Trojan.Win32.Alureon.FD, Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 0091b2d54aa04904a6b0d47141bc1e08
SHA1: 3cf7ca7f81dc73e88be975aaa4194889f7e4a67e
SHA256: 61f745d33d6400b6db08c920e540bed5bd6faf61a3a70d99ad31d1fcf02e4b6a
SSDeep: 24576:SaQTq5 lAv4cIlE2ZdITlvorhwS6Okv0oVlruYMl3oygjWM/:Sa2qh2mArhwskv0oXooKM/
Size: 1432880 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: RealTimeGaming Software
Created at: 2014-08-26 10:41:28
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
~qmgluq3kve.tmp:1772
%original file name%.exe:188
The Trojan injects its code into the following process(es):
MSIEXEC.EXE:1908
MsiExec.exe:1884
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process MSIEXEC.EXE:1908 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%WinDir%\Installer\MSI7.tmp (511201 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\ECF3006D44DA211141391220EE5049F4 (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MSI8.tmp (1085460 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W9ARYZ8J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\ECF3006D44DA211141391220EE5049F4 (140 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\ABCRS3WV\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\65EXA1C3\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KTK3MH0X\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\40C68D5626484A90937F0752C8B950AB (160 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\40C68D5626484A90937F0752C8B950AB (533 bytes)
The Trojan deletes the following file(s):
C:\MSI7494b.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MSI8.tmp (0 bytes)
%Documents and Settings%\%current user%\My Documents\My Pictures (0 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Administrative Tools (0 bytes)
The process ~qmgluq3kve.tmp:1772 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\{FCB8D6C7-6560-46AB-A7F8-8A63A2D38015}\_ISMSIDEL.INI (1164 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_is6.tmp (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_is2.tmp (345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_is1.tmp (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{FCB8D6C7-6560-46AB-A7F8-8A63A2D38015}\0x0409.ini (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_is4.tmp (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~5.tmp (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~3.tmp (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{FCB8D6C7-6560-46AB-A7F8-8A63A2D38015}\Setup.INI (5 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\_MSI5166._IS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_is6.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_is2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_is1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_is4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~5.tmp (0 bytes)
The process MsiExec.exe:1884 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\{2AD6A587-E697-42B5-BDBB-41D9F8592BE1}\IsConfig.ini (480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_isD.tmp (7709 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2AD6A587-E697-42B5-BDBB-41D9F8592BE1}\setup.inx (11014 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_isC.tmp (54970 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2AD6A587-E697-42B5-BDBB-41D9F8592BE1}\String1033.txt (7020 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2AD6A587-E697-42B5-BDBB-41D9F8592BE1}\ISRT.dll (12307 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2AD6A587-E697-42B5-BDBB-41D9F8592BE1}\_isres_0x0409.dll (22422 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2AD6A587-E697-42B5-BDBB-41D9F8592BE1} (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_is9.tmp (270 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_isB.tmp (127746 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KTK3MH0X\TrackInstallStatus[1].xml (91 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_isA.tmp (86354 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\{2AD6A587-E697-42B5-BDBB-41D9F8592BE1}\IsConfig.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_isD.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2AD6A587-E697-42B5-BDBB-41D9F8592BE1}\setup.inx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_isC.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2AD6A587-E697-42B5-BDBB-41D9F8592BE1}\String1033.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2AD6A587-E697-42B5-BDBB-41D9F8592BE1}\ISRT.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2AD6A587-E697-42B5-BDBB-41D9F8592BE1}\_isres_0x0409.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2AD6A587-E697-42B5-BDBB-41D9F8592BE1} (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_is9.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_isB.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_isA.tmp (0 bytes)
The process %original file name%.exe:188 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\~qmgluq3kve.tmp (7794 bytes)
Registry activity
The process MSIEXEC.EXE:1908 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9B 8B 4F D9 70 CC A7 7D D5 DC CE 6F 98 75 29 3F"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Fonts" = "%WinDir%\Fonts"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Templates" = "%Documents and Settings%\All Users\Templates"
The process ~qmgluq3kve.tmp:1772 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5E D3 FD A2 07 22 39 36 87 08 44 D0 6C C8 9E 69"
The process MsiExec.exe:1884 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKCU\Software\Microsoft\Windows Script\Settings]
"JITDebug" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"Fonts" = "%WinDir%\Fonts"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2C 5E A1 27 F9 4A B1 2C 49 0C E7 34 FE D7 F4 34"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
Dropped PE files
| MD5 | File path |
|---|---|
| ed70858eceb1928b96a0e9ef74d83f85 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\~qmgluq3kve.tmp |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
~qmgluq3kve.tmp:1772
%original file name%.exe:188 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%WinDir%\Installer\MSI7.tmp (511201 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\ECF3006D44DA211141391220EE5049F4 (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MSI8.tmp (1085460 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W9ARYZ8J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\ECF3006D44DA211141391220EE5049F4 (140 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\ABCRS3WV\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\65EXA1C3\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KTK3MH0X\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\40C68D5626484A90937F0752C8B950AB (160 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\40C68D5626484A90937F0752C8B950AB (533 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{FCB8D6C7-6560-46AB-A7F8-8A63A2D38015}\_ISMSIDEL.INI (1164 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_is6.tmp (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_is2.tmp (345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_is1.tmp (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{FCB8D6C7-6560-46AB-A7F8-8A63A2D38015}\0x0409.ini (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_is4.tmp (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~5.tmp (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~3.tmp (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{FCB8D6C7-6560-46AB-A7F8-8A63A2D38015}\Setup.INI (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2AD6A587-E697-42B5-BDBB-41D9F8592BE1}\IsConfig.ini (480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_isD.tmp (7709 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2AD6A587-E697-42B5-BDBB-41D9F8592BE1}\setup.inx (11014 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_isC.tmp (54970 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2AD6A587-E697-42B5-BDBB-41D9F8592BE1}\String1033.txt (7020 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2AD6A587-E697-42B5-BDBB-41D9F8592BE1}\ISRT.dll (12307 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2AD6A587-E697-42B5-BDBB-41D9F8592BE1}\_isres_0x0409.dll (22422 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_is9.tmp (270 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_isB.tmp (127746 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KTK3MH0X\TrackInstallStatus[1].xml (91 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_isA.tmp (86354 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~qmgluq3kve.tmp (7794 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name: RealTimeGaming Software
Product Name: Aladdins Gold
Product Version: 16.06.0-RTG
Legal Copyright: Copyright (c) 2012 Real-Time Gaming
Legal Trademarks:
Original Filename: InstallShield Setup.exe
Internal Name: Setup
File Version: 16.06.0-RTG
File Description: Installer
Comments:
Language: English
Company Name: RealTimeGaming SoftwareProduct Name: Aladdins GoldProduct Version: 16.06.0-RTGLegal Copyright: Copyright (c) 2012 Real-Time GamingLegal Trademarks: Original Filename: InstallShield Setup.exeInternal Name: SetupFile Version: 16.06.0-RTGFile Description: InstallerComments: Language: English
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 4096 | 143183 | 143360 | 4.58657 | d17c0061178620a786336ce49889a4c5 |
| .rdata | 147456 | 42298 | 42496 | 3.30275 | c26cb6fbe234fdf1ed0f37b144f8a346 |
| .data | 192512 | 21420 | 9216 | 3.15606 | bbfa7dffc88b30066f6921776aaadb7c |
| .rsrc | 217088 | 1221800 | 1222144 | 5.54376 | 93cae537ef34cbe2f8e81d95c0effa3c |
| .reloc | 1441792 | 10876 | 11264 | 4.4903 | 29b3fbe414e9605e97c5e6886c4d3f63 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 8
06b7a123a6fa43cc3e1b538e04ced61a
03cca61d186c88bd868bbbf22db87f2e
18323a87b164875de751f39a00f5b097
14b94ede2e60ac26ee5e569fc63c311d
177a3fccb583281b0a8321154f2b8f0f
0bc6abbac97dbf98b283637bf9ea39e7
04eafb7802e10d3cbdfdf14ac9b69a66
0a113f0a312617f4faa08e352576144c
Network Activity
URLs
| URL | IP |
|---|---|
| hxxp://pliuht.cdnpckgs.eu.cdngc.net/client/pkgs/alladinspalace/Aladdins Gold20160607043319.msi | 174.35.62.120 |
| hxxp://e6845.dscb1.akamaiedge.net/pca3-g5.crl | |
| hxxp://e6845.dscb1.akamaiedge.net/sv.crl | |
| hxxp://sv.symcb.com/sv.crl | 23.37.37.163 |
| hxxp://pliuht.cdnpckgs.eu/client/pkgs/alladinspalace/Aladdins Gold20160607043319.msi | 174.35.62.120 |
| hxxp://s1.symcb.com/pca3-g5.crl | 23.37.37.163 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /sv.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: sv.symcb.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "4b8b981658bdff76500a9c7ba6c37a3c:1466629908"
Last-Modified: Wed, 22 Jun 2016 21:11:48 GMT
Date: Thu, 23 Jun 2016 01:01:56 GMT
Content-Length: 27113
Connection: keep-alive
Content-Type: application/pkix-crl
0.i.0.h....0...*.H........0.1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network100...U...'Symantec Class 3 SHA256 Code Signing CA..160622210117Z..160706210117Z0.g.0!...>rpx..H.B&.~M./..160517143317Z0!...M.h .{m.&...C....150827201412Z0!...\..N.....F.E..*..150818144018Z0!...o. .z..%5.O.W....150306094921Z0!...tXzo.B<.v....q...160411064015Z0!.....p...3...!.!....150720000000Z0!.......7.cA...).`...151023214351Z0!....627.*[P.....[...160323133021Z0!....~_..N.W..f.1....150309185437Z0!.......w.....-Z.....150925144610Z0!......)-.5....Y.....150420152841Z0!.... ...E...H] .....150324162430Z0!........pj.B....w...151109044625Z0!......pn......GD.:..160415013949Z0!....0|..C`.3k....H..151109173817Z0!...A5.j..F.e....o4..150717171629Z0!...z..3vr.I..!.CW...151008143454Z0!...}I...jR.y.....x..150708140159Z0!....!..m.?.AN.......150623233015Z0!.......5.p...x..#...160115164443Z0!....KH..h..1@.M.....160125164123Z0!...........m........150427234712Z0!........6....&N.....151201011214Z0!...up..*..Di...;....151105201340Z0!.....44.41.$...[....160120143003Z0!..../G..g.......x...150306012430Z0!..........y..n"%.\..150615101331Z0!....a....D.....tB...150804133623Z0!...>.5......V.w8....160418151556Z0!...i....U..a:...Ll..150112095207Z0!....!........Z..A...150505104631Z0!.......='.N..c..A...160318172858Z0!.......].....Q2.....160527123338Z0!....=.$....".@...#..160608112143Z0!...;.u..17Oz."5M.l..160223081528Z0!...As.......l..O....150520202423Z0!...A.{.t5...5.7..|..151203234419Z0!...}....7... K P....160502091855Z0!....0{
<<< skipped >>>
GET /pca3-g5.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: s1.symcb.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "1721969e732bcfdda4d85c16390eba70:1458842597"
Last-Modified: Thu, 24 Mar 2016 17:40:05 GMT
Date: Thu, 23 Jun 2016 01:01:56 GMT
Content-Length: 533
Connection: keep-alive
Content-Type: application/pkix-crl
0...0..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Public Primary Certification Authority - G5..160322000000Z..160630235959Z0...*.H..............2.Z.....J..;.~^.....N.3..g .......'....s.c.5...?.2...Q./#`...y..;.i....?I.{......:5.....|5..b.......,:.H .Y.....nN..;.^..y..d5.....L.;o...l...i...p.......)~..s..<y..#...U4..\.hQJo{QS....p<.X....D.............q$.p....k...I?U....Q2.j>......`..?....I...>.t.#HTTP/1.1 200 OK..Server: Apache..ETag: "1721969e732bcfdda4d85c16390eba70:1458842597"..Last-Modified: Thu, 24 Mar 2016 17:40:05 GMT..Date: Thu, 23 Jun 2016 01:01:56 GMT..Content-Length: 533..Connection: keep-alive..Content-Type: application/pkix-crl..0...0..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Public Primary Certification Authority - G5..160322000000Z..160630235959Z0...*.H..............2.Z.....J..;.~^.....N.3..g .......'....s.c.5...?.2...Q./#`...y..;.i....?I.{......:5.....|5..b.......,:.H .Y.....nN..;.^..y..d5.....L.;o...l...i...p.......)~..s..<y..#...U4..\.hQJo{QS....p<.X....D.............q$.p....k...I?U....Q2.j>......`..?....I...>.t.#..
<<< skipped >>>
GET /client/pkgs/alladinspalace/Aladdins Gold20160607043319.msi HTTP/1.1
Accept: */*
User-Agent: Windows Installer
Host: pliuht.cdnpckgs.eu
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 23 Jun 2016 01:01:54 GMT
Server: PWS/8.1.36
X-Px: ms h0-s1035.p11-fra ( h0-s1067.p11-fra), ht-d h0-s1067.p11-fra.cdngp.net
ETag: "abcc3530-0027e800-57574c23"
Cache-Control: max-age=31449600
Expires: Wed, 07 Jun 2017 04:44:11 GMT
Age: 1282663
Accept-Ranges: bytes
Content-Length: 2615296
Content-Type: application/octet-stream
Last-Modified: Tue, 07 Jun 2016 22:35:15 GMT
Access-Control-Allow-Origin: *
Connection: keep-alive
........................>...................(...............8...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................;................................................................................................................... ...)..."...#...$...%...&...'...(...-...*... ...,.../.......A...0...1...2...3...4...5...6...7...@...M...:...<.......=.......?.......D...C.......t...E...F...G...H...I...J...a.......N...b...O...P...Q...Z...S...T...U...V...W...X...Y...K...d...\...]...^..._...`...b...v...c...L...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s.......u.......w...x...y...z...{...|...}...~...........R.o.o.t. .E.n.t.r.y.........................................................$..................F..............\.....9.............S.u.m.m.a.r.y.I.n.f.o.r.m.a.t.i.o.n...........................(...B...A...............................................0.......@H.?.C.A.E.D1H......................................................................................................R...........@H.?dA/B6H..............................................................................................................P.
<<< skipped >>>
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_188:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
broken pipe
broken pipe
inappropriate io control operation
inappropriate io control operation
not supported
not supported
operation in progress
operation in progress
operation not permitted
operation not permitted
operation not supported
operation not supported
operation would block
operation would block
protocol not supported
protocol not supported
function not supported
function not supported
operation canceled
operation canceled
address_family_not_supported
address_family_not_supported
operation_in_progress
operation_in_progress
operation_not_supported
operation_not_supported
protocol_not_supported
protocol_not_supported
operation_would_block
operation_would_block
address family not supported
address family not supported
operator
operator
GetProcessWindowStation
GetProcessWindowStation
: this object doesn't support resynchronization
: this object doesn't support resynchronization
StreamTransformation: this object doesn't support random access
StreamTransformation: this object doesn't support random access
: this object does't support a special last block
: this object does't support a special last block
: this object doesn't support multiple channels
: this object doesn't support multiple channels
is not a valid key length
is not a valid key length
D:\BugSec\BugSec Packer\Release\Template.pdb
D:\BugSec\BugSec Packer\Release\Template.pdb
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
zcÃ
zcÃ
.?AV?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@URijndael_Info@2@@CryptoPP@@V12@@CryptoPP@@
.?AV?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@URijndael_Info@2@@CryptoPP@@V12@@CryptoPP@@
.?AV?$VariableKeyLength@$0BA@$0BA@$0CA@$07$03$0A@@CryptoPP@@
.?AV?$VariableKeyLength@$0BA@$0BA@$0CA@$07$03$0A@@CryptoPP@@
.?AVSimpleKeyingInterface@CryptoPP@@
.?AVSimpleKeyingInterface@CryptoPP@@
.PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$AlgorithmImpl@V?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@URijndael_Info@2@@CryptoPP@@V12@@CryptoPP@@V12@@CryptoPP@@
.?AV?$AlgorithmImpl@V?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@URijndael_Info@2@@CryptoPP@@V12@@CryptoPP@@V12@@CryptoPP@@
.?AUNoChannelSupport@BufferedTransformation@CryptoPP@@
.?AUNoChannelSupport@BufferedTransformation@CryptoPP@@
.?AVInvalidKeyLength@CryptoPP@@
.?AVInvalidKeyLength@CryptoPP@@
c:\%original file name%.exe
c:\%original file name%.exe
D:\BugSec\
D:\BugSec\
\7-2014\Template\Resorce\dummy\Release\dummy.pdb
\7-2014\Template\Resorce\dummy\Release\dummy.pdb
MSVCP100.dll
MSVCP100.dll
_amsg_exit
_amsg_exit
_crt_debugger_hook
_crt_debugger_hook
MSVCR100.dll
MSVCR100.dll
h.CF-
h.CF-
i%u!~Y
i%u!~Y
gV#%C(
gV#%C(
n Z.DA
n Z.DA
/.wLq
/.wLq
%F{UH
%F{UH
!drXHY%U
!drXHY%U
VTm.tC
VTm.tC
lA.Evi
lA.Evi
E.uAP
E.uAP
gUdP K*
gUdP K*
j.hwS9
j.hwS9
6.Dm*o'
6.Dm*o'
.Nw
.Nw
%Upt!
%Upt!
E-eud}9
E-eud}9
.KxeO
.KxeO
.Fr\d
.Fr\d
^N %F
^N %F
\.yHr
\.yHr
fcmd
fcmd
.Ak,N_
.Ak,N_
H%uqv
H%uqv
Ã…@K
Ã…@K
r%C~
r%C~
Y".je
Y".je
#w=/C
#w=/C
X/i'i%f
X/i'i%f
"&%sAY[
"&%sAY[
.ZSZAN
.ZSZAN
o0Q"%S^L
o0Q"%S^L
%xGFC;
%xGFC;
mc1W%u`
mc1W%u`
/.MVT
/.MVT
.Zo&E
.Zo&E
}.Nr7
}.Nr7
O\.xE
O\.xE
c%Dox
c%Dox
Vw%U-
Vw%U-
P3.YI
P3.YI
C-DNJ}
C-DNJ}
00.Cq#
00.Cq#
M$U .tm
M$U .tm
^.qEN
^.qEN
Bq.TA
Bq.TA
sm.fJ
sm.fJ
xl#.rM
xl#.rM
K.ez_
K.ez_
%X(rc
%X(rc
yexE
yexE
dK!.Au
dK!.Au
urlw
urlw
%U4%H0
%U4%H0
/y.An
/y.An
ag-Y}
ag-Y}
.BA=Z
.BA=Z
%ur'h
%ur'h
.ZuAU
.ZuAU
%XC' _
%XC' _
7.ZU*ZE
7.ZU*ZE
9ac%6x
9ac%6x
%SUfL
%SUfL
.uw['
.uw['
{~%C:
{~%C:
|2.eb
|2.eb
aiL
aiL
g-FJe}
g-FJe}
aPa.Id/V
aPa.Id/V
u/T%Ue
u/T%Ue
.Xx{g
.Xx{g
6.KEl
6.KEl
%u8oz
%u8oz
S%xb\
S%xb\
2%dIi
2%dIi
)%8U4
)%8U4
O.Ix>9
O.Ix>9
3TL.dcSOA
3TL.dcSOA
.lk9M
.lk9M
u8.Mg
u8.Mg
.NehmM
.NehmM
Di':N-O}
Di':N-O}
j$.yi
j$.yi
.Dx'1]
.Dx'1]
9;pG%s
9;pG%s
RA.kz
RA.kz
o.eL0
o.eL0
tjMk&K%U
tjMk&K%U
;|N%c:x
;|N%c:x
&.lZt
&.lZt
4R..dU
4R..dU
9?%dwSXY!
9?%dwSXY!
%cM~j
%cM~j
"%Cw5
"%Cw5
7%FSnQy
7%FSnQy
Z.bSR
Z.bSR
_"UdP
_"UdP
$.CW
$.CW
@.fdr
@.fdr
(w.PC
(w.PC
.Oe6M
.Oe6M
\%n%SO
\%n%SO
.WW.{
.WW.{
version="1.0.0.0"
version="1.0.0.0"
name="InstallShield.Setup"
name="InstallShield.Setup"
InstallShield.Setup
InstallShield.Setup
name="Microsoft.Windows.Common-Controls"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
publicKeyToken="6595b64144ccf1df"
3#424?4[4
3#424?4[4
0 0$0(0,00040~0
0 0$0(0,00040~0
9%9u9
9%9u9
0004080
0004080
mscoree.dll
mscoree.dll
- floating point support not loaded
- floating point support not loaded
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
kernel32.dll
kernel32.dll
USER32.DLL
USER32.DLL
16.06.0-RTG
16.06.0-RTG
InstallShield Setup.exe
InstallShield Setup.exe
17.0.717
17.0.717
~qmgluq3kve.tmp_1772:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
SSShd
SSShd
SSShT
SSShT
tBSSSSh0u
tBSSSSh0u
SSSSh0u
SSSSh0u
SSShp%K
SSShp%K
PSSSSSSh
PSSSSSSh
SSSSH
SSSSH
uDPj
uDPj
vSSSh
vSSSh
It.It It!It
It.It It!It
FTPjK
FTPjK
FtPj;
FtPj;
C.PjRV
C.PjRV
setup.exe
setup.exe
CertFreeCertificateContext
CertFreeCertificateContext
CertAddSerializedElementToStore
CertAddSerializedElementToStore
CertCompareCertificate
CertCompareCertificate
CertSerializeCertificateStoreElement
CertSerializeCertificateStoreElement
WTHelperGetProvCertFromChain
WTHelperGetProvCertFromChain
{7E76A8D6-33D1-0032-16C3-4593092861D0}
{7E76A8D6-33D1-0032-16C3-4593092861D0}
{E7E2C871-090A-C372-F9AE-C3C6A988D260}
{E7E2C871-090A-C372-F9AE-C3C6A988D260}
{6741C120-01BA-87F9-8734-5FB9DA8A4445}
{6741C120-01BA-87F9-8734-5FB9DA8A4445}
ISSetup.dll
ISSetup.dll
msi.dll
msi.dll
EvalMarker.dat
EvalMarker.dat
BetaMarker.dat
BetaMarker.dat
.rdata
.rdata
.debug
.debug
ShellExecuteExW
ShellExecuteExW
RegOverridePredefKey
RegOverridePredefKey
GetSystemWindowsDirectoryW
GetSystemWindowsDirectoryW
Kernel32.dll
Kernel32.dll
SHFileOperationA
SHFileOperationA
SHFileOperationW
SHFileOperationW
SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
FtpFindFirstFileA
FtpFindFirstFileA
InternetCanonicalizeUrlW
InternetCanonicalizeUrlW
HttpEndRequestW
HttpEndRequestW
HttpSendRequestExW
HttpSendRequestExW
HttpSendRequestW
HttpSendRequestW
HttpOpenRequestW
HttpOpenRequestW
HttpQueryInfoW
HttpQueryInfoW
InternetCreateUrlW
InternetCreateUrlW
InternetCrackUrlW
InternetCrackUrlW
InternetOpenUrlW
InternetOpenUrlW
CertFreeCertificateChain
CertFreeCertificateChain
CertGetCertificateChain
CertGetCertificateChain
CertAddCertificateContextToStore
CertAddCertificateContextToStore
CertFindCertificateInStore
CertFindCertificateInStore
CertCloseStore
CertCloseStore
CertSaveStore
CertSaveStore
CertOpenStore
CertOpenStore
CertGetIssuerCertificateFromStore
CertGetIssuerCertificateFromStore
CertDuplicateCertificateContext
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertEnumCertificatesInStore
CryptImportPublicKeyInfo
CryptImportPublicKeyInfo
CryptMsgClose
CryptMsgClose
CryptMsgGetParam
CryptMsgGetParam
CertNameToStrW
CertNameToStrW
CertOpenSystemStoreW
CertOpenSystemStoreW
CryptDestroyKey
CryptDestroyKey
CryptExportKey
CryptExportKey
CryptImportKey
CryptImportKey
CryptDeriveKey
CryptDeriveKey
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
portuguese-brazilian
portuguese-brazilian
operator
operator
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
ADVAPI32.DLL
ADVAPI32.DLL
qR.Rd
qR.Rd
inflate 1.2.3 Copyright 1995-2005 Mark Adler
inflate 1.2.3 Copyright 1995-2005 Mark Adler
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
1.2.3
1.2.3
E:\CodeBases_Majesty_Hotfixes\isdev\src\Runtime\MSI\Shared\Setup\Setup___Win32_Release_Unicode\setup.pdb
E:\CodeBases_Majesty_Hotfixes\isdev\src\Runtime\MSI\Shared\Setup\Setup___Win32_Release_Unicode\setup.pdb
VERSION.dll
VERSION.dll
COMCTL32.dll
COMCTL32.dll
GetProcessHeap
GetProcessHeap
GetWindowsDirectoryW
GetWindowsDirectoryW
KERNEL32.dll
KERNEL32.dll
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
CreateDialogIndirectParamW
CreateDialogIndirectParamW
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyExW
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteW
ShellExecuteW
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
RPCRT4.dll
RPCRT4.dll
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
ExitWindowsEx
ExitWindowsEx
RegCreateKeyW
RegCreateKeyW
RegOpenKeyW
RegOpenKeyW
RegEnumKeyW
RegEnumKeyW
.?AVhttp_file@is@@
.?AVhttp_file@is@@
.?AVftp_file@is@@
.?AVftp_file@is@@
.?AV?$CComObject@VCScriptInitProgressHandler@@@ATL@@
.?AV?$CComObject@VCScriptInitProgressHandler@@@ATL@@
.?AVCScriptInitProgressHandler@@
.?AVCScriptInitProgressHandler@@
.?AUIDownloadProgressHandler@@
.?AUIDownloadProgressHandler@@
.?AVPasswdDlg@@
.?AVPasswdDlg@@
zcÃ
zcÃ
R|.Dq
R|.Dq
0F.eW
0F.eW
%CW9]
%CW9]
11111118
11111118
222222222
222222222
7777@@@@
7777@@@@
2222222
2222222
222222222222
222222222222
22222222222
22222222222
2222222222
2222222222
''''~~~~
''''~~~~
777@7@@@
777@7@@@
--$$#!!!!
--$$#!!!!
7777777
7777777
111118111
111118111
22222222
22222222
FFFrCrTrTTTTTTTTTTTTTTTTTrTrTrrrrrrrFrrbFbbbFbbbbbbbbbbbbbbbbbooooooooooooooooo
FFFrCrTrTTTTTTTTTTTTTTTTTrTrTrrrrrrrFrrbFbbbFbbbbbbbbbbbbbbbbbooooooooooooooooo
!!##$$$$#
!!##$$$$#
.....zzbF
.....zzbF
...zzbFF)
...zzbFF)
0000000
0000000
11111111
11111111
1111111
1111111
|||:||||
|||:||||
,6,6,666
,6,6,666
))):||||
))):||||
2222222222222
2222222222222
222222222222222
222222222222222
):::||||
):::||||
;{;{;;3;
;{;{;;3;
{;{{;;{;
{;{{;;{;
6,66,,,,
6,66,,,,
6,,666,,,
6,,666,,,
>>>///>///>>>
>>>///>///>>>
,6,,6,,,
,6,,6,,,
>>/>//>/
>>/>//>/
>//>/>>>
>//>/>>>
///>>/>/>
///>>/>/>
#$)))'--'-..1/..1...,,. ', (& &(,&&(,&,&(&,& ',&,(,&,,, ,046782
#$)))'--'-..1/..1...,,. ', (& &(,&&(,&,&(&,& ',&,(,&,,, ,046782
#!#&))-&--1'... ,,,&&(,&&(& (,&'(,&'(&,&'&(&(&'&'&(&&',&,,0465
#!#&))-&--1'... ,,,&&(,&&(& (,&'(,&'(&,&'&(&(&'&'&(&&',&,,0465
$#!)))'&--'*. (,(,,(,&(,&'(,&&(&',&&'&,'&',&,&,& (,&,& (,&,& &.5.
$#!)))'&--'*. (,(,,(,&(,&'(,&&(&',&&'&,'&',&,&,& (,&,& (,&,& &.5.
#$!)))-)-*-,& & &'& (&&,&(',&&,&&',&'&,&(&'(&&(&&&'&(&(&(&'(,&,,
#$!)))-)-*-,& & &'& (&&,&(',&&,&&',&'&,&(&'(&&(&&&'&(&(&(&'(,&,,
$$!#&)&&'& ,&&(&(,(,&& (&,& &',&',&',&'& ',&,&,&,(,&,&,& &,&,',&
$$!#&)&&'& ,&&(&(,(,&& (&,& &',&',&',&'& ',&,&,&,(,&,&,& &,&,',&
#$)!))&',&,&,',&,&'& (,&& &'&''&'&'&'&&&''&'&&'(&'&'&'(&'(&&'&&',&
#$)!))&',&,&,',&,&'& (,&& &'&''&'&'&'&&&''&'&&'(&'&'&'(&'(&&'&&',&
$$!#*'*'* ,&&',&&'&&&&'"&&&&!&
$$!#*'*'* ,&&',&&'&&&&'"&&&&!&
!&&'&'(&(&&&'(&'&&'&'&((& &
!&&'&'(&(&&&'(&'&&'&'&((& &
#&&'&'&'&'&&&!&&!&
#&&'&'&'&'&&&!&&!&
&&&',& &,(,&,&,(,&,&,& &(&
&&&',& &,(,&,&,(,&,&,& &(&
#!&&''!&&!&
#!&&''!&&!&
!& (&(&(&'&'&&&'&'&((&'(& &
!& (&(&(&'&'&&&'&'&((&'(& &
!)&,&&&!&
!)&,&&&!&
&'& &',&(,&,(,&,&,& &,&,(&
&'& &',&(,&,(,&,&,& &,&,(&
#!&&',&&&&!!
#!&&',&&&&!!
&&' ',&& &'&'&'(&'(&(&&'&'&
&&' ',&& &'&'&'(&'(&(&&'&'&
!& ,', (,&(,&,&,&,&,& (,&,&,
!& ,', (,&(,&,&,&,&,& (,&,&,
$!!)&& &',&''&&"!
$!!)&& &',&''&&"!
!!)&!''.,//,/',&&'(&'(&&&'&(&(&'&'
!!)&!''.,//,/',&&'(&'(&&&'&(&(&'&'
!$!)'&- /,///.01021//,',&,&,&,',(,&,&,&,&&
!$!)'&- /,///.01021//,',&,&,&,',(,&,&,&,&&
'&&&&!&!$
'&&&&!&!$
$#!&))&.'./10/4222442420/, &'(&&'&(&'&&'&'&'(,&
$#!&))&.'./10/4222442420/, &'(&&'&(&'&&'&'&'(,&
&&'&'&/#
&&'&'&/#
&&'"%"%!!
&&'"%"%!!
!&&"&&&"%&!%!$!$!))&'-. 1/22244447474442//'&,&,&,&,& (,&,&,&&'&'
!&&"&&&"%&!%!$!$!))&'-. 1/22244447474442//'&,&,&,&,& (,&,&,&&'&'
)"&"&"&"'&"&&"&!&&&&---.//2224447464474420, (&'(&&'&(&&'&'(&',&,&
)"&"&"&"'&"&&"&!&&&&---.//2224447464474420, (&'(&&'&(&&'&'(&',&,&
!&"'&&&,& &',06878787440 ,&,& &,(,& (,& (,&,& (,&
!&"'&&&,& &',06878787440 ,&,& &,(,& (,& (,&,& (,&
!&&&'(,&(&(&& 478878470.,'&(&(&&'&(&(&('(&&&'(&'&(
!&&&'(,&(&(&& 478878470.,'&(&(&&'&(&(&('(&&&'(&'&(
&"'&(&(& &'&&/47787745 ',&,& (,&,&,& &,& (,&,&,&'
&"'&(&(& &'&&/47787745 ',&,& (,&,&,& &,& (,&,&,&'
$'&&(&&&,&(&&&&.7877460 (&'&(&&'(&&'&(&&'(&'&&'&,&
$'&&(&&&,&(&&&&.7877460 (&'&(&&'(&&'&(&&'(&'&&'&,&
&&'&&'(&&(&'&& .478854,,&,&,& (,& (,& (,&,&,(,&,&(
&&'&&'(&&(&'&& .478854,,&,&,& (,& (,& (,&,&,(,&,&(
&'&,(& (,& &'&&,,68764,,&&'(&(&'&(&(&&(&(&&'&'(&'&
&'&,(& (,& &'&&,,68764,,&&'(&(&'&(&(&&(&(&&'&'(&'&
!)&'. /.,/ &(,&& &&',,0744.('(&'&&'&(&&'&'&(&(&&'&'(&'&
!)&'. /.,/ &(,&& &&',,0744.('(&'&&'&(&&'&'&(&(&&'&'(&'&
$!)&&- .,//2/// ,&&'(&,& &(,.40.,&'(&&'&'(&'(&(&&'&(&'(&'(&&'
$!)&&- .,//2/// ,&&'(&,& &(,.40.,&'(&&'&'(&'(&(&&'&(&'(&'(&&'
#!&)'*. ../2//2, & (& &'&(& &,45 ((,& (,&,&,&,& (,&,&,&,&,& (&
#!&)'*. ../2//2, & (& &'&(& &,45 ((,& (,&,&,&,& (,&,&,&,&,& (&
#$!)&- . /10/2///'(&&&'(,&,&(,,.., '&(&(&(&'&(&'(&'(&'&(&&'(&,&
#$!)&- . /10/2///'(&&&'(,&,&(,,.., '&(&(&(&'&(&'(&'(&'&(&&'(&,&
!#&)'. //1/02300, &&(,&&&'&',&,,,,&(,&,& &,',&,&,&,&,&,& (,&&'&
!#&)'. //1/02300, &&(,&&&'&',&,,,,&(,&,& &,',&,&,&,&,&,& (,&&'&
!)&- .,/010202/ '(&&&,(,&,&&',,&,&&&'&(&(&&&'&&'(&&'&'(&&& (,&
!)&- .,/010202/ '(&&&,(,&,&&',,&,&&&'&(&(&&&'&&'(&&'&'(&&& (,&
! ! !!&'- .0/102240.'(&&(&'&'(&(,&,',& (,&,& &,(,&,&,& (,&,& (,&&&'
! ! !!&'- .0/102240.'(&&(&'&'(&(,&,',& (,&,& &,(,&,&,& (,&,& (,&&&'
! "!!&& //.202440.,,'(&&&(,& &'&(&'&(&&'&(&'(&''((&(&(&'(&('(&'(,&
! "!!&& //.202440.,,'(&&&(,& &'&(&'&(&&'&(&'(&''((&(&(&'(&('(&'(,&
" ! "!&& /.2024.440'&&&'&,&(&(,&,&,&,& (,&,&,&,&,& & &,&,&,& &,',&'
" ! "!&& /.2024.440'&&&'&,&(&(,&,&,&,& (,&,&,&,&,& & &,&,&,& &,',&'
! "!"! !'/1244420,'&'&&&'(&&',&,&,& (,& (,&,&,&,& & &,(,&,&,& (,&,
! "!"! !'/1244420,'&'&&&'(&&',&,&,& (,& (,&,&,&,& & &,(,&,&,& (,&,
'.42442, (&&(&(&(&,&&'&(&'(&'&(&&&'&&(&'(&(&&&'&&(&'(&'(&
'.42442, (&&(&(&(&,&&'&(&'(&'&(&&&'&&(&'(&(&&&'&&(&'(&'(&
"! !!!&/24445 &&'&&&'&&'(,&,&,&,&,&,& (,&,&,&,&,& (,&,&,&,&,& &
"! !!!&/24445 &&'&&&'&&'(,&,&,&,&,&,& (,&,&,&,&,& (,&,&,&,&,& &
"! ! ! &,0472.'(&&&'(&(&(&'(&(&'&&&'&((&'((&'&&'&((&'((&'&&'&((&
"! ! ! &,0472.'(&&&'(&(&(&'(&(&'&&&'&((&'((&'&&'&((&'((&'&&'&((&
! " "!"! " 0440,'&&&'&&&&(&',& &,',(,&,& &,& &,(,&,& &,& &,(,&,& &
! " "!"! " 0440,'&&&'&&&&(&',& &,',(,&,& &,& &,(,&,& &,& &,(,&,& &
"! " !&'.445''&'"&'(&&&&(&&(&(&&'&(&'((&'(&&'&(&'((&'(&&'&(&'(&
"! " !&'.445''&'"&'(&&&&(&&(&(&&'&(&'((&'(&&'&(&'((&'(&&'&(&'(&
!! "! "!&"&,24.(&&&&'&'&(&(&(,& & (,& &,& &,& (,& &,& &,& (,& &,&
!! "! "!&"&,24.(&&&&'&'&(&(&(,& & (,& &,& &,& (,& &,& &,& (,& &,&
!" ! ""& .5,'&"'"&&&'&'& &(&((&((&((&((&((&((&((&((&((&((&((&('
!" ! ""& .5,'&"'"&&&'&'& &(&((&((&((&((&((&((&((&((&((&((&((&('
!"!&"&"'..,'&&&''&'&&'&',& & & & & & & & & & & & & & & & & & &
!"!&"&"'..,'&&&''&'&&'&',& & & & & & & & & & & & & & & & & & &
! &" "&& &&'&&'&&'&'&'&'&'&'&'&'&'&'&'&'&'&'&'&'&'&'&'&'(
! &" "&& &&'&&'&&'&'&'&'&'&'&'&'&'&'&'&'&'&'&'&'&'&'&'&'(
&[[[[FKEEEC?953).ILSPPRRPSTVVWYYZZZ[[[[[[Q&
&[[[[FKEEEC?953).ILSPPRRPSTVVWYYZZZ[[[[[[Q&
####'"""!
####'"""!
7
7
##''((,-6!
##''((,-6!
DrF.Df2
DrF.Df2
.WW.{
.WW.{
3333333
3333333
version="1.0.0.0"
version="1.0.0.0"
name="InstallShield.Setup"
name="InstallShield.Setup"
InstallShield.Setup
InstallShield.Setup
name="Microsoft.Windows.Common-Controls"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
publicKeyToken="6595b64144ccf1df"
NO_KEY_VALUE
NO_KEY_VALUE
_ISMSIDEL.INI
_ISMSIDEL.INI
explorer.exe
explorer.exe
Folder=%s
Folder=%s
File=%s
File=%s
CmdLine
CmdLine
installfromweb:
installfromweb:
show_err_msg_invalid_identity
show_err_msg_invalid_identity
show_err_msg
show_err_msg
show_beta_msg
show_beta_msg
show_eval_msg
show_eval_msg
Supported
Supported
cmdline
cmdline
ErrorReportURL
ErrorReportURL
hXXp://VVV.installshield.com/isetup/ProErrorCentral.asp?ErrorCode=%d : 0x%x&ErrorInfo=%s
hXXp://VVV.installshield.com/isetup/ProErrorCentral.asp?ErrorCode=%d : 0x%x&ErrorInfo=%s
CompanyURL
CompanyURL
ShowPasswordDialog
ShowPasswordDialog
Failed to read setup package: %s name from Setup.ini
Failed to read setup package: %s name from Setup.ini
E:\CodeBases_Majesty_Hotfixes\isdev\src\Runtime\MSI\Shared\Setup\diskaction.cpp
E:\CodeBases_Majesty_Hotfixes\isdev\src\Runtime\MSI\Shared\Setup\diskaction.cpp
Reading setup.ini from %s
Reading setup.ini from %s
hXXps://
hXXps://
hXXp://
hXXp://
PTF://
PTF://
Referer: %s
Referer: %s
0xx
0xx
Jwintrust.dll
Jwintrust.dll
crypt32.dll
crypt32.dll
Forcing item moniker %s into ROT...
Forcing item moniker %s into ROT...
CLSID\%s
CLSID\%s
lFailed to load ISSetup.dll
lFailed to load ISSetup.dll
E:\CodeBases_Majesty_Hotfixes\isdev\src\Runtime\MSI\Shared\Setup\IsMsiHelper.cpp
E:\CodeBases_Majesty_Hotfixes\isdev\src\Runtime\MSI\Shared\Setup\IsMsiHelper.cpp
Launching InstallScript engine: %s, %s, %d
Launching InstallScript engine: %s, %s, %d
Could not find entry point in ISSetup.dll
Could not find entry point in ISSetup.dll
setup.ini
setup.ini
Setup.iss
Setup.iss
Software\InstallShield\ISWI\7.0\SetupExeLog
Software\InstallShield\ISWI\7.0\SetupExeLog
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
show_reboot_msg
show_reboot_msg
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
This setup was created with an EVALUATION VERSION of %s, which does not support extraction of the internal MSI file. The full version of InstallShield supports this functionality.
This setup was created with an EVALUATION VERSION of %s, which does not support extraction of the internal MSI file. The full version of InstallShield supports this functionality.
NoSuppressRebootKey
NoSuppressRebootKey
SETUPEXENAME
SETUPEXENAME
SETUPEXEDIR
SETUPEXEDIR
CertKey
CertKey
A>>> Fatal %s
A>>> Fatal %s
Reason: %s
Reason: %s
passed an invalid handle.
passed an invalid handle.
passed an invalid parameter.
passed an invalid parameter.
passed a bad SQL syntax.
passed a bad SQL syntax.
4.70.0.1300
4.70.0.1300
WinInet.dll
WinInet.dll
%s /g %s /g %s
%s /g %s /g %s
%s /g %s /g %s /s
%s /g %s /g %s /s
Software\Microsoft\Windows\CurrentVersion\RunOnceEx
Software\Microsoft\Windows\CurrentVersion\RunOnceEx
Software\Microsoft\Windows\CurrentVersion\RunOnce
Software\Microsoft\Windows\CurrentVersion\RunOnce
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries
*.mst
*.mst
E:\CodeBases_Majesty_Hotfixes\isdev\src\Runtime\MSI\Shared\Setup\msiaction.cpp
E:\CodeBases_Majesty_Hotfixes\isdev\src\Runtime\MSI\Shared\Setup\msiaction.cpp
dotnetredist.exe
dotnetredist.exe
dotnetfx.exe
dotnetfx.exe
dotnetredistSp3.exe
dotnetredistSp3.exe
.mst"
.mst"
Software\Microsoft\Active Setup\Installed Components\%s
Software\Microsoft\Active Setup\Installed Components\%s
{1C370964-514B-321C-7237-2B4FD86D8568}
{1C370964-514B-321C-7237-2B4FD86D8568}
{021122EA-49DC-4aeb-9D15-DCEAD9BAB1BC}
{021122EA-49DC-4aeb-9D15-DCEAD9BAB1BC}
{F1B13231-13BE-1231-5401-486BA763DEB6}
{F1B13231-13BE-1231-5401-486BA763DEB6}
{F279058C-50B2-4BE4-60C9-369CACF06821}
{F279058C-50B2-4BE4-60C9-369CACF06821}
{78705f0d-e8db-4b2d-8193-982bdda15ecd}
{78705f0d-e8db-4b2d-8193-982bdda15ecd}
{9B29D757-088E-E8C9-2535-AA319B92C00A}
{9B29D757-088E-E8C9-2535-AA319B92C00A}
Software\Microsoft\Windows\CurrentVersion\Installer
Software\Microsoft\Windows\CurrentVersion\Installer
Redist return value (%d) indicates a reboot is required, DotNetDelayReboot is %x
Redist return value (%d) indicates a reboot is required, DotNetDelayReboot is %x
"%s" /c:"msiinst /delayrebootq"
"%s" /c:"msiinst /delayrebootq"
"%s" /quiet /norestart
"%s" /quiet /norestart
"%s" /q
"%s" /q
2.0.2600.0
2.0.2600.0
Installing MSI engine %s
Installing MSI engine %s
lExtracting resource: %s
lExtracting resource: %s
Template summary for current package: %s
Template summary for current package: %s
Status returned obtaining PID_TEMPLATE property: %d
Status returned obtaining PID_TEMPLATE property: %d
Status returned from summary info: %d
Status returned from summary info: %d
SupportOS
SupportOS
SupportOSMsi12
SupportOSMsi12
SupportOSMsi30
SupportOSMsi30
Msi.DLL
Msi.DLL
{lX-X-X-XX-XXXXXX}
{lX-X-X-XX-XXXXXX}
DownloadFiles: %s
DownloadFiles: %s
DownloadFiles: downloading %s
DownloadFiles: downloading %s
Move failed, attempting to copy and delete file, last error %d
Move failed, attempting to copy and delete file, last error %d
Moving file %s to %s
Moving file %s to %s
Cab%d
Cab%d
Caching skin %s to %s
Caching skin %s to %s
Caching ini file %s to %s
Caching ini file %s to %s
Caching transform %s to %s
Caching transform %s to %s
Failed to cache file, last error %d, prompting for alternate location
Failed to cache file, last error %d, prompting for alternate location
Copying file for cache to %s
Copying file for cache to %s
SHFolder.dll
SHFolder.dll
dotnetfxsp1.exe
dotnetfxsp1.exe
Could not extract isconfig.ini from current issetup.dll
Could not extract isconfig.ini from current issetup.dll
Extracting resources for '%s' to '%s'
Extracting resources for '%s' to '%s'
ISConfig.ini for current issetup.dll does not contain TempPathGuid.
ISConfig.ini for current issetup.dll does not contain TempPathGuid.
IsConfig.ini
IsConfig.ini
vjredist20-LP.exe
vjredist20-LP.exe
vjredist-LP.exe
vjredist-LP.exe
langpack20.exe
langpack20.exe
langpack.exe
langpack.exe
Getting file from source, '%s'
Getting file from source, '%s'
Getting file from setup.exe
Getting file from setup.exe
Getting file from web download
Getting file from web download
Getting file from web install
Getting file from web install
Getting file from temp location, '%s'
Getting file from temp location, '%s'
File to get to '%s'
File to get to '%s'
GetFile: file '%s', ini section '%s', full path '%s', location %d
GetFile: file '%s', ini section '%s', full path '%s', location %d
Failed to execute query on Binary table, error: %d
Failed to execute query on Binary table, error: %d
Failed to query Binary table, error: %d
Failed to query Binary table, error: %d
Error opening MSI database: %d
Error opening MSI database: %d
Microsoft(R) .NET Framework
Microsoft(R) .NET Framework
J#CmdLine
J#CmdLine
/jscmd:
/jscmd:
/langcmd:"/q:a /c:\"
/langcmd:"/q:a /c:\"
DotNetFxCmd
DotNetFxCmd
DotNetLangPackCmd
DotNetLangPackCmd
vjredist20.exe
vjredist20.exe
vjredist.exe
vjredist.exe
dotnetfx20.exe
dotnetfx20.exe
isnetfx.exe
isnetfx.exe
3.0.0.0
3.0.0.0
2.0.0.0
2.0.0.0
Reboot needed: %s
Reboot needed: %s
Got file '%s' for MSI engine install
Got file '%s' for MSI engine install
instmsi30.exe
instmsi30.exe
Attempting to get file '%s' for MSI engine install
Attempting to get file '%s' for MSI engine install
WindowsInstaller-KB893803-x86.exe
WindowsInstaller-KB893803-x86.exe
MsiAction::Reboot command line %s
MsiAction::Reboot command line %s
"%s" %s /l%d /t"%s" /e"%s" /v"%s" %s
"%s" %s /l%d /t"%s" /e"%s" /v"%s" %s
"%s" /k %s /l%d /t"%s" /e"%s" /w /v"%s" %s
"%s" /k %s /l%d /t"%s" /e"%s" /w /v"%s" %s
Failed to get UI DLL from setup.exe for billboard support. This installation will run without billboards.
Failed to get UI DLL from setup.exe for billboard support. This installation will run without billboards.
Failed to load UI DLL, last error %x, install will run without billboards
Failed to load UI DLL, last error %x, install will run without billboards
lLoading ISExternalUI.dll from '%s'
lLoading ISExternalUI.dll from '%s'
ISExternalUI.dll
ISExternalUI.dll
First time install uses billboard support
First time install uses billboard support
/passive
/passive
Attempted unloaded of msi.dll: %d
Attempted unloaded of msi.dll: %d
Failed to locate ISSetup.dll (%s)
Failed to locate ISSetup.dll (%s)
%s /a "%s"%s
%s /a "%s"%s
%s /f%s "%s" %s
%s /f%s "%s" %s
%s /j%s "%s" %s
%s /j%s "%s" %s
%s /x "%s" %s
%s /x "%s" %s
/p"%s" %s
/p"%s" %s
%s /p "%s" %s
%s /p "%s" %s
%s /i "%s" %s
%s /i "%s" %s
%s="%s" %s="%s"
%s="%s" %s="%s"
ISSCRIPTCMDLINE="
ISSCRIPTCMDLINE="
ISSCRIPTCMDLINE
ISSCRIPTCMDLINE
Windows Installer 4.5 or newer is required to run this installation but is not present on the machine. Setup will now exit.
Windows Installer 4.5 or newer is required to run this installation but is not present on the machine. Setup will now exit.
4.05.0.0
4.05.0.0
InstanceId%d
InstanceId%d
/n %s
/n %s
:InstanceId%d.mst
:InstanceId%d.mst
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
DataCabInSetupExe
DataCabInSetupExe
Data.Cab
Data.Cab
Setup.bmp
Setup.bmp
1.20.1827.0
1.20.1827.0
2.9.0.0
2.9.0.0
%s/%s
%s/%s
E:\CodeBases_Majesty_Hotfixes\isdev\src\Runtime\MSI\Shared\Setup\session.cpp
E:\CodeBases_Majesty_Hotfixes\isdev\src\Runtime\MSI\Shared\Setup\session.cpp
%s: %s
%s: %s
Extraction of '%s' failed
Extraction of '%s' failed
Extracting '%s' to %s
Extracting '%s' to %s
Extracting setup.ini...
Extracting setup.ini...
0xx.ini
0xx.ini
%s"%s"
%s"%s"
This setup was created with a EVALUATION VERSION of %s
This setup was created with a EVALUATION VERSION of %s
This setup was created with a BETA VERSION of %s
This setup was created with a BETA VERSION of %s
This setup was created with an EVALUATION VERSION of %s. Evaluation setups work for only %s hours after they were built. Please rebuild the setup to run it again. The setup will now exit.
This setup was created with an EVALUATION VERSION of %s. Evaluation setups work for only %s hours after they were built. Please rebuild the setup to run it again. The setup will now exit.
PASSWORD
PASSWORD
Upgrade check: obtained package code %s from machine, current package code is %s
Upgrade check: obtained package code %s from machine, current package code is %s
Upgrade check: checking product code %s
Upgrade check: checking product code %s
Using language transforms from setup.exe location
Using language transforms from setup.exe location
Default language: %d, got code page %d
Default language: %d, got code page %d
%s=%s
%s=%s
Password
Password
Section: %s
Section: %s
Dumping setup.ini...
Dumping setup.ini...
CSetup.INI
CSetup.INI
INSTMSIA.EXE
INSTMSIA.EXE
INSTMSIW.EXE
INSTMSIW.EXE
MSIEXEC.EXE
MSIEXEC.EXE
setup.isn
setup.isn
CloneSetupExe
CloneSetupExe
Setup returning %d
Setup returning %d
%s /q"%s" /tempdisk1folder"%s" %s
%s /q"%s" /tempdisk1folder"%s" %s
%s\x.mst
%s\x.mst
%s\0xx.ini
%s\0xx.ini
key%d
key%d
%s %s
%s %s
E:\CodeBases_Majesty_Hotfixes\isdev\src\Runtime\MSI\Shared\Setup\Setup.cpp
E:\CodeBases_Majesty_Hotfixes\isdev\src\Runtime\MSI\Shared\Setup\Setup.cpp
InstallShield setup.exe (Unicode) started, cmdline: %s
InstallShield setup.exe (Unicode) started, cmdline: %s
K%s,%u
K%s,%u
%u.%u.%u.%u
%u.%u.%u.%u
E:\CodeBases_Majesty_Hotfixes\isdev\src\Runtime\MSI\Shared\Setup\utils.cpp
E:\CodeBases_Majesty_Hotfixes\isdev\src\Runtime\MSI\Shared\Setup\utils.cpp
System\CurrentControlSet\Control\Windows
System\CurrentControlSet\Control\Windows
%d: %s
%d: %s
Launch result %d, exit code %d
Launch result %d, exit code %d
Attempting to launch: %s
Attempting to launch: %s
Launch result %d
Launch result %d
Attempting to launch (no wait): %s
Attempting to launch (no wait): %s
"%s" %s
"%s" %s
WShell32.dll
WShell32.dll
kernel32.dll
kernel32.dll
Advapi32.lib
Advapi32.lib
advapi32.dll
advapi32.dll
.DEFAULT\Control Panel\International
.DEFAULT\Control Panel\International
.Default\Control Panel\desktop\ResourceLocale
.Default\Control Panel\desktop\ResourceLocale
mlang.dll
mlang.dll
KERNEL32.DLL
KERNEL32.DLL
portuguese
portuguese
oleaut32.dll
oleaut32.dll
Windows XP
Windows XP
Windows Server 2003
Windows Server 2003
Windows Vista / Server 2008
Windows Vista / Server 2008
Windows 7 / Server 2008 R2
Windows 7 / Server 2008 R2
Windows 2000
Windows 2000
Windows 95
Windows 95
Windows 98
Windows 98
Windows Me
Windows Me
Windows NT 4.0
Windows NT 4.0
Ntdll.dll
Ntdll.dll
psapi.dll
psapi.dll
shell32.dll
shell32.dll
%d%s%d%s%d%s%d
%d%s%d%s%d%s%d
PSTORES.EXE
PSTORES.EXE
SOFTWARE\Microsoft\Windows\CurrentVersion
SOFTWARE\Microsoft\Windows\CurrentVersion
SetupExeVersion: %ld.%ld.%ld.%ld
SetupExeVersion: %ld.%ld.%ld.%ld
SetupExe: %ls
SetupExe: %ls
%s%s%d.%s
%s%s%d.%s
JRange: bytes=%d-
JRange: bytes=%d-
Range: bytes=%d-
Range: bytes=%d-
AutoConfigURL
AutoConfigURL
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings
RPAWINET.DLL
RPAWINET.DLL
wininet.dll
wininet.dll
JWinTrust.dll
JWinTrust.dll
Crypt32.dll
Crypt32.dll
Advapi32.dll
Advapi32.dll
1.2.840.113549.1.9.1
1.2.840.113549.1.9.1
2.5.4.10
2.5.4.10
2.5.4.11
2.5.4.11
2.5.4.3
2.5.4.3
mscoree.dll
mscoree.dll
InstallShield.log
InstallShield.log
%s[%s]: %s
%s[%s]: %s
%s[%s]: %s -- File: %s, Line: %d
%s[%s]: %s -- File: %s, Line: %d
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\{FCB8D6C7-6560-46AB-A7F8-8A63A2D38015}\Setup.INI
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\{FCB8D6C7-6560-46AB-A7F8-8A63A2D38015}\Setup.INI
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\{FCB8D6C7-6560-46AB-A7F8-8A63A2D38015}
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\{FCB8D6C7-6560-46AB-A7F8-8A63A2D38015}
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\~qmgluq3kve.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\~qmgluq3kve.tmp
@10550,10551;1;0;;0,128,128
@10550,10551;1;0;;0,128,128
Do you wish to install %s?
Do you wish to install %s?
This software has not been altered since publication by %s. To install %s, click OK.
This software has not been altered since publication by %s. To install %s, click OK.
Caution: %s affirms this software is safe. You should only continue if you trust %s to make this assertion.
Caution: %s affirms this software is safe. You should only continue if you trust %s to make this assertion.
The identity of this software publisher was verified by %s.
The identity of this software publisher was verified by %s.
&Always trust software published by %s.
&Always trust software published by %s.
@10650,10651;1;0;;0,128,128
@10650,10651;1;0;;0,128,128
You should continue only if you can identify the publisher as someone you trust and are certain this application hasn't been altered since publication.
You should continue only if you can identify the publisher as someone you trust and are certain this application hasn't been altered since publication.
Please enter the password
Please enter the password
Password:
Password:
%sc%1 Setup is preparing the %2, which will guide you through the program setup process. Please wait.!Checking Operating System Version%Checking Windows(R) Installer Version
%sc%1 Setup is preparing the %2, which will guide you through the program setup process. Please wait.!Checking Operating System Version%Checking Windows(R) Installer Version
Configuring Windows Installer
Configuring Windows Installer
Configuring %s
Configuring %s
Setup has completed configuring the Windows Installer on your system. The system needs to be restarted in order to continue with the installation. Please click Restart to reboot the system.
Setup has completed configuring the Windows Installer on your system. The system needs to be restarted in order to continue with the installation. Please click Restart to reboot the system.
The installer must restart your system to complete configuring the Windows Installer service. Click Yes to restart now or No if you plan to restart later.DThis setup will perform an upgrade of '%s'. Do you want to continue?XA later version of '%s' is already installed on this machine. The setup cannot continue.
The installer must restart your system to complete configuring the Windows Installer service. Click Yes to restart now or No if you plan to restart later.DThis setup will perform an upgrade of '%s'. Do you want to continue?XA later version of '%s' is already installed on this machine. The setup cannot continue.
Setup has detected an incompatible version of Windows. Please click OK and verify that the target system is running either Windows 95 (or later version), or Windows NT 4.0 Service Pack 6 (or later version), before relaunching the installation'Error writing to the temporary location
Setup has detected an incompatible version of Windows. Please click OK and verify that the target system is running either Windows 95 (or later version), or Windows NT 4.0 Service Pack 6 (or later version), before relaunching the installation'Error writing to the temporary location
-Error extracting %s to the temporary location'Error reading setup initialization file
-Error extracting %s to the temporary location'Error reading setup initialization file
Installer not found in %s
Installer not found in %s
File %s not found#Internal error in Windows Installer
File %s not found#Internal error in Windows Installer
IError populating strings. Verify that all strings in Setup.ini are valid.
IError populating strings. Verify that all strings in Setup.ini are valid.
RestartQSetup needs %lu KB free disk space in %s. Please free up some space and try again
RestartQSetup needs %lu KB free disk space in %s. Please free up some space and try again
/V parameters to MsiExec.exejWindows(R) Installer %s found. This is an older version of the Windows(R) Installer. Click OK to continue.
/V parameters to MsiExec.exejWindows(R) Installer %s found. This is an older version of the Windows(R) Installer. Click OK to continue.
ANSI code page for %s is not installed on the system and therefore setup cannot run in the selected language. Run the setup and select another language.
ANSI code page for %s is not installed on the system and therefore setup cannot run in the selected language. Run the setup and select another language.
Setup requires Windows Installer version %s or higher to install the Microsoft .NET Framework version 2.0. Please install the Windows Installer version %s or higher and try again.
Setup requires Windows Installer version %s or higher to install the Microsoft .NET Framework version 2.0. Please install the Windows Installer version %s or higher and try again.
xThis setup does not contain the Windows Installer engine (%s) required to run the installation on this operating system.
xThis setup does not contain the Windows Installer engine (%s) required to run the installation on this operating system.
'Unable to install %s Scripting Runtime.8Unable to create InstallDriver instance, Return code: %d;Please specify a location to save the installation package.
'Unable to install %s Scripting Runtime.8Unable to create InstallDriver instance, Return code: %d;Please specify a location to save the installation package.
Unable to extract the file %s.
Unable to extract the file %s.
Downloading file %s.LAn error occurred while downloading the file %s. What would you like to do?
Downloading file %s.LAn error occurred while downloading the file %s. What would you like to do?
/sec&Failed to verify signature of file %s.
/sec&Failed to verify signature of file %s.
Estimated time remaining: %d %s of %d %s downloaded at d.d %s%s
Estimated time remaining: %d %s of %d %s downloaded at d.d %s%s
Unable to save file: %s Failed to complete installation.
Unable to save file: %s Failed to complete installation.
/UA
/UA
/UW
/UW
/UM
/UM
/US8Setup Initialization Error, failed to clone the process.:The file %s already exists. Would you like to replace it?
/US8Setup Initialization Error, failed to clone the process.:The file %s already exists. Would you like to replace it?
_Could not verify signature. You need Internet Explorer 3.02 or later with Authenticode update.hSetup requires a newer version of WinInet.dll. You may need to install Internet Explorer 3.02 or later.}You do not have sufficient privileges to complete this installation. Log on as administrator and then retry this installation=Error installing Microsoft(R) .NET Framework, Return Code: %dZ%s optionally uses the Microsoft (R) .NET %s Framework. Would you like to install it now?
_Could not verify signature. You need Internet Explorer 3.02 or later with Authenticode update.hSetup requires a newer version of WinInet.dll. You may need to install Internet Explorer 3.02 or later.}You do not have sufficient privileges to complete this installation. Log on as administrator and then retry this installation=Error installing Microsoft(R) .NET Framework, Return Code: %dZ%s optionally uses the Microsoft (R) .NET %s Framework. Would you like to install it now?
Setup has detected an incompatible version of Windows. Please click OK and verify that the target system is running either Windows 95 (or later version), or Windows NT 4.0 Service Pack 3 (or later version), before relaunching the installation\%s optionally uses the Visual J# Redistributable Package. Would you like to install it now? - (This will also install the .NET Framework.)
Setup has detected an incompatible version of Windows. Please click OK and verify that the target system is running either Windows 95 (or later version), or Windows NT 4.0 Service Pack 3 (or later version), before relaunching the installation\%s optionally uses the Visual J# Redistributable Package. Would you like to install it now? - (This will also install the .NET Framework.)
Setup has detected an incompatible version of Windows. Please click OK and verify that the target system is running Windows 2000 Service Pack 3 (or later version), before relaunching the installationw%s requires the following items to be installed on your computer. Click Install to begin installing these requirements.
Setup has detected an incompatible version of Windows. Please click OK and verify that the target system is running Windows 2000 Service Pack 3 (or later version), before relaunching the installationw%s requires the following items to be installed on your computer. Click Install to begin installing these requirements.
Installing %sDWould you like to cancel the setup after %s has finished installing?
Installing %sDWould you like to cancel the setup after %s has finished installing?
The files for installation requirement %s could not be found. The installation will now stop. This is probably due to a failed, or canceled download.XThe installation of %s appears to have failed. Do you want to continue the installation?
The files for installation requirement %s could not be found. The installation will now stop. This is probably due to a failed, or canceled download.XThe installation of %s appears to have failed. Do you want to continue the installation?
Skipped7The installation of %s has failed. Setup will now exit.gThe installation of %s requires a reboot. Click Yes to restart now or No if you plan to restart later.8%1 optionally uses %2. Would you like to install it now?
Skipped7The installation of %s has failed. Setup will now exit.gThe installation of %s requires a reboot. Click Yes to restart now or No if you plan to restart later.8%1 optionally uses %2. Would you like to install it now?
&Patch an existing instanceWThis installation requires Windows Installer version 4.5 or newer. Setup will now exit.
&Patch an existing instanceWThis installation requires Windows Installer version 4.5 or newer. Setup will now exit.
Authenticity Verified;The identity of this software publisher was verified by %s.lCaution: %s affirms this software is safe. You should only continue if you trust %s to make this assertion.'&Always trust software published by %s.UThis software has not been altered since publication by %s. To install %s, click OK.
Authenticity Verified;The identity of this software publisher was verified by %s.lCaution: %s affirms this software is safe. You should only continue if you trust %s to make this assertion.'&Always trust software published by %s.UThis software has not been altered since publication by %s. To install %s, click OK.
%s - InstallShield Wizard
%s - InstallShield Wizard
Setup has detected one or more instances of this application already installed on your system. You can maintain or update an existing instance or install a completely new instance.MSelect the instance of the application you want to &maintain or update below:
Setup has detected one or more instances of this application already installed on your system. You can maintain or update an existing instance or install a completely new instance.MSelect the instance of the application you want to &maintain or update below:
x%s Setup is preparing the InstallShield Wizard, which will guide you through the rest of the setup process. Please wait.
x%s Setup is preparing the InstallShield Wizard, which will guide you through the rest of the setup process. Please wait.
Error Information:3An error (%s) has occurred while running the setup.
Error Information:3An error (%s) has occurred while running the setup.
Please make sure you have finished any previous setup and closed other applications. If the error still occurs, please contact your vendor: %s.
Please make sure you have finished any previous setup and closed other applications. If the error still occurs, please contact your vendor: %s.
&Report}There is not enough space to initialize the setup. Please free up at least %ld KB on your %s drive before you run the setup.{A user with administrator rights installed this application. You need to have similar privileges to modify or uninstall it.tAnother instance of this setup is already running. Please wait for the other instance to finish and then try again.
&Report}There is not enough space to initialize the setup. Please free up at least %ld KB on your %s drive before you run the setup.{A user with administrator rights installed this application. You need to have similar privileges to modify or uninstall it.tAnother instance of this setup is already running. Please wait for the other instance to finish and then try again.
The origin and integrity of this application could not be verified. You should continue only if you can identify the publisher as someone you trust and are certain this application hasn't been altered since publication.
The origin and integrity of this application could not be verified. You should continue only if you can identify the publisher as someone you trust and are certain this application hasn't been altered since publication.
The origin and integrity of this application could not be verified because it was not signed by the publisher. You should continue only if you can identify the publisher as someone you trust and are certain this application hasn't been altered since publication.
The origin and integrity of this application could not be verified because it was not signed by the publisher. You should continue only if you can identify the publisher as someone you trust and are certain this application hasn't been altered since publication.
The origin and integrity of this application could not be verified. The certificate used to sign the software has expired or is invalid or untrusted. You should continue only if you can identify the publisher as someone you trust and are certain this application hasn't been altered since publication.jThe software is corrupted or has been altered since it was published. You should not continue this setup.0This setup was created with a BETA VERSION of %s7This Setup was created with an EVALUATION VERSION of %s
The origin and integrity of this application could not be verified. The certificate used to sign the software has expired or is invalid or untrusted. You should continue only if you can identify the publisher as someone you trust and are certain this application hasn't been altered since publication.jThe software is corrupted or has been altered since it was published. You should not continue this setup.0This setup was created with a BETA VERSION of %s7This Setup was created with an EVALUATION VERSION of %s
This setup was created with an EVALUATION VERSION of %s, which does not support extraction of the internal MSI file. The full version of InstallShield supports this functionality. For more information, see InstallShield KB article Q200900.
This setup was created with an EVALUATION VERSION of %s, which does not support extraction of the internal MSI file. The full version of InstallShield supports this functionality. For more information, see InstallShield KB article Q200900.
This setup was created with an EVALUATION VERSION of %s. Evaluation setups work for only %s days after they were built. Please rebuild the setup to run it again. The setup will now exit.3This setup works until %s. The setup will now exit.
This setup was created with an EVALUATION VERSION of %s. Evaluation setups work for only %s days after they were built. Please rebuild the setup to run it again. The setup will now exit.3This setup works until %s. The setup will now exit.
The path to the installation contains unsupported characters. Try moving the installation to a location that does not have special characters, and then try relaunching it.iThis setup requires administrative privileges that appear to be unavailable. Would you like to try again?
The path to the installation contains unsupported characters. Try moving the installation to a location that does not have special characters, and then try relaunching it.iThis setup requires administrative privileges that appear to be unavailable. Would you like to try again?
16.06.0-RTG
16.06.0-RTG
InstallShield Setup.exe
InstallShield Setup.exe
17.0.717
17.0.717
MSIEXEC.EXE_1908:
.text
.text
`.data
`.data
.rsrc
.rsrc
msvcrt.dll
msvcrt.dll
ADVAPI32.dll
ADVAPI32.dll
KERNEL32.dll
KERNEL32.dll
NTDLL.DLL
NTDLL.DLL
USER32.dll
USER32.dll
ole32.dll
ole32.dll
msi.dll
msi.dll
WinHttpOpen
WinHttpOpen
WinHttpConnect
WinHttpConnect
WinHttpCrackUrl
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpCloseHandle
WinHttpSendRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpReadData
WinHttpQueryHeaders
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetOption
WinHttpSetOption
RegDeleteKeyExW
RegDeleteKeyExW
SQLInstallDriverExW
SQLInstallDriverExW
SQLConfigDriverW
SQLConfigDriverW
SQLRemoveDriverW
SQLRemoveDriverW
SQLInstallTranslatorExW
SQLInstallTranslatorExW
SQLRemoveTranslatorW
SQLRemoveTranslatorW
SQLConfigDataSourceW
SQLConfigDataSourceW
SQLInstallerErrorW
SQLInstallerErrorW
SQLInstallDriverManagerW
SQLInstallDriverManagerW
SQLRemoveDriverManagerW
SQLRemoveDriverManagerW
UrlCanonicalizeW
UrlCanonicalizeW
UrlCombineW
UrlCombineW
UrlIsW
UrlIsW
UrlIsFileUrlW
UrlIsFileUrlW
UrlGetPartW
UrlGetPartW
PathCreateFromUrlW
PathCreateFromUrlW
DeleteUrlCacheEntryW
DeleteUrlCacheEntryW
URLDownloadToCacheFileW
URLDownloadToCacheFileW
SetThreadExecutionState
SetThreadExecutionState
GetSystemWindowsDirectoryW
GetSystemWindowsDirectoryW
NtRenameKey
NtRenameKey
NtOpenKey
NtOpenKey
TermsrvLogInstallIniFileEx
TermsrvLogInstallIniFileEx
WTHelperGetProvCertFromChain
WTHelperGetProvCertFromChain
CertDuplicateCertificateContext
CertDuplicateCertificateContext
CertFreeCertificateContext
CertFreeCertificateContext
ReportFault
ReportFault
ApphelpFixMsiPackageExe
ApphelpFixMsiPackageExe
msiexec.pdb
msiexec.pdb
PSSSSSSh
PSSSSSSh
SSSSht
SSSSht
_acmdln
_acmdln
RegOpenKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCreateKeyExW
RegCloseKey
RegCloseKey
RegDeleteKeyW
RegDeleteKeyW
RegEnumKeyW
RegEnumKeyW
RegEnumKeyExW
RegEnumKeyExW
RegGetKeySecurity
RegGetKeySecurity
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
ntdll.dll
ntdll.dll
name="MSIExec"
name="MSIExec"
version="4.0.0.0"
version="4.0.0.0"
Windows installer setup service
Windows installer setup service
name="Microsoft.Windows.Common-Controls"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
publicKeyToken="6595b64144ccf1df"
Msi.Package
Msi.Package
Windows Installer Package
Windows Installer Package
Msi.Patch
Msi.Patch
Windows Installer Patch
Windows Installer Patch
APPID\%s
APPID\%s
%s\DefaultIcon
%s\DefaultIcon
%s\CLSID
%s\CLSID
CLSID\%s
CLSID\%s
CLSID\%s\ProgId
CLSID\%s\ProgId
Msi.dll
Msi.dll
MsiRegMv.Exe
MsiRegMv.Exe
MsiExecCA32
MsiExecCA32
Software\Microsoft\Windows\CurrentVersion\Installer
Software\Microsoft\Windows\CurrentVersion\Installer
{lX-0000-0000-C000-000000000046}
{lX-0000-0000-C000-000000000046}
ISMIF32.DLL
ISMIF32.DLL
RICHED20.DLL
RICHED20.DLL
%d.d.%.4d.%d
%d.d.%.4d.%d
REINSTALL=ALL REINSTALLMODE=%s
REINSTALL=ALL REINSTALLMODE=%s
Error: %d. %s.
Error: %d. %s.
Software\Policies\Microsoft\Windows\Installer
Software\Policies\Microsoft\Windows\Installer
Failed to connect to server. Error: 0x%X
Failed to connect to server. Error: 0x%X
FDeleteRegTree: Unable to delete subkey: %s
FDeleteRegTree: Unable to delete subkey: %s
Interface\{lX-0000-0000-C000-000000000046}\NumMethods
Interface\{lX-0000-0000-C000-000000000046}\NumMethods
3.1.4000
3.1.4000
3.0.3790
3.0.3790
%d.%d.%d
%d.%d.%d
CLSID\{lX-0000-0000-C000-000000000046}\DllVersion
CLSID\{lX-0000-0000-C000-000000000046}\DllVersion
FIsKeyLocalSystemOrAdminOwned: Could not get owner security info.
FIsKeyLocalSystemOrAdminOwned: Could not get owner security info.
PurgeUserOwnedSubkeys: Could not open subkey: %s
PurgeUserOwnedSubkeys: Could not open subkey: %s
PurgeUserOwnedSubkeys: Could not enumerate subkeys.
PurgeUserOwnedSubkeys: Could not enumerate subkeys.
PurgeUserOwnedSubkeys: Could not delete SubKey tree.
PurgeUserOwnedSubkeys: Could not delete SubKey tree.
PurgeUserOwnedSubkeys: %s not owned by System or Admin. Deleting key subkeys.
PurgeUserOwnedSubkeys: %s not owned by System or Admin. Deleting key subkeys.
PurgeUserOwnedInstallerKeys: Could not delete tree.
PurgeUserOwnedInstallerKeys: Could not delete tree.
PurgeUserOwnedInstallerKeys: Key '%s' not owned by System or Admin. Deleting key subkeys.
PurgeUserOwnedInstallerKeys: Key '%s' not owned by System or Admin. Deleting key subkeys.
PurgeUserOwnedInstallerKeys: Could not open key '%s'
PurgeUserOwnedInstallerKeys: Could not open key '%s'
OpenProcessToken failed with %d
OpenProcessToken failed with %d
passive
passive
Software\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries
Software\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries
SetInstallerACLs: Could not create Secure Installer sub key.
SetInstallerACLs: Could not create Secure Installer sub key.
SetInstallerACLs: Could not delete Installer key tree.
SetInstallerACLs: Could not delete Installer key tree.
SetInstallerACLs: Installer key not owned by System or Admin. Deleting key subkeys and re-creating.
SetInstallerACLs: Installer key not owned by System or Admin. Deleting key subkeys and re-creating.
SetInstallerACLs: Could not create Installer key.
SetInstallerACLs: Could not create Installer key.
kernel32.dll
kernel32.dll
WINHTTP
WINHTTP
fusion.dll
fusion.dll
URLMON
URLMON
RPCRT4
RPCRT4
DDC_DID=1145394 DDC_RTGURL=hXXp://VVV.setupdlh.com/dl/TrackSetup/TrackSetup.aspx?DID=1145394 DDC_UPDATESTATUSURL=hXXp://190.4.95.131:8080/aladdins/Lobby.WebServices/Installer.asmx DDC_SIGNUPURL=hXXp://190.4.95.131:8080/aladdins/Lobby.WebSite/SignUpUnsecure.aspx SETUPEXEDIR="C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp" SETUPEXENAME="~qmgluq3kve.tmp"
DDC_DID=1145394 DDC_RTGURL=hXXp://VVV.setupdlh.com/dl/TrackSetup/TrackSetup.aspx?DID=1145394 DDC_UPDATESTATUSURL=hXXp://190.4.95.131:8080/aladdins/Lobby.WebServices/Installer.asmx DDC_SIGNUPURL=hXXp://190.4.95.131:8080/aladdins/Lobby.WebSite/SignUpUnsecure.aspx SETUPEXEDIR="C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp" SETUPEXENAME="~qmgluq3kve.tmp"
Windows
Windows
3.1.4001.5512
3.1.4001.5512
msiexec
msiexec
msiexec.exe
msiexec.exe
Windows Installer - Unicode
Windows Installer - Unicode
MsiExec.exe_1884:
.text
.text
`.data
`.data
.rsrc
.rsrc
msvcrt.dll
msvcrt.dll
ADVAPI32.dll
ADVAPI32.dll
KERNEL32.dll
KERNEL32.dll
NTDLL.DLL
NTDLL.DLL
USER32.dll
USER32.dll
ole32.dll
ole32.dll
msi.dll
msi.dll
WinHttpOpen
WinHttpOpen
WinHttpConnect
WinHttpConnect
WinHttpCrackUrl
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpCloseHandle
WinHttpSendRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpReadData
WinHttpQueryHeaders
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetOption
WinHttpSetOption
RegDeleteKeyExW
RegDeleteKeyExW
SQLInstallDriverExW
SQLInstallDriverExW
SQLConfigDriverW
SQLConfigDriverW
SQLRemoveDriverW
SQLRemoveDriverW
SQLInstallTranslatorExW
SQLInstallTranslatorExW
SQLRemoveTranslatorW
SQLRemoveTranslatorW
SQLConfigDataSourceW
SQLConfigDataSourceW
SQLInstallerErrorW
SQLInstallerErrorW
SQLInstallDriverManagerW
SQLInstallDriverManagerW
SQLRemoveDriverManagerW
SQLRemoveDriverManagerW
UrlCanonicalizeW
UrlCanonicalizeW
UrlCombineW
UrlCombineW
UrlIsW
UrlIsW
UrlIsFileUrlW
UrlIsFileUrlW
UrlGetPartW
UrlGetPartW
PathCreateFromUrlW
PathCreateFromUrlW
DeleteUrlCacheEntryW
DeleteUrlCacheEntryW
URLDownloadToCacheFileW
URLDownloadToCacheFileW
SetThreadExecutionState
SetThreadExecutionState
GetSystemWindowsDirectoryW
GetSystemWindowsDirectoryW
NtRenameKey
NtRenameKey
NtOpenKey
NtOpenKey
TermsrvLogInstallIniFileEx
TermsrvLogInstallIniFileEx
WTHelperGetProvCertFromChain
WTHelperGetProvCertFromChain
CertDuplicateCertificateContext
CertDuplicateCertificateContext
CertFreeCertificateContext
CertFreeCertificateContext
ReportFault
ReportFault
ApphelpFixMsiPackageExe
ApphelpFixMsiPackageExe
msiexec.pdb
msiexec.pdb
PSSSSSSh
PSSSSSSh
SSSSht
SSSSht
_acmdln
_acmdln
RegOpenKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCreateKeyExW
RegCloseKey
RegCloseKey
RegDeleteKeyW
RegDeleteKeyW
RegEnumKeyW
RegEnumKeyW
RegEnumKeyExW
RegEnumKeyExW
RegGetKeySecurity
RegGetKeySecurity
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
ntdll.dll
ntdll.dll
name="MSIExec"
name="MSIExec"
version="4.0.0.0"
version="4.0.0.0"
Windows installer setup service
Windows installer setup service
name="Microsoft.Windows.Common-Controls"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
publicKeyToken="6595b64144ccf1df"
Msi.Package
Msi.Package
Windows Installer Package
Windows Installer Package
Msi.Patch
Msi.Patch
Windows Installer Patch
Windows Installer Patch
APPID\%s
APPID\%s
%s\DefaultIcon
%s\DefaultIcon
%s\CLSID
%s\CLSID
CLSID\%s
CLSID\%s
CLSID\%s\ProgId
CLSID\%s\ProgId
Msi.dll
Msi.dll
MsiRegMv.Exe
MsiRegMv.Exe
MsiExecCA32
MsiExecCA32
Software\Microsoft\Windows\CurrentVersion\Installer
Software\Microsoft\Windows\CurrentVersion\Installer
{lX-0000-0000-C000-000000000046}
{lX-0000-0000-C000-000000000046}
ISMIF32.DLL
ISMIF32.DLL
RICHED20.DLL
RICHED20.DLL
%d.d.%.4d.%d
%d.d.%.4d.%d
REINSTALL=ALL REINSTALLMODE=%s
REINSTALL=ALL REINSTALLMODE=%s
Error: %d. %s.
Error: %d. %s.
Software\Policies\Microsoft\Windows\Installer
Software\Policies\Microsoft\Windows\Installer
Failed to connect to server. Error: 0x%X
Failed to connect to server. Error: 0x%X
FDeleteRegTree: Unable to delete subkey: %s
FDeleteRegTree: Unable to delete subkey: %s
Interface\{lX-0000-0000-C000-000000000046}\NumMethods
Interface\{lX-0000-0000-C000-000000000046}\NumMethods
3.1.4000
3.1.4000
3.0.3790
3.0.3790
%d.%d.%d
%d.%d.%d
CLSID\{lX-0000-0000-C000-000000000046}\DllVersion
CLSID\{lX-0000-0000-C000-000000000046}\DllVersion
FIsKeyLocalSystemOrAdminOwned: Could not get owner security info.
FIsKeyLocalSystemOrAdminOwned: Could not get owner security info.
PurgeUserOwnedSubkeys: Could not open subkey: %s
PurgeUserOwnedSubkeys: Could not open subkey: %s
PurgeUserOwnedSubkeys: Could not enumerate subkeys.
PurgeUserOwnedSubkeys: Could not enumerate subkeys.
PurgeUserOwnedSubkeys: Could not delete SubKey tree.
PurgeUserOwnedSubkeys: Could not delete SubKey tree.
PurgeUserOwnedSubkeys: %s not owned by System or Admin. Deleting key subkeys.
PurgeUserOwnedSubkeys: %s not owned by System or Admin. Deleting key subkeys.
PurgeUserOwnedInstallerKeys: Could not delete tree.
PurgeUserOwnedInstallerKeys: Could not delete tree.
PurgeUserOwnedInstallerKeys: Key '%s' not owned by System or Admin. Deleting key subkeys.
PurgeUserOwnedInstallerKeys: Key '%s' not owned by System or Admin. Deleting key subkeys.
PurgeUserOwnedInstallerKeys: Could not open key '%s'
PurgeUserOwnedInstallerKeys: Could not open key '%s'
OpenProcessToken failed with %d
OpenProcessToken failed with %d
passive
passive
Software\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries
Software\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries
SetInstallerACLs: Could not create Secure Installer sub key.
SetInstallerACLs: Could not create Secure Installer sub key.
SetInstallerACLs: Could not delete Installer key tree.
SetInstallerACLs: Could not delete Installer key tree.
SetInstallerACLs: Installer key not owned by System or Admin. Deleting key subkeys and re-creating.
SetInstallerACLs: Installer key not owned by System or Admin. Deleting key subkeys and re-creating.
SetInstallerACLs: Could not create Installer key.
SetInstallerACLs: Could not create Installer key.
kernel32.dll
kernel32.dll
WINHTTP
WINHTTP
fusion.dll
fusion.dll
URLMON
URLMON
RPCRT4
RPCRT4
Windows
Windows
3.1.4001.5512
3.1.4001.5512
msiexec
msiexec
msiexec.exe
msiexec.exe
Windows Installer - Unicode
Windows Installer - Unicode
MsiExec.exe_1884_rwx_00D70000_00002000:
The procedure %s could not be located in the DLL %s.
The procedure %s could not be located in the DLL %s.
The ordinal %d could not be located in the DLL %s.
The ordinal %d could not be located in the DLL %s.
MsiExec.exe_1884_rwx_00FD0000_00002000:
The procedure %s could not be located in the DLL %s.
The procedure %s could not be located in the DLL %s.
The ordinal %d could not be located in the DLL %s.
The ordinal %d could not be located in the DLL %s.