比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-1 2016-09-06 14:43:22 2016-09-06 14:45:39 137 秒

魔盾分数

2.3

可疑的

文件详细信息

文件名 setup.exe
文件大小 1100664 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 4d92f518527353c0db88a70fddcfd390
SHA1 c4baffc19e7d1f0e0ebf73bab86a491c1d152f98
SHA256 97e6f3fc1a9163f10b6502509d55bf75ee893967fb35f318954797e8ab4d4d9c
SHA512 05a8136ccc45ef73cd5c70ee0ef204d9d2b48b950e938494b6d1a61dfba37527c9600382321d1c031dc74e4cf3e16f001ae0f8cd64d76d765f5509ce8dc76452
CRC32 16470FEF
Ssdeep 12288:JeGuphfCWQIbDUhUOvF7CehnLQie+I7XHgZQKhJgeCmyDLFSLfmLU7k/:JeGefCnE7Oduehsi0LHgZpJEdDZSx7k/
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
93.46.8.89 意大利
58.211.137.192 中国
23.44.155.27 美国
198.41.214.186 美国
117.18.237.29 亚洲太平洋地区

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
ss.symcd.com CNAME ocsp-ds.ws.symantec.com.edgekey.net
CNAME e8218.dscb1.akamaiedge.net
A 23.44.155.27
ocsp2.globalsign.com CNAME cdn.globalsigncdn.com
A 58.211.137.192
tl.symcd.com
ocsp.omniroot.com A 93.46.8.89
CNAME wac.BFDD.edgecastcdn.net
ocsp.globalsign.com
ocsp.digicert.com CNAME cs9.wac.phicdn.net
A 117.18.237.29
ocsp.msocsp.com A 198.41.214.185
CNAME hostedocsp.globalsign.com
A 198.41.214.186
A 198.41.214.187
A 198.41.215.183
A 198.41.215.182
A 198.41.215.185
A 198.41.214.183
A 198.41.215.184
A 198.41.215.186
A 198.41.214.184
s.symcd.com
ocsp.verisign.com

摘要

登录查看详细行为信息

PE 信息

初始地址 0x2e000000
入口地址 0x2e055ab0
声明校验值 0x0011b289
实际校验值 0x0011b289
最低操作系统版本要求 5.1
PDB路径 t:\setupexe\x86\ship\0\setup.pdb\x00x86\ship\0\setup.exe\bbtopt\setupO.pdb
编译时间 2010-03-11 15:40:31
图标
图标精确哈希值 2c11e33b8486e36bc7c2dc082e483b13
图标相似性哈希值 e0ecb51a90ad9ed4b96dd9f7a4b69790
导出DLL库名称 setup.exe

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
LegalTrademarks1
LegalTrademarks2
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

微软证书验证 (Sign Tool)

SHA1 时间戳 有效性 错误
ce757670ea3a1331d213ac994ac8408397bc4f4f Thu Mar 11 15:46:08 2010
证书链 Certificate Chain 1
发行给 Microsoft Root Authority
发行人 Microsoft Root Authority
有效期 Thu Dec 31 150000 2020
SHA1 哈希 a43489159a520f0d93d032ccaf37e7fe20a8b419
证书链 Certificate Chain 2
发行给 Microsoft Code Signing PCA
发行人 Microsoft Root Authority
有效期 Sat Aug 25 150000 2012
SHA1 哈希 3036e3b25b88a55b86fc90e6e9eaad5081445166
证书链 Certificate Chain 3
发行给 Microsoft Corporation
发行人 Microsoft Code Signing PCA
有效期 Tue Mar 08 064029 2011
SHA1 哈希 9617094a1cfb59ae7c1f7dfdb6739e4e7c40508f
证书链 Timestamp Chain 1
发行给 Microsoft Root Authority
发行人 Microsoft Root Authority
有效期 Thu Dec 31 150000 2020
SHA1 哈希 a43489159a520f0d93d032ccaf37e7fe20a8b419
证书链 Timestamp Chain 2
发行给 Microsoft Timestamping PCA
发行人 Microsoft Root Authority
有效期 Sun Sep 15 150000 2019
SHA1 哈希 3ea99a60058275e0ed83b892a909449f8c33b245
证书链 Timestamp Chain 3
发行给 Microsoft Time-Stamp Service
发行人 Microsoft Timestamping PCA
有效期 Fri Jul 26 031115 2013
SHA1 哈希 4d6f357f0e6434da97b1afc540fb6fdd0e85a89f

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0007e298 0x0007e400 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.49
.data 0x00080000 0x0003ebb8 0x00033c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.60
.rsrc 0x000bf000 0x00053b28 0x00053c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.89
.reloc 0x00113000 0x000053d0 0x00005400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 6.66

覆盖

偏移量 0x0010b400
大小 0x00001778

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_BITMAP 0x000bfba0 0x00002f08 LANG_ENGLISH SUBLANG_ENGLISH_US 4.09 data
RT_ICON 0x00112658 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 4.96 GLS_BINARY_LSB_FIRST
RT_ICON 0x00112658 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 4.96 GLS_BINARY_LSB_FIRST
RT_ICON 0x00112658 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 4.96 GLS_BINARY_LSB_FIRST
RT_ICON 0x00112658 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 4.96 GLS_BINARY_LSB_FIRST
RT_ICON 0x00112658 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 4.96 GLS_BINARY_LSB_FIRST
RT_ICON 0x00112658 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 4.96 GLS_BINARY_LSB_FIRST
RT_ICON 0x00112658 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 4.96 GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x00112ac0 0x00000068 LANG_ENGLISH SUBLANG_ENGLISH_US 2.85 MS Windows icon resource - 7 icons, 16x16, 16-colors
RT_VERSION 0x000bf2b0 0x000004b4 LANG_ENGLISH SUBLANG_ENGLISH_US 3.42 data
RT_MANIFEST 0x000bf768 0x00000431 LANG_ENGLISH SUBLANG_ENGLISH_US 5.27 XML document text

导入

库: VERSION.dll:
0x2e001000 VerQueryValueW
0x2e001008 GetFileVersionInfoW
库: Secur32.dll:
0x2e001010 GetUserNameExW
库: RPCRT4.dll:
0x2e001018 UuidCreate
库: ADVAPI32.dll:
0x2e001020 RegOpenKeyExA
0x2e001024 ReportEventW
0x2e001028 RegisterEventSourceW
0x2e00102c DeregisterEventSource
0x2e001030 OpenProcessToken
0x2e001034 GetTokenInformation
0x2e001038 FreeSid
0x2e001044 RegQueryInfoKeyW
0x2e001048 RegQueryValueExW
0x2e00104c RegSetValueExW
0x2e001050 RegCreateKeyExW
0x2e001054 RegOpenKeyExW
0x2e001058 RegCloseKey
0x2e00105c OpenThreadToken
0x2e001060 GetTraceEnableFlags
0x2e001064 GetTraceEnableLevel
0x2e001068 GetTraceLoggerHandle
0x2e00106c UnregisterTraceGuids
0x2e001070 TraceEvent
0x2e001074 RegQueryValueExA
0x2e001078 RegisterTraceGuidsA
0x2e00107c RegEnumKeyW
0x2e001080 GetLengthSid
0x2e001084 AddAccessAllowedAce
0x2e001088 AddAccessDeniedAce
0x2e00108c InitializeAcl
0x2e001090 CopySid
0x2e0010a0 CheckTokenMembership
0x2e0010a4 IsValidSid
0x2e0010a8 ConvertSidToStringSidA
库: KERNEL32.dll:
0x2e0010b0 LocalFree
0x2e0010b4 FormatMessageW
0x2e0010b8 GetSystemDirectoryW
0x2e0010bc VerifyVersionInfoW
0x2e0010c0 VerSetConditionMask
0x2e0010c4 CloseHandle
0x2e0010c8 GetCurrentThread
0x2e0010cc GetModuleHandleA
0x2e0010d0 GetFileAttributesW
0x2e0010d4 LoadLibraryW
0x2e0010d8 SetLastError
0x2e0010dc GetModuleFileNameW
0x2e0010e0 OutputDebugStringA
0x2e0010e4 FreeLibrary
0x2e0010e8 LoadLibraryExW
0x2e0010ec WriteFile
0x2e0010f0 lstrlenA
0x2e0010f4 SetFilePointerEx
0x2e0010f8 FindClose
0x2e0010fc FindFirstFileW
0x2e001100 SetFileAttributesW
0x2e001104 CreateFileW
0x2e001108 DeleteFileW
0x2e00110c CopyFileW
0x2e001110 SetFilePointer
0x2e001114 GetFullPathNameW
0x2e001118 GetTempPathW
0x2e00111c RemoveDirectoryW
0x2e001120 FindNextFileW
0x2e001124 lstrcmpW
0x2e001128 SetCurrentDirectoryW
0x2e00112c GetCommandLineW
0x2e001134 GlobalFree
0x2e001138 TlsFree
0x2e00113c TlsAlloc
0x2e001140 TlsSetValue
0x2e001144 TlsGetValue
0x2e001148 DeleteCriticalSection
0x2e00114c EnterCriticalSection
0x2e001154 LeaveCriticalSection
0x2e001158 RaiseException
0x2e00115c HeapFree
0x2e001160 GetProcessHeap
0x2e001164 HeapAlloc
0x2e001168 HeapReAlloc
0x2e00116c WaitForSingleObject
0x2e001170 GetVersionExA
0x2e001174 GetModuleHandleExW
0x2e00117c GetUserDefaultLCID
0x2e001180 VirtualFree
0x2e001184 GetSystemDefaultLCID
0x2e001188 VirtualAlloc
0x2e00118c GetDiskFreeSpaceExW
0x2e001190 HeapCreate
0x2e001194 HeapDestroy
0x2e001198 HeapSize
0x2e00119c HeapUnlock
0x2e0011a0 HeapLock
0x2e0011a4 ReleaseMutex
0x2e0011a8 GetLocalTime
0x2e0011ac GetProcessTimes
0x2e0011b0 CreateMutexA
0x2e0011b4 OpenMutexA
0x2e0011b8 CreateSemaphoreA
0x2e0011bc GetShortPathNameA
0x2e0011c0 GetModuleFileNameA
0x2e0011c4 GlobalAlloc
0x2e0011c8 IsWow64Process
0x2e0011cc GetSystemInfo
0x2e0011d0 TerminateProcess
0x2e0011d4 LoadLibraryA
0x2e0011d8 LocalAlloc
0x2e0011dc Sleep
0x2e0011e4 CreateDirectoryW
0x2e0011e8 GetFileType
0x2e0011ec CreateFileA
0x2e0011f0 IsDBCSLeadByte
0x2e0011f4 GetStringTypeExW
0x2e0011f8 GetACP
0x2e0011fc IsValidCodePage
0x2e001200 FlushFileBuffers
0x2e001204 GlobalMemoryStatus
0x2e001208 ReleaseSemaphore
0x2e001210 GetCurrentProcess
0x2e001214 IsValidLocale
0x2e00121c CompareStringA
0x2e001220 CompareStringW
0x2e001224 MultiByteToWideChar
0x2e001228 WideCharToMultiByte
0x2e00122c GetVersion
0x2e001230 GetTimeZoneInformation
0x2e001234 GetSystemTime
0x2e00123c GetCurrentProcessId
0x2e001240 GetTickCount
0x2e001244 GetCurrentThreadId
0x2e001248 GetModuleHandleW
0x2e00124c GetCommandLineA
0x2e001250 GetStartupInfoA
0x2e00125c IsDebuggerPresent
0x2e001260 RtlUnwind
0x2e001264 ExitProcess
0x2e001268 GetStdHandle
0x2e001270 GetProcAddress
0x2e001274 SetErrorMode
0x2e001278 GetVersionExW
0x2e00127c GetLastError
0x2e001280 lstrlenW
0x2e001284 WriteConsoleW
0x2e001288 GetConsoleOutputCP
0x2e00128c WriteConsoleA
0x2e001290 SetStdHandle
0x2e001294 GetLocaleInfoA
0x2e001298 GetStringTypeW
0x2e00129c GetStringTypeA
0x2e0012a0 GetConsoleMode
0x2e0012a4 GetConsoleCP
0x2e0012a8 LCMapStringW
0x2e0012ac LCMapStringA
0x2e0012b0 GetOEMCP
0x2e0012b4 GetCPInfo
0x2e0012bc InterlockedDecrement
0x2e0012c0 InterlockedIncrement
0x2e0012c4 SetHandleCount
0x2e0012c8 GetEnvironmentStringsW
0x2e0012d0 GetEnvironmentStrings
0x2e0012d4 HeapSetInformation
库: ole32.dll:
0x2e0012dc CoCreateInstance
0x2e0012e0 CoInitializeEx
0x2e0012e4 CoUninitialize
0x2e0012e8 CLSIDFromProgID
0x2e0012ec CLSIDFromString
0x2e0012f0 OleRun
库: OLEAUT32.dll:
0x2e0012f8 None
0x2e0012fc None
0x2e001300 None
0x2e001304 None
0x2e001308 None
0x2e00130c None
0x2e001310 None
0x2e001314 None
0x2e001318 None
0x2e00131c None
库: SHELL32.dll:
0x2e001324 SHCreateDirectoryExW
0x2e00132c CommandLineToArgvW
库: USER32.dll:
0x2e001334 CharLowerW
0x2e001338 CharNextA
0x2e00133c CharLowerA
0x2e001340 CharUpperW
0x2e001344 CharUpperA
0x2e001348 GetKeyboardLayout
0x2e00134c GetKeyboardLayoutList
0x2e001350 GetSysColor
0x2e001354 EnumDisplayMonitors
0x2e001358 GetMonitorInfoA
0x2e00135c GetSystemMetrics
0x2e001360 SystemParametersInfoA
0x2e001364 GetDC
0x2e001368 ReleaseDC
0x2e001370 MessageBoxW
库: SHLWAPI.dll:
0x2e001378 PathGetCharTypeW
库: WINTRUST.dll:
0x2e001380 WinVerifyTrust
库: dbghelp.dll:
0x2e001388 SymGetSymFromAddr64
0x2e00138c SymCleanup
0x2e001390 SymGetLineFromAddr64
0x2e001394 SymInitialize
库: GDI32.dll:
0x2e00139c DeleteObject
0x2e0013a0 DeleteDC
0x2e0013a4 CreateSolidBrush
0x2e0013a8 CreateDCA
0x2e0013ac GetDeviceCaps
库: msi.dll:
0x2e0013b4 None
0x2e0013b8 None
0x2e0013bc None
0x2e0013c0 None
0x2e0013c4 None
0x2e0013c8 None
0x2e0013cc None
0x2e0013d0 None
0x2e0013d4 None
0x2e0013d8 None
0x2e0013dc None

导出

序列 地址 名称
1 0x2e0558ae _GetAllocCounters@0
.text
`.data
.rsrc
@.reloc
Basic
Debug
Verbose
Standard
Error
LocalSystemInternetConnectionFailureEndOfOExceptions
InvalidProductCodeFormat
InsufficientData
OperationCancelled
CustomizationPatchNotForProduct
Click2RunBootstapperActive
Click2RunConfigurationFailure
IntegerOverflow
SoftGridPackageCorrupted
InternetConnectionFailure
RebootRequired
InvalidParsingOfConfigXml
PackageInUse
ElevationRequired
ServiceStartFailed
ServiceOpenFailed
ServiceStopFailed
ObtainCredFailed
AuthSchemeNotSupported
WinHttpQueryAuthSchemesFailed
WinHttpSetOptionFailed
RegistryQueryFailed
FileExtensionNotFound
FailedToObtainFileURL
SDAPIFailure
WinHttpSetProxyOptionFailed
WinHttpSetCredentialsFailed
WinHttpStatusDenied
WinHttpQueryHeadersFailed
OHttpReadTruncated
WinHttpDataTruncated
WinHttpReadDataFailed
WinHttpNoData
WinHttpReceiveResponseFailed
WinHttpSendRequestFailed
WinHttpOpenRequestFailed
WinHttpConnectFailed
WinHttpCloseFailed
WinHttpOpenFailed
SplashScreenInitFailure
SplashScreenProgressFailure
SplashScreenStartFailure
RegistrationFailure
ServiceQueryFailed
CreateTimerFailed
InvalidServiceOperation
AbsolutePathExpected
SoftGridePackageInUse
SoftGridPackageLocked
C2RBootstrapFailure
DeviceActivateException
DeviceBootstrapException
StructuredException
IconError
IconNotificationFailure
LegacyInstallationFailure
Unused
MSIInstallationFailure
DownloadFileFailure
DeltaCacheNameConflict
CreateMutexFailed
SoftGridFileTypeFailure
SoftGridPackageFailure
SoftGridApplicationFailure
SoftGridConfigurationFailure
InvalidSignature
IntegerTruncation
SPDatabaseOverSize
ExternalCommandFailed
UserCancel
Unitialized
UnexpectedError
UnexpectedXMLNodeType
TooManyProducts
ThreadNotFinished
ThreadNotStarted
ThreadAlreadyStarted
SystemError
StreamNameTooLong
StorageNotCreated
SQLFailedToSetAttribute
SQLFailedToRetrieveData
SQLFailedToExecuteStatement
SQLFailedToConnect
SQLFailedToAllocateHandle
SQLAlreadyConnected
ResourceNotTracked
ResourceNotFound
ResourceAlreadyTracked
ProductAlreadyDefined
ProcessNotFinished
ProcessNotStarted
ProcessAlreadyStarted
PreReqCheckFailure
PatchApplicationFailure
OutOfRange
OutOfMemory
OutOfDiskSpace
OutOfBoundsIndex
OCTWrongMSIDll
OCTPatchForbidden
NullReference
NotCustomizationPatch
NotAvailableCulture
NotYetImplemented
NoSupportedCulture
NoProductsFound
NoMoreGraceBoots
NodeNotOfTypeElement
MsiAPICallFailure
MsiTableNotFound
MissingXMLNode
LogAlreadyInitialized
LogNotInitialized
InvalidMetadataFile
InvalidXMLProperty
InvalidRegistryValueType
InvalidReference
InvalidProductInConfigXml
InvalidProductFromARP
InvalidParameter
InvalidOperation
InvalidMethod
InvalidInitialization
InvalidFormat
InvalidDirectory
InvalidData
InvalidConfigAddLanguage
InvalidColumnType
InvalidCDKey
InvalidArgument
InsufficientBuffer
InstalledProductStateCorrupt
IncompleteProductAddOns
IncompatibleCacheAction
HWNDNotFound
HResultOnly
FlexDialogAlreadyInitialized
FileNotOpen
FileNotFound
FailedToStartClassFactories
FailedToInitializeFlexDataSource
FailedToImpersonateUser
ExceptionNotThrown
ErrorCodeOnly
DuplicateDefinition
CustomizationPatchNotApplicable
CustomizationPatchNotFound
CreateEventFailed
CopyFailed
ConcatenationFailed
CommandFailed
CABFileAddFailed
AssertionFailed
ArgumentNullException
AlreadyInitialized
AlreadyImpersonatingAUser
ApiProhibited
AbstractMethod
our exception list index starts with 1, not 0
bad allocation
.CoInitializeEx(0, %d) failed. Error code: 0x%08x.
CoInitializeEx(0, %d) failed; Appartment type: current=%d,requested=%d. Error code: 0x%08x.
.d:\office\source\otools\inc\ocfx\ocomutility.h
NULL Format String
vector<T> too long
GetSystemDEPPolicy
SetProcessDEPPolicy
.d:\office\source\otools\inc\ocfx\optr.h
OLog not initialized for reporting events
Log intialized to report Event Logs
Attempting to close log when log file has not been initialized
shared_ptr cannot apply operator '->' to an empty object pointer
Attempting to get log file when log file has not been initialized
Attempting to log line when log file has not been initialized
invalid vector<T> subscript
Cannot register for event logs, falied to register event source
A log for this process has already been initialized
d:\office\source\ocfx\olog.cpp
Attempting to flush log when log file has not been initialized
A log file is already open.
Log already intialized to report Event Logs
failed to copy
list<T> too long
failed to format number
d:\office\source\otools\inc\ocfx\ocominterface.h
d:\office\source\otools\inc\ocfx\osmartpointer.h
d:\office\source\otools\inc\ocfx\oalloc.h
OCOMInterface cannot apply operator '->' to NULL interface pointer
error calling IsWow64Process()
IsWow64Process
cannot load kernel32.dll
GetNativeSystemInfo
OSmartPointer cannot apply operator '->' to an empty object pointer
.Cannot load sysem string for error %08x in language %i
d:\office\source\ocfx\osecurity.cpp
d:\office\source\ocfx\oversion.cpp
.Unicows.dll
Kernel32.dll
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
GetModuleHandleExW
Failed to free DLL: %S
d:\office\source\ocfx\olibrary.cpp
.Failed to get procedure: %S
Failed to retrieve process address. No library is loaded
Failed to load DLL: %S
write to file failed
trying to write to a from a file that's not open
Failed to set the file pointer
can't set the pointer of a file that's not open.
Cannot set file %S attbutes to %u
failed to open file '%S'
CoCreateInstance failed
QueryInterface failed
failed to delete file %S
Failed to copy file src: %S, dest: %S
.d:\office\source\ocfx\ofile.cpp
trying to search an empty path
Failure calling GetFullPathName() API.
Path passed in is too long.
Cannot get temp path
ASHCreateDirectoryEx failed for directory: %S
failed to delete directory
directory search failed
GetDirectories: search path %S does not exist
GetFiles: FindFirstFile failed with unexpected error
GetFiles: search path %S does not exist
failed to set current directory to: %S, error %d
Failed to expand environment variables
CommandLineToArgvW failed
Module file name is longer than MAX_PATH
Failed to retrieve process path
TlsAlloc failure
d:\office\source\otools\inc\ocfx\othreadlocal.h
tlsIndex out of indexes
OSmartPointer cannot apply operator '*' to an empty object pointer
d:\office\source\ocfx\oexceptionmanager.cpp
Invalid recursionCount
d:\office\source\ocfx\oblob.cpp
HeapAlloc failure
Cannot allocate heap memory. Over flow detected
empty allocation requested
HeapReAlloc failure
Cannot reallocate heap memory. Over flow detected
Cannot reallocate memory. Memory address index is out of bound
ORegistryKey.GetValue failure: Cannot get registry %S value %S
Failed to create registry key: %d
Failed to create registry key: registry key name "%S" is too long
ORegistryKey.Open failure: The length of subkey %S is longer than the maximum length allowed
ORegistryKey.Open failure: Parent key is NULL
d:\office\source\ocfx\oregistrykey.cpp
root hkey is expected
ORegistryKey.GetValue failure: Cannot get String value. The registry key is closed or not set
.Cannot detect whether the current machine is a domain controller
@SOFTWARE\Microsoft\Office Test\Special\Perf
EventUnregister
EventRegister
EventWrite
_UnInitPerf_v3@4
_PerfCodeMarker_v3@8
_InitPerf_v3@4
_PerfCodeMarker@8
_UnInitPerf@4
_PerfCodeMarker@12
_InitPerf@4
_GetPerfhostHookVersion@0
.back_ptr cannot apply operator '->' to an empty object pointer
d:\office\source\setupexe\lis\logic\lis.h
%S element specified in config.xml without a Value attribute.
d:\office\source\setupexe\catalyst\catcore\catconfig.cpp
InstallTrial %S is an unknown value
ShowUI %S is an unknown value
CACHEACTION %S is an unknow value
State attribute missing from OptionState element id: %S
Invalid value specified for OptionState State attribute: %S
OptionState node is missing Id attribute
Product node is missing Id attribute
RemoveLanguage node is missing Id attribute.
ShellTransform attribute can only be specified on _ONE_ AddLanguage node.
AddLanguage node is missing Id attribute.
Expected ShellTransform attribute is not specified in any AddLanguage node.
Settings node is missing Value attribute
Settings node is missing Id attribute
Invalid product: %S specified in config.xml when product %S has already been selected
Invalid value specified for Command Execute attribute: %S
Invalid value specified for Command ChainPosition attribute: %S
Invalid value specified for Path attribute: %S
invalid map/set<T> iterator
map/set<T> too long
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
Software
Microsoft
Office
Common
MsoHeapInit
ProductVersion
LastProduct
QMPersNum
QMStrMax
QMStudyTestID
QMStudyID
SQMClient
CorporateSQMURL
NextQmUpload
QMEnable
QMNFN
NET Framework Setup
Description
Logging
UserName
Version
Security
DisablePwdCaching
HKEY_CLASSES_ROOT
FirstRunTime
General
Policies
Microsoft\Office
sftldr_wow64.dll
sftldr.dll
verifier.dll
.Software\Microsoft\Office\14.0
Software\Policies\Microsoft\Office\14.0
msodata%03d.dat
MsoSqmMutex
BGetUserGeoID
KERNEL32
htmlfile
DllGetVersion
PowerDeterminePlatformRole
CallNtPowerInformation
GetLogicalProcessorInformation
GetProductInfo
CSDBuildNumber
SYSTEM\CurrentControlSet\Control\Windows
NetApiBufferFree
NetGetJoinInformation
1404746
Global\
Local\
DATAID_OFFICE_PRODUCT_VER not available
DATAID_OFFICE_MAJOR_MINOR_CODE not complete. Minor number too large.
DATAID_OFFICE_MAJOR_MINOR_CODE not complete. Major number too large.
Found Office Product Version %S.
Could not get version registry key.
SspiFreeAuthIdentity
SspiZeroAuthIdentity
SspiLocalFree
SspiEncodeStringsAsAuthIdentity
SspiEncodeAuthIdentityAsStrings
NCryptFreeObject
NCryptVerifySignature
NCryptSignHash
BCryptResolveProviders
BCryptGenRandom
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptVerifySignature
BCryptSignHash
BCryptDestroyKey
BCryptDecrypt
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptFreeBuffer
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGetProperty
BCryptOpenAlgorithmProvider
DwmInvalidateIconicBitmaps
DwmSetIconicLivePreviewBitmap
DwmSetIconicThumbnail
DwmGetWindowAttribute
DwmSetWindowAttribute
DwmDefWindowProc
DwmIsCompositionEnabled
DwmExtendFrameIntoClientArea
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInterfaceW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
EndPanningFeedback
UpdatePanningFeedback
BeginPanningFeedback
DrawThemeTextEx
DrawThemeParentBackground
EnableTheming
GetCurrentThemeName
EnableThemeDialogTexture
GetThemeDocumentationProperty
SetThemeAppProperties
GetThemeAppProperties
GetWindowTheme
IsAppThemed
GetThemeSysString
GetThemeSysInt
GetThemeSysFont
GetThemeSysBool
GetThemeSysSize
GetThemeSysColorBrush
GetThemeSysColor
GetThemeFilename
SetWindowTheme
GetThemePropertyOrigin
GetThemeIntList
GetThemeMargins
GetThemeRect
GetThemeFont
GetThemePosition
GetThemeEnumValue
GetThemeInt
GetThemeBool
GetThemeString
GetThemeMetric
GetThemeColor
IsThemeBackgroundPartiallyTransparent
IsThemePartDefined
DrawThemeIcon
HitTestThemeBackground
GetThemeBackgroundRegion
GetThemeTextMetrics
GetThemeTextExtent
GetThemePartSize
GetThemeBackgroundExtent
GetThemeBackgroundContentRect
DrawThemeText
DrawThemeEdge
DrawThemeBackground
CloseThemeData
OpenThemeData
IsThemeActive
QueryThreadCycleTime
SetThreadUILanguage
QueryMemoryResourceNotification
CreateMemoryResourceNotification
WerRegisterFile
SetThreadPreferredUILanguages
RegisterApplicationRestart
ApplicationRecoveryFinished
ApplicationRecoveryInProgress
RegisterApplicationRecoveryCallback
GetUserDefaultUILanguage
QueueUserWorkItem
GlobalMemoryStatusEx
ProcessIdToSessionId
GetLongPathNameW
GetLongPathNameA
InternetAttemptConnect
InternetReadFileExA
InternetQueryDataAvailable
HttpEndRequestW
HttpSendRequestExW
InternetSetStatusCallbackW
HttpAddRequestHeadersA
HttpAddRequestHeadersW
InternetGetConnectedStateExW
InternetGoOnline
InternetErrorDlg
InternetAutodialHangup
InternetAutodial
InternetGetConnectedState
InternetOpenUrlA
InternetOpenUrlW
InternetQueryOptionA
InternetQueryOptionW
SetUrlCacheEntryGroup
SetUrlCacheEntryGroupW
FindCloseUrlCache
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryExA
FindNextUrlCacheEntryExW
FindFirstUrlCacheEntryExA
FindFirstUrlCacheEntryExW
GetUrlCacheEntryInfoA
GetUrlCacheEntryInfoW
CommitUrlCacheEntryA
CommitUrlCacheEntryW
CreateUrlCacheEntryA
CreateUrlCacheEntryW
InternetSetOptionA
InternetSetOptionW
InternetGetCookieExW
InternetGetCookieW
HttpQueryInfoA
HttpQueryInfoW
HttpSendRequestA
HttpSendRequestW
HttpOpenRequestA
HttpOpenRequestW
InternetReadFile
InternetGetLastResponseInfoW
InternetCrackUrlW
InternetCrackUrlA
FtpRemoveDirectoryA
FtpCreateDirectoryA
FtpDeleteFileA
FtpRenameFileA
InternetCanonicalizeUrlW
InternetCanonicalizeUrlA
InternetCombineUrlA
FtpFindFirstFileA
InternetFindNextFileA
FtpGetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpGetFileA
FtpOpenFileA
InternetConnectW
InternetConnectA
InternetOpenW
InternetOpenA
InternetWriteFile
InternetCloseHandle
MAPIAdminProfiles
MAPIOpenFormMgr
MAPILogonEx
MAPIUninitialize
MAPIInitialize
MAPISendMail
MAPIResolveName
MAPIAddress
MAPILogoff
MAPILogon
MAPIAllocateMore
MAPIFreeBuffer
MAPIAllocateBuffer
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
YZ[\]^
$*-3<EW6
$*-3<EW6
6666BBffll
!"#$%&'(
efghi
!"#$%&'(
"#$no
#'+/37;?CGKOS
$%&'()*
!"#$%&
"#$%&'(
+,-./
$%&'()*
LPThXd`\
!"#$%&
'()*+,-./0
12345
!"#$%
&'()*+,-./
01234
6789:
!"#$%
&'()*+,-./012345
!"#$
%&'()*+
./012
3456789
EFGHIJKLMNOPQRST
!"#$%&'(
"#$%&
*+,-.
!"#$
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|
/0123546789:;<=>?@AB
!"#$%&'()
!"#$%&'()*+,-./0123456789:;<=>?@A
EFG.02
####''++//337777;;;;????CCCCGGGGKKKKOOOOSSSSWWWW[[[[____ccccggggkkkkoooosswwwwww
.Delete fails in DeleteArea
(unknown exception type)
Cache size in constructor for ROCKALL_FRONT_END
Heap constructor failed in ROCKALL_FRONT_END
Setup of pages in constructor for NEW_PAGES
No memory in constructor for NEW_PAGES
Sizes in constructor for NEW_PAGES
Deleting data page in DeletePage
Alignment of allocation in VerifyNewArea
Reset data page in DeleteAll
A heap size in constructor for HEAP
The allocation sizes in constructor for HEAP
Mapping table in constructor for HEAP
Parent bucket is invalid
Cache size not zero for top cache
Page size not suitable for top cache
Chunk size not suitable for top cache
Top cache size not multiple of minimum
Parent size exceeds 'TopCache' size
Cache size larger than parent size
Chunk size not suitable for cache
Cache sizes not in ascending order
Cache size not multiple of stride
Deleting allocation in Resize
Hash table size in constructor for FIND
Create hash fails in constructor for FIND
Different 'TopCache' sizes with 'SingleImage'
Cache size in constructor for CACHE
Cache active in destructor for CACHE
No data page in DeleteDataPage
No claim before engage in EngageGlobalLock
No claim before release in ReleaseGlobalLock
Global lock busy in destructor for THREAD_SAFE
Max threads in constructor for SEMAPHORE
Wakeup failed in UpdateSemaphore()
Close semaphore in destructor for SEMAPHORE
Wakeup failed in Signal()
Wait status in Wait
Bit vector is corrupt in MultipleNew
Bit vector is corrupt in New
Sharing violation in UpdateConnections
Active page count in DeleteFromBucketList
Bucket can't get a size key in UpdateBucket
Configuration in constructor for BUCKET
Maximum share invalid in constructor for SHARELOCK
Maximum spins invalid in constructor for SHARELOCK
.Unknown exception
.CorExitProcess
runtime error
Microsoft Visual C++ Runtime Library
<program name unknown>
Program:
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
(null)
`h````
.bad exception
.e+000
GAIsProcessorFeaturePresent
?GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
1#QNAN
1#INF
1#IND
1#SNAN
CONOUT$
string too long
invalid string position
.msxml.domdocument
UnknownStatus
DetectionFailed
DetectionAborted
InvalidBaseline
InstalledAdmin
Installed
Needed
NoTarget
PatchCode
State
PropertyValue
PropertyName
Hresult
ProductStatus
ProductCode
DetectionOperation
General access denied error
Invalid handle
Failed to allocate necessary memory
One or more arguments are invalid
Something bad happened.
Unexpected failure
Not implemented
No such interface supported
Invalid pointer
Operation aborted
Unspecified failure
Invalid State[
Error with Property[
Invalid Property Name for Property [
] for Property[
Invalid Value[
] is Protected.
Property[
.General_AppName
General_Reportee
ErrorSubPath
FilesToDelete
FilesToKeep
LoggingFlags
ReportingFlags
Stage1URL
Stage2URL
UI LCID
UIFlags
Details_Caption
Details_Pre_Header
Details_Pre_Body
Details_Sig_Header
Details_Sig_Body
Details_Post_Header
Details_Post_Body
Details_TechLink
Details_DCPLink
Tech_Caption
Tech_Files_Header
SecondLevel_Caption
SecondLevel_Pre
SecondLevel_Post
Transfer_Caption
Transfer_1check
Transfer_2check
Transfer_3check
Transfer_Status_InProgress
Transfer_Checkbox
Transfer_Status_Done
Standby_Caption
Standby_Body
Final_Caption
Final_Text
Final_Link
Main_Caption
Main_Checkbox
Main_DetailsLink
Main_IconFile
Main_Intro_Bold
Main_Intro_Reg
Main_Plea_Bold
Main_Plea_Reg
Main_ReportBtn
Main_NoReportBtn
Main_QueueText
Main_QueueBtn
Main_NoQueueBtn
Queued_EventDescription
_dw2_0.txt
Server
TitleName
HeaderText
ErrorText
DataFiles
RegSubPath
ErrorSig
ErrorDetail
Flags
Brand
EventLogSource
EventID
DigPidRegPath
IconFile
Caption
Reportee
ReportButton
NoReportButton
_dw1_5.txt
.Software\Policies\Microsoft\Windows\Installer
.PatchInstalled
Detection
LocalPackage
Action start
.SELECT `Property`, `Value` FROM `Property`
.\CDCache
Microsoft\Office\11.0\Delivery\
PackageName
InstallSource
InstalledProductName
EventType
/StageOne
/dw/SetupStageTwo.asp
?ProdCode=
&ProdVer=
&Action=
&ErrNum=
&Err0=
&Err1=
&Err2=
InstMSP
Unknown
InstMSP_
VersionString
.d:\office\source\ocfx\oxmlnode.cpp
.get_attributes failed
NodeType get property called for OXmlNode with null interface
get_nodeType failed
SelectNodes: %s called for OXmlNode with null interface
selectNodes failed
SelectSingleNode called for OXmlNode with null interface
selectSingleNode failed
Invalid OXmlNode class
d:\office\source\ocfx\oxmlelement.cpp
GetAttribute called for OXmlNode with null interface
getAttribute failed
.d:\office\source\ocfx\oxmldocument.cpp
!The XML version specified is not valid.
XML document load failed for file: %S
Failed to set MSXML3 document object to XPath mode.
.d:\office\source\ocfx\oxmlnodelist.cpp
.Count get property called for OXmlNodeList with null interface
get_length failed for OXmlNodeList
GetItem called for OXmlNodeList with null interface
GetItem called for OXmlNodeList with invalid index
get_item failed for OXmlNodeList
.d:\office\source\ocfx\oxmlnamednodemap.cpp
.j'hd*
u,hp,
t4h06
u4hT6
t4h06
~7h(7
u4h07
.u4ht7
j*h$9
.u4ht7
t4h@;
t4h(=
u4ht7
u4hT=
s+hd=
SSVhhA
SSVh0A
u4hLC
6VhdD
tJh|@
6VhHF
u9hxF
?PWhDG
u4hLH
u4hLH
u4hhH
u4hTI
u4hTI
u3hpI
~PQhhS
u9hhT
u%hTU
u$h`V
u,hp,
s+hd=
s+hd=
s+hd=
hktmyj
t6hmtmyj
t5hntmyj
u j@j
u$hTU
u@hTU
.u(hTU
u$hTU
CSWPh
QSURj
D$(Vj
USPVj
T$$VPVRj
VW@PRj
w4hdU
YQPVh
GWhhK
FVhhK
s+hd=
VSWPj
u4h8?
setup.exe
_GetAllocCounters@0
msi.dll
GDI32.dll
dbghelp.dll
WINTRUST.dll
SHLWAPI.dll
USER32.dll
SHELL32.dll
OLEAUT32.dll
ole32.dll
KERNEL32.dll
ADVAPI32.dll
RPCRT4.dll
Secur32.dll
VERSION.dll
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetUserNameExW
UuidCreate
RegOpenKeyExA
ReportEventW
RegisterEventSourceW
DeregisterEventSource
OpenProcessToken
GetTokenInformation
FreeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
AllocateAndInitializeSid
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
OpenThreadToken
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
TraceEvent
RegQueryValueExA
RegisterTraceGuidsA
RegEnumKeyW
GetLengthSid
AddAccessAllowedAce
AddAccessDeniedAce
InitializeAcl
CopySid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
CheckTokenMembership
IsValidSid
ConvertSidToStringSidA
LocalFree
FormatMessageW
GetSystemDirectoryW
VerifyVersionInfoW
VerSetConditionMask
CloseHandle
GetCurrentThread
GetModuleHandleA
GetFileAttributesW
LoadLibraryW
SetLastError
GetModuleFileNameW
OutputDebugStringA
FreeLibrary
LoadLibraryExW
WriteFile
lstrlenA
SetFilePointerEx
FindClose
FindFirstFileW
SetFileAttributesW
CreateFileW
DeleteFileW
CopyFileW
SetFilePointer
GetFullPathNameW
GetTempPathW
RemoveDirectoryW
FindNextFileW
lstrcmpW
SetCurrentDirectoryW
GetCommandLineW
ExpandEnvironmentStringsW
GlobalFree
TlsFree
TlsAlloc
TlsSetValue
TlsGetValue
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
RaiseException
HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc
WaitForSingleObject
GetVersionExA
GetModuleHandleExW
RtlCaptureStackBackTrace
GetUserDefaultLCID
VirtualFree
GetSystemDefaultLCID
VirtualAlloc
GetDiskFreeSpaceExW
HeapCreate
HeapDestroy
HeapSize
HeapUnlock
HeapLock
ReleaseMutex
GetLocalTime
GetProcessTimes
CreateMutexA
OpenMutexA
CreateSemaphoreA
GetShortPathNameA
GetModuleFileNameA
GlobalAlloc
IsWow64Process
GetSystemInfo
TerminateProcess
LoadLibraryA
LocalAlloc
Sleep
InitializeCriticalSection
CreateDirectoryW
GetFileType
CreateFileA
IsDBCSLeadByte
GetStringTypeExW
GetACP
IsValidCodePage
FlushFileBuffers
GlobalMemoryStatus
ReleaseSemaphore
IsProcessorFeaturePresent
GetCurrentProcess
IsValidLocale
GetSystemTimeAsFileTime
CompareStringA
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
GetVersion
GetTimeZoneInformation
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
GetModuleHandleW
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetProcAddress
SetErrorMode
GetVersionExW
GetLastError
lstrlenW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
GetOEMCP
GetCPInfo
QueryPerformanceCounter
InterlockedDecrement
InterlockedIncrement
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
HeapSetInformation
CoCreateInstance
CoInitializeEx
CoUninitialize
CLSIDFromProgID
CLSIDFromString
OleRun
SHCreateDirectoryExW
SHGetSpecialFolderPathW
CommandLineToArgvW
CharLowerW
CharNextA
CharLowerA
CharUpperW
CharUpperA
GetKeyboardLayout
GetKeyboardLayoutList
GetSysColor
EnumDisplayMonitors
GetMonitorInfoA
GetSystemMetrics
SystemParametersInfoA
GetDC
ReleaseDC
GetMenuCheckMarkDimensions
MessageBoxW
PathGetCharTypeW
WinVerifyTrust
SymGetSymFromAddr64
SymCleanup
SymGetLineFromAddr64
SymInitialize
DeleteObject
DeleteDC
CreateSolidBrush
CreateDCA
GetDeviceCaps
t:\setupexe\x86\ship\0\setup.pdb
x86\ship\0\setup.exe\bbtopt\setupO.pdb
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVArgumentWriter@@
.?AV?$ArgumentWriter1@PB_W@@
.?AV?$ArgumentWriter2@PB_WPB_W@@
.?AV?$ArgumentWriter1@K@@
.?AV?$ArgumentWriter2@PB_W$$BY0IA@_W@@
.?AVOException@@
.?AV?$ArgumentWriter3@PB_W$$BY0IA@_WK@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVRefCounted@@
.?AV?$ArgumentWriter1@PAD@@
.?AV?$ArgumentWriter2@PADJ@@
.?AV?$ArgumentWriter2@PADK@@
.?AV?$ArgumentWriter2@PADW4exceptionType@et@@@@
.?AV?$ArgumentWriter2@PADPBD@@
.?AV?$ArgumentWriter1@G@@
.?AV?$ArgumentWriter2@PB_WK@@
.?AV?$ArgumentWriter2@PADPAD@@
.?AV?$ArgumentWriter3@PADJPB_W@@
.?AV?$ArgumentWriter2@KPB_W@@
.?AV?$ArgumentWriter3@PADKK@@
.?AV?$ArgumentWriter3@PADW4exceptionType@et@@PBD@@
.?AV?$ArgumentWriter3@PADPBDK@@
.?AV?$ArgumentWriter2@GG@@
.?AV?$ArgumentWriter3@PB_WKV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@@
.?AV?$ArgumentWriter3@KPB_WPB_W@@
.?AV?$ArgumentWriter4@PADKKPB_W@@
.?AV?$ArgumentWriter4@PADW4exceptionType@et@@PBDV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@@
.?AV?$ArgumentWriter4@PADPBDKK@@
.?AV?$ArgumentWriter3@GGG@@
.?AV?$ArgumentWriter5@PADPBDKKV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@@
.?AV?$ArgumentWriter4@GGGG@@
.?AV?$ArgumentWriter5@GGGGG@@
.?AV?$ArgumentWriter6@GGGGGG@@
.?AVout_of_range@std@@
.?AV?$ArgumentWriter7@GGGGGGK@@
.?AVOLog@@
.?AV?$OArray@E@@
.?AV?$ArgumentWriter7@GGGGGGG@@
.?AV?$ArgumentWriter1@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@@
.?AV?$ArgumentWriter1@J@@
.?AVOSecurityAttributes@@
.?AVOVersion@@
.?AVOLibrary@@
.?AV?$ArgumentWriter2@PB_WH@@
.?AV?$ArgumentWriter3@PB_WHPB_W@@
.?AVOFile@@
.?AVORegistryKey@@
.?AV?$ArgumentWriter1@H@@
.?AV?$ArgumentWriter1@$$BY00D@@
.?AV?$ArgumentWriter2@$$BY00DPAD@@
.?AV?$ArgumentWriter3@$$BY00DPADK@@
.?AV?$ArgumentWriter2@JK@@
.?AV?$ArgumentWriter3@PB_WPB_WPB_W@@
.?AV?$CatSetting@_N@@
.?AU?$back_ptr@VCatCore@@@@
.?AVOXmlElement@@
.?AVOXmlNode@@
.?AV?$CatSetting@W4uiLevel@ui@@@@
.?AV?$CatSetting@W4logLevel@logging@@@@
.?AV?$CatActiveSetting@V?$CatSetting@_N@@VCatConfig@@@@
.?AV?$ArgumentWriter2@PB_WPBD@@
.?AVCatUILevelSetting@@
.?AVCatLogLevelSetting@@
.?AV?$CatActiveSetting@VCatUILevelSetting@@VCatConfig@@@@
.?AV?$CatSetting@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@@
.?AV?$CatActiveSetting@V?$CatSetting@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@@VCatConfig@@@@
.?AULISConfig@@
.PAVCMspError@@
.?AVMSO_FAST_HEAP@@
.?AVROCKALL_FRONT_END@@
.?AUMSOHEAPOBJ@@
.?AVMsoHeapWin32@@
.?AVMsoHeapRockall@@
pBrxrwrvr
gq\qlqfqLqeq^qFqhqVq:rRr7sEs?s>sotZtUt_t^tAt?tYt[t\tvuxu
rCsMsQsLsbtstqtutrtgtnt
`#`0`1`6`8`:`;`<`=`>`?`H`J`K`N`O`Q`
?g!k}O:R>R
P]iIqSt
!N$NiQ
lDuOmAmYu
"Q^z7~
whuXo
@b"U"}
2(N6N?N@NANYN
N)N7NBNCNDN\N]N
N?QeQkQ
S8SAS
NAQBQCQgQlQmQ
X(Y)Y
u(u)u0u1u2u
S S!S"SKSNSOSpS
V(W)W*W+W,W-W.W/W0W
t+u,u7u
S&S<SQSRSSSTS
S]T^T_T`TaTbTcTdTeTfTgThTiTjTkTlTmTnToTqTsTtTuTvTwTxTyTzT{T|T
f f!f"f#f$f%f&f'f(f)f*f+f,f-f
h h!h"h#h$h%h&h'h(h)h*h12
q1r9rBrvrwrxryr
w&xBxCxDxExFxGxHxIxJxKxLxMxNxOxPxQxRxSxTxUxVxWxXxYxZx[x_xmxfyhymy
[ [!["[([)[3[4[x[
Q Q!Q"Q$Q%Q&Q'Q(Q)Q*Q
uHyc[
zG~^~
l`W:Z
.?AVROCKALL_BACK_END@@
.?AVtype_info@@
.?AVbad_exception@std@@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVCEvent@@
.?AVCEventStop@@
.PAVCMspErrorState@@
.?AVCMspError@@
.?AVCEventStart@@
.?AVCEventTick@@
.?AVCEventSource@@
.?AVCController@@
.?AVCDelayedController@@
.?AVCAtlException@ATL@@
.?AVCMspErrorState@@
.?AVCMspErrorProperty@@
.?AVCMspErrorPropertyName@@
.?AVCMspErrorPropertyValue@@
.?AVCMspErrorPropertyProtected@@
.?AV_com_error@@
.PAVCMspErrorPropertyValue@@
.PAVCMspErrorProperty@@
.PAVCMspErrorPropertyProtected@@
.?AVCPropertyMap@@
.?AV?$map@VTString@@PAV?$set@VTString@@U?$less@VTString@@@std@@V?$allocator@VTString@@@3@@std@@U?$less@VTString@@@3@V?$allocator@U?$pair@$$CBVTString@@PAV?$set@VTString@@U?$less@VTString@@@std@@V?$allocator@VTString@@@3@@std@@@std@@@3@@std@@
.?AV?$_Tree@V?$_Tmap_traits@VTString@@PAV?$set@VTString@@U?$less@VTString@@@std@@V?$allocator@VTString@@@3@@std@@U?$less@VTString@@@3@V?$allocator@U?$pair@$$CBVTString@@PAV?$set@VTString@@U?$less@VTString@@@std@@V?$allocator@VTString@@@3@@std@@@std@@@3@$0A@@std@@@std@@
.?AV?$_Tree_val@V?$_Tmap_traits@VTString@@PAV?$set@VTString@@U?$less@VTString@@@std@@V?$allocator@VTString@@@3@@std@@U?$less@VTString@@@3@V?$allocator@U?$pair@$$CBVTString@@PAV?$set@VTString@@U?$less@VTString@@@std@@V?$allocator@VTString@@@3@@std@@@std@@@3@$0A@@std@@@std@@
.?AV?$_Tree_ptr@V?$_Tmap_traits@VTString@@PAV?$set@VTString@@U?$less@VTString@@@std@@V?$allocator@VTString@@@3@@std@@U?$less@VTString@@@3@V?$allocator@U?$pair@$$CBVTString@@PAV?$set@VTString@@U?$less@VTString@@@std@@V?$allocator@VTString@@@3@@std@@@std@@@3@$0A@@std@@@std@@
.?AV?$_Tree_nod@V?$_Tmap_traits@VTString@@PAV?$set@VTString@@U?$less@VTString@@@std@@V?$allocator@VTString@@@3@@std@@U?$less@VTString@@@3@V?$allocator@U?$pair@$$CBVTString@@PAV?$set@VTString@@U?$less@VTString@@@std@@V?$allocator@VTString@@@3@@std@@@std@@@3@$0A@@std@@@std@@
.?AV?$_Tmap_traits@VTString@@PAV?$set@VTString@@U?$less@VTString@@@std@@V?$allocator@VTString@@@3@@std@@U?$less@VTString@@@3@V?$allocator@U?$pair@$$CBVTString@@PAV?$set@VTString@@U?$less@VTString@@@std@@V?$allocator@VTString@@@3@@std@@@std@@@3@$0A@@std@@
.?AV?$_Container_base_aux_alloc_real@V?$allocator@U?$pair@$$CBVTString@@PAV?$set@VTString@@U?$less@VTString@@@std@@V?$allocator@VTString@@@3@@std@@@std@@@std@@@std@@
.?AV_Container_base_aux@std@@
.PAVCMspErrorPropertyName@@
.?AVMSPCache@@
.?AVMSPClientCache@@
.?AVXmlCache@@
.?AVXmlMSPClientCache@@
.?AVCtPatchContainer@@
.?AVCtProduct@@
.?AV?$OCOMInterface@UIXMLDOMNode@@@@
.?AV?$OCOMInterface@UIXMLDOMDocument@@@@
.?AVOXmlDocument@@
.?AV?$OCOMInterface@UIXMLDOMNodeList@@@@
.?AVOXmlNodeList@@
.?AV?$OCOMInterface@UIXMLDOMNamedNodeMap@@@@
.?AVOXmlNamedNodeMap@@
ktsrYKIJM&'&2
MLL3ijiF___G---0
7 7$7(7,7074787D7H7L7P7T7X7\7h7l7
:`<d<h<
7D9H9L9(?,?0?
5 5`;d;
,0004080<0@0D0H0L0P0
,:0:4:8:<:@:D:H:L:
>">(>d>
=:?I?
>9?o?
=$?f?
:@>1?
?,?G?
:B>3?
>$?1?
>w?}?
< <(<
6`8d8h8l8p8t8x8|8
>$>,>4><>D>L>T>\>d>l>t>
zw9gj
Local
Advertised
Absent
Unknown
Setup cannot find the required setup controller file. Either there was a network error, an error reading from the CD, DVD, or other installation media, or a problem with the package you downloaded.
%s digital signature does not validate or is not present.
A required %s cannot be loaded. This may indicate that the file is missing or damaged.
The Setup configuration file %s is not valid. Run Setup again without using a Setup configuration file, or fix the configuration file.
Verify file signature in "%s"
Cannot get Operating System version info. Error %u. Error is not critical. Continuing Setup.
Operating System version: %s %s. Platform ID: %u
Setup Error
Setup Controller file
Reading value of unintialized setting!
!format error: not enough arguments!
!error: missing argument for format string!
Failed to load the selected setup controller dll in location "%s"
RunSetup
Calling RunSetup
Using setup controller dll at [%s].
"%s" is verified to be an invalid file. Skipping signature verification on setup controller dll file and continuing setup
Failed to verify file signature from the selected setup controller dll in location "%s"
Using setup controller dll at location [%s].
Copied setup controller dll to "%s"
Uninstall or MMode product detected. Copying setup controller dll from "%s" to "%s"
Cannot find the selected setup controller dll from location "%s"
Version [%s].
Found setup controller dll at [%s].
Checking for setup controller dll at [%s].
Searching for best setup controller dll to load...
Cannot find the specified config.xml file. %s
Updates
config.xml
FILES\SETUP\config.xml
Running 32-bit setup on a 32-bit operating system.
Running %s setup on a 64-bit operating system.
64-bit
32-bit
WSSSETUP.DLL
SVRSETUP.DLL
PSETUP.DLL
OSETUP.DLL
OBootStrapper::Run
Begin function
yKERNEL32
Log level changed from: %S to: %S
PERF: TickCount=%u Name=%s Description=%s
%04d%02d%02d%02d%02d%02d%X
==========A logging failure has occured. The process has encountered an error when writing to the log file. The messages in the log file may not be complete.
Office(*).log
Log path %s is not valid (Error 0x%x). Reverting to default log path
Exception stack trace:
Error: %S Type: %d::%S. %s
Error: Type: %S. %S ErrorCode: %d(0x%x). %s
Error: %S ErrorCode: %d(0x%x). %s
Error: %S HResult: 0x%x. %s
%s::[%d] %s
!error: wrong format for number!
<NULL>
!error: wrong format for wide string!
!error: wrong format for ansi string!
kernel32.dll
%02d/%02d/%04d %02d:%02d:%02d:%03d
%s is trusted.
Warning: %s is not signed.
Error: %s is not trusted.
l???.???
Kernel32.dll
Comctl32.dll
%s%d%s
_-%[]{}`~!@#$^&()+=,;
_-%\.[]{}`~!@#$^&()+=,;
http://
file://
[AppDataFolder]
[LocalAppDataFolder]
[CommonFilesFolder]
[CommonFiles64Folder]
[DesktopFolder]
[FavoritesFolder]
[FontsFolder]
[INSTALLLOCATION]
[NetHoodFolder]
[PersonalFolder]
[ProgramFilesFolder]
[ProgramFiles64Folder]
[ProgramMenuFolder]
[RecentFolder]
[ROOTDRIVE]
[SendToFolder]
[SourceDir]
[StartMenuFolder]
[StartupFolder]
[TARGETDIR]
[TemplateFolder]
[WindowsFolder]
[SystemFolder]
[System64Folder]
%08x:%08x
%S
%S [%S:%d]
_CxxThrowException
CxxThrowException
RaiseException
__tmainCRTStartup
mainCRTStartup
IsProcessorFeaturePresent
Corrupt stack frame: frameCount = %d
OS check result: 0x%08u
Terminal Server detected
Error: Cannot detect whether the current machine is a Terminal Server
advapi32
RuntimePerfMeasurement
USERINITIALS
USERNAME
UNINSTALL
TRANSFORMSSECURE
TRANSFORMS
TARGETDIR
SEQUENCE
REMOVE
REINSTALL
REBOOTPROMPT
PROMPTROLLBACKCOST
PIDKEY
MEDIAPACKAGEPATH
LOGACTION
LIMITUI
INSTALLLOCATION
INSTALLEVEL
INSTALLLEVEL
FILEADDSOURCE
FILEADDLOCAL
FILEADDDEFAULT
EXECUTEMODE
EXECUTEACTION
DISABLEROLLBACK
DATADIR
DATAPATH
COMPANYNAME
COMPADDSOURCE
COMPADDLOCAL
CCP_DRIVE
BRANDING_XML
ARPNOREMOVE
ARPNOMODIFY
ARPNOREPAIR
ARPHELPTELEPHONE
ARPHELPLINK
ARPCONTACT
ARPCOMMENTS
ALLUSERS
ADDSOURCE
ADVERTISE
ADDLOCAL
ADDDEFAULT
Setting value of locked setting!
%ProgramFiles%\Microsoft Office\OFFICE14
Invalid value display level specified in config.xml: %s. Leaving display level at: %S
Display level full specified in config.xml.
Display level basic specified in config.xml.
Basic
Display level none specified in config.xml.
Invalid value log type specified in config.xml: %s. Leaving log type at: %S
Logging type debug specified in config.xml.
Debug
Logging type verbose specified in config.xml.
Verbose
Logging type standard specified in config.xml.
Standard
Logging type off specified in config.xml.
SUpdateLocation
Software\Microsoft\Office\14.0\Common\Setup
Setting value of locked setting '%s'!
%s specified in config.xml.
%s: "%s" specified in config.xml.
/Configuration/
SetupExe(*).log
RemoveCacheOnly
TRIAL InstallTrial = %s
InstallTrial
TRIAL ShowUI = %s
ShowUI
/Configuration/TRIAL
CacheOnly
LIS CACHEACTION = %s
CACHEACTION
/Configuration/LIS
Parsed MinOSRequirement: ServicePackLevel with value: %s in config.xml.
ServicePackLevel
Parsed MinOSRequirement: WindowsBuild with value: %s in config.xml.
WindowsBuild
Parsed MinOSRequirement: VersionNT with value: %s in config.xml.
VersionNT
/Configuration/MinOSRequirement
FORCE
Children
/Configuration/OptionState
/Configuration/Command
SUpdateLocation path specified in config.xml: %s
ShowSUpdateUI=Yes specified in config.xml.
ShowSUpdateUI=No specified in config.xml.
ShowSUpdateUI
GetWebUpdates=Yes specified in config.xml.
GetWebUpdates=No specified in config.xml.
GetWebUpdates
CheckForSUpdate=Yes specified in config.xml.
CheckForSUpdate=No specified in config.xml.
CheckForSUpdate
/Configuration/SetupUpdates
DistributionPoint parsed. The distribution point is now set to: %s
Location
/Configuration/DistributionPoint
Invalid pidkey specified in config.xml. Ignoring value from config.xml
PIDKEY element successfully parsed in config.xml
/Configuration/PIDKEY
Show cancel button specified in config.xml.
Disable of cancel button specified in config.xml.
NoCancel
No auto accept license specified in config.xml.
Auto accept license specified in config.xml.
AcceptEula
Hide completion notice specified in config.xml.
Show completion notice specified in config.xml with UI level set to none. Forcing modal dialogs to be shown as well.
Show completion notice specified in config.xml.
CompletionNotice
Show modal dialogs specified in config.xml.
Suppression of modal dialogs specified in config.xml.
SuppressModal
Level
/Configuration/Display
Parsed ARPHELPTELEPHONE value: %s
Parsed ARPHELPLINK value: %s
Parsed ARPURLUPDATEINFO value: %s
ARPURLUPDATEINFO
Parsed ARPURLINFOABOUT value: %s
ARPURLINFOABOUT
Parsed ARPNOREMOVE value: true.
Parsed ARPNOREMOVE value: false.
Invalid value specified for ARPNOREMOVE. Setting to false.
Parsed ARPNOMODIFY value: true.
Parsed ARPNOMODIFY value: false.
Invalid value specified for ARPNOMODIFY. Setting to false.
Parsed ARPCONTACT value: '%s'.
Parsed ARPCOMMENTS value: '%s'.
/Configuration/ARP
Log file template: %s specified in config.xml
Template
Log directory: %s specified in config.xml
/Configuration/Logging
Parsed setting: %s with value: %s under package: %s in config.xml
/Configuration/Package
Parsed RemoveLangauge: CultureTag with value: %s in config.xml. Warning : this Culture is specified more than once.
Parsed RemoveLangauge: CultureTag with value: %s in config.xml. NOTE: this Culture will not be removed because it is in the AddLanguage List.
Parsed RemoveLangauge: CultureTag with value: %s in config.xml.
Parsed RemoveLangauge: CultureTag with value: %s in config.xml. Can not specify this value in RemoveLanguage Node; ignoring.
/Configuration/RemoveLanguage
Parsed AddLanguage\ShellTransform: false.
Invalid ShellTransform attribute value specified for AddLanguage. Ignoring value.
ShellTransform
Parsed AddLanguage\ShellTransform: true.
Parsed AddLangauge: CultureTag with value: %s in config.xml. Warning : this Culture is specified more than once.
Parsed AddLangauge: CultureTag with value: %s in config.xml.
Parsed AddLangauge: Found request to include Current-User's Locale, in config.xml.
/Configuration/AddLanguage
Parsed setting: %s with value: %s in config.xml.
Unsupported setting: %s specified in config.xml.
/Configuration/Setting
Preferred product specified in config.xml to be: %s
/Configuration
Parsing config.xml at: %s
BRANDING.XML
SETUP.CHM
ABSENT
ADVERTISED
Keyword
QuietArg
REMOVEPREVIOUS
Category
culture
Culture
servertype
ServerType
OptionRef
ProductCode
UIString
LanguagePack
UseUninstallMSI
Value
LOCAL
State
InstalledPath
backend
Product
match
Exclude
Setting
LICREPAIR
LICTYPE
REPAIR
INSTALL
Execute
AFTER
BEFORE
ChainPosition
2346789BCDFGHJKMPQRTVWXY
INSTALLAUXDSP
WINVISTAORLATER
DisallowAdvertise
DisallowAbsent
DefaultState
FollowParent
Hidden
PreReq
TerminalServer
OptionDependency
Option
MSIVersion
version
stopTime
status
startTime
result
productVersion
productCode
patchCode
packageType
integratorVersion
integrator
handlerVersion
handler
engineVersion
detail
context
command
Result
Property
Properties
InstMspResults
EventMessage
Detail
MSICode
MSPVersion
MSPPacklet
MSPCode
Warning: changing setup temp folder from [%s] to [%s].
Setup temp folder set to [%s].
Setup%08x
Conflicting command line parameters specified.
Uninstall requested for product: %s
Repair requested for product: %s
Modify requested for product: %s
Unrecognized command line parameter: %s
Invalid command line argument: /dll used without specifying a preferred dll.
Invalid command line arguments. The preferred dll is already set when parsing '%s'.
Invalid command line argument: /uninstall used without specifying a Product ID.
Invalid command line argument: /repair used without specifying a Product ID.
Invalid command line argument: /modify used without specifying a Product ID.
Invalid command line arguments. The active Product ID is already set when parsing '%s'.
Invalid command line argument: /adminfile used without specifying an admin file/path.
Invalid command line argument: /config used without specifying a config.xml file.
Running SETUPEXE as a COM server.
-EMBEDDING
/EMBEDDING
-UNINSTALL
/UNINSTALL
-REPAIR
/REPAIR
-MODIFY
/MODIFY
Admin customization tool enabled
-ADMIN
/ADMIN
Admin patch file/path specified: %s
-ADMINFILE
/ADMINFILE
SHOWPLATFORMINFO
Config XML file specified: %s
-CONFIG
/CONFIG
Handling command line option: %s
Parsing command line.
No command line arguments given
Command line: %s
Software\Policies
No Themes
aero.msstyles
Metallic
HomeStead
NormalColor
luna.msstyles
tmsodatalast.dat
\Microsoft\Office\
14.0\
Administrator
%AppShortName%
%ComponentLang%
%WebLocale%
%HelpLang%
%InstallLang%
%UILang%
%ApplicationName%
%OfficeComponentCode%
%AppComponentCode%
%ProductCode%
msi.dll
oleacc.dll
POWRPROF.dll
KERNEL32.DLL
NETAPI32.dll
PackageGUID
Software\Microsoft\Office\14.0\CVH\VirtualProductInfo
mso.dll
software\microsoft\office\14.0\common\filespaths
SspiCli.DLL
NCrypt.dll
BCrypt.dll
Wscapi.DLL
DwmApi.DLL
PropSys.DLL
OSPPCEXT.DLL
OSPPC.DLL
DavClnt.DLL
Rasdlg.DLL
Rasapi32.DLL
MsoXev.DLL
Sensapi.DLL
Secur32.DLL
Setupapi.DLL
WsmEng.DLL
Credui.DLL
gdi32.DLL
UxTheme.DLL
Mscat32.DLL
Wtsapi32.DLL
Netapi32.DLL
WFF.DLL
Activeds.DLL
Shlwapi.DLL
Kernel32.DLL
Winspool.DRV
Mssign32.DLL
MsoHev.DLL
Riched20.DLL
VBE7.DLL
Advapi32.DLL
Softpub.DLL
Wintrust.DLL
WININET.DLL
ODMA32.DLL
OLEACC.DLL
MSJET40.DLL
URLMON.DLL
HLINK.DLL
MAPI32.DLL
WINMM.DLL
VERSION.DLL
COMDLG32.DLL
COMCTL32.DLL
SHELL32.DLL
WINNLS.DLL
GDI32.DLL
USER32.DLL
comctl32.dll
PQRSPQRSPQRSPQRSPQRSPQRS
ZabZ::Z5cd::7:7C
mscoree.dll
(null)
.XPath
SelectionLanguage
LIS SOURCELIST = %s
SOURCELIST
D:(A;;0x120003;;;IU)
D:(A;;0x120001;;;IU)
D:(A;;0x120003;;;IU)
D:(A;;0x120003;;;IU)
D:(A;;0x12001F;;;IU)
D:(A;;0x1203FF;;;IU)
D:(A;;0xA201FD;;;IU)
D:(A;;0x120FFF;;;IU)
D:(A;;0x120003;;;BA)
D:(A;;0x120001;;;BA)
D:(A;;0x120003;;;BA)
D:(A;;0x120003;;;BA)
D:(A;;0x12001F;;;BA)
D:(A;;0x1203FF;;;BA)
D:(A;;0x1201FD;;;BA)
D:(A;;0x120FFF;;;BA)
IDI_SHELL
VS_VERSION_INFO
StringFileInfo
000004E4
CompanyName
Microsoft Corporation
FileDescription
Microsoft Setup Bootstrapper
FileVersion
14.0.4755.1000
InternalName
setup.exe
LegalCopyright
2010 Microsoft Corporation. All rights reserved.
LegalTrademarks1
is a registered trademark of Microsoft Corporation.
LegalTrademarks2
is a registered trademark of Microsoft Corporation.
OriginalFilename
setup.exe
ProductName
Microsoft Setup Bootstrapper
ProductVersion
14.0.4755.1000
VarFileInfo
Translation
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20160901
MicroWorld-eScan 未发现病毒 20160904
nProtect 未发现病毒 20160904
CMC 未发现病毒 20160901
CAT-QuickHeal 未发现病毒 20160904
McAfee 未发现病毒 20160904
Malwarebytes 未发现病毒 20160904
VIPRE 未发现病毒 20160831
AegisLab 未发现病毒 20160904
TheHacker 未发现病毒 20160903
Alibaba 未发现病毒 20160901
K7GW 未发现病毒 20160904
K7AntiVirus 未发现病毒 20160904
Invincea 未发现病毒 20160830
Baidu 未发现病毒 20160903
F-Prot 未发现病毒 20160904
Symantec 未发现病毒 20160904
ESET-NOD32 未发现病毒 20160904
TrendMicro-HouseCall 未发现病毒 20160904
Avast 未发现病毒 20160904
ClamAV 未发现病毒 20160904
GData 未发现病毒 20160904
Kaspersky 未发现病毒 20160904
BitDefender 未发现病毒 20160904
NANO-Antivirus 未发现病毒 20160904
SUPERAntiSpyware 未发现病毒 20160904
Tencent 未发现病毒 20160904
Ad-Aware 未发现病毒 20160904
Emsisoft 未发现病毒 20160904
Comodo 未发现病毒 20160904
F-Secure 未发现病毒 20160904
DrWeb 未发现病毒 20160904
Zillya 未发现病毒 20160902
TrendMicro 未发现病毒 20160904
McAfee-GW-Edition 未发现病毒 20160904
Sophos 未发现病毒 20160904
Cyren 未发现病毒 20160904
Jiangmin 未发现病毒 20160904
Avira 未发现病毒 20160904
Antiy-AVL 未发现病毒 20160904
Kingsoft 未发现病毒 20160904
Arcabit 未发现病毒 20160904
ViRobot 未发现病毒 20160904
Microsoft 未发现病毒 20160904
AhnLab-V3 未发现病毒 20160904
ALYac 未发现病毒 20160904
AVware 未发现病毒 20160904
VBA32 未发现病毒 20160902
Zoner 未发现病毒 20160904
Rising 未发现病毒 20160904
Yandex 未发现病毒 20160904
Ikarus 未发现病毒 20160904
Fortinet 未发现病毒 20160904
AVG 未发现病毒 20160904
Panda 未发现病毒 20160904
Qihoo-360 未发现病毒 20160904

进程树

setup.exe, PID: 2064, 上一级进程 PID: 1472
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
93.46.8.89 意大利
58.211.137.192 中国
23.44.155.27 美国
198.41.214.186 美国
117.18.237.29 亚洲太平洋地区

TCP

源地址 源端口 目标地址 目标端口
192.168.122.70 49353 117.18.237.29 ocsp.digicert.com 80
192.168.122.70 49346 178.255.83.1 80
192.168.122.70 49354 198.41.214.186 ocsp.msocsp.com 80
192.168.122.70 49359 23.32.241.26 80
192.168.122.70 49342 23.44.155.27 ss.symcd.com 80
192.168.122.70 49345 23.44.155.27 ss.symcd.com 80
192.168.122.70 49355 23.44.155.27 ss.symcd.com 80
192.168.122.70 49357 23.44.155.27 ss.symcd.com 80
192.168.122.70 49358 23.44.155.27 ss.symcd.com 80
192.168.122.70 49343 58.211.137.192 ocsp2.globalsign.com 80
192.168.122.70 49351 58.211.137.192 ocsp2.globalsign.com 80
192.168.122.70 49361 58.211.137.192 ocsp2.globalsign.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.70 49587 192.168.122.1 53
192.168.122.70 49765 192.168.122.1 53
192.168.122.70 50445 192.168.122.1 53
192.168.122.70 51014 192.168.122.1 53
192.168.122.70 53017 192.168.122.1 53
192.168.122.70 54315 192.168.122.1 53
192.168.122.70 55256 192.168.122.1 53
192.168.122.70 55583 192.168.122.1 53
192.168.122.70 57997 192.168.122.1 53
192.168.122.70 60193 192.168.122.1 53
192.168.122.70 60228 192.168.122.1 53
192.168.122.70 60614 192.168.122.1 53
192.168.122.70 61230 192.168.122.1 53
192.168.122.70 62263 192.168.122.1 53
192.168.122.70 63780 192.168.122.1 53
192.168.122.70 64732 192.168.122.1 53
192.168.122.70 65053 192.168.122.1 53
192.168.122.70 65064 192.168.122.1 53
192.168.122.70 65276 192.168.122.1 53
192.168.122.70 137 192.168.122.255 137
192.168.122.70 138 192.168.122.255 138
192.168.122.70 5355 192.168.122.69 53197
192.168.122.70 5355 192.168.122.69 64810
192.168.122.70 49465 224.0.0.252 5355
192.168.122.70 49475 224.0.0.252 5355
192.168.122.70 49500 224.0.0.252 5355
192.168.122.70 49534 224.0.0.252 5355
192.168.122.70 50117 224.0.0.252 5355
192.168.122.70 51346 224.0.0.252 5355
192.168.122.70 51435 224.0.0.252 5355
192.168.122.70 53257 224.0.0.252 5355
192.168.122.70 54662 224.0.0.252 5355
192.168.122.70 54690 224.0.0.252 5355
192.168.122.70 54923 224.0.0.252 5355
192.168.122.70 55465 224.0.0.252 5355
192.168.122.70 56181 224.0.0.252 5355
192.168.122.70 59175 224.0.0.252 5355
192.168.122.70 59247 224.0.0.252 5355
192.168.122.70 59255 224.0.0.252 5355
192.168.122.70 59456 224.0.0.252 5355
192.168.122.70 60069 224.0.0.252 5355
192.168.122.70 60304 224.0.0.252 5355
192.168.122.70 60311 224.0.0.252 5355
192.168.122.70 60339 224.0.0.252 5355
192.168.122.70 61171 224.0.0.252 5355
192.168.122.70 61458 224.0.0.252 5355
192.168.122.70 61735 224.0.0.252 5355
192.168.122.70 61978 224.0.0.252 5355
192.168.122.70 62141 224.0.0.252 5355
192.168.122.70 62909 224.0.0.252 5355
192.168.122.70 63048 224.0.0.252 5355
192.168.122.70 57195 239.255.255.250 1900
192.168.122.70 123 52.169.179.91 123

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
ss.symcd.com CNAME ocsp-ds.ws.symantec.com.edgekey.net
CNAME e8218.dscb1.akamaiedge.net
A 23.44.155.27
ocsp2.globalsign.com CNAME cdn.globalsigncdn.com
A 58.211.137.192
tl.symcd.com
ocsp.omniroot.com A 93.46.8.89
CNAME wac.BFDD.edgecastcdn.net
ocsp.globalsign.com
ocsp.digicert.com CNAME cs9.wac.phicdn.net
A 117.18.237.29
ocsp.msocsp.com A 198.41.214.185
CNAME hostedocsp.globalsign.com
A 198.41.214.186
A 198.41.214.187
A 198.41.215.183
A 198.41.215.182
A 198.41.215.185
A 198.41.214.183
A 198.41.215.184
A 198.41.215.186
A 198.41.214.184
s.symcd.com
ocsp.verisign.com

TCP

源地址 源端口 目标地址 目标端口
192.168.122.70 49353 117.18.237.29 ocsp.digicert.com 80
192.168.122.70 49346 178.255.83.1 80
192.168.122.70 49354 198.41.214.186 ocsp.msocsp.com 80
192.168.122.70 49359 23.32.241.26 80
192.168.122.70 49342 23.44.155.27 ss.symcd.com 80
192.168.122.70 49345 23.44.155.27 ss.symcd.com 80
192.168.122.70 49355 23.44.155.27 ss.symcd.com 80
192.168.122.70 49357 23.44.155.27 ss.symcd.com 80
192.168.122.70 49358 23.44.155.27 ss.symcd.com 80
192.168.122.70 49343 58.211.137.192 ocsp2.globalsign.com 80
192.168.122.70 49351 58.211.137.192 ocsp2.globalsign.com 80
192.168.122.70 49361 58.211.137.192 ocsp2.globalsign.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.70 49587 192.168.122.1 53
192.168.122.70 49765 192.168.122.1 53
192.168.122.70 50445 192.168.122.1 53
192.168.122.70 51014 192.168.122.1 53
192.168.122.70 53017 192.168.122.1 53
192.168.122.70 54315 192.168.122.1 53
192.168.122.70 55256 192.168.122.1 53
192.168.122.70 55583 192.168.122.1 53
192.168.122.70 57997 192.168.122.1 53
192.168.122.70 60193 192.168.122.1 53
192.168.122.70 60228 192.168.122.1 53
192.168.122.70 60614 192.168.122.1 53
192.168.122.70 61230 192.168.122.1 53
192.168.122.70 62263 192.168.122.1 53
192.168.122.70 63780 192.168.122.1 53
192.168.122.70 64732 192.168.122.1 53
192.168.122.70 65053 192.168.122.1 53
192.168.122.70 65064 192.168.122.1 53
192.168.122.70 65276 192.168.122.1 53
192.168.122.70 137 192.168.122.255 137
192.168.122.70 138 192.168.122.255 138
192.168.122.70 5355 192.168.122.69 53197
192.168.122.70 5355 192.168.122.69 64810
192.168.122.70 49465 224.0.0.252 5355
192.168.122.70 49475 224.0.0.252 5355
192.168.122.70 49500 224.0.0.252 5355
192.168.122.70 49534 224.0.0.252 5355
192.168.122.70 50117 224.0.0.252 5355
192.168.122.70 51346 224.0.0.252 5355
192.168.122.70 51435 224.0.0.252 5355
192.168.122.70 53257 224.0.0.252 5355
192.168.122.70 54662 224.0.0.252 5355
192.168.122.70 54690 224.0.0.252 5355
192.168.122.70 54923 224.0.0.252 5355
192.168.122.70 55465 224.0.0.252 5355
192.168.122.70 56181 224.0.0.252 5355
192.168.122.70 59175 224.0.0.252 5355
192.168.122.70 59247 224.0.0.252 5355
192.168.122.70 59255 224.0.0.252 5355
192.168.122.70 59456 224.0.0.252 5355
192.168.122.70 60069 224.0.0.252 5355
192.168.122.70 60304 224.0.0.252 5355
192.168.122.70 60311 224.0.0.252 5355
192.168.122.70 60339 224.0.0.252 5355
192.168.122.70 61171 224.0.0.252 5355
192.168.122.70 61458 224.0.0.252 5355
192.168.122.70 61735 224.0.0.252 5355
192.168.122.70 61978 224.0.0.252 5355
192.168.122.70 62141 224.0.0.252 5355
192.168.122.70 62909 224.0.0.252 5355
192.168.122.70 63048 224.0.0.252 5355
192.168.122.70 57195 239.255.255.250 1900
192.168.122.70 123 52.169.179.91 123

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://ss.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV%2Bc%2FAZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEFYLnHjjHwADjD39iRSceNk%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV%2Bc%2FAZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEFYLnHjjHwADjD39iRSceNk%3D HTTP/1.1
Cache-Control: max-age = 471898
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Fri, 22 Jan 2016 20:24:23 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ss.symcd.com
URL专业沙箱检测 -> http://ocsp2.globalsign.com/gsorganizationvalg2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV%2FtqUV3SNMRE%2Bs25eR%2FvhjwQUXUayjcRLdBy77fVztjq3OI91nn4CEhEhyNkSBZL0u2zY4jc9udsWFw%3D%3D 
GET /gsorganizationvalg2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV%2FtqUV3SNMRE%2Bs25eR%2FvhjwQUXUayjcRLdBy77fVztjq3OI91nn4CEhEhyNkSBZL0u2zY4jc9udsWFw%3D%3D HTTP/1.1
Cache-Control: max-age = 180
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 24 Jan 2016 08:12:59 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com
URL专业沙箱检测 -> http://tl.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSFBjxN%2BWY73bfUnSOp7HDKJ%2Fbx0wQUV4abVLi%2BpimK5PbC4hMYiYXN3LcCEFV%2F%2FzzjA%2F6oY6Vtno9bzTU%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSFBjxN%2BWY73bfUnSOp7HDKJ%2Fbx0wQUV4abVLi%2BpimK5PbC4hMYiYXN3LcCEFV%2F%2FzzjA%2F6oY6Vtno9bzTU%3D HTTP/1.1
Cache-Control: max-age = 381196
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 21 Jan 2016 16:19:41 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: tl.symcd.com
URL专业沙箱检测 -> http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1
Cache-Control: max-age = 311241
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 23 Jan 2016 23:57:39 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.usertrust.com
URL专业沙箱检测 -> http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH 
GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH HTTP/1.1
Cache-Control: max-age = 10800
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 24 Jan 2016 05:50:23 GMT
If-None-Match: "611749fc10ad79b9b9cd23c4bf787c5ae78576ef"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.globalsign.com
URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D HTTP/1.1
Cache-Control: max-age = 500863
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 23 Jan 2016 22:46:14 GMT
If-None-Match: "56a402b6-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
URL专业沙箱检测 -> http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAN43VPPQBXGCMiwAAQAA3jc%3D 
GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAN43VPPQBXGCMiwAAQAA3jc%3D HTTP/1.1
Cache-Control: max-age = 10800
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 24 Jan 2016 06:30:15 GMT
If-None-Match: "77a3ed05d7337d023a726d1efae9caf1857cedc9"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.msocsp.com
URL专业沙箱检测 -> http://ss.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV%2Bc%2FAZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEC7Ss3YcBffkpx9UsN1ZWpU%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV%2Bc%2FAZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEC7Ss3YcBffkpx9UsN1ZWpU%3D HTTP/1.1
Cache-Control: max-age = 535551
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 23 Jan 2016 14:04:33 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ss.symcd.com
URL专业沙箱检测 -> http://s.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEBkaMst1nJe4z6wRjdUSf0k%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEBkaMst1nJe4z6wRjdUSf0k%3D HTTP/1.1
Cache-Control: max-age = 584283
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 24 Jan 2016 03:35:04 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: s.symcd.com
URL专业沙箱检测 -> http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X%2B%2BhEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEDWXMYfzhzoHMn7OWAybfto%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X%2B%2BhEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEDWXMYfzhzoHMn7OWAybfto%3D HTTP/1.1
Cache-Control: max-age = 361610
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 21 Jan 2016 13:39:51 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
URL专业沙箱检测 -> http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl 
GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 28 Nov 2015 06:02:10 GMT
If-None-Match: "4ea8b151a229d11:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
URL专业沙箱检测 -> http://ocsp2.globalsign.com/gsorganizationvalsha2g2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCEhEhGuAGlWtDRHAtLRzCaILaCA%3D%3D 
GET /gsorganizationvalsha2g2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCEhEhGuAGlWtDRHAtLRzCaILaCA%3D%3D HTTP/1.1
Cache-Control: max-age = 180
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 24 Jan 2016 03:25:57 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 38.62 seconds )

  • 34.142 NetworkAnalysis
  • 1.875 VirusTotal
  • 1.604 Static
  • 0.277 TargetInfo
  • 0.271 peid
  • 0.239 BehaviorAnalysis
  • 0.122 Strings
  • 0.05 Debug
  • 0.022 AnalysisInfo
  • 0.012 config_decoder
  • 0.003 Memory
  • 0.002 Dropped
  • 0.001 ProcessMemory

Signatures ( 0.155 seconds )

  • 0.023 antiav_detectfile
  • 0.019 antiav_detectreg
  • 0.016 infostealer_bitcoin
  • 0.014 infostealer_ftp
  • 0.01 stealth_timeout
  • 0.009 antivm_vbox_files
  • 0.009 infostealer_im
  • 0.006 infostealer_mail
  • 0.005 persistence_autorun
  • 0.005 geodo_banking_trojan
  • 0.004 antianalysis_detectreg
  • 0.003 network_tor
  • 0.003 betabot_behavior
  • 0.003 antidbg_devices
  • 0.003 network_torgateway
  • 0.003 rat_pcclient
  • 0.002 tinba_behavior
  • 0.002 kibex_behavior
  • 0.002 disables_browser_warn
  • 0.001 hawkeye_behavior
  • 0.001 kazybot_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 shifu_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_vmware_files
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 modify_proxy
  • 0.001 browser_security
  • 0.001 ransomware_files
  • 0.001 sniffer_winpcap
  • 0.001 targeted_flame

Reporting ( 1.674 seconds )

  • 1.03 ReportPDF
  • 0.629 ReportHTMLSummary
  • 0.015 Malheur
Task ID 16156
Mongo ID 57ce663d4d3bd048e498281d
Cuckoo release 1.4-Maldun