6b2ade22dee08ca975a9510f6932e5e3
Summary
| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| Compilation Date | 2020-May-28 20:24:24 |
| Detected languages |
English - United States
|
| TLS Callbacks | 2 callback(s) detected. |
| Debug artifacts |
d:\dbs\el\apr\target\x86\ship\click2run\en-us\AdminBootstrapper.pdb
|
| CompanyName | Microsoft Corporation |
| FileDescription | Microsoft Office |
| FileVersion | 16.0.12827.20258 |
| InternalName | Bootstrapper.exe |
| LegalTrademarks1 | Microsoft® is a registered trademark of Microsoft Corporation. |
| LegalTrademarks2 | Windows® is a registered trademark of Microsoft Corporation. |
| OriginalFilename | Bootstrapper.exe |
| ProductName | Microsoft Office |
| ProductVersion | 16.0.12827.20258 |
Plugin Output
| Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
| Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to system / monitoring tools:
Contains domain names:
|
| Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Uses constants related to SHA1 Uses constants related to SHA256 Microsoft's Cryptography API |
| Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
| Suspicious | The file contains overlay data. | 78736 bytes of data starting at offset 0x561338. |
| Info | The PE is digitally signed. |
Signer: Microsoft Corporation
Issuer: Microsoft Code Signing PCA 2010 |
| Suspicious | VirusTotal score: 2/68 (Scanned on 2020-08-16 00:21:26) |
FireEye:
Generic.mg.6b2ade22dee08ca9
CrowdStrike: win/malicious_confidence_60% (W) |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x130 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 5 |
| TimeDateStamp | 2020-May-28 20:24:24 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
|
Image Optional Header
| Magic | PE32 |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0x2f1400 |
| SizeOfInitializedData | 0x26be00 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x002722A4 (Section: .text) |
| BaseOfCode | 0x1000 |
| BaseOfData | 0x2f4000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 5.2 |
| ImageVersion | 0.0 |
| SubsystemVersion | 5.2 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x560000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0x566236 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.rdata
.data
.rsrc
.reloc
Imports
| ADVAPI32.dll |
RegCreateKeyExW
RegCloseKey EventWriteTransfer EventRegister EventUnregister RegQueryValueExW RegOpenKeyExW RegEnumKeyExW RegQueryInfoKeyW RegEnumValueW RegDeleteTreeW RegDeleteKeyW RegGetValueW RegSetValueExW RegDeleteValueW GetTokenInformation IsValidSid GetSidSubAuthorityCount GetSidSubAuthority CryptReleaseContext CryptAcquireContextW CryptDestroyHash CryptGetHashParam CryptCreateHash CryptHashData RegNotifyChangeKeyValue RevertToSelf OpenThreadToken OpenProcessToken GetLengthSid CopySid InitializeAcl AddAccessAllowedAce AllocateAndInitializeSid FreeSid InitializeSecurityDescriptor SetSecurityDescriptorDacl GetSecurityDescriptorDacl ConvertStringSecurityDescriptorToSecurityDescriptorW ConvertSidToStringSidA CheckTokenMembership CreateWellKnownSid EqualSid ImpersonateLoggedOnUser LookupPrivilegeValueW AdjustTokenPrivileges OpenSCManagerW CloseServiceHandle OpenServiceW QueryServiceStatusEx QueryServiceConfigW StartServiceW ControlService EnumDependentServicesW DeleteService CreateServiceW ChangeServiceConfig2W ChangeServiceConfigW SetServiceObjectSecurity RegEnumValueA RegDeleteValueA EventWrite RegSetKeySecurity |
|---|---|
| GDI32.dll |
SetBkColor
SetTextColor CreateSolidBrush DeleteObject GetDeviceCaps CreateFontW SelectObject GetTextMetricsW CreatePen SetDCPenColor Rectangle GetTextExtentPoint32W SetDCBrushColor GetStockObject |
| OLEAUT32.dll |
#8
#9 #6 #2 |
| KERNEL32.dll |
ReadConsoleW
GetCurrentProcess GetModuleHandleExW InitializeCriticalSectionEx GetLastError CompareStringEx GetProcAddress DeleteCriticalSection FreeLibrary FlsFree FlsAlloc IsWow64Process CloseHandle CreateThread GetExitCodeThread GetCurrentThreadId GetModuleFileNameW GetModuleHandleW MultiByteToWideChar FindClose UnmapViewOfFile CreateFileMappingA MapViewOfFile Sleep GetStringTypeExW GetUserDefaultLCID LoadLibraryA LCMapStringW LocalFree FormatMessageA GetSystemTimeAsFileTime TlsAlloc TlsFree FlsGetValue TlsGetValue FlsSetValue TlsSetValue GetTickCount64 K32GetProcessMemoryInfo GlobalMemoryStatusEx LeaveCriticalSection EnterCriticalSection RaiseException WideCharToMultiByte InitializeSRWLock ReleaseSRWLockShared AcquireSRWLockShared ReleaseSRWLockExclusive AcquireSRWLockExclusive GetProcessTimes TerminateProcess GetModuleFileNameA GetShortPathNameA K32GetModuleFileNameExW CreateProcessW LoadLibraryExW FindResourceW SizeofResource LoadResource VerSetConditionMask VerifyVersionInfoW OpenProcess GetCurrentProcessId GetStringTypeW GetVersionExW GetUserDefaultLocaleName IsValidCodePage SetLastError GetSystemTime SystemTimeToFileTime FileTimeToSystemTime GetCPInfoExW GetDiskFreeSpaceExW CreateFileW DeviceIoControl SetErrorMode GetComputerNameW MulDiv FormatMessageW GetLogicalProcessorInformation GetNativeSystemInfo GetSystemDirectoryW HeapFree OutputDebugStringA GetModuleHandleA LoadLibraryW HeapAlloc GetProcessHeap CreateEventW SetEvent WaitForSingleObject WaitForMultipleObjectsEx CreateEventExW WakeConditionVariable WakeAllConditionVariable SleepConditionVariableSRW CloseThreadpoolTimer SetThreadpoolTimer WaitForThreadpoolTimerCallbacks CreateThreadpoolTimer CloseThreadpoolWait SetThreadpoolWait HeapSize CreateThreadpoolWait CreateThreadpoolWork SubmitThreadpoolWork ReleaseSemaphore WaitForSingleObjectEx QueryDepthSList TryEnterCriticalSection InitializeSListHead InterlockedPushEntrySList InterlockedPopEntrySList RtlCaptureStackBackTrace ReleaseMutex TzSpecificLocalTimeToSystemTime GetTempPathW GetLongPathNameW ResetEvent QueryPerformanceCounter QueryPerformanceFrequency VirtualProtectEx GetSystemInfo GlobalFree GlobalAlloc ReadFile WriteFile GetFileSizeEx LockResource SetEndOfFile SetFilePointerEx GetOverlappedResult FlushFileBuffers CancelIoEx GetFileAttributesExW DeleteFileW CreateDirectoryW SetFileAttributesW RemoveDirectoryW GetDriveTypeW FindFirstFileExW FindNextFileW GetFileType CopyFileW MoveFileExW GetTempFileNameW SetFileInformationByHandle GetFileInformationByHandleEx SignalObjectAndWait GetProcessAffinityMask GetLogicalProcessorInformationEx CreateWaitableTimerW SetWaitableTimerEx CancelWaitableTimer GetTickCount WerRegisterMemoryBlock WerUnregisterMemoryBlock QueryFullProcessImageNameW IsProcessorFeaturePresent CreateIoCompletionPort PostQueuedCompletionStatus GetThreadIOPendingFlag GetCurrentThread GetQueuedCompletionStatus IsDebuggerPresent WaitForMultipleObjects GetStartupInfoW CreateMemoryResourceNotification GetSystemPowerStatus IsSystemResumeAutomatic QueryUnbiasedInterruptTime OutputDebugStringW CreateMutexW VirtualFree ExpandEnvironmentStringsW VirtualAlloc OpenEventA CreateEventA OpenMutexA CreateMutexA OpenSemaphoreA CreateSemaphoreA OpenFileMappingA LocalAlloc GetThreadLocale FindFirstFileW lstrcmpW GetFullPathNameW ProcessIdToSessionId GetCommandLineW GetCurrentDirectoryW SetEnvironmentVariableW GetPriorityClass GetExitCodeProcess GetProcessId K32EnumProcesses GetTimeZoneInformation IsValidLocale GetLocaleInfoEx LCIDToLocaleName LocaleNameToLCID GetLocaleInfoW ResolveLocaleName GetUserPreferredUILanguages GetACP LCMapStringEx GetSystemDefaultLCID EnumSystemLocalesEx GetSystemDefaultLocaleName GetUserGeoID GetPhysicallyInstalledSystemMemory GetProductInfo SwitchToThread GetConsoleMode UnregisterWaitEx VirtualProtect FreeLibraryAndExitThread GetThreadTimes UnregisterWait RegisterWaitForSingleObject SetThreadAffinityMask GetNumaHighestNodeNumber ChangeTimerQueueTimer GetThreadPriority SetThreadPriority CreateTimerQueue InterlockedFlushSList RtlUnwind SetUnhandledExceptionFilter UnhandledExceptionFilter CompareStringW GetCPInfo InitializeCriticalSectionAndSpinCount AreFileApisANSI GetFileInformationByHandle EncodePointer DuplicateHandle OpenThread K32GetProcessImageFileNameW GetSystemPreferredUILanguages GetDateFormatW GetTimeFormatW DeleteTimerQueueTimer CreateTimerQueueTimer FreeConsole WriteConsoleW GetStdHandle AllocConsole AttachConsole DecodePointer ExitThread ExitProcess HeapReAlloc EnumSystemLocalesW SetStdHandle GetOEMCP GetCommandLineA GetEnvironmentStringsW FreeEnvironmentStringsW VirtualQuery LoadLibraryExA GetConsoleCP WaitForThreadpoolWaitCallbacks GetLocalTime |
| ole32.dll |
IIDFromString
CoTaskMemAlloc CoTaskMemFree StringFromCLSID CoCreateInstance CoSetProxyBlanket CoCreateFreeThreadedMarshaler StringFromGUID2 CoCreateGuid CoInitializeSecurity CoUninitialize CoInitializeEx CreateStreamOnHGlobal CoRegisterInitializeSpy CoRevokeInitializeSpy CoCancelCall CLSIDFromString CoEnableCallCancellation CoDisableCallCancellation |
| WINTRUST.dll |
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData WinVerifyTrust |
| SETUPAPI.dll |
SetupIterateCabinetW
|
| WS2_32.dll |
FreeAddrInfoW
#115 GetAddrInfoW #116 |
| gdiplus.dll |
GdipDeleteGraphics
GdipFillRectangleI GdipDrawImageRectRectI GdiplusStartup GdipDrawImageRectI GdipLoadImageFromStream GdipCloneBrush GdipFree GdipAlloc GdipCloneImage GdipDisposeImage GdipCreateBitmapFromScan0 GdipGetImageHeight GdipGetImageWidth GdipGetImageGraphicsContext GdipCreateSolidFill GdipDeleteBrush GdipCreateFromHDC |
| RPCRT4.dll |
UuidToStringW
RpcStringFreeW |
| api-ms-win-core-winrt-string-l1-1-0.dll (delay-loaded) |
WindowsDuplicateString
WindowsCreateString WindowsGetStringRawBuffer WindowsCreateStringReference WindowsConcatString WindowsCompareStringOrdinal WindowsDeleteString |
Delayed Imports
| Attributes | 0x1 |
|---|---|
| Name | api-ms-win-core-winrt-string-l1-1-0.dll |
| ModuleHandle | 0x46a540 |
| DelayImportAddressTable | 0x455000 |
| DelayImportNameTable | 0x45148c |
| BoundDelayImportTable | 0 |
| UnloadDelayImportTable | 0 |
| TimeStamp | 1970-Jan-01 00:00:00 |
ID_ANIMATEDLOGO
ID_ANIMATEDLOGO_192
ID_CLOSE
ID_CLOSE_192
ID_CLOSE_192_HC
ID_CLOSE_192_HCW
ID_CLOSE_HC
ID_CLOSE_HCW
ID_ERROR
ID_ERROR_192
ID_LOADINGDOTS
ID_LOADINGDOTS_192
ID_LOADINGDOTS_RTL
ID_LOADINGDOTS_RTL_192
ID_LOGO
ID_LOGO_192
ID_LOGO_192_HC
ID_LOGO_192_HCW
ID_LOGO_HC
ID_LOGO_HCW
ID_MINIMIZE
ID_MINIMIZE_192
ID_MINIMIZE_192_HC
ID_MINIMIZE_192_HCW
ID_MINIMIZE_HC
ID_MINIMIZE_HCW
1
2
3
4
188
189
190
191
192
193
194
195
196
197
198
199
219
220
232
251
252
253
254
256
257
258
259
313
314
315
316
317
319
322
376
377
378
379
380
381
382
383
384
438
439
440
449
101
1 (#2)
1 (#3)
String Table contents
| _scenario_admin_culture_en-us_lcid_1033_platform_x86_productreleaseid_none_ |
| Something went wrong |
| &Close |
| Ready to uninstall? |
| &Uninstall |
| Uninstalling... |
| We're removing Office from your computer now. |
| Close |
| Done uninstalling! |
| Repairing Office |
| We're working on repairing your Office programs. |
| Repairing... |
| &Cancel |
| Save your work before continuing |
| We need to close the following apps: |
| C&ontinue |
| &Cancel |
| Welcome to your new Office! |
| We're getting things ready |
| %d%% - Streaming Office... |
| We tried to close the program called '%s', but weren't able to. |
| Please try closing this program yourself and retry once it has been closed. If this doesn't work, you may need to restart your computer. |
| Please close programs |
| &Yes |
| &No |
| Please save your work first, otherwise you may lose unsaved changes. |
| Other users have programs open on this computer, so closing these programs may cause them to lose unsaved changes. |
| We need to close some programs but weren't able to. |
| Please restart your computer and try again. |
| Microsoft Office |
| Streaming program features ... |
| Microsoft Office |
| Starting program ... |
| Office is installing in the background (%d%%) |
| Please don't go offline or restart your computer. |
| Office is installing in the background. |
| Click here for status. |
| Step 1 of 4 |
| Step 2 of 4 |
| Step 3 of 4 |
| Step 4 of 4 |
| Please reconnect to the internet |
| Office is still installing in the background and needs an internet connection to finish. |
| Please reconnect and your installation will pick up where it left off. |
| Installation is finished! |
| Your Office product is now completely installed. |
| You can now go offline or shut down. |
| Ready to start a Quick Repair? |
| This shouldn't take very long, but you won't be able to use your Office programs until we're done. |
| &Repair |
| Repairing... |
| We're repairing your Office programs and features. |
| This shouldn't take long. Thanks for being patient. |
| Working on it... |
| Done repairing! |
| We've finished repairing your Office programs and features. |
| You can now close this window and use your programs. |
| Close program? |
| This means you'll lose any unsaved changes. |
| Office is busy |
| We're sorry, %s can't be used right now because Office is busy. We're either updating or helping you add or remove some programs. |
| You can try using %s again after we're done. It shouldn't take long. |
| <a href="%s">You can go online to find more help.</a> |
| Error Code: %s |
| Microsoft Office Service |
| Manages resource coordination, background streaming, and system integration of Microsoft Office products and their related updates. This service is required to run during the use of any Microsoft Office program, during initial streaming installation and all subsequent updates. |
| How would you like to repair your Office programs? |
| Quick Repair |
| Online Repair |
| Fixes most issues quickly without the need for an internet connection. |
| Fixes all issues, but takes a little longer and requires an internet connection throughout. You can select this option if you are still having problems after a Quick Repair. |
| &Retry |
| &Uninstall |
| &Ignore |
| Office needs the installation disc |
| Microsoft Office is still installing in the background and requires the disc. Please insert the disc immediately. |
| Closing apps... |
| Please wait while we close your apps. |
| Uninstalling will remove all %s programs, so you won't be able to use them anymore. |
| We noticed you have other Office programs installed. These will stick around, but we recommend repairing them from 'Programs and Features' in the Control Panel once we're done. |
| Office is updating |
| Installing updates for Office |
| Office update complete |
| Office has been successfully updated. |
| Office updates are available |
| Updates are available for Office. Would you like to apply the update for build %s now? |
| Click here to install the Office updates. |
| We'll remove the programs and files you requested from your computer. |
| We've successfully removed %s from your computer. |
| It's not required right away, but we recommend that you restart your computer soon so we can tidy up a few remaining files. |
| Ready to start an Online Repair? |
| We'll download files to repair your installation. This may take some time and requires an internet connection. |
| If you're on a metered connection, this may charge extra. Please keep this in mind when getting online content. |
| Minimize |
| Click here to download them now. |
| Downloading Office updates... |
| You can keep using Office while we download in the background. |
| Office updates are available |
| New updates are available for Office. We can download them in the background and won't interrupt your work. |
| We noticed your internet connection may have a data limit, so you could be charged for the data used to download these updates. |
| Do you want to start downloading updates now? |
| Download updates for Office? |
| New updates for Microsoft Office are available. They will be downloaded in the background and will not interrupt your work in Office. |
| You may incur data charges if you download these updates. |
| Do you want to start downloading the updates now? |
| Always allow Office updates when connected to this network |
| Download Now |
| Postpone |
| Office may appear unresponsive... |
| We're streaming a few required files in the background. This shouldn't take long. |
| Office needs your attention |
| We need your permission to continue. Please click here to finish installing in the background. |
| Checking for updates |
| You're up to date! |
| The latest version of Office is installed on your computer. |
| The latest version of Office approved by your system admin is installed on your computer. |
| Applying updates... |
| Finalizing updates... |
| Microsoft Office Click-to-Run Service |
| Office Updates Available |
| We need to close your Office apps to install the updates. |
| Office will update in %s %s |
| We need to close your Office apps to install the updates. |
| You should save your work now. |
| If you select 'Postpone', the installation will be postponed for 2 hours. |
| Office is updating |
| 1||2- |
| minute||minutes |
| second||seconds |
| Update now |
| Remind me later |
| Postpone |
| We need to close your Office apps to install the updates. |
| You should save your work now. |
| We need to close your Office apps to install the updates. |
| You should save your work now. |
| Last chance to postpone the installation for 2 hours. |
| Updates were installed |
| Your Office updates have been installed. You can use your Office apps now. |
| &Ok |
| Office will update soon |
| We can't start another Uninstall or Repair operation right now. |
| Please try again later. If the problem continues, restart your computer and try again. |
| <a href="%s">You can go online for more help</a> |
| Office Background Streaming |
| Office Automatic Updates |
| Office Subscription Maintenance |
| Updating Office, please wait a moment |
| Unable to start Office |
| We couldn't open Office because we're updating, adding or removing programs. |
| Please try again later. |
| <a href="%s">You can go online to find more help.</a> |
| Error Code: %s |
| All done! |
| Office is now installed. |
| We recommend that you restart your computer. Save and close any open files before you restart. |
| Background installation ran into a problem |
| Please make sure you're still connected to the internet, or try connecting to a different network. |
| We'll automatically resume installation as soon as possible, and you can keep working once we do. |
| <a href="%s">You can go online to find more help.</a> |
| Please make sure the Office installation disk is inserted and that there's enough space on your hard drive to install Office. |
| We'll automatically resume installation as soon as possible, and you can keep working once we do. |
| <a href="%s">You can go online to find more help.</a> |
| Please make sure you're still connected to the internet and that you have permission to install Office from this network location. |
| We'll automatically resume installation as soon as possible, and you can keep working once we do. |
| <a href="%s">You can go online to find more help.</a> |
| Please make sure there's enough space on your hard drive to install Office. |
| We'll automatically resume installation as soon as possible, and you can keep working once we do. |
| <a href="%s">You can go online to find more help.</a> |
| We need to remove some older Office apps |
| We'll have to remove the following product to complete the installation: |
| %s |
| This product doesn't work with your new Office. |
| <a href="%s">Learn why</a> |
| We'll have to remove the following products to complete the installation: |
| %s |
| These products don't work with your new Office. |
| <a href="%s">Learn why</a> |
| https://go.microsoft.com/fwlink/?LinkId=613501 |
| &Install Anyway |
| &Cancel |
| Sorry, we ran into a problem. |
| We're sorry, we couldn't install Office because there isn't enough free space on your hard drive. We'll need %s MB of free disk space to install. |
| We're sorry, but Office needs Microsoft Windows 7 (or later) to install. |
| <a href="%s">Go online to look for additional help.</a> |
| We're sorry, Office (64-bit) couldn't be installed because 32-bit Office programs are already installed on your computer: |
| %s |
| If you need 64-bit Office, please uninstall the above programs first. Otherwise, we recommend installing the 32-bit version of Office instead. |
| <a href="%s">Go online to look for additional help.</a> |
| We're sorry, Office (32-bit) couldn't be installed because 64-bit Office programs are already installed on your computer: |
| %s |
| If you need 32-bit Office, please uninstall the above programs first. Otherwise, we recommend installing the 64-bit version of Office instead. |
| <a href="%s">Go online to look for additional help.</a> |
| An unexpected error occurred in the %s task. This is probably unrecoverable. You may need to clean up and attempt to reinstall. Visit http://c2r to learn how to submit your log files. |
| We ran into a problem. Please try installing Office again. |
| We're sorry, Office couldn't be uninstalled. Please try uninstalling Office again. |
| We're sorry - please try repairing again. |
| If a Quick Repair failed, you can do an Online Repair instead, or try restarting your computer before repairing. |
| %s |
| <a href="%s">Go online for additional help.</a> |
| Error Code: %d-%d %s |
| Sorry, Office ran into a problem because its system service is disabled. Please ensure the Office system service can run, then try again. |
| We couldn't start your program. Please try starting it again. |
| If it won't start, try repairing Office from 'Programs and Features' in the Control Panel. |
| <a href="%s">You can go online to find more help.</a> |
| Sorry, we can't find a required file. Please check that the installation source is reachable, then try again. |
| Sorry, we ran into a problem accessing a required file. Please check that the installation source has the correct permissions, then try again. |
| Sorry, we ran into a problem streaming Office. Please try again later. |
| Sorry, we ran into a problem. Please try again after restarting your computer. |
| We're sorry. We ran into a problem while installing and couldn't finish everything. |
| If another program is installing, please wait for it to finish then click Retry. |
| If you click Ignore, you might need to repair your Office from 'Programs and Features' in the Control Panel later. |
| We're sorry. We ran into a problem while installing and couldn't continue. |
| If another program is installing, please wait for it to finish and then click Retry. |
| &Cancel Installation |
| We are unable to configure the office package |
| We are unable to add and/or remove the products you are requesting. Please verify that you have the correct set of products. |
| Sorry, installation cannot continue because no compatible Office products are detected. |
| You're trying to install a version of Office that isn't compatible with another Office product. Office 2013 is not compatible with versions of Office 2016 prior to 16.0.7167.2040. |
| We are unable to install fonts |
| Sorry, we ran into a problem starting your program. Please try starting it again, or Repair Office from 'Programs and Features' in the Control Panel. |
| We're sorry, but Office needs to be repaired. Please Repair Office from 'Programs and Features' in the Control Panel. |
| <a href="%s">You can go online to find more help.</a> |
| Sorry, we weren't able to start your program. Please try starting it again. |
| If it still won't start, you can try repairing Office from 'Programs and Features' in the Control Panel. |
| Sorry, we weren't able to start your program. Please try starting it again, or try repairing Office from 'Programs and Features' in the Control Panel. |
| Sorry, we ran into a problem updating Office. Please try starting updates again. If you still see this message, you may also need to restart your computer before updating. |
| We're sorry, we ran into a problem while looking for updates. Please check your network connection and try again later. |
| We're sorry, we ran into a problem while downloading updates for Office. Please check your network connection and try again later. |
| We're sorry, we ran into a problem while updating Office. Please try again after restarting your computer. If you continue to experience problems, repair Office from 'Programs and Features' in the Control Panel. |
| We're sorry, but we ran into an error and couldn't start your program. |
| Please try starting your program again, or use the Repair option from the Programs and Features item in your Control Panel if it still won't start. |
| <a href="%s">You can go online to find more help.</a> |
| We couldn't start your program. Please try starting it again. |
| If it won't start, try repairing Office from 'Programs and Features' in the Control Panel. |
| <a href="%s">You can go online to find more help.</a> |
| Error Code: %s |
| Streaming |
| Office can't do that right now because your product is busy with another task. Please wait for this task to complete and try again. |
| <a href="%s">Go online to look for more help.</a> |
| We're sorry, but we are unable to start your program. |
| Please ensure it is not disabled by the system. |
| Online Repairs need the internet and it looks like you may not be connected. |
| You can try a Quick Repair while offline, or try an Online Repair again once you're connected. |
| <a href="%s">If you think you are connected, you can go online to get more help.</a> |
| Something went wrong |
| Please free up some disk space |
| Office needs a later version of Windows |
| We found a problem |
| We found a problem |
| Sorry, we couldn't install Office |
| Couldn't uninstall Office |
| Couldn't repair Office |
| Something went wrong |
| Couldn't stream Office |
| Access denied to installation source |
| Couldn't stream Office |
| System restart required |
| We couldn't install some Office features |
| We couldn't install Office |
| We found a problem |
| Please repair Office |
| Internet connection needed |
| Continuing could be expensive |
| You're connected to a network that limits downloads every month. |
| We need to stream some large files over your network connection to install Office, so we recommend installing while connected to an unrestricted network. |
| If you are sure you won't be charged or exceed your limits by dowloading a large amount, you can choose OK to download and install. Otherwise, you should Cancel and install when connected to a different network. |
| Stopping installation, continuing would be too expensive |
| We're sorry, but you're connected to a network that will charge you for every file you download. |
| We need to stream some large files over your network connection to install and we don't want you to get stuck with the bill. |
| Please retry installing when you are connected to a different, unrestricted network. |
| Administrative Privileges Required |
| Installation requires administrative privileges to make changes to your computer. |
| Please retry installing this product and give the required permission when prompted. |
| If you cannot give these permissions to install, ask your system administrator to help you. |
| Couldn't install |
| We're sorry, we had a problem installing your Office program(s). |
| Is your internet connection working? Do you have enough free space on your main hard drive? |
| Please try installing again after you've checked the above. |
| Office needs a newer version of Windows |
| We're sorry, we couldn't install your Office product because you don't have a modern Windows operating system. |
| You need Microsoft Windows 7 (or newer) to install this product. |
| Couldn't Install Office |
| We're sorry, Office couldn't be installed. |
| Please save the file you used to start this installation to a place you can find easily. Then use Windows Explorer to view that location and try installing Office again. |
| We found a problem! |
| We found a pre-release or Beta version of an Office product on your computer and can't install because of it. |
| Please Uninstall any pre-release Office software using the Programs and Features item in your Control Panel and try installing again. |
| We're sorry, but we can't verify the signature of files required to install your Office product. |
| We need to verify these signatures to keep your computer safe. |
| Please retry installing your product or, if installation continues to fail, try re-downloading your installer if you got it online. Make sure you only download Office products from a trusted source. |
| We found a problem! |
| We're sorry, Office does not work with Windows 8 Consumer Preview. |
| You need the full version of Windows 8. |
| We're sorry, Office (64-bit) couldn't be installed because you have these 32-bit Office programs installed on your computer: |
| %s |
| 64-bit and 32-bit versions of Office programs don't get along, so you can only have one type installed at a time. Please try installing the 32-bit version of Office instead, or uninstall your other 32-bit Office programs and try this installation again. |
| We're sorry, Office (32-bit) couldn't be installed because you have these 64-bit Office programs installed on your computer: |
| %s |
| 32-bit and 64-bit versions of Office programs don't get along, so you can only have one type installed at a time. Please try installing the 64-bit version of Office instead, or uninstall your other 64-bit Office programs and try this installation again. |
| We're sorry, we can't continue because we weren't able to download a required file. Please make sure you're connected to the internet or connect to a different network, then try again. |
| Please free up some disk space |
| We're sorry, we couldn't start installing Office because available disk space is too low. |
| Couldn't start Office installation |
| We're sorry, but we could not successfully start your Office installation. Please try again later. |
| Setup Failed |
| A newer version of Setup is required to install this product |
| We're sorry, but we could not start your Office installation. Another installation is in progress. Please try again later. |
| &Close |
| %s |
| <a href="%s">Go online for additional help.</a> |
| Invalid product %s specified. |
| Error configuring products! |
| We're getting things ready |
| We need to remove some older products |
| Some older products don’t work with Office 2016. Before installing the new Office, we need to remove: |
| %s |
| Important: Once we’ve removed these products, you won’t be able to install the old version again. |
| Remove and Continue |
| &Cancel |
| Couldn't Install Office |
| We are sorry, but we could not complete the installation. |
| We hit an issue trying to uninstall your previous Office version. |
| <a href="%s">Go online for additional help.</a> |
| https://support.microsoft.com/kb/2739501 |
| Save your work before continuing |
| We need to close the following apps: |
| C&ontinue |
| &Cancel |
| Couldn't Install Office |
| We're sorry, Office (64-bit) couldn't be installed because your computer does not support 64-bit applications. Please try installing the 32-bit version of Office instead. |
| We're sorry, we had a problem installing your Office program(s). |
| Please make sure the Office installation disk is inserted. Do you have enough free space on your main hard drive? |
| Please try installing again after you've checked the above. |
| We found a problem! |
| We're sorry, Office Click-to-Run installer encountered a problem because you have these Windows Installer based Office programs installed on your computer: |
| %s |
| Click-to-Run and Windows Installer editions of Office programs don't get along for this version, so you can only have one type installed at a time. Please try installing the Windows Installer edition of Office instead, or uninstall your other Windows Installer based Office programs and try this installation again. |
| Microsoft Office |
| %s |
| <a href="%s">Go online for additional help.</a> |
| Error Code: %s |
| Client update needed. |
| We are sorry, but we could not complete the installation. Please try again later. |
| https://go.microsoft.com/fwlink/?LinkId=613501 |
| <a href="%s">Learn more</a> |
| This installation requires a compatible Microsoft Office program installed on your computer. |
| Stop, you should wait to install Office 2016 |
| We'll have to remove the following if you continue: |
| %s |
| These products don't work with Office 2016 right now. We're working on a solution. |
| <a href="%s">Learn why</a> |
| We'll have to remove the following if you continue: |
| %s |
| This product doesn't work with Office 2016 right now. We're working on a solution. |
| <a href="%s">Learn why</a> |
| I understand. I don't want to wait. |
| &Install Anyway |
| I'll &wait |
| Good News! |
| We're also upgrading: |
| %s |
| <a href="%s">Learn why</a> |
| &Install |
| &Cancel |
| Stop, you should wait to install Office 2016 |
| You won't be able to receive mail from a current mailbox. |
| %s You may want to contact your mailbox provider or system administrator about this issue. |
| <a href="%s">Learn why</a> |
| Business Contact Manager will no longer work. |
| %s |
| <a href="%s">Learn why</a> |
| You won't be able to receive mail from a current mailbox. Business Contact Manager won't work. |
| %s You may want to contact your mailbox provider about these issues. |
| <a href="%s">Learn why</a> |
| Outlook 2016 is not compatible with Exchange 2007. |
| Outlook 2016 requires access to the AutoDiscover service for your Exchange service. |
| Business Contact Manager is not compatible with Outlook 2016. |
| &Install 32-bit |
| &Install 64-bit |
| This installation is for the 64-bit version of Office, but the following 32-bit Office applications are already installed on this computer: |
| %s |
| Want to install 32-bit Office, which will work with your 32-bit applications? Select "Install 32-bit". If you want the 64-bit version, select "Cancel", uninstall your 32-bit Office applications, and start this 64-bit installation again. |
| This installation is for the 32-bit version of Office, but the following 64-bit Office applications are already installed on this computer: |
| %s |
| Want to install 64-bit Office, which will work with your 64-bit applications? Select "Install 64-bit". If you want the 32-bit version, select "Cancel", uninstall your 64-bit Office applications, and start this 32-bit installation again. |
| Sorry, 64-bit and 32-bit Office can’t be installed together |
| %s |
| <a href="%s">Help: Installing 64-bit or 32-bit.</a> |
| Please Wait |
| Office is already being installed. |
| For install status, check the Office notification in the Windows taskbar. |
| We can't install |
| The following product(s) can’t be installed at the same time: |
| %s |
| We can't install |
| To install this product, first uninstall the following product(s) and try again. |
| %s |
| %s |
| <a href="%s">Go online for additional help</a> |
| You need Windows 10 to continue |
| This Office product requires Windows 10. Please upgrade Windows and try installing Office again. |
| %s |
| <a href="%s">Help: Upgrading Windows</a> |
| We can't install |
| This product can't be installed on the selected update channel. Please contact your system administrator and try again. |
| We can't install |
| This product can't be installed on the selected update channel. Please contact your system administrator and try again. |
| We can't install |
| This product can't be installed on the selected update channel. Please contact your system administrator and try again. |
| Couldn't stream Office |
| Sorry, we can't find a required file. Please check that the installation source is reachable, then try again. |
| We found a problem! |
| We found an Office 2013 product on your computer and can't install because of it. |
| Please uninstall any Office 2013 products using the Programs and Features item in your Control Panel and try installing again. |
| Can't install this version of Office |
| Windows 10 in S mode doesn’t support this version of Office. |
| Use Office Version 1902 or later, or switch out of S mode. |
| Can't install this version of Office |
| This version of Office requires a newer version of Windows. |
| We recommend you move to Windows 10. |
| %s |
| %s |
| <a href="%s">Learn more</a> |
| Downloading office at %d Mbps. This is too slow to have a great streaming experience; programs may become unresponsive. |
| Downloading office at %d Mbps. Your network is the bottleneck for streaming. This is too slow to have a great streaming experience; programs may become unresponsive. |
| Downloading office at %d Mbps. Your CPU is the bottleneck for streaming. This is too slow to have a great streaming experience; programs may become unresponsive. |
| Downloading office at %d Mbps. Your hard drive is the bottleneck for streaming. This is too slow to have a great streaming experience; programs may become unresponsive. |
| Downloading office at %d Mbps. Your anti-virus software is the bottleneck for streaming. This is too slow to have a great streaming experience; programs may become unresponsive. |
| Downloading office at %d Mbps. This is a little slow for streaming; programs may be slow to respond. |
| Downloading office at %d Mbps. Your network is the bottleneck for streaming. This is a little slow for streaming; programs may be slow to respond. |
| Downloading office at %d Mbps. Your CPU is the bottleneck for streaming. This is a little slow for streaming; programs may be slow to respond. |
| Downloading office at %d Mbps. Your hard drive is the bottleneck for streaming. This is a little slow for streaming; programs may be slow to respond. |
| Downloading office at %d Mbps. Your anti-virus software is the bottleneck for streaming. This is a little slow for streaming; programs may be slow to respond. |
| Downloading office at %d Mbps. |
| Downloading office at %d Mbps. Your network is the bottleneck for streaming. |
| Downloading office at %d Mbps. Your CPU is the bottleneck for streaming. |
| Downloading office at %d Mbps. Your hard drive is the bottleneck for streaming. |
| Downloading office at %d Mbps. Your anti-virus software is the bottleneck for streaming. |
| Sorry, it looks like you're on a slow connection, so this might take a while. |
| Downloading |
| We were unable to download Office. Please check your internet connection and try again. |
| You have a newer version of Office installed |
| We have detected these newer versions of Office installed on your device. |
| %s |
| If you want to install an older version of Office, please remove these newer products and try again. |
| <a href="%s">Learn more about removing Office products</a> |
| &Close |
| https://support.microsoft.com/kb/2739501 |
| We have detected newer versions of Office installed on your device. |
| If you want to install an older version of Office, please remove the newer products and try again. |
| <a href="%s">Learn more about removing Office products</a> |
| Microsoft Office Logo |
Version Info
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 16.0.12827.20258 |
| ProductVersion | 16.0.12827.20258 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language | UNKNOWN |
| CompanyName | Microsoft Corporation |
| FileDescription | Microsoft Office |
| FileVersion (#2) | 16.0.12827.20258 |
| InternalName | Bootstrapper.exe |
| LegalTrademarks1 | Microsoft® is a registered trademark of Microsoft Corporation. |
| LegalTrademarks2 | Windows® is a registered trademark of Microsoft Corporation. |
| OriginalFilename | Bootstrapper.exe |
| ProductName | Microsoft Office |
| ProductVersion (#2) | 16.0.12827.20258 |
| Resource LangID | English - United States |
|---|
IMAGE_DEBUG_TYPE_CODEVIEW
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2020-May-28 20:24:24 |
| Version | 0.0 |
| SizeofData | 280 |
| AddressOfRawData | 0x2f2108 |
| PointerToRawData | 0x2f1508 |
| Referenced File | d:\dbs\el\apr\target\x86\ship\click2run\en-us\AdminBootstrapper.pdb |
IMAGE_DEBUG_TYPE_RESERVED
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2020-May-28 20:24:24 |
| Version | 576.27412 |
| SizeofData | 4 |
| AddressOfRawData | 0x2f2220 |
| PointerToRawData | 0x2f1620 |
TLS Callbacks
| StartAddressOfRawData | 0x809238 |
|---|---|
| EndAddressOfRawData | 0x809300 |
| AddressOfIndex | 0x86ae5c |
| AddressOfCallbacks | 0x6f3f94 |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_ALIGN_8BYTES
|
| Callbacks |
0x00672EE4
0x00672F62 |
Load Configuration
| Size | 0xa0 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0x800 |
| EditList | 0 |
| SecurityCookie | 0x8552e4 |
| SEHandlerTable | 0x805d04 |
| SEHandlerCount | 3355 |
RICH Header
| XOR Key | 0x74271c20 |
|---|---|
| Unmarked objects | 0 |
| ASM objects (26715) | 24 |
| C++ objects (26715) | 196 |
| ASM objects (VS 2015/2017 runtime 26706) | 25 |
| C objects (VS 2015/2017 runtime 26706) | 39 |
| C objects (41204) | 7 |
| ASM objects (41204) | 2 |
| 263 (26715) | 2 |
| C objects (26715) | 37 |
| 262 (26715) | 5 |
| Imports (26715) | 25 |
| Total imports | 844 |
| C++ objects (VS 2015/2017 runtime 26706) | 132 |
| C++ objects (VS2017 v15.9.16-18 compiler 27034) | 150 |
| 265 (VS2017 v15.9.16-18 compiler 27034) | 1304 |
| Resource objects (VS2017 v15.9.16-18 compiler 27034) | 1 |
| 151 | 1 |
| Linker (VS2017 v15.9.16-18 compiler 27034) | 1 |