85.185.80
hxxp://wrenge.sodestiff.bidhxxp://wrenge.sodestiff.bid/offer.php?affId=1104&trackingId=107654786&instId=1092&ho_trackingid=102e49d1c6fab2f5d1f79695d882a2&cc=UA&cc_typ=ho&sb=x86&wv=xpsp3&db=InternetExplorer&uac=1&cid=707569c4c57c87d53171d83f71777ffd&v=2 52.85.185.80
hxxp://fold.ymeatburnt.bidhxxp://fold.ymeatburnt.bid/aff_c?offer_id=4&aff_id=1104&source=1092&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=1407399882&url=http://wrenge.sodestiff.bid/offer.php?affId={aff_id}&trackingId=107654786&instId=1092&ho_trackingid={transaction_id}&cc={country_code}&cc_typ=ho&sb=x86&wv=xpsp3&db=InternetExplorer&uac=1&cid=707569c4c57c87d53171d83f71777ffd&v=2 52.49.84.66


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /appImg.jpg HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: d2adi7hu49xk5t.cloudfront.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 4628
Connection: keep-alive
Date: Sat, 20 Aug 2016 19:30:09 GMT
Last-Modified: Mon, 13 Jun 2016 11:29:06 GMT
ETag: "ba6c4124ad5d33528fe1d609e6ac1ff0"
Accept-Ranges: bytes
Server: AmazonS3
Age: 11199
X-Cache: Hit from cloudfront
Via: 1.1 ecc0c6e7bd06eacf696003aa79e1e25a.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 5bzH5KzToxAY7Edk9r-IDIDc1nY2aRy7VzxAFzGsK6VAJ7APlzPU0A==
......Exif..II*.................Ducky.......<.....3hXXp://ns.adobe.
com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?&g
t; <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-
c011 66.146729, 2012/05/03-13:40:03        "> <rdf:RDF xmlns:rdf
="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description
 rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="ht
tp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.
0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop Elements 12.0 W
indows" xmpMM:InstanceID="xmp.iid:E39F75D6F49A11E4B7DAEACD8AA72C6E" xm
pMM:DocumentID="xmp.did:E39F75D7F49A11E4B7DAEACD8AA72C6E"> <xmpM
M:DerivedFrom stRef:instanceID="xmp.iid:E39F75D4F49A11E4B7DAEACD8AA72C
6E" stRef:documentID="xmp.did:E39F75D5F49A11E4B7DAEACD8AA72C6E"/> &
lt;/rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpack
et end="r"?>....Adobe.d............................................
......................................................................
...............................K.G....................................
....................................................!..1AQa.."R.T.q24D
.%...B#dEU'.bSc.5u&C$t.67(.....................!1AQa..."2BR.q...b....r
S.......#............?.<fnfHr.B..v.......ddD.P.Q5.(.(t.....%.KH....
,[email protected].|?..4G.....[......b.......).4_....=.<.....o.....}....6..3
D....w........u.{..e.(...yN..f..sr......}...G.o......G\...-TBL.<fex
.=.;...u.;..vO6..}.:p...^"x...G.s...k.=....../.t....xg.4O..^..e..z
<<< skipped >>>


GET hXXp://wrenge.sodestiff.bid/offer.php?affId=1104&trackingId=107654786&instId=1092&ho_trackingid=102e49d1c6fab2f5d1f79695d882a2&cc=UA&cc_typ=ho&sb=x86&wv=xpsp3&db=InternetExplorer&uac=1&cid=707569c4c57c87d53171d83f71777ffd&v=2 HTTP/1.1
Host: wrenge.sodestiff.bid
Connection: close
Accept: */*
User-Agent: InstallCapital


HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 536
Connection: close
Server: Microsoft-IIS/8.5
X-Powered-By: PHP/5.3.28
Date: Fri, 23 Sep 2016 22:53:21 GMT
X-Cache: Miss from cloudfront
Via: 1.1 e15344e351ae77fef306bf70353d7fc3.cloudfront.net (CloudFront)
X-Amz-Cf-Id: FCNqa3nJ-e67AAhj0hjkJpiO6Uu6qayeWi9TlTqBSLckK5LnxclJDg==
.zc...x... 9...\.......=..u..F......B.......{.FI.bN..F?T........-d.ck.
$.\u0D.[...!..4.f.......S..S0.w.0Cf...2.B.H.Z.>..B.....4..W.i......
io....D#.c./.3.i..k.jBk...\..u.#i.([email protected]..
..n"9.v....q..8.0*[email protected]..._e..HE\.\.>.....(...c...p.
3.=Vc.hP....N.!...`...Hy....gan..|.t{.A.....C.T....cei... ...T......gn
.Jr.J.v(..J.w...dW..wQ..N.9.Ub1..{.h&...."............g.!...:.....8K.&
gt;M.I...o...k....7...#....\..x._.3o.x.X...........mnU...d....qF..5@..
......wn.|H.)4x.*..........x.d.wXnY...........`$.........



POST hXXp://big.listbroadcasted.bid/installer.php?affId=1104&instId=1092&ho_trackingid=102e49d1c6fab2f5d1f79695d882a2&trackingId=107654786&cc=UA&uac=1&cid=707569c4c57c87d53171d83f71777ffd&v=2 HTTP/1.1
Host: big.listbroadcasted.bid
Connection: close
Accept: */*
User-Agent: InstallCapital
Content-Type: application/x-www-form-urlencoded
Content-Length: 42

cid=707569c4c57c87d53171d83f71777ffd&uac=1
HTTP/1.1 403 Forbidden
Server: CloudFront
Date: Fri, 23 Sep 2016 22:53:46 GMT
Content-Type: text/html
Content-Length: 689
Connection: close
X-Cache: Error from cloudfront
Via: 1.1 8ff9b0151b7c5246d93b7f7c2c33d122.cloudfront.net (CloudFront)
X-Amz-Cf-Id: NJUnNJk2RJg6vx1P0vpfIBTX6sh-bIhh3Y_IY55xe9SMR4gbqFebsw==
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "htt
p://VVV.w3.org/TR/html4/loose.dtd">.<HTML><HEAD><MET
A HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
;.<TITLE>ERROR: The request could not be satisfied</TITLE>
.</HEAD><BODY>.<H1>ERROR</H1>.<H2>The re
quest could not be satisfied.</H2>.<HR noshade size="1px">
.This distribution is not configured to allow the HTTP request method 
that was used for this request. The distribution supports only cachabl
e requests..<BR clear="all">.<HR noshade size="1px">.<P
RE>.Generated by cloudfront (CloudFront).Request ID: NJUnNJk2RJg6vx
1P0vpfIBTX6sh-bIhh3Y_IY55xe9SMR4gbqFebsw==.</PRE>.<ADDRESS>
;.</ADDRESS>.</BODY></HTML>..



GET hXXp://fold.ymeatburnt.bid/aff_c?offer_id=4&aff_id=1104&source=1092&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=1407399882&url=http://wrenge.sodestiff.bid/offer.php?affId={aff_id}&trackingId=107654786&instId=1092&ho_trackingid={transaction_id}&cc={country_code}&cc_typ=ho&sb=x86&wv=xpsp3&db=InternetExplorer&uac=1&cid=707569c4c57c87d53171d83f71777ffd&v=2 HTTP/1.1
Host: fold.ymeatburnt.bid
Connection: close
Accept: */*
User-Agent: InstallCapital


HTTP/1.1 302 Found
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=iso-8859-1
Date: Fri, 23 Sep 2016 22:53:46 GMT
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Location: hXXp://wrenge.sodestiff.bid/offer.php?affId=1104&trackingId=107654786&instId=1092&ho_trackingid=102e49d1c6fab2f5d1f79695d882a2&cc=UA&cc_typ=ho&sb=x86&wv=xpsp3&db=InternetExplorer&uac=1&cid=707569c4c57c87d53171d83f71777ffd&v=2
P3P: CP="NOI CUR OUR NOR INT"
Pragma: no-cache
Server: nginx/1.7.9
Set-Cookie: enc_aff_session_4=ENC02964-102e49d1c6fab2f5d1f79695d882a2-1104-4-0-0-0-0-UA-0-31303932-_-_-_-_-31343037333939383832-194.242.96.218-20160923185346-_-313963650A156562022D6B4540646F7D6F246521735D6E467403741F6650424A1369433D72470C3018; expires=Sun, 23 Oct 2016 22:53:46 GMT; path=/;
Set-Cookie: ho_mob=eyJtb2JpbGVfY2FycmllciI6Ij8iLCJ1c2VyX2FnZW50IjoiSW5zdGFsbENhcGl0YWwiLCJjb25uZWN0aW9uX3NwZWVkIjoiYnJvYWRiYW5kIn0=; expires=Mon, 19 Aug 2019 09:33:46 GMT; path=/;
tracking_id: 102e49d1c6fab2f5d1f79695d882a2
X-Robots-Tag: noindex, nofollow
Content-Length: 453
Connection: Close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>302 Found</title>.</head><body
>.<h1>Found</h1>.<p>The document has moved <a 
href="hXXp://wrenge.sodestiff.bid/offer.php?affId=1104&trackingId=
107654786&instId=1092&ho_trackingid=102e49d1c6fab2f5d1f79695d8
82a2&cc=UA&cc_typ=ho&sb=x86&wv=xpsp3&db=InternetEx
plorer&uac=1&cid=707569c4c57c87d53171d83f71777ffd&v=2">
here</a>.</p>.</body></html>...
<<< skipped >>>


GET /normal_bg.jpg HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: d2adi7hu49xk5t.cloudfront.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 26781
Connection: keep-alive
Date: Sat, 02 Jul 2016 00:56:28 GMT
Last-Modified: Mon, 13 Jun 2016 11:29:07 GMT
ETag: "b5b0ebe137c0293f816eaac3de2b4e51"
Accept-Ranges: bytes
Server: AmazonS3
Age: 38097
X-Cache: Hit from cloudfront
Via: 1.1 55bf5f93fad6af1fd2ee6a7f298862b0.cloudfront.net (CloudFront)
X-Amz-Cf-Id: Q02pPH1Xs6zTfruEjlYlIv8ZqxPh0YNJt1GXyyDfNRfK5vG8gWhxCw==
......Exif..II*.................Ducky.......<.....3hXXp://ns.adobe.
com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?&g
t; <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-
c011 66.146729, 2012/05/03-13:40:03        "> <rdf:RDF xmlns:rdf
="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description
 rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="ht
tp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.
0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop Elements 12.0 W
indows" xmpMM:InstanceID="xmp.iid:889F23E5F49B11E4A1FBA1E3C36AE7EE" xm
pMM:DocumentID="xmp.did:889F23E6F49B11E4A1FBA1E3C36AE7EE"> <xmpM
M:DerivedFrom stRef:instanceID="xmp.iid:889F23E3F49B11E4A1FBA1E3C36AE7
EE" stRef:documentID="xmp.did:889F23E4F49B11E4A1FBA1E3C36AE7EE"/> &
lt;/rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpack
et end="r"?>....Adobe.d............................................
......................................................................
.................................E....................................
................................................!.1AQa...q.....2R..u.7
...."...U..B.....5.b..%4Tte'r.E..#$D......................!1."AQ2.a..B
R.q...b.#3.....r......S......C.............?....j9...n..OK....xr...8..
q.C..o..k.k..L[3...v....z.zqNi(...T..#.mJ..TU.....SYi.U.-[NJ9..e.IU.;.
k.KY...Rm..{.....K...M..D.b...E.;.k.K[..#&.kG.....F..........k~p., ...
.J. .0...K-7.(..m..2q...1.}.V.1l...U........E.....*..5..fi.Oe.{...
<<< skipped >>>


POST hXXp://tiny.mimicryunscrape.bid/installer.php?affId=1104&instId=1092&ho_trackingid=102e49d1c6fab2f5d1f79695d882a2&trackingId=107654786&cc=UA&uac=1&cid=707569c4c57c87d53171d83f71777ffd&v=2 HTTP/1.1
Host: tiny.mimicryunscrape.bid
Connection: close
Accept: */*
User-Agent: InstallCapital
Content-Type: application/x-www-form-urlencoded
Content-Length: 42

cid=707569c4c57c87d53171d83f71777ffd&uac=1
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.5
X-Powered-By: PHP/5.3.28
Date: Fri, 23 Sep 2016 22:53:22 GMT
Connection: close
Content-Length: 37048
.8..b....F.gn%.>........f.>c.....%R:[email protected].<.
4..n.... .#.Y).....E....5Y..ai<.S.......\..<.r!..tl...p...2c..=.
........;w.....Q...}.aC.>qFlq...R.U.q....<.t........(.t.x.......
.:....Y......{*,.~.l)...b._.IK.sml.E..R..OGz..b.........\1...#....m7..
..n4......\._.....]...[...)7.K...s..".($qO..D.. ..Tj......q..z...N...7
..Q .#l.Z|..R..-R\.../'.Xx...o....n)..VU........Ws.ok.......I...1. ...
...i..we.{..&.0 Y...%`<.SW.O.....F..#..1 .........g...}3*.N.Ha...F#
...<.IX...K.xY..jU/.....B.._..uki[t...a..6.XIU-....2D.d....s.n.^..i
.$.r/...g....F......"|.W.1.O.......N.......gN.I..P2eB...7...>.^.P.I
.\.n......8h..9.^vb.Is..."P.2..d...WAP.. k..w.Wi-..o...aDl.WCJ./... ..
.A.Vb..X.P7 ..L..._W.I....W...;w....P7G.H8.8..1.3.C}.R......).....S.pA
|....kN.......J..........5.r............../e.X.Ze......t)..)...,.e....
s....@:..._t2.."f6..O...........\C..U..@....&m.~&{..... k...g.F..T....
0...vY...S..~..b<..u.$.y?VR8o.....i.'....b.yc..,....>9..5.9.<
C....... .U..3....j..UE..e.....o.W.bF..<...RRtk..=.v=d...O.\.@.....
*].y...X.]...8.....6.2..4Io. XGE[....R/r..R..._O.0C.......?....f.. E.6
.....K.x.L7,R.z$..v......J.._.......o.5I..<..rW.*?<.a"=..>8Q.
........r.....0zdS...p............(U..w.!~.....jg......KA......3..cq@5
n........j.3(....".M...@[email protected]
..B........R...D...;.;'C.......p..9.y...Q..-......F.Q..\..k.........Y.
...LyD.........\:!.......'..L...'d.=t...}Z."'h..D..p.././...Qg..x$l...
...b..h....P.=|...9s.z......ex.I|J.....7.......p.-N..2.\.1...]....
<<< skipped >>>


GET hXXp://wrenge.sodestiff.bid/h_redir.php?offer_id=4&aff_id=2075&source=1911&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=1341349918&url=http://wrenge.sodestiff.bid/offer.php?affId={aff_id}&trackingId=107654786&instId=1911&ho_trackingid={transaction_id}&cc={country_code}&cc_typ=ho&sb=x86&wv=xpsp3&db=InternetExplorer&uac=1&cid=707569c4c57c87d53171d83f71777ffd&v=2 HTTP/1.1
Host: wrenge.sodestiff.bid
Connection: close
Accept: */*
User-Agent: InstallCapital


HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
Content-Length: 597
Connection: close
Location: hXXp://fold.ymeatburnt.bid/aff_c?offer_id=4&aff_id=1104&source=1092&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=1407399882&url=http://wrenge.sodestiff.bid/offer.php?affId={aff_id}&trackingId=107654786&instId=1092&ho_trackingid={transaction_id}&cc={country_code}&cc_typ=ho&sb=x86&wv=xpsp3&db=InternetExplorer&uac=1&cid=707569c4c57c87d53171d83f71777ffd&v=2
Server: Microsoft-IIS/8.5
X-Powered-By: PHP/5.3.28
Date: Fri, 23 Sep 2016 22:53:21 GMT
X-Cache: Miss from cloudfront
Via: 1.1 6625a25624e2ac55fd07e02ce5789976.cloudfront.net (CloudFront)
X-Amz-Cf-Id: FVBoOCAjclRgvHjNj27Gojm9F2oiHbR5NsscJCnL11OsNq4ShpiUsA==
<head><title>Document Moved</title></head>.<
;body><h1>Object Moved</h1>This document may be found &
lt;a HREF="hXXp://fold.ymeatburnt.bid/aff_c?offer_id=4&aff_id=1104
&source=1092&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4
=&aff_sub5=1407399882&url=http://wrenge.sodestiff.bid/of
fer.php?affId={aff_id}&trackingId=107654786&instId
=1092&ho_trackingid={transaction_id}&cc={coun
try_code}&cc_typ=ho&sb=x86&wv=xpsp3&db=InternetEx
plorer&uac=1&cid=707569c4c57c87d53171d83f71777ffd&v=2">
here</a></body>..

The Trojan connects to the servers at the folowing location(s):

%original file name%.exe_320:

.text
`.rdata
@.data
.rsrc
@.reloc
Advapi32.dll
lua5.1.dll
irsetup.exe
Could not determine a temp directory name. Try running setup.exe /T:<Path>
c:\temp
%s\irsetup.exe
%s%s_%d
"__IRSID:%s"
"__IRCT:%d"
"__IRAFN:%s"
GetProcessWindowStation
operator
KERNEL32.dll
MsgWaitForMultipleObjects
USER32.dll
ADVAPI32.dll
ShellExecuteExA
SHELL32.dll
GetCPInfo
c:\%original file name%.exe
! !!565665@
version="9.5.0.0"
name="setup.exe"/>
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
<!-- Windows Vista Support -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!-- Windows 7 Support -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<!-- Windows 8 Support -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<!-- Windows 8.1 Support -->
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<!-- Windows 10 Support -->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
7%7S7v7|7
mscoree.dll
@KERNEL32.DLL
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
WUSER32.DLL
9.5.0.0
suf_launch.exe

irsetup.exe_1628:

`.rsrc
t%SSSS
9=@%u
SSSSh
t%SWV
u)SSh
u)SShd
TSShX
@ SSh
u%SSSV
SSShT
SSSh`
9^$u&SSSSh?
9^$u SSSSh?
9^$u)SSSSh?
|SShF
t2SSh
Ht.Ht S
FLSSh
NLhD%u
GLSSh
GXSSh
FpSSh
FtSSh
G`SSh
.WWWW
Nt.Nt
t'SShl
u$SShe
@ SSHPWj
tFHt:Ht.Ht"Hu`
tWSShW
tl9_ tgSSh
tAHt.HHt
j%XtL9E
<SShG
FtPW
SSh@B
FTCP
u.Ph,
.FG;}
FTPQ
FTPh
V SShW
O SSh
O SSh,
kernel32.dll
%s (%s:%d)
c:\Program Files\Microsoft Visual Studio 10.0\VC\atlmfc\include\afxwin1.inl
MSG_ERROR
%s %d. %s
MSG_ASK_FOR_DISK
MSG_NEW_LOCATION
MSG_CONFIRM_ABORT
MSG_CONFIRM
A%s%s%s.%d
%s.%d
%s, Line %d: %s
File condition evaluation for file "%s"
msi.dll
\msi.dll
Software\Microsoft\Windows\CurrentVersion\Installer
C:\temp\SUF_SFX_TEST\
MSG_INITIALIZING
16670749
_IgnoreInvalidCertificate
SetEntriesInAcl Error %u
SetNamedSecurityInfo Error %u
*.gif
*.tif
*.tga
*.png
*.pcx
*.jpg
*.bmp
[%d]: %s
*** LOCATION: %s
__NOREPORT__
in function <%s:%d>
in function '%s'
Line: %d
%d: [%s]
Script: %s, %s (%s)
__ir_eval_value = %s;
c:\Program Files\Microsoft Visual Studio 10.0\VC\atlmfc\include\afxwin2.inl
%Copyright%. All rights reserved. %CompanyURL%
WindowStyle
MainWindowSettings
%s at offset %d unterminated
Incorrect %s at offset %d
Element '%s' at offset %d not ended
End tag '%s' at offset %d does not match start tag '%s' at offset %d
No start tag for end tag '%s' at offset %d
%s%d bytes
%s%d wide chars to %d bytes
%d bytes to %s%d wide chars
MSG_SEARCH_FILE
(*.*)|*.*||
MSG_SEARCH_ALL
MSG_SEARCH_MASK
MSG_INSERTDISK
MSG_CANCEL
MSG_OK
MSG_BROWSE
MSG_PATH
Windows Server 10
Windows 10
Windows Server 2012 R2
Windows 8.1
Windows Server 2012
Windows 8
Windows Server 2008 R2
Windows 7
Windows Server 2008
Windows Vista
Windows Server 2003
Windows XP
CPasswordData
-- Defined in _SUF70_Global_Functions.lua
number e_ErrorCode, string e_ErrorMsgID
%TempFolder%\%ProductName% Setup Log.txt
%StartupFolder%
%StartFolder%
%StartProgramsFolder%
ÞsktopFolder%
%s\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
%CommonFilesFolder%\Microsoft Shared\DAO
Software\Microsoft\Shared Tools\DAO350.dll
Software\Microsoft\Shared Tools\DAO360.dll
ÚOPath%
Software\Microsoft\Windows NT\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
%SourceFolder%
%SystemDrive%
_WindowsFolder
%WindowsFolder%
%SystemFolder%
%CommonFilesFolder%
%CommonFilesFolder64%
%CommonProgramW6432%
%CommonDocumentsFolder%
%StartupFolderCommon%
%StartProgramsFolderCommon%
%StartFolderCommon%
%FontsFolder%
ÞsktopFolderCommon%
;?;?.lua
UninstallSupportFiles
CPRegKey
Run extra uninstall script: %d
Original: %d
Calculated: %d
Unable to open archive file: %d
lua5.1.dll
%SourceDrive%
%SourceFilename%
\irsetup.dat
{D387204B-8FB9-6A21-15FA-0CD14BF40EA9}
Support file added to uninstall list:
Registry key added to uninstall list:
Removed! %d
IDispatch error #%d
Error 0xx: %s
Register font: %s, %s
%sbk%d
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
Remove uninstall support file:
MSG_NO
MSG_YES_TOALL
MSG_YES
MSG_UNINSTALL_OK_REMOVE
MSG_UNINSTALL_NO_APP_USE
MSG_UNINSTALL_REMOVE_SHARED
Decrement shared file count: %s (New count = %d)
SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
: %s (#%d)
Global include script: %s
RegisterTypeLib: %s
RegisterTypeLib failure reason: %s
RegisterTypeLib: %s - %s
Register COM file: %s
Register COM failure reason: %s
Register COM file: %s - System Error # %u
Register COM file on reboot: %s
regsvr32.exe /s %s
SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Increment usage count: %s
Increment usage count: %s (New count = %d)
%s\%s
%s (%d)
\irsetup.skin
local e_Stage = %d;local e_CurrentItemText=[==[%s]==];local e_CurrentItemPct=%d;local e_StagePct=%d;
MSG_SYSREQ_WARN
MSG_NOTICE
MSG_SYSREQ_ABORT
%s: %s
MSG_SYSREQ_USERPERMISSION
MSG_SYSREQ_SYSTEMADMIN
MSG_SYSREQ_COLORDEPTH
MSG_BITSPERPIXEL
MSG_SYSREQ_SCREENHEIGHT
%s: %d
MSG_SYSREQ_SCREENWIDTH
%s: %d %s
MSG_SYSREQ_RAM
MSG_SIZE_MEGABYTES
Operating System
MSG_SYSREQ_OS
MSG_OS_PART_ORNEWER
MSG_OS_PART_NOSERVPACK
MSG_OS_PART_SERVPACK
MSG_OS_PART_SE
MSG_OS_PART_C
MSG_OS_PART_B
MSG_OS_PART_A
MSG_OS_ALL
MSG_OS_NONE
MSG_OS_WSRV10
MSG_OS_W10
MSG_OS_WSRV2012_R2
MSG_OS_W8_1
MSG_OS_WSRV2012
MSG_OS_W8
MSG_OS_WSRV2008_R2
MSG_OS_W7
MSG_OS_WSRV2008
MSG_OS_WVISTA
MSG_OS_WSRV2003
MSG_OS_WXP
MSG_OS_UNKNOWN
MSG_SYSREQ_NOTMET
%s %d %s
MSG_EXP_USESLEFT
MSG_EXP_USESLEFT2
%s %I64d %s
MSG_EXP_DAYSLEFT
MSG_EXP_DAYSLEFT2
Software\Microsoft\Windows\CurrentVersion\I652R9823\
MSG_EXP_CONTACT_START
Run project event: %s
local e_ErrorCode=%d; local e_ErrorMsgID = "%s"
Start project event: %s
MSG_UNINSTALLFILE_NOREMOVE
MSG_UNINSTALLFILE_INUSE
%s (%s: %u)
\WININIT.INI
MSG_FILE_EXISTS_INUSE
MSG_FILE_EXISTS_RETRY
MSG_FILE_EXISTS_ANY
MSG_FILE_EXISTS_NEWER
MSG_FILE_OVERWRITE_CONFIRM
%s\%s.lnk
%s (Return code: %d)
Product: %s, version %s
MSG_SEEKING
%s (%d):
Arc: %s
FN: %s
%s (#%d)
MSG_SKIPPING
MSG_INSTALLING
MSG_PROG_UNINSTALL_CREATECONTROLFILE
ERR_CREATEUNINSTALL_OPEN_EXE_READ
ERR_CREATEUNINSTALL_OPEN_EXE_WRITE
Overwrite uninstall executable:
Existing uninstall executable is newer. Will not overwrite.
Compared uninstall file versions. New: %s Old: %s Result: %d
Uninstall executable already exists: %s
MSG_PROG_UNINSTALL_CREATEEXE
@MSG_PROG_UNINSTALL_CREATEDATFILE
MSG_PROG_UNINSTALL_CREATEFOLDER
"/U:%s"
MSG_PROG_UNINSTALL_CREATESC
Create uninstall CP entry key
ERR_CREATEUNINSTALL_CREATEREGKEY
"%s",%d
Uninstall CP entry: URLUpdateInfo =
URLUpdateInfo
Uninstall CP entry: URLInfoAbout =
URLInfoAbout
"%s" "/U:%s"
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
MSG_PROG_UNINSTALL_CREATECPENTRY
MSG_PROG_UNINSTALL_COPYSUPPORTFILES
MSG_PROG_UNINSTALL_COPYPLUGINS
%s %s
MSG_REQUIRED_DRIVE
MSG_AVAILABLE_DRIVE
Dependency Detection Passed
MSG_PROG_CHECKING_DRIVESPACE
MSG_PROG_CHECKING_FILES
%A, %B %d, %Y
[%s] %s
%m/%d/%Y %H:%M:%S
MsgFile
ERR_MSI_PATCH_REMOVAL_UNSUPPORTED
ERR_MSI_PATCH_PACKAGE_UNSUPPORTED
ERR_MSI_INSTALL_PLATFORM_UNSUPPORTED
ERR_MSI_UNSUPPORTED_TYPE
ERR_MSI_INSTALL_LANGUAGE_UNSUPPORTED
ERR_SERVER_FILE_DOWNLOAD_SET_PROXY_PASSWORD
ERR_SERVER_FILE_DOWNLOAD_OPEN_FTP_FILE
ERR_SERVER_FILE_DOWNLOAD_OPEN_HTTP_FILE
ERR_ODBC_INVALID_KEYWORD_VALUE
ERR_WEB_503
ERR_WEB_500
ERR_WEB_404
ERR_WEB_403
ERR_WEB_400
ERR_WEB_SET_PROXY_PASSWORD
ERR_WEB_SET_PROXY_USERNAME
ERR_WEB_WRITE_MEMORY
ERR_WEB_FTP_FILE_OPEN
ERR_WEB_USER_ABORT
ERR_WEB_FILE_WRITE
ERR_WEB_DOWNLOAD_FILE_ERROR
ERR_WEB_INVALID_HTTP_RESPONSE
ERR_WEB_DESTINATION_FILE_OPEN
ERR_WEB_SEND_REQUEST
ERR_WEB_OPEN_REQUEST
ERR_WEB_CREATE_HTTP_CONNECTION
ERR_WEB_CREATE_INTERNET_SESSION
ERR_REG_GET_SUB_KEY_NAME
ERR_REG_NON_EXISTANT_SUB_KEY
ERR_REG_DELETE_KEY
ERR_REG_CREATE_KEY
ERR_FILE_EXECUTION_FAILED_ELEVATION
ERR_KEY_RUN_ON_REBOOT_FAILED
ERR_USER_ABORTED_OPERATION
ERR_NON_EXISTANT_VIEWER_EXE
ERR_FILE_EXECUTION_FAILED
ERR_SPECIFIED_EXE_FILE_INVALID
MSG_SUCCESS
Language set: Primary = %d, Secondary = %d
%CompanyURL%
%CompanyName%
UxTheme.dll
%Copyright% %CompanyName%. All rights reserved. %CompanyURL%
%TempFolder%\%ProductName% Uninstall Log.txt
%CompanyName% Support Department
%AppFolder%\uninstall.exe
uninstall.xml
CWebBrowser2
Confirm Operation
KERNEL32.DLL
PSAPI.DLL
Kernel32.dll
WS2_32.DLL
Copying "%s"
"%s" %s
%d.%d.%d.%d
\StringFileInfo\xx\ProductVersion
\StringFileInfo\xx\PrivateBuild
Sfc.dll
.bak%d
Windows ME
Windows 98
Windows 95
Windows 2000
Windows NT 4
Windows NT 3
%s\shell\open\command
NUL=%s
Software\Microsoft\Windows NT\CurrentVersion\Fonts
Software\Microsoft\Windows\CurrentVersion\Fonts
***!!!***@@
Advapi32.dll
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
%s\%s.url
%s\%s.pif
srclient.dll
%s_%d
%s\_ir_tmpfnt_%d
/\:*?"<>|
%%x
d:d
WinINet.dll
Could not create Internet session: %u
Error downloading file: %u
Error writing the destination file: %d-%u
Could not create HTTP connection: %u
Could not create HTTP connection
Incorrect HTTP status returned by server: %d
Send request failed: %u
Content-Type: application/x-www-form-urlencoded
Could not open HTTP file: %s
PTF://
hXXps://
hXXp://
%s; DIRECT
jsproxy.dll
DetectAutoProxyUrl
wininet.dll
Could not HTTP file: %u
MSG_STATUS_HANDLE_CREATED
MSG_STATUS_HANDLE_CLOSING
MSG_STATUS_REQUEST_COMPLETE
MSG_REDIRECTING
MSG_CONNECTION_CLOSED
MSG_RESOLVING_HOST_NAME
MSG_HOST_NAME_RESOLVED
MSG_CONNECTING_TO_SERVER
MSG_CONNECTED_TO_SERVER
MSG_CLOSING_CONNECTION
MSG: %d
TRACE: LastError = %d ("%s")
Script: %s, %s
Script: %s, Line %d
All Files (*.*)|*.*|
PasswordInput
MSG_MOVING
MSG_COPYING
MSG_FROM
MSG_TO
MSG_DELETING
MSG_SEARCHING
\StringFileInfo\xx\SpecialBuild
\StringFileInfo\xx\OriginalFilename
\StringFileInfo\xx\Comments
\StringFileInfo\xx\LegalTrademarks
\StringFileInfo\xx\LegalCopyright
\StringFileInfo\xx\ProductName
\StringFileInfo\xx\InternalName
\StringFileInfo\xx\FileDescription
\StringFileInfo\xx\CompanyName
ErrorMsg
%Y-%m-%dT%H:%M:%S
MSG_INSTALL_DO_YOU_WANT_OVERWRITE
MSG_INSTALL_ALWAYS_ASK_OVERWRITE_MSG
MSG_INSTALL_FILE_OLDER_MSG
OpenURL
\msiexec.exe
RunMsiexec
SQLInstallerError
SQLRemoveDriverManager
odbccp32.dll
SQLConfigDataSource
SQLInstallDriverEx
SQLInstallDriverManager
SQLRemoveDriver
\Kernel32.dll
GetKeyNames
DoesKeyExist
DeleteKey
CreateKey
ShortcutKey
keycode
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
MSG_SIZE_BYTES
P?MSG_SIZE_KILOBYTES
>MSG_SIZE_GIGABYTES
xxxxxx
%s-%s-%s
%s/%s/%s
%s:%s:%s
%d:%s:%s AM
%d:%s:%s PM
MSG_REBOOT_FAILED
WININET.DLL
PPassword
Password
%s %s %s %s (%0.2f %s)
%0.1f %s/%0.1f %s
%I64u %s/%I64u %s
MSG_KB_PER_SEC
MSG_ESTIMATED_TIME_LEFT
MSG_SAVING
MSG_DOWNLOADING
%s %s %s %s
MSG_QUERYING_INTERNET
MSG_READING
GetHTTPErrorInfo
%s > %s
number e_CtrlID, number e_MsgID, table e_Details
Removed: %s
local e_CtrlID=%d; local e_MsgID=%d;
Button%d
Check%d
ComboBox%d
Edit%d
Space available on selected drive: %SpaceAvailable%
Space required: %SpaceRequired%
Error: The specified file: '%s' could not be found.
Error: The specified file: '%s' could not be opened.
Error: The specified file: '%s' is too large to read.
Error: The specified file: '%s' could not be read.
Application.Exit();
Screen.Next();
Screen.Back();
Radio%d
Total space required: %SpaceRequired%
IDS_CTRL_CHECK_BOX_d
IDS_CTRL_BUTTON_d
IDS_CTRL_STATICTEXT_LABEL_d
IDS_CTRL_COMBOBOX_d_DEFAULT
IDS_CTRL_EDIT_d
IDS_CTRL_RADIO_BUTTON_d
IDS_CTRL_LISTBOX_d
IDS_CTRL_SCROLLTEXT_BODY_d
IDS_CTRL_PROGRESS_BAR_d
IDS_CTRL_GROUP_BOX_d
IDS_CTRL_SELECT_PACKAGE_TREE_d
IDS_CTRL_BILLBOARD_d
CTRL_CHECK_BOX_d
CTRL_BUTTON_d
CTRL_STATICTEXT_LABEL_d
CTRL_COMBOBOX_d
CTRL_EDIT_d
CTRL_RADIO_BUTTON_d
CTRL_LIST_BOX_d
CTRL_SCROLLTEXT_BODY_d
CTRL_PROGRESS_BAR_d
CTRL_GROUP_BOX_d
CTRL_SELECT_PACKAGE_TREE_d
CTRL_BILLBOARD_d
IDS_CTRL_COMBOBOX_d_ITEMS
IDS_CTRL_SCROLLTEXT_FILE_d
WebWindow
IDS_CTRL_CATEGORY_NAME_d_%.3d
IDS_CTRL_CATEGORY_DESCRIPTION_d_%.3d
hXXp://VVV.indigorose.com/route.php?pid=suf9buy
[email protected]
.tiff
.jpeg
.wbmp
CNotSupportedException
user32.dll
Afx:%p:%x:%p:%p:%p
Afx:%p:%x
commctrl_DragListMsg
CCmdTarget
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
comctl32.dll
comdlg32.dll
shell32.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
%s%s.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
lX-X-x-XX-XXXXXX
RegOpenKeyTransactedA
RegCreateKeyTransactedA
RegDeleteKeyTransactedA
CHttpConnection
CHttpFile
HTTP/1.0
msctls_hotkey32
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
mfcm100.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
Shell32.dll
%s:%x:%x:%x:%x
RegDeleteKeyExA
lXXxXXXXXXXX
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
ole32.dll
MFCLink_UrlPrefix
MFCLink_Url
CMDITabProxyWnd
CMDIChildWndEx
CMDIFrameWndEx
%sMFCToolBar-%d%x
%sMFCToolBar-%d
%sMFCToolBarParameters
TOOLBAR_RESETKEYBAORD
KeyboardManager
MSG_CHECKEMPTYMINIFRAME
%sDockingManager-%d
&%d %s
Hex={X,X,X}
ShowCmd
CMDIChildWnd
CMDIFrameWnd
CMDIClientAreaWnd
%sMDIClientArea-%d
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\viewcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleipfrm.cpp
%sBasePane-%d%x
%sBasePane-%d
%sPane-%d%x
%sPane-%d
%sMFCOutlookBar-%d%x
%sMFCOutlookBar-%d
%c%d%c%s
RGB(%d, %d, %d)
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olestrm.cpp
%sDockablePaneAdapter-%d%x
%sDockablePaneAdapter-%d
ENABLE_KEYS
KEYS_MENU
KEYS
windows
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledrop2.cpp
CMFCToolBarsKeyboardPropertyPage
%sMFCTasksPane-%d%x
%sMFCTasksPane-%d
Visual C   CRT: Not enough memory to complete call to strerror.
Broken pipe
Inappropriate I/O control operation
Operation not permitted
operator
GetProcessWindowStation
IS 5.0.2.4
Error %d in %s (%s)
Error %d in %s (%s) [%s]
C.o.p.y.r.i.g.h.t...2.0.1.0.
ISLib PNG Error : %s
1.2.22
ISLib JPG Error : %s
DIBToHBITMAP error: GetLastError = %d
read %d. layersLen %d
Reading PCD sub-image #%d (%d x %d)
.cals
Keywords
SetWinMetaFileBits failed GetLastError = %d
GeoKeyDirectory
%s: Invalid InkNames value; expecting %d names, found %d
%s: Bad value %u for "%s" tag
%s: Invalid %stag "%s" (not supported by codec)
%s: Bad field type %d for "%s"
%s: Failed to allocate space for list of custom values
%s: Bad value %d for "%s" tag
%s: Sorry, cannot nest SubIFDs
Nonstandard tile width %d, convert file
Nonstandard tile length %d, convert file
%s: Cannot modify tag "%s" while writing
%s: Unknown %stag %u
%s: Error fetching directory link
%s: Error fetching directory count
Sorry, can not handle images with %d-bit samples
Sorry, LogL data must have %s=%d
Sorry, can not handle LogLuv images with %s=%d
Sorry, LogLuv data must have %s=%d or %d
Sorry, can not handle image with %s=%d
Sorry, can not handle contiguous data with %s=%d, and %s=%d and Bits/Sample=%d
Sorry, can not handle RGB image with %s=%d
Sorry, can not handle contiguous data with %s=%d, and %s=%d
Sorry, can not handle separated image with %s=%d
Missing needed %s tag
No space %s
%s: Read error at scanline %lu, strip %lu; got %lu bytes, expected %lu
%s: Read error at scanline %lu; got %lu bytes, expected %lu
%s: Seek error at scanline %lu, strip %lu
%s: Read error at row %ld, col %ld, tile %ld; got %lu bytes, expected %lu
%s: Read error at row %ld, col %ld; got %lu bytes, expected %lu
%s: Seek error at row %ld, col %ld, tile %ld
%s: No space for data buffer at scanline %ld
%s: Data buffer too small to hold strip %lu
%s: Read error on strip %lu; got %lu bytes, expected %lu
%s: Invalid strip byte count %lu, strip %lu
%s: Data buffer too small to hold tile %ld
"%s": Bad mode
Not a TIFF file, bad version number %d (0x%x)
This is a BigTIFF file. This format not supported
Not a TIFF or MDI file, bad magic number %d (0x%x)
%s: Out of memory (TIFF structure)
Error writing data for field "%s"
%s: Error writing SubIFD directory link
M"%s": Information lost writing value (%g) as (unsigned) RATIONAL
Integer overflow in %s
LIBTIFF, Version 3.9.1
0123456789ABCDEFlibpng error: %s
libpng error: %s, offset=%d
libpng error no. %s: %s
libpng warning: %s
libpng warning no. %s: %s
1.2.3
NULL row buffer for row %ld, pass %d
iTXt chunk not supported.
Corrupt JPEG data: found marker 0xx instead of RST%d
Warning: unknown JFIF revision number %d.d
Corrupt JPEG data: %u extraneous bytes before marker 0xx
Inconsistent progression sequence for component %d coefficient %d
Unknown Adobe color transform code %d
Obtained XMS handle %u
Freed XMS handle %u
Unrecognized component IDs %d %d %d, assuming YCbCr
JFIF extension marker: RGB thumbnail image, length %u
JFIF extension marker: palette thumbnail image, length %u
JFIF extension marker: JPEG-compressed thumbnail image, length %u
Opened temporary file %s
Closed temporary file %s
Ss=%d, Se=%d, Ah=%d, Al=%d
Component %d: dc=%d ac=%d
Start Of Scan: %d components
Component %d: %dhx%dv q=%d
Start Of Frame 0xx: width=%u, height=%u, components=%d
Smoothing not supported with nonstandard sampling ratios
RST%d
At marker 0xx, recovery action %d
Selected %d colors for quantization
Quantizing to %d colors
Quantizing to %d = %d*%d*%d colors
%4u %4u %4u %4u %4u %4u %4u %4u
Unexpected marker 0xx
Miscellaneous marker 0xx, length %u
with %d x %d thumbnail image
JFIF extension marker: type 0xx, length %u
Warning: thumbnail image size does not match data length %u
JFIF APP0 marker: version %d.d, density %dx%d %d
= = = = = = = =
Obtained EMS handle %u
Freed EMS handle %u
Define Restart Interval %u
Define Quantization Table %d precision %d
Define Huffman Table 0xx
Define Arithmetic Table 0xx: 0xx
Unknown APP14 marker (not Adobe), length %u
Unknown APP0 marker (not JFIF), length %u
Adobe APP14 marker: version %d, flags 0xx 0xx, transform %d
Unsupported marker type 0xx
Failed to create temporary file %s
Unsupported JPEG process: SOF type 0xx
Cannot quantize to more than %d colors
Cannot quantize to fewer than %d colors
Cannot quantize more than %d color components
Insufficient memory (case %d)
Not a JPEG file: starts with 0xx 0xx
Quantization table 0xx was not defined
Huffman table 0xx was not defined
Backing store not supported
Cannot transcode due to multiple use of quantization table %d
Maximum supported image dimension is %u pixels
Empty JPEG image (DNL not supported)
Bogus DQT index %d
Bogus DHT index %d
Bogus DAC value 0x%x
Bogus DAC index %d
Unsupported color conversion request
Too many color components: %d, max %d
Buffer passed to JPEG library is too small
JPEG parameter struct mismatch: library thinks size is %u, caller expects %u
Improper call to JPEG library in state %d
Invalid scan script at entry %d
Invalid progressive parameters at scan script entry %d
Invalid progressive parameters Ss=%d Se=%d Ah=%d Al=%d
Unsupported JPEG data precision %d
Invalid memory pool code %d
Wrong JPEG library version: library is %d, caller expects %d
IDCT output block size %d not supported
Invalid component ID %d in SOS
Bogus message code %d
Found bad IPTC data resource (len exceeds block end). ID=%d
ExifInteroperabilityOffset
InteroperabilityVersion
InteroperabilityIndex
AsShotPreProfileMatrix
AsShotICCProfile
AsShotWhiteXY
AsShotNeutral
InteroperabilityIFDOffset
Internal error, unknown tag 0x%x
Tag %d
Compression algorithm does not support random access
Compression scheme %u %s encoding is not implemented
%s %s encoding is not implemented
Compression scheme %u %s decoding is not implemented
%s %s decoding is not implemented
%s: Cannot determine size of unknown tag type %d
%s: TIFF directory is missing required "%s" field
incorrect count for field "%s" (%u, expecting %u); tag trimmed
incorrect count for field "%s" (%u, expecting %u); tag ignored
%s: Can not read TIFF directory
%s: Can not read TIFF directory count
%s: Seek error accessing TIFF directory
Error fetching data for field "%s"
%s: Rational with zero denominator (num = %u)
unexpected count for field "%s", %u, expected 2; ignored
cannot read TIFF_ANY type %d for field "%s"
Cannot handle different per-sample values for field "%s"
%s: cannot handle zero strip size
%s: cannot handle zero tile size
%s: cannot handle zero scanline size
%s: Wrong "%s" field, ignoring and calculating from imagelength
%s: Bogus "%s" field, ignoring and calculating from imagelength
%s: TIFF directory is missing required "%s" field, calculating from imagelength
%s: cannot handle zero number of %s
%s: wrong data type %d for "%s"; tag ignored
Registering anonymous field with tag %d (0x%x) failed
%s: unknown field with tag %d (0x%x) encountered
%s: invalid TIFF directory; tags are not sorted in ascending order
%s: Failed to read directory at offset %u
Unknown zTXt compression type %d
Incomplete compressed datastream in %s chunk
Data error in compressed datastream in %s chunk
Buffer error in compressed datastream in %s chunk
gamma = (%d/100000)
gx=%f, gy=%f, bx=%f, by=%f
wx=%f, wy=%f, rx=%f, ry=%f
incorrect gamma=(%d/100000)
deflate 1.2.3 Copyright 1995-2003 Jean-loup Gailly
%ld%c
%s compression support is not configured
inflate 1.2.3 Copyright 1995-2005 Mark Adler
LogL16Decode: Not enough data at row %d (short %d pixels)
LogLuvDecode24: Not enough data at row %d (short %d pixels)
LogLuvDecode32: Not enough data at row %d (short %d pixels)
?%s: No space for SGILog translation buffer
No support for converting user data format to LogL
No support for converting user data format to LogLuv
Inappropriate photometric interpretation %d for SGILog compression; %s
SGILog compression supported only for %s, or raw data
Unknown data format %d for LogLuv compression
Unknown encoding %d for LogLuv compression
%s: No space for LogLuv state block
?PixarLog compression can't handle bits depth/data format combination (depth: %d)
%d bit input not supported in PixarLog
PixarLogDecode: unsupported bits/sample: %d
%s: stride %d is not a multiple of sample count, %d, data truncated.
%s: zlib error: %s
%s: Not enough data at scanline %d (short %d bytes)
%s: Decoding error at scanline %d, %s
PixarLog compression can't handle %d bit linear encodings
A%s: Encoder error: %s
%s: Bad code word at line %u of %s %u (x %u)
%s: Uncompressed data (not supported) at line %u of %s %u (x %u)
%s: %s at line %u of %s %u (got %u, expected %u)
%s: Premature EOF at line %u of %s %u (x %u)
%s: No space for Group 3/4 reference line
@ Fax DCS: %s
Fax SubAddress: %s
(%u = 0x%x)
%sEOL padding
%s2-d encoding
%suncompressed data
%s: No space for state block
JpegRestartInterval: %u
JpegProc: %u
OJPEG encoding not supported; use new-style JPEG compression instead
Unknown marker type %d in JPEG data
Subsampling values [%d,%d] are not allowed in TIFF
Subsampling inside JPEG data does not match subsampling tag values [%d,%d] (nor any other values allowed in TIFF); assuming subsampling inside JPEG data is correct and desubsampling inside JPEG decompression
Subsampling inside JPEG data [%d,%d] does not match subsampling tag values [%d,%d]; assuming subsampling inside JPEG data is correct
Subsampling tag is not set, yet subsampling inside JPEG data [%d,%d] does not match default values [2,2]; assuming subsampling inside JPEG data is correct
SamplesPerPixel %d not supported for this compression scheme
JPEG strip/tile size exceeds expected dimensions, expected %dx%d, got %dx%d
Decompressor will try reading with sampling %d,%d.
Improper JPEG sampling factors %d,%d
Apparently should be %d,%d.
Improper JPEG strip/tile size, expected %dx%d, got %dx%d
RowsPerStrip must be multiple of %d for JPEG
JPEG tile width must be multiple of %d
JPEG tile height must be multiple of %d
BitsPerSample %d not allowed for JPEG
PhotometricInterpretation %d not allowed for JPEG
ThunderDecode: %s data at scanline %ld (%lu != %lu)
LZWDecode: Bogus encoding, loop in the code table; scanline %d
LZWDecode: Not enough data at scanline %d (short %ld bytes)
LZWDecode: Wrong length of decoded string: data probably corrupted at scanline %d
LZWDecode: Corrupted LZW table at scanline %d
LZWDecode: Strip %d not terminated with EOI code
LZWDecodeCompat: Corrupted LZW table at scanline %d
LZWDecodeCompat: Wrong length of decoded string: data probably corrupted at scanline %d
LZWDecodeCompat: Not enough data at scanline %d (short %ld bytes)
DumpModeDecode: Not enough data for scanline %d
Horizontal differencing "Predictor" not supported with %d-bit samples
Floating point "Predictor" not supported with %d data format
"Predictor" value %d not supported
Out of memory allocating %d byte temp buffer.
%u (0x%x)
WindowsForms
NTDLL.DLL
COMCTL32.DLL
USER32.DLL
MSCTF.DLL
GDI32.DLL
SHLWAPI.DLL
UXTHEME.DLL
API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0.DLL
LEFTPRESSED
ALWAYSSHOWSIZINGBAR
MSGBOXFONT
%[^,], %ld, %s
User32.dll
msimg32.dll
windows-1254
windows-874
SUBLANG_PORTUGUESE_BRAZILIAN
Portuguese (Brazil)
SUBLANG_PORTUGUESE
LANG_PORTUGUESE
Portuguese (Portugal)
windows-1255
windows-1257
windows-1253
windows-1252
windows-1250
windows-1256
windows-1251
1.2.40
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
WININET.dll
?#%X.y
InternetCrackUrlA
InternetCanonicalizeUrlA
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
.?AVCCmdTarget@@
.PAVCException@@
.PAVCFileException@@
.PAVCMemoryException@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDPAVCISImageEx@@PAV3@@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDVCRect@@AAV3@@@
.?AVCMainWindowSettings@@
.?AVCMD5@@
.?AVCPasswordData@@
.?AVCRTSessionVarMgr@@
.?AVCScreenCrtrMeasure@@
.?AVCWebBrowser2@@
.PAVCInternetException@@
.PAVCResourceException@@
.?AVCScreenCtrlMsg@@
.?AVCScreenCtrlMsgDetail@@
.PAVCThreadException@IR@@
.PAVCObject@@
.PAVCOleException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.PAVCArchiveException@@
.PAVCUserException@@
.?AVCTestCmdUI@@
.?AVCCmdUI@@
.?AVCHttpConnection@@
.?AVCHttpFile@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDV12@PBD@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDPAVCDocument@@PAV3@@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD_N_N@@
.?AV?$CMap@PAVCDocument@@PAV1@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@@
.PAVCOleDispatchException@@
.?AVCMDITabProxyWnd@@
.?AVCMDIChildWndEx@@
.?AVCMDIChildWnd@@
.?AVCMDIFrameWndEx@@
.?AVCMDIFrameWnd@@
.?AVCMFCToolBarCmdUI@@
.?AVCMFCAcceleratorKey@@
.?AVCMFCColorBarCmdUI@@
.?AV?$CMap@KKV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@@
.?AV?$CList@PAVCMDIChildWndEx@@PAV1@@@
.?AVCMDIClientAreaWnd@@
.?AVCMFCRibbonCmdUI@@
.?AVCMFCCmdUsageCount@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDPAVCObList@@PAV3@@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDHH@@
.?AVCMFCRibbonKeyTip@@
.?AVCMFCToolBarsKeyboardPropertyPage@@
.?AVCMFCTasksPaneToolBarCmdUI@@
.?AVCMFCAcceleratorKeyAssignCtrl@@
zcÁ
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\_ir_sf_temp_0\irsetup.exe
GetProcessHeap
GetCPInfo
GetWindowsDirectoryA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GetViewportOrgEx
GetViewportExtEx
GdiplusShutdown
ShellExecuteExA
ShellExecuteA
UrlUnescapeA
URLDownloadToFileA
MapVirtualKeyExA
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyA
GetKeyNameTextA
SetWindowsHookExA
UnhookWindowsHookEx
CreateDialogIndirectParamA
GetKeyState
ExitWindowsEx
EnumWindows
MsgWaitForMultipleObjects
GetAsyncKeyState
|5#" " " 
# # #""%"$
^)1-"*"<.
2;%SK
%.Fh3>$]R
]<%XZ
WEBI
]>2?>2/"
H%FZW
|@@@@8>-
\ ,%X
[9<;.MK31?MM&
!3-%#;3&1
##0#3131%& 
.QICN,1#-#5<## @I3>##Jl;>C3I=I6lIC6&-4-350T-3]
$&%f#F>#
:0@033*00
$,0($,$4
(,,4,4,$
0488<<<( 0
.text
`.rdata
@.data
.rsrc
@.reloc
%xERRj3cqZQ
! !!####0
;;;9551%%0
! !!565665@
version="9.5.0.0"
name="setup.exe"/>
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
<!-- Windows Vista Support -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!-- Windows 7 Support -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<!-- Windows 8 Support -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<!-- Windows 8.1 Support -->
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<!-- Windows 10 Support -->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
ADVAPI32.dll
COMCTL32.dll
COMDLG32.dll
GDI32.dll
gdiplus.dll
imagehlp.dll
IMM32.dll
MSIMG32.dll
NETAPI32.dll
OLEACC.dll
OLEAUT32.dll
oledlg.dll
SHELL32.dll
SHLWAPI.dll
urlmon.dll
USER32.dll
VERSION.dll
WINMM.dll
WINSPOOL.DRV
accKeyboardShortcut
hhctrl.ocx
VWININET.DLL
dwmapi.dll
xUxTheme.dll
yDWrite.dll
D2D1.dll
SHELL32.DLL
ZRICHED20.DLL
mscoree.dll
ekernel32.dll
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
aero.msstyles
winxp.royale.cjstyles
royale.msstyles
winxp.luna.cjstyles
luna.msstyles
Argument %d must be of type %s.
%d arguments required.
All Files (*.*)
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
#Unable to load mail system support.
Note that if you choose to recover the auto-saved documents, you must explicitly save them to overwrite the original documents. If you choose to not recover the auto-saved versions, they will be deleted.fRecover the auto-saved documents
%s [Recovered]
9.5.0.0
2015 Indigo Rose Corporation (VVV.indigorose.com)
suf_rt.exe

irsetup.exe_1628_rwx_00401000_003DD000:

t%SSSS
9=@%u
SSSSh
t%SWV
u)SSh
u)SShd
TSShX
@ SSh
u%SSSV
SSShT
SSSh`
9^$u&SSSSh?
9^$u SSSSh?
9^$u)SSSSh?
|SShF
t2SSh
Ht.Ht S
FLSSh
NLhD%u
GLSSh
GXSSh
FpSSh
FtSSh
G`SSh
.WWWW
Nt.Nt
t'SShl
u$SShe
@ SSHPWj
tFHt:Ht.Ht"Hu`
tWSShW
tl9_ tgSSh
tAHt.HHt
j%XtL9E
<SShG
FtPW
SSh@B
FTCP
u.Ph,
.FG;}
FTPQ
FTPh
V SShW
O SSh
O SSh,
kernel32.dll
%s (%s:%d)
c:\Program Files\Microsoft Visual Studio 10.0\VC\atlmfc\include\afxwin1.inl
MSG_ERROR
%s %d. %s
MSG_ASK_FOR_DISK
MSG_NEW_LOCATION
MSG_CONFIRM_ABORT
MSG_CONFIRM
A%s%s%s.%d
%s.%d
%s, Line %d: %s
File condition evaluation for file "%s"
msi.dll
\msi.dll
Software\Microsoft\Windows\CurrentVersion\Installer
C:\temp\SUF_SFX_TEST\
MSG_INITIALIZING
16670749
_IgnoreInvalidCertificate
SetEntriesInAcl Error %u
SetNamedSecurityInfo Error %u
*.gif
*.tif
*.tga
*.png
*.pcx
*.jpg
*.bmp
[%d]: %s
*** LOCATION: %s
__NOREPORT__
in function <%s:%d>
in function '%s'
Line: %d
%d: [%s]
Script: %s, %s (%s)
__ir_eval_value = %s;
c:\Program Files\Microsoft Visual Studio 10.0\VC\atlmfc\include\afxwin2.inl
%Copyright%. All rights reserved. %CompanyURL%
WindowStyle
MainWindowSettings
%s at offset %d unterminated
Incorrect %s at offset %d
Element '%s' at offset %d not ended
End tag '%s' at offset %d does not match start tag '%s' at offset %d
No start tag for end tag '%s' at offset %d
%s%d bytes
%s%d wide chars to %d bytes
%d bytes to %s%d wide chars
MSG_SEARCH_FILE
(*.*)|*.*||
MSG_SEARCH_ALL
MSG_SEARCH_MASK
MSG_INSERTDISK
MSG_CANCEL
MSG_OK
MSG_BROWSE
MSG_PATH
Windows Server 10
Windows 10
Windows Server 2012 R2
Windows 8.1
Windows Server 2012
Windows 8
Windows Server 2008 R2
Windows 7
Windows Server 2008
Windows Vista
Windows Server 2003
Windows XP
CPasswordData
-- Defined in _SUF70_Global_Functions.lua
number e_ErrorCode, string e_ErrorMsgID
%TempFolder%\%ProductName% Setup Log.txt
%StartupFolder%
%StartFolder%
%StartProgramsFolder%
ÞsktopFolder%
%s\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
%CommonFilesFolder%\Microsoft Shared\DAO
Software\Microsoft\Shared Tools\DAO350.dll
Software\Microsoft\Shared Tools\DAO360.dll
ÚOPath%
Software\Microsoft\Windows NT\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
%SourceFolder%
%SystemDrive%
_WindowsFolder
%WindowsFolder%
%SystemFolder%
%CommonFilesFolder%
%CommonFilesFolder64%
%CommonProgramW6432%
%CommonDocumentsFolder%
%StartupFolderCommon%
%StartProgramsFolderCommon%
%StartFolderCommon%
%FontsFolder%
ÞsktopFolderCommon%
;?;?.lua
UninstallSupportFiles
CPRegKey
Run extra uninstall script: %d
Original: %d
Calculated: %d
Unable to open archive file: %d
lua5.1.dll
%SourceDrive%
%SourceFilename%
\irsetup.dat
{D387204B-8FB9-6A21-15FA-0CD14BF40EA9}
Support file added to uninstall list:
Registry key added to uninstall list:
Removed! %d
IDispatch error #%d
Error 0xx: %s
Register font: %s, %s
%sbk%d
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
Remove uninstall support file:
MSG_NO
MSG_YES_TOALL
MSG_YES
MSG_UNINSTALL_OK_REMOVE
MSG_UNINSTALL_NO_APP_USE
MSG_UNINSTALL_REMOVE_SHARED
Decrement shared file count: %s (New count = %d)
SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
: %s (#%d)
Global include script: %s
RegisterTypeLib: %s
RegisterTypeLib failure reason: %s
RegisterTypeLib: %s - %s
Register COM file: %s
Register COM failure reason: %s
Register COM file: %s - System Error # %u
Register COM file on reboot: %s
regsvr32.exe /s %s
SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Increment usage count: %s
Increment usage count: %s (New count = %d)
%s\%s
%s (%d)
\irsetup.skin
local e_Stage = %d;local e_CurrentItemText=[==[%s]==];local e_CurrentItemPct=%d;local e_StagePct=%d;
MSG_SYSREQ_WARN
MSG_NOTICE
MSG_SYSREQ_ABORT
%s: %s
MSG_SYSREQ_USERPERMISSION
MSG_SYSREQ_SYSTEMADMIN
MSG_SYSREQ_COLORDEPTH
MSG_BITSPERPIXEL
MSG_SYSREQ_SCREENHEIGHT
%s: %d
MSG_SYSREQ_SCREENWIDTH
%s: %d %s
MSG_SYSREQ_RAM
MSG_SIZE_MEGABYTES
Operating System
MSG_SYSREQ_OS
MSG_OS_PART_ORNEWER
MSG_OS_PART_NOSERVPACK
MSG_OS_PART_SERVPACK
MSG_OS_PART_SE
MSG_OS_PART_C
MSG_OS_PART_B
MSG_OS_PART_A
MSG_OS_ALL
MSG_OS_NONE
MSG_OS_WSRV10
MSG_OS_W10
MSG_OS_WSRV2012_R2
MSG_OS_W8_1
MSG_OS_WSRV2012
MSG_OS_W8
MSG_OS_WSRV2008_R2
MSG_OS_W7
MSG_OS_WSRV2008
MSG_OS_WVISTA
MSG_OS_WSRV2003
MSG_OS_WXP
MSG_OS_UNKNOWN
MSG_SYSREQ_NOTMET
%s %d %s
MSG_EXP_USESLEFT
MSG_EXP_USESLEFT2
%s %I64d %s
MSG_EXP_DAYSLEFT
MSG_EXP_DAYSLEFT2
Software\Microsoft\Windows\CurrentVersion\I652R9823\
MSG_EXP_CONTACT_START
Run project event: %s
local e_ErrorCode=%d; local e_ErrorMsgID = "%s"
Start project event: %s
MSG_UNINSTALLFILE_NOREMOVE
MSG_UNINSTALLFILE_INUSE
%s (%s: %u)
\WININIT.INI
MSG_FILE_EXISTS_INUSE
MSG_FILE_EXISTS_RETRY
MSG_FILE_EXISTS_ANY
MSG_FILE_EXISTS_NEWER
MSG_FILE_OVERWRITE_CONFIRM
%s\%s.lnk
%s (Return code: %d)
Product: %s, version %s
MSG_SEEKING
%s (%d):
Arc: %s
FN: %s
%s (#%d)
MSG_SKIPPING
MSG_INSTALLING
MSG_PROG_UNINSTALL_CREATECONTROLFILE
ERR_CREATEUNINSTALL_OPEN_EXE_READ
ERR_CREATEUNINSTALL_OPEN_EXE_WRITE
Overwrite uninstall executable:
Existing uninstall executable is newer. Will not overwrite.
Compared uninstall file versions. New: %s Old: %s Result: %d
Uninstall executable already exists: %s
MSG_PROG_UNINSTALL_CREATEEXE
@MSG_PROG_UNINSTALL_CREATEDATFILE
MSG_PROG_UNINSTALL_CREATEFOLDER
"/U:%s"
MSG_PROG_UNINSTALL_CREATESC
Create uninstall CP entry key
ERR_CREATEUNINSTALL_CREATEREGKEY
"%s",%d
Uninstall CP entry: URLUpdateInfo =
URLUpdateInfo
Uninstall CP entry: URLInfoAbout =
URLInfoAbout
"%s" "/U:%s"
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
MSG_PROG_UNINSTALL_CREATECPENTRY
MSG_PROG_UNINSTALL_COPYSUPPORTFILES
MSG_PROG_UNINSTALL_COPYPLUGINS
%s %s
MSG_REQUIRED_DRIVE
MSG_AVAILABLE_DRIVE
Dependency Detection Passed
MSG_PROG_CHECKING_DRIVESPACE
MSG_PROG_CHECKING_FILES
%A, %B %d, %Y
[%s] %s
%m/%d/%Y %H:%M:%S
MsgFile
ERR_MSI_PATCH_REMOVAL_UNSUPPORTED
ERR_MSI_PATCH_PACKAGE_UNSUPPORTED
ERR_MSI_INSTALL_PLATFORM_UNSUPPORTED
ERR_MSI_UNSUPPORTED_TYPE
ERR_MSI_INSTALL_LANGUAGE_UNSUPPORTED
ERR_SERVER_FILE_DOWNLOAD_SET_PROXY_PASSWORD
ERR_SERVER_FILE_DOWNLOAD_OPEN_FTP_FILE
ERR_SERVER_FILE_DOWNLOAD_OPEN_HTTP_FILE
ERR_ODBC_INVALID_KEYWORD_VALUE
ERR_WEB_503
ERR_WEB_500
ERR_WEB_404
ERR_WEB_403
ERR_WEB_400
ERR_WEB_SET_PROXY_PASSWORD
ERR_WEB_SET_PROXY_USERNAME
ERR_WEB_WRITE_MEMORY
ERR_WEB_FTP_FILE_OPEN
ERR_WEB_USER_ABORT
ERR_WEB_FILE_WRITE
ERR_WEB_DOWNLOAD_FILE_ERROR
ERR_WEB_INVALID_HTTP_RESPONSE
ERR_WEB_DESTINATION_FILE_OPEN
ERR_WEB_SEND_REQUEST
ERR_WEB_OPEN_REQUEST
ERR_WEB_CREATE_HTTP_CONNECTION
ERR_WEB_CREATE_INTERNET_SESSION
ERR_REG_GET_SUB_KEY_NAME
ERR_REG_NON_EXISTANT_SUB_KEY
ERR_REG_DELETE_KEY
ERR_REG_CREATE_KEY
ERR_FILE_EXECUTION_FAILED_ELEVATION
ERR_KEY_RUN_ON_REBOOT_FAILED
ERR_USER_ABORTED_OPERATION
ERR_NON_EXISTANT_VIEWER_EXE
ERR_FILE_EXECUTION_FAILED
ERR_SPECIFIED_EXE_FILE_INVALID
MSG_SUCCESS
Language set: Primary = %d, Secondary = %d
%CompanyURL%
%CompanyName%
UxTheme.dll
%Copyright% %CompanyName%. All rights reserved. %CompanyURL%
%TempFolder%\%ProductName% Uninstall Log.txt
%CompanyName% Support Department
%AppFolder%\uninstall.exe
uninstall.xml
CWebBrowser2
Confirm Operation
KERNEL32.DLL
PSAPI.DLL
Kernel32.dll
WS2_32.DLL
Copying "%s"
"%s" %s
%d.%d.%d.%d
\StringFileInfo\xx\ProductVersion
\StringFileInfo\xx\PrivateBuild
Sfc.dll
.bak%d
Windows ME
Windows 98
Windows 95
Windows 2000
Windows NT 4
Windows NT 3
%s\shell\open\command
NUL=%s
Software\Microsoft\Windows NT\CurrentVersion\Fonts
Software\Microsoft\Windows\CurrentVersion\Fonts
***!!!***@@
Advapi32.dll
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
%s\%s.url
%s\%s.pif
srclient.dll
%s_%d
%s\_ir_tmpfnt_%d
/\:*?"<>|
%%x
d:d
WinINet.dll
Could not create Internet session: %u
Error downloading file: %u
Error writing the destination file: %d-%u
Could not create HTTP connection: %u
Could not create HTTP connection
Incorrect HTTP status returned by server: %d
Send request failed: %u
Content-Type: application/x-www-form-urlencoded
Could not open HTTP file: %s
PTF://
hXXps://
hXXp://
%s; DIRECT
jsproxy.dll
DetectAutoProxyUrl
wininet.dll
Could not HTTP file: %u
MSG_STATUS_HANDLE_CREATED
MSG_STATUS_HANDLE_CLOSING
MSG_STATUS_REQUEST_COMPLETE
MSG_REDIRECTING
MSG_CONNECTION_CLOSED
MSG_RESOLVING_HOST_NAME
MSG_HOST_NAME_RESOLVED
MSG_CONNECTING_TO_SERVER
MSG_CONNECTED_TO_SERVER
MSG_CLOSING_CONNECTION
MSG: %d
TRACE: LastError = %d ("%s")
Script: %s, %s
Script: %s, Line %d
All Files (*.*)|*.*|
PasswordInput
MSG_MOVING
MSG_COPYING
MSG_FROM
MSG_TO
MSG_DELETING
MSG_SEARCHING
\StringFileInfo\xx\SpecialBuild
\StringFileInfo\xx\OriginalFilename
\StringFileInfo\xx\Comments
\StringFileInfo\xx\LegalTrademarks
\StringFileInfo\xx\LegalCopyright
\StringFileInfo\xx\ProductName
\StringFileInfo\xx\InternalName
\StringFileInfo\xx\FileDescription
\StringFileInfo\xx\CompanyName
ErrorMsg
%Y-%m-%dT%H:%M:%S
MSG_INSTALL_DO_YOU_WANT_OVERWRITE
MSG_INSTALL_ALWAYS_ASK_OVERWRITE_MSG
MSG_INSTALL_FILE_OLDER_MSG
OpenURL
\msiexec.exe
RunMsiexec
SQLInstallerError
SQLRemoveDriverManager
odbccp32.dll
SQLConfigDataSource
SQLInstallDriverEx
SQLInstallDriverManager
SQLRemoveDriver
\Kernel32.dll
GetKeyNames
DoesKeyExist
DeleteKey
CreateKey
ShortcutKey
keycode
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
MSG_SIZE_BYTES
P?MSG_SIZE_KILOBYTES
>MSG_SIZE_GIGABYTES
xxxxxx
%s-%s-%s
%s/%s/%s
%s:%s:%s
%d:%s:%s AM
%d:%s:%s PM
MSG_REBOOT_FAILED
WININET.DLL
PPassword
Password
%s %s %s %s (%0.2f %s)
%0.1f %s/%0.1f %s
%I64u %s/%I64u %s
MSG_KB_PER_SEC
MSG_ESTIMATED_TIME_LEFT
MSG_SAVING
MSG_DOWNLOADING
%s %s %s %s
MSG_QUERYING_INTERNET
MSG_READING
GetHTTPErrorInfo
%s > %s
number e_CtrlID, number e_MsgID, table e_Details
Removed: %s
local e_CtrlID=%d; local e_MsgID=%d;
Button%d
Check%d
ComboBox%d
Edit%d
Space available on selected drive: %SpaceAvailable%
Space required: %SpaceRequired%
Error: The specified file: '%s' could not be found.
Error: The specified file: '%s' could not be opened.
Error: The specified file: '%s' is too large to read.
Error: The specified file: '%s' could not be read.
Application.Exit();
Screen.Next();
Screen.Back();
Radio%d
Total space required: %SpaceRequired%
IDS_CTRL_CHECK_BOX_d
IDS_CTRL_BUTTON_d
IDS_CTRL_STATICTEXT_LABEL_d
IDS_CTRL_COMBOBOX_d_DEFAULT
IDS_CTRL_EDIT_d
IDS_CTRL_RADIO_BUTTON_d
IDS_CTRL_LISTBOX_d
IDS_CTRL_SCROLLTEXT_BODY_d
IDS_CTRL_PROGRESS_BAR_d
IDS_CTRL_GROUP_BOX_d
IDS_CTRL_SELECT_PACKAGE_TREE_d
IDS_CTRL_BILLBOARD_d
CTRL_CHECK_BOX_d
CTRL_BUTTON_d
CTRL_STATICTEXT_LABEL_d
CTRL_COMBOBOX_d
CTRL_EDIT_d
CTRL_RADIO_BUTTON_d
CTRL_LIST_BOX_d
CTRL_SCROLLTEXT_BODY_d
CTRL_PROGRESS_BAR_d
CTRL_GROUP_BOX_d
CTRL_SELECT_PACKAGE_TREE_d
CTRL_BILLBOARD_d
IDS_CTRL_COMBOBOX_d_ITEMS
IDS_CTRL_SCROLLTEXT_FILE_d
WebWindow
IDS_CTRL_CATEGORY_NAME_d_%.3d
IDS_CTRL_CATEGORY_DESCRIPTION_d_%.3d
hXXp://VVV.indigorose.com/route.php?pid=suf9buy
[email protected]
.tiff
.jpeg
.wbmp
CNotSupportedException
user32.dll
Afx:%p:%x:%p:%p:%p
Afx:%p:%x
commctrl_DragListMsg
CCmdTarget
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
comctl32.dll
comdlg32.dll
shell32.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
%s%s.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
lX-X-x-XX-XXXXXX
RegOpenKeyTransactedA
RegCreateKeyTransactedA
RegDeleteKeyTransactedA
CHttpConnection
CHttpFile
HTTP/1.0
msctls_hotkey32
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
mfcm100.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
Shell32.dll
%s:%x:%x:%x:%x
RegDeleteKeyExA
lXXxXXXXXXXX
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
ole32.dll
MFCLink_UrlPrefix
MFCLink_Url
CMDITabProxyWnd
CMDIChildWndEx
CMDIFrameWndEx
%sMFCToolBar-%d%x
%sMFCToolBar-%d
%sMFCToolBarParameters
TOOLBAR_RESETKEYBAORD
KeyboardManager
MSG_CHECKEMPTYMINIFRAME
%sDockingManager-%d
&%d %s
Hex={X,X,X}
ShowCmd
CMDIChildWnd
CMDIFrameWnd
CMDIClientAreaWnd
%sMDIClientArea-%d
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\viewcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleipfrm.cpp
%sBasePane-%d%x
%sBasePane-%d
%sPane-%d%x
%sPane-%d
%sMFCOutlookBar-%d%x
%sMFCOutlookBar-%d
%c%d%c%s
RGB(%d, %d, %d)
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olestrm.cpp
%sDockablePaneAdapter-%d%x
%sDockablePaneAdapter-%d
ENABLE_KEYS
KEYS_MENU
KEYS
windows
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledrop2.cpp
CMFCToolBarsKeyboardPropertyPage
%sMFCTasksPane-%d%x
%sMFCTasksPane-%d
Visual C   CRT: Not enough memory to complete call to strerror.
Broken pipe
Inappropriate I/O control operation
Operation not permitted
operator
GetProcessWindowStation
IS 5.0.2.4
Error %d in %s (%s)
Error %d in %s (%s) [%s]
C.o.p.y.r.i.g.h.t...2.0.1.0.
ISLib PNG Error : %s
1.2.22
ISLib JPG Error : %s
DIBToHBITMAP error: GetLastError = %d
read %d. layersLen %d
Reading PCD sub-image #%d (%d x %d)
.cals
Keywords
SetWinMetaFileBits failed GetLastError = %d
GeoKeyDirectory
%s: Invalid InkNames value; expecting %d names, found %d
%s: Bad value %u for "%s" tag
%s: Invalid %stag "%s" (not supported by codec)
%s: Bad field type %d for "%s"
%s: Failed to allocate space for list of custom values
%s: Bad value %d for "%s" tag
%s: Sorry, cannot nest SubIFDs
Nonstandard tile width %d, convert file
Nonstandard tile length %d, convert file
%s: Cannot modify tag "%s" while writing
%s: Unknown %stag %u
%s: Error fetching directory link
%s: Error fetching directory count
Sorry, can not handle images with %d-bit samples
Sorry, LogL data must have %s=%d
Sorry, can not handle LogLuv images with %s=%d
Sorry, LogLuv data must have %s=%d or %d
Sorry, can not handle image with %s=%d
Sorry, can not handle contiguous data with %s=%d, and %s=%d and Bits/Sample=%d
Sorry, can not handle RGB image with %s=%d
Sorry, can not handle contiguous data with %s=%d, and %s=%d
Sorry, can not handle separated image with %s=%d
Missing needed %s tag
No space %s
%s: Read error at scanline %lu, strip %lu; got %lu bytes, expected %lu
%s: Read error at scanline %lu; got %lu bytes, expected %lu
%s: Seek error at scanline %lu, strip %lu
%s: Read error at row %ld, col %ld, tile %ld; got %lu bytes, expected %lu
%s: Read error at row %ld, col %ld; got %lu bytes, expected %lu
%s: Seek error at row %ld, col %ld, tile %ld
%s: No space for data buffer at scanline %ld
%s: Data buffer too small to hold strip %lu
%s: Read error on strip %lu; got %lu bytes, expected %lu
%s: Invalid strip byte count %lu, strip %lu
%s: Data buffer too small to hold tile %ld
"%s": Bad mode
Not a TIFF file, bad version number %d (0x%x)
This is a BigTIFF file. This format not supported
Not a TIFF or MDI file, bad magic number %d (0x%x)
%s: Out of memory (TIFF structure)
Error writing data for field "%s"
%s: Error writing SubIFD directory link
M"%s": Information lost writing value (%g) as (unsigned) RATIONAL
Integer overflow in %s
LIBTIFF, Version 3.9.1
0123456789ABCDEFlibpng error: %s
libpng error: %s, offset=%d
libpng error no. %s: %s
libpng warning: %s
libpng warning no. %s: %s
1.2.3
NULL row buffer for row %ld, pass %d
iTXt chunk not supported.
Corrupt JPEG data: found marker 0xx instead of RST%d
Warning: unknown JFIF revision number %d.d
Corrupt JPEG data: %u extraneous bytes before marker 0xx
Inconsistent progression sequence for component %d coefficient %d
Unknown Adobe color transform code %d
Obtained XMS handle %u
Freed XMS handle %u
Unrecognized component IDs %d %d %d, assuming YCbCr
JFIF extension marker: RGB thumbnail image, length %u
JFIF extension marker: palette thumbnail image, length %u
JFIF extension marker: JPEG-compressed thumbnail image, length %u
Opened temporary file %s
Closed temporary file %s
Ss=%d, Se=%d, Ah=%d, Al=%d
Component %d: dc=%d ac=%d
Start Of Scan: %d components
Component %d: %dhx%dv q=%d
Start Of Frame 0xx: width=%u, height=%u, components=%d
Smoothing not supported with nonstandard sampling ratios
RST%d
At marker 0xx, recovery action %d
Selected %d colors for quantization
Quantizing to %d colors
Quantizing to %d = %d*%d*%d colors
%4u %4u %4u %4u %4u %4u %4u %4u
Unexpected marker 0xx
Miscellaneous marker 0xx, length %u
with %d x %d thumbnail image
JFIF extension marker: type 0xx, length %u
Warning: thumbnail image size does not match data length %u
JFIF APP0 marker: version %d.d, density %dx%d %d
= = = = = = = =
Obtained EMS handle %u
Freed EMS handle %u
Define Restart Interval %u
Define Quantization Table %d precision %d
Define Huffman Table 0xx
Define Arithmetic Table 0xx: 0xx
Unknown APP14 marker (not Adobe), length %u
Unknown APP0 marker (not JFIF), length %u
Adobe APP14 marker: version %d, flags 0xx 0xx, transform %d
Unsupported marker type 0xx
Failed to create temporary file %s
Unsupported JPEG process: SOF type 0xx
Cannot quantize to more than %d colors
Cannot quantize to fewer than %d colors
Cannot quantize more than %d color components
Insufficient memory (case %d)
Not a JPEG file: starts with 0xx 0xx
Quantization table 0xx was not defined
Huffman table 0xx was not defined
Backing store not supported
Cannot transcode due to multiple use of quantization table %d
Maximum supported image dimension is %u pixels
Empty JPEG image (DNL not supported)
Bogus DQT index %d
Bogus DHT index %d
Bogus DAC value 0x%x
Bogus DAC index %d
Unsupported color conversion request
Too many color components: %d, max %d
Buffer passed to JPEG library is too small
JPEG parameter struct mismatch: library thinks size is %u, caller expects %u
Improper call to JPEG library in state %d
Invalid scan script at entry %d
Invalid progressive parameters at scan script entry %d
Invalid progressive parameters Ss=%d Se=%d Ah=%d Al=%d
Unsupported JPEG data precision %d
Invalid memory pool code %d
Wrong JPEG library version: library is %d, caller expects %d
IDCT output block size %d not supported
Invalid component ID %d in SOS
Bogus message code %d
Found bad IPTC data resource (len exceeds block end). ID=%d
ExifInteroperabilityOffset
InteroperabilityVersion
InteroperabilityIndex
AsShotPreProfileMatrix
AsShotICCProfile
AsShotWhiteXY
AsShotNeutral
InteroperabilityIFDOffset
Internal error, unknown tag 0x%x
Tag %d
Compression algorithm does not support random access
Compression scheme %u %s encoding is not implemented
%s %s encoding is not implemented
Compression scheme %u %s decoding is not implemented
%s %s decoding is not implemented
%s: Cannot determine size of unknown tag type %d
%s: TIFF directory is missing required "%s" field
incorrect count for field "%s" (%u, expecting %u); tag trimmed
incorrect count for field "%s" (%u, expecting %u); tag ignored
%s: Can not read TIFF directory
%s: Can not read TIFF directory count
%s: Seek error accessing TIFF directory
Error fetching data for field "%s"
%s: Rational with zero denominator (num = %u)
unexpected count for field "%s", %u, expected 2; ignored
cannot read TIFF_ANY type %d for field "%s"
Cannot handle different per-sample values for field "%s"
%s: cannot handle zero strip size
%s: cannot handle zero tile size
%s: cannot handle zero scanline size
%s: Wrong "%s" field, ignoring and calculating from imagelength
%s: Bogus "%s" field, ignoring and calculating from imagelength
%s: TIFF directory is missing required "%s" field, calculating from imagelength
%s: cannot handle zero number of %s
%s: wrong data type %d for "%s"; tag ignored
Registering anonymous field with tag %d (0x%x) failed
%s: unknown field with tag %d (0x%x) encountered
%s: invalid TIFF directory; tags are not sorted in ascending order
%s: Failed to read directory at offset %u
Unknown zTXt compression type %d
Incomplete compressed datastream in %s chunk
Data error in compressed datastream in %s chunk
Buffer error in compressed datastream in %s chunk
gamma = (%d/100000)
gx=%f, gy=%f, bx=%f, by=%f
wx=%f, wy=%f, rx=%f, ry=%f
incorrect gamma=(%d/100000)
deflate 1.2.3 Copyright 1995-2003 Jean-loup Gailly
%ld%c
%s compression support is not configured
inflate 1.2.3 Copyright 1995-2005 Mark Adler
LogL16Decode: Not enough data at row %d (short %d pixels)
LogLuvDecode24: Not enough data at row %d (short %d pixels)
LogLuvDecode32: Not enough data at row %d (short %d pixels)
?%s: No space for SGILog translation buffer
No support for converting user data format to LogL
No support for converting user data format to LogLuv
Inappropriate photometric interpretation %d for SGILog compression; %s
SGILog compression supported only for %s, or raw data
Unknown data format %d for LogLuv compression
Unknown encoding %d for LogLuv compression
%s: No space for LogLuv state block
?PixarLog compression can't handle bits depth/data format combination (depth: %d)
%d bit input not supported in PixarLog
PixarLogDecode: unsupported bits/sample: %d
%s: stride %d is not a multiple of sample count, %d, data truncated.
%s: zlib error: %s
%s: Not enough data at scanline %d (short %d bytes)
%s: Decoding error at scanline %d, %s
PixarLog compression can't handle %d bit linear encodings
A%s: Encoder error: %s
%s: Bad code word at line %u of %s %u (x %u)
%s: Uncompressed data (not supported) at line %u of %s %u (x %u)
%s: %s at line %u of %s %u (got %u, expected %u)
%s: Premature EOF at line %u of %s %u (x %u)
%s: No space for Group 3/4 reference line
@ Fax DCS: %s
Fax SubAddress: %s
(%u = 0x%x)
%sEOL padding
%s2-d encoding
%suncompressed data
%s: No space for state block
JpegRestartInterval: %u
JpegProc: %u
OJPEG encoding not supported; use new-style JPEG compression instead
Unknown marker type %d in JPEG data
Subsampling values [%d,%d] are not allowed in TIFF
Subsampling inside JPEG data does not match subsampling tag values [%d,%d] (nor any other values allowed in TIFF); assuming subsampling inside JPEG data is correct and desubsampling inside JPEG decompression
Subsampling inside JPEG data [%d,%d] does not match subsampling tag values [%d,%d]; assuming subsampling inside JPEG data is correct
Subsampling tag is not set, yet subsampling inside JPEG data [%d,%d] does not match default values [2,2]; assuming subsampling inside JPEG data is correct
SamplesPerPixel %d not supported for this compression scheme
JPEG strip/tile size exceeds expected dimensions, expected %dx%d, got %dx%d
Decompressor will try reading with sampling %d,%d.
Improper JPEG sampling factors %d,%d
Apparently should be %d,%d.
Improper JPEG strip/tile size, expected %dx%d, got %dx%d
RowsPerStrip must be multiple of %d for JPEG
JPEG tile width must be multiple of %d
JPEG tile height must be multiple of %d
BitsPerSample %d not allowed for JPEG
PhotometricInterpretation %d not allowed for JPEG
ThunderDecode: %s data at scanline %ld (%lu != %lu)
LZWDecode: Bogus encoding, loop in the code table; scanline %d
LZWDecode: Not enough data at scanline %d (short %ld bytes)
LZWDecode: Wrong length of decoded string: data probably corrupted at scanline %d
LZWDecode: Corrupted LZW table at scanline %d
LZWDecode: Strip %d not terminated with EOI code
LZWDecodeCompat: Corrupted LZW table at scanline %d
LZWDecodeCompat: Wrong length of decoded string: data probably corrupted at scanline %d
LZWDecodeCompat: Not enough data at scanline %d (short %ld bytes)
DumpModeDecode: Not enough data for scanline %d
Horizontal differencing "Predictor" not supported with %d-bit samples
Floating point "Predictor" not supported with %d data format
"Predictor" value %d not supported
Out of memory allocating %d byte temp buffer.
%u (0x%x)
WindowsForms
NTDLL.DLL
COMCTL32.DLL
USER32.DLL
MSCTF.DLL
GDI32.DLL
SHLWAPI.DLL
UXTHEME.DLL
API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0.DLL
LEFTPRESSED
ALWAYSSHOWSIZINGBAR
MSGBOXFONT
%[^,], %ld, %s
User32.dll
msimg32.dll
windows-1254
windows-874
SUBLANG_PORTUGUESE_BRAZILIAN
Portuguese (Brazil)
SUBLANG_PORTUGUESE
LANG_PORTUGUESE
Portuguese (Portugal)
windows-1255
windows-1257
windows-1253
windows-1252
windows-1250
windows-1256
windows-1251
1.2.40
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
WININET.dll
?#%X.y
InternetCrackUrlA
InternetCanonicalizeUrlA
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
.?AVCCmdTarget@@
.PAVCException@@
.PAVCFileException@@
.PAVCMemoryException@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDPAVCISImageEx@@PAV3@@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDVCRect@@AAV3@@@
.?AVCMainWindowSettings@@
.?AVCMD5@@
.?AVCPasswordData@@
.?AVCRTSessionVarMgr@@
.?AVCScreenCrtrMeasure@@
.?AVCWebBrowser2@@
.PAVCInternetException@@
.PAVCResourceException@@
.?AVCScreenCtrlMsg@@
.?AVCScreenCtrlMsgDetail@@
.PAVCThreadException@IR@@
.PAVCObject@@
.PAVCOleException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.PAVCArchiveException@@
.PAVCUserException@@
.?AVCTestCmdUI@@
.?AVCCmdUI@@
.?AVCHttpConnection@@
.?AVCHttpFile@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDV12@PBD@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDPAVCDocument@@PAV3@@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD_N_N@@
.?AV?$CMap@PAVCDocument@@PAV1@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@@
.PAVCOleDispatchException@@
.?AVCMDITabProxyWnd@@
.?AVCMDIChildWndEx@@
.?AVCMDIChildWnd@@
.?AVCMDIFrameWndEx@@
.?AVCMDIFrameWnd@@
.?AVCMFCToolBarCmdUI@@
.?AVCMFCAcceleratorKey@@
.?AVCMFCColorBarCmdUI@@
.?AV?$CMap@KKV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@@
.?AV?$CList@PAVCMDIChildWndEx@@PAV1@@@
.?AVCMDIClientAreaWnd@@
.?AVCMFCRibbonCmdUI@@
.?AVCMFCCmdUsageCount@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDPAVCObList@@PAV3@@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDHH@@
.?AVCMFCRibbonKeyTip@@
.?AVCMFCToolBarsKeyboardPropertyPage@@
.?AVCMFCTasksPaneToolBarCmdUI@@
.?AVCMFCAcceleratorKeyAssignCtrl@@
zcÁ
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\_ir_sf_temp_0\irsetup.exe
GetProcessHeap
GetCPInfo
GetWindowsDirectoryA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GetViewportOrgEx
GetViewportExtEx
GdiplusShutdown
ShellExecuteExA
ShellExecuteA
UrlUnescapeA
URLDownloadToFileA
MapVirtualKeyExA
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyA
GetKeyNameTextA
SetWindowsHookExA
UnhookWindowsHookEx
CreateDialogIndirectParamA
GetKeyState
ExitWindowsEx
EnumWindows
MsgWaitForMultipleObjects
GetAsyncKeyState
|5#" " " 
# # #""%"$
^)1-"*"<.
2;%SK
%.Fh3>$]R
]<%XZ
WEBI
]>2?>2/"
H%FZW
|@@@@8>-
\ ,%X
[9<;.MK31?MM&
!3-%#;3&1
##0#3131%& 
.QICN,1#-#5<## @I3>##Jl;>C3I=I6lIC6&-4-350T-3]
$&%f#F>#
:0@033*00
$,0($,$4
(,,4,4,$
0488<<<( 0
.text
`.rdata
@.data
.rsrc
@.reloc
accKeyboardShortcut
hhctrl.ocx
VWININET.DLL
dwmapi.dll
xUxTheme.dll
yDWrite.dll
D2D1.dll
SHELL32.DLL
ZRICHED20.DLL
mscoree.dll
ekernel32.dll
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
aero.msstyles
winxp.royale.cjstyles
royale.msstyles
winxp.luna.cjstyles
luna.msstyles
Argument %d must be of type %s.
%d arguments required.
All Files (*.*)
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
#Unable to load mail system support.
Note that if you choose to recover the auto-saved documents, you must explicitly save them to overwrite the original documents. If you choose to not recover the auto-saved versions, they will be deleted.fRecover the auto-saved documents
%s [Recovered]

p11898.exe_136:

.text
`.data
.rsrc
MSVBVM60.DLL
%Program Files% (x86)\Microsoft Visual Studio\VB98\VB6.OLB
user32.dll
EnumChildWindows
VBA6.DLL
tuknpqg.tuk
keydown01
0.0.12.23
1.0.12.332
dxdiag.exe

keydown01.exe_1308:

.text
`.qwert
`.trewq
`.rdata
@.data
.gfids
@.tls
.rsrc
@.reloc
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
.\boost/exception/detail/exception_ptr.hpp
operator
operator ""
Visual C   CRT: Not enough memory to complete call to strerror.
Operation not permitted
Inappropriate I/O control operation
Broken pipe
%S#[k
E:\Visual_Studio_2012\Projects\Cloud\Release\Cloud.pdb
.text$di
.text$mn
.text$x
.text$yd
.qwert
.qwert$x
.trewq
.trewq$x
.idata$5
.CRT$XCA
.CRT$XCAA
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIU
.CRT$XIZ
.CRT$XLA
.CRT$XLC
.CRT$XLZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTU
.CRT$XTZ
.rdata
.rdata$T
.rdata$r
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data
.data$r
.gfids$x
.gfids$y
.tls$
.tls$ZZZ
.rsrc$01
.rsrc$02
GetProcessHeap
KERNEL32.dll
ole32.dll
GetCPInfo
X.tts
.jsr{
m}.BLm
SSHPPHh
j.Af;
.HjRO
WykeYll[on|itqonNarqabte
QE.PTTH
.lexl
.lexl$mv
.lexl$y|
.CJT$@CA
.CJT$@CL
.CJT$@IA
.CJT$@IC
.CJT$@LZ
.CJT$@PXY
.CJT$@TZ
.jdala$kxdyta
.jdala$bETO0
.jdala$bETO1
.jdala$bETO2
.jdala$bETO9
.jdala$bzz|bg
.jtc<IAY
.rlc$QZZ
.jtc<TZB
.qdala$ 
.tts$
.lls<ZZB
.rkrc<01
K]RN]L3*.dtl
ote3*.dtl
KHETL3*.dtl
G\I3*.dtl
8 8 8 8 8 8 8 8 8
8 8 8 8 8 8 8 8 8
.?YV?<IDqspytcpImhl@MIDwcHwstMIHyndter\ishat{h@X$1'II\_I\ocPoslUIPan|lejDikpalchX@3M_GMIDX@B<1?TIBQD_YTLTibX@3M3@Z$0($0Y@V[CouTyheIvfoPol|erXATT@@XATT@@
.'AUQDo{HoktUQHavdl}rDqspytcp@@
.?YV?<IDqspytcpImhl@MIA`WivAmzievtDqspytcpExX@$)?__UI\_b*d0/78z_a{99G4c-8_y5c _e/72,e5 16z5@X3UG_sGGUQD@XB$)?mGlizidXCAllMwdute@YTLX@2M_GMIDX@A<0PHPPX$0HPPH@V[CouTyheIvfoPol|erXATT@@XATT@@
6?AMIA`WivAmzievtDqspytcpExX@
:":#*22611) )1)
<yss}mbty `mlvs=:urv:s{heuas5mi{rokofl-cwm:ysm6v1: myni~eslVejsiwn=:1.(">$dehen|en{y>$dehen|enlAskemzly&<akseublaId}ntqty8tyhe=:wiv32: nyme%"Mqcrwso~t.Oin|owk.Cwmmwn-[onlrots"8vejsiwn=:6.(.060"8prwceksojAr{hileclur}="`86: pmblqcK}yTwkev=".59-b6,14,cc~1d~" tan
)!2322*;2
;}=%&,>$>
=<=*%/=-=;%A=^=L%R=@=]%c=q=o%t=
%">*>8&{>
<K%U=`=
181()01 1@)*3632 63
% =<=,%D=L=X%h=t=p%t=`=
=0=,%D=P=`%d=p=l%
?<?('@?\?\'`?`?|'
=$%,=,=@%`=p=p%x=
=<%D=H=t%|=
((0(04(<0\0
x?C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\keydown01.exe
-mm}!mmm
mmm|mmm.mmm9mmm$mmm
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS></application></compatibility></assembly>
< =0=4=8=<=
5 5$5(5<5@5
@kernel32.dll
mscoree.dll
ext-ms-win-ntuser-windowstation-l1-1-0

keydown01.exe_1308_rwx_00980000_00068000:

.text
`.rdata
@.data
.gfids
@.tls
.rsrc
@.reloc
SSShp
me.BTm
j.Yf;
_tcPVj@
.PjRW
address family not supported
broken pipe
function not supported
inappropriate io control operation
not supported
operation canceled
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
InitOnceExecuteOnce
atlthunk.dll
operator
operator ""
%S#[k
openUrl
appCmd
appImageUrl
appSetupUrl
appTYUrl
HTTP/1.1
GET hXXp://
POST hXXp://
hXXp://
hXXps://
Fx
id[]=%d
application/x-www-form-urlencoded
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
IE.HTTP
FirefoxURL
Firefox
ChromeHTML
Chrome
HTTP\shell\open\command
InvokeMainViaCRT
ExitMainViaCRT
Microsoft.CRTProvider
.text$di
.text$mn
.text$x
.text$yd
.idata$5
.CRT$XCA
.CRT$XCAA
.CRT$XCC
.CRT$XCL
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XLA
.CRT$XLZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$T
.rdata$r
.rdata$sxdata
.rdata$zETW0
.rdata$zETW1
.rdata$zETW2
.rdata$zETW9
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data
.data$r
.gfids$x
.gfids$y
.tls$
.tls$ZZZ
.rsrc$01
.rsrc$02
GetProcessHeap
KERNEL32.dll
CreateDialogIndirectParamW
USER32.dll
CryptImportKey
CryptSetKeyParam
CryptDestroyKey
RegOpenKeyExW
RegCloseKey
RegEnumKeyW
RegOpenKeyExA
GetWindowsAccountDomainSid
ADVAPI32.dll
COMCTL32.dll
ole32.dll
WS2_32.dll
SHFileOperationW
ShellExecuteW
ShellExecuteExW
SHELL32.dll
SHLWAPI.dll
OLEAUT32.dll
GDI32.dll
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCloseHandle
WINHTTP.dll
GetCPInfo
.?AU_Crt_new_delete@std@@
.?AVHttpRequestContent@@
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\keydown01.exe
:::#222.111 )))
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>
1!2 222;2
=">2>8>{>
8 8$8(8,8
2"2)2;2@2
5 5$585<5@5
1 1(10181@1*3.32363
; ;$;@;`;|;
3 3@3\3|3
kernel32.dll
minkernel\crts\ucrt\inc\corecrt_internal_strtox.h
__crt_strtox::floating_point_value::as_double
__crt_strtox::floating_point_value::as_float
mscoree.dll
ext-ms-win-ntuser-windowstation-l1-1-0
portuguese-brazilian
%s\%s
Cookie: %s
.runas
diexplore.exe
firefox.exe
chrome.exe
{8856F961-340A-11D0-A96B-00C04FD705A2}


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    p11898.exe:136
    %original file name%.exe:320

  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\6PA9N5HW\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHUVO16Z\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\6PA9N5HW\normal_bg[1].jpg (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\ZSLJPB2M\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\ZSLJPB2M\appImg[1].jpg (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OXA3G9M3\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\p11898.exe (1568 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\1474055528_Icon_Business_Set_00010_A.ico (1651 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\Font__19312_il6986.mox (10202 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\setup2.mox (192 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.dat (99 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\keydown01.mox (5530 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\setup1.mox (53 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\keydown01.exe (11328 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\lua5.1.dll (1610 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.exe (7972 bytes)

  4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  5. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now