Trojan-Downloader.Win32.Genome.poac (Kaspersky), mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Trojan-Downloader, Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 041d0ccd026a9e3153b0f112232317ab
SHA1: 38b9b38dad347837d15ad511a0be6a9a4aac42d6
SHA256: 0d96c6bb49c0ce4eda8ef2073f61a57c4ba167d7f869c4c911272f13c21c543c
SSDeep: 1536:MVdePelp2Xy tuQOzOYE5aXPnECwF8rT62duQt36f2e/23VcynQTlFMEeKqEaXhm:PweqOYEUXPnECXxh6McLlOEvCh9dJ9MZ
Size: 110717 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2012-02-24 21:19:59
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan-Downloader. Trojan program, which downloads files from the Internet without user's notice and executes them.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan-Downloader creates the following process(es):
WebAdSystem_setup.exe:1328
The Trojan-Downloader injects its code into the following process(es):
%original file name%.exe:312
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:312 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsz2.tmp (5390 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp3.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WebAdSystem\WebAdSystem_setup.exe (75249 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp3.tmp\inetc.dll (784 bytes)
The Trojan-Downloader deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsp3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk1.tmp (0 bytes)
The process WebAdSystem_setup.exe:1328 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\{d5710427-65cc-4faa-9a8f-e6ecfebdd5ca}\.ba1\BootstrapperApplicationData.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{d5710427-65cc-4faa-9a8f-e6ecfebdd5ca}\.ba1\icon.png (834 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{d5710427-65cc-4faa-9a8f-e6ecfebdd5ca}\.ba1\theme_passive.wxl (822 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WebAdSystem_20150326024602.log (11443 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{d5710427-65cc-4faa-9a8f-e6ecfebdd5ca}\.ba1\license.rtf (429 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{d5710427-65cc-4faa-9a8f-e6ecfebdd5ca}\.ba1\theme.wxl (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{d5710427-65cc-4faa-9a8f-e6ecfebdd5ca}\.ba1\welcome.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{d5710427-65cc-4faa-9a8f-e6ecfebdd5ca}\.ba1\theme.xml (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{d5710427-65cc-4faa-9a8f-e6ecfebdd5ca}\.ba1\logo.png (575 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{d5710427-65cc-4faa-9a8f-e6ecfebdd5ca}\.ba1\theme_passive.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{d5710427-65cc-4faa-9a8f-e6ecfebdd5ca}\.ba1\wixstdba.dll (3295 bytes)
Registry activity
The process %original file name%.exe:312 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CD BF 8A CA E7 EC 31 E6 DA 3F 6F 58 4A E3 5E 4F"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan-Downloader deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process WebAdSystem_setup.exe:1328 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1D B9 E6 5C CF EE BC 38 18 D4 CA FD 6C 7D 4D F2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
Dropped PE files
MD5 | File path |
---|---|
1b8f16a91e30d2ba0ca23bcee08ed5a8 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\WebAdSystem\WebAdSystem_setup.exe |
bf712f32249029466fa86756f5546950 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsp3.tmp\System.dll |
5da9df435ff20853a2c45026e7681cef | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsp3.tmp\inetc.dll |
6077d25ef6a4b772d49229ad66ee5e34 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\{d5710427-65cc-4faa-9a8f-e6ecfebdd5ca}\.ba1\wixstdba.dll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
WebAdSystem_setup.exe:1328
- Delete the original Trojan-Downloader file.
- Delete or disinfect the following files created/modified by the Trojan-Downloader:
%Documents and Settings%\%current user%\Local Settings\Temp\nsz2.tmp (5390 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp3.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WebAdSystem\WebAdSystem_setup.exe (75249 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp3.tmp\inetc.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{d5710427-65cc-4faa-9a8f-e6ecfebdd5ca}\.ba1\BootstrapperApplicationData.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{d5710427-65cc-4faa-9a8f-e6ecfebdd5ca}\.ba1\icon.png (834 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{d5710427-65cc-4faa-9a8f-e6ecfebdd5ca}\.ba1\theme_passive.wxl (822 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WebAdSystem_20150326024602.log (11443 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{d5710427-65cc-4faa-9a8f-e6ecfebdd5ca}\.ba1\license.rtf (429 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{d5710427-65cc-4faa-9a8f-e6ecfebdd5ca}\.ba1\theme.wxl (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{d5710427-65cc-4faa-9a8f-e6ecfebdd5ca}\.ba1\welcome.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{d5710427-65cc-4faa-9a8f-e6ecfebdd5ca}\.ba1\theme.xml (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{d5710427-65cc-4faa-9a8f-e6ecfebdd5ca}\.ba1\logo.png (575 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{d5710427-65cc-4faa-9a8f-e6ecfebdd5ca}\.ba1\theme_passive.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{d5710427-65cc-4faa-9a8f-e6ecfebdd5ca}\.ba1\wixstdba.dll (3295 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 28432 | 28672 | 4.50399 | f569e353af0ed51bf4c216faa9bed4e7 |
.rdata | 32768 | 10898 | 11264 | 3.04561 | 91eee43954e068e650f7b73a8b0e6915 |
.data | 45056 | 425660 | 512 | 1.02085 | db9f7acbf1c3ddfe255077b699955dfa |
.ndata | 471040 | 1003520 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
.rsrc | 1474560 | 2552 | 2560 | 3.15644 | 129a024863b92f38fe336e61b65c46f1 |
.reloc | 1478656 | 3978 | 4096 | 3.93376 | 1a82862ed7bdc9a512f6ff8c4e0579a2 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://webadsystem.com/download/x86/?src_id=144 | |
hxxp://www.webadsystem.com/download/x86/?src_id=144 | 87.98.134.216 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /download/x86/?src_id=144 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.webadsystem.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 26 Mar 2015 00:45:55 GMT
Content-Type: application/octet-stream
Connection: keep-alive
Vary: Accept-Language, Cookie
Content-Length: 1418784
Content-Language: fr
Content-Disposition: attachment; filename=WebAdSystem_setup.exe
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.X...6...6...6.......6.....n.6.......6.......6...7.J.6.....l.6.......6.......6.......6.Rich..6.........PE..L...o..P.................h...........]............@.................................|.....@.....................................,....p...2.......... ............0..........................8...........@...............t............................text....f.......h.................. ..`.rdata...............l..............@..@.data... 0..........................@....wixburn8....P......................@..@.tls.........`......................@....rsrc....2...p...4..................@..@.reloc..fA.......B...<..............@..B........................................................................................................................................................................................................................................................................U..Qj.j.j.j.....C..e...E.P.u..u..u..L.....x..E.....U..Q.e..V....d....W.=x.C.V..\...............P....l...P.F.........P.:....E.P..|.C.P. ....E..........`.....HV.X.......y.hT.C.V.....YY_..^..........t.P...........P.......l...P.......h.....t.P...........W..t.P..$.C.........=(.C.......P........P.:.........P...........P..u........P.._........P..A........P.^:........P..-........P..*...FHP.f....F@..t.P......F(..t.P.............t.P.............t.P.............t.P.............t.P.......d......t.P..t.C.V..h....j.V.
<<< skipped >>>
Map
The Trojan-Downloader connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_312:
.text
.text
`.rdata
`.rdata
@.data
@.data
.ndata
.ndata
.rsrc
.rsrc
@.reloc
@.reloc
RegDeleteKeyExW
RegDeleteKeyExW
Kernel32.DLL
Kernel32.DLL
PSAPI.DLL
PSAPI.DLL
%s=%s
%s=%s
GetWindowsDirectoryW
GetWindowsDirectoryW
KERNEL32.dll
KERNEL32.dll
ExitWindowsEx
ExitWindowsEx
GetAsyncKeyState
GetAsyncKeyState
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
SHFileOperationW
SHFileOperationW
ShellExecuteW
ShellExecuteW
SHELL32.dll
SHELL32.dll
RegDeleteKeyW
RegDeleteKeyW
RegCloseKey
RegCloseKey
RegEnumKeyW
RegEnumKeyW
RegOpenKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCreateKeyExW
ADVAPI32.dll
ADVAPI32.dll
COMCTL32.dll
COMCTL32.dll
ole32.dll
ole32.dll
VERSION.dll
VERSION.dll
6%6S6v6~6
6%6S6v6~6
FtpCommandW
FtpCommandW
Filename: %s
Filename: %s
MSVCRT.dll
MSVCRT.dll
HttpSendRequestW
HttpSendRequestW
HttpSendRequestExW
HttpSendRequestExW
HttpQueryInfoW
HttpQueryInfoW
FtpCreateDirectoryW
FtpCreateDirectoryW
FtpOpenFileW
FtpOpenFileW
HttpAddRequestHeadersA
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpAddRequestHeadersW
HttpOpenRequestW
HttpOpenRequestW
HttpEndRequestW
HttpEndRequestW
InternetCrackUrlW
InternetCrackUrlW
WININET.dll
WININET.dll
inetc.dll
inetc.dll
Nullsoft Install System v2.46.5-Unicode
Nullsoft Install System v2.46.5-Unicode
logging set to %d
logging set to %d
settings logging to %d
settings logging to %d
created uninstaller: %d, "%s"
created uninstaller: %d, "%s"
WriteReg: error creating key "%s\%s"
WriteReg: error creating key "%s\%s"
WriteReg: error writing into "%s\%s" "%s"
WriteReg: error writing into "%s\%s" "%s"
WriteRegBin: "%s\%s" "%s"="%s"
WriteRegBin: "%s\%s" "%s"="%s"
WriteRegDWORD: "%s\%s" "%s"="0xx"
WriteRegDWORD: "%s\%s" "%s"="0xx"
WriteRegExpandStr: "%s\%s" "%s"="%s"
WriteRegExpandStr: "%s\%s" "%s"="%s"
WriteRegStr: "%s\%s" "%s"="%s"
WriteRegStr: "%s\%s" "%s"="%s"
DeleteRegKey: "%s\%s"
DeleteRegKey: "%s\%s"
DeleteRegValue: "%s\%s" "%s"
DeleteRegValue: "%s\%s" "%s"
WriteINIStr: wrote [%s] %s=%s in %s
WriteINIStr: wrote [%s] %s=%s in %s
CopyFiles "%s"->"%s"
CopyFiles "%s"->"%s"
CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
Error registering DLL: Could not load %s
Error registering DLL: Could not load %s
Error registering DLL: %s not found in %s
Error registering DLL: %s not found in %s
GetTTFFontName(%s) returned %s
GetTTFFontName(%s) returned %s
GetTTFVersionString(%s) returned %s
GetTTFVersionString(%s) returned %s
Exec: failed createprocess ("%s")
Exec: failed createprocess ("%s")
Exec: success ("%s")
Exec: success ("%s")
Exec: command="%s"
Exec: command="%s"
ExecShell: success ("%s": file:"%s" params:"%s")
ExecShell: success ("%s": file:"%s" params:"%s")
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
Exch: stack
Exch: stack
RMDir: "%s"
RMDir: "%s"
MessageBox: %d,"%s"
MessageBox: %d,"%s"
Delete: "%s"
Delete: "%s"
File: wrote %d to "%s"
File: wrote %d to "%s"
File: skipped: "%s" (overwriteflag=%d)
File: skipped: "%s" (overwriteflag=%d)
File: error creating "%s"
File: error creating "%s"
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
Rename failed: %s
Rename failed: %s
Rename on reboot: %s
Rename on reboot: %s
Rename: %s
Rename: %s
IfFileExists: file "%s" does not exist, jumping %d
IfFileExists: file "%s" does not exist, jumping %d
IfFileExists: file "%s" exists, jumping %d
IfFileExists: file "%s" exists, jumping %d
CreateDirectory: "%s" created
CreateDirectory: "%s" created
CreateDirectory: can't create "%s" - a file already exists
CreateDirectory: can't create "%s" - a file already exists
CreateDirectory: can't create "%s" (err=%d)
CreateDirectory: can't create "%s" (err=%d)
CreateDirectory: "%s" (%d)
CreateDirectory: "%s" (%d)
SetFileAttributes: "%s":X
SetFileAttributes: "%s":X
Sleep(%d)
Sleep(%d)
detailprint: %s
detailprint: %s
Call: %d
Call: %d
Aborting: "%s"
Aborting: "%s"
Jump: %d
Jump: %d
verifying installer: %d%%
verifying installer: %d%%
unpacking data: %d%%
unpacking data: %d%%
... %d%%
... %d%%
hXXp://nsis.sf.net/NSIS_Error
hXXp://nsis.sf.net/NSIS_Error
~nsu.tmp
~nsu.tmp
install.log
install.log
%u.%u%s%s
%u.%u%s%s
Skipping section: "%s"
Skipping section: "%s"
Section: "%s"
Section: "%s"
New install of "%s" to "%s"
New install of "%s" to "%s"
.DEFAULT\Control Panel\International
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
*?|/":
*?|/":
invalid registry key
invalid registry key
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
x%c
x%c
RMDir: RemoveDirectory failed("%s")
RMDir: RemoveDirectory failed("%s")
RMDir: RemoveDirectory on Reboot("%s")
RMDir: RemoveDirectory on Reboot("%s")
RMDir: RemoveDirectory("%s")
RMDir: RemoveDirectory("%s")
RMDir: RemoveDirectory invalid input("%s")
RMDir: RemoveDirectory invalid input("%s")
Delete: DeleteFile failed("%s")
Delete: DeleteFile failed("%s")
Delete: DeleteFile on Reboot("%s")
Delete: DeleteFile on Reboot("%s")
Delete: DeleteFile("%s")
Delete: DeleteFile("%s")
%s: failed opening file "%s"
%s: failed opening file "%s"
"C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\WebAdSystem\WebAdSystem_setup.exe"
"C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\WebAdSystem\WebAdSystem_setup.exe"
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsp3.tmp\inetc.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsp3.tmp\inetc.dll
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsp3.tmp
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsp3.tmp
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsp3.tmp\inetc.dll
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsp3.tmp\inetc.dll
REST %d
REST %d
SIZE %s
SIZE %s
Content-Length: %d
Content-Length: %d
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
Authorization: basic %s
Authorization: basic %s
Proxy-authorization: basic %s
Proxy-authorization: basic %s
%s:%s
%s:%s
Wwininet.dll
Wwininet.dll
%u MB
%u MB
%u kB
%u kB
%u bytes
%u bytes
%d:d:d
%d:d:d
%s - %s
%s - %s
(Err=%d)
(Err=%d)
NSIS_Inetc (Mozilla)
NSIS_Inetc (Mozilla)
/password
/password
Uploading %s
Uploading %s
Open URL Error
Open URL Error
URL Parts Error
URL Parts Error
FtpCreateDir failed (550)
FtpCreateDir failed (550)
Error FTP path (550)
Error FTP path (550)
Downloading %s
Downloading %s
%dkB (%d%%) of %dkB @ %d.dkB/s
%dkB (%d%%) of %dkB @ %d.dkB/s
(%d %s%s remaining)
(%d %s%s remaining)
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsp3.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsp3.tmp
nsp3.tmp
nsp3.tmp
Exec: success (""C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\WebAdSystem\WebAdSystem_setup.exe" ")
Exec: success (""C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\WebAdSystem\WebAdSystem_setup.exe" ")
tmp\inetc.dll"
tmp\inetc.dll"
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\WebAdSystem\WebAdSystem_setup.exe
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\WebAdSystem\WebAdSystem_setup.exe
\%original file name%.exe
\%original file name%.exe
c:\%original file name%.exe
c:\%original file name%.exe
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\WebAdSystem
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\WebAdSystem
%original file name%.exe
%original file name%.exe
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsk1.tmp
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsk1.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
WebAdSystem_setup.exe
WebAdSystem_setup.exe
hXXp://VVV.webadsystem.com/download/x86/?src_id=144
hXXp://VVV.webadsystem.com/download/x86/?src_id=144
WebAdSystem_setup.exe_1328:
.text
.text
`.rdata
`.rdata
@.data
@.data
.wixburn8
.wixburn8
@.tls
@.tls
.rsrc
.rsrc
@.reloc
@.reloc
Ht.Ht Ht
Ht.Ht Ht
FtPhD
FtPhD
tù8t
tù8t
^Xh4%D
^Xh4%D
.hxcD
.hxcD
t3f98t.WP
t3f98t.WP
SSSSh
SSSSh
j.Yf;
j.Yf;
j.Xf;
j.Xf;
PSSSSSSh
PSSSSSSh
engine.cpp
engine.cpp
Failed to set elevated pipe into thread local storage for logging.
Failed to set elevated pipe into thread local storage for logging.
Failed to create pipes to connect to elevated parent process.
Failed to create pipes to connect to elevated parent process.
3.7.1224.0
3.7.1224.0
Failed to find container info, too few elements: %u
Failed to find container info, too few elements: %u
section.cpp
section.cpp
Failed to read section info, unsupported version: x
Failed to read section info, unsupported version: x
Failed to read section info, data to short: %u
Failed to read section info, data to short: %u
Failed to read complete image section header, index: %u
Failed to read complete image section header, index: %u
Failed to read image section header, index: %u
Failed to read image section header, index: %u
.wixburn
.wixburn
Failed to allocate pipe secret.
Failed to allocate pipe secret.
Failed to convert pipe guid into string.
Failed to convert pipe guid into string.
Failed to create pipe guid.
Failed to create pipe guid.
pipe.cpp
pipe.cpp
Failed to allocate pipe name.
Failed to allocate pipe name.
Failed to read ACK from pipe.
Failed to read ACK from pipe.
Failed to write our process id to pipe.
Failed to write our process id to pipe.
Failed to write secret to pipe.
Failed to write secret to pipe.
Failed to write secret length to pipe.
Failed to write secret length to pipe.
Failed to reset pipe to blocking.
Failed to reset pipe to blocking.
Failed to set pipe to non-blocking.
Failed to set pipe to non-blocking.
Failed to wait for child to connect to pipe.
Failed to wait for child to connect to pipe.
Failed to write message type to pipe.
Failed to write message type to pipe.
Failed to read message from pipe.
Failed to read message from pipe.
Failed to read verification process id from parent pipe.
Failed to read verification process id from parent pipe.
Failed to read verification secret from parent pipe.
Failed to read verification secret from parent pipe.
Failed to read size of verification secret from parent pipe.
Failed to read size of verification secret from parent pipe.
No status returned to PipePumpMessages()
No status returned to PipePumpMessages()
Failed to read returned restart to PipePumpMessages()
Failed to read returned restart to PipePumpMessages()
Failed to read returned result to PipePumpMessages()
Failed to read returned result to PipePumpMessages()
Failed to get message over pipe
Failed to get message over pipe
Failed to process message: %u
Failed to process message: %u
Failed to allocate full name of cache pipe: %ls
Failed to allocate full name of cache pipe: %ls
Failed to create pipe: %ls
Failed to create pipe: %ls
Failed to allocate full name of pipe: %ls
Failed to allocate full name of pipe: %ls
Failed to create the security descriptor for the connection event and pipe.
Failed to create the security descriptor for the connection event and pipe.
Failed to open companion process with PID: %u
Failed to open companion process with PID: %u
Failed to allocate name of parent cache pipe.
Failed to allocate name of parent cache pipe.
Failed to verify parent pipe: %ls
Failed to verify parent pipe: %ls
Failed to open parent pipe: %ls
Failed to open parent pipe: %ls
Failed to allocate name of parent pipe.
Failed to allocate name of parent pipe.
Failed to pump messages during send message to pipe.
Failed to pump messages during send message to pipe.
Failed to write send message to pipe.
Failed to write send message to pipe.
catalog.cpp
catalog.cpp
package.cpp
package.cpp
Failed to parse EXE package.
Failed to parse EXE package.
Failed to hex decode @CertificateRootThumbprint.
Failed to hex decode @CertificateRootThumbprint.
Failed to get @CertificateRootThumbprint.
Failed to get @CertificateRootThumbprint.
Failed to hex decode @CertificateRootPublicKeyIdentifier.
Failed to hex decode @CertificateRootPublicKeyIdentifier.
Failed to get @CertificateRootPublicKeyIdentifier.
Failed to get @CertificateRootPublicKeyIdentifier.
Failed to get @DownloadUrl.
Failed to get @DownloadUrl.
payload.cpp
payload.cpp
Failed to get directory portion of local file path
Failed to get directory portion of local file path
Failed to open registration key.
Failed to open registration key.
Failed to format pending restart registry key to read.
Failed to format pending restart registry key to read.
registration.cpp
registration.cpp
Failed to build cached executable path.
Failed to build cached executable path.
Failed to build uninstall registry key path.
Failed to build uninstall registry key path.
Failed to write run key value.
Failed to write run key value.
Failed to create run key.
Failed to create run key.
Failed to delete run key value.
Failed to delete run key value.
Failed to format the key path for update registration.
Failed to format the key path for update registration.
Failed to remove update registration key: %ls
Failed to remove update registration key: %ls
Failed to format key for update registration.
Failed to format key for update registration.
Failed to get @UpdateUrl.
Failed to get @UpdateUrl.
Failed to get @AboutUrl.
Failed to get @AboutUrl.
Failed to get @ExecutableName.
Failed to get @ExecutableName.
Failed to get @ProviderKey.
Failed to get @ProviderKey.
Failed to overwrite the bundle provider key built-in variable.
Failed to overwrite the bundle provider key built-in variable.
Failed to delete registration key: %ls
Failed to delete registration key: %ls
Failed to write volatile reboot required registry key.
Failed to write volatile reboot required registry key.
Failed to create the key for update registration.
Failed to create the key for update registration.
Failed to get the formatted key path for update registration.
Failed to get the formatted key path for update registration.
Failed to register the bundle dependency key.
Failed to register the bundle dependency key.
Failed to create registration key.
Failed to create registration key.
Directory search: %ls, did not find path: %ls, reason: 0x%x
Directory search: %ls, did not find path: %ls, reason: 0x%x
search.cpp
search.cpp
RegistrySearchExists failed: ID '%ls', HRESULT 0x%x
RegistrySearchExists failed: ID '%ls', HRESULT 0x%x
Registry value not found. Key = '%ls', Value = '%ls'
Registry value not found. Key = '%ls', Value = '%ls'
Failed to query registry key value.
Failed to query registry key value.
Failed to open registry key. Key = '%ls'
Failed to open registry key. Key = '%ls'
Registry key not found. Key = '%ls'
Registry key not found. Key = '%ls'
Failed to format key string.
Failed to format key string.
RegistrySearchValue failed: ID '%ls', HRESULT 0x%x
RegistrySearchValue failed: ID '%ls', HRESULT 0x%x
Unsupported registry key value type. Type = '%u'
Unsupported registry key value type. Type = '%u'
Failed to query registry key value size.
Failed to query registry key value size.
Failed to open registry key.
Failed to open registry key.
MsiComponentSearch failed: ID '%ls', HRESULT 0x%x
MsiComponentSearch failed: ID '%ls', HRESULT 0x%x
Failed to get component path: %d
Failed to get component path: %d
MsiProductSearch failed: ID '%ls', HRESULT 0x%x
MsiProductSearch failed: ID '%ls', HRESULT 0x%x
Unsupported product search type: %u
Unsupported product search type: %u
MsiFeatureSearch failed: ID '%ls', HRESULT 0x%x
MsiFeatureSearch failed: ID '%ls', HRESULT 0x%x
Failed to get Key attribute.
Failed to get Key attribute.
Unsupported variable type.
Unsupported variable type.
variable.cpp
variable.cpp
Failed to get msi.dll version info.
Failed to get msi.dll version info.
Failed to find DllGetVersion entry point in msi.dll.
Failed to find DllGetVersion entry point in msi.dll.
Failed to get windows directory.
Failed to get windows directory.
Failed to open Windows folder key.
Failed to open Windows folder key.
Setting variable failed: ID '%ls', HRESULT 0x%x
Setting variable failed: ID '%ls', HRESULT 0x%x
userexperience.cpp
userexperience.cpp
Failed to append passthrough to command-line.
Failed to append passthrough to command-line.
Failed to format passthrough for command-line.
Failed to format passthrough for command-line.
core.cpp
core.cpp
Failed while caching, aborting execution.
Failed while caching, aborting execution.
Another per-machine setup is already executing.
Another per-machine setup is already executing.
Another per-user setup is already executing.
Another per-user setup is already executing.
Package type not supported by detect yet.
Package type not supported by detect yet.
Failed to report detected related bundles.
Failed to report detected related bundles.
Failed to detect provider key bundle id.
Failed to detect provider key bundle id.
Failed to execute searches.
Failed to execute searches.
Failed to plan passthrough.
Failed to plan passthrough.
Failed to write registration operations to message buffer.
Failed to write registration operations to message buffer.
Failed to write dependent provider key to message buffer.
Failed to write dependent provider key to message buffer.
elevation.cpp
elevation.cpp
Failed to read file name: %u
Failed to read file name: %u
Failed to read MSI data: %u
Failed to read MSI data: %u
Failed to read registration operations.
Failed to read registration operations.
Invalid data passed to cache or layout payload.
Invalid data passed to cache or layout payload.
Failed to execute dependent registration action for provider key: %ls
Failed to execute dependent registration action for provider key: %ls
Failed to read dependent provider key.
Failed to read dependent provider key.
Failed to execute package provider action.
Failed to execute package provider action.
Failed to execute package dependency action.
Failed to execute package dependency action.
Failed to read bundle dependency key from message buffer.
Failed to read bundle dependency key from message buffer.
Invalid message type: %d
Invalid message type: %d
Failed to create pipe and cache pipe.
Failed to create pipe and cache pipe.
Failed to create pipe name and client token.
Failed to create pipe name and client token.
Failed to send BURN_ELEVATION_MESSAGE_TYPE_EXECUTE_EXE_PACKAGE message to per-machine process.
Failed to send BURN_ELEVATION_MESSAGE_TYPE_EXECUTE_EXE_PACKAGE message to per-machine process.
Failed to send BURN_ELEVATION_MESSAGE_TYPE_EXECUTE_MSI_PACKAGE message to per-machine process.
Failed to send BURN_ELEVATION_MESSAGE_TYPE_EXECUTE_MSI_PACKAGE message to per-machine process.
Failed to send BURN_ELEVATION_MESSAGE_TYPE_EXECUTE_MSP_PACKAGE message to per-machine process.
Failed to send BURN_ELEVATION_MESSAGE_TYPE_EXECUTE_MSP_PACKAGE message to per-machine process.
Failed to send BURN_ELEVATION_MESSAGE_TYPE_EXECUTE_MSU_PACKAGE message to per-machine process.
Failed to send BURN_ELEVATION_MESSAGE_TYPE_EXECUTE_MSU_PACKAGE message to per-machine process.
Failed to send BURN_ELEVATION_MESSAGE_TYPE_EXECUTE_PACKAGE_PROVIDER message to per-machine process.
Failed to send BURN_ELEVATION_MESSAGE_TYPE_EXECUTE_PACKAGE_PROVIDER message to per-machine process.
Failed to send BURN_ELEVATION_MESSAGE_TYPE_EXECUTE_PACKAGE_DEPENDENCY message to per-machine process.
Failed to send BURN_ELEVATION_MESSAGE_TYPE_EXECUTE_PACKAGE_DEPENDENCY message to per-machine process.
Failed to write bundle dependency key to message buffer.
Failed to write bundle dependency key to message buffer.
Unexpected elevated cache message sent to child process, msg: %u
Unexpected elevated cache message sent to child process, msg: %u
Failed to execute EXE package.
Failed to execute EXE package.
Failed to read exe package.
Failed to read exe package.
Failed to execute MSI package.
Failed to execute MSI package.
Failed to execute MSP package.
Failed to execute MSP package.
Failed to execute MSU package.
Failed to execute MSU package.
Failed to set elevated cache pipe into thread local storage for logging.
Failed to set elevated cache pipe into thread local storage for logging.
Unexpected elevated message sent to child process, msg: %u
Unexpected elevated message sent to child process, msg: %u
uithread.cpp
uithread.cpp
logging.cpp
logging.cpp
Failed to set download password.
Failed to set download password.
Failed to set download URL.
Failed to set download URL.
UX denied while trying to set download URL on embedded payload: %ls
UX denied while trying to set download URL on embedded payload: %ls
EngineForApplication.cpp
EngineForApplication.cpp
Failed to send embedded message over pipe.
Failed to send embedded message over pipe.
Failed to send embedded progress message over pipe.
Failed to send embedded progress message over pipe.
Failed to grow plan's array of execute actions.
Failed to grow plan's array of execute actions.
Failed to insert keep registration execute action.
Failed to insert keep registration execute action.
Failed to insert remove registration execute action.
Failed to insert remove registration execute action.
Failed to copy executable path to resume command-line.
Failed to copy executable path to resume command-line.
plan.cpp
plan.cpp
Failed to copy dependent provider key to rollback registration action.
Failed to copy dependent provider key to rollback registration action.
Failed to copy dependent provider key to registration action.
Failed to copy dependent provider key to registration action.
Failed to add dependent bundle provider key to ignore dependents.
Failed to add dependent bundle provider key to ignore dependents.
Unexpected relation type encountered during plan: %d
Unexpected relation type encountered during plan: %d
Failed to append execute action.
Failed to append execute action.
Failed to get path for executing module as attached container working path.
Failed to get path for executing module as attached container working path.
Failed to finalize slipstream execute actions.
Failed to finalize slipstream execute actions.
Failed to remove unnecessary execute actions.
Failed to remove unnecessary execute actions.
Failed to append execute checkpoint for cache rollback.
Failed to append execute checkpoint for cache rollback.
Failed to to copy executable name for bundle.
Failed to to copy executable name for bundle.
Failed to get executing process as layout directory.
Failed to get executing process as layout directory.
Failed to get path for current executing process as layout directory.
Failed to get path for current executing process as layout directory.
Failed to append execute checkpoint.
Failed to append execute checkpoint.
Failed to plan execute package.
Failed to plan execute package.
Failed to plan rollback boundary for passthrough package.
Failed to plan rollback boundary for passthrough package.
Failed to process passthrough package.
Failed to process passthrough package.
splashscreen.cpp
splashscreen.cpp
Failed to parse condition "%ls". Unexpected '~' operator at position %d.
Failed to parse condition "%ls". Unexpected '~' operator at position %d.
Failed to parse condition "%ls". Identifier cannot start at a digit, at position %d.
Failed to parse condition "%ls". Identifier cannot start at a digit, at position %d.
Failed to parse condition "%ls". Constant too big, at position %d.
Failed to parse condition "%ls". Constant too big, at position %d.
Failed to parse condition "%ls". Invalid version format, at position %d.
Failed to parse condition "%ls". Invalid version format, at position %d.
Failed to parse condition "%ls". Version can have a maximum of 4 parts, at position %d.
Failed to parse condition "%ls". Version can have a maximum of 4 parts, at position %d.
Failed to parse condition "%ls". Unexpected character at position %d.
Failed to parse condition "%ls". Unexpected character at position %d.
Failed to parse condition "%ls". Unterminated literal at position %d.
Failed to parse condition "%ls". Unterminated literal at position %d.
condition.cpp
condition.cpp
Failed to parse condition '%ls' at position: %u
Failed to parse condition '%ls' at position: %u
cache.cpp
cache.cpp
Failed to seek to original data in exe burn section header.
Failed to seek to original data in exe burn section header.
Failed to seek to signature table in exe header.
Failed to seek to signature table in exe header.
Failed to seek to checksum in exe header.
Failed to seek to checksum in exe header.
Failed to find expected public key in certificate chain.
Failed to find expected public key in certificate chain.
Failed to read certificate thumbprint.
Failed to read certificate thumbprint.
Failed to get certificate public key identifier.
Failed to get certificate public key identifier.
Failed to verify expected payload against actual certificate chain.
Failed to verify expected payload against actual certificate chain.
Failed to get signer chain from authenticode certificate.
Failed to get signer chain from authenticode certificate.
Failed to get provider state from authenticode certificate.
Failed to get provider state from authenticode certificate.
Failed to evaluate executable package detect condition.
Failed to evaluate executable package detect condition.
Invalid package current state: %d.
Invalid package current state: %d.
exeengine.cpp
exeengine.cpp
Failed to insert execute action.
Failed to insert execute action.
Failed to wait for executable to complete: %ls
Failed to wait for executable to complete: %ls
Bootstrapper application aborted during EXE progress.
Bootstrapper application aborted during EXE progress.
Process returned error: 0x%x
Process returned error: 0x%x
Failed to create obfuscated executable command.
Failed to create obfuscated executable command.
Failed to create executable command.
Failed to create executable command.
Failed to get action arguments for executable package.
Failed to get action arguments for executable package.
Failed to build executable path.
Failed to build executable path.
msiengine.cpp
msiengine.cpp
Failed to calculate execute feature state.
Failed to calculate execute feature state.
Invalid package current state result encountered during plan: %d
Invalid package current state result encountered during plan: %d
mspengine.cpp
mspengine.cpp
msuengine.cpp
msuengine.cpp
Failed to allocate WUSA.exe path.
Failed to allocate WUSA.exe path.
Unrecognized registration action type: %d
Unrecognized registration action type: %d
dependency.cpp
dependency.cpp
Failed to append the key "%ls".
Failed to append the key "%ls".
Failed to add the provider key "%ls" to the list of ignored dependencies.
Failed to add the provider key "%ls" to the list of ignored dependencies.
Failed to add the package provider key "%ls" to the list of ignored dependencies.
Failed to add the package provider key "%ls" to the list of ignored dependencies.
Failed to add the bundle provider key "%ls" to the list of ignored dependencies.
Failed to add the bundle provider key "%ls" to the list of ignored dependencies.
Failed to get the Key attribute.
Failed to get the Key attribute.
Failed to get the Imported attribute.
Failed to get the Imported attribute.
Failed to initialize provider key bundle id.
Failed to initialize provider key bundle id.
Failed to get provider key bundle id.
Failed to get provider key bundle id.
Failed to add the bundle provider key to the list of dependencies to ignore.
Failed to add the bundle provider key to the list of dependencies to ignore.
Failed to join the list of dependencies to ignore.
Failed to join the list of dependencies to ignore.
Failed to add the package provider key "%ls" to the planned list.
Failed to add the package provider key "%ls" to the planned list.
Failed to append provider execute action.
Failed to append provider execute action.
Failed to insert provider execute action.
Failed to insert provider execute action.
Failed to get @DownloadUrl. Either @SourcePath or @DownloadUrl needs to be provided.
Failed to get @DownloadUrl. Either @SourcePath or @DownloadUrl needs to be provided.
container.cpp
container.cpp
Failed to get path for executing module.
Failed to get path for executing module.
Failed to read provider key from registry for bundle: %ls
Failed to read provider key from registry for bundle: %ls
relatedbundle.cpp
relatedbundle.cpp
Failed to open uninstall key for potential related bundle: %ls
Failed to open uninstall key for potential related bundle: %ls
Failed to enumerate uninstall key for related bundles.
Failed to enumerate uninstall key for related bundles.
Failed to open uninstall registry key.
Failed to open uninstall registry key.
Failed to execute dependent registration action.
Failed to execute dependent registration action.
apply.cpp
apply.cpp
Failed attempt to download URL: '%ls' to: '%ls'
Failed attempt to download URL: '%ls' to: '%ls'
UX aborted EXE package execute progress.
UX aborted EXE package execute progress.
Failed to configure per-user EXE package.
Failed to configure per-user EXE package.
Failed to configure per-machine EXE package.
Failed to configure per-machine EXE package.
UX aborted EXE progress.
UX aborted EXE progress.
UX aborted execute EXE package begin.
UX aborted execute EXE package begin.
UX aborted MSI package execute progress.
UX aborted MSI package execute progress.
UX aborted execute MSI package begin.
UX aborted execute MSI package begin.
UX aborted MSP package execute progress.
UX aborted MSP package execute progress.
BA aborted execute MSP target.
BA aborted execute MSP target.
UX aborted execute MSP package begin.
UX aborted execute MSP package begin.
UX aborted MSU package execute progress.
UX aborted MSU package execute progress.
UX aborted execute MSU package begin.
UX aborted execute MSU package begin.
Invalid execute action.
Invalid execute action.
Failed to execute dependency action.
Failed to execute dependency action.
Failed to execute package provider registration action.
Failed to execute package provider registration action.
Invalid rollback action: %d.
Invalid rollback action: %d.
BA aborted execute begin.
BA aborted execute begin.
detect.cpp
detect.cpp
Unexpected relation type encountered: %d
Unexpected relation type encountered: %d
Failed to copy key for pseudo bundle.
Failed to copy key for pseudo bundle.
Failed to copy key for pseudo bundle payload.
Failed to copy key for pseudo bundle payload.
pseudobundle.cpp
pseudobundle.cpp
Failed to copy uninstall arguments for passthrough bundle package
Failed to copy uninstall arguments for passthrough bundle package
Failed to copy related arguments for passthrough bundle package
Failed to copy related arguments for passthrough bundle package
Failed to copy install arguments for passthrough bundle package
Failed to copy install arguments for passthrough bundle package
Failed to copy cache id for passthrough pseudo bundle.
Failed to copy cache id for passthrough pseudo bundle.
Failed to copy download source for passthrough pseudo bundle.
Failed to copy download source for passthrough pseudo bundle.
Failed to copy local source path for passthrough pseudo bundle.
Failed to copy local source path for passthrough pseudo bundle.
Failed to copy filename for passthrough pseudo bundle.
Failed to copy filename for passthrough pseudo bundle.
Failed to copy key for passthrough pseudo bundle payload.
Failed to copy key for passthrough pseudo bundle payload.
Failed to copy key for passthrough pseudo bundle.
Failed to copy key for passthrough pseudo bundle.
Failed to allocate space for burn package payload inside of passthrough bundle.
Failed to allocate space for burn package payload inside of passthrough bundle.
NetFxChainer.cpp
NetFxChainer.cpp
Unexpected embedded message sent to child process, msg: %u
Unexpected embedded message sent to child process, msg: %u
embedded.cpp
embedded.cpp
Failed to wait for embedded executable: %ls
Failed to wait for embedded executable: %ls
Failed to wait for embedded process to connect to pipe.
Failed to wait for embedded process to connect to pipe.
Failed to create embedded pipe.
Failed to create embedded pipe.
Failed to create embedded pipe name and client token.
Failed to create embedded pipe name and client token.
.cab
.cab
Invalid operation for this state.
Invalid operation for this state.
Failed to reset begin operation event.
Failed to reset begin operation event.
Failed to wait for begin operation event.
Failed to wait for begin operation event.
Failed to set operation complete event.
Failed to set operation complete event.
cabextract.cpp
cabextract.cpp
Failed to set begin operation event.
Failed to set begin operation event.
Failed to reset operation complete event.
Failed to reset operation complete event.
Failed to wait for operation complete event.
Failed to wait for operation complete event.
Failed to move file pointer 0x%x bytes.
Failed to move file pointer 0x%x bytes.
Faild to begin and wait for operation.
Faild to begin and wait for operation.
Failed to initialize cabinet.dll.
Failed to initialize cabinet.dll.
Failed to wait for operation complete.
Failed to wait for operation complete.
Failed to create operation complete event.
Failed to create operation complete event.
Failed to create begin operation event.
Failed to create begin operation event.
Failed to add header to HTTP request.
Failed to add header to HTTP request.
downloadengine.cpp
downloadengine.cpp
Failed to get redirect url: %ls
Failed to get redirect url: %ls
Failed to get HTTP status code for request to URL: %ls
Failed to get HTTP status code for request to URL: %ls
Unknown HTTP status code %d, returned from URL: %ls
Unknown HTTP status code %d, returned from URL: %ls
Failed to get HTTP status code for failed request to URL: %ls
Failed to get HTTP status code for failed request to URL: %ls
Failed to send request to URL: %ls, trying to process HTTP status code anyway.
Failed to send request to URL: %ls, trying to process HTTP status code anyway.
Failed to send request to URL: %ls
Failed to send request to URL: %ls
Failed to open internet URL: %ls
Failed to open internet URL: %ls
Failed to connect to URL: %ls
Failed to connect to URL: %ls
Failed to break URL into server and resource parts.
Failed to break URL into server and resource parts.
Failed to request URL for download: %ls
Failed to request URL for download: %ls
Failed to download URL: %ls
Failed to download URL: %ls
Failed to get size and time for URL: %ls
Failed to get size and time for URL: %ls
Failed to copy download source URL.
Failed to copy download source URL.
bitsengine.cpp
bitsengine.cpp
Failed to copy download URL.
Failed to copy download URL.
Invalid BITS engine URL: %ls
Invalid BITS engine URL: %ls
GetProcessWindowStation
GetProcessWindowStation
operator
operator
logutil.cpp
logutil.cpp
Error 0x%x: %ls
Error 0x%x: %ls
Executable: %ls v%d.%d.%d.%d
Executable: %ls v%d.%d.%d.%d
procutil.cpp
procutil.cpp
strutil.cpp
strutil.cpp
pathutil.cpp
pathutil.cpp
memutil.cpp
memutil.cpp
buffutil.cpp
buffutil.cpp
srputil.cpp
srputil.cpp
RegDeleteKeyExW
RegDeleteKeyExW
regutil.cpp
regutil.cpp
wiutil.cpp
wiutil.cpp
xmlutil.cpp
xmlutil.cpp
kernel32.dll
kernel32.dll
fileutil.cpp
fileutil.cpp
dirutil.cpp
dirutil.cpp
wuautil.cpp
wuautil.cpp
dictutil.cpp
dictutil.cpp
aclutil.cpp
aclutil.cpp
cryputil.cpp
cryputil.cpp
certutil.cpp
certutil.cpp
svcutil.cpp
svcutil.cpp
inetutil.cpp
inetutil.cpp
uriutil.cpp
uriutil.cpp
deputil.cpp
deputil.cpp
E:\delivery\Dev\wix37_public\build\ship\x86\burn.pdb
E:\delivery\Dev\wix37_public\build\ship\x86\burn.pdb
RegCloseKey
RegCloseKey
ADVAPI32.dll
ADVAPI32.dll
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
USER32.dll
USER32.dll
OLEAUT32.dll
OLEAUT32.dll
GDI32.dll
GDI32.dll
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
ConnectNamedPipe
ConnectNamedPipe
SetNamedPipeHandleState
SetNamedPipeHandleState
CreateNamedPipeW
CreateNamedPipeW
GetWindowsDirectoryW
GetWindowsDirectoryW
SetThreadExecutionState
SetThreadExecutionState
KERNEL32.dll
KERNEL32.dll
Cabinet.dll
Cabinet.dll
CryptHashPublicKeyInfo
CryptHashPublicKeyInfo
CRYPT32.dll
CRYPT32.dll
msi.dll
msi.dll
RPCRT4.dll
RPCRT4.dll
HttpAddRequestHeadersW
HttpAddRequestHeadersW
HttpOpenRequestW
HttpOpenRequestW
HttpSendRequestW
HttpSendRequestW
WININET.dll
WININET.dll
WINTRUST.dll
WINTRUST.dll
RegOpenKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteKeyW
ShellExecuteExW
ShellExecuteExW
VERSION.dll
VERSION.dll
GetCPInfo
GetCPInfo
GetProcessHeap
GetProcessHeap
CertGetCertificateContextProperty
CertGetCertificateContextProperty
HttpQueryInfoW
HttpQueryInfoW
InternetCrackUrlW
InternetCrackUrlW
Burn v%1!hs!, Windows v%2!d!.%3!d! (Build %4!d!: Service Pack %5!d!), path: %6!ls!, cmdline: '%7!ls!'
Burn v%1!hs!, Windows v%2!d!.%3!d! (Build %4!d!: Service Pack %5!d!), path: %6!ls!, cmdline: '%7!ls!'
Detected related bundle: %1!ls!, type: %2!hs!, scope: %3!hs!, version: %4!hs!, operation: %5!hs!
Detected related bundle: %1!ls!, type: %2!hs!, scope: %3!hs!, version: %4!hs!, operation: %5!hs!
Detected related package: %1!ls!, scope: %2!hs!, version: %3!hs!, language: %4!u! operation: %5!hs!
Detected related package: %1!ls!, scope: %2!hs!, version: %3!hs!, language: %4!u! operation: %5!hs!
Planned package: %1!ls!, state: %2!hs!, default requested: %3!hs!, ba requested: %4!hs!, execute: %5!hs!, rollback: %6!hs!, cache: %7!hs!, uncache: %8!hs!, dependency: %9!hs!
Planned package: %1!ls!, state: %2!hs!, default requested: %3!hs!, ba requested: %4!hs!, execute: %5!hs!, rollback: %6!hs!, cache: %7!hs!, uncache: %8!hs!, dependency: %9!hs!
Planned feature: %1!ls!, state: %2!hs!, default requested: %3!hs!, ba requested: %4!hs!, execute action: %5!hs!, rollback action: %6!hs!
Planned feature: %1!ls!, state: %2!hs!, default requested: %3!hs!, ba requested: %4!hs!, execute action: %5!hs!, rollback action: %6!hs!
Planned related bundle: %1!ls!, type: %2!hs!, default requested: %3!hs!, ba requested: %4!hs!, execute: %5!hs!, rollback: %6!hs!, dependency: %7!hs!
Planned related bundle: %1!ls!, type: %2!hs!, default requested: %3!hs!, ba requested: %4!hs!, execute: %5!hs!, rollback: %6!hs!, dependency: %7!hs!
Planned upgrade bundle: %1!ls!, default requested: %2!hs!, ba requested: %3!hs!, execute: %4!hs!, rollback: %5!hs!, dependency: %6!hs!
Planned upgrade bundle: %1!ls!, default requested: %2!hs!, ba requested: %3!hs!, execute: %4!hs!, rollback: %5!hs!, dependency: %6!hs!
Planned forward compatible bundle: %1!ls!, default requested: %2!hs!, ba requested: %3!hs!, execute: %4!hs!, rollback: %5!hs!, dependency: %6!hs!
Planned forward compatible bundle: %1!ls!, default requested: %2!hs!, ba requested: %3!hs!, execute: %4!hs!, rollback: %5!hs!, dependency: %6!hs!
Plan skipped removal of provider key: %1!ls! because it is registered to a different bundle: %2!ls!
Plan skipped removal of provider key: %1!ls! because it is registered to a different bundle: %2!ls!
Application canceled operation: %2!ls!, error: %1!ls!
Application canceled operation: %2!ls!, error: %1!ls!
WiX Toolset BootstrapperPADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
WiX Toolset BootstrapperPADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
9%9S9x9
9%9S9x9
9 9-949=9
9 9-949=9
4"4&4*4.424
4"4&4*4.424
3$3(3,3034383
3$3(3,3034383
4(4/44484
4(4/44484
3!4'464}4
3!4'464}4
burn.runonce
burn.runonce
burn.unelevated
burn.unelevated
burn.elevated
burn.elevated
\\.\pipe\%ls.Cache
\\.\pipe\%ls.Cache
\\.\pipe\%ls
\\.\pipe\%ls
BurnPipe.%s
BurnPipe.%s
.%ls -%ls %ls %ls %u
.%ls -%ls %ls %ls %u
-q -%ls %ls %ls %u
-q -%ls %ls %ls %u
.Catalog
.Catalog
.PayloadRef
.PayloadRef
.PatchTargetCode
.PatchTargetCode
Chain/ExePackage|Chain/MsiPackage|Chain/MspPackage|Chain/MsuPackage
Chain/ExePackage|Chain/MsiPackage|Chain/MspPackage|Chain/MsuPackage
CertificateRootThumbprint
CertificateRootThumbprint
CertificateRootPublicKeyIdentifier
CertificateRootPublicKeyIdentifier
DownloadUrl
DownloadUrl
WixBundleProviderKey
WixBundleProviderKey
BundleProviderKey
BundleProviderKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
ParentKeyName
ParentKeyName
URLUpdateInfo
URLUpdateInfo
URLInfoAbout
URLInfoAbout
%ls.RebootRequired
%ls.RebootRequired
SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
%s\state.rsm
%s\state.rsm
%s\%s
%s\%s
UpdateUrl
UpdateUrl
AboutUrl
AboutUrl
.ProviderKey
.ProviderKey
.Version
.Version
.Registration
.Registration
keyPath
keyPath
[\%c]
[\%c]
SOFTWARE\Microsoft\Windows\CurrentVersion
SOFTWARE\Microsoft\Windows\CurrentVersion
WindowsVolume
WindowsVolume
WindowsFolder
WindowsFolder
NTSuiteWebServer
NTSuiteWebServer
..ba%d
..ba%d
burn.ignoredependencies
burn.ignoredependencies
burn.disable.unelevate
burn.disable.unelevate
burn.passthrough
burn.passthrough
burn.related.update
burn.related.update
burn.related.patch
burn.related.patch
burn.related.addon
burn.related.addon
burn.related.upgrade
burn.related.upgrade
burn.related.detect
burn.related.detect
burn.log.append
burn.log.append
burn.embedded
burn.embedded
/passive
/passive
passive
passive
%ls%hs%ls_%u_%ls%ls.%ls
%ls%hs%ls_%u_%ls%ls.%ls
SOFTWARE\Policies\Microsoft\Windows\Installer
SOFTWARE\Policies\Microsoft\Windows\Installer
.unverified
.unverified
.RepairArguments
.RepairArguments
.DetectCondition
.DetectCondition
"%ls" %s
"%ls" %s
. REMOVE="%s"
. REMOVE="%s"
ADVERTISE="%s"
ADVERTISE="%s"
REINSTALL="%s"
REINSTALL="%s"
. ADDDEFAULT="%s"
. ADDDEFAULT="%s"
ADDSOURCE="%s"
ADDSOURCE="%s"
ADDLOCAL="%s"
ADDLOCAL="%s"
%s$="%s"
%s$="%s"
.SlipstreamMsp
.SlipstreamMsp
.MsiFeature
.MsiFeature
wusa.exe
wusa.exe
Imported
Imported
.Provides
.Provides
.Extension
.Extension
.%ls /pipe %ls
.%ls /pipe %ls
.HEAD
.HEAD
mscoree.dll
mscoree.dll
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
KERNEL32.DLL
KERNEL32.DLL
WUSER32.DLL
WUSER32.DLL
p%ls[X:X][hu-hu-huThu:hu:hu]%hsd:%ls %ls%ls
p%ls[X:X][hu-hu-huThu:hu:hu]%hsd:%ls %ls%ls
0xx
0xx
p\\?\UNC
p\\?\UNC
%ls_uuuuuu%ls%ls%ls
%ls_uuuuuu%ls%ls%ls
srclient.dll
srclient.dll
WAdvApi32.dll
WAdvApi32.dll
Msi.dll
Msi.dll
MSXML.DOMDocument
MSXML.DOMDocument
Msxml2.DOMDocument
Msxml2.DOMDocument
%u.%u.%u.%u
%u.%u.%u.%u
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Microsoft.Update.AutoUpdate
Microsoft.Update.AutoUpdate
hu-hu-huThu:hu:hu%cu:u
hu-hu-huThu:hu:hu%cu:u
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\WebAdSystem\WebAdSystem_setup.exe
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\WebAdSystem\WebAdSystem_setup.exe
KalityWeb
KalityWeb
WebAdSystem
WebAdSystem
1.4.17.0
1.4.17.0
KalityWeb. Tous droits r
KalityWeb. Tous droits r
WebAdSystem_setup.exe
WebAdSystem_setup.exe