HEUR:Trojan.Win32.Generic (Kaspersky), Gen:Variant.Barys.10723 (B) (Emsisoft), Gen:Variant.Barys.10723 (AdAware), Backdoor.Win32.PcClient.FD, Worm.Win32.Ainslot.VB.FD, GenericAutorunWorm.YR, WormAinslot_VariantOfZeus.YR (Lavasoft MAS)Behaviour: Trojan, Backdoor, Worm, WormAutorun
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: aa4588cfaa775cc923b71b0f7816856d
SHA1: 4dcabbda71d24d717411753e0c9626257ccf6921
SHA256: dceb2094f3b7ca892a3afeccc7709bb61082645a46e9f755e52a4beabebfdb47
SSDeep: 49152:Z MZCTp2voG9DoYBbCeH/FPUSz/yyh5FDPhRadYiHs:Z/ tB6/tbnhfDPhRadYiHs
Size: 1871872 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: MicrosoftVisualC, NETexecutable, UPolyXv05_v6
Company: SQXBP
Created at: 2012-04-19 23:30:59
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
Behaviour | Description |
---|---|
WormAutorun | A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer. |
Process activity
The Trojan creates the following process(es):
%original file name%.exe:1872
csc.exe:1296
csc.exe:1684
Ç¢Ò§ÆÂÂƣǎ.exe:832
cvtres.exe:2024
cvtres.exe:332
rundll32.exe:1460
ƜƳƂÇÂÂÆ•.exe:2004
Eric22.exe:364
dumprep.exe:212
dumprep.exe:348
The Trojan injects its code into the following process(es):
svchost.exe:340
svchost.exe:1064
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:1872 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\svchost.exe (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\5z2hceo3.cmdline (295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\5z2hceo3.out (362 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\5z2hceo3.0.cs (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Eric22.exe (3687 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\5z2hceo3.err (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\5z2hceo3.cmdline (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\5z2hceo3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\5z2hceo3.out (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\5z2hceo3.0.cs (0 bytes)
The process csc.exe:1296 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\Ç¢Ò§ÆÂÂƣǎ.exe (3442 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CSC3.tmp (636 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fx32-c4c.out (396 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RES4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CSC3.tmp (0 bytes)
The process csc.exe:1684 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CSC1.tmp (636 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\5z2hceo3.out (396 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ƜƳƂÇÂÂÆ•.exe (3410 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CSC1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RES2.tmp (0 bytes)
The process cvtres.exe:2024 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RES2.tmp (2864 bytes)
The process cvtres.exe:332 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RES4.tmp (2864 bytes)
The process ƜƳƂÇÂÂÆ•.exe:2004 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\MsMpEng.exe (13122 bytes)
The process Eric22.exe:364 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\fx32-c4c.0.cs (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fx32-c4c.cmdline (295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fx32-c4c.out (362 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\fx32-c4c.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fx32-c4c.0.cs (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fx32-c4c.cmdline (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fx32-c4c.err (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fx32-c4c.out (0 bytes)
The process dumprep.exe:212 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WER51cb.dir00\svchost.exe.hdmp (215703 bytes)
The process dumprep.exe:348 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WER51cb.dir00\svchost.exe.mdmp (102001 bytes)
Registry activity
The process %original file name%.exe:1872 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "15 C3 AB DA 03 FC F9 D1 68 DD 12 10 4A 6A 67 9D"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Local Settings\Temp]
"Eric22.exe" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Local Settings\Temp]
"ƜƳƂÇÂÂÆ•.exe" = ""
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The process csc.exe:1296 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EF 12 63 15 BE 4F 44 18 0A E8 21 A0 C9 31 29 D5"
The process csc.exe:1684 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1A B6 68 D1 CF D4 A7 8E 47 09 4F 56 A3 81 1B 55"
The process Ç¢Ò§ÆÂÂƣǎ.exe:832 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7F 92 A4 B4 6A E9 45 04 03 6D F7 2F 32 5E 0E 90"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Essentials" = "%Documents and Settings%\%current user%\Local Settings\Temp\MsMpEng.exe"
The process cvtres.exe:2024 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A7 8B 6A 7A C8 EF F8 60 34 71 9E A6 57 46 7F 01"
The process cvtres.exe:332 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EF 4D AE 56 98 B2 98 67 BB FD 24 60 AD 71 C7 BF"
The process rundll32.exe:1460 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "41 40 BA 46 C1 B5 42 1E 10 40 2D BB 1F 6D 45 9D"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\%Documents and Settings%\%current user%\Local Settings\Temp]
"svchost.exe" = "EnableNXShowUI"
[HKLM\System\CurrentControlSet\Control\Session Manager\AppCompatibility]
"AppCompatCache" = "EF BE AD DE 60 00 00 00 00 00 00 00 00 00 00 00"
The process ƜƳƂÇÂÂÆ•.exe:2004 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9A 74 EB E1 14 9D 5F B4 72 68 33 85 E8 97 D4 58"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Essentials" = "%Documents and Settings%\%current user%\Local Settings\Temp\MsMpEng.exe"
The process Eric22.exe:364 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3D 91 6B 8A 72 BA 66 96 23 33 7B 54 6A CA BC 07"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Local Settings\Temp]
"Ç¢Ò§ÆÂÂƣǎ.exe" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
"Personal" = "%Documents and Settings%\%current user%\My Documents"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The process dumprep.exe:212 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "15 70 6F 03 80 1B A6 65 93 FC D1 26 F0 1E B8 38"
The process dumprep.exe:348 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AA 42 49 50 0D A6 7D 78 C1 F6 55 05 88 DA F6 4D"
Dropped PE files
MD5 | File path |
---|---|
06dbd0064e3f63d764ab3c95962f0241 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Eric22.exe |
e0d21bee6dae44a7c6e1896d7a8c7463 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\HannahsVideo.exe |
e0d21bee6dae44a7c6e1896d7a8c7463 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\svchost.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer.
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:1872
csc.exe:1296
csc.exe:1684
Ç¢Ò§ÆÂÂƣǎ.exe:832
cvtres.exe:2024
cvtres.exe:332
rundll32.exe:1460
ƜƳƂÇÂÂÆ•.exe:2004
Eric22.exe:364
dumprep.exe:212
dumprep.exe:348 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temp\svchost.exe (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\5z2hceo3.cmdline (295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\5z2hceo3.out (362 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\5z2hceo3.0.cs (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Eric22.exe (3687 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ç¢Ò§ÆÂÂƣǎ.exe (3442 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CSC3.tmp (636 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fx32-c4c.out (396 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CSC1.tmp (636 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ƜƳƂÇÂÂÆ•.exe (3410 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RES2.tmp (2864 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RES4.tmp (2864 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MsMpEng.exe (13122 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fx32-c4c.0.cs (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fx32-c4c.cmdline (295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WER51cb.dir00\svchost.exe.hdmp (215703 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WER51cb.dir00\svchost.exe.mdmp (102001 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Essentials" = "%Documents and Settings%\%current user%\Local Settings\Temp\MsMpEng.exe" - Find and delete all copies of the worm's file together with "autorun.inf" scripts on removable drives.
- Reboot the computer.
Static Analysis
VersionInfo
Company Name:
Product Name:
Product Version: 0.0.0.0
Legal Copyright:
Legal Trademarks:
Original Filename: setup.exe
Internal Name: setup.exe
File Version: 0.0.0.0
File Description:
Comments:
Language: Language Neutral
Company Name: Product Name: Product Version: 0.0.0.0Legal Copyright: Legal Trademarks: Original Filename: setup.exeInternal Name: setup.exeFile Version: 0.0.0.0File Description: Comments: Language: Language Neutral
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 8192 | 1869408 | 1869824 | 5.53106 | f2f8146f74d10524b9872e7d0330e640 |
.reloc | 1884160 | 12 | 512 | 0.070639 | 82cce3098daf8d2224478d0934da4638 |
.rsrc | 1892352 | 660 | 1024 | 1.47519 | 3a15d2f40e4cc13623a5c673752e1291 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
svchost.exe_340:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
OperationCancelled
OperationCancelled
AuthSchemeNotSupported
AuthSchemeNotSupported
WinHttpQueryAuthSchemesFailed
WinHttpQueryAuthSchemesFailed
WinHttpSetOptionFailed
WinHttpSetOptionFailed
FailedToObtainFileURL
FailedToObtainFileURL
WinHttpSetProxyOptionFailed
WinHttpSetProxyOptionFailed
WinHttpSetCredentialsFailed
WinHttpSetCredentialsFailed
WinHttpStatusDenied
WinHttpStatusDenied
WinHttpQueryHeadersFailed
WinHttpQueryHeadersFailed
OHttpReadTruncated
OHttpReadTruncated
WinHttpDataTruncated
WinHttpDataTruncated
WinHttpReadDataFailed
WinHttpReadDataFailed
WinHttpNoData
WinHttpNoData
WinHttpReceiveResponseFailed
WinHttpReceiveResponseFailed
WinHttpSendRequestFailed
WinHttpSendRequestFailed
WinHttpOpenRequestFailed
WinHttpOpenRequestFailed
WinHttpConnectFailed
WinHttpConnectFailed
WinHttpCloseFailed
WinHttpCloseFailed
WinHttpOpenFailed
WinHttpOpenFailed
InvalidServiceOperation
InvalidServiceOperation
SQLFailedToSetAttribute
SQLFailedToSetAttribute
SQLFailedToRetrieveData
SQLFailedToRetrieveData
SQLFailedToExecuteStatement
SQLFailedToExecuteStatement
SQLFailedToConnect
SQLFailedToConnect
SQLFailedToAllocateHandle
SQLFailedToAllocateHandle
SQLAlreadyConnected
SQLAlreadyConnected
NoSupportedCulture
NoSupportedCulture
InvalidOperation
InvalidOperation
InvalidCDKey
InvalidCDKey
.CoInitializeEx(0, %d) failed. Error code: 0xx.
.CoInitializeEx(0, %d) failed. Error code: 0xx.
CoInitializeEx(0, %d) failed; Appartment type: current=%d,requested=%d. Error code: 0xx.
CoInitializeEx(0, %d) failed; Appartment type: current=%d,requested=%d. Error code: 0xx.
OLog not initialized for reporting events
OLog not initialized for reporting events
Log intialized to report Event Logs
Log intialized to report Event Logs
shared_ptr cannot apply operator '->' to an empty object pointer
shared_ptr cannot apply operator '->' to an empty object pointer
d:\office\source\ocfx\olog.cpp
d:\office\source\ocfx\olog.cpp
Log already intialized to report Event Logs
Log already intialized to report Event Logs
d:\office\source\otools\inc\ocfx\ocominterface.h
d:\office\source\otools\inc\ocfx\ocominterface.h
d:\office\source\otools\inc\ocfx\osmartpointer.h
d:\office\source\otools\inc\ocfx\osmartpointer.h
d:\office\source\otools\inc\ocfx\oalloc.h
d:\office\source\otools\inc\ocfx\oalloc.h
OCOMInterface cannot apply operator '->' to NULL interface pointer
OCOMInterface cannot apply operator '->' to NULL interface pointer
cannot load kernel32.dll
cannot load kernel32.dll
OSmartPointer cannot apply operator '->' to an empty object pointer
OSmartPointer cannot apply operator '->' to an empty object pointer
.Cannot load sysem string for error x in language %i
.Cannot load sysem string for error x in language %i
d:\office\source\ocfx\osecurity.cpp
d:\office\source\ocfx\osecurity.cpp
d:\office\source\ocfx\oversion.cpp
d:\office\source\ocfx\oversion.cpp
.Unicows.dll
.Unicows.dll
Kernel32.dll
Kernel32.dll
Failed to free DLL: %S
Failed to free DLL: %S
d:\office\source\ocfx\olibrary.cpp
d:\office\source\ocfx\olibrary.cpp
.Failed to get procedure: %S
.Failed to get procedure: %S
Failed to load DLL: %S
Failed to load DLL: %S
Cannot set file %S attbutes to %u
Cannot set file %S attbutes to %u
failed to open file '%S'
failed to open file '%S'
failed to delete file %S
failed to delete file %S
Failed to copy file src: %S, dest: %S
Failed to copy file src: %S, dest: %S
.d:\office\source\ocfx\ofile.cpp
.d:\office\source\ocfx\ofile.cpp
Path passed in is too long.
Path passed in is too long.
ASHCreateDirectoryEx failed for directory: %S
ASHCreateDirectoryEx failed for directory: %S
GetDirectories: search path %S does not exist
GetDirectories: search path %S does not exist
GetFiles: search path %S does not exist
GetFiles: search path %S does not exist
failed to set current directory to: %S, error %d
failed to set current directory to: %S, error %d
d:\office\source\otools\inc\ocfx\othreadlocal.h
d:\office\source\otools\inc\ocfx\othreadlocal.h
tlsIndex out of indexes
tlsIndex out of indexes
OSmartPointer cannot apply operator '*' to an empty object pointer
OSmartPointer cannot apply operator '*' to an empty object pointer
d:\office\source\ocfx\oexceptionmanager.cpp
d:\office\source\ocfx\oexceptionmanager.cpp
d:\office\source\ocfx\oblob.cpp
d:\office\source\ocfx\oblob.cpp
ORegistryKey.GetValue failure: Cannot get registry %S value %S
ORegistryKey.GetValue failure: Cannot get registry %S value %S
Failed to create registry key: %d
Failed to create registry key: %d
Failed to create registry key: registry key name "%S" is too long
Failed to create registry key: registry key name "%S" is too long
ORegistryKey.Open failure: The length of subkey %S is longer than the maximum length allowed
ORegistryKey.Open failure: The length of subkey %S is longer than the maximum length allowed
ORegistryKey.Open failure: Parent key is NULL
ORegistryKey.Open failure: Parent key is NULL
d:\office\source\ocfx\oregistrykey.cpp
d:\office\source\ocfx\oregistrykey.cpp
root hkey is expected
root hkey is expected
ORegistryKey.GetValue failure: Cannot get String value. The registry key is closed or not set
ORegistryKey.GetValue failure: Cannot get String value. The registry key is closed or not set
.Cannot detect whether the current machine is a domain controller
.Cannot detect whether the current machine is a domain controller
.back_ptr cannot apply operator '->' to an empty object pointer
.back_ptr cannot apply operator '->' to an empty object pointer
d:\office\source\setupexe\lis\logic\lis.h
d:\office\source\setupexe\lis\logic\lis.h
%S element specified in config.xml without a Value attribute.
%S element specified in config.xml without a Value attribute.
d:\office\source\setupexe\catalyst\catcore\catconfig.cpp
d:\office\source\setupexe\catalyst\catcore\catconfig.cpp
InstallTrial %S is an unknown value
InstallTrial %S is an unknown value
ShowUI %S is an unknown value
ShowUI %S is an unknown value
CACHEACTION %S is an unknow value
CACHEACTION %S is an unknow value
State attribute missing from OptionState element id: %S
State attribute missing from OptionState element id: %S
Invalid value specified for OptionState State attribute: %S
Invalid value specified for OptionState State attribute: %S
Invalid product: %S specified in config.xml when product %S has already been selected
Invalid product: %S specified in config.xml when product %S has already been selected
Invalid value specified for Command Execute attribute: %S
Invalid value specified for Command Execute attribute: %S
Invalid value specified for Command ChainPosition attribute: %S
Invalid value specified for Command ChainPosition attribute: %S
Invalid value specified for Path attribute: %S
Invalid value specified for Path attribute: %S
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
CorporateSQMURL
CorporateSQMURL
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
sftldr_wow64.dll
sftldr_wow64.dll
sftldr.dll
sftldr.dll
verifier.dll
verifier.dll
.Software\Microsoft\Office\14.0
.Software\Microsoft\Office\14.0
msodatad.dat
msodatad.dat
SYSTEM\CurrentControlSet\Control\Windows
SYSTEM\CurrentControlSet\Control\Windows
NetGetJoinInformation
NetGetJoinInformation
1404730
1404730
Found Office Product Version %S.
Found Office Product Version %S.
Could not get version registry key.
Could not get version registry key.
BCryptDestroyKey
BCryptDestroyKey
BCryptGenerateSymmetricKey
BCryptGenerateSymmetricKey
HttpEndRequestW
HttpEndRequestW
HttpSendRequestExW
HttpSendRequestExW
HttpAddRequestHeadersA
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpAddRequestHeadersW
InternetOpenUrlA
InternetOpenUrlA
InternetOpenUrlW
InternetOpenUrlW
SetUrlCacheEntryGroup
SetUrlCacheEntryGroup
SetUrlCacheEntryGroupW
SetUrlCacheEntryGroupW
FindCloseUrlCache
FindCloseUrlCache
FindNextUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryA
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryExA
FindNextUrlCacheEntryExA
FindNextUrlCacheEntryExW
FindNextUrlCacheEntryExW
FindFirstUrlCacheEntryExA
FindFirstUrlCacheEntryExA
FindFirstUrlCacheEntryExW
FindFirstUrlCacheEntryExW
GetUrlCacheEntryInfoA
GetUrlCacheEntryInfoA
GetUrlCacheEntryInfoW
GetUrlCacheEntryInfoW
CommitUrlCacheEntryA
CommitUrlCacheEntryA
CommitUrlCacheEntryW
CommitUrlCacheEntryW
CreateUrlCacheEntryA
CreateUrlCacheEntryA
CreateUrlCacheEntryW
CreateUrlCacheEntryW
HttpQueryInfoA
HttpQueryInfoA
HttpQueryInfoW
HttpQueryInfoW
HttpSendRequestA
HttpSendRequestA
HttpSendRequestW
HttpSendRequestW
HttpOpenRequestA
HttpOpenRequestA
HttpOpenRequestW
HttpOpenRequestW
InternetCrackUrlW
InternetCrackUrlW
InternetCrackUrlA
InternetCrackUrlA
FtpRemoveDirectoryA
FtpRemoveDirectoryA
FtpCreateDirectoryA
FtpCreateDirectoryA
FtpDeleteFileA
FtpDeleteFileA
FtpRenameFileA
FtpRenameFileA
InternetCanonicalizeUrlW
InternetCanonicalizeUrlW
InternetCanonicalizeUrlA
InternetCanonicalizeUrlA
InternetCombineUrlA
InternetCombineUrlA
FtpFindFirstFileA
FtpFindFirstFileA
FtpGetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpGetFileA
FtpGetFileA
FtpOpenFileA
FtpOpenFileA
%$%,%4%
%$%,%4%
S%T%U%V%W%X%Y%Z%[%\%]%^%_%`%a%
S%T%U%V%W%X%Y%Z%[%\%]%^%_%`%a%
b%c%d%e%f%g%h%i%j%k%l%
b%c%d%e%f%g%h%i%j%k%l%
!"#$%&'()* ,-./0123456789:;
!"#$%&'()* ,-./0123456789:;
!!!!2222
!!!!2222
%%%f||||
%%%f||||
!!!!2222||||
!!!!2222||||
!"#$%&'(
!"#$%&'(
'()* ,-./0
'()* ,-./0
&'()* ,-./
&'()* ,-./
&'()* ,-./012345
&'()* ,-./012345
3456789
3456789
.ASex
.ASex
!"#$%&'()* ,-./012
!"#$%&'()* ,-./012
!"#$%&'()
!"#$%&'()
.Delete fails in DeleteArea
.Delete fails in DeleteArea
.*** Software Failure: %s ***
.*** Software Failure: %s ***
Bucket can't get a size key in UpdateBucket
Bucket can't get a size key in UpdateBucket
.Unknown exception
.Unknown exception
.CorExitProcess
.CorExitProcess
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
.bad exception
.bad exception
?GetProcessWindowStation
?GetProcessWindowStation
USER32.DLL
USER32.DLL
.msxml.domdocument
.msxml.domdocument
DetectionOperation
DetectionOperation
No such interface supported
No such interface supported
Operation aborted
Operation aborted
.General_AppName
.General_AppName
General_Reportee
General_Reportee
ReportingFlags
ReportingFlags
Stage1URL
Stage1URL
Stage2URL
Stage2URL
Main_ReportBtn
Main_ReportBtn
Main_NoReportBtn
Main_NoReportBtn
_dw2_0.txt
_dw2_0.txt
Reportee
Reportee
ReportButton
ReportButton
NoReportButton
NoReportButton
_dw1_5.txt
_dw1_5.txt
.Software\Policies\Microsoft\Windows\Installer
.Software\Policies\Microsoft\Windows\Installer
.PatchInstalled
.PatchInstalled
.SELECT `Property`, `Value` FROM `Property`
.SELECT `Property`, `Value` FROM `Property`
/dw/SetupStageTwo.asp
/dw/SetupStageTwo.asp
.d:\office\source\ocfx\oxmlnode.cpp
.d:\office\source\ocfx\oxmlnode.cpp
.get_attributes failed
.get_attributes failed
SelectNodes: %s called for OXmlNode with null interface
SelectNodes: %s called for OXmlNode with null interface
d:\office\source\ocfx\oxmlelement.cpp
d:\office\source\ocfx\oxmlelement.cpp
.d:\office\source\ocfx\oxmldocument.cpp
.d:\office\source\ocfx\oxmldocument.cpp
XML document load failed for file: %S
XML document load failed for file: %S
.d:\office\source\ocfx\oxmlnodelist.cpp
.d:\office\source\ocfx\oxmlnodelist.cpp
.Count get property called for OXmlNodeList with null interface
.Count get property called for OXmlNodeList with null interface
.d:\office\source\ocfx\oxmlnamednodemap.cpp
.d:\office\source\ocfx\oxmlnamednodemap.cpp
.VVVVj
.VVVVj
.jtSj=
.jtSj=
t.Ht$Ht
t.Ht$Ht
.tMSWV
.tMSWV
.jDPh
.jDPh
.jxX9
.jxX9
.wKShqrf7
.wKShqrf7
.uFWVj
.uFWVj
.WhTA
.WhTA
.VVVVVVVVj
.VVVVVVVVj
.Ph8ga3P
.Ph8ga3P
.Vha441V
.Vha441V
.tCSVW
.tCSVW
.hgqawh
.hgqawh
.hhqawh
.hhqawh
.PhqssqP
.PhqssqP
.Phz6g5
.Phz6g5
.Phjvuq
.Phjvuq
.Phua46P
.Phua46P
.Phwa46P
.Phwa46P
.SSS
.SSS
.wIVSP
.wIVSP
setup.exe
setup.exe
msi.dll
msi.dll
GDI32.dll
GDI32.dll
dbghelp.dll
dbghelp.dll
WINTRUST.dll
WINTRUST.dll
SHLWAPI.dll
SHLWAPI.dll
USER32.dll
USER32.dll
SHELL32.dll
SHELL32.dll
OLEAUT32.dll
OLEAUT32.dll
ole32.dll
ole32.dll
KERNEL32.dll
KERNEL32.dll
ADVAPI32.dll
ADVAPI32.dll
RPCRT4.dll
RPCRT4.dll
Secur32.dll
Secur32.dll
VERSION.dll
VERSION.dll
ReportEventW
ReportEventW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
RegOpenKeyExA
RegOpenKeyExA
RegEnumKeyW
RegEnumKeyW
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
GetKeyboardLayout
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutList
t:\setupexe\x86\ship\0\setup.pdb
t:\setupexe\x86\ship\0\setup.pdb
x86\ship\0\setup.exe\bbtopt\setupO.pdb
x86\ship\0\setup.exe\bbtopt\setupO.pdb
.?AVORegistryKey@@
.?AVORegistryKey@@
.PAVCMspError@@
.PAVCMspError@@
`!`'`)` `
`!`'`)` `
e%f-f|3 f'f/f
e%f-f|3 f'f/f
]!^"^#^ ^$^
]!^"^#^ ^$^
t.uGuHu
t.uGuHu
x4x7x%x-x x
x4x7x%x-x x
h&h(h.hMh:h%h h,k/k-k1k4kmk
h&h(h.hMh:h%h h,k/k-k1k4kmk
k%lzmcmdmvm
k%lzmcmdmvm
^Q]Q~NzP}P\PGPCPLPZPIPePvPNPUPuPtPwPOP
^Q]Q~NzP}P\PGPCPLPZPIPePvPNPUPuPtPwPOP
]8^6^3^7^
]8^6^3^7^
ichczc]eVeQeYeWe_UOeXeUeTe
ichczc]eVeQeYeWe_UOeXeUeTe
{1{ {-{/{2{8{
{1{ {-{/{2{8{
r6s%s4s)s:t*t3t"t%t5t6t4t/t
r6s%s4s)s:t*t3t"t%t5t6t4t/t
t&t(t%u&ukuju
t&t(t%u&ukuju
WHX%X
WHX%X
`IaJa aEa6a2a.aFa/aOa)a@a bh
`IaJa aEa6a2a.aFa/aOa)a@a bh
d@d%d'd
d@d%d'd
duewexei
duewexei
kCpDpJpHpIpEpFp
kCpDpJpHpIpEpFp
S$S%S&S'S(S)S S,S.S2S3S5S6S8S:S;SBSFSKSNSOSPSUSVSXSYS[S]S_SbSdSeSgShSiSjSkSmStSvSzS}S~S
S$S%S&S'S(S)S S,S.S2S3S5S6S8S:S;SBSFSKSNSOSPSUSVSXSYS[S]S_SbSdSeSgShSiSjSkSmStSvSzS}S~S
U U!U"U#U$U%U(U)U U:U=U?UBUGUIULUSUTUXUYUZU[U]U`UgUhUiUkUlUmUnUoUpUqUrUsUtUxUyUzU
U U!U"U#U$U%U(U)U U:U=U?UBUGUIULUSUTUXUYUZU[U]U`UgUhUiUkUlUmUnUoUpUqUrUsUtUxUyUzU
c c!c"c#c$c%c&c'c.c0c1c5c7c?cRcSc[c\c]c^c_c`cacbcccdcfcjclcsctcyc~c
c c!c"c#c$c%c&c'c.c0c1c5c7c?cRcSc[c\c]c^c_c`cacbcccdcfcjclcsctcyc~c
m!m#m$m&mCmDmEmFmGmHmImJmKmLmMmNmOmPmQmRmSmTmUmVmWm[m\m]mkmqmrmsm
m!m#m$m&mCmDmEmFmGmHmImJmKmLmMmNmOmPmQmRmSmTmUmVmWm[m\m]mkmqmrmsm
nRsSsh
nRsSsh
evg%f
evg%f
m.tRa
m.tRa
gtr%x
gtr%x
Q%SKg
Q%SKg
f.ebp>QI
f.ebp>QI
y.yxT
y.yxT
fn:q%uN
fn:q%uN
aw.Toiz
aw.Toiz
RMeXe
RMeXe
S#S$S%S;ScSdSrSsStSuS
S#S$S%S;ScSdSrSsStSuS
`!`"`&`'`)`*` `,`-`.`/`0`2`3`4`5`6`:`=`>`?`
`!`"`&`'`)`*` `,`-`.`/`0`2`3`4`5`6`:`=`>`?`
^ ^!^"^#^$^%^&^'^.^}^
^ ^!^"^#^$^%^&^'^.^}^
c c!c"c#c$c%c&c'c*c7c:c;cSc[c1e?e@eAeBeCeDeEe
c c!c"c#c$c%c&c'c*c7c:c;cSc[c1e?e@eAeBeCeDeEe
f f!f"f#f$f%f&f'f(f)f*f f,f-f
f f!f"f#f$f%f&f'f(f)f*f f,f-f
m m!m"m#m$m%m&m'm(m)m*m m,m-m.m1m2m3m4m5m6m7m8m9m:m;mm?m@mBmCmDmGmHmImJmKmLmMmNmOmPmQmRmSmTmUm
m m!m"m#m$m%m&m'm(m)m*m m,m-m.m1m2m3m4m5m6m7m8m9m:m;mm?m@mBmCmDmGmHmImJmKmLmMmNmOmPmQmRmSmTmUm
u u-u.uFuGuHuIuJuKuLuMuNuOuPuQuRuSu
u u-u.uFuGuHuIuJuKuLuMuNuOuPuQuRuSu
U U!U"U#U$U%U&U'U(U4UJU
U U!U"U#U$U%U&U'U(U4UJU
](^)^*^ ^,^-^/^0^1^
](^)^*^ ^,^-^/^0^1^
m/mAmFmVmWmXmYmZm[m\m]m^m_m`mambmcmdmemfmgmhmimjmkmlmmmnmompmqmrmsmtmumvmwmxmymzm{m|m}m~m
m/mAmFmVmWmXmYmZm[m\m]m^m_m`mambmcmdmemfmgmhmimjmkmlmmmnmompmqmrmsmtmumvmwmxmymzm{m|m}m~m
x x!x"x#x$x%x'x(x)x*x x,x.x/x0x1x2x3x4x5x6x7x8x9x:x;xx?x@xAxXy_yaycydyeygyiyjykylynyoy
x x!x"x#x$x%x'x(x)x*x x,x.x/x0x1x2x3x4x5x6x7x8x9x:x;xx?x@xAxXy_yaycydyeygyiyjykylynyoy
} }!}"}#}$}%}&}'}
} }!}"}#}$}%}&}'}
] ]!]"]#]$]%]&]'](])]*] ],]-].]/]0]
] ]!]"]#]$]%]&]'](])]*] ],]-].]/]0]
]2^3^4^5^6^7^8^9^:^;^^
]2^3^4^5^6^7^8^9^:^;^^
cMeNeOePeQeReSeTeUeWeXeYeZe[e]ebe
cMeNeOePeQeReSeTeUeWeXeYeZe[e]ebe
X X!X"X#X$X%X&X'X(X)X*X X,X-X.X/X0X1X3X4X6X7X8X9X:X;XX?X@XAXBXCXDXEXFXGXHXJXTX_X`XfXmX
X X!X"X#X$X%X&X'X(X)X*X X,X-X.X/X0X1X3X4X6X7X8X9X:X;XX?X@XAXBXCXDXEXFXGXHXJXTX_X`XfXmX
d%d-d0d=dRdad2e\e^e_e`eaecedeeefegeheiejele
d%d-d0d=dRdad2e\e^e_e`eaecedeeefegeheiejele
s"s#s$s%s&s(s)s,s-s/s0s1s2s3s4s5s6s8s9s>s@sGs
s"s#s$s%s&s(s)s,s-s/s0s1s2s3s4s5s6s8s9s>s@sGs
u$u%u&u/ujukulumunuouqurusutu
u$u%u&u/ujukulumunuouqurusutu
duewexeyeze{e
duewexeyeze{e
~ ~!~"~#~$~%~&~'~(~*~ ~-~8~:~0
~ ~!~"~#~$~%~&~'~(~*~ ~-~8~:~0
| |!|"|#|$|%|&|(|)|*|-|.|/|0|1|2|6|
| |!|"|#|$|%|&|(|)|*|-|.|/|0|1|2|6|
{3~3}3|3
{3~3}3|3
eZl%u
eZl%u
Q.YeY
Q.YeY
R:\Sg|p5rL
R:\Sg|p5rL
e$e#e e4e5e7e6e8eKuHeVeUeMeXe^e]erexei
e$e#e e4e5e7e6e8eKuHeVeUeMeXe^e]erexei
s4s/s)s%s>sNsOs
s4s/s)s%s>sNsOs
s&t*t)t.tbt
s&t*t)t.tbt
2%2.bx
2%2.bx
{ | }9},
{ | }9},
d6exe9j
d6exe9j
]%sOu4](n
]%sOu4](n
m.t.zB}
m.t.zB}
w%xIyWy
w%xIyWy
^vcÓv
^vcÓv
%f?iCt
%f?iCt
U>_.lE
U>_.lE
f.ebp
f.ebp
.nrR=
.nrR=
{fn:q%uN
{fn:q%uN
h$%fh$%
h$%fh$%
a$%$h$%FW$%
a$%$h$%FW$%
zcÃ
zcÃ
.PAVCMspErrorState@@
.PAVCMspErrorState@@
.PAVCMspErrorPropertyValue@@
.PAVCMspErrorPropertyValue@@
.PAVCMspErrorProperty@@
.PAVCMspErrorProperty@@
.PAVCMspErrorPropertyProtected@@
.PAVCMspErrorPropertyProtected@@
.PAVCMspErrorPropertyName@@
.PAVCMspErrorPropertyName@@
%Documents and Settings%\%current user%\Local Settings\Temp\svchost.exe
%Documents and Settings%\%current user%\Local Settings\Temp\svchost.exe
'') ()*!***%,.-$(((
'') ()*!***%,.-$(((
2 2$2(2,2
2 2$2(2,2
034383
034383
3M4}4
3M4}4
7%7U7
7%7U7
: :$:(:,:0:4:~:
: :$:(:,:0:4:~:
01
01
%s digital signature does not validate or is not present.
%s digital signature does not validate or is not present.
A required %s cannot be loaded. This may indicate that the file is missing or damaged.
A required %s cannot be loaded. This may indicate that the file is missing or damaged.
The Setup configuration file %s is not valid. Run Setup again without using a Setup configuration file, or fix the configuration file.
The Setup configuration file %s is not valid. Run Setup again without using a Setup configuration file, or fix the configuration file.
Verify file signature in "%s"
Verify file signature in "%s"
Cannot get Operating System version info. Error %u. Error is not critical. Continuing Setup.
Cannot get Operating System version info. Error %u. Error is not critical. Continuing Setup.
Operating System version: %s %s. Platform ID: %u
Operating System version: %s %s. Platform ID: %u
Failed to load the selected setup controller dll in location "%s"
Failed to load the selected setup controller dll in location "%s"
Using setup controller dll at [%s].
Using setup controller dll at [%s].
"%s" is verified to be an invalid file. Skipping signature verification on setup controller dll file and continuing setup
"%s" is verified to be an invalid file. Skipping signature verification on setup controller dll file and continuing setup
Failed to verify file signature from the selected setup controller dll in location "%s"
Failed to verify file signature from the selected setup controller dll in location "%s"
Using setup controller dll at location [%s].
Using setup controller dll at location [%s].
Copied setup controller dll to "%s"
Copied setup controller dll to "%s"
Uninstall or MMode product detected. Copying setup controller dll from "%s" to "%s"
Uninstall or MMode product detected. Copying setup controller dll from "%s" to "%s"
Cannot find the selected setup controller dll from location "%s"
Cannot find the selected setup controller dll from location "%s"
Version [%s].
Version [%s].
Found setup controller dll at [%s].
Found setup controller dll at [%s].
Checking for setup controller dll at [%s].
Checking for setup controller dll at [%s].
Cannot find the specified config.xml file. %s
Cannot find the specified config.xml file. %s
config.xml
config.xml
FILES\SETUP\config.xml
FILES\SETUP\config.xml
Running 32-bit setup on a 32-bit operating system.
Running 32-bit setup on a 32-bit operating system.
Running %s setup on a 64-bit operating system.
Running %s setup on a 64-bit operating system.
WSSSETUP.DLL
WSSSETUP.DLL
SVRSETUP.DLL
SVRSETUP.DLL
PSETUP.DLL
PSETUP.DLL
OSETUP.DLL
OSETUP.DLL
Log level changed from: %S to: %S
Log level changed from: %S to: %S
PERF: TickCount=%u Name=%s Description=%s
PERF: TickCount=%u Name=%s Description=%s
dddddd%X
dddddd%X
Office(*).log
Office(*).log
Log path %s is not valid (Error 0x%x). Reverting to default log path
Log path %s is not valid (Error 0x%x). Reverting to default log path
Error: %S Type: %d::%S. %s
Error: %S Type: %d::%S. %s
Error: Type: %S. %S ErrorCode: %d(0x%x). %s
Error: Type: %S. %S ErrorCode: %d(0x%x). %s
Error: %S ErrorCode: %d(0x%x). %s
Error: %S ErrorCode: %d(0x%x). %s
Error: %S HResult: 0x%x. %s
Error: %S HResult: 0x%x. %s
%s::[%d] %s
%s::[%d] %s
kernel32.dll
kernel32.dll
d/d/d d:d:d:d
d/d/d d:d:d:d
%s is trusted.
%s is trusted.
Warning: %s is not signed.
Warning: %s is not signed.
Error: %s is not trusted.
Error: %s is not trusted.
Comctl32.dll
Comctl32.dll
%s%d%s
%s%d%s
_-%[]{}`~!@#$^&() =,;
_-%[]{}`~!@#$^&() =,;
_-%\.[]{}`~!@#$^&() =,;
_-%\.[]{}`~!@#$^&() =,;
hXXp://
hXXp://
[WindowsFolder]
[WindowsFolder]
x:x
x:x
%S [%S:%d]
%S [%S:%d]
__tmainCRTStartup
__tmainCRTStartup
mainCRTStartup
mainCRTStartup
Corrupt stack frame: frameCount = %d
Corrupt stack frame: frameCount = %d
OS check result: 0xu
OS check result: 0xu
PIDKEY
PIDKEY
Invalid value display level specified in config.xml: %s. Leaving display level at: %S
Invalid value display level specified in config.xml: %s. Leaving display level at: %S
Display level full specified in config.xml.
Display level full specified in config.xml.
Display level basic specified in config.xml.
Display level basic specified in config.xml.
Display level none specified in config.xml.
Display level none specified in config.xml.
Invalid value log type specified in config.xml: %s. Leaving log type at: %S
Invalid value log type specified in config.xml: %s. Leaving log type at: %S
Logging type debug specified in config.xml.
Logging type debug specified in config.xml.
Logging type verbose specified in config.xml.
Logging type verbose specified in config.xml.
Logging type standard specified in config.xml.
Logging type standard specified in config.xml.
Logging type off specified in config.xml.
Logging type off specified in config.xml.
Setting value of locked setting '%s'!
Setting value of locked setting '%s'!
%s specified in config.xml.
%s specified in config.xml.
%s: "%s" specified in config.xml.
%s: "%s" specified in config.xml.
SetupExe(*).log
SetupExe(*).log
TRIAL InstallTrial = %s
TRIAL InstallTrial = %s
TRIAL ShowUI = %s
TRIAL ShowUI = %s
LIS CACHEACTION = %s
LIS CACHEACTION = %s
Parsed MinOSRequirement: ServicePackLevel with value: %s in config.xml.
Parsed MinOSRequirement: ServicePackLevel with value: %s in config.xml.
Parsed MinOSRequirement: WindowsBuild with value: %s in config.xml.
Parsed MinOSRequirement: WindowsBuild with value: %s in config.xml.
WindowsBuild
WindowsBuild
Parsed MinOSRequirement: VersionNT with value: %s in config.xml.
Parsed MinOSRequirement: VersionNT with value: %s in config.xml.
SUpdateLocation path specified in config.xml: %s
SUpdateLocation path specified in config.xml: %s
ShowSUpdateUI=Yes specified in config.xml.
ShowSUpdateUI=Yes specified in config.xml.
ShowSUpdateUI=No specified in config.xml.
ShowSUpdateUI=No specified in config.xml.
GetWebUpdates=Yes specified in config.xml.
GetWebUpdates=Yes specified in config.xml.
GetWebUpdates=No specified in config.xml.
GetWebUpdates=No specified in config.xml.
GetWebUpdates
GetWebUpdates
CheckForSUpdate=Yes specified in config.xml.
CheckForSUpdate=Yes specified in config.xml.
CheckForSUpdate=No specified in config.xml.
CheckForSUpdate=No specified in config.xml.
DistributionPoint parsed. The distribution point is now set to: %s
DistributionPoint parsed. The distribution point is now set to: %s
Invalid pidkey specified in config.xml. Ignoring value from config.xml
Invalid pidkey specified in config.xml. Ignoring value from config.xml
PIDKEY element successfully parsed in config.xml
PIDKEY element successfully parsed in config.xml
/Configuration/PIDKEY
/Configuration/PIDKEY
Show cancel button specified in config.xml.
Show cancel button specified in config.xml.
Disable of cancel button specified in config.xml.
Disable of cancel button specified in config.xml.
No auto accept license specified in config.xml.
No auto accept license specified in config.xml.
Auto accept license specified in config.xml.
Auto accept license specified in config.xml.
Hide completion notice specified in config.xml.
Hide completion notice specified in config.xml.
Show completion notice specified in config.xml with UI level set to none. Forcing modal dialogs to be shown as well.
Show completion notice specified in config.xml with UI level set to none. Forcing modal dialogs to be shown as well.
Show completion notice specified in config.xml.
Show completion notice specified in config.xml.
Show modal dialogs specified in config.xml.
Show modal dialogs specified in config.xml.
Suppression of modal dialogs specified in config.xml.
Suppression of modal dialogs specified in config.xml.
Parsed ARPHELPTELEPHONE value: %s
Parsed ARPHELPTELEPHONE value: %s
Parsed ARPHELPLINK value: %s
Parsed ARPHELPLINK value: %s
Parsed ARPURLUPDATEINFO value: %s
Parsed ARPURLUPDATEINFO value: %s
ARPURLUPDATEINFO
ARPURLUPDATEINFO
Parsed ARPURLINFOABOUT value: %s
Parsed ARPURLINFOABOUT value: %s
ARPURLINFOABOUT
ARPURLINFOABOUT
Parsed ARPCONTACT value: '%s'.
Parsed ARPCONTACT value: '%s'.
Parsed ARPCOMMENTS value: '%s'.
Parsed ARPCOMMENTS value: '%s'.
Log file template: %s specified in config.xml
Log file template: %s specified in config.xml
Log directory: %s specified in config.xml
Log directory: %s specified in config.xml
Parsed setting: %s with value: %s under package: %s in config.xml
Parsed setting: %s with value: %s under package: %s in config.xml
Parsed RemoveLangauge: CultureTag with value: %s in config.xml. Warning : this Culture is specified more than once.
Parsed RemoveLangauge: CultureTag with value: %s in config.xml. Warning : this Culture is specified more than once.
Parsed RemoveLangauge: CultureTag with value: %s in config.xml. NOTE: this Culture will not be removed because it is in the AddLanguage List.
Parsed RemoveLangauge: CultureTag with value: %s in config.xml. NOTE: this Culture will not be removed because it is in the AddLanguage List.
Parsed RemoveLangauge: CultureTag with value: %s in config.xml.
Parsed RemoveLangauge: CultureTag with value: %s in config.xml.
Parsed RemoveLangauge: CultureTag with value: %s in config.xml. Can not specify this value in RemoveLanguage Node; ignoring.
Parsed RemoveLangauge: CultureTag with value: %s in config.xml. Can not specify this value in RemoveLanguage Node; ignoring.
Parsed AddLangauge: CultureTag with value: %s in config.xml. Warning : this Culture is specified more than once.
Parsed AddLangauge: CultureTag with value: %s in config.xml. Warning : this Culture is specified more than once.
Parsed AddLangauge: CultureTag with value: %s in config.xml.
Parsed AddLangauge: CultureTag with value: %s in config.xml.
Parsed AddLangauge: Found request to include Current-User's Locale, in config.xml.
Parsed AddLangauge: Found request to include Current-User's Locale, in config.xml.
Parsed setting: %s with value: %s in config.xml.
Parsed setting: %s with value: %s in config.xml.
Unsupported setting: %s specified in config.xml.
Unsupported setting: %s specified in config.xml.
Preferred product specified in config.xml to be: %s
Preferred product specified in config.xml to be: %s
Parsing config.xml at: %s
Parsing config.xml at: %s
BRANDING.XML
BRANDING.XML
SETUP.CHM
SETUP.CHM
Keyword
Keyword
Warning: changing setup temp folder from [%s] to [%s].
Warning: changing setup temp folder from [%s] to [%s].
Setup temp folder set to [%s].
Setup temp folder set to [%s].
Setupx
Setupx
Uninstall requested for product: %s
Uninstall requested for product: %s
Repair requested for product: %s
Repair requested for product: %s
Modify requested for product: %s
Modify requested for product: %s
Unrecognized command line parameter: %s
Unrecognized command line parameter: %s
Invalid command line arguments. The preferred dll is already set when parsing '%s'.
Invalid command line arguments. The preferred dll is already set when parsing '%s'.
Invalid command line arguments. The active Product ID is already set when parsing '%s'.
Invalid command line arguments. The active Product ID is already set when parsing '%s'.
Invalid command line argument: /config used without specifying a config.xml file.
Invalid command line argument: /config used without specifying a config.xml file.
Running SETUPEXE as a COM server.
Running SETUPEXE as a COM server.
Admin patch file/path specified: %s
Admin patch file/path specified: %s
Config XML file specified: %s
Config XML file specified: %s
Handling command line option: %s
Handling command line option: %s
Command line: %s
Command line: %s
aero.msstyles
aero.msstyles
luna.msstyles
luna.msstyles
tmsodatalast.dat
tmsodatalast.dat
%ComponentLang%
%ComponentLang%
%WebLocale%
%WebLocale%
%UILang%
%UILang%
oleacc.dll
oleacc.dll
POWRPROF.dll
POWRPROF.dll
KERNEL32.DLL
KERNEL32.DLL
NETAPI32.dll
NETAPI32.dll
mso.dll
mso.dll
SspiCli.DLL
SspiCli.DLL
NCrypt.dll
NCrypt.dll
BCrypt.dll
BCrypt.dll
Wscapi.DLL
Wscapi.DLL
DwmApi.DLL
DwmApi.DLL
PropSys.DLL
PropSys.DLL
OSPPCEXT.DLL
OSPPCEXT.DLL
OSPPC.DLL
OSPPC.DLL
DavClnt.DLL
DavClnt.DLL
Rasdlg.DLL
Rasdlg.DLL
Rasapi32.DLL
Rasapi32.DLL
MsoXev.DLL
MsoXev.DLL
Sensapi.DLL
Sensapi.DLL
Secur32.DLL
Secur32.DLL
Setupapi.DLL
Setupapi.DLL
WsmEng.DLL
WsmEng.DLL
Credui.DLL
Credui.DLL
gdi32.DLL
gdi32.DLL
UxTheme.DLL
UxTheme.DLL
Mscat32.DLL
Mscat32.DLL
Wtsapi32.DLL
Wtsapi32.DLL
Netapi32.DLL
Netapi32.DLL
WFF.DLL
WFF.DLL
Activeds.DLL
Activeds.DLL
Shlwapi.DLL
Shlwapi.DLL
Kernel32.DLL
Kernel32.DLL
Winspool.DRV
Winspool.DRV
Mssign32.DLL
Mssign32.DLL
MsoHev.DLL
MsoHev.DLL
Riched20.DLL
Riched20.DLL
VBE7.DLL
VBE7.DLL
Advapi32.DLL
Advapi32.DLL
Softpub.DLL
Softpub.DLL
Wintrust.DLL
Wintrust.DLL
WININET.DLL
WININET.DLL
ODMA32.DLL
ODMA32.DLL
OLEACC.DLL
OLEACC.DLL
MSJET40.DLL
MSJET40.DLL
URLMON.DLL
URLMON.DLL
HLINK.DLL
HLINK.DLL
MAPI32.DLL
MAPI32.DLL
WINMM.DLL
WINMM.DLL
VERSION.DLL
VERSION.DLL
COMDLG32.DLL
COMDLG32.DLL
COMCTL32.DLL
COMCTL32.DLL
SHELL32.DLL
SHELL32.DLL
WINNLS.DLL
WINNLS.DLL
GDI32.DLL
GDI32.DLL
comctl32.dll
comctl32.dll
#$%&%&'(
#$%&%&'(
mscoree.dll
mscoree.dll
.XPath
.XPath
LIS SOURCELIST = %s
LIS SOURCELIST = %s
14.0.4734.1000
14.0.4734.1000
Windows
Windows
svchost.exe_340_rwx_2E000000_00119000:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
OperationCancelled
OperationCancelled
AuthSchemeNotSupported
AuthSchemeNotSupported
WinHttpQueryAuthSchemesFailed
WinHttpQueryAuthSchemesFailed
WinHttpSetOptionFailed
WinHttpSetOptionFailed
FailedToObtainFileURL
FailedToObtainFileURL
WinHttpSetProxyOptionFailed
WinHttpSetProxyOptionFailed
WinHttpSetCredentialsFailed
WinHttpSetCredentialsFailed
WinHttpStatusDenied
WinHttpStatusDenied
WinHttpQueryHeadersFailed
WinHttpQueryHeadersFailed
OHttpReadTruncated
OHttpReadTruncated
WinHttpDataTruncated
WinHttpDataTruncated
WinHttpReadDataFailed
WinHttpReadDataFailed
WinHttpNoData
WinHttpNoData
WinHttpReceiveResponseFailed
WinHttpReceiveResponseFailed
WinHttpSendRequestFailed
WinHttpSendRequestFailed
WinHttpOpenRequestFailed
WinHttpOpenRequestFailed
WinHttpConnectFailed
WinHttpConnectFailed
WinHttpCloseFailed
WinHttpCloseFailed
WinHttpOpenFailed
WinHttpOpenFailed
InvalidServiceOperation
InvalidServiceOperation
SQLFailedToSetAttribute
SQLFailedToSetAttribute
SQLFailedToRetrieveData
SQLFailedToRetrieveData
SQLFailedToExecuteStatement
SQLFailedToExecuteStatement
SQLFailedToConnect
SQLFailedToConnect
SQLFailedToAllocateHandle
SQLFailedToAllocateHandle
SQLAlreadyConnected
SQLAlreadyConnected
NoSupportedCulture
NoSupportedCulture
InvalidOperation
InvalidOperation
InvalidCDKey
InvalidCDKey
.CoInitializeEx(0, %d) failed. Error code: 0xx.
.CoInitializeEx(0, %d) failed. Error code: 0xx.
CoInitializeEx(0, %d) failed; Appartment type: current=%d,requested=%d. Error code: 0xx.
CoInitializeEx(0, %d) failed; Appartment type: current=%d,requested=%d. Error code: 0xx.
OLog not initialized for reporting events
OLog not initialized for reporting events
Log intialized to report Event Logs
Log intialized to report Event Logs
shared_ptr cannot apply operator '->' to an empty object pointer
shared_ptr cannot apply operator '->' to an empty object pointer
d:\office\source\ocfx\olog.cpp
d:\office\source\ocfx\olog.cpp
Log already intialized to report Event Logs
Log already intialized to report Event Logs
d:\office\source\otools\inc\ocfx\ocominterface.h
d:\office\source\otools\inc\ocfx\ocominterface.h
d:\office\source\otools\inc\ocfx\osmartpointer.h
d:\office\source\otools\inc\ocfx\osmartpointer.h
d:\office\source\otools\inc\ocfx\oalloc.h
d:\office\source\otools\inc\ocfx\oalloc.h
OCOMInterface cannot apply operator '->' to NULL interface pointer
OCOMInterface cannot apply operator '->' to NULL interface pointer
cannot load kernel32.dll
cannot load kernel32.dll
OSmartPointer cannot apply operator '->' to an empty object pointer
OSmartPointer cannot apply operator '->' to an empty object pointer
.Cannot load sysem string for error x in language %i
.Cannot load sysem string for error x in language %i
d:\office\source\ocfx\osecurity.cpp
d:\office\source\ocfx\osecurity.cpp
d:\office\source\ocfx\oversion.cpp
d:\office\source\ocfx\oversion.cpp
.Unicows.dll
.Unicows.dll
Kernel32.dll
Kernel32.dll
Failed to free DLL: %S
Failed to free DLL: %S
d:\office\source\ocfx\olibrary.cpp
d:\office\source\ocfx\olibrary.cpp
.Failed to get procedure: %S
.Failed to get procedure: %S
Failed to load DLL: %S
Failed to load DLL: %S
Cannot set file %S attbutes to %u
Cannot set file %S attbutes to %u
failed to open file '%S'
failed to open file '%S'
failed to delete file %S
failed to delete file %S
Failed to copy file src: %S, dest: %S
Failed to copy file src: %S, dest: %S
.d:\office\source\ocfx\ofile.cpp
.d:\office\source\ocfx\ofile.cpp
Path passed in is too long.
Path passed in is too long.
ASHCreateDirectoryEx failed for directory: %S
ASHCreateDirectoryEx failed for directory: %S
GetDirectories: search path %S does not exist
GetDirectories: search path %S does not exist
GetFiles: search path %S does not exist
GetFiles: search path %S does not exist
failed to set current directory to: %S, error %d
failed to set current directory to: %S, error %d
d:\office\source\otools\inc\ocfx\othreadlocal.h
d:\office\source\otools\inc\ocfx\othreadlocal.h
tlsIndex out of indexes
tlsIndex out of indexes
OSmartPointer cannot apply operator '*' to an empty object pointer
OSmartPointer cannot apply operator '*' to an empty object pointer
d:\office\source\ocfx\oexceptionmanager.cpp
d:\office\source\ocfx\oexceptionmanager.cpp
d:\office\source\ocfx\oblob.cpp
d:\office\source\ocfx\oblob.cpp
ORegistryKey.GetValue failure: Cannot get registry %S value %S
ORegistryKey.GetValue failure: Cannot get registry %S value %S
Failed to create registry key: %d
Failed to create registry key: %d
Failed to create registry key: registry key name "%S" is too long
Failed to create registry key: registry key name "%S" is too long
ORegistryKey.Open failure: The length of subkey %S is longer than the maximum length allowed
ORegistryKey.Open failure: The length of subkey %S is longer than the maximum length allowed
ORegistryKey.Open failure: Parent key is NULL
ORegistryKey.Open failure: Parent key is NULL
d:\office\source\ocfx\oregistrykey.cpp
d:\office\source\ocfx\oregistrykey.cpp
root hkey is expected
root hkey is expected
ORegistryKey.GetValue failure: Cannot get String value. The registry key is closed or not set
ORegistryKey.GetValue failure: Cannot get String value. The registry key is closed or not set
.Cannot detect whether the current machine is a domain controller
.Cannot detect whether the current machine is a domain controller
.back_ptr cannot apply operator '->' to an empty object pointer
.back_ptr cannot apply operator '->' to an empty object pointer
d:\office\source\setupexe\lis\logic\lis.h
d:\office\source\setupexe\lis\logic\lis.h
%S element specified in config.xml without a Value attribute.
%S element specified in config.xml without a Value attribute.
d:\office\source\setupexe\catalyst\catcore\catconfig.cpp
d:\office\source\setupexe\catalyst\catcore\catconfig.cpp
InstallTrial %S is an unknown value
InstallTrial %S is an unknown value
ShowUI %S is an unknown value
ShowUI %S is an unknown value
CACHEACTION %S is an unknow value
CACHEACTION %S is an unknow value
State attribute missing from OptionState element id: %S
State attribute missing from OptionState element id: %S
Invalid value specified for OptionState State attribute: %S
Invalid value specified for OptionState State attribute: %S
Invalid product: %S specified in config.xml when product %S has already been selected
Invalid product: %S specified in config.xml when product %S has already been selected
Invalid value specified for Command Execute attribute: %S
Invalid value specified for Command Execute attribute: %S
Invalid value specified for Command ChainPosition attribute: %S
Invalid value specified for Command ChainPosition attribute: %S
Invalid value specified for Path attribute: %S
Invalid value specified for Path attribute: %S
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
CorporateSQMURL
CorporateSQMURL
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
sftldr_wow64.dll
sftldr_wow64.dll
sftldr.dll
sftldr.dll
verifier.dll
verifier.dll
.Software\Microsoft\Office\14.0
.Software\Microsoft\Office\14.0
msodatad.dat
msodatad.dat
SYSTEM\CurrentControlSet\Control\Windows
SYSTEM\CurrentControlSet\Control\Windows
NetGetJoinInformation
NetGetJoinInformation
1404730
1404730
Found Office Product Version %S.
Found Office Product Version %S.
Could not get version registry key.
Could not get version registry key.
BCryptDestroyKey
BCryptDestroyKey
BCryptGenerateSymmetricKey
BCryptGenerateSymmetricKey
HttpEndRequestW
HttpEndRequestW
HttpSendRequestExW
HttpSendRequestExW
HttpAddRequestHeadersA
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpAddRequestHeadersW
InternetOpenUrlA
InternetOpenUrlA
InternetOpenUrlW
InternetOpenUrlW
SetUrlCacheEntryGroup
SetUrlCacheEntryGroup
SetUrlCacheEntryGroupW
SetUrlCacheEntryGroupW
FindCloseUrlCache
FindCloseUrlCache
FindNextUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryA
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryExA
FindNextUrlCacheEntryExA
FindNextUrlCacheEntryExW
FindNextUrlCacheEntryExW
FindFirstUrlCacheEntryExA
FindFirstUrlCacheEntryExA
FindFirstUrlCacheEntryExW
FindFirstUrlCacheEntryExW
GetUrlCacheEntryInfoA
GetUrlCacheEntryInfoA
GetUrlCacheEntryInfoW
GetUrlCacheEntryInfoW
CommitUrlCacheEntryA
CommitUrlCacheEntryA
CommitUrlCacheEntryW
CommitUrlCacheEntryW
CreateUrlCacheEntryA
CreateUrlCacheEntryA
CreateUrlCacheEntryW
CreateUrlCacheEntryW
HttpQueryInfoA
HttpQueryInfoA
HttpQueryInfoW
HttpQueryInfoW
HttpSendRequestA
HttpSendRequestA
HttpSendRequestW
HttpSendRequestW
HttpOpenRequestA
HttpOpenRequestA
HttpOpenRequestW
HttpOpenRequestW
InternetCrackUrlW
InternetCrackUrlW
InternetCrackUrlA
InternetCrackUrlA
FtpRemoveDirectoryA
FtpRemoveDirectoryA
FtpCreateDirectoryA
FtpCreateDirectoryA
FtpDeleteFileA
FtpDeleteFileA
FtpRenameFileA
FtpRenameFileA
InternetCanonicalizeUrlW
InternetCanonicalizeUrlW
InternetCanonicalizeUrlA
InternetCanonicalizeUrlA
InternetCombineUrlA
InternetCombineUrlA
FtpFindFirstFileA
FtpFindFirstFileA
FtpGetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpGetFileA
FtpGetFileA
FtpOpenFileA
FtpOpenFileA
%$%,%4%
%$%,%4%
S%T%U%V%W%X%Y%Z%[%\%]%^%_%`%a%
S%T%U%V%W%X%Y%Z%[%\%]%^%_%`%a%
b%c%d%e%f%g%h%i%j%k%l%
b%c%d%e%f%g%h%i%j%k%l%
!"#$%&'()* ,-./0123456789:;
!"#$%&'()* ,-./0123456789:;
!!!!2222
!!!!2222
%%%f||||
%%%f||||
!!!!2222||||
!!!!2222||||
!"#$%&'(
!"#$%&'(
'()* ,-./0
'()* ,-./0
&'()* ,-./
&'()* ,-./
&'()* ,-./012345
&'()* ,-./012345
3456789
3456789
.ASex
.ASex
!"#$%&'()* ,-./012
!"#$%&'()* ,-./012
!"#$%&'()
!"#$%&'()
.Delete fails in DeleteArea
.Delete fails in DeleteArea
.*** Software Failure: %s ***
.*** Software Failure: %s ***
Bucket can't get a size key in UpdateBucket
Bucket can't get a size key in UpdateBucket
.Unknown exception
.Unknown exception
.CorExitProcess
.CorExitProcess
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
.bad exception
.bad exception
?GetProcessWindowStation
?GetProcessWindowStation
USER32.DLL
USER32.DLL
.msxml.domdocument
.msxml.domdocument
DetectionOperation
DetectionOperation
No such interface supported
No such interface supported
Operation aborted
Operation aborted
.General_AppName
.General_AppName
General_Reportee
General_Reportee
ReportingFlags
ReportingFlags
Stage1URL
Stage1URL
Stage2URL
Stage2URL
Main_ReportBtn
Main_ReportBtn
Main_NoReportBtn
Main_NoReportBtn
_dw2_0.txt
_dw2_0.txt
Reportee
Reportee
ReportButton
ReportButton
NoReportButton
NoReportButton
_dw1_5.txt
_dw1_5.txt
.Software\Policies\Microsoft\Windows\Installer
.Software\Policies\Microsoft\Windows\Installer
.PatchInstalled
.PatchInstalled
.SELECT `Property`, `Value` FROM `Property`
.SELECT `Property`, `Value` FROM `Property`
/dw/SetupStageTwo.asp
/dw/SetupStageTwo.asp
.d:\office\source\ocfx\oxmlnode.cpp
.d:\office\source\ocfx\oxmlnode.cpp
.get_attributes failed
.get_attributes failed
SelectNodes: %s called for OXmlNode with null interface
SelectNodes: %s called for OXmlNode with null interface
d:\office\source\ocfx\oxmlelement.cpp
d:\office\source\ocfx\oxmlelement.cpp
.d:\office\source\ocfx\oxmldocument.cpp
.d:\office\source\ocfx\oxmldocument.cpp
XML document load failed for file: %S
XML document load failed for file: %S
.d:\office\source\ocfx\oxmlnodelist.cpp
.d:\office\source\ocfx\oxmlnodelist.cpp
.Count get property called for OXmlNodeList with null interface
.Count get property called for OXmlNodeList with null interface
.d:\office\source\ocfx\oxmlnamednodemap.cpp
.d:\office\source\ocfx\oxmlnamednodemap.cpp
.VVVVj
.VVVVj
.jtSj=
.jtSj=
t.Ht$Ht
t.Ht$Ht
.tMSWV
.tMSWV
.jDPh
.jDPh
.jxX9
.jxX9
.wKShqrf7
.wKShqrf7
.uFWVj
.uFWVj
.WhTA
.WhTA
.VVVVVVVVj
.VVVVVVVVj
.Ph8ga3P
.Ph8ga3P
.Vha441V
.Vha441V
.tCSVW
.tCSVW
.hgqawh
.hgqawh
.hhqawh
.hhqawh
.PhqssqP
.PhqssqP
.Phz6g5
.Phz6g5
.Phjvuq
.Phjvuq
.Phua46P
.Phua46P
.Phwa46P
.Phwa46P
.SSS
.SSS
.wIVSP
.wIVSP
setup.exe
setup.exe
msi.dll
msi.dll
GDI32.dll
GDI32.dll
dbghelp.dll
dbghelp.dll
WINTRUST.dll
WINTRUST.dll
SHLWAPI.dll
SHLWAPI.dll
USER32.dll
USER32.dll
SHELL32.dll
SHELL32.dll
OLEAUT32.dll
OLEAUT32.dll
ole32.dll
ole32.dll
KERNEL32.dll
KERNEL32.dll
ADVAPI32.dll
ADVAPI32.dll
RPCRT4.dll
RPCRT4.dll
Secur32.dll
Secur32.dll
VERSION.dll
VERSION.dll
ReportEventW
ReportEventW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
RegOpenKeyExA
RegOpenKeyExA
RegEnumKeyW
RegEnumKeyW
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
GetKeyboardLayout
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutList
t:\setupexe\x86\ship\0\setup.pdb
t:\setupexe\x86\ship\0\setup.pdb
x86\ship\0\setup.exe\bbtopt\setupO.pdb
x86\ship\0\setup.exe\bbtopt\setupO.pdb
.?AVORegistryKey@@
.?AVORegistryKey@@
.PAVCMspError@@
.PAVCMspError@@
`!`'`)` `
`!`'`)` `
e%f-f|3 f'f/f
e%f-f|3 f'f/f
]!^"^#^ ^$^
]!^"^#^ ^$^
t.uGuHu
t.uGuHu
x4x7x%x-x x
x4x7x%x-x x
h&h(h.hMh:h%h h,k/k-k1k4kmk
h&h(h.hMh:h%h h,k/k-k1k4kmk
k%lzmcmdmvm
k%lzmcmdmvm
^Q]Q~NzP}P\PGPCPLPZPIPePvPNPUPuPtPwPOP
^Q]Q~NzP}P\PGPCPLPZPIPePvPNPUPuPtPwPOP
]8^6^3^7^
]8^6^3^7^
ichczc]eVeQeYeWe_UOeXeUeTe
ichczc]eVeQeYeWe_UOeXeUeTe
{1{ {-{/{2{8{
{1{ {-{/{2{8{
r6s%s4s)s:t*t3t"t%t5t6t4t/t
r6s%s4s)s:t*t3t"t%t5t6t4t/t
t&t(t%u&ukuju
t&t(t%u&ukuju
WHX%X
WHX%X
`IaJa aEa6a2a.aFa/aOa)a@a bh
`IaJa aEa6a2a.aFa/aOa)a@a bh
d@d%d'd
d@d%d'd
duewexei
duewexei
kCpDpJpHpIpEpFp
kCpDpJpHpIpEpFp
S$S%S&S'S(S)S S,S.S2S3S5S6S8S:S;SBSFSKSNSOSPSUSVSXSYS[S]S_SbSdSeSgShSiSjSkSmStSvSzS}S~S
S$S%S&S'S(S)S S,S.S2S3S5S6S8S:S;SBSFSKSNSOSPSUSVSXSYS[S]S_SbSdSeSgShSiSjSkSmStSvSzS}S~S
U U!U"U#U$U%U(U)U U:U=U?UBUGUIULUSUTUXUYUZU[U]U`UgUhUiUkUlUmUnUoUpUqUrUsUtUxUyUzU
U U!U"U#U$U%U(U)U U:U=U?UBUGUIULUSUTUXUYUZU[U]U`UgUhUiUkUlUmUnUoUpUqUrUsUtUxUyUzU
c c!c"c#c$c%c&c'c.c0c1c5c7c?cRcSc[c\c]c^c_c`cacbcccdcfcjclcsctcyc~c
c c!c"c#c$c%c&c'c.c0c1c5c7c?cRcSc[c\c]c^c_c`cacbcccdcfcjclcsctcyc~c
m!m#m$m&mCmDmEmFmGmHmImJmKmLmMmNmOmPmQmRmSmTmUmVmWm[m\m]mkmqmrmsm
m!m#m$m&mCmDmEmFmGmHmImJmKmLmMmNmOmPmQmRmSmTmUmVmWm[m\m]mkmqmrmsm
nRsSsh
nRsSsh
evg%f
evg%f
m.tRa
m.tRa
gtr%x
gtr%x
Q%SKg
Q%SKg
f.ebp>QI
f.ebp>QI
y.yxT
y.yxT
fn:q%uN
fn:q%uN
aw.Toiz
aw.Toiz
RMeXe
RMeXe
S#S$S%S;ScSdSrSsStSuS
S#S$S%S;ScSdSrSsStSuS
`!`"`&`'`)`*` `,`-`.`/`0`2`3`4`5`6`:`=`>`?`
`!`"`&`'`)`*` `,`-`.`/`0`2`3`4`5`6`:`=`>`?`
^ ^!^"^#^$^%^&^'^.^}^
^ ^!^"^#^$^%^&^'^.^}^
c c!c"c#c$c%c&c'c*c7c:c;cSc[c1e?e@eAeBeCeDeEe
c c!c"c#c$c%c&c'c*c7c:c;cSc[c1e?e@eAeBeCeDeEe
f f!f"f#f$f%f&f'f(f)f*f f,f-f
f f!f"f#f$f%f&f'f(f)f*f f,f-f
m m!m"m#m$m%m&m'm(m)m*m m,m-m.m1m2m3m4m5m6m7m8m9m:m;mm?m@mBmCmDmGmHmImJmKmLmMmNmOmPmQmRmSmTmUm
m m!m"m#m$m%m&m'm(m)m*m m,m-m.m1m2m3m4m5m6m7m8m9m:m;mm?m@mBmCmDmGmHmImJmKmLmMmNmOmPmQmRmSmTmUm
u u-u.uFuGuHuIuJuKuLuMuNuOuPuQuRuSu
u u-u.uFuGuHuIuJuKuLuMuNuOuPuQuRuSu
U U!U"U#U$U%U&U'U(U4UJU
U U!U"U#U$U%U&U'U(U4UJU
](^)^*^ ^,^-^/^0^1^
](^)^*^ ^,^-^/^0^1^
m/mAmFmVmWmXmYmZm[m\m]m^m_m`mambmcmdmemfmgmhmimjmkmlmmmnmompmqmrmsmtmumvmwmxmymzm{m|m}m~m
m/mAmFmVmWmXmYmZm[m\m]m^m_m`mambmcmdmemfmgmhmimjmkmlmmmnmompmqmrmsmtmumvmwmxmymzm{m|m}m~m
x x!x"x#x$x%x'x(x)x*x x,x.x/x0x1x2x3x4x5x6x7x8x9x:x;xx?x@xAxXy_yaycydyeygyiyjykylynyoy
x x!x"x#x$x%x'x(x)x*x x,x.x/x0x1x2x3x4x5x6x7x8x9x:x;xx?x@xAxXy_yaycydyeygyiyjykylynyoy
} }!}"}#}$}%}&}'}
} }!}"}#}$}%}&}'}
] ]!]"]#]$]%]&]'](])]*] ],]-].]/]0]
] ]!]"]#]$]%]&]'](])]*] ],]-].]/]0]
]2^3^4^5^6^7^8^9^:^;^^
]2^3^4^5^6^7^8^9^:^;^^
cMeNeOePeQeReSeTeUeWeXeYeZe[e]ebe
cMeNeOePeQeReSeTeUeWeXeYeZe[e]ebe
X X!X"X#X$X%X&X'X(X)X*X X,X-X.X/X0X1X3X4X6X7X8X9X:X;XX?X@XAXBXCXDXEXFXGXHXJXTX_X`XfXmX
X X!X"X#X$X%X&X'X(X)X*X X,X-X.X/X0X1X3X4X6X7X8X9X:X;XX?X@XAXBXCXDXEXFXGXHXJXTX_X`XfXmX
d%d-d0d=dRdad2e\e^e_e`eaecedeeefegeheiejele
d%d-d0d=dRdad2e\e^e_e`eaecedeeefegeheiejele
s"s#s$s%s&s(s)s,s-s/s0s1s2s3s4s5s6s8s9s>s@sGs
s"s#s$s%s&s(s)s,s-s/s0s1s2s3s4s5s6s8s9s>s@sGs
u$u%u&u/ujukulumunuouqurusutu
u$u%u&u/ujukulumunuouqurusutu
duewexeyeze{e
duewexeyeze{e
~ ~!~"~#~$~%~&~'~(~*~ ~-~8~:~0
~ ~!~"~#~$~%~&~'~(~*~ ~-~8~:~0
| |!|"|#|$|%|&|(|)|*|-|.|/|0|1|2|6|
| |!|"|#|$|%|&|(|)|*|-|.|/|0|1|2|6|
{3~3}3|3
{3~3}3|3
eZl%u
eZl%u
Q.YeY
Q.YeY
R:\Sg|p5rL
R:\Sg|p5rL
e$e#e e4e5e7e6e8eKuHeVeUeMeXe^e]erexei
e$e#e e4e5e7e6e8eKuHeVeUeMeXe^e]erexei
s4s/s)s%s>sNsOs
s4s/s)s%s>sNsOs
s&t*t)t.tbt
s&t*t)t.tbt
2%2.bx
2%2.bx
{ | }9},
{ | }9},
d6exe9j
d6exe9j
]%sOu4](n
]%sOu4](n
m.t.zB}
m.t.zB}
w%xIyWy
w%xIyWy
^vcÓv
^vcÓv
%f?iCt
%f?iCt
U>_.lE
U>_.lE
f.ebp
f.ebp
.nrR=
.nrR=
{fn:q%uN
{fn:q%uN
h$%fh$%
h$%fh$%
a$%$h$%FW$%
a$%$h$%FW$%
zcÃ
zcÃ
.PAVCMspErrorState@@
.PAVCMspErrorState@@
.PAVCMspErrorPropertyValue@@
.PAVCMspErrorPropertyValue@@
.PAVCMspErrorProperty@@
.PAVCMspErrorProperty@@
.PAVCMspErrorPropertyProtected@@
.PAVCMspErrorPropertyProtected@@
.PAVCMspErrorPropertyName@@
.PAVCMspErrorPropertyName@@
%Documents and Settings%\%current user%\Local Settings\Temp\svchost.exe
%Documents and Settings%\%current user%\Local Settings\Temp\svchost.exe
'') ()*!***%,.-$(((
'') ()*!***%,.-$(((
2 2$2(2,2
2 2$2(2,2
034383
034383
3M4}4
3M4}4
7%7U7
7%7U7
: :$:(:,:0:4:~:
: :$:(:,:0:4:~:
01
01
%s digital signature does not validate or is not present.
%s digital signature does not validate or is not present.
A required %s cannot be loaded. This may indicate that the file is missing or damaged.
A required %s cannot be loaded. This may indicate that the file is missing or damaged.
The Setup configuration file %s is not valid. Run Setup again without using a Setup configuration file, or fix the configuration file.
The Setup configuration file %s is not valid. Run Setup again without using a Setup configuration file, or fix the configuration file.
Verify file signature in "%s"
Verify file signature in "%s"
Cannot get Operating System version info. Error %u. Error is not critical. Continuing Setup.
Cannot get Operating System version info. Error %u. Error is not critical. Continuing Setup.
Operating System version: %s %s. Platform ID: %u
Operating System version: %s %s. Platform ID: %u
Failed to load the selected setup controller dll in location "%s"
Failed to load the selected setup controller dll in location "%s"
Using setup controller dll at [%s].
Using setup controller dll at [%s].
"%s" is verified to be an invalid file. Skipping signature verification on setup controller dll file and continuing setup
"%s" is verified to be an invalid file. Skipping signature verification on setup controller dll file and continuing setup
Failed to verify file signature from the selected setup controller dll in location "%s"
Failed to verify file signature from the selected setup controller dll in location "%s"
Using setup controller dll at location [%s].
Using setup controller dll at location [%s].
Copied setup controller dll to "%s"
Copied setup controller dll to "%s"
Uninstall or MMode product detected. Copying setup controller dll from "%s" to "%s"
Uninstall or MMode product detected. Copying setup controller dll from "%s" to "%s"
Cannot find the selected setup controller dll from location "%s"
Cannot find the selected setup controller dll from location "%s"
Version [%s].
Version [%s].
Found setup controller dll at [%s].
Found setup controller dll at [%s].
Checking for setup controller dll at [%s].
Checking for setup controller dll at [%s].
Cannot find the specified config.xml file. %s
Cannot find the specified config.xml file. %s
config.xml
config.xml
FILES\SETUP\config.xml
FILES\SETUP\config.xml
Running 32-bit setup on a 32-bit operating system.
Running 32-bit setup on a 32-bit operating system.
Running %s setup on a 64-bit operating system.
Running %s setup on a 64-bit operating system.
WSSSETUP.DLL
WSSSETUP.DLL
SVRSETUP.DLL
SVRSETUP.DLL
PSETUP.DLL
PSETUP.DLL
OSETUP.DLL
OSETUP.DLL
Log level changed from: %S to: %S
Log level changed from: %S to: %S
PERF: TickCount=%u Name=%s Description=%s
PERF: TickCount=%u Name=%s Description=%s
dddddd%X
dddddd%X
Office(*).log
Office(*).log
Log path %s is not valid (Error 0x%x). Reverting to default log path
Log path %s is not valid (Error 0x%x). Reverting to default log path
Error: %S Type: %d::%S. %s
Error: %S Type: %d::%S. %s
Error: Type: %S. %S ErrorCode: %d(0x%x). %s
Error: Type: %S. %S ErrorCode: %d(0x%x). %s
Error: %S ErrorCode: %d(0x%x). %s
Error: %S ErrorCode: %d(0x%x). %s
Error: %S HResult: 0x%x. %s
Error: %S HResult: 0x%x. %s
%s::[%d] %s
%s::[%d] %s
kernel32.dll
kernel32.dll
d/d/d d:d:d:d
d/d/d d:d:d:d
%s is trusted.
%s is trusted.
Warning: %s is not signed.
Warning: %s is not signed.
Error: %s is not trusted.
Error: %s is not trusted.
Comctl32.dll
Comctl32.dll
%s%d%s
%s%d%s
_-%[]{}`~!@#$^&() =,;
_-%[]{}`~!@#$^&() =,;
_-%\.[]{}`~!@#$^&() =,;
_-%\.[]{}`~!@#$^&() =,;
hXXp://
hXXp://
[WindowsFolder]
[WindowsFolder]
x:x
x:x
%S [%S:%d]
%S [%S:%d]
__tmainCRTStartup
__tmainCRTStartup
mainCRTStartup
mainCRTStartup
Corrupt stack frame: frameCount = %d
Corrupt stack frame: frameCount = %d
OS check result: 0xu
OS check result: 0xu
PIDKEY
PIDKEY
Invalid value display level specified in config.xml: %s. Leaving display level at: %S
Invalid value display level specified in config.xml: %s. Leaving display level at: %S
Display level full specified in config.xml.
Display level full specified in config.xml.
Display level basic specified in config.xml.
Display level basic specified in config.xml.
Display level none specified in config.xml.
Display level none specified in config.xml.
Invalid value log type specified in config.xml: %s. Leaving log type at: %S
Invalid value log type specified in config.xml: %s. Leaving log type at: %S
Logging type debug specified in config.xml.
Logging type debug specified in config.xml.
Logging type verbose specified in config.xml.
Logging type verbose specified in config.xml.
Logging type standard specified in config.xml.
Logging type standard specified in config.xml.
Logging type off specified in config.xml.
Logging type off specified in config.xml.
Setting value of locked setting '%s'!
Setting value of locked setting '%s'!
%s specified in config.xml.
%s specified in config.xml.
%s: "%s" specified in config.xml.
%s: "%s" specified in config.xml.
SetupExe(*).log
SetupExe(*).log
TRIAL InstallTrial = %s
TRIAL InstallTrial = %s
TRIAL ShowUI = %s
TRIAL ShowUI = %s
LIS CACHEACTION = %s
LIS CACHEACTION = %s
Parsed MinOSRequirement: ServicePackLevel with value: %s in config.xml.
Parsed MinOSRequirement: ServicePackLevel with value: %s in config.xml.
Parsed MinOSRequirement: WindowsBuild with value: %s in config.xml.
Parsed MinOSRequirement: WindowsBuild with value: %s in config.xml.
WindowsBuild
WindowsBuild
Parsed MinOSRequirement: VersionNT with value: %s in config.xml.
Parsed MinOSRequirement: VersionNT with value: %s in config.xml.
SUpdateLocation path specified in config.xml: %s
SUpdateLocation path specified in config.xml: %s
ShowSUpdateUI=Yes specified in config.xml.
ShowSUpdateUI=Yes specified in config.xml.
ShowSUpdateUI=No specified in config.xml.
ShowSUpdateUI=No specified in config.xml.
GetWebUpdates=Yes specified in config.xml.
GetWebUpdates=Yes specified in config.xml.
GetWebUpdates=No specified in config.xml.
GetWebUpdates=No specified in config.xml.
GetWebUpdates
GetWebUpdates
CheckForSUpdate=Yes specified in config.xml.
CheckForSUpdate=Yes specified in config.xml.
CheckForSUpdate=No specified in config.xml.
CheckForSUpdate=No specified in config.xml.
DistributionPoint parsed. The distribution point is now set to: %s
DistributionPoint parsed. The distribution point is now set to: %s
Invalid pidkey specified in config.xml. Ignoring value from config.xml
Invalid pidkey specified in config.xml. Ignoring value from config.xml
PIDKEY element successfully parsed in config.xml
PIDKEY element successfully parsed in config.xml
/Configuration/PIDKEY
/Configuration/PIDKEY
Show cancel button specified in config.xml.
Show cancel button specified in config.xml.
Disable of cancel button specified in config.xml.
Disable of cancel button specified in config.xml.
No auto accept license specified in config.xml.
No auto accept license specified in config.xml.
Auto accept license specified in config.xml.
Auto accept license specified in config.xml.
Hide completion notice specified in config.xml.
Hide completion notice specified in config.xml.
Show completion notice specified in config.xml with UI level set to none. Forcing modal dialogs to be shown as well.
Show completion notice specified in config.xml with UI level set to none. Forcing modal dialogs to be shown as well.
Show completion notice specified in config.xml.
Show completion notice specified in config.xml.
Show modal dialogs specified in config.xml.
Show modal dialogs specified in config.xml.
Suppression of modal dialogs specified in config.xml.
Suppression of modal dialogs specified in config.xml.
Parsed ARPHELPTELEPHONE value: %s
Parsed ARPHELPTELEPHONE value: %s
Parsed ARPHELPLINK value: %s
Parsed ARPHELPLINK value: %s
Parsed ARPURLUPDATEINFO value: %s
Parsed ARPURLUPDATEINFO value: %s
ARPURLUPDATEINFO
ARPURLUPDATEINFO
Parsed ARPURLINFOABOUT value: %s
Parsed ARPURLINFOABOUT value: %s
ARPURLINFOABOUT
ARPURLINFOABOUT
Parsed ARPCONTACT value: '%s'.
Parsed ARPCONTACT value: '%s'.
Parsed ARPCOMMENTS value: '%s'.
Parsed ARPCOMMENTS value: '%s'.
Log file template: %s specified in config.xml
Log file template: %s specified in config.xml
Log directory: %s specified in config.xml
Log directory: %s specified in config.xml
Parsed setting: %s with value: %s under package: %s in config.xml
Parsed setting: %s with value: %s under package: %s in config.xml
Parsed RemoveLangauge: CultureTag with value: %s in config.xml. Warning : this Culture is specified more than once.
Parsed RemoveLangauge: CultureTag with value: %s in config.xml. Warning : this Culture is specified more than once.
Parsed RemoveLangauge: CultureTag with value: %s in config.xml. NOTE: this Culture will not be removed because it is in the AddLanguage List.
Parsed RemoveLangauge: CultureTag with value: %s in config.xml. NOTE: this Culture will not be removed because it is in the AddLanguage List.
Parsed RemoveLangauge: CultureTag with value: %s in config.xml.
Parsed RemoveLangauge: CultureTag with value: %s in config.xml.
Parsed RemoveLangauge: CultureTag with value: %s in config.xml. Can not specify this value in RemoveLanguage Node; ignoring.
Parsed RemoveLangauge: CultureTag with value: %s in config.xml. Can not specify this value in RemoveLanguage Node; ignoring.
Parsed AddLangauge: CultureTag with value: %s in config.xml. Warning : this Culture is specified more than once.
Parsed AddLangauge: CultureTag with value: %s in config.xml. Warning : this Culture is specified more than once.
Parsed AddLangauge: CultureTag with value: %s in config.xml.
Parsed AddLangauge: CultureTag with value: %s in config.xml.
Parsed AddLangauge: Found request to include Current-User's Locale, in config.xml.
Parsed AddLangauge: Found request to include Current-User's Locale, in config.xml.
Parsed setting: %s with value: %s in config.xml.
Parsed setting: %s with value: %s in config.xml.
Unsupported setting: %s specified in config.xml.
Unsupported setting: %s specified in config.xml.
Preferred product specified in config.xml to be: %s
Preferred product specified in config.xml to be: %s
Parsing config.xml at: %s
Parsing config.xml at: %s
BRANDING.XML
BRANDING.XML
SETUP.CHM
SETUP.CHM
Keyword
Keyword
Warning: changing setup temp folder from [%s] to [%s].
Warning: changing setup temp folder from [%s] to [%s].
Setup temp folder set to [%s].
Setup temp folder set to [%s].
Setupx
Setupx
Uninstall requested for product: %s
Uninstall requested for product: %s
Repair requested for product: %s
Repair requested for product: %s
Modify requested for product: %s
Modify requested for product: %s
Unrecognized command line parameter: %s
Unrecognized command line parameter: %s
Invalid command line arguments. The preferred dll is already set when parsing '%s'.
Invalid command line arguments. The preferred dll is already set when parsing '%s'.
Invalid command line arguments. The active Product ID is already set when parsing '%s'.
Invalid command line arguments. The active Product ID is already set when parsing '%s'.
Invalid command line argument: /config used without specifying a config.xml file.
Invalid command line argument: /config used without specifying a config.xml file.
Running SETUPEXE as a COM server.
Running SETUPEXE as a COM server.
Admin patch file/path specified: %s
Admin patch file/path specified: %s
Config XML file specified: %s
Config XML file specified: %s
Handling command line option: %s
Handling command line option: %s
Command line: %s
Command line: %s
aero.msstyles
aero.msstyles
luna.msstyles
luna.msstyles
tmsodatalast.dat
tmsodatalast.dat
%ComponentLang%
%ComponentLang%
%WebLocale%
%WebLocale%
%UILang%
%UILang%
oleacc.dll
oleacc.dll
POWRPROF.dll
POWRPROF.dll
KERNEL32.DLL
KERNEL32.DLL
NETAPI32.dll
NETAPI32.dll
mso.dll
mso.dll
SspiCli.DLL
SspiCli.DLL
NCrypt.dll
NCrypt.dll
BCrypt.dll
BCrypt.dll
Wscapi.DLL
Wscapi.DLL
DwmApi.DLL
DwmApi.DLL
PropSys.DLL
PropSys.DLL
OSPPCEXT.DLL
OSPPCEXT.DLL
OSPPC.DLL
OSPPC.DLL
DavClnt.DLL
DavClnt.DLL
Rasdlg.DLL
Rasdlg.DLL
Rasapi32.DLL
Rasapi32.DLL
MsoXev.DLL
MsoXev.DLL
Sensapi.DLL
Sensapi.DLL
Secur32.DLL
Secur32.DLL
Setupapi.DLL
Setupapi.DLL
WsmEng.DLL
WsmEng.DLL
Credui.DLL
Credui.DLL
gdi32.DLL
gdi32.DLL
UxTheme.DLL
UxTheme.DLL
Mscat32.DLL
Mscat32.DLL
Wtsapi32.DLL
Wtsapi32.DLL
Netapi32.DLL
Netapi32.DLL
WFF.DLL
WFF.DLL
Activeds.DLL
Activeds.DLL
Shlwapi.DLL
Shlwapi.DLL
Kernel32.DLL
Kernel32.DLL
Winspool.DRV
Winspool.DRV
Mssign32.DLL
Mssign32.DLL
MsoHev.DLL
MsoHev.DLL
Riched20.DLL
Riched20.DLL
VBE7.DLL
VBE7.DLL
Advapi32.DLL
Advapi32.DLL
Softpub.DLL
Softpub.DLL
Wintrust.DLL
Wintrust.DLL
WININET.DLL
WININET.DLL
ODMA32.DLL
ODMA32.DLL
OLEACC.DLL
OLEACC.DLL
MSJET40.DLL
MSJET40.DLL
URLMON.DLL
URLMON.DLL
HLINK.DLL
HLINK.DLL
MAPI32.DLL
MAPI32.DLL
WINMM.DLL
WINMM.DLL
VERSION.DLL
VERSION.DLL
COMDLG32.DLL
COMDLG32.DLL
COMCTL32.DLL
COMCTL32.DLL
SHELL32.DLL
SHELL32.DLL
WINNLS.DLL
WINNLS.DLL
GDI32.DLL
GDI32.DLL
comctl32.dll
comctl32.dll
#$%&%&'(
#$%&%&'(
mscoree.dll
mscoree.dll
.XPath
.XPath
LIS SOURCELIST = %s
LIS SOURCELIST = %s
14.0.4734.1000
14.0.4734.1000
Windows
Windows
svchost.exe_1064:
.text
.text
`.data
`.data
.rsrc
.rsrc
MSVBVM60.DLL
MSVBVM60.DLL
bss_server.usrReverseRelay
bss_server.usrReverseRelay
tmrWebHide
tmrWebHide
bss_server.Socket
bss_server.Socket
bss_server.usrRelay
bss_server.usrRelay
mswinsck.ocx
mswinsck.ocx
MSWinsockLib.Winsock
MSWinsockLib.Winsock
ieframe.dll
ieframe.dll
SHDocVwCtl.WebBrowser
SHDocVwCtl.WebBrowser
WebBrowser
WebBrowser
modLaunchWeb
modLaunchWeb
%Program Files% (x86)\Microsoft Visual Studio\VB98\VB6.OLB
%Program Files% (x86)\Microsoft Visual Studio\VB98\VB6.OLB
C:\Windows\SysWOW64\ieframe.dll
C:\Windows\SysWOW64\ieframe.dll
winmm.dll
winmm.dll
user32.dll
user32.dll
advapi32.dll
advapi32.dll
shell32.dll
shell32.dll
kernel32.dll
kernel32.dll
avicap32.dll
avicap32.dll
advpack.dll
advpack.dll
GetAsyncKeyState
GetAsyncKeyState
SetWindowsHookExA
SetWindowsHookExA
UnhookWindowsHookEx
UnhookWindowsHookEx
GetKeyboardLayout
GetKeyboardLayout
GetKeyboardState
GetKeyboardState
GetKeyState
GetKeyState
SHFileOperationA
SHFileOperationA
CreatePipe
CreatePipe
PSAPI.DLL
PSAPI.DLL
GetTcpTable
GetTcpTable
ExitWindowsEx
ExitWindowsEx
EnumWindows
EnumWindows
WinInet.dll
WinInet.dll
DeleteUrlCacheEntryA
DeleteUrlCacheEntryA
urlmon
urlmon
URLDownloadToFileA
URLDownloadToFileA
ShellExecuteA
ShellExecuteA
keybd_event
keybd_event
AddMsg
AddMsg
CHAT_ADDMSG
CHAT_ADDMSG
VBA6.DLL
VBA6.DLL
C:\Windows\SysWow64\msvbvm60.dll\3
C:\Windows\SysWow64\msvbvm60.dll\3
ws2_32.dll
ws2_32.dll
olepro32.dll
olepro32.dll
GdiplusShutdown
GdiplusShutdown
RemotePort
RemotePort
LocalPort
LocalPort
WSOCK32.DLL
WSOCK32.DLL
RegCloseKey
RegCloseKey
RegOpenKeyExA
RegOpenKeyExA
ntdll.dll
ntdll.dll
C:\Windows\SysWOW64\ieframe.oca
C:\Windows\SysWOW64\ieframe.oca
6tmrTCP
6tmrTCP
%Program Files% (x86)\Microsoft Visual Studio\VB98\mswinsck.oca
%Program Files% (x86)\Microsoft Visual Studio\VB98\mswinsck.oca
tmrUDP
tmrUDP
UDPSocket
UDPSocket
UDPFlood
UDPFlood
ole32.dll
ole32.dll
crypt32.dll
crypt32.dll
oleaut32.dll
oleaut32.dll
RegOpenKeyA
RegOpenKeyA
FindNextUrlCacheEntryA
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryA
txtPassword
txtPassword
imgLoginPressed
imgLoginPressed
imgLogin
imgLogin
RegCreateKeyA
RegCreateKeyA
RegDeleteKeyA
RegDeleteKeyA
RegEnumKeyExA
RegEnumKeyExA
gdi32.dll
gdi32.dll
FtpDownload
FtpDownload
InternetOpenUrlA
InternetOpenUrlA
FtpUpload
FtpUpload
FtpGetFileA
FtpGetFileA
FtpPutFileA
FtpPutFileA
FtpSetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpOpenFileA
FtpOpenFileA
FtpGetFileSize
FtpGetFileSize
FtpDeleteFileA
FtpDeleteFileA
FtpCreateDirectoryA
FtpCreateDirectoryA
FtpRemoveDirectoryA
FtpRemoveDirectoryA
FtpRenameFileA
FtpRenameFileA
FtpGetDirectory
FtpGetDirectory
Http_DownloadFile
Http_DownloadFile
cmdShowfiles
cmdShowfiles
msvbvm60.dll
msvbvm60.dll
tmrTCP
tmrTCP
?8??8??8??8??8?
?8??8??8??8??8?
2>e%Xdq
2>e%Xdq
uMsg
uMsg
strMsg
strMsg
MsgNum
MsgNum
AllMsgs
AllMsgs
lngPort
lngPort
URL_TARGET
URL_TARGET
Port
Port
Password
Password
WebURL
WebURL
Returns/Sets the port to be connected to on the remote computer
Returns/Sets the port to be connected to on the remote computer
Returns/Sets the port used on the local computer
Returns/Sets the port used on the local computer
Binds socket to specific port and adapter
Binds socket to specific port and adapter
Occurs after a send operation has completed
Occurs after a send operation has completed
*\AD:\Blackshades Project\Blackshades NET\server\server.vbp
*\AD:\Blackshades Project\Blackshades NET\server\server.vbp
2c49f800-c2dd-11cf-9ad6-0080c7e7b78d
2c49f800-c2dd-11cf-9ad6-0080c7e7b78d
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1) Gecko/20090612 Firefox/3.5
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1) Gecko/20090612 Firefox/3.5
{00020404-0000-0000-C000-000000000046}
{00020404-0000-0000-C000-000000000046}
\nir_cmd.bss speak text
\nir_cmd.bss speak text
\nir_cmd.bss setsysvolume 65535
\nir_cmd.bss setsysvolume 65535
\nir_cmd.bss mutesysvolume 1
\nir_cmd.bss mutesysvolume 1
\nir_cmd.bss mutesysvolume 0
\nir_cmd.bss mutesysvolume 0
\nir_cmd.bss screensaver
\nir_cmd.bss screensaver
\nir_cmd.bss monitor off
\nir_cmd.bss monitor off
\nir_cmd.bss monitor on
\nir_cmd.bss monitor on
PORT
PORT
TRANSFERPORT
TRANSFERPORT
\rsout.tmp
\rsout.tmp
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\
Keylog
Keylog
Wscript.Shell
Wscript.Shell
HKEY_CLASSES_ROOT\HTTP\shell\open\command\
HKEY_CLASSES_ROOT\HTTP\shell\open\command\
\winlogon.exe
\winlogon.exe
iexplore.exe
iexplore.exe
ADVAPI32.dll
ADVAPI32.dll
hXXp://VVV.facebook.com/?ref=home
hXXp://VVV.facebook.com/?ref=home
hXXp://VVV.facebook.com
hXXp://VVV.facebook.com
Windows Firewall/Internet Connection Sharing (ICS)
Windows Firewall/Internet Connection Sharing (ICS)
WebCamCapture
WebCamCapture
\Vuze\Azureus.exe
\Vuze\Azureus.exe
\LimeWire\LimeWire.exe
\LimeWire\LimeWire.exe
\uTorrent\uTorrent.exe
\uTorrent\uTorrent.exe
\uTorrent\uTorrent.exe /HIDE
\uTorrent\uTorrent.exe /HIDE
\BitTorrent\bittorrent.exe
\BitTorrent\bittorrent.exe
\MSWINSCK.OCX
\MSWINSCK.OCX
\cmd.exe
\cmd.exe
\data.dat
\data.dat
\steam\steam.exe
\steam\steam.exe
nkey
nkey
dkey
dkey
regsvr32.exe
regsvr32.exe
\pws_mail.bss
\pws_mail.bss
\pws_mess.bss
\pws_mess.bss
\pws_cdk.bss
\pws_cdk.bss
\pws_ff.bss
\pws_ff.bss
\pws_chro.bss
\pws_chro.bss
\nir_cmd.bss
\nir_cmd.bss
cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "
cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "
:*:Enabled:Windows Messanger" /f
:*:Enabled:Windows Messanger" /f
winmgmts:{impersonationLevel=Impersonate}!\\.\root\cimv2
winmgmts:{impersonationLevel=Impersonate}!\\.\root\cimv2
00000000
00000000
winmgmts:\\.\root\cimv2
winmgmts:\\.\root\cimv2
Select * from Win32_Keyboard
Select * from Win32_Keyboard
api.ipinfodb.com
api.ipinfodb.com
GET /v2/ip_query.php?key=
GET /v2/ip_query.php?key=
&timezone=off HTTP/1.1
&timezone=off HTTP/1.1
Host: api.ipinfodb.com
Host: api.ipinfodb.com
GET /v2/ip_query_country.php?key=
GET /v2/ip_query_country.php?key=
Portable
Portable
WScript.Shell
WScript.Shell
winmgmts:\\.\root\SecurityCenter
winmgmts:\\.\root\SecurityCenter
\wallpaper.bmp
\wallpaper.bmp
\wallpaper.jpg
\wallpaper.jpg
WinServer 2003, Web Edition
WinServer 2003, Web Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName
__oxFrame.class__
__oxFrame.class__
Scripting.FileSystemObject
Scripting.FileSystemObject
Autorun.ini
Autorun.ini
{557CF401-1A04-11D3-9A73-0000F81EF32E}
{557CF401-1A04-11D3-9A73-0000F81EF32E}
{1D5BE4B5-FA4A-452D-9CDD-5DB35105E7EB}
{1D5BE4B5-FA4A-452D-9CDD-5DB35105E7EB}
Address family not supported by protocol family.
Address family not supported by protocol family.
Operation already in progress.
Operation already in progress.
Operation now in progress.
Operation now in progress.
Socket operation on nonsocket.
Socket operation on nonsocket.
Operation not supported.
Operation not supported.
Protocol family not supported.
Protocol family not supported.
Protocol not supported.
Protocol not supported.
Socket type not supported.
Socket type not supported.
Winsock.dll version out of range.
Winsock.dll version out of range.
CSocketMaster.SocketExists
CSocketMaster.SocketExists
CSocketMaster.PostSocket
CSocketMaster.PostSocket
CSocketMaster.ConnectToIP
CSocketMaster.ConnectToIP
CSocketMaster.ResolveIfHostname
CSocketMaster.ResolveIfHostname
CSocketMaster.SendBufferedDataUDP
CSocketMaster.SendBufferedDataUDP
CSocketMaster.SendBufferedData
CSocketMaster.SendBufferedData
abe2869f-9b47-4cd9-a358-c22904dba7f7
abe2869f-9b47-4cd9-a358-c22904dba7f7
/stext mess.dat
/stext mess.dat
\mess.dat
\mess.dat
/stext mail.dat
/stext mail.dat
\mail.dat
\mail.dat
/stext ffpw.dat
/stext ffpw.dat
\ffpw.dat
\ffpw.dat
Web Site
Web Site
Password
Password
/stext chro.dat
/stext chro.dat
\chro.dat
\chro.dat
Action URL
Action URL
SOFTWARE\MICROSOFT\Windows NT\CurrentVersion
SOFTWARE\MICROSOFT\Windows NT\CurrentVersion
Windows
Windows
SOFTWARE\Classes\Applications\iexplore.exe\shell\open\command
SOFTWARE\Classes\Applications\iexplore.exe\shell\open\command
http\shell\open\command
http\shell\open\command
127.0.0.1
127.0.0.1
\dump.txt
\dump.txt
\uTorrent\uTorrent.exe /DIRECTORY
\uTorrent\uTorrent.exe /DIRECTORY
255.255.255.255
255.255.255.255
finalizarprocessoportas
finalizarprocessoportas
CONNECT %s:%i HTTP/1.0
CONNECT %s:%i HTTP/1.0
SOFTWARE\Classes\http\shell\open\command
SOFTWARE\Classes\http\shell\open\command
Software\Classes\http\shell\open\command
Software\Classes\http\shell\open\command
Software\Microsoft\Windows NT\CurrentVersion\SystemRestore
Software\Microsoft\Windows NT\CurrentVersion\SystemRestore
code.is.a.winner
code.is.a.winner
Software\Microsoft\Windows\CurrentVersion\Uninstall\eMule
Software\Microsoft\Windows\CurrentVersion\Uninstall\eMule
SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\DigitalProductId
SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\DigitalProductId
bps1.exe
bps1.exe
bhookpl.dll
bhookpl.dll
bnfa.exe
bnfa.exe
drvloadn.dll
drvloadn.dll
drvloadx.dll
drvloadx.dll
VNCHooks.dll
VNCHooks.dll
xr4tdwa.exe
xr4tdwa.exe
shutdown.exe
shutdown.exe
TCnRawKeyBoard
TCnRawKeyBoard
HuntHTTPDownload
HuntHTTPDownload
autorun.inf
autorun.inf
hXXps://onlineeast#.bankofamerica.com
hXXps://onlineeast#.bankofamerica.com
winlogon.exe
winlogon.exe
moz_logins
moz_logins
WEBCAMLIVE
WEBCAMLIVE
explorer.exe
explorer.exe
\system32\userinit.exe
\system32\userinit.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
\system32\userinit.exe,
\system32\userinit.exe,
notepad.exe
notepad.exe
steam.exe
steam.exe
hl.exe
hl.exe
\rspad.dat
\rspad.dat
@*\AD:\Blackshades Project\Blackshades NET\server\server.vbp
@*\AD:\Blackshades Project\Blackshades NET\server\server.vbp
svchost.exe_1064_rwx_00400000_00078000:
.text
.text
`.data
`.data
.rsrc
.rsrc
MSVBVM60.DLL
MSVBVM60.DLL
bss_server.usrReverseRelay
bss_server.usrReverseRelay
tmrWebHide
tmrWebHide
bss_server.Socket
bss_server.Socket
bss_server.usrRelay
bss_server.usrRelay
mswinsck.ocx
mswinsck.ocx
MSWinsockLib.Winsock
MSWinsockLib.Winsock
ieframe.dll
ieframe.dll
SHDocVwCtl.WebBrowser
SHDocVwCtl.WebBrowser
WebBrowser
WebBrowser
modLaunchWeb
modLaunchWeb
%Program Files% (x86)\Microsoft Visual Studio\VB98\VB6.OLB
%Program Files% (x86)\Microsoft Visual Studio\VB98\VB6.OLB
C:\Windows\SysWOW64\ieframe.dll
C:\Windows\SysWOW64\ieframe.dll
winmm.dll
winmm.dll
user32.dll
user32.dll
advapi32.dll
advapi32.dll
shell32.dll
shell32.dll
kernel32.dll
kernel32.dll
avicap32.dll
avicap32.dll
advpack.dll
advpack.dll
GetAsyncKeyState
GetAsyncKeyState
SetWindowsHookExA
SetWindowsHookExA
UnhookWindowsHookEx
UnhookWindowsHookEx
GetKeyboardLayout
GetKeyboardLayout
GetKeyboardState
GetKeyboardState
GetKeyState
GetKeyState
SHFileOperationA
SHFileOperationA
CreatePipe
CreatePipe
PSAPI.DLL
PSAPI.DLL
GetTcpTable
GetTcpTable
ExitWindowsEx
ExitWindowsEx
EnumWindows
EnumWindows
WinInet.dll
WinInet.dll
DeleteUrlCacheEntryA
DeleteUrlCacheEntryA
urlmon
urlmon
URLDownloadToFileA
URLDownloadToFileA
ShellExecuteA
ShellExecuteA
keybd_event
keybd_event
AddMsg
AddMsg
CHAT_ADDMSG
CHAT_ADDMSG
VBA6.DLL
VBA6.DLL
C:\Windows\SysWow64\msvbvm60.dll\3
C:\Windows\SysWow64\msvbvm60.dll\3
ws2_32.dll
ws2_32.dll
olepro32.dll
olepro32.dll
GdiplusShutdown
GdiplusShutdown
RemotePort
RemotePort
LocalPort
LocalPort
WSOCK32.DLL
WSOCK32.DLL
RegCloseKey
RegCloseKey
RegOpenKeyExA
RegOpenKeyExA
ntdll.dll
ntdll.dll
C:\Windows\SysWOW64\ieframe.oca
C:\Windows\SysWOW64\ieframe.oca
6tmrTCP
6tmrTCP
%Program Files% (x86)\Microsoft Visual Studio\VB98\mswinsck.oca
%Program Files% (x86)\Microsoft Visual Studio\VB98\mswinsck.oca
tmrUDP
tmrUDP
UDPSocket
UDPSocket
UDPFlood
UDPFlood
ole32.dll
ole32.dll
crypt32.dll
crypt32.dll
oleaut32.dll
oleaut32.dll
RegOpenKeyA
RegOpenKeyA
FindNextUrlCacheEntryA
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryA
txtPassword
txtPassword
imgLoginPressed
imgLoginPressed
imgLogin
imgLogin
RegCreateKeyA
RegCreateKeyA
RegDeleteKeyA
RegDeleteKeyA
RegEnumKeyExA
RegEnumKeyExA
gdi32.dll
gdi32.dll
FtpDownload
FtpDownload
InternetOpenUrlA
InternetOpenUrlA
FtpUpload
FtpUpload
FtpGetFileA
FtpGetFileA
FtpPutFileA
FtpPutFileA
FtpSetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpOpenFileA
FtpOpenFileA
FtpGetFileSize
FtpGetFileSize
FtpDeleteFileA
FtpDeleteFileA
FtpCreateDirectoryA
FtpCreateDirectoryA
FtpRemoveDirectoryA
FtpRemoveDirectoryA
FtpRenameFileA
FtpRenameFileA
FtpGetDirectory
FtpGetDirectory
Http_DownloadFile
Http_DownloadFile
cmdShowfiles
cmdShowfiles
msvbvm60.dll
msvbvm60.dll
tmrTCP
tmrTCP
?8??8??8??8??8?
?8??8??8??8??8?
2>e%Xdq
2>e%Xdq
uMsg
uMsg
strMsg
strMsg
MsgNum
MsgNum
AllMsgs
AllMsgs
lngPort
lngPort
URL_TARGET
URL_TARGET
Port
Port
Password
Password
WebURL
WebURL
Returns/Sets the port to be connected to on the remote computer
Returns/Sets the port to be connected to on the remote computer
Returns/Sets the port used on the local computer
Returns/Sets the port used on the local computer
Binds socket to specific port and adapter
Binds socket to specific port and adapter
Occurs after a send operation has completed
Occurs after a send operation has completed
*\AD:\Blackshades Project\Blackshades NET\server\server.vbp
*\AD:\Blackshades Project\Blackshades NET\server\server.vbp
2c49f800-c2dd-11cf-9ad6-0080c7e7b78d
2c49f800-c2dd-11cf-9ad6-0080c7e7b78d
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1) Gecko/20090612 Firefox/3.5
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1) Gecko/20090612 Firefox/3.5
{00020404-0000-0000-C000-000000000046}
{00020404-0000-0000-C000-000000000046}
\nir_cmd.bss speak text
\nir_cmd.bss speak text
\nir_cmd.bss setsysvolume 65535
\nir_cmd.bss setsysvolume 65535
\nir_cmd.bss mutesysvolume 1
\nir_cmd.bss mutesysvolume 1
\nir_cmd.bss mutesysvolume 0
\nir_cmd.bss mutesysvolume 0
\nir_cmd.bss screensaver
\nir_cmd.bss screensaver
\nir_cmd.bss monitor off
\nir_cmd.bss monitor off
\nir_cmd.bss monitor on
\nir_cmd.bss monitor on
PORT
PORT
TRANSFERPORT
TRANSFERPORT
\rsout.tmp
\rsout.tmp
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\
Keylog
Keylog
Wscript.Shell
Wscript.Shell
HKEY_CLASSES_ROOT\HTTP\shell\open\command\
HKEY_CLASSES_ROOT\HTTP\shell\open\command\
\winlogon.exe
\winlogon.exe
iexplore.exe
iexplore.exe
ADVAPI32.dll
ADVAPI32.dll
hXXp://VVV.facebook.com/?ref=home
hXXp://VVV.facebook.com/?ref=home
hXXp://VVV.facebook.com
hXXp://VVV.facebook.com
Windows Firewall/Internet Connection Sharing (ICS)
Windows Firewall/Internet Connection Sharing (ICS)
WebCamCapture
WebCamCapture
\Vuze\Azureus.exe
\Vuze\Azureus.exe
\LimeWire\LimeWire.exe
\LimeWire\LimeWire.exe
\uTorrent\uTorrent.exe
\uTorrent\uTorrent.exe
\uTorrent\uTorrent.exe /HIDE
\uTorrent\uTorrent.exe /HIDE
\BitTorrent\bittorrent.exe
\BitTorrent\bittorrent.exe
\MSWINSCK.OCX
\MSWINSCK.OCX
\cmd.exe
\cmd.exe
\data.dat
\data.dat
\steam\steam.exe
\steam\steam.exe
nkey
nkey
dkey
dkey
regsvr32.exe
regsvr32.exe
\pws_mail.bss
\pws_mail.bss
\pws_mess.bss
\pws_mess.bss
\pws_cdk.bss
\pws_cdk.bss
\pws_ff.bss
\pws_ff.bss
\pws_chro.bss
\pws_chro.bss
\nir_cmd.bss
\nir_cmd.bss
cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "
cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "
:*:Enabled:Windows Messanger" /f
:*:Enabled:Windows Messanger" /f
winmgmts:{impersonationLevel=Impersonate}!\\.\root\cimv2
winmgmts:{impersonationLevel=Impersonate}!\\.\root\cimv2
00000000
00000000
winmgmts:\\.\root\cimv2
winmgmts:\\.\root\cimv2
Select * from Win32_Keyboard
Select * from Win32_Keyboard
api.ipinfodb.com
api.ipinfodb.com
GET /v2/ip_query.php?key=
GET /v2/ip_query.php?key=
&timezone=off HTTP/1.1
&timezone=off HTTP/1.1
Host: api.ipinfodb.com
Host: api.ipinfodb.com
GET /v2/ip_query_country.php?key=
GET /v2/ip_query_country.php?key=
Portable
Portable
WScript.Shell
WScript.Shell
winmgmts:\\.\root\SecurityCenter
winmgmts:\\.\root\SecurityCenter
\wallpaper.bmp
\wallpaper.bmp
\wallpaper.jpg
\wallpaper.jpg
WinServer 2003, Web Edition
WinServer 2003, Web Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName
__oxFrame.class__
__oxFrame.class__
Scripting.FileSystemObject
Scripting.FileSystemObject
Autorun.ini
Autorun.ini
{557CF401-1A04-11D3-9A73-0000F81EF32E}
{557CF401-1A04-11D3-9A73-0000F81EF32E}
{1D5BE4B5-FA4A-452D-9CDD-5DB35105E7EB}
{1D5BE4B5-FA4A-452D-9CDD-5DB35105E7EB}
Address family not supported by protocol family.
Address family not supported by protocol family.
Operation already in progress.
Operation already in progress.
Operation now in progress.
Operation now in progress.
Socket operation on nonsocket.
Socket operation on nonsocket.
Operation not supported.
Operation not supported.
Protocol family not supported.
Protocol family not supported.
Protocol not supported.
Protocol not supported.
Socket type not supported.
Socket type not supported.
Winsock.dll version out of range.
Winsock.dll version out of range.
CSocketMaster.SocketExists
CSocketMaster.SocketExists
CSocketMaster.PostSocket
CSocketMaster.PostSocket
CSocketMaster.ConnectToIP
CSocketMaster.ConnectToIP
CSocketMaster.ResolveIfHostname
CSocketMaster.ResolveIfHostname
CSocketMaster.SendBufferedDataUDP
CSocketMaster.SendBufferedDataUDP
CSocketMaster.SendBufferedData
CSocketMaster.SendBufferedData
abe2869f-9b47-4cd9-a358-c22904dba7f7
abe2869f-9b47-4cd9-a358-c22904dba7f7
/stext mess.dat
/stext mess.dat
\mess.dat
\mess.dat
/stext mail.dat
/stext mail.dat
\mail.dat
\mail.dat
/stext ffpw.dat
/stext ffpw.dat
\ffpw.dat
\ffpw.dat
Web Site
Web Site
Password
Password
/stext chro.dat
/stext chro.dat
\chro.dat
\chro.dat
Action URL
Action URL
SOFTWARE\MICROSOFT\Windows NT\CurrentVersion
SOFTWARE\MICROSOFT\Windows NT\CurrentVersion
Windows
Windows
SOFTWARE\Classes\Applications\iexplore.exe\shell\open\command
SOFTWARE\Classes\Applications\iexplore.exe\shell\open\command
http\shell\open\command
http\shell\open\command
127.0.0.1
127.0.0.1
\dump.txt
\dump.txt
\uTorrent\uTorrent.exe /DIRECTORY
\uTorrent\uTorrent.exe /DIRECTORY
255.255.255.255
255.255.255.255
finalizarprocessoportas
finalizarprocessoportas
CONNECT %s:%i HTTP/1.0
CONNECT %s:%i HTTP/1.0
SOFTWARE\Classes\http\shell\open\command
SOFTWARE\Classes\http\shell\open\command
Software\Classes\http\shell\open\command
Software\Classes\http\shell\open\command
Software\Microsoft\Windows NT\CurrentVersion\SystemRestore
Software\Microsoft\Windows NT\CurrentVersion\SystemRestore
code.is.a.winner
code.is.a.winner
Software\Microsoft\Windows\CurrentVersion\Uninstall\eMule
Software\Microsoft\Windows\CurrentVersion\Uninstall\eMule
SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\DigitalProductId
SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\DigitalProductId
bps1.exe
bps1.exe
bhookpl.dll
bhookpl.dll
bnfa.exe
bnfa.exe
drvloadn.dll
drvloadn.dll
drvloadx.dll
drvloadx.dll
VNCHooks.dll
VNCHooks.dll
xr4tdwa.exe
xr4tdwa.exe
shutdown.exe
shutdown.exe
TCnRawKeyBoard
TCnRawKeyBoard
HuntHTTPDownload
HuntHTTPDownload
autorun.inf
autorun.inf
hXXps://onlineeast#.bankofamerica.com
hXXps://onlineeast#.bankofamerica.com
winlogon.exe
winlogon.exe
moz_logins
moz_logins
WEBCAMLIVE
WEBCAMLIVE
explorer.exe
explorer.exe
\system32\userinit.exe
\system32\userinit.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
\system32\userinit.exe,
\system32\userinit.exe,
notepad.exe
notepad.exe
steam.exe
steam.exe
hl.exe
hl.exe
\rspad.dat
\rspad.dat
@*\AD:\Blackshades Project\Blackshades NET\server\server.vbp
@*\AD:\Blackshades Project\Blackshades NET\server\server.vbp
rundll32.exe_1460:
.text
.text
`.data
`.data
.rsrc
.rsrc
msvcrt.dll
msvcrt.dll
KERNEL32.dll
KERNEL32.dll
NTDLL.DLL
NTDLL.DLL
GDI32.dll
GDI32.dll
USER32.dll
USER32.dll
IMAGEHLP.dll
IMAGEHLP.dll
rundll32.pdb
rundll32.pdb
.....eZXnnnnnnnnnnnn3
.....eZXnnnnnnnnnnnn3
....eDXnnnnnnnnnnnn3
....eDXnnnnnnnnnnnn3
...eDXnnnnnnnnnnnn,
...eDXnnnnnnnnnnnn,
.eDXnnnnnnnnnnnn,
.eDXnnnnnnnnnnnn,
%Xnnnnnnnnnnnnnnn1
%Xnnnnnnnnnnnnnnn1
O3$dS7"%U9
O3$dS7"%U9
.manifest
.manifest
5.1.2600.5512 (xpsp.080413-2105)
5.1.2600.5512 (xpsp.080413-2105)
RUNDLL.EXE
RUNDLL.EXE
Windows
Windows
Operating System
Operating System
5.1.2600.5512
5.1.2600.5512
YThere is not enough memory to run the file %s.
YThere is not enough memory to run the file %s.
Please close other windows and try again.
Please close other windows and try again.
9The file %s or one of its components could not be opened.
9The file %s or one of its components could not be opened.
0The file %s or one of its components cannot run.
0The file %s or one of its components cannot run.
MThe file %s or one of its components requires a different version of Windows.
MThe file %s or one of its components requires a different version of Windows.
UThe file %s or one of its components cannot run in standard or enhanced mode Windows.3Another instance of the file %s is already running./An exception occurred while trying to run "%s"
UThe file %s or one of its components cannot run in standard or enhanced mode Windows.3Another instance of the file %s is already running./An exception occurred while trying to run "%s"
Error in %s
Error in %s
Missing entry:%s
Missing entry:%s
Error loading %s
Error loading %s