e93cf7c4...3775 | Grouped Behavior
Logo
Try VMRay Analyzer
VTI SCORE: 93/100
Dynamic Analysis Report
Classification: Dropper, Rootkit, Spyware, Downloader

e93cf7c4f464ff015bda21fed805744beaf2d631ccd7cc81eb8a434a5bc73775 (SHA256)

adobereader_dcupd_en_cra_install.exe

Windows Exe (x86-32)

Created at 2018-08-28 10:26:00

...

Notifications (2/3)

Some extracted files may be missing in the report since the total file extraction size limit was reached during the analysis. You can increase the limit in the configuration settings.

The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.

Code overwrite was observed during this analysis. Note that the analysis results may be affected by this modification by the sample.

Grouped Sequential

Monitored Processes

Process Graph

Process Graph Legend
Process Overview
»
ID PID Monitor Reason Integrity Level Image Name Command Line Origin ID
#1 0xa04 Analysis Target High (Elevated) adobereader_dcupd_en_cra_install.exe "C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe" -
#2 0xa44 RPC Server System (Elevated) msiexec.exe C:\Windows\system32\msiexec.exe /V #1
#3 0xa6c Child Process High (Elevated) msiexec.exe C:\Windows\system32\MsiExec.exe -Embedding 184DC0E98E8691C9B1AAA08C2752D03C C #2
#5 0xbc0 Child Process High (Elevated) adobereader_dcupd_en_cra_install.exe "C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe" /i "C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi" CHAINERUIPROCESSID="2564Chainer" EXECUTEACTION="INSTALL" SECONDSEQUENCE="1" CLIENTPROCESSID="2564" ADDLOCAL="MainFeature,RequiredApplication" ACTION="INSTALL" CLIENTUILEVEL="0" PRIMARYFOLDER="APPDIR" ROOTDRIVE="C:\" AI_PREREQFILES="C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe" AI_PREREQDIRS="C:\Users\EEBsYm5\AppData\Roaming\Adobe" EXE_CMD_LINE="/exenoupdates /exelang 0 /noprereqs " AI_SETUPEXEPATH="C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe" SETUPEXEDIR="C:\Users\EEBsYm5\Desktop\" TARGETDIR="C:\" APPDIR="C:\Program Files\Adobe\Adobe Reader\" #1
#10 0xd78 Child Process High (Elevated) msiexec.exe C:\Windows\system32\MsiExec.exe -Embedding DF038523499942DC9F17A1C1DC9158CF #2
#11 0xdf0 Child Process High (Elevated) setup.exe "C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe" #3
#12 0xe08 Child Process High (Elevated) cmd.exe cmd /c ""C:\inst_fold\waitbefore.bat" " #11
#19 0xea8 Child Process High (Elevated) 7zaa.exe "C:\inst_fold\7zaa.exe" x -oC:\inst_fold -pdsiSDJJiojeflOSIOwp3#DSIJ23jeewE@_SDD_as2 C:\inst_fold\arm.7z #11
#20 0xee8 Child Process High (Elevated) fp.exe "C:\inst_fold\fp.exe" #11
#21 0xf04 Child Process High (Elevated) armstart.exe "C:\inst_fold\armstart.exe" #20
#22 0xf20 Child Process High (Elevated) installer.exe "C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe" /rsetup #21
#23 0xf40 Child Process High (Elevated) msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi" /qn #22
#24 0xf68 Child Process High (Elevated) msiexec.exe C:\Windows\system32\MsiExec.exe -Embedding A4D0C1CE16160E0F223C158924CA3115 #2
#25 0xf90 Child Process High (Elevated) rfusclient.exe "C:\Program Files\Remote Utilities - Host\rfusclient.exe" -msi_copy "C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi" #2
#26 0xfa8 Child Process System (Elevated) rutserv.exe "C:\Program Files\Remote Utilities - Host\rutserv.exe" /silentinstall #2
#27 0xfc4 Child Process System (Elevated) rutserv.exe "C:\Program Files\Remote Utilities - Host\rutserv.exe" /firewall #2
#31 0x504 Child Process System (Elevated) rutserv.exe "C:\Program Files\Remote Utilities - Host\rutserv.exe" /start #2
#32 0x894 Child Process High (Elevated) cmd.exe cmd /c C:\Users\EEBsYm5\AppData\Local\Temp\killself.bat #22
#35 0x1d8 Created Daemon System (Elevated) services.exe C:\Windows\system32\services.exe #31
#45 0x7ec Child Process System (Elevated) rutserv.exe "C:\Program Files\Remote Utilities - Host\rutserv.exe" #35
#46 0x5ac Injection Medium explorer.exe C:\Windows\Explorer.EXE #45
#47 0x58c Injection High (Elevated) taskeng.exe taskeng.exe {7737867F-ACDD-43AC-B745-B8B549957EED} S-1-5-21-3785418085-2572485238-895829336-1000:CRH2YWU7\EEBsYm5:Interactive:Highest[1] #45

Behavior Information - Grouped by Category

Process #1: adobereader_dcupd_en_cra_install.exe
3194 0
»
Information Value
ID #1
File Name c:\users\eebsym5\desktop\adobereader_dcupd_en_cra_install.exe
Command Line "C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe"
Initial Working Directory C:\Users\EEBsYm5\Desktop\
Monitor Start Time: 00:00:38, Reason: Analysis Target
Unmonitor End Time: 00:03:53, Reason: Terminated by Timeout
Monitor Duration 00:03:15
OS Process Information
»
Information Value
PID 0xa04
Parent PID 0x5ac (c:\windows\explorer.exe)
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x A08
0x A0C
0x A10
0x A14
0x A18
0x A1C
0x A28
0x A2C
0x A30
0x A34
0x A38
0x A3C
0x A40
0x A64
0x A68
0x A90
0x AA0
0x AA8
0x AE0
0x AE4
0x AE8
0x BB0
0x BB8
0x DA4
0x DD0
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000040000 0x00040000 0x00041fff Pagefile Backed Memory r True False False -
locale.nls 0x00050000 0x000b6fff Memory Mapped File r False False False -
pagefile_0x00000000000c0000 0x000c0000 0x00187fff Pagefile Backed Memory r True False False -
private_0x0000000000190000 0x00190000 0x00190fff Private Memory rw True False False -
private_0x00000000001a0000 0x001a0000 0x001a0fff Private Memory rw True False False -
private_0x00000000001b0000 0x001b0000 0x002affff Private Memory rw True False False -
pagefile_0x00000000002b0000 0x002b0000 0x002b0fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000002c0000 0x002c0000 0x002c1fff Pagefile Backed Memory r True False False -
private_0x00000000002d0000 0x002d0000 0x0035ffff Private Memory rw True False False -
rpcss.dll 0x002d0000 0x0032bfff Memory Mapped File r False False False -
pagefile_0x00000000002d0000 0x002d0000 0x002d1fff Pagefile Backed Memory r True False False -
pagefile_0x00000000002e0000 0x002e0000 0x002e0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000002f0000 0x002f0000 0x002f6fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000300000 0x00300000 0x00301fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000310000 0x00310000 0x00310fff Pagefile Backed Memory r True False False -
cversions.1.db 0x00320000 0x00323fff Memory Mapped File r True False False -
private_0x0000000000320000 0x00320000 0x00320fff Private Memory rwx True False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001a.db 0x00330000 0x0034efff Memory Mapped File r True False False -
private_0x0000000000350000 0x00350000 0x0035ffff Private Memory rw True False False -
private_0x0000000000360000 0x00360000 0x0045ffff Private Memory rw True False False -
pagefile_0x0000000000460000 0x00460000 0x00560fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000570000 0x00570000 0x0116ffff Pagefile Backed Memory r True False False -
pagefile_0x0000000001170000 0x01170000 0x0124efff Pagefile Backed Memory r True False False -
pagefile_0x0000000001250000 0x01250000 0x01250fff Pagefile Backed Memory rw True False False -
private_0x0000000001260000 0x01260000 0x0129ffff Private Memory rw True False False -
private_0x00000000012a0000 0x012a0000 0x012a0fff Private Memory rw True False False -
pagefile_0x00000000012b0000 0x012b0000 0x012b1fff Pagefile Backed Memory r True False False -
msctf.dll.mui 0x012b0000 0x012b0fff Memory Mapped File rw False False False -
pagefile_0x00000000012c0000 0x012c0000 0x012c1fff Pagefile Backed Memory r True False False -
private_0x00000000012c0000 0x012c0000 0x0133ffff Private Memory rw True False False -
pagefile_0x0000000001340000 0x01340000 0x01341fff Pagefile Backed Memory r True False False -
private_0x0000000001350000 0x01350000 0x0136ffff Private Memory rw True False False -
pagefile_0x0000000001370000 0x01370000 0x01371fff Pagefile Backed Memory r True False False -
private_0x0000000001370000 0x01370000 0x0137ffff Private Memory rw True False False -
adobereader_dcupd_en_cra_install.exe 0x01380000 0x014fdfff Memory Mapped File rwx True True False
...
private_0x0000000001500000 0x01500000 0x015fffff Private Memory rw True False False -
private_0x0000000001600000 0x01600000 0x017fffff Private Memory rw True False False -
private_0x0000000001600000 0x01600000 0x016fffff Private Memory rw True False False -
rsaenh.dll 0x01700000 0x0173bfff Memory Mapped File r False False False -
msimsg.dll.mui 0x01700000 0x01713fff Memory Mapped File rw False False False -
sxs.dll.mui 0x01720000 0x01725fff Memory Mapped File rw False False False -
sxs.dll 0x01720000 0x0177cfff Memory Mapped File r False False False -
fusion.dll 0x01720000 0x01736fff Memory Mapped File r True False False -
private_0x0000000001730000 0x01730000 0x01730fff Private Memory rw True False False -
sxs.dll.mui 0x01780000 0x01785fff Memory Mapped File rw False False False -
private_0x00000000017f0000 0x017f0000 0x017fffff Private Memory rw True False False -
sortdefault.nls 0x01800000 0x01acefff Memory Mapped File r False False False -
private_0x0000000001ad0000 0x01ad0000 0x01c6ffff Private Memory rw True False False -
private_0x0000000001ad0000 0x01ad0000 0x01bd0fff Private Memory rw True False False -
private_0x0000000001b30000 0x01b30000 0x01c2ffff Private Memory rw True False False -
private_0x0000000001c30000 0x01c30000 0x01c6ffff Private Memory rw True False False -
private_0x0000000001ce0000 0x01ce0000 0x01ddffff Private Memory rw True False False -
private_0x0000000001ed0000 0x01ed0000 0x01fcffff Private Memory rw True False False -
pagefile_0x0000000001fd0000 0x01fd0000 0x023c2fff Pagefile Backed Memory r True False False -
private_0x00000000024c0000 0x024c0000 0x025bffff Private Memory rw True False False -
private_0x00000000025c0000 0x025c0000 0x0271ffff Private Memory rw True False False -
pagefile_0x00000000025c0000 0x025c0000 0x026b3fff Pagefile Backed Memory r True False False -
private_0x00000000026e0000 0x026e0000 0x0271ffff Private Memory rw True False False -
staticcache.dat 0x02720000 0x0304ffff Memory Mapped File r False False False -
private_0x0000000003080000 0x03080000 0x0317ffff Private Memory rw True False False -
private_0x00000000030a0000 0x030a0000 0x0319ffff Private Memory rw True False False -
private_0x0000000003100000 0x03100000 0x031fffff Private Memory rw True False False -
private_0x0000000003200000 0x03200000 0x032fffff Private Memory rw True False False -
private_0x0000000003330000 0x03330000 0x0342ffff Private Memory rw True False False -
pagefile_0x0000000003430000 0x03430000 0x0382ffff Pagefile Backed Memory rw True False False -
private_0x0000000003460000 0x03460000 0x0355ffff Private Memory rw True False False -
pagefile_0x0000000003560000 0x03560000 0x0395ffff Pagefile Backed Memory rw True False False -
private_0x0000000003590000 0x03590000 0x0368ffff Private Memory rw True False False -
private_0x00000000036a0000 0x036a0000 0x0379ffff Private Memory rw True False False -
pagefile_0x00000000037a0000 0x037a0000 0x03b9ffff Pagefile Backed Memory rw True False False -
private_0x0000000003ba0000 0x03ba0000 0x03d9ffff Private Memory rw True False False -
private_0x0000000003ba0000 0x03ba0000 0x03d5ffff Private Memory rwx True False False -
private_0x0000000003d90000 0x03d90000 0x03d9ffff Private Memory rw True False False -
clr.dll 0x6c290000 0x6c937fff Memory Mapped File rwx True False False -
clr.dll 0x6c940000 0x6cfe7fff Memory Mapped File rwx True False False -
msihnd.dll 0x6e0a0000 0x6e0f4fff Memory Mapped File rwx False False False -
mscoreei.dll 0x6e100000 0x6e177fff Memory Mapped File rwx True False False -
mscoree.dll 0x6e180000 0x6e1c9fff Memory Mapped File rwx True False False -
riched20.dll 0x6e1d0000 0x6e245fff Memory Mapped File rwx False False False -
fusion.dll 0x6e440000 0x6e455fff Memory Mapped File rwx True False False -
fusion.dll 0x6ee80000 0x6ee95fff Memory Mapped File rwx True False False -
msi.dll 0x6f040000 0x6f27ffff Memory Mapped File rwx False False False -
dbghelp.dll 0x6f8f0000 0x6f9dafff Memory Mapped File rwx False False False -
apphelp.dll 0x718b0000 0x718fbfff Memory Mapped File rwx False False False -
explorerframe.dll 0x71930000 0x71a9efff Memory Mapped File rwx False False False -
msimsg.dll 0x71f40000 0x71f46fff Memory Mapped File rwx False False False -
msimg32.dll 0x71f50000 0x71f54fff Memory Mapped File rwx False False False -
ntmarta.dll 0x73c00000 0x73c20fff Memory Mapped File rwx False False False -
samcli.dll 0x73c30000 0x73c3efff Memory Mapped File rwx False False False -
wkscli.dll 0x73c40000 0x73c4efff Memory Mapped File rwx False False False -
netutils.dll 0x73c50000 0x73c58fff Memory Mapped File rwx False False False -
netapi32.dll 0x73c60000 0x73c70fff Memory Mapped File rwx False False False -
dwmapi.dll 0x73eb0000 0x73ec2fff Memory Mapped File rwx False False False -
duser.dll 0x73f60000 0x73f8efff Memory Mapped File rwx False False False -
dui70.dll 0x73f90000 0x74041fff Memory Mapped File rwx False False False -
gdiplus.dll 0x74050000 0x741dffff Memory Mapped File rwx False False False -
uxtheme.dll 0x741e0000 0x7421ffff Memory Mapped File rwx False False False -
propsys.dll 0x74220000 0x74314fff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
version.dll 0x748d0000 0x748d8fff Memory Mapped File rwx False False False -
rsaenh.dll 0x74bf0000 0x74c2afff Memory Mapped File rwx False False False -
cryptsp.dll 0x74e50000 0x74e65fff Memory Mapped File rwx False False False -
srvcli.dll 0x75220000 0x75238fff Memory Mapped File rwx False False False -
secur32.dll 0x75290000 0x75297fff Memory Mapped File rwx False False False -
sspicli.dll 0x752b0000 0x752cafff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
sxs.dll 0x752e0000 0x7533efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x75370000 0x7537dfff Memory Mapped File rwx False False False -
profapi.dll 0x75380000 0x7538afff Memory Mapped File rwx False False False -
devobj.dll 0x75400000 0x75411fff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
cfgmgr32.dll 0x75590000 0x755b6fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
wldap32.dll 0x75730000 0x75774fff Memory Mapped File rwx False False False -
clbcatq.dll 0x75780000 0x75802fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
setupapi.dll 0x764b0000 0x7664cfff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
comdlg32.dll 0x771b0000 0x7722afff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffd3000 0x7ffd3000 0x7ffd3fff Private Memory rw True False False -
private_0x000000007ffd6000 0x7ffd6000 0x7ffd6fff Private Memory rw True False False -
private_0x000000007ffd7000 0x7ffd7000 0x7ffd7fff Private Memory rw True False False -
private_0x000000007ffd8000 0x7ffd8000 0x7ffd8fff Private Memory rw True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory rw True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory rw True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
For performance reasons, the remaining 40 entries are omitted.
The remaining entries can be found in flog.txt.
Created Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\info 1.05 KB MD5: 554ff4c199562515d758c9abff5c2943
SHA1: 9e3bab3a975e638ead9e03731ae82fa1dbcd178c
SHA256: 9ae4a96bf2a349667e844acc1e2ac4f89361a6182268438f4d063df3a6fc47bc
SSDeep: 12:hEipI3VFpSyZ9I7imddddGDxxOxzma3ZmRgRtqVtipMLXwHqfM:hEigFpTz1xA6aJmRgwi6LgHcM 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\exclamation.ico 13.12 KB MD5: 93d722fa20a988a5c257a58bf155dc66
SHA1: 30c0d19f02cb39f8804dafe6af483a09c76e2338
SHA256: f587867eed0bec33ef150f3a8525bde9b6746c705543874e56653aa80ea53225
SSDeep: 96:KYvlkFEXFYU2+yCvIFA13cJ/rrrrrpbEn5UnanjPRZfZy1wvI8:bVXuzd6IF0czwNPDZfI8 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\removeex.ico 14.73 KB MD5: aa0a5f0280c98006741b6cb56c3a360e
SHA1: ac820bbec6d08545a4a4818df9eb09b521bf2e40
SHA256: 2ac61cea48ccdb1751cb6b93ba90267508ed6ac900b2e2ac6ead172c9b8958f2
SSDeep: 192:4cYE5eZRboMB6f5iR59urg5N+qdrzt2eYi:4cAshf5quryvdPwzi 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\aipackagechainer.exe 274.00 KB MD5: b4f05778c1e9bcf0bcbf0733fd6c763b
SHA1: e0f0a2cf06ed43581fed238aba71eb8bad82cbea
SHA256: 1d6d2d7e16f333759348d331d69b0a5a7e135f4bb9d3615edc59e305341324ea
SSDeep: 6144:/y2Mm/e3Yq28Ra1TdbTLOfPZhK0IJKZJx/d:qLmmLR25bTKfPjWJ+P 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\installing.jpg 1.75 KB MD5: a98e2f7d5dc055ad4b4b6d92126d9190
SHA1: c2db85dcf7bf991e8bba0d39f952748dc98d41d6
SHA256: 65751616edb29437b01cd352b8651835ca585942a78adaac589f9f8c16039470
SSDeep: 24:jjJdY5R9YB5j/vo9s5RVkB6+ANYPV/RBcmSSntyT7tlA+YkXHHWYC/ZxWtXPFU1/:HJZjYEVkM+mYNRSmdncq90nUxWtXP200 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\New 0.31 KB MD5: c23cbf002d82192481b61ed7ec0890f4
SHA1: dd373901c73760ca36907ff04691f5504ff00abe
SHA256: 4f92e804a11453382ebff7fb0958879bae88fe3366306911dec9d811cd306eed
SSDeep: 3:PFErXllvlNl/AXll/lFl/Ft/HtAiotuZt/nZllBe+llBe+llBe+llBe+llBe+lll:k9ij1BjjjjjTtXGuwtOZBl 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\collecting.jpg 1.75 KB MD5: 9a740549bd117bc16f6acb8d884604d2
SHA1: da20e48acde3a7097f8335541de40fe94c600e0a
SHA256: 0daed44a8e14750614afda54781621d400fed0d2ecee9a4a402f5964d3cd3f5a
SSDeep: 48:HJ7nCZOg1kIkRxgPueOXK1HRiVdqx+qZ/FkUD:HJjCR1wiOXK1xMqxEUD 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\aicustact.dll 90.62 KB MD5: 6a9c36332255fca66c688c75aa68e1de
SHA1: 2a03e2a5e6a8d9e2b0cfb4e2cc1923d9c08578c1
SHA256: 7b7ebada5da99a20c44eaf77e6d673985da42d9b7cb4f5e4235b7579581ae170
SSDeep: 1536:pysRX1fpScTNumPTXhMw+m3/3Uw5VJdK5KviuWyVstdEpH:jXtpSchuqP3Z5VJZVDp 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\Prereq.dll 295.12 KB MD5: b831569a917e0e543fccdf3672c7a10e
SHA1: df1e395dc41ab8d1ae9401e4d2181fdfa24623cd
SHA256: e2d7938bea1174359bac78d610678ba586db58fab70901ba287623560a9a9fe6
SSDeep: 6144:InoEknCuM9Rhyj06nqdsbEsE/Cl3xo4hTUR/b8+:IoEknjM9Ren1bEsEKl3xonRD8+ 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\preparing.jpg 1.76 KB MD5: d20270537ae700b03b988fc7471c820e
SHA1: 3b68b1be0a7d30df6ed8952c34794e90102b77df
SHA256: a8c29d7365a7ed4191b20d08be6274215f5f12be420e826852205c4f3755dbb4
SSDeep: 24:jjJdY5FXXI4jKnP7lf0xdIOZNfHmLSOp+7KgzjTl779R438M969t5Wbgnb4JZKP:HJsXY3P7yxJumcajTtpRFMg99nb4jKP 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\completeex.ico 14.73 KB MD5: 3eafe3ae99bf33e9f59d970f21ebef39
SHA1: e9895cb920fdeb8907ce37d9666d4999a1de5d2f
SHA256: 5f6c78970ee7e3d668eb8a4acb5d251c76599424a0b0372e7665527516d4c312
SSDeep: 192:lN3tnZnyRZF64hc28fwy+aXE25b6K0FHQHVd42oJ2zwZlaw484:lN37Yai8IaD5T0FHQHg29wZla04 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\finalizing.jpg 1.66 KB MD5: 02f6bbe060f32e49e3caf2de8e60ec7f
SHA1: 4674875a4f264a947da6bf6f626b9bd50325d034
SHA256: 20072ae2e122a6407dac4771544158d7bcecebf98404c22001b0e69f79c8580d
SSDeep: 48:HJnkSA0qNcJaaNITrMsqptTT79UMRrgJf8:HJnLVJaaGP5gtTVRgV8 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\cmdlinkarrow 2.79 KB MD5: 983358ce03817f1ca404befbe1e4d96a
SHA1: 75ce6ce80606bbb052dd35351ed95435892baf8d
SHA256: 7f0121322785c107bfdfe343e49f06c604c719baff849d07b6e099675d173961
SSDeep: 48:QFFZ+f+zd+kHeNTM9/+Xz++++++++YWWS0i6I:QFFEw4Xc+D++++++++ypi9 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\background.jpg 34.94 KB MD5: c12b97d5a230a72970b0947ffd1d2ce1
SHA1: f5aa3204ee60f34d736303dbf61f7342f95eaab2
SHA256: 8dfa97d18acaeaa0ed13a43cca6802d5c3637ead536991915ac3d88636ba08d5
SSDeep: 768:v0yNWUFquARfzbOo6CD+NaScnRksCpFMbcJZrhncZ1PoP:MyNBYta3CCVcRksXqXcZ1q 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\repairex.ico 14.73 KB MD5: 4dba3637f5fceaadd2184bd8a0f0fb95
SHA1: a858418c32f5d45f15ab01cafc652b507de2a42b
SHA256: c1ad1e78a112974326b44f75fe302723a4fc8ac1ccd96c9887403f6ddf8e607d
SSDeep: 192:+q2qe82nprAWkcWFW57oVht/k2VxomK0qHTk4TdrofvMxnVRYAn4vf:ej84ArgojFTVxoz0qHNTdr+vKVRYAIf 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\lzmaextractor.dll 12.12 KB MD5: 6a06d2405b81845330ae5c97b31d2663
SHA1: 75293a2c50528d86197976a1a74beb97a6202a65
SHA256: 6e0f72297a10eb38593faf6d52ce964c45873f2e2f4fdcf468fb592fb763851c
SSDeep: 192:r2FFw7VkzjNB1CMGVfozI2az9FU8zQyMrj6Pou7+wta43UN5:iO0j1CMGVfqIrrVMCguS4kj 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\Up 0.31 KB MD5: 83730ac00391fb0f02f56fe2e4207a10
SHA1: 139fed8f0216132450e66bda0fbbdc2a5bd333af
SHA256: 573e3260eed63604f24f6f10ce5294e25e22fda9e5bfd9010134de6e684bab98
SSDeep: 3:PFErXllvlNl/AXll/lFl/Ft/HtAiotuZt/nreBB+eKemhlRhmeemfB+ll5evZ/Xy:k9ij1KBBhK9jwmfBuiKaq5n 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\typicalex.ico 14.73 KB MD5: eb3f9054bb5f95ed6b10ec4e16a026be
SHA1: 35760271a03029996bda26d5d596cfcc465e3ea9
SHA256: e330fa8030aa0465b02880133addba0a8c6011b511f6968b413bf45516f7275e
SSDeep: 192:entnoFoTahmFxRYq7mE25b6K0FHQHVd4oXb2zwNf3i4ij:enWuPFxt785T0FHQHgo2wNf3oj 		False
...
\\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi 973.00 KB MD5: faefe083c40bc8a079c200424386f000
SHA1: 3ac616ee5902e23ead8ae3b252080a3f2097135e
SHA256: fe01fe7743184d35430f0f1439e826bb6e6e40c74401da017e3db3dd8166a6ec
SSDeep: 24576:P8FsyPEkYoSsnl3xonRD8PuLmmLM8PjWJ+SkJO:P86voSsl3xonRD8PuLjLhPSJ+SkJ 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\tabback 0.83 KB MD5: 4c3dda35e23d44e273d82f7f4c38470a
SHA1: b62bc59f3eed29d3509c7908da72041bd9495178
SHA256: e728f79439e07df1afbcf03e8788fa0b8b08cf459db31fc8568bc511bf799537
SSDeep: 24:kUGGGGGGGGjg/QUVdLbCKKKKKKWqqqqqqr:kGUVdnCKKKKKKWqqqqqqr 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\customex.ico 14.73 KB MD5: 1b5701d7f753135c22cc1ae694ffaf4b
SHA1: 966bdef4159022fcc8740b6eb75b8d7ac4212504
SHA256: aeba695175ed96d3ede9fe30e486df59c64a5fd802c15cb67f55e03a0537cd13
SSDeep: 192:lN3tnFnyRZF64BiTfwy+aXE25b6K0FHQHVd4RhE2zwZlaw484:lN3XYa5TIaD5T0FHQHgRfwZla04 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\white.jpg 1.20 KB MD5: 57d130ddf327fcc5da636a6ab4d7c112
SHA1: d674f332d4f79c70d4a97bfd9e504a8f3a2c26b6
SHA256: 990eab9faaae9f78201ef00a72f7b59773eed2b2fc9ec72250c67f376ee0500f
SSDeep: 3:nSullBbsRllAqp/y4FKKn5bbeWfa5QpUolHmBkDt0+EtZtE//Wmst18n:3llxqQ8AfQRGSDt0RZty/Wmsw 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\infoex.ico 21.96 KB MD5: fd535e63f539eacb3f11d03b52b39a80
SHA1: a7f8c942e5672f2972c82210a38cc8861435f643
SHA256: 0086bc01150989f553a0a4ae0e14926c6e247cedda312e1f946ae35d575742ab
SSDeep: 192:0DT6aNn0CgAevbxezcSptuGH0BJ1cBYehJjbQypQ6X8rdb:/aNn0DAoN4c8HH031/QQ6XWZ 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\minbackground.jpg 8.75 KB MD5: ec713b6158a057b7825274ae4e1cf183
SHA1: c8178cf6a46e14e82f4ebde407ff04ff931ca7dd
SHA256: 04942fb23c0fb15aa732881c411fd2b4f44a621267e2c1de182c39b014a87211
SSDeep: 192:W+AZfX5qVtV50vrOalV2vNWeXx8W/WsyPSSj8F+paC:W+A9X5A50iOV11qWsjPF+3 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\whitesmall.jpg 0.54 KB MD5: 4429f170056663efd1486395e8eb0af6
SHA1: ae9b01a44c8ee5ae7146f0523e512ee32dc284ad
SHA256: ffe2980d90152ef603555a735b7cba1917c99bb67061b44d6ac6f12e6384bdd9
SSDeep: 3:nSullBbsRllAqp/y4FKKn5bbeWfa5QpUolG5PkDt0+EtZtE//WmstN8n:3llxqQ8AfQRG5cDt0RZty/WmsY 		False
...
Host Behavior
COM (2)
»
Operation Class Interface Additional Information Success Count Logfile
Create 56FDF344-FD6D-11D0-958A-006097C9A090 EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF cls_context = CLSCTX_INPROC_SERVER True 2
Fn
File (1177)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\Up desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\removeex.ico desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\finalizing.jpg desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\infoex.ico desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\New desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\whitesmall.jpg desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\background.jpg desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\repairex.ico desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\tabback desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\exclamation.ico desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\typicalex.ico desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\completeex.ico desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\preparing.jpg desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\collecting.jpg desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\minbackground.jpg desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\info desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\installing.jpg desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\customex.ico desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\white.jpg desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\aicustact.dll desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\cmdlinkarrow desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\aipackagechainer.exe desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\lzmaextractor.dll desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\Prereq.dll desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create Directory \\?\C:\Users - False 1
Fn
Create Directory \\?\C:\Users\EEBsYm5 - False 1
Fn
Create Directory \\?\C:\Users\EEBsYm5\AppData - False 1
Fn
Create Directory \\?\C:\Users\EEBsYm5\AppData\Roaming - False 1
Fn
Create Directory \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe - False 1
Fn
Create Directory \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1 - True 1
Fn
Create Directory \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install - True 1
Fn
Create Directory C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564 - True 1
Fn
Create Pipe \device\namedpipe\toserveradvinst_estimate_c:\users\eebsym5\desktop\adobereader_dcupd_en_cra_install.exe open_mode = PIPE_ACCESS_INBOUND, PIPE_ACCESS_OUTBOUND, pipe_mode = PIPE_READMODE_MESSAGE, PIPE_TYPE_MESSAGE, max_instances = 255 True 1
Fn
Create Pipe \device\namedpipe\toserveradvinst_extract_c:\users\eebsym5\desktop\adobereader_dcupd_en_cra_install.exe open_mode = PIPE_ACCESS_INBOUND, PIPE_ACCESS_OUTBOUND, pipe_mode = PIPE_READMODE_MESSAGE, PIPE_TYPE_MESSAGE, max_instances = 255 True 1
Fn
Create Pipe \device\namedpipe\toserver2564 open_mode = PIPE_ACCESS_INBOUND, PIPE_ACCESS_OUTBOUND, pipe_mode = PIPE_READMODE_MESSAGE, PIPE_TYPE_MESSAGE, max_instances = 255 True 1
Fn
Open STD_INPUT_HANDLE - True 1
Fn
Open STD_OUTPUT_HANDLE - True 1
Fn
Open STD_ERROR_HANDLE - True 1
Fn
Read C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe size = 1024, size_out = 1024 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe size = 74, size_out = 74 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe size = 24, size_out = 24 True 2
Fn
Data
Read C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe size = 18, size_out = 18 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe size = 62, size_out = 62 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe size = 618, size_out = 618 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe size = 65536, size_out = 65536 True 15
Fn
Data
Read C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe size = 13312, size_out = 13312 True 1
Fn
Data
Read - size = 1024, size_out = 18 True 410
Fn
Data
Read - size = 1024, size_out = 42 True 9
Fn
Data
Read - size = 1024, size_out = 16 True 104
Fn
Data
Read - size = 1024, size_out = 86 True 5
Fn
Data
Read - size = 1024, size_out = 62 True 5
Fn
Data
Read - size = 1024, size_out = 78 True 5
Fn
Data
Read - size = 1024, size_out = 0 True 314
Fn
Read - size = 1024, size_out = 72 True 4
Fn
Data
Read - size = 1024, size_out = 30 True 2
Fn
Data
Read - size = 1024, size_out = 50 True 1
Fn
Data
Read - size = 1024, size_out = 60 True 1
Fn
Data
Read - size = 1024, size_out = 80 True 8
Fn
Data
Read - size = 1024, size_out = 90 True 2
Fn
Data
Read - size = 1024, size_out = 122 True 3
Fn
Data
Read - size = 1024, size_out = 96 True 6
Fn
Data
Read - size = 1024, size_out = 128 True 3
Fn
Data
Read - size = 1024, size_out = 126 True 2
Fn
Data
Read - size = 1024, size_out = 64 True 4
Fn
Data
Read - size = 1024, size_out = 88 True 4
Fn
Data
Read - size = 1024, size_out = 98 True 2
Fn
Data
Read - size = 1024, size_out = 130 True 2
Fn
Data
Read - size = 1024, size_out = 142 True 1
Fn
Data
Read - size = 1024, size_out = 84 True 2
Fn
Data
Read - size = 1024, size_out = 116 True 3
Fn
Data
Read - size = 1024, size_out = 124 True 5
Fn
Data
Read - size = 1024, size_out = 110 True 3
Fn
Data
Read - size = 1024, size_out = 70 True 8
Fn
Data
Read - size = 1024, size_out = 112 True 12
Fn
Data
Read - size = 1024, size_out = 66 True 2
Fn
Data
Read - size = 1024, size_out = 76 True 8
Fn
Data
Read - size = 1024, size_out = 108 True 9
Fn
Data
Read - size = 1024, size_out = 82 True 3
Fn
Data
Read - size = 1024, size_out = 92 True 5
Fn
Data
Read - size = 1024, size_out = 120 True 5
Fn
Data
Read - size = 1024, size_out = 74 True 6
Fn
Data
Read - size = 1024, size_out = 20 True 3
Fn
Data
Read - size = 1024, size_out = 106 True 6
Fn
Data
Read - size = 1024, size_out = 94 True 5
Fn
Data
Read - size = 1024, size_out = 102 True 6
Fn
Data
Read - size = 1024, size_out = 176 True 1
Fn
Data
Read - size = 1024, size_out = 118 True 3
Fn
Data
Read - size = 1024, size_out = 44 True 1
Fn
Data
Read - size = 1024, size_out = 40 True 19
Fn
Data
Read - size = 1024, size_out = 132 True 1
Fn
Data
Read - size = 1024, size_out = 144 True 1
Fn
Data
Read - size = 1024, size_out = 138 True 2
Fn
Data
Read - size = 1024, size_out = 140 True 1
Fn
Data
Read - size = 1024, size_out = 68 True 1
Fn
Data
Read - size = 1024, size_out = 100 True 1
Fn
Data
Read - size = 1024, size_out = 104 True 4
Fn
Data
Read - size = 32656, size_out = 4 True 3
Fn
Data
Read - size = 1024, size_out = 136 True 1
Fn
Data
Read - size = 1024, size_out = 134 True 2
Fn
Data
Read - size = 1024, size_out = 114 True 1
Fn
Data
Read - size = 1024, size_out = 154 True 1
Fn
Data
Read \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi size = 32656, size_out = 4 True 2
Fn
Data
Read \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi size = 32656, size_out = 0 False 1
Fn
Write \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi size = 65536 True 15
Fn
Data
Write \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi size = 13312 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\Up size = 318 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\Up size = 0 True 1
Fn
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\removeex.ico size = 15086 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\removeex.ico size = 0 True 1
Fn
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\finalizing.jpg size = 1701 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\finalizing.jpg size = 0 True 1
Fn
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\infoex.ico size = 22486 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\infoex.ico size = 0 True 1
Fn
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\New size = 318 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\New size = 0 True 1
Fn
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\whitesmall.jpg size = 554 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\whitesmall.jpg size = 0 True 1
Fn
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\background.jpg size = 35778 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\background.jpg size = 0 True 1
Fn
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\repairex.ico size = 15086 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\repairex.ico size = 0 True 1
Fn
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\tabback size = 854 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\tabback size = 0 True 1
Fn
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\exclamation.ico size = 13430 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\exclamation.ico size = 0 True 1
Fn
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\typicalex.ico size = 15086 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\typicalex.ico size = 0 True 1
Fn
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\completeex.ico size = 15086 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\completeex.ico size = 0 True 1
Fn
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\preparing.jpg size = 1799 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\preparing.jpg size = 0 True 1
Fn
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\collecting.jpg size = 1790 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\collecting.jpg size = 0 True 1
Fn
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\minbackground.jpg size = 8955 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\minbackground.jpg size = 0 True 1
Fn
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\info size = 1078 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\info size = 0 True 1
Fn
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\installing.jpg size = 1794 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\installing.jpg size = 0 True 1
Fn
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\customex.ico size = 15086 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\customex.ico size = 0 True 1
Fn
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\white.jpg size = 1232 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\white.jpg size = 0 True 1
Fn
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\aicustact.dll size = 51200 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\aicustact.dll size = 41600 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\aicustact.dll size = 0 True 1
Fn
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\cmdlinkarrow size = 2862 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\cmdlinkarrow size = 0 True 1
Fn
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\aipackagechainer.exe size = 51200 True 5
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\aipackagechainer.exe size = 24576 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\aipackagechainer.exe size = 0 True 1
Fn
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\lzmaextractor.dll size = 12416 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\lzmaextractor.dll size = 0 True 1
Fn
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\Prereq.dll size = 51200 True 5
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\Prereq.dll size = 46208 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\Prereq.dll size = 0 True 1
Fn
Write - size = 2 True 2
Fn
Data
Write \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi size = 18 True 1
Fn
Data
Write \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi size = 10 True 1
Fn
Data
Registry (6)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\InterbootContext - False 3
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer value_name = Version, data = 8.0.7601.17514, type = REG_SZ True 1
Fn
Delete Key HKEY_CURRENT_USER\InterbootContext - False 1
Fn
Process (1)
»
Operation Process Additional Information Success Count Logfile
Create C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe show_window = SW_SHOWNORMAL True 1
Fn
Module (129)
»
Operation Module Additional Information Success Count Logfile
Load gdiplus.dll base_address = 0x74050000 True 1
Fn
Load RICHED20.DLL base_address = 0x6e1d0000 True 1
Fn
Load kernel32.dll base_address = 0x76910000 True 3
Fn
Load msi.dll base_address = 0x6f040000 True 2
Fn
Load dwmapi.dll base_address = 0x73eb0000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76910000 True 29
Fn
Get Filename - process_name = c:\users\eebsym5\desktop\adobereader_dcupd_en_cra_install.exe, file_name_orig = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 260 True 2
Fn
Get Address c:\windows\system32\kernel32.dll function = FlsAlloc, address_out = 0x7696418d True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = FlsGetValue, address_out = 0x76961e16 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = FlsSetValue, address_out = 0x769676e6 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = FlsFree, address_out = 0x76961f61 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = EncodePointer, address_out = 0x7728a295 True 14
Fn
Get Address c:\windows\system32\kernel32.dll function = DecodePointer, address_out = 0x7728cd10 True 17
Fn
Get Address c:\windows\system32\kernel32.dll function = IsProcessorFeaturePresent, address_out = 0x769676b5 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsWow64Process, address_out = 0x76954785 True 2
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdiplusStartup, address_out = 0x74075600 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = InterlockedPushEntrySList, address_out = 0x7728994f True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = InterlockedPopEntrySList, address_out = 0x772868c7 True 1
Fn
Get Address c:\windows\system32\msi.dll function = 205, address_out = 0x6f0fb80b True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetSystemDefaultUILanguage, address_out = 0x7694731d True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetUserDefaultUILanguage, address_out = 0x769522ef True 1
Fn
Get Address c:\windows\system32\msi.dll function = 141, address_out = 0x6f054f9e True 1
Fn
Get Address c:\windows\system32\msi.dll function = 195, address_out = 0x6f0f3b47 True 1
Fn
Get Address c:\windows\system32\msi.dll function = 137, address_out = 0x6f054e3e True 1
Fn
Get Address c:\windows\system32\msi.dll function = 281, address_out = 0x6f103183 True 1
Fn
Get Address c:\windows\system32\msi.dll function = 92, address_out = 0x6f113c0d True 1
Fn
Get Address c:\windows\system32\msi.dll function = 52, address_out = 0x6f110d59 True 1
Fn
Get Address c:\windows\system32\msi.dll function = 32, address_out = 0x6f110137 True 1
Fn
Get Address c:\windows\system32\msi.dll function = 159, address_out = 0x6f11058f True 1
Fn
Get Address c:\windows\system32\msi.dll function = 166, address_out = 0x6f110911 True 1
Fn
Get Address c:\windows\system32\msi.dll function = 115, address_out = 0x6f111796 True 1
Fn
Get Address c:\windows\system32\msi.dll function = 118, address_out = 0x6f113f4c True 1
Fn
Get Address c:\windows\system32\msi.dll function = 8, address_out = 0x6f10fe95 True 1
Fn
Get Address c:\windows\system32\msi.dll function = 160, address_out = 0x6f1106b3 True 1
Fn
Get Address c:\windows\system32\msi.dll function = 158, address_out = 0x6f110a2f True 1
Fn
Get Address c:\windows\system32\msi.dll function = 94, address_out = 0x6f0ef5c3 True 1
Fn
Get Address c:\windows\system32\msi.dll function = 74, address_out = 0x6f115a23 True 1
Fn
Get Address c:\windows\system32\msi.dll function = 49, address_out = 0x6f1124b9 True 1
Fn
Get Address c:\windows\system32\msi.dll function = 78, address_out = 0x6f114113 True 1
Fn
Get Address c:\windows\system32\msi.dll function = 150, address_out = 0x6f11220b True 1
Fn
Get Address c:\windows\system32\msi.dll function = 145, address_out = 0x6f115e05 True 1
Fn
Get Address c:\windows\system32\msi.dll function = 116, address_out = 0x6f111735 True 1
Fn
Get Address c:\windows\system32\msi.dll function = 47, address_out = 0x6f112f41 True 1
Fn
Get Address c:\windows\system32\msi.dll function = 34, address_out = 0x6f112be1 True 1
Fn
Get Address c:\windows\system32\msi.dll function = 171, address_out = 0x6f112a79 True 1
Fn
Get Address c:\windows\system32\msi.dll function = 17, address_out = 0x6f111394 True 1
Fn
Get Address c:\windows\system32\msi.dll function = 125, address_out = 0x6f1155ae True 1
Fn
Get Address c:\windows\system32\msi.dll function = 114, address_out = 0x6f111565 True 1
Fn
Get Address c:\windows\system32\msi.dll function = 120, address_out = 0x6f1119ed True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmSetWindowAttribute, address_out = 0x73eb16c0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipAlloc, address_out = 0x74092437 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateBitmapFromFile, address_out = 0x74085e1f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetImageRawFormat, address_out = 0x74085498 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetImageHeight, address_out = 0x74085144 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetImageWidth, address_out = 0x7408506f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateFromHDC, address_out = 0x7408826b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetInterpolationMode, address_out = 0x7408901b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateImageAttributes, address_out = 0x74087648 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetImageAttributesWrapMode, address_out = 0x740880da True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawImageRectRectI, address_out = 0x74096ea0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDisposeImageAttributes, address_out = 0x740877e9 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDeleteGraphics, address_out = 0x74088514 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDisposeImage, address_out = 0x74084cc8 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipFree, address_out = 0x740924b2 True 1
Fn
Get Address c:\windows\system32\msi.dll function = 147, address_out = 0x6f1169e1 True 1
Fn
Get Address c:\windows\system32\msi.dll function = 51, address_out = 0x6f11715c True 1
Fn
Get Address c:\windows\system32\msi.dll function = 221, address_out = 0x6f117915 True 1
Fn
Service (1)
»
Operation Additional Information Success Count Logfile
Open Manager database_name = SERVICES_ACTIVE_DATABASE True 1
Fn
Window (614)
»
Operation Window Name Additional Information Success Count Logfile
Create - class_name = tooltips_class32, wndproc_parameter = 0 True 1
Fn
Create Background class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create GlobalProgress class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create Background class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create GlobalProgress class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create Background class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = EDIT, wndproc_parameter = 0 True 1
Fn
Create - class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create GlobalProgress class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create Background class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create GlobalProgress class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create Background class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create GlobalProgress class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create ProgressBar class_name = msctls_progress32, wndproc_parameter = 0 True 1
Fn
Set Attribute - index = 4, new_long = 3280880 True 2
Fn
Set Attribute - index = 4, new_long = 3280864 True 2
Fn
Set Attribute - index = 18446744073709551612, new_long = 3280848 True 1
Fn
Set Attribute - index = 18446744073709551600, new_long = 1342341376 True 1
Fn
Set Attribute - index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - index = 0, new_long = 0 False 348
Fn
Set Attribute - index = 18446744073709551600, new_long = 80216132 True 8
Fn
Set Attribute - index = 18446744073709551600, new_long = 348651588 True 5
Fn
Set Attribute - index = 0, new_long = 1 False 45
Fn
Set Attribute Background class_name = STATIC, index = 18446744073709551612, new_long = 3280848 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551612, new_long = 3280832 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280816 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551612, new_long = 3280800 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280784 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551612, new_long = 3280768 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280752 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280736 True 1
Fn
Set Attribute GlobalProgress class_name = STATIC, index = 18446744073709551612, new_long = 3280720 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280704 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280688 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280672 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280656 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551600, new_long = 1443045377 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551600, new_long = 1577263104 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551600, new_long = 1577263104 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute GlobalProgress class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551612, new_long = 1949873301 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551612, new_long = 1949873301 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551612, new_long = 1949873301 True 1
Fn
Set Attribute Background class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute Background class_name = STATIC, index = 18446744073709551612, new_long = 3280848 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551612, new_long = 3280832 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551612, new_long = 3280816 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551612, new_long = 3280800 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280784 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280768 True 1
Fn
Set Attribute GlobalProgress class_name = STATIC, index = 18446744073709551612, new_long = 3280752 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280736 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280720 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280704 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280688 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280672 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551600, new_long = 1443045377 True 2
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551600, new_long = 1443045376 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551600, new_long = 1577263104 True 1
Fn
Set Attribute - index = 18446744073709551600, new_long = 348782660 True 2
Fn
Set Attribute - index = 18446744073709551600, new_long = 80347204 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute GlobalProgress class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551612, new_long = 1949873301 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551612, new_long = 1949873301 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551612, new_long = 1949873301 True 1
Fn
Set Attribute Background class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute Background class_name = STATIC, index = 18446744073709551612, new_long = 3280848 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551612, new_long = 3280832 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280816 True 1
Fn
Set Attribute - class_name = EDIT, index = 18446744073709551612, new_long = 3280800 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551612, new_long = 3280784 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551612, new_long = 3280768 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551612, new_long = 3280752 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280736 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280720 True 1
Fn
Set Attribute GlobalProgress class_name = STATIC, index = 18446744073709551612, new_long = 3280704 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280688 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280672 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280656 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280640 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280624 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551600, new_long = 1443045377 True 2
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551600, new_long = 1443045376 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551600, new_long = 1443045376 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551600, new_long = 1443045376 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute GlobalProgress class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551612, new_long = 1949873301 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551612, new_long = 1949873301 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551612, new_long = 1949873301 True 1
Fn
Set Attribute - class_name = EDIT, index = 18446744073709551612, new_long = 1949735376 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551612, new_long = 1949873301 True 1
Fn
Set Attribute Background class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute Background class_name = STATIC, index = 18446744073709551612, new_long = 3280848 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551612, new_long = 3280832 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551612, new_long = 3280816 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551612, new_long = 3280800 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280784 True 1
Fn
Set Attribute GlobalProgress class_name = STATIC, index = 18446744073709551612, new_long = 3280768 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280752 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280736 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280720 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280704 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280688 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280672 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551600, new_long = 1443045377 True 2
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551600, new_long = 1443045376 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551600, new_long = 1443045376 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute GlobalProgress class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551612, new_long = 1949873301 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551612, new_long = 1949873301 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551612, new_long = 1949873301 True 1
Fn
Set Attribute Background class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Set Attribute Background class_name = STATIC, index = 18446744073709551612, new_long = 3280848 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551612, new_long = 3280832 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551612, new_long = 3280816 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551612, new_long = 3280800 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280784 True 1
Fn
Set Attribute GlobalProgress class_name = STATIC, index = 18446744073709551612, new_long = 3280768 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280752 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280736 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280720 True 1
Fn
Set Attribute - class_name = STATIC, index = 18446744073709551612, new_long = 3280704 True 1
Fn
Set Attribute ProgressBar class_name = msctls_progress32, index = 18446744073709551612, new_long = 3280688 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551600, new_long = 1443045377 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551600, new_long = 1577263104 True 1
Fn
Set Attribute - class_name = BUTTON, index = 18446744073709551600, new_long = 1577263104 True 1
Fn
System (1187)
»
Operation Additional Information Success Count Logfile
Get Cursor x_out = 894, y_out = 688 True 1
Fn
Get Cursor x_out = 898, y_out = 683 True 1
Fn
Get Cursor x_out = 891, y_out = 687 True 1
Fn
Sleep duration = -1 (infinite) True 5
Fn
Sleep duration = 500 milliseconds (0.500 seconds) True 1
Fn
Get Time type = System Time, time = 2018-08-28 10:27:37 (UTC) True 2
Fn
Get Time type = Ticks, time = 112648 True 1
Fn
Get Time type = System Time, time = 2018-08-28 10:27:38 (UTC) True 2
Fn
Get Time type = System Time, time = 2018-08-28 10:27:39 (UTC) True 8
Fn
Get Time type = System Time, time = 2018-08-28 10:27:40 (UTC) True 14
Fn
Get Time type = System Time, time = 2018-08-28 10:27:41 (UTC) True 32
Fn
Get Time type = System Time, time = 2018-08-28 10:27:42 (UTC) True 42
Fn
Get Time type = System Time, time = 2018-08-28 10:27:43 (UTC) True 49
Fn
Get Time type = System Time, time = 2018-08-28 10:27:47 (UTC) True 10
Fn
Get Time type = System Time, time = 2018-08-28 10:27:50 (UTC) True 59
Fn
Get Time type = System Time, time = 2018-08-28 10:27:51 (UTC) True 12
Fn
Get Time type = System Time, time = 2018-08-28 10:27:52 (UTC) True 14
Fn
Get Time type = System Time, time = 2018-08-28 10:27:53 (UTC) True 12
Fn
Get Time type = System Time, time = 2018-08-28 10:27:54 (UTC) True 12
Fn
Get Time type = System Time, time = 2018-08-28 10:27:55 (UTC) True 14
Fn
Get Time type = System Time, time = 2018-08-28 10:27:56 (UTC) True 12
Fn
Get Time type = System Time, time = 2018-08-28 10:27:57 (UTC) True 12
Fn
Get Time type = System Time, time = 2018-08-28 10:27:58 (UTC) True 14
Fn
Get Time type = System Time, time = 2018-08-28 10:27:59 (UTC) True 12
Fn
Get Time type = System Time, time = 2018-08-28 10:28:00 (UTC) True 14
Fn
Get Time type = System Time, time = 2018-08-28 10:28:01 (UTC) True 12
Fn
Get Time type = System Time, time = 2018-08-28 10:28:02 (UTC) True 12
Fn
Get Time type = System Time, time = 2018-08-28 10:28:03 (UTC) True 14
Fn
Get Time type = System Time, time = 2018-08-28 10:28:04 (UTC) True 285
Fn
Get Time type = System Time, time = 2018-08-28 10:28:05 (UTC) True 498
Fn
Get Info type = Operating System True 5
Fn
Get Info type = System Directory, result_out = C:\Windows\system32 True 3
Fn
Get Info type = Operating System True 1
Fn
Get Info type = Hardware Information True 1
Fn
Environment (3)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 1
Fn
Data
Get Environment String name = USERPROFILE True 1
Fn
Get Environment String name = USERPROFILE, result_out = C:\Users\EEBsYm5 True 1
Fn
Process #2: msiexec.exe
7489 0
»
Information Value
ID #2
File Name c:\windows\system32\msiexec.exe
Command Line C:\Windows\system32\msiexec.exe /V
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:00:55, Reason: RPC Server
Unmonitor End Time: 00:03:53, Reason: Terminated by Timeout
Monitor Duration 00:02:58
OS Process Information
»
Information Value
PID 0xa44
Parent PID 0x1d8 (c:\windows\system32\services.exe)
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSecurityPrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x A60
0x A5C
0x A58
0x A50
0x A4C
0x A48
0x A84
0x BF0
0x C48
0x C50
0x C54
0x C58
0x C5C
0x C60
0x C64
0x C68
0x C6C
0x C7C
0x C80
0x C84
0x CD4
0x CD8
0x CE4
0x D70
0x D74
0x D9C
0x DA8
0x DB8
0x F5C
0x F60
0x F64
0x F84
0x F8C
0x FA4
0x FC0
0x 870
0x 8AC
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x00026fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000040000 0x00040000 0x00041fff Pagefile Backed Memory r True False False -
private_0x0000000000050000 0x00050000 0x0008ffff Private Memory rw True False False -
locale.nls 0x00090000 0x000f6fff Memory Mapped File r False False False -
pagefile_0x0000000000100000 0x00100000 0x0017ffff Pagefile Backed Memory r True False False -
pagefile_0x0000000000180000 0x00180000 0x00181fff Pagefile Backed Memory rw True False False -
msiexec.exe.mui 0x00190000 0x00190fff Memory Mapped File rw False False False -
private_0x00000000001a0000 0x001a0000 0x001a0fff Private Memory rw True False False -
private_0x00000000001b0000 0x001b0000 0x001b0fff Private Memory rw True False False -
private_0x00000000001c0000 0x001c0000 0x002bffff Private Memory rw True False False -
pagefile_0x00000000002c0000 0x002c0000 0x00387fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000390000 0x00390000 0x00390fff Pagefile Backed Memory r True False False -
pagefile_0x00000000003a0000 0x003a0000 0x003a1fff Pagefile Backed Memory r True False False -
msimsg.dll.mui 0x003b0000 0x003c3fff Memory Mapped File rw False False False -
pagefile_0x00000000003d0000 0x003d0000 0x003d0fff Pagefile Backed Memory r True False False -
msxml3r.dll 0x003e0000 0x003e0fff Memory Mapped File r False False False -
private_0x00000000003f0000 0x003f0000 0x0040ffff Private Memory - True False False -
private_0x0000000000410000 0x00410000 0x0041ffff Private Memory rw True False False -
pagefile_0x0000000000420000 0x00420000 0x00520fff Pagefile Backed Memory r True False False -
eventcls.dll 0x00530000 0x00533fff Memory Mapped File r False False False -
private_0x0000000000540000 0x00540000 0x0057ffff Private Memory rw True False False -
30dea.ipi 0x00540000 0x00545fff Memory Mapped File r True True False
...
private_0x0000000000580000 0x00580000 0x005bffff Private Memory rw True False False -
stdole2.tlb 0x005c0000 0x005c3fff Memory Mapped File r False False False -
private_0x00000000005d0000 0x005d0000 0x0060ffff Private Memory rw True False False -
private_0x0000000000610000 0x00610000 0x0068ffff Private Memory rw True False False -
private_0x0000000000690000 0x00690000 0x006dffff Private Memory rw True False False -
pagefile_0x0000000000690000 0x00690000 0x00691fff Pagefile Backed Memory rw True False False -
private_0x00000000006a0000 0x006a0000 0x006dffff Private Memory rw True False False -
pagefile_0x00000000006e0000 0x006e0000 0x006e1fff Pagefile Backed Memory rw True False False -
private_0x00000000006f0000 0x006f0000 0x0072ffff Private Memory rw True False False -
private_0x0000000000730000 0x00730000 0x0074ffff Private Memory - True False False -
private_0x0000000000750000 0x00750000 0x0076ffff Private Memory - True False False -
msiexec.exe 0x00780000 0x00793fff Memory Mapped File rwx True False False -
sortdefault.nls 0x007a0000 0x00a6efff Memory Mapped File r False False False -
private_0x0000000000a70000 0x00a70000 0x00aaffff Private Memory rw True False False -
private_0x0000000000ab0000 0x00ab0000 0x00aeffff Private Memory rw True False False -
private_0x0000000000af0000 0x00af0000 0x00b0ffff Private Memory - True False False -
private_0x0000000000b20000 0x00b20000 0x00b5ffff Private Memory rw True False False -
pagefile_0x0000000000b60000 0x00b60000 0x00c53fff Pagefile Backed Memory r True False False -
30de4.msi 0x00b60000 0x00c53fff Memory Mapped File r True True False
...
30dea.ipi 0x00bd0000 0x00c4ffff Memory Mapped File rw True True False
...
~df54fa1b59b3d37990.tmp 0x00c50000 0x00ccffff Memory Mapped File rw True True False
...
~df577b02bd34c74022.tmp 0x00c50000 0x00ccffff Memory Mapped File rw True True False
...
pagefile_0x0000000000c60000 0x00c60000 0x00d53fff Pagefile Backed Memory r True False False -
30de5.ipi 0x00ca0000 0x00d1ffff Memory Mapped File rw True True False
...
30de5.ipi 0x00cc0000 0x00d3ffff Memory Mapped File rw True True False
...
private_0x0000000000d60000 0x00d60000 0x00e5ffff Private Memory rw True False False -
pagefile_0x0000000000e60000 0x00e60000 0x01252fff Pagefile Backed Memory r True False False -
private_0x0000000001260000 0x01260000 0x013cffff Private Memory rw True False False -
kernelbase.dll.mui 0x01260000 0x0131ffff Memory Mapped File rw False False False -
private_0x0000000001320000 0x01320000 0x0135ffff Private Memory rw True False False -
private_0x0000000001360000 0x01360000 0x0137ffff Private Memory - True False False -
private_0x0000000001390000 0x01390000 0x013cffff Private Memory rw True False False -
private_0x00000000013d0000 0x013d0000 0x015bffff Private Memory rw True False False -
private_0x00000000013d0000 0x013d0000 0x0152ffff Private Memory rw True False False -
private_0x00000000013d0000 0x013d0000 0x013effff Private Memory - True False False -
~df22707f64d7b3e78b.tmp 0x013d0000 0x0144ffff Memory Mapped File rw True True False
...
private_0x00000000013f0000 0x013f0000 0x0142ffff Private Memory rw True False False -
private_0x0000000001430000 0x01430000 0x0144ffff Private Memory - True False False -
private_0x0000000001450000 0x01450000 0x0148ffff Private Memory rw True False False -
private_0x0000000001490000 0x01490000 0x014cffff Private Memory rw True False False -
private_0x00000000014d0000 0x014d0000 0x014effff Private Memory - True False False -
private_0x00000000014f0000 0x014f0000 0x0152ffff Private Memory rw True False False -
private_0x0000000001530000 0x01530000 0x0154ffff Private Memory - True False False -
private_0x0000000001550000 0x01550000 0x0156ffff Private Memory - True False False -
private_0x0000000001580000 0x01580000 0x015bffff Private Memory rw True False False -
private_0x00000000015c0000 0x015c0000 0x017dffff Private Memory rw True False False -
private_0x00000000015c0000 0x015c0000 0x0175ffff Private Memory rw True False False -
private_0x00000000015c0000 0x015c0000 0x015fffff Private Memory rw True False False -
private_0x0000000001600000 0x01600000 0x0161ffff Private Memory - True False False -
private_0x0000000001620000 0x01620000 0x0163ffff Private Memory - True False False -
private_0x0000000001640000 0x01640000 0x0167ffff Private Memory rw True False False -
private_0x0000000001680000 0x01680000 0x016bffff Private Memory rw True False False -
private_0x0000000001720000 0x01720000 0x0175ffff Private Memory rw True False False -
private_0x00000000017a0000 0x017a0000 0x017dffff Private Memory rw True False False -
private_0x00000000017e0000 0x017e0000 0x0197ffff Private Memory rw True False False -
private_0x0000000001800000 0x01800000 0x0183ffff Private Memory rw True False False -
private_0x0000000001870000 0x01870000 0x018affff Private Memory rw True False False -
private_0x0000000001900000 0x01900000 0x0193ffff Private Memory rw True False False -
private_0x0000000001940000 0x01940000 0x0197ffff Private Memory rw True False False -
private_0x0000000001980000 0x01980000 0x01d7ffff Private Memory rw True False False -
private_0x0000000001e10000 0x01e10000 0x01f0ffff Private Memory rw True False False -
private_0x0000000001f10000 0x01f10000 0x0200ffff Private Memory rw True False False -
private_0x00000000020c0000 0x020c0000 0x020fffff Private Memory rw True False False -
pagefile_0x0000000002100000 0x02100000 0x0238afff Pagefile Backed Memory rw True False False -
private_0x0000000002390000 0x02390000 0x0261afff Private Memory rw True False False -
private_0x0000000002620000 0x02620000 0x028b2fff Private Memory rw True False False -
30de8.msi 0x02cb0000 0x035eefff Memory Mapped File r True True False
...
30de8.msi 0x039f0000 0x0432efff Memory Mapped File r True True False
...
msxml3.dll 0x6bf00000 0x6c032fff Memory Mapped File rwx False False False -
vss_ps.dll 0x6dab0000 0x6dab9fff Memory Mapped File rwx False False False -
spp.dll 0x6e4b0000 0x6e4dffff Memory Mapped File rwx False False False -
srclient.dll 0x6e4e0000 0x6e4ecfff Memory Mapped File rwx False False False -
msi.dll 0x6f040000 0x6f27ffff Memory Mapped File rwx True False False -
vsstrace.dll 0x70370000 0x7037ffff Memory Mapped File rwx False False False -
vssapi.dll 0x70380000 0x70495fff Memory Mapped File rwx False False False -
msimsg.dll 0x71f40000 0x71f46fff Memory Mapped File rwx False False False -
es.dll 0x73820000 0x73866fff Memory Mapped File rwx False False False -
dsrole.dll 0x73880000 0x73888fff Memory Mapped File rwx False False False -
atl.dll 0x738a0000 0x738b3fff Memory Mapped File rwx False False False -
samcli.dll 0x73c30000 0x73c3efff Memory Mapped File rwx False False False -
wkscli.dll 0x73c40000 0x73c4efff Memory Mapped File rwx False False False -
netutils.dll 0x73c50000 0x73c58fff Memory Mapped File rwx False False False -
netapi32.dll 0x73c60000 0x73c70fff Memory Mapped File rwx False False False -
propsys.dll 0x74220000 0x74314fff Memory Mapped File rwx False False False -
samlib.dll 0x74320000 0x74331fff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
userenv.dll 0x74a30000 0x74a46fff Memory Mapped File rwx False False False -
rsaenh.dll 0x74bf0000 0x74c2afff Memory Mapped File rwx False False False -
cryptsp.dll 0x74e50000 0x74e65fff Memory Mapped File rwx False False False -
srvcli.dll 0x75220000 0x75238fff Memory Mapped File rwx False False False -
sspicli.dll 0x752b0000 0x752cafff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
sxs.dll 0x752e0000 0x7533efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x75370000 0x7537dfff Memory Mapped File rwx False False False -
profapi.dll 0x75380000 0x7538afff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
clbcatq.dll 0x75780000 0x75802fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
private_0x000000007ffa8000 0x7ffa8000 0x7ffa8fff Private Memory rw True False False -
private_0x000000007ffa9000 0x7ffa9000 0x7ffa9fff Private Memory rw True False False -
private_0x000000007ffaa000 0x7ffaa000 0x7ffaafff Private Memory rw True False False -
private_0x000000007ffab000 0x7ffab000 0x7ffabfff Private Memory rw True False False -
private_0x000000007ffac000 0x7ffac000 0x7ffacfff Private Memory rw True False False -
private_0x000000007ffad000 0x7ffad000 0x7ffadfff Private Memory rw True False False -
private_0x000000007ffae000 0x7ffae000 0x7ffaefff Private Memory rw True False False -
private_0x000000007ffaf000 0x7ffaf000 0x7ffaffff Private Memory rw True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffd3000 0x7ffd3000 0x7ffd3fff Private Memory rw True False False -
private_0x000000007ffd4000 0x7ffd4000 0x7ffd4fff Private Memory rw True False False -
private_0x000000007ffd5000 0x7ffd5000 0x7ffd5fff Private Memory rw True False False -
private_0x000000007ffd6000 0x7ffd6000 0x7ffd6fff Private Memory rw True False False -
private_0x000000007ffd7000 0x7ffd7000 0x7ffd7fff Private Memory rw True False False -
private_0x000000007ffd8000 0x7ffd8000 0x7ffd8fff Private Memory rw True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory rw True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory rw True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
For performance reasons, the remaining 77 entries are omitted.
The remaining entries can be found in flog.txt.
Created Files
»
Filename File Size Hash Values YARA Match Actions
C:\Program Files\Remote Utilities - Host\RIPCServer.dll 151.52 KB MD5: 435d9e1fd4b87308f0f91da25530d4ec
SHA1: a9b0c513b930f4c2ef86cb75a8de1fe16eb6d996
SHA256: 05040b677d7697b4f97da173c6c07146d3bde327833fd2022bf2cb67f90389ca
SSDeep: 3072:WvQPgrvHfETaxPSki7FlC+y/DPHSeqqSDUDPBcHnIO3gH:WvQovp07FGaXgH 		False
...
C:\Program Files\Remote Utilities - Host\Italian.lg 54.97 KB MD5: dfcc06cd5e145a631806c1d011ad0fba
SHA1: d53236889246db20ad22f4811d24c7257c9b635d
SHA256: 9848f250729fe0a81118aa027592ad0ef98d8428e808fa7bafa0903a93c4d94b
SSDeep: 384:Sm01Cwq1dgmzJFUr8jmu3xwZBdGsWbITzqlf288Fuz2O5qi4NZhhia2nQec7b8wH:EkcIzSiGwarec7IDVmA8eY 		False
...
C:\Program Files\Remote Utilities - Host\vp8encoder.dll 1.57 MB MD5: 3e6c2703e1c8b6b2b3512aff48099462
SHA1: b17a7f9cce16540b1f0e3dceae9dc7e8e855cb1b
SHA256: 616a0047b5f28a071fc26dd9b0fd90d5110c77a3635565cebc24b6362d8c9844
SSDeep: 49152:iSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSvSSSSSSSSSSSSSSSlwwwwwwwwwwwwwwf:iSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS1 		False
...
C:\Program Files\Remote Utilities - Host\Dutch.lg 55.85 KB MD5: 00c905e8da73cf386c210d28e3797f6c
SHA1: 512b1c68ad520bbd77733cf71e376333c509c183
SHA256: 83813ca174f76a126e05f6cca58be24ce2a48a2632e9bf6bfa46a353d01111b6
SSDeep: 384:SKgzSDh81zMEAgcj6Av24RMDQDLXedTvjq0RjD8ZbK6BmmhWYpjUwkQZQuxtWv6M:SY21zVg+aeq0Rv8ZbnTFaObLfWucLOmD 		False
...
C:\Program Files\Remote Utilities - Host\Turkish.lg 54.52 KB MD5: 8a4b15f09ab2301fdbf99acd5274bf88
SHA1: 88bee09f9690dce0f323909d53525f60e076e854
SHA256: 00d3aa64e2afe9b92f2d13255a86eee0f289d9d257229289de0e2020626f0508
SSDeep: 768:aE0cXwLfmn/ft4QtV82UByhgrhfOXXVLbxcmH6Aa7Tvf:aqXw4HRO1fOXXVLbD6Aa7Tvf 		False
...
C:\Program Files\Remote Utilities - Host\Hebrew.lg 46.78 KB MD5: 516352f3ff5dc96d8cfbd6abf069aabd
SHA1: b52524bec89b956fba232d7a72205e63e029d5d0
SHA256: 6387f12ff599445016b7f5b191170f077fe50c8b986a7d9650abfb7ccb6377f5
SSDeep: 384:XncbAZHwCIo7HKInFzEnac+Q8ZUUBIbN08bZavbiSoBV205ZT1xD1O8Vcm+yWQRJ:m8QSQp7hNRMho9H 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\fwproc.exe 88.52 KB MD5: ea59044d08afd020fa6d5af9e5e7cf5a
SHA1: d6958e403f452fc2d1bf7fcd8b2edc691d935d68
SHA256: 78436d1fef2d60bbe0a693d8425b8c30e9db167422ee8004eb965773ff6c00ae
SSDeep: 1536:0NpkB9q5HeZJobIusCnXTqFC34d9KJ3w4tjBgYf:bPqOobJs8Eoa4tjBgW 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\unidrv_rup.dll 375.02 KB MD5: 06bcbd5ebae3130b47c5ef8d9566df15
SHA1: 0e908eec1e77c96b1f83ddd42a678944b605fa47
SHA256: df33f57c24dcf3d878d545906f452b2ce691452350b72fc19c42a04a79b2bfc2
SSDeep: 6144:rplBo/TK5C+psQzJzCSX6hjg+4GRr3CoA7f3j5G+hinZ5P31uGX7Zum8oyk7lATH:X0/djgEUhWnJ2UlxqOttoICvPn/318SN 		False
...
C:\Program Files\Remote Utilities - Host\Monitor\x86\drvinstaller32.exe 145.02 KB MD5: 2dc45cbcce2a4d1eb1e28d1d51e53ad6
SHA1: d7a62a73bc27886ed524bc961392038f018c4150
SHA256: f5d93809fdc5912f82201ae5e1626085b5f798c2f4d7c9e5cca7dfacace69d33
SSDeep: 1536:vTm/S/7UOlwFZxYEJTnp6EaGdBVBbM4nQmcpi7EBzSeOYzkOQvvJCoXTZBaCQtnW:8SzUOyxpfznQUokjun2Dr9CYQrLgB 		False
...
c:\system volume information\spp\metadata-2 5.52 MB MD5: 4f7d527ec892e6f46b17a808d1e410e0
SHA1: 95617678f95fdb3dc77dc53ecf7396148ee6ab13
SHA256: b02501a1b4d2a65e9b2e21d0260cdd9f0f1915a27e83732f0896db2608fcd946
SSDeep: 12288:Osb/YEzT4G0ncLYHCau/Ox11+DWOQmg9fwIQ55LPnStrmEaff5qUO/jsl:9jgB11+mcfEUO78 		False
...
C:\Program Files\Remote Utilities - Host\Monitor\x86\lockscr.sys 13.48 KB MD5: fa01dab3229ca22caaa15a245c488f6f
SHA1: 9b8aa9041529aa5c0b1f2fbc0ad73744d95b5ceb
SHA256: e1363e7b917c96a03c74e6e7dfcc1e374b64ef86005e9f7d624cf77b785a85ba
SSDeep: 192:F6/uzfJZBlnYe+PjPJdZubhlCVuuImqAZscF8Bd1LchCt:42zB5nYPLXZgwgAZsHLcIt 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\unires_vpd.dll 753.02 KB MD5: d9da1c64400ac31989dcb7f37a1c0994
SHA1: 6357f03b367dfc75575da5e8092fe7da28703c4b
SHA256: 42153140f3cb25ed59444703e1ebd004dee97209fc9ac91ae4823290bcc86ce1
SSDeep: 12288:SkoGBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinL5+:2GBEGbL4Np84TQazCSiR5+ 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\progress.exe 19.52 KB MD5: ecbe7572b3b6bdf275c51da7e5ca3d94
SHA1: 1af52869ba692bbc04712721b19a1bef5762d132
SHA256: da6104aa160e4861ef3892020fbb9f4966a0bc7280a8c2e4f8d5f739ec0f0cdd
SSDeep: 384:nSZPGL9A2TdR5W6D4+ZSZQwgMSZsHLPK6jH6x:nkP0A65XIg2PKgax 		False
...
C:\Program Files\Remote Utilities - Host\Norwegian.lg 51.90 KB MD5: 3cdf55746e6889e8fff300e54a287bcc
SHA1: 57c38147c92b86f7bceeb4dbd9ad1d720410b07d
SHA256: d3014f26e0b5bd84f694c8ad18f0de48ce3cbcbaa2f649070f161c64702cae3d
SSDeep: 1536:IzYWB3TwZOFLoAapzop2DL+p/uSAoILpUNW:IzYWB3Tw3XDac 		False
...
C:\Program Files\Remote Utilities - Host\webmvorbisencoder.dll 861.02 KB MD5: 74a8ebf5d8e08e284d734fe5feebd67d
SHA1: 87fb627c6e63eb41e26f389b38d525ccf0c11590
SHA256: 1a9632b9e061b56017d2eb8d15c20e60a9518b4de5faa0399eaba0a17c10045d
SSDeep: 12288:OTAPYZEyRr+NDnaLyx2lz8MSjtX08pYRc29qcQmsGahsQZsbRNeb:lYF+Eyx2lzujtEIYRc1cQmsGa7ONeb 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\setupdrv.exe 60.52 KB MD5: e6fad6f55219253a16fe5bb92c80ce15
SHA1: 01a34aa45c1cebe15fddc5b1f73848228b9a2436
SHA256: 57ebd191c1a040759be022480bc8d11fc3f3bc3214343b99c95ddf3eae47f5d2
SSDeep: 768:kA7DDwprhlrMKK9jfcKk5NijGA/z0TIx0PqfyljmkjxOarHg2PKgV:kcHcViK0r0a7xOlOarHgYv 		False
...
C:\Program Files\Remote Utilities - Host\rfusclient.exe 5.47 MB MD5: 848a53dc549be0386e5da0f49700c389
SHA1: e918192d2b5c565a9b2756a1d01070c6608f361c
SHA256: faf0c5e4ef7dbcfd863377c55a4d1d87a3f6a58c13a8a9882e11012066f31976
SSDeep: 49152:fToOPDphyCs76leS+ZdHP0pCDYIHvdddCOQyxdN3AzqT2TNO9jiu5Ky987l:fToOHyCKZ1vdCOQybN3YkiQKBl 		False
...
C:\Program Files\Remote Utilities - Host\Arabic.lg 49.23 KB MD5: e51a34c8198ba9a59e53f0503777e75b
SHA1: 83d93b4a520b08efa14b55c80c5db8f85d5ca9e4
SHA256: 5810c1f2453156015e43dc8844b8463eaa47be877c07834e67723815aa60c5d3
SSDeep: 384:8uSWZIpfcBVSNiDvZI/BMJkb7/DvVVqx8sjXDtnMKhcD66KnLQ+IpvcuDudd3tzu:oaI5M7rhcDx+LnzBs 		False
...
C:\Windows\Installer\30de5.ipi 20.00 KB MD5: e23870ca79aa009cfd47a52b9e3daea4
SHA1: bc46655cb2ddb41f0817af2345e5e9ef99725ce6
SHA256: 2f1110409b520807dafac3d7bda3af563ac70f1e226a713f0a22387c6638e96a
SSDeep: 48:T0scDHcvuheToEzSkdzfdzfIgUIg8UvZF7ieTxpDI8TSkdzYdzyK+Jo7:TBahe/z/IDIMMe3I8T017 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\stdnames_vpd.gpd 8.34 KB MD5: 5da53abe26e7dec28f2596a508068f69
SHA1: a2f08b02c15be2a75045696499a50eccad2f0972
SHA256: 67fefe5e8ef784f61cd6bfcfaa65660d76b12aadcafdd444e54fb74dd3a28bc3
SSDeep: 96:yDkcq9LThAr8J9cogg/QbzUToVPgOOetxM3AzEzWb:NjThm8JC986ITRCzEzc 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\rupui2.exe 172.52 KB MD5: 65c68866b4d28bf39f96143ec40957de
SHA1: c24c1c8323e4a99a3a4c0cc164fb8b62ca0bc0ce
SHA256: 8e663c200e585c094695aa2f3eb93be28708d0a555e9fe372bf0adab6ab6c81b
SSDeep: 1536:rHNLMFvAoLVe7SYJ4dt9W73Ghsiwje8yHPNbIxTT7sqFLE/o0vqaXaO/taOrAjKJ:rhOvZYQ7WusiFvNboZwTT/taOQU1gk 		False
...
C:\Program Files\Remote Utilities - Host\webmvorbisdecoder.dll 366.02 KB MD5: 2943b9910b1c7cc04024888502885256
SHA1: e2ac697a558fa85ff4c9e2bb114138870a80f146
SHA256: 78115050f4e99372fc10b19a14af60e623ddfda224c8e96340cb5d8166507e2b
SSDeep: 6144:EaoH9sDRlDLD0GDkEp00tc6TKUOmrRK1jRsAOO04sAO88RtwgV:goPH0GgEp0gVd1ValsQXsHzV 		False
...
C:\Program Files\Remote Utilities - Host\German.lg 54.82 KB MD5: 42b83b0d09167cb42582b5f830b44ebb
SHA1: a9d5d467643aca034a983ebbb595d2fedd19062a
SHA256: 56b73a451ecc9d3f99892b397ef1b5006b6f9296765d01fbdc7fc3d979400bbd
SSDeep: 384:BWOrmAW/HVZK8sEy8hsNrcbzfwA/AlcLwhi55cR5WC/N4JdGy2TSZEQiNtp34hBc:pXW/0rcbjtlwhJR5j/2JdF2WeNtp3etS 		False
...
C:\Windows\Installer\30dea.ipi 24.00 KB MD5: d802ddd04a850b75448fd86eb3d729ba
SHA1: 5a4da634628525a22eb0fcd1f2502bcbf02c810a
SHA256: 4962ce82cf9563a9ff984c00e8058f16acab7faf9a35be1b1ca6672328e70fa9
SSDeep: 96:1URykWhDeto5aMTXkXiXxfrLtySjqlCMTXkXiXxfrL6m:18aC25Xfjqls 		False
...
C:\Program Files\Remote Utilities - Host\Japanese.lg 42.14 KB MD5: 58319662af8f62390737c9df99f23dba
SHA1: 19d0549605e76343555a3486aac9b072fe47e878
SHA256: 4df73b25972b4388f2ffe70b88d4cfc739aed58dc0a72163b96cd407eb8d4388
SSDeep: 384:FOcgi7ScbYvKxPLpAgwCMH9yL/VcdnQZfGl/8gUeFmNyEQvxQpdX2vSV:llQKxTpAgcIu4f8UeLqV 		False
...
C:\Program Files\Remote Utilities - Host\English.lg 52.83 KB MD5: 6396e5ade56e4f45c4f59ca210385f58
SHA1: 88f8778e8f960001ee558255e22418d8ea17446a
SHA256: fe57254a0c2a3593d618bea7d43074c7b637ec3021f0b51073c0d95f65bae882
SSDeep: 384:bKrZjali4EH/1NesnYQ90NfOgisWZBAosFwmlefDYsOsFPJjs1TqjB:e22TZGvlefH7x 		False
...
C:\Program Files\Remote Utilities - Host\Spanish.lg 54.96 KB MD5: 542fb52c74f0f92c5cbe734cf75145b5
SHA1: 6bca28849913bf4f61b3d48791737a00f9718ee7
SHA256: c157ce11631f26462c764bab24b0700f019a2213b36a92002d886d156afa7b03
SSDeep: 384:VLBpSitsBwgxNMJN44gwUnz4j9U+u/ISQh1kSXZC1Zt/bqdDEp9lg0yBrJFuZj6P:FNPaNfWNJcZqwGCYO3S 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\aicustact.dll 90.62 KB MD5: 6a9c36332255fca66c688c75aa68e1de
SHA1: 2a03e2a5e6a8d9e2b0cfb4e2cc1923d9c08578c1
SHA256: 7b7ebada5da99a20c44eaf77e6d673985da42d9b7cb4f5e4235b7579581ae170
SSDeep: 1536:pysRX1fpScTNumPTXhMw+m3/3Uw5VJdK5KviuWyVstdEpH:jXtpSchuqP3Z5VJZVDp 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\Prereq.dll 295.12 KB MD5: b831569a917e0e543fccdf3672c7a10e
SHA1: df1e395dc41ab8d1ae9401e4d2181fdfa24623cd
SHA256: e2d7938bea1174359bac78d610678ba586db58fab70901ba287623560a9a9fe6
SSDeep: 6144:InoEknCuM9Rhyj06nqdsbEsE/Cl3xo4hTUR/b8+:IoEknjM9Ren1bEsEKl3xonRD8+ 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\VPDAgent.exe 200.52 KB MD5: 99f58392eaac2a939c74063f654ce047
SHA1: f92473806edb447cc5387739adbc293a5eb20326
SHA256: 1ab16655e3f91d66667b62319d735f334191f9ff66d0bd1dcf9437221438f584
SSDeep: 6144:0RfBITBF/zFWCNgzjXZbx/9XDHPnahPf8MmthzSENJbStUwzJgV:cfoBF/zFWCNgzjXZbxlXDHPnahPf8MmH 		False
...
C:\Program Files\Remote Utilities - Host\Chinese Simplified.lg 37.10 KB MD5: 844e2b8e4ad580ff845402a6b3b88846
SHA1: 1e76d2008eee1a896d207dd9c3c1a504dc9d06de
SHA256: 4d646a6af146c05cdb4644f62605cb40196595e6ed3aabcaf92e7d081c4eebf1
SSDeep: 768:w4ZeAyS/v3c0kjkcpH7O0ne68XPfHynIlxBQk6WoB:fZeA5voj/Y/HHyv 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\rup.gpd 14.32 KB MD5: 151f3af412abd6bf05d160a70f8873d8
SHA1: 0efcf48401d546ce101920496dcbbf3ab252ee87
SHA256: 4c21b9663120b494d0f5112eb5f9e0aab4b659a5bf5d5301ee4d5a98abb20f25
SSDeep: 384:U1EQCc2g2N2A2X2Y2j2+2BgQzaZah25Dy:3RLormTqdB1aZzy 		False
...
C:\Program Files\Remote Utilities - Host\Danish.lg 52.64 KB MD5: ab723f51a48801456d39bb48396beada
SHA1: a721d0afa24cbfb99c97431be42113426ab6638f
SHA256: 3db7b110d7df4402b0ac207d28debb735cfd476ef42c2f71bbba5108a0b96da5
SSDeep: 384:gT1z3OH0gvqC4T1AIP28VpsjIvAAcs1jrnLA7lFTt9jMAlI4r:DHqTv5jruTtD 		False
...
C:\Program Files\Remote Utilities - Host\Monitor\x64\drvinstaller64.exe 218.52 KB MD5: bf25bed1f6c00110503ae135e500ebdf
SHA1: 4ac12609265f47f75f2cdbe0fa0bf313cfe5e149
SHA256: 5517516030166606f2bdcd34a4990dee896a22be1fc23c700fc16743520c519a
SSDeep: 1536:7UYAqkUIVQaz5e3fdDJVBbM4L6LG1F33AknTZ9IM3eFyINtiR+uqPXJeyr3XLT5S:lA1UIVuNJ3V+kRsoyrXLTvDLS2Ofogz 		False
...
C:\Program Files\Remote Utilities - Host\webmmux.dll 261.02 KB MD5: 026d12b240e081794c730c1ed24a6f33
SHA1: bb6c0544ecc2c8db68b23b8e4feab5b3261b4666
SHA256: d639adb51c6e3ee8c249d11eb8db606ba2aa37d4f12f80f2b9685d8f560984bf
SSDeep: 3072:BW218gr7s2yIHB0pTPdTX9zUbEbStE97zjAs1RtTcJTfIv0se7POWu/HgsGU1VTB:BWSfr7sXSmPDbKPJ6/AsNk+ZgAl 		False
...
C:\Program Files\Remote Utilities - Host\EULA.rtf 49.55 KB MD5: 722fe688f60b4649265f5177a8c0c0ca
SHA1: 9532e0de2b2d1eeacc19f15602904ae14231df6b
SHA256: 2e551329bf8cb93e665c17bac916776d75091ff190b7ccff8a48fb0de0d582b5
SSDeep: 384:p7hqMNkNVhaaU1/6tMIENPtQXj9/RXGMQchPmP9tjkJ7Olh2uk4wYi6rGs85sxX5:p7qZMIENPkjdR2MQchuP7jkJN/dsxyu 		False
...
C:\Program Files\Remote Utilities - Host\Chinese Traditional.lg 37.35 KB MD5: 420f3450e1dbf4ecbe48125bef79155e
SHA1: eedd628146fe8722aa8f5a9cc9a84ff86bc403ee
SHA256: ac397a585dd2e48f8ee01d2e50d4d87e138d24d6f6f7c442507feab796c3a9ed
SSDeep: 768:YP1tFWwXC1a0ogJWbXcTRB4N24nXX3G6FnVxCn3be+4:Y9t/C1atb1XHG6qU 		False
...
C:\Program Files\Remote Utilities - Host\vp8decoder.dll 381.02 KB MD5: 381f1b7d8f7da904827980dae02f77a9
SHA1: 81d4d5724533b26391301be2b462f580395d5485
SHA256: f14dab0b9f18aced330729b4a772e6b139817be01783b97b92e9af5fc26615d2
SSDeep: 6144:JIIDyjBnydesbWoiwS7dVIclCzoqHO/gCaEkkH8TuX6RTrWD4siZMZ+LG4IPWwcW:JI8tiDOzyH9H8Tu6h04fZMZoMPuvf8r 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\ruppm.dll 56.02 KB MD5: fcb5be7562659b998cdd84a1eecc1532
SHA1: 519cfebeb99981f8a58ae44ea47a361fd1fcd4f1
SHA256: 524209869f6428f5c2da7f8a3c18fdb4f028a553f9ef2f09cbc4ab7743b31c5b
SSDeep: 768:639rZiJf4Fqj9IarpbsMUxbkTKkl+CvtZLkVSXUopD2PGos3+U/g2PKgDvWr:Hj9IarpbsMUxbWKGztZoVSND0z2ZgYpg 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\unidrvui_rup.dll 738.52 KB MD5: 5068f38eb382ad52f03a77b3848fa3ed
SHA1: 3b8dedceeb87b9a8b577767a581e0101efaff067
SHA256: 5d8b6fb32894d41d2fda5a22c755bdea5864eb7078cec0943da474a8f24e2c04
SSDeep: 12288:PlIoM3g2e9Bg7Lg3yfKDPc97QpAxuKdwSGnZGxKW:PvM36KkyCLW7QCwSGoKW 		False
...
c:\users\eebsym5\appdata\local\temp\~df54fa1b59b3d37990.tmp 72.00 KB MD5: d079f7f21a3728ef492cd65f5f4b2524
SHA1: 51bdb9a0e235ecc3d74e04dbb013f8b7943c5680
SHA256: c5ec80345a8bc09f47782c1aac001a97152e7c405b9d786e55e9f9f711c64325
SSDeep: 96:vH9qlCMTXkXiXxfrLv5aMTXkXiXxfrLtySYt:/9qld5Xfo 		False
...
C:\Program Files\Remote Utilities - Host\Swedish.lg 52.10 KB MD5: 6b46297240dfc309a99b133e94c916c3
SHA1: ce4f36af4cbf6ebd15cf6e0e6dc8b72e61872027
SHA256: 88f45f3cc9999a1e35967cd7f33d2d15c0c31b13336fbf93e754e1af8903d9c1
SSDeep: 768:uExwiB90PPNythEEnIzmO250yOXu5sYA4YnXt:uni2PNytCEnIzmO2QXu5sYA4YnXt 		False
...
C:\Program Files\Remote Utilities - Host\French.lg 56.07 KB MD5: 7c2276331e1e744cf702858fbb041039
SHA1: a5c7c0067a96b7e8cd11d8b3c205494147a2da4e
SHA256: 0b05f6ada359e0c3295d32087874bf2888e60400fe3a9ec4d54a849031bfe915
SSDeep: 384:uGTDMQmpXpiwV+Bcp7D6AfZbKrHt/Adyu+AFeM12yATQHwUZAOqSA+lFS:PC1X2gyO13HbHY 		False
...
C:\Program Files\Remote Utilities - Host\Monitor\x64\lockscr.inf 1.74 KB MD5: a4e8736aa55b109b40c786a637991116
SHA1: 20c1b886361974bcb608a79b2fd7598092ae821b
SHA256: 097c3da78321ac553966d4ebabfe1a533dbb1b383010ebf165eede9c631dc6dd
SSDeep: 48:jshukkXFbsf0tz6Joq7mgHwuMgHPgHKJDWlFVfXj07J:jMYQi6JoimIMsRJDWlFZIl 		False
...
c:\users\eebsym5\appdata\local\temp\~df22707f64d7b3e78b.tmp 72.00 KB MD5: ae7fabbe080fb69b1c25a0fa6cac36a1
SHA1: 6826fa13794056b16d94beff6612dba0838b27c8
SHA256: ea099bf41805ea7f60bd55747a723223bca45cac86c88048586cdbd271b78327
SSDeep: 48:4o7ZEl7SkdzYdzvSkdzfdzfIgUIg8UvZF7ieTxpDI8svTo4:97mBm/IDIMMe3I8svZ 		False
...
C:\Program Files\Remote Utilities - Host\Monitor\x86\lockscr.inf 1.74 KB MD5: 22d30a038b3db6ef939bb05f697eb3d4
SHA1: 7e76546c510fd6a2aab96592f4b1a5a40eca74bc
SHA256: 1f9fe7037c44ba4fd44e15b8cfabe79265331d6ae146045fa15e2c02c6212c1a
SSDeep: 48:jshGkkXFbsf0tz6Joq7mgHwuMgHPgHKJDWlFVfXj07J:jMwQi6JoimIMsRJDWlFZIl 		False
...
c:\users\eebsym5\appdata\local\temp\~df79f05337c4b95565.tmp 0.50 KB MD5: bf619eac0cdf3f68d496ea9344137e8b
SHA1: 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256: 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SSDeep: 3:: 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\rupui.dll 27.02 KB MD5: 06fbee958a668325bb760204e70563cc
SHA1: 5f364d4c80eddc1b2e286ea6fa42898eb0171a9d
SHA256: e3cccf9d3d72d446b375b1ddc99c54aeb0bb303f4580ae5541886bb2ab36c12f
SSDeep: 768:WmK+cIcN08XOJVrPULt1gvshDE0qmYl47g2PKgY:6+BcNXeJV0DlB7gY2 		False
...
C:\Program Files\Remote Utilities - Host\Czech.lg 52.96 KB MD5: d39727c9980021059a0f2073277e039e
SHA1: a59b8f6d517741a8cf8c88cbb9bc7ddfa8879f75
SHA256: f1900d97610996e7a71c354f3899c26324e5a5493374a4d697558e4c4f669257
SSDeep: 1536:O0vOy1dWVToDCWJRxHHO4hspLBPxrEXvLZJKQn6TYbjL6bgC+cYP2k:O0vOy1dWVToDCWJRxHHO4hspVPxrEXvd 		False
...
C:\Program Files\Remote Utilities - Host\Portuguese.lg 54.77 KB MD5: 18e6affb3bee46aeaf86efb1977f358b
SHA1: 0df0b1fb0e3e59bc2f52d2a2bdadd29bf0adebc7
SHA256: c6e7b98ea6fd6bd60d26c46ba6432000cf4c47c5ba137fb63e905cfc2b3d36ba
SSDeep: 768:KBj5qg4szsX0erv9Xp3TV8yz5FJhD1sWnqzFu9nwd49ZJnE:0MYCvd0G3ZJE 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\ntprint.inf 9.47 KB MD5: 6476f7217d9d6372361b9e49d701fb99
SHA1: e1155ab2acc8a9c9b3c83d1e98f816b84b5e7e25
SHA256: 6135d3c9956a00c22615e53d66085dabbe2fbb93df7b0cdf5c4f7f7b3829f58b
SSDeep: 192:jxUPudWfG9sPEd5yVplXhzPGeQ6cGIDGzBs+2o5WcicJXoNaTXy:jyxFeGIDIFXoNT 		False
...
\\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi 973.00 KB MD5: faefe083c40bc8a079c200424386f000
SHA1: 3ac616ee5902e23ead8ae3b252080a3f2097135e
SHA256: fe01fe7743184d35430f0f1439e826bb6e6e40c74401da017e3db3dd8166a6ec
SSDeep: 24576:P8FsyPEkYoSsnl3xonRD8PuLmmLM8PjWJ+SkJO:P86voSsl3xonRD8PuLjLhPSJ+SkJ 		False
...
C:\Program Files\Remote Utilities - Host\Portuguese, Brazilian.lg 54.60 KB MD5: 119f5f60b0d87bd3a9e34eefe510cead
SHA1: 07835dce1a48d571d1e8a5a4ff1f47f44bac3992
SHA256: b9793f0ede71f259dc242c926cdc8f70fdb241a8a0f22c7206fb51b7e0a43002
SSDeep: 384:1ZxUvMzwgsBD5ujNuKXXXx2WGOwZD13jQjgmYc/+nxSIdIJTN/JmG:rIOaupD3xOOREmonxwTNX 		False
...
C:\Program Files\Remote Utilities - Host\Monitor\x64\lockscr.cat 8.68 KB MD5: a9790fa84c8d1511f3b7f9dc4c97435f
SHA1: 0342a477e0a8779ad05e716f4d563ff676e1b2a4
SHA256: beb45913bc014d70ceb9e061b9683de36fe3d000f425c4df6151be1a37c6fb0c
SSDeep: 192:enYe+PjPJdZubhlCVuuImqAZscF8Bd1LM4L4Zyi:enYPLXZgwgAZsHLM4E 		False
...
c:\system volume information\spp\snapshot-2 2.83 KB MD5: ea43249a6f35f72835a9e0b5126ae002
SHA1: ffe78df566e2b37cdf4bb469cae4d29c1e7c876a
SHA256: 2e0103284803513abb6ab3fbc6c350b63e170bafb5724b206ba1476fab8b7e79
SSDeep: 48:Xz9n+a6k38R6k3x9PrZRE85iGqKrGqdezYGqj1xs+jcPufeGp9bR1fOIgBKRBQ0V:jt+f2v23tcDKrDo0DjI4HzXOHBKQq 		False
...
C:\Program Files\Remote Utilities - Host\RWLN.dll 967.02 KB MD5: 534d6f176f6cbc725f9e7db8028cd3f7
SHA1: 35b53f2e344f4a908a551409d018a91dc58100d5
SHA256: e713f288a46aad762f76c945467bb3ea7c84edfc56cec1c4c1b40d9f919bdcc0
SSDeep: 12288:+EWFAQWGdxKCe/7BL83fQdRQ0TESX+EHjggwPzN:/ZG9e/tLHu0TESX+EHjKzN 		False
...
C:\Program Files\Remote Utilities - Host\Polish.lg 53.29 KB MD5: da9d399b473ccff29e6e8f9a5723cbfb
SHA1: d878b4206aaf64384162e96673845e913db34c69
SHA256: b885b4e1e7bea7c202c71313a60774143dd7cc18d1a0ec8412b47d53016ea3f3
SSDeep: 768:FlnI42juO0ISxfcndYoIw+hPj6Ewz0EMlkHYoTZ:FZg 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\rup.ini 0.04 KB MD5: ec01a42770693558a18ba4c72d9ada05
SHA1: 484bd82cabc1c6ecc8214b3c8e57258755725d79
SHA256: e1113b0f0daa2ce44dcc01dabfd8bdff21630c724a333868c87fb9822e60ebed
SSDeep: 3:z8ANyq3jIrc:z8cy2Ec 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\install.cmd 0.06 KB MD5: 23ada030ee52b855789e8fb0db6b5c4b
SHA1: 1f5b1274d7f86fbe2675c9c702196711de2a6d50
SHA256: e7ad95fc7303838383f6fddea9615bb70de8579f53e5df581c1557a01c37ce5e
SSDeep: 3:6L6Vm4uWkVm4uW5Bn:g6VmHpVmHiB 		False
...
C:\Program Files\Remote Utilities - Host\Korean.lg 40.54 KB MD5: dc4e41d98050548860bf92ca11345962
SHA1: 259fc2aa4622e202799bbb5d352e57da47a6988f
SHA256: 87ada3f861a2b04e39f633218b791cc9e08200dafe96b85538c2ce402fe1f0db
SSDeep: 384:Xj+dvdrVVSEriZidLa515S7tQKnZ+r8x1ubapR+YY6vviE5z/:yrRILS1bJnd 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\srvinst.exe 104.52 KB MD5: 79426fca71d40afb2d439574a716c07b
SHA1: c1015f2f39854df8db6ab2d5266fa5cdf1a0a90f
SHA256: 4bfe323c5b6fe21dc3247b764a6eb22d3ee8f682a412e99cb396f70153f0d014
SSDeep: 1536:PRanzPJhmWbR0e1/lbCV2bbtKb4Q08dNT7Itpfh+vtq1gYy:IzPOa0e195bt8pRAfhgtq1gf 		False
...
C:\Program Files\Remote Utilities - Host\Monitor\x86\lockscr.cat 8.68 KB MD5: d3710d7c70cdea8ced943458b2206bad
SHA1: d9851beae95f6035fd074706fccfd9cb8fecbc24
SHA256: 54a00f5913185f05d2011de575da343c64fac54e7a857ab5f066e68ab11368ef
SSDeep: 192:QKnYe+PjPJdZubhlCVuuImqAZscF8Bd1LM4X/g:QKnYPLXZgwgAZsHLM4o 		False
...
C:\Windows\Installer\30de5.ipi 20.00 KB MD5: 84abf78f611bc447e180ee4d9f2b5214
SHA1: 7fd8a7c777c71f2a6058f9ea56d96737cc9138db
SHA256: fe41866248a23b66bf1731eaa5b0af2d6e0f69fbb5dc0020652e6b943e3e8e4a
SSDeep: 48:y1kwGvcxzvuhUbeToEzSkdzfdzfIgUIg8UvZF7ieTxpDI8TSkdzYdzyK+Jo7:yqwG+6hge/z/IDIMMe3I8T017 		False
...
C:\Windows\Installer\MSIA089.tmp 153.21 KB MD5: 52185b209cfdb02d88b4a40a4bdf0911
SHA1: aa35fedfeefbee93bcca5a30feed8d240e2d1c95
SHA256: 756543551f27e9450dcf0ffdd10cd44af6fd0e8dbca037dee5b575683d5a9492
SSDeep: 1536:Ae5evr0fQtkUlPeG+U+n4PtjrqzN/cWJQaqYAJmmD+e7cKsWjcdlsKc8rlq6W9Eq:AievrFt0KyqmDqFJr+egmKc8rANw+ 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\uninstall.cmd 0.08 KB MD5: 2c6ec773a407fd9bcba6fd1a273912c9
SHA1: 1fe0b0b8dd115fa853e193c4d6cc8882992cbdaa
SHA256: ad608f5672b2310308bf84919d4e2202a53e99854a4a0945ee38bacbb6ef8e72
SSDeep: 3:GKW3CvTzIcLW4NvaLuA:vsCvocLdNvAuA 		False
...
C:\Program Files\Remote Utilities - Host\Monitor\x64\lockscr.sys 15.53 KB MD5: 5ccfe71b2ef1b5df69bf50885b84128f
SHA1: 79ecfa80fb565cb59a64a1d316d52b57ebe2cd4e
SHA256: 6b4e94a66e1325aa746da3a0a34f1b3618a1ab008d9187c604e620e52f8b21ed
SSDeep: 192:fJxu7TS2JihqS+nWvnYe+PjPJdZubhlCVuuImqAZscF8Bd1LcdUf:fPu7YUmnYPLXZgwgAZsHLcWf 		False
...
Host Behavior
COM (7)
»
Operation Class Interface Additional Information Success Count Logfile
Create 00000323-0000-0000-C000-000000000046 00000146-0000-0000-C000-000000000046 cls_context = CLSCTX_INPROC_SERVER True 7
Fn
File (2258)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Windows\Installer\30de4.msi desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\30de4.msi file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Windows\Installer\MSI14E6.tmp desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\MSI1832.tmp desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\$PatchCache$\Managed\00004109450090400000000000F01FEC\CacheSize.txt desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ False 2
Fn
Create C:\Windows\Installer\$PatchCache$\Managed\000041094B0090400000000000F01FEC\CacheSize.txt desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\$PatchCache$\Managed\00004109510090400000000000F01FEC\CacheSize.txt desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ False 2
Fn
Create C:\Windows\Installer\$PatchCache$\Managed\00004109511090400000000000F01FEC\CacheSize.txt desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ False 2
Fn
Create C:\Windows\Installer\$PatchCache$\Managed\00004109810090400000000000F01FEC\CacheSize.txt desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ False 2
Fn
Create C:\Windows\Installer\$PatchCache$\Managed\00004109B10090400000000000F01FEC\CacheSize.txt desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ False 2
Fn
Create C:\Windows\Installer\$PatchCache$\Managed\00004109C20090400000000000F01FEC\CacheSize.txt desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ False 2
Fn
Create C:\Windows\Installer\$PatchCache$\Managed\00004109E60090400000000000F01FEC\CacheSize.txt desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400000000000F01FEC\CacheSize.txt desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\$PatchCache$\Managed\00004109F100A0C00000000000F01FEC\CacheSize.txt desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400000000000F01FEC\CacheSize.txt desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\CacheSize.txt desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ False 2
Fn
Create C:\Windows\Installer\$PatchCache$\Managed\00004119750000000000000000F01FEC\CacheSize.txt desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\$PatchCache$\Managed\00004119B30000000000000000F01FEC\CacheSize.txt desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\CacheSize.txt desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ False 2
Fn
Create C:\Windows\Installer\$PatchCache$\Managed\c1c4f01781cc94c4c8fb1542c0981a2a\CacheSize.txt desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ False 2
Fn
Create C:\Windows\Installer\30de5.ipi desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\MSI1E1C.tmp desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\MSI1E1C.tmp desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\MSI1F07.tmp desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\MSI1E1C.tmp desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_DELETE True 1
Fn
Create C:\Config.Msi\30de6.rbs desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Config.Msi\30de6.rbs desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\MSI27DF.tmp desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\30de7.msi desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\30de4.msi desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\30de7.msi file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Config.Msi\30de6.rbs desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_DELETE True 2
Fn
Create C:\Windows\Installer\30de8.msi desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\30de8.msi file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Windows\Installer\MSIA089.tmp desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\$PatchCache$\Managed\000041094B0090400000000000F01FEC\CacheSize.txt desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\$PatchCache$\Managed\00004109E60090400000000000F01FEC\CacheSize.txt desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400000000000F01FEC\CacheSize.txt desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\$PatchCache$\Managed\00004109F100A0C00000000000F01FEC\CacheSize.txt desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400000000000F01FEC\CacheSize.txt desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\$PatchCache$\Managed\00004119750000000000000000F01FEC\CacheSize.txt desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\$PatchCache$\Managed\00004119B30000000000000000F01FEC\CacheSize.txt desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\30dea.ipi desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\MSIA423.tmp desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\MSIA423.tmp desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\MSIA423.tmp desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_DELETE True 1
Fn
Create C:\Config.Msi\30deb.rbs desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Config.Msi\30deb.rbs desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Monitor\x86\lockscr.sys desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Monitor\x86\lockscr.inf desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Monitor\x86\lockscr.cat desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Monitor\x86\drvinstaller32.exe desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Monitor\x64\lockscr.sys desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Monitor\x64\lockscr.inf desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Monitor\x64\lockscr.cat desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Monitor\x64\drvinstaller64.exe desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\rutserv.exe desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\rfusclient.exe desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\vp8decoder.dll desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\English.lg desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\RWLN.dll desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\RIPCServer.dll desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\EULA.rtf desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Spanish.lg desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Hebrew.lg desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Turkish.lg desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Polish.lg desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Japanese.lg desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\French.lg desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\German.lg desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Arabic.lg desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Portuguese, Brazilian.lg desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Chinese Traditional.lg desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Czech.lg desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Dutch.lg desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Italian.lg desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Korean.lg desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Norwegian.lg desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Swedish.lg desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Danish.lg desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Chinese Simplified.lg desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\vp8encoder.dll desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\webmmux.dll desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\webmvorbisdecoder.dll desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\webmvorbisencoder.dll desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Portuguese.lg desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x86\rup.ini desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x86\fwproc.exe desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x86\progress.exe desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x86\rupui2.exe desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x86\setupdrv.exe desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x86\srvinst.exe desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x86\VPDAgent.exe desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x86\ruppm.dll desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x86\rupui.dll desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x86\unidrv_rup.dll desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x86\unidrvui_rup.dll desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x86\unires_vpd.dll desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x86\ntprint.inf desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x86\install.cmd desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x86\uninstall.cmd desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x86\rup.gpd desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x86\stdnames_vpd.gpd desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x86\rup.lng desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x86\rup_s.lng desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x86\unidrv_rup.hlp desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x64\rup.ini desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x64\fwproc_x64.exe desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x64\progress.exe desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x64\rupui2.exe desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x64\setupdrv.exe desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x64\srvinst_x64.exe desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x64\VPDAgent_x64.exe desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x64\ruppm.dll desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x64\rupui.dll desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x64\unidrv_rup.dll desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x64\unidrvui_rup.dll desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x64\unires_vpd.dll desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x64\ntprint.inf desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x64\install.cmd desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x64\uninstall.cmd desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x64\rup.gpd desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x64\stdnames_vpd.gpd desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x64\rup.lng desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x64\rup_s.lng desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Program Files\Remote Utilities - Host\Printer\x64\unidrv_rup.hlp desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Windows\Installer\30dec.msi desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\30de8.msi desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Installer\30dec.msi file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Config.Msi\30deb.rbs desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_DELETE True 2
Fn
Create Directory C:\MSI30de9.tmp - True 1
Fn
Create Temp File C:\Windows\Installer\MSI14E6.tmp path = C:\Windows\Installer, prefix = MSI True 1
Fn
Create Temp File C:\Windows\Installer\MSI1832.tmp path = C:\Windows\Installer, prefix = MSI True 1
Fn
Create Temp File C:\Windows\Installer\MSI1E1C.tmp path = C:\Windows\Installer, prefix = MSI True 1
Fn
Create Temp File C:\Windows\Installer\MSI1F07.tmp path = C:\Windows\Installer, prefix = MSI True 1
Fn
Create Temp File C:\Config.Msi\MSI2243.tmp path = C:\Config.Msi, prefix = MSI True 1
Fn
Create Temp File C:\Windows\Installer\MSI27DF.tmp path = C:\Windows\Installer, prefix = MSI True 1
Fn
Create Temp File C:\Config.Msi\MSI3162.tmp path = C:\Config.Msi, prefix = MSI True 1
Fn
Create Temp File C:\Windows\Installer\MSIA089.tmp path = C:\Windows\Installer, prefix = MSI True 1
Fn
Create Temp File C:\Windows\Installer\MSIA423.tmp path = C:\Windows\Installer, prefix = MSI True 1
Fn
Create Temp File C:\Config.Msi\MSIA607.tmp path = C:\Config.Msi, prefix = MSI True 1
Fn
Create Temp File C:\Config.Msi\MSIDF41.tmp path = C:\Config.Msi, prefix = MSI True 1
Fn
Get Info C:\Windows\system32 type = file_attributes True 3
Fn
Get Info C:\Windows\system32\MsiExec.exe type = file_attributes True 3
Fn
Get Info C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi type = file_attributes True 6
Fn
Get Info C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install type = file_attributes True 4
Fn
Get Info C:\Windows\Installer type = file_attributes True 54
Fn
Get Info C:\Windows\Installer\30de4.msi type = file_attributes False 1
Fn
Get Info C:\Windows\Installer\30de4.msi type = file_type True 1
Fn
Get Info C:\Windows\Installer\30de4.msi type = file_attributes True 8
Fn
Get Info C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\ type = file_attributes True 6
Fn
Get Info C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi type = file_type True 1
Fn
Get Info C:\Windows\Installer\30de4.msi type = file_type True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi type = size True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi type = time True 1
Fn
Get Info C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll type = file_attributes True 1
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\4A78C4EDFD652F04FBB339415F8F16B0 type = file_attributes False 6
Fn
Get Info C:\ type = file_attributes True 2
Fn
Get Info C:\Program Files\Adobe\Adobe Reader\ type = file_attributes False 2
Fn
Get Info C:\Windows\ type = file_attributes True 2
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed type = file_attributes True 2
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\ type = file_attributes True 2
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\00004109450090400000000000F01FEC\CacheSize.txt type = file_attributes False 2
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\000041094B0090400000000000F01FEC\CacheSize.txt type = file_attributes True 2
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\000041094B0090400000000000F01FEC\CacheSize.txt type = file_type True 1
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\00004109510090400000000000F01FEC\CacheSize.txt type = file_attributes False 2
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\00004109511090400000000000F01FEC\CacheSize.txt type = file_attributes False 2
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\00004109810090400000000000F01FEC\CacheSize.txt type = file_attributes False 2
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\00004109B10090400000000000F01FEC\CacheSize.txt type = file_attributes False 2
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\00004109C20090400000000000F01FEC\CacheSize.txt type = file_attributes False 2
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\00004109E60090400000000000F01FEC\CacheSize.txt type = file_attributes True 2
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\00004109E60090400000000000F01FEC\CacheSize.txt type = file_type True 1
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400000000000F01FEC\CacheSize.txt type = file_attributes True 2
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400000000000F01FEC\CacheSize.txt type = file_type True 1
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\00004109F100A0C00000000000F01FEC\CacheSize.txt type = file_attributes True 2
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\00004109F100A0C00000000000F01FEC\CacheSize.txt type = file_type True 1
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400000000000F01FEC\CacheSize.txt type = file_attributes True 2
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400000000000F01FEC\CacheSize.txt type = file_type True 1
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\CacheSize.txt type = file_attributes False 2
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\00004119750000000000000000F01FEC\CacheSize.txt type = file_attributes True 2
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\00004119750000000000000000F01FEC\CacheSize.txt type = file_type True 1
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\00004119B30000000000000000F01FEC\CacheSize.txt type = file_attributes True 2
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\00004119B30000000000000000F01FEC\CacheSize.txt type = file_type True 1
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\CacheSize.txt type = file_attributes False 2
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\c1c4f01781cc94c4c8fb1542c0981a2a\CacheSize.txt type = file_attributes False 2
Fn
Get Info C:\Windows\Installer\$PatchCache$\UnManaged type = file_attributes False 2
Fn
Get Info C:\Windows\Installer\30de5.ipi type = file_attributes False 1
Fn
Get Info C:\Windows\Installer\30de5.ipi type = file_type True 1
Fn
Get Info C:\Windows\Installer\30de5.ipi type = file_attributes True 7
Fn
Get Info C:\Windows\Installer\MSI1E1C.tmp type = file_attributes True 2
Fn
Get Info C:\Windows\Installer\MSI1E1C.tmp type = file_type True 2
Fn
Get Info C:\Windows\Installer\MSI1E1C.tmp type = size True 1
Fn
Get Info C:\Windows\Installer\MSI1E1C.tmp type = size True 1
Fn
Get Info C: type = file_attributes True 5
Fn
Get Info C:\Config.Msi\30de6.rbs type = file_attributes False 1
Fn
Get Info C:\Config.Msi\30de6.rbs type = file_type True 2
Fn
Get Info C:\Config.Msi\30de6.rbs type = file_attributes True 3
Fn
Get Info C:\Config.Msi\30de6.rbs type = size True 1
Fn
Get Info C:\Windows\Installer\30de7.msi type = file_attributes False 3
Fn
Get Info C:\Windows\Installer\30de7.msi type = file_type True 1
Fn
Get Info C:\Windows\Installer\ type = file_attributes True 2
Fn
Get Info C:\Windows\Installer\30de4.msi type = file_type True 1
Fn
Get Info C:\Windows\Installer\30de7.msi type = file_type True 1
Fn
Get Info C:\Windows\Installer\30de4.msi type = size True 1
Fn
Get Info C:\Windows\Installer\30de7.msi type = file_attributes True 1
Fn
Get Info C:\Windows\Installer\30de4.msi type = time True 1
Fn
Get Info C:\Config.Msi\30de6.rbs type = file_type True 2
Fn
Get Info C:\Config.Msi\30de6.rbs type = size True 2
Fn
Get Info C:\Config.Msi type = file_attributes True 2
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi type = file_attributes True 5
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000 type = file_attributes True 4
Fn
Get Info C:\Windows\Installer\30de8.msi type = file_attributes False 1
Fn
Get Info C:\Windows\Installer\30de8.msi type = file_type True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\ type = file_attributes True 11
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi type = file_type True 1
Fn
Get Info C:\Windows\Installer\30de8.msi type = file_attributes True 8
Fn
Get Info C:\Windows\Installer\30de8.msi type = file_type True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi type = size True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi type = time True 1
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\B382549EC85704A48B1501660D4EE98A type = file_attributes False 84
Fn
Get Info C:\MSI30de9.tmp type = file_attributes False 1
Fn
Get Info C:\Windows\system32\ type = file_attributes True 1
Fn
Get Info C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ type = file_attributes True 1
Fn
Get Info C:\Program Files\ type = file_attributes True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Monitor\x86\drvinstaller32.exe type = file_attributes False 5
Fn
Get Info C:\Program Files\Remote Utilities - Host\Monitor\x64\drvinstaller64.exe type = file_attributes False 5
Fn
Get Info C:\Program Files\Remote Utilities - Host\rutserv.exe type = file_attributes False 5
Fn
Get Info C:\Program Files\Remote Utilities - Host\rfusclient.exe type = file_attributes False 5
Fn
Get Info C:\Program Files\Remote Utilities - Host\vp8decoder.dll type = file_attributes False 5
Fn
Get Info C:\Program Files\Remote Utilities - Host\RWLN.dll type = file_attributes False 5
Fn
Get Info C:\Program Files\Remote Utilities - Host\RIPCServer.dll type = file_attributes False 5
Fn
Get Info C:\Program Files\Remote Utilities - Host\vp8encoder.dll type = file_attributes False 5
Fn
Get Info C:\Program Files\Remote Utilities - Host\webmmux.dll type = file_attributes False 5
Fn
Get Info C:\Program Files\Remote Utilities - Host\webmvorbisdecoder.dll type = file_attributes False 5
Fn
Get Info C:\Program Files\Remote Utilities - Host\webmvorbisencoder.dll type = file_attributes False 5
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\fwproc.exe type = file_attributes False 5
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\progress.exe type = file_attributes False 5
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\rupui2.exe type = file_attributes False 5
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\setupdrv.exe type = file_attributes False 5
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\srvinst.exe type = file_attributes False 5
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\VPDAgent.exe type = file_attributes False 5
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\ruppm.dll type = file_attributes False 5
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\rupui.dll type = file_attributes False 2
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\unidrv_rup.dll type = file_attributes False 2
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\unidrvui_rup.dll type = file_attributes False 2
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\unires_vpd.dll type = file_attributes False 2
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\fwproc_x64.exe type = file_attributes False 2
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\progress.exe type = file_attributes False 2
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\rupui2.exe type = file_attributes False 2
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\setupdrv.exe type = file_attributes False 2
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\srvinst_x64.exe type = file_attributes False 2
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\VPDAgent_x64.exe type = file_attributes False 2
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\ruppm.dll type = file_attributes False 2
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\rupui.dll type = file_attributes False 2
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\unidrv_rup.dll type = file_attributes False 2
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\unidrvui_rup.dll type = file_attributes False 2
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\unires_vpd.dll type = file_attributes False 2
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\000041094B0090400000000000F01FEC\CacheSize.txt type = file_type True 1
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\00004109E60090400000000000F01FEC\CacheSize.txt type = file_type True 1
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400000000000F01FEC\CacheSize.txt type = file_type True 1
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\00004109F100A0C00000000000F01FEC\CacheSize.txt type = file_type True 1
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400000000000F01FEC\CacheSize.txt type = file_type True 1
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\00004119750000000000000000F01FEC\CacheSize.txt type = file_type True 1
Fn
Get Info C:\Windows\Installer\$PatchCache$\Managed\00004119B30000000000000000F01FEC\CacheSize.txt type = file_type True 1
Fn
Get Info C:\Windows\Installer\30dea.ipi type = file_attributes False 1
Fn
Get Info C:\Windows\Installer\30dea.ipi type = file_type True 1
Fn
Get Info C:\Windows\Installer\30dea.ipi type = file_attributes True 7
Fn
Get Info C:\Windows\Installer\MSIA423.tmp type = file_attributes True 2
Fn
Get Info C:\Windows\Installer\MSIA423.tmp type = file_type True 2
Fn
Get Info C:\Windows\Installer\MSIA423.tmp type = size True 1
Fn
Get Info C:\Windows\Installer\MSIA423.tmp type = size True 1
Fn
Get Info C:\Config.Msi\30deb.rbs type = file_attributes False 1
Fn
Get Info C:\Config.Msi\30deb.rbs type = file_type True 2
Fn
Get Info C:\Config.Msi\30deb.rbs type = file_attributes True 3
Fn
Get Info C:\Config.Msi\30deb.rbs type = size True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\ type = file_attributes False 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\ type = file_attributes True 34
Fn
Get Info C:\Program Files\Remote Utilities - Host\Monitor\ type = file_attributes False 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Monitor\x64\ type = file_attributes False 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Monitor\x86\ type = file_attributes False 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Monitor\x86\ type = file_attributes True 5
Fn
Get Info C:\Program Files\Remote Utilities - Host\Monitor\x86\lockscr.sys type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Monitor\x86\lockscr.inf type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Monitor\x86\lockscr.cat type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Monitor\x86\drvinstaller32.exe type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Monitor\x64\ type = file_attributes True 5
Fn
Get Info C:\Program Files\Remote Utilities - Host\Monitor\x64\lockscr.sys type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Monitor\x64\lockscr.inf type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Monitor\x64\lockscr.cat type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Monitor\x64\drvinstaller64.exe type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\rutserv.exe type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\rfusclient.exe type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\vp8decoder.dll type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\English.lg type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\RWLN.dll type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\RIPCServer.dll type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\EULA.rtf type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Spanish.lg type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Hebrew.lg type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Turkish.lg type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Polish.lg type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Japanese.lg type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\French.lg type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\German.lg type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Arabic.lg type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Portuguese, Brazilian.lg type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Chinese Traditional.lg type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Czech.lg type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Dutch.lg type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Italian.lg type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Korean.lg type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Norwegian.lg type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Swedish.lg type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Danish.lg type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Chinese Simplified.lg type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\vp8encoder.dll type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\webmmux.dll type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\webmvorbisdecoder.dll type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\webmvorbisencoder.dll type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Portuguese.lg type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\ type = file_attributes False 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\ type = file_attributes True 20
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\rup.ini type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\fwproc.exe type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\progress.exe type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\rupui2.exe type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\setupdrv.exe type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\srvinst.exe type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\VPDAgent.exe type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\ruppm.dll type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\rupui.dll type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\unidrv_rup.dll type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\unidrvui_rup.dll type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\unires_vpd.dll type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\ntprint.inf type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\install.cmd type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\uninstall.cmd type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\rup.gpd type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\stdnames_vpd.gpd type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\rup.lng type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\rup_s.lng type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x86\unidrv_rup.hlp type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\ type = file_attributes False 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\ type = file_attributes True 20
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\rup.ini type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\fwproc_x64.exe type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\progress.exe type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\rupui2.exe type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\setupdrv.exe type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\srvinst_x64.exe type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\VPDAgent_x64.exe type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\ruppm.dll type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\rupui.dll type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\unidrv_rup.dll type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\unidrvui_rup.dll type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\unires_vpd.dll type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\ntprint.inf type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\install.cmd type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\uninstall.cmd type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\rup.gpd type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\stdnames_vpd.gpd type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\rup.lng type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\rup_s.lng type = file_type True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Printer\x64\unidrv_rup.hlp type = file_type True 1
Fn
Get Info C:\Windows\Installer\30dec.msi type = file_attributes False 3
Fn
Get Info C:\Windows\Installer\30dec.msi type = file_type True 7
Fn
Get Info C:\Windows\Installer\30de8.msi type = file_type True 1
Fn
Get Info C:\Windows\Installer\30de8.msi type = size True 1
Fn
Get Info C:\Windows\Installer\30dec.msi type = file_attributes True 1
Fn
Get Info C:\Windows\Installer\30de8.msi type = time True 1
Fn
Get Info C:\Windows\Installer\{E945283B-758C-4A40-B851-1066D0E49EA8}\ARPPRODUCTICON.exe type = file_attributes False 1
Fn
Get Info C:\Windows\Installer\{E945283B-758C-4A40-B851-1066D0E49EA8}\en_server_stop_B603677802D142C98E7A415B72132E14.exe type = file_attributes False 1
Fn
Get Info C:\Windows\Installer\{E945283B-758C-4A40-B851-1066D0E49EA8}\UNINST_Uninstall_R_3B1E3C8B7D0945898DA82CEEED02F0C7.exe type = file_attributes False 1
Fn
Get Info C:\Windows\Installer\{E945283B-758C-4A40-B851-1066D0E49EA8}\en_server_settings_E3BFC76BE38F4CF79D2ED7163B7DECEE.exe type = file_attributes False 1
Fn
Get Info C:\Windows\Installer\{E945283B-758C-4A40-B851-1066D0E49EA8}\en_server_start_85DB64512C79429FA70AC6C0611579DD.exe type = file_attributes False 1
Fn
Get Info C:\Config.Msi\30deb.rbs type = file_type True 2
Fn
Get Info C:\Config.Msi\30deb.rbs type = size True 2
Fn
Read C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi size = 65536, size_out = 65536 True 14
Fn
Data
Read C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi size = 65536, size_out = 13312 True 1
Fn
Data
Read C:\Windows\Installer\$PatchCache$\Managed\000041094B0090400000000000F01FEC\CacheSize.txt size = 512, size_out = 6 True 1
Fn
Data
Read C:\Windows\Installer\$PatchCache$\Managed\00004109E60090400000000000F01FEC\CacheSize.txt size = 512, size_out = 6 True 1
Fn
Data
Read C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400000000000F01FEC\CacheSize.txt size = 512, size_out = 6 True 1
Fn
Data
Read C:\Windows\Installer\$PatchCache$\Managed\00004109F100A0C00000000000F01FEC\CacheSize.txt size = 512, size_out = 6 True 1
Fn
Data
Read C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400000000000F01FEC\CacheSize.txt size = 512, size_out = 6 True 1
Fn
Data
Read C:\Windows\Installer\$PatchCache$\Managed\00004119750000000000000000F01FEC\CacheSize.txt size = 512, size_out = 7 True 1
Fn
Data
Read C:\Windows\Installer\$PatchCache$\Managed\00004119B30000000000000000F01FEC\CacheSize.txt size = 512, size_out = 7 True 1
Fn
Data
Read C:\Windows\Installer\MSI1E1C.tmp size = 1024, size_out = 1024 True 1
Fn
Data
Read C:\Config.Msi\30de6.rbs size = 1024, size_out = 1024 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi size = 65536, size_out = 65536 True 59
Fn
Data
Read C:\Windows\Installer\$PatchCache$\Managed\000041094B0090400000000000F01FEC\CacheSize.txt size = 512, size_out = 6 True 1
Fn
Data
Read C:\Windows\Installer\$PatchCache$\Managed\00004109E60090400000000000F01FEC\CacheSize.txt size = 512, size_out = 6 True 1
Fn
Data
Read C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400000000000F01FEC\CacheSize.txt size = 512, size_out = 6 True 1
Fn
Data
Read C:\Windows\Installer\$PatchCache$\Managed\00004109F100A0C00000000000F01FEC\CacheSize.txt size = 512, size_out = 6 True 1
Fn
Data
Read C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400000000000F01FEC\CacheSize.txt size = 512, size_out = 6 True 1
Fn
Data
Read C:\Windows\Installer\$PatchCache$\Managed\00004119750000000000000000F01FEC\CacheSize.txt size = 512, size_out = 7 True 1
Fn
Data
Read C:\Windows\Installer\$PatchCache$\Managed\00004119B30000000000000000F01FEC\CacheSize.txt size = 512, size_out = 7 True 1
Fn
Data
Read C:\Windows\Installer\MSIA423.tmp size = 1024, size_out = 1024 True 1
Fn
Data
Read C:\Config.Msi\30deb.rbs size = 1024, size_out = 1024 True 2
Fn
Data
Write C:\Windows\Installer\30de4.msi size = 65536 True 14
Fn
Data
Write C:\Windows\Installer\30de4.msi size = 13312 True 1
Fn
Data
Write C:\Windows\Installer\MSI14E6.tmp size = 65536 True 1
Fn
Data
Write C:\Windows\Installer\MSI14E6.tmp size = 27264 True 1
Fn
Data
Write C:\Windows\Installer\MSI1832.tmp size = 65536 True 4
Fn
Data
Write C:\Windows\Installer\MSI1832.tmp size = 40064 True 1
Fn
Data
Write C:\Windows\Installer\MSI1F07.tmp size = 65536 True 4
Fn
Data
Write C:\Windows\Installer\MSI1F07.tmp size = 40064 True 1
Fn
Data
Write C:\Windows\Installer\30de8.msi size = 65536 True 147
Fn
Data
Write C:\Windows\Installer\30de8.msi size = 61440 True 1
Fn
Data
Write C:\Windows\Installer\MSIA089.tmp size = 65536 True 2
Fn
Data
Write C:\Windows\Installer\MSIA089.tmp size = 25816 True 1
Fn
Data
Write C:\Windows\Installer\MSIA423.tmp size = 1024 True 269
Fn
Data
Write C:\Windows\Installer\MSIA423.tmp size = 512 True 1
Fn
Data
Write C:\Config.Msi\30deb.rbs size = 259 True 1
Fn
Data
Write C:\Config.Msi\30deb.rbs size = 20 True 1
Fn
Data
Write C:\Config.Msi\30deb.rbs size = 33 True 1
Fn
Data
Write C:\Config.Msi\30deb.rbs size = 92 True 1
Fn
Data
Write C:\Config.Msi\30deb.rbs size = 54 True 1
Fn
Data
Write C:\Config.Msi\30deb.rbs size = 88 True 9
Fn
Data
Write C:\Config.Msi\30deb.rbs size = 40 True 1
Fn
Data
Write C:\Config.Msi\30deb.rbs size = 48 True 1
Fn
Data
Write C:\Config.Msi\30deb.rbs size = 51 True 1
Fn
Data
Write C:\Config.Msi\30deb.rbs size = 341 True 3
Fn
Data
Write C:\Config.Msi\30deb.rbs size = 59 True 1
Fn
Data
Write C:\Config.Msi\30deb.rbs size = 63 True 2
Fn
Data
Write C:\Config.Msi\30deb.rbs size = 75 True 1
Fn
Data
Write C:\Config.Msi\30deb.rbs size = 57 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Monitor\x86\lockscr.sys size = 13800 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Monitor\x86\lockscr.inf size = 1777 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Monitor\x86\lockscr.cat size = 8886 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Monitor\x86\drvinstaller32.exe size = 8305 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Monitor\x86\drvinstaller32.exe size = 32768 True 4
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Monitor\x86\drvinstaller32.exe size = 9119 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Monitor\x64\lockscr.sys size = 15904 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Monitor\x64\lockscr.inf size = 1778 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Monitor\x64\lockscr.cat size = 5967 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Monitor\x64\lockscr.cat size = 2919 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Monitor\x64\drvinstaller64.exe size = 29849 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Monitor\x64\drvinstaller64.exe size = 32768 True 5
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Monitor\x64\drvinstaller64.exe size = 30071 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\rutserv.exe size = 2697 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\rutserv.exe size = 32768 True 248
Fn
Data
Write C:\Program Files\Remote Utilities - Host\rfusclient.exe size = 32768 True 174
Fn
Data
Write C:\Program Files\Remote Utilities - Host\rfusclient.exe size = 32272 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\vp8decoder.dll size = 32768 True 11
Fn
Data
Write C:\Program Files\Remote Utilities - Host\vp8decoder.dll size = 29712 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\English.lg size = 3056 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\English.lg size = 32768 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\English.lg size = 18272 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\RWLN.dll size = 14496 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\RWLN.dll size = 32768 True 29
Fn
Data
Write C:\Program Files\Remote Utilities - Host\RWLN.dll size = 25456 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\RIPCServer.dll size = 7312 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\RIPCServer.dll size = 32768 True 4
Fn
Data
Write C:\Program Files\Remote Utilities - Host\RIPCServer.dll size = 16768 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\EULA.rtf size = 16000 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\EULA.rtf size = 32768 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\EULA.rtf size = 1976 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Spanish.lg size = 30792 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Spanish.lg size = 25484 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Hebrew.lg size = 7284 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Hebrew.lg size = 32768 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Hebrew.lg size = 7854 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Turkish.lg size = 24914 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Turkish.lg size = 30916 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Polish.lg size = 1852 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Polish.lg size = 32768 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Polish.lg size = 19952 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Japanese.lg size = 12816 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Japanese.lg size = 30334 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\French.lg size = 2434 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\French.lg size = 32768 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\French.lg size = 22212 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\German.lg size = 10556 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\German.lg size = 32768 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\German.lg size = 12814 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Arabic.lg size = 19954 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Arabic.lg size = 30456 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Portuguese, Brazilian.lg size = 2312 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Portuguese, Brazilian.lg size = 32768 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Portuguese, Brazilian.lg size = 20826 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Chinese Traditional.lg size = 11942 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Chinese Traditional.lg size = 26302 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Czech.lg size = 6466 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Czech.lg size = 32768 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Czech.lg size = 14998 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Dutch.lg size = 17770 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Dutch.lg size = 32768 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Dutch.lg size = 6652 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Italian.lg size = 26116 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Italian.lg size = 30176 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Korean.lg size = 2592 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Korean.lg size = 32768 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Korean.lg size = 6148 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Norwegian.lg size = 26620 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Norwegian.lg size = 26526 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Swedish.lg size = 6242 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Swedish.lg size = 32768 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Swedish.lg size = 14342 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Danish.lg size = 18426 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Danish.lg size = 32768 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Danish.lg size = 2712 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Chinese Simplified.lg size = 30056 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Chinese Simplified.lg size = 7936 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\vp8encoder.dll size = 24832 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\vp8encoder.dll size = 32768 True 49
Fn
Data
Write C:\Program Files\Remote Utilities - Host\vp8encoder.dll size = 11536 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\webmmux.dll size = 32768 True 8
Fn
Data
Write C:\Program Files\Remote Utilities - Host\webmmux.dll size = 5136 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\webmvorbisdecoder.dll size = 27632 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\webmvorbisdecoder.dll size = 32768 True 10
Fn
Data
Write C:\Program Files\Remote Utilities - Host\webmvorbisdecoder.dll size = 19488 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\webmvorbisencoder.dll size = 13280 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\webmvorbisencoder.dll size = 32768 True 26
Fn
Data
Write C:\Program Files\Remote Utilities - Host\webmvorbisencoder.dll size = 16432 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Portuguese.lg size = 16336 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Portuguese.lg size = 32768 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Portuguese.lg size = 6980 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\rup.ini size = 40 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\fwproc.exe size = 25748 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\fwproc.exe size = 32768 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\fwproc.exe size = 32124 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\progress.exe size = 644 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\progress.exe size = 19340 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\rupui2.exe size = 13428 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\rupui2.exe size = 32768 True 4
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\rupui2.exe size = 32156 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\setupdrv.exe size = 612 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\setupdrv.exe size = 32768 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\setupdrv.exe size = 28588 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\srvinst.exe size = 4180 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\srvinst.exe size = 32768 True 3
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\srvinst.exe size = 4540 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\VPDAgent.exe size = 28228 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\VPDAgent.exe size = 32768 True 5
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\VPDAgent.exe size = 13260 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\ruppm.dll size = 19508 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\ruppm.dll size = 32768 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\ruppm.dll size = 5084 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\rupui.dll size = 27664 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\unidrv_rup.dll size = 20 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\unidrv_rup.dll size = 32768 True 11
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\unidrv_rup.dll size = 23548 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\unidrvui_rup.dll size = 9220 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\unidrvui_rup.dll size = 32768 True 22
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\unidrvui_rup.dll size = 26124 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\unires_vpd.dll size = 6644 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\unires_vpd.dll size = 32768 True 23
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\unires_vpd.dll size = 10780 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\ntprint.inf size = 9698 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\install.cmd size = 60 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\uninstall.cmd size = 79 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\rup.gpd size = 14667 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\stdnames_vpd.gpd size = 8264 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\stdnames_vpd.gpd size = 6102 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\rup.lng size = 26365 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\rup_s.lng size = 301 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\rup_s.lng size = 853 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x86\unidrv_rup.hlp size = 21225 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\rup.ini size = 40 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\fwproc_x64.exe size = 10650 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\fwproc_x64.exe size = 10358 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\progress.exe size = 22410 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\progress.exe size = 646 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\rupui2.exe size = 32122 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\rupui2.exe size = 32768 True 5
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\rupui2.exe size = 26774 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\setupdrv.exe size = 5994 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\setupdrv.exe size = 32768 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\setupdrv.exe size = 29862 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\srvinst_x64.exe size = 2906 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\srvinst_x64.exe size = 32768 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\srvinst_x64.exe size = 7350 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\VPDAgent_x64.exe size = 25418 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\VPDAgent_x64.exe size = 32768 True 4
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\VPDAgent_x64.exe size = 7878 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\ruppm.dll size = 24890 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\ruppm.dll size = 32768 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\ruppm.dll size = 5846 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\rupui.dll size = 26922 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\rupui.dll size = 742 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\unidrv_rup.dll size = 32026 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\unidrv_rup.dll size = 32768 True 13
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\unidrv_rup.dll size = 29942 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\unidrvui_rup.dll size = 2826 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\unidrvui_rup.dll size = 32768 True 27
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\unidrvui_rup.dll size = 5382 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\unires_vpd.dll size = 27386 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\unires_vpd.dll size = 32768 True 22
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\unires_vpd.dll size = 22806 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\ntprint.inf size = 9698 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\install.cmd size = 68 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\uninstall.cmd size = 87 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\rup.gpd size = 14667 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\stdnames_vpd.gpd size = 8248 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\stdnames_vpd.gpd size = 6118 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\rup.lng size = 26365 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\rup_s.lng size = 285 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\rup_s.lng size = 869 True 1
Fn
Data
Write C:\Program Files\Remote Utilities - Host\Printer\x64\unidrv_rup.hlp size = 21225 True 1
Fn
Data
Delete Directory C:\Config.Msi - True 4
Fn
Delete Directory C:\MSI30de9.tmp - True 1
Fn
Delete C:\Windows\Installer\MSI14E6.tmp - True 1
Fn
Delete C:\Windows\Installer\MSI1832.tmp - True 1
Fn
Delete C:\Windows\Installer\MSI1F07.tmp - True 1
Fn
Delete C:\Config.Msi\MSI2243.tmp - True 1
Fn
Delete C:\Windows\Installer\MSI27DF.tmp - True 1
Fn
Delete C:\Windows\Installer\30de7.msi - True 1
Fn
Delete C:\Windows\Installer\MSI1E1C.tmp - True 1
Fn
Delete C:\Config.Msi\MSI3162.tmp - True 1
Fn
Delete C:\Config.Msi\30de6.rbs - True 1
Fn
Delete C:\Windows\Installer\30de4.msi - True 1
Fn
Delete C:\Windows\Installer\30de5.ipi - True 1
Fn
Delete C:\Windows\Installer\MSIA089.tmp - True 1
Fn
Delete C:\Config.Msi\MSIA607.tmp - True 1
Fn
Delete C:\Windows\Installer\30dec.msi - True 1
Fn
Delete C:\Windows\Installer\MSIA423.tmp - True 1
Fn
Delete C:\Config.Msi\MSIDF41.tmp - True 1
Fn
Delete C:\Config.Msi\30deb.rbs - True 1
Fn
Delete C:\Windows\Installer\30de8.msi - True 1
Fn
Delete C:\Windows\Installer\30dea.ipi - True 1
Fn
Registry (1817)
»
Operation Key Additional Information Success Count Logfile
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Classes - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B99DCB78D08AE7046A3A76A15014354B - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3606D44453621DC46BC17BA1F9DA739D - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DA75A08B421DA442A929C56444AD01F - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Adobe\Adobe Reader - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Caphyon\Advanced Installer\Prereqs\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}\12.0.1 - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Caphyon\Advanced Installer\LZMA\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}\12.0.1 - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties - True 2
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall - True 2
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1FB7268953FC9EF428A2FDDA944DDFE5 - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\Usage - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Features\4A78C4EDFD652F04FBB339415F8F16B0 - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\Features - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Features\4A78C4EDFD652F04FBB339415F8F16B0 - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\Features - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\Patches - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\UpgradeCodes\1FB7268953FC9EF428A2FDDA944DDFE5 - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0\SourceList - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0\SourceList\Net - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0\SourceList - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0\SourceList - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Classes - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\490EF1B1D5DB88F45B337159197E181D - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\029705A57F1E1AD4F97654DAD0C441E3 - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45BAE6295648E74689FC47BF4E730EB - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6364F69515D55F943B4B3F3C669ECD32 - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6364F69515D55F943B4B3F3C669ECD32 - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6EDC4423414699340B5D245426472701 - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B296F791ACC797D4585ADE4002D2800D - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\481CA97E83DA62B4980D577BEC1AF92A - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E081FFDBED9215946AE89615F366707B - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\SYSTEM\Remote Utilities Host Installer - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties - True 3
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall - True 2
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\509B38EF4554FFD4794F292971C81B17 - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\Usage - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Features\B382549EC85704A48B1501660D4EE98A - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\Features - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\Patches - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\UpgradeCodes\509B38EF4554FFD4794F292971C81B17 - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A\SourceList - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A\SourceList\Net - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A\SourceList\Media - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A\SourceList\Media - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A\SourceList - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A\SourceList - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer - True 1
Fn
Open Key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Windows\Installer - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer - False 40
Fn
Open Key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Open Key HKEY_CURRENT_USER\Environment - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products - False 71
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products - False 71
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 18
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\000041091A0090400000000000F01FEC - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\000041091A0090400000000000F01FEC - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000041091A0090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 17
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109440090400000000000F01FEC - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109440090400000000000F01FEC - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109440090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109450090400000000000F01FEC - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109450090400000000000F01FEC - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109450090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\000041094B0090400000000000F01FEC - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\000041094B0090400000000000F01FEC - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000041094B0090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109510090400000000000F01FEC - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109510090400000000000F01FEC - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109510090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109511090400000000000F01FEC - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109511090400000000000F01FEC - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109511090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109610090400000000000F01FEC - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109610090400000000000F01FEC - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109610090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109711090400000000000F01FEC - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109711090400000000000F01FEC - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109711090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109810090400000000000F01FEC - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109810090400000000000F01FEC - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109810090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109910090400000000000F01FEC - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109910090400000000000F01FEC - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109910090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109A10090400000000000F01FEC - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109A10090400000000000F01FEC - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109A10090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109AB0090400000000000F01FEC - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109AB0090400000000000F01FEC - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109AB0090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109B10090400000000000F01FEC - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109B10090400000000000F01FEC - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109B10090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109C20090400000000000F01FEC - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109C20090400000000000F01FEC - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109C20090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109E60090400000000000F01FEC - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109E60090400000000000F01FEC - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109E60090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109F10090400000000000F01FEC - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109F10090400000000000F01FEC - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F10090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109F100A0C00000000000F01FEC - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109F100A0C00000000000F01FEC - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F100A0C00000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109F100C0400000000000F01FEC - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109F100C0400000000000F01FEC - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F100C0400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004119110000000000000000F01FEC - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004119110000000000000000F01FEC - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119110000000000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004119750000000000000000F01FEC - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004119750000000000000000F01FEC - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119750000000000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004119B30000000000000000F01FEC - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004119B30000000000000000F01FEC - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119B30000000000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\21EE4A31AE32173319EEFE3BD6FDFFE3 - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\21EE4A31AE32173319EEFE3BD6FDFFE3 - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\21EE4A31AE32173319EEFE3BD6FDFFE3 - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\2246038675C7F37388062DC64EABA251 - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\2246038675C7F37388062DC64EABA251 - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\2246038675C7F37388062DC64EABA251 - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\22BEFC8F7E2A1793E9ADB411DEFE1C58 - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\22BEFC8F7E2A1793E9ADB411DEFE1C58 - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\22BEFC8F7E2A1793E9ADB411DEFE1C58 - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4755C4440EB6E323B9DD29F2C6C3A440 - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4755C4440EB6E323B9DD29F2C6C3A440 - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4755C4440EB6E323B9DD29F2C6C3A440 - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4EA42A62D9304AC4784BF238120754FF - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4EA42A62D9304AC4784BF238120754FF - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4EA42A62D9304AC4784BF238120754FF - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\68AB67CA7DA7FFFFB744AA0000000010 - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\68AB67CA7DA7FFFFB744AA0000000010 - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\68AB67CA7DA7FFFFB744AA0000000010 - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\6E815EB96CCE9A53884E7857C57002F0 - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\6E815EB96CCE9A53884E7857C57002F0 - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0 - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\838AE285991981530AC5BD9064F286CE - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\838AE285991981530AC5BD9064F286CE - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\838AE285991981530AC5BD9064F286CE - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\C025571B2A687A53689168CD7369889B - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\C025571B2A687A53689168CD7369889B - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\C025571B2A687A53689168CD7369889B - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\DC8A59DBF9D1DA5389A1E3975220E6BB - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\DC8A59DBF9D1DA5389A1E3975220E6BB - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\DC8A59DBF9D1DA5389A1E3975220E6BB - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\F60730A4A66673047777F5728467D401 - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\F60730A4A66673047777F5728467D401 - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\F60730A4A66673047777F5728467D401 - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress - False 11
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 - False 42
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 - False 42
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 - False 66
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties - False 8
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData - True 4
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Policies\Microsoft\Windows\Installer - False 16
Fn
Open Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts - False 6
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B99DCB78D08AE7046A3A76A15014354B - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3606D44453621DC46BC17BA1F9DA739D - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DA75A08B421DA442A929C56444AD01F - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Adobe\Adobe Reader - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Caphyon\Advanced Installer\Prereqs\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}\12.0.1 - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Caphyon\Advanced Installer\LZMA\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}\12.0.1 - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1FB7268953FC9EF428A2FDDA944DDFE5 - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\Usage - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Features\4A78C4EDFD652F04FBB339415F8F16B0 - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\Features - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Features\4A78C4EDFD652F04FBB339415F8F16B0 - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\Features - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\Patches - False 8
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\UpgradeCodes\1FB7268953FC9EF428A2FDDA944DDFE5 - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0\SourceList - False 5
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0\SourceList\Net - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0\SourceList\Net - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0\SourceList - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0\SourceList\Net - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts - True 4
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress - True 1
Fn
Open Key HKEY_CURRENT_USER\Control Panel\Desktop - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress - True 3
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Open Key HKEY_CURRENT_USER\Environment - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 18
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000041091A0090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 18
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109440090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109450090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000041094B0090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109510090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109511090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109610090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109711090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109810090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109910090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109A10090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109AB0090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109B10090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109C20090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109E60090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F10090400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F100A0C00000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F100C0400000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119110000000000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119750000000000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119B30000000000000000F01FEC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\21EE4A31AE32173319EEFE3BD6FDFFE3 - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\2246038675C7F37388062DC64EABA251 - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\22BEFC8F7E2A1793E9ADB411DEFE1C58 - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4755C4440EB6E323B9DD29F2C6C3A440 - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4EA42A62D9304AC4784BF238120754FF - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\68AB67CA7DA7FFFFB744AA0000000010 - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0 - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\838AE285991981530AC5BD9064F286CE - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\C025571B2A687A53689168CD7369889B - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\DC8A59DBF9D1DA5389A1E3975220E6BB - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\F60730A4A66673047777F5728467D401 - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A - False 40
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A - False 40
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A - False 65
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties - False 7
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData - True 4
Fn
Open Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\UpgradeCodes\509B38EF4554FFD4794F292971C81B17 - False 2
Fn
Open Key HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\UpgradeCodes\509B38EF4554FFD4794F292971C81B17 - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\UpgradeCodes\509B38EF4554FFD4794F292971C81B17 - False 4
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\490EF1B1D5DB88F45B337159197E181D - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\029705A57F1E1AD4F97654DAD0C441E3 - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45BAE6295648E74689FC47BF4E730EB - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6364F69515D55F943B4B3F3C669ECD32 - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6364F69515D55F943B4B3F3C669ECD32 - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6EDC4423414699340B5D245426472701 - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B296F791ACC797D4585ADE4002D2800D - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\481CA97E83DA62B4980D577BEC1AF92A - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E081FFDBED9215946AE89615F366707B - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\SYSTEM\Remote Utilities Host Installer - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties - True 3
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\509B38EF4554FFD4794F292971C81B17 - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\Usage - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Features\B382549EC85704A48B1501660D4EE98A - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\Features - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\Patches - False 8
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A\SourceList - False 5
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A\SourceList\Net - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A\SourceList\Media - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A\SourceList\Media - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A\SourceList\Net - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A\SourceList - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A\SourceList\Net - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts - True 4
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress - True 1
Fn
Open Key HKEY_CURRENT_USER\Control Panel\Desktop - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress - True 3
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\TempPackages - False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer value_name = NoDrives, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment value_name = ComSpec, data = %SystemRoot%\system32\cmd.exe, type = REG_EXPAND_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment value_name = FP_NO_HOST_CHECK, data = NO, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment value_name = OS, data = Windows_NT, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment value_name = Path, data = %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\, type = REG_EXPAND_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment value_name = PATHEXT, data = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment value_name = PROCESSOR_ARCHITECTURE, data = x86, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment value_name = TEMP, data = %SystemRoot%\TEMP, type = REG_EXPAND_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment value_name = TMP, data = %SystemRoot%\TEMP, type = REG_EXPAND_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment value_name = USERNAME, data = SYSTEM, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment value_name = windir, data = %SystemRoot%, type = REG_EXPAND_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment value_name = PSModulePath, data = %SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\, type = REG_EXPAND_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment value_name = NUMBER_OF_PROCESSORS, data = 1, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment value_name = PROCESSOR_LEVEL, data = 6, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment value_name = PROCESSOR_IDENTIFIER, data = x86 Family 6 Model 94 Stepping 3, GenuineIntel, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment value_name = PROCESSOR_REVISION, data = 5e03, type = REG_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Environment value_name = TEMP, data = %USERPROFILE%\AppData\Local\Temp, type = REG_EXPAND_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Environment value_name = TMP, data = %USERPROFILE%\AppData\Local\Temp, type = REG_EXPAND_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000041091A0090400000000000F01FEC value_name = PackageCode, data = 09E55253E54BB364BB67063D0F10146D, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000041091A0090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109440090400000000000F01FEC value_name = PackageCode, data = 793FDB9B71F0FD14AAF4ED19CAAABD86, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109440090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109450090400000000000F01FEC value_name = PackageCode, data = CE35E2E6EBAB1A14397F4CC2D0AA4584, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109450090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000041094B0090400000000000F01FEC value_name = PackageCode, data = 622E7EF2B9E975D4D8BFAFF0A297C06F, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000041094B0090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109510090400000000000F01FEC value_name = PackageCode, data = 598038F48D734CC46A9A4AF0AC2E4278, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109510090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109511090400000000000F01FEC value_name = PackageCode, data = 816FB27986C2BBC45B79CDBF8325D5BA, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109511090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109610090400000000000F01FEC value_name = PackageCode, data = B0ACB93F09F14724494C000662AB6D74, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109610090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109711090400000000000F01FEC value_name = PackageCode, data = E2321CE91958748448711200E7D20418, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109711090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109810090400000000000F01FEC value_name = PackageCode, data = DCB2B6E2CC0FCC1459CCD3D1D78733D3, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109810090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109910090400000000000F01FEC value_name = PackageCode, data = 68E9D1251BE6DDA49A1D944C012B3A14, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109910090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109A10090400000000000F01FEC value_name = PackageCode, data = 3A206805BD250E64D9784FA6FBAB5FBA, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109A10090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109AB0090400000000000F01FEC value_name = PackageCode, data = 97D6CDA045D281D4D9454C4BA3C92EE0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109AB0090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109B10090400000000000F01FEC value_name = PackageCode, data = 04FE7F5818D5F34438C4B429566F1453, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109B10090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109C20090400000000000F01FEC value_name = PackageCode, data = DA7BFABD6A354234FAC72F5F0C2926B3, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109C20090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109E60090400000000000F01FEC value_name = PackageCode, data = C87E8E08986094A4DBC40DEC753C3095, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109E60090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F10090400000000000F01FEC value_name = PackageCode, data = 7C5260941519C594E81869350151A817, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F10090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F100A0C00000000000F01FEC value_name = PackageCode, data = 6352CF3BC32FE0F458E08617C1BB9961, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F100A0C00000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F100C0400000000000F01FEC value_name = PackageCode, data = E495777FDAB42534C9D340B6C99F4AA7, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F100C0400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119110000000000000000F01FEC value_name = PackageCode, data = AE5BDB166B0B28A4E98814F1FE57D3D5, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119110000000000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119750000000000000000F01FEC value_name = PackageCode, data = 273A3C03368AD03429880740FF2A72FD, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119750000000000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119B30000000000000000F01FEC value_name = PackageCode, data = 089116C3615AA1D4E87BCD6A5BDC758E, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119B30000000000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A value_name = PackageCode, data = E554C16404AD3B9478B14103C87CECFF, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\21EE4A31AE32173319EEFE3BD6FDFFE3 value_name = PackageCode, data = 3514399E1BAE6AD4AA27688CBBE1FDC2, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\21EE4A31AE32173319EEFE3BD6FDFFE3 value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\2246038675C7F37388062DC64EABA251 value_name = PackageCode, data = 425DC3227FCF0DE4BB0F0D2788F16225, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\2246038675C7F37388062DC64EABA251 value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\22BEFC8F7E2A1793E9ADB411DEFE1C58 value_name = PackageCode, data = 42DF3075D2FB41D4BAF24E510A63E136, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\22BEFC8F7E2A1793E9ADB411DEFE1C58 value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4755C4440EB6E323B9DD29F2C6C3A440 value_name = PackageCode, data = 3F1CBA45071060E40AA8BCB9C8F5198C, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4755C4440EB6E323B9DD29F2C6C3A440 value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4EA42A62D9304AC4784BF238120754FF value_name = PackageCode, data = 57BB70F73B3FE8242802F7708B9A2F38, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4EA42A62D9304AC4784BF238120754FF value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\68AB67CA7DA7FFFFB744AA0000000010 value_name = PackageCode, data = 091E586FC60D5CF4CA046D066347342A, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\68AB67CA7DA7FFFFB744AA0000000010 value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0 value_name = PackageCode, data = B4E370007AE0BD84C914DF7A9EBB8493, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0 value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\838AE285991981530AC5BD9064F286CE value_name = PackageCode, data = B2DC948BACE96054AB7F12ABB351578E, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\838AE285991981530AC5BD9064F286CE value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\C025571B2A687A53689168CD7369889B value_name = PackageCode, data = C21C44A45E1638843A5DBCB198CD0247, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\C025571B2A687A53689168CD7369889B value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a value_name = PackageCode, data = 84067013B7B56744BA0F51892982BC09, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\DC8A59DBF9D1DA5389A1E3975220E6BB value_name = PackageCode, data = 3EB83B319B95F3645B773BEF173ADAA3, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\DC8A59DBF9D1DA5389A1E3975220E6BB value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\F60730A4A66673047777F5728467D401 value_name = PackageCode, data = 0B95A7D38B9F344439144DA5D002FE78, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\F60730A4A66673047777F5728467D401 value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager value_name = PendingFileRenameOperations, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion value_name = ProgramFilesDir, data = 67 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion value_name = CommonFilesDir, data = 67 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress data = C:\Windows\Installer\30de5.ipi, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Adobe\Adobe Reader value_name = Path False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = AuthorizedCDFPrefix False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = Comments False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = Contact False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = DisplayVersion False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = HelpLink False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = HelpTelephone False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = InstallDate False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = InstallLocation False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = InstallSource False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = ModifyPath False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = Publisher False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = Readme False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = Size False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = EstimatedSize False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = EstimatedSize, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = UninstallString False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = URLInfoAbout False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = URLUpdateInfo False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = VersionMajor False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = VersionMinor False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = WindowsInstaller False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = Version False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = Language False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = Comments False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = Contact False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = DisplayVersion False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = HelpLink False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = HelpTelephone False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = InstallDate False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = InstallLocation False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = InstallSource False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = ModifyPath False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = Publisher False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = Readme False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = Size False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = EstimatedSize False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = EstimatedSize, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = UninstallString False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = URLInfoAbout False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = URLUpdateInfo False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = VersionMajor False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = VersionMinor False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = WindowsInstaller False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = Version False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = Language False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = DisplayName False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = DisplayName False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Features\4A78C4EDFD652F04FBB339415F8F16B0 value_name = RequiredApplication False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\Features value_name = RequiredApplication False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 value_name = PackageCode False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 value_name = Language False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 value_name = Version False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 value_name = Assignment False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 value_name = AdvertiseFlags False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 value_name = InstanceType False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 value_name = AuthorizedLUAApp False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 value_name = DeploymentFlags False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 value_name = Clients False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 value_name = Clients, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0\SourceList\Net value_name = 1, data = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\, type = REG_EXPAND_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0\SourceList value_name = LastUsedSource False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress data = C:\Windows\Installer\30de5.ipi, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts value_name = ScriptsDisabled False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts value_name = C:\Config.Msi\30de6.rbs, data = 30686889, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts value_name = C:\Config.Msi\30de6.rbsLow, data = 826767856, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders value_name = C:\Config.Msi\ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders value_name = C:\Config.Msi\, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress data = C:\Windows\Installer\30de5.ipi, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress data = C:\Windows\Installer\30de5.ipi, type = REG_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Control Panel\Desktop value_name = ScreenSaverIsSecure, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress data = C:\Windows\Installer\30de5.ipi, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment value_name = ComSpec, data = %SystemRoot%\system32\cmd.exe, type = REG_EXPAND_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment value_name = FP_NO_HOST_CHECK, data = NO, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment value_name = OS, data = Windows_NT, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment value_name = Path, data = %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\, type = REG_EXPAND_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment value_name = PATHEXT, data = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment value_name = PROCESSOR_ARCHITECTURE, data = x86, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment value_name = TEMP, data = %SystemRoot%\TEMP, type = REG_EXPAND_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment value_name = TMP, data = %SystemRoot%\TEMP, type = REG_EXPAND_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment value_name = USERNAME, data = SYSTEM, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment value_name = windir, data = %SystemRoot%, type = REG_EXPAND_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment value_name = PSModulePath, data = %SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\, type = REG_EXPAND_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment value_name = NUMBER_OF_PROCESSORS, data = 1, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment value_name = PROCESSOR_LEVEL, data = 6, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment value_name = PROCESSOR_IDENTIFIER, data = x86 Family 6 Model 94 Stepping 3, GenuineIntel, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment value_name = PROCESSOR_REVISION, data = 5e03, type = REG_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Environment value_name = TEMP, data = %USERPROFILE%\AppData\Local\Temp, type = REG_EXPAND_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Environment value_name = TMP, data = %USERPROFILE%\AppData\Local\Temp, type = REG_EXPAND_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000041091A0090400000000000F01FEC value_name = PackageCode, data = 09E55253E54BB364BB67063D0F10146D, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000041091A0090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109440090400000000000F01FEC value_name = PackageCode, data = 793FDB9B71F0FD14AAF4ED19CAAABD86, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109440090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109450090400000000000F01FEC value_name = PackageCode, data = CE35E2E6EBAB1A14397F4CC2D0AA4584, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109450090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000041094B0090400000000000F01FEC value_name = PackageCode, data = 622E7EF2B9E975D4D8BFAFF0A297C06F, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000041094B0090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109510090400000000000F01FEC value_name = PackageCode, data = 598038F48D734CC46A9A4AF0AC2E4278, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109510090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109511090400000000000F01FEC value_name = PackageCode, data = 816FB27986C2BBC45B79CDBF8325D5BA, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109511090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109610090400000000000F01FEC value_name = PackageCode, data = B0ACB93F09F14724494C000662AB6D74, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109610090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109711090400000000000F01FEC value_name = PackageCode, data = E2321CE91958748448711200E7D20418, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109711090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109810090400000000000F01FEC value_name = PackageCode, data = DCB2B6E2CC0FCC1459CCD3D1D78733D3, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109810090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109910090400000000000F01FEC value_name = PackageCode, data = 68E9D1251BE6DDA49A1D944C012B3A14, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109910090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109A10090400000000000F01FEC value_name = PackageCode, data = 3A206805BD250E64D9784FA6FBAB5FBA, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109A10090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109AB0090400000000000F01FEC value_name = PackageCode, data = 97D6CDA045D281D4D9454C4BA3C92EE0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109AB0090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109B10090400000000000F01FEC value_name = PackageCode, data = 04FE7F5818D5F34438C4B429566F1453, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109B10090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109C20090400000000000F01FEC value_name = PackageCode, data = DA7BFABD6A354234FAC72F5F0C2926B3, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109C20090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109E60090400000000000F01FEC value_name = PackageCode, data = C87E8E08986094A4DBC40DEC753C3095, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109E60090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F10090400000000000F01FEC value_name = PackageCode, data = 7C5260941519C594E81869350151A817, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F10090400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F100A0C00000000000F01FEC value_name = PackageCode, data = 6352CF3BC32FE0F458E08617C1BB9961, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F100A0C00000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F100C0400000000000F01FEC value_name = PackageCode, data = E495777FDAB42534C9D340B6C99F4AA7, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F100C0400000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119110000000000000000F01FEC value_name = PackageCode, data = AE5BDB166B0B28A4E98814F1FE57D3D5, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119110000000000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119750000000000000000F01FEC value_name = PackageCode, data = 273A3C03368AD03429880740FF2A72FD, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119750000000000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119B30000000000000000F01FEC value_name = PackageCode, data = 089116C3615AA1D4E87BCD6A5BDC758E, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119B30000000000000000F01FEC value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A value_name = PackageCode, data = E554C16404AD3B9478B14103C87CECFF, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\21EE4A31AE32173319EEFE3BD6FDFFE3 value_name = PackageCode, data = 3514399E1BAE6AD4AA27688CBBE1FDC2, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\21EE4A31AE32173319EEFE3BD6FDFFE3 value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\2246038675C7F37388062DC64EABA251 value_name = PackageCode, data = 425DC3227FCF0DE4BB0F0D2788F16225, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\2246038675C7F37388062DC64EABA251 value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\22BEFC8F7E2A1793E9ADB411DEFE1C58 value_name = PackageCode, data = 42DF3075D2FB41D4BAF24E510A63E136, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\22BEFC8F7E2A1793E9ADB411DEFE1C58 value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4755C4440EB6E323B9DD29F2C6C3A440 value_name = PackageCode, data = 3F1CBA45071060E40AA8BCB9C8F5198C, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4755C4440EB6E323B9DD29F2C6C3A440 value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 value_name = PackageCode, data = 08F0ADFDF002B7B4DB56290568476C8A, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4EA42A62D9304AC4784BF238120754FF value_name = PackageCode, data = 57BB70F73B3FE8242802F7708B9A2F38, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4EA42A62D9304AC4784BF238120754FF value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\68AB67CA7DA7FFFFB744AA0000000010 value_name = PackageCode, data = 091E586FC60D5CF4CA046D066347342A, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\68AB67CA7DA7FFFFB744AA0000000010 value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0 value_name = PackageCode, data = B4E370007AE0BD84C914DF7A9EBB8493, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0 value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\838AE285991981530AC5BD9064F286CE value_name = PackageCode, data = B2DC948BACE96054AB7F12ABB351578E, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\838AE285991981530AC5BD9064F286CE value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\C025571B2A687A53689168CD7369889B value_name = PackageCode, data = C21C44A45E1638843A5DBCB198CD0247, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\C025571B2A687A53689168CD7369889B value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a value_name = PackageCode, data = 84067013B7B56744BA0F51892982BC09, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\DC8A59DBF9D1DA5389A1E3975220E6BB value_name = PackageCode, data = 3EB83B319B95F3645B773BEF173ADAA3, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\DC8A59DBF9D1DA5389A1E3975220E6BB value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\F60730A4A66673047777F5728467D401 value_name = PackageCode, data = 0B95A7D38B9F344439144DA5D002FE78, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\F60730A4A66673047777F5728467D401 value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager value_name = PendingFileRenameOperations, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion value_name = ProgramFilesDir, data = 67 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion value_name = CommonFilesDir, data = 67 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion value_name = RegisteredOwner, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion value_name = RegisteredOwner, data = QHj0zZAa cGNHFmiOCuf, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion value_name = RegisteredOrganization, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion value_name = RegisteredOrganization, data = Tmj08Zpauy, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress data = C:\Windows\Installer\30dea.ipi, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6364F69515D55F943B4B3F3C669ECD32 value_name = 00000000000000000000000000000000, data = 164, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SYSTEM\Remote Utilities Host Installer value_name = UserAccess False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SYSTEM\Remote Utilities Host Installer value_name = Password False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SYSTEM\Remote Utilities Host Installer value_name = SyncUserAccess False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SYSTEM\Remote Utilities Host Installer value_name = Options False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = RegCompany False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = ProductID False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = LocalPackage, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = LocalPackage False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = AuthorizedCDFPrefix False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = Comments False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = Contact False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = DisplayVersion False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = HelpLink False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = HelpTelephone False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = InstallDate False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = InstallLocation False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = InstallSource False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = ModifyPath False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = NoModify False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = NoRepair False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = Publisher False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = Readme False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = Size False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = EstimatedSize False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = EstimatedSize, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = UninstallString False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = URLInfoAbout False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = URLUpdateInfo False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = VersionMajor False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = VersionMinor False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = WindowsInstaller False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = Version False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = Language False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = Comments False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = Contact False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = DisplayVersion False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = HelpLink False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = HelpTelephone False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = InstallDate False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = InstallLocation False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = InstallSource False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = ModifyPath False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = NoModify False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = NoRepair False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = Publisher False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = Readme False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = Size False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = EstimatedSize False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = EstimatedSize, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = UninstallString False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = URLInfoAbout False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = URLUpdateInfo False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = VersionMajor False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = VersionMinor False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = WindowsInstaller False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = Version False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = Language False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = DisplayName False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = DisplayName False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A value_name = PackageCode False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A value_name = Language False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A value_name = Version False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A value_name = Assignment False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A value_name = AdvertiseFlags False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A value_name = ProductIcon False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A value_name = InstanceType False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A value_name = AuthorizedLUAApp False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A value_name = DeploymentFlags False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A\SourceList\Media value_name = 1 False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A value_name = Clients False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A value_name = Clients, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A\SourceList\Net value_name = 1, data = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\, type = REG_EXPAND_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A\SourceList value_name = LastUsedSource False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress data = C:\Windows\Installer\30dea.ipi, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts value_name = ScriptsDisabled False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts value_name = C:\Config.Msi\30deb.rbs, data = 30686889, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts value_name = C:\Config.Msi\30deb.rbsLow, data = 1163887856, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders value_name = C:\Config.Msi\ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders value_name = C:\Config.Msi\, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress data = C:\Windows\Installer\30dea.ipi, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress data = C:\Windows\Installer\30dea.ipi, type = REG_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Control Panel\Desktop value_name = ScreenSaverIsSecure, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress data = C:\Windows\Installer\30dea.ipi, type = REG_SZ True 2
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress data = C:\Windows\Installer\30de5.ipi, size = 62, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders value_name = C:\Config.Msi\, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts value_name = C:\Config.Msi\30de6.rbs, data = 30686889, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts value_name = C:\Config.Msi\30de6.rbsLow, data = 826767856, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B99DCB78D08AE7046A3A76A15014354B value_name = 4A78C4EDFD652F04FBB339415F8F16B0, data = 02:\Software\Caphyon\Advanced Installer\Prereqs\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}\12.0.1\RequiredApplication, size = 228, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3606D44453621DC46BC17BA1F9DA739D value_name = 4A78C4EDFD652F04FBB339415F8F16B0, data = 02:\Software\Adobe\Adobe Reader\Version, size = 80, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DA75A08B421DA442A929C56444AD01F value_name = 4A78C4EDFD652F04FBB339415F8F16B0, data = 02:\Software\Caphyon\Advanced Installer\LZMA\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}\12.0.1\AI_ExePath, size = 204, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Adobe\Adobe Reader value_name = Version, data = 12.0.1, size = 14, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Adobe\Adobe Reader value_name = Path, data = C:\Program Files\Adobe\Adobe Reader\, size = 74, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Caphyon\Advanced Installer\Prereqs\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}\12.0.1 value_name = RequiredApplication, data = 1, size = 4, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Caphyon\Advanced Installer\LZMA\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}\12.0.1 value_name = AI_ExePath, data = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 124, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = LocalPackage, data = C:\Windows\Installer\30de7.msi, size = 62, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = AuthorizedCDFPrefix, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = Comments, data = This installer database contains the logic and data required to install Adobe Reader., size = 172, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = Contact, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = DisplayVersion, data = 12.0.1, size = 14, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = HelpLink, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = HelpTelephone, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = InstallDate, data = 20180828, size = 18, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = InstallLocation, data = C:\Program Files\Adobe\Adobe Reader\, size = 74, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = InstallSource, data = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\, size = 136, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = ModifyPath, data = MsiExec.exe /I{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, size = 106, type = REG_EXPAND_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = Publisher, data = Adobe, size = 12, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = Readme, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = Size, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = EstimatedSize, data = 979, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = UninstallString, data = MsiExec.exe /I{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, size = 106, type = REG_EXPAND_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = URLInfoAbout, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = URLUpdateInfo, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = VersionMajor, data = 12, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = VersionMinor, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = WindowsInstaller, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = Version, data = 201326593, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = Language, data = 1033, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = AuthorizedCDFPrefix, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = Comments, data = This installer database contains the logic and data required to install Adobe Reader., size = 172, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = Contact, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = DisplayVersion, data = 12.0.1, size = 14, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = HelpLink, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = HelpTelephone, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = InstallDate, data = 20180828, size = 18, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = InstallLocation, data = C:\Program Files\Adobe\Adobe Reader\, size = 74, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = InstallSource, data = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\, size = 136, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = ModifyPath, data = MsiExec.exe /I{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, size = 106, type = REG_EXPAND_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = Publisher, data = Adobe, size = 12, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = Readme, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = Size, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = EstimatedSize, data = 979, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = UninstallString, data = MsiExec.exe /I{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, size = 106, type = REG_EXPAND_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = URLInfoAbout, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = URLUpdateInfo, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = VersionMajor, data = 12, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = VersionMinor, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = WindowsInstaller, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = Version, data = 201326593, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = Language, data = 1033, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1FB7268953FC9EF428A2FDDA944DDFE5 value_name = 4A78C4EDFD652F04FBB339415F8F16B0, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties value_name = DisplayName, data = Adobe Reader, size = 26, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} value_name = DisplayName, data = Adobe Reader, size = 26, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Features\4A78C4EDFD652F04FBB339415F8F16B0 value_name = MainFeature, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\Features value_name = MainFeature, data = !)yy9L4Wc@xeoY+,'0nnKZPEQx*1)=yIbeHf@BPv, size = 82, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Features\4A78C4EDFD652F04FBB339415F8F16B0 value_name = RequiredApplication, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\Features value_name = RequiredApplication, data = 3C5^SG`wf8IpEQ+w9@zbKZPEQx*1)=yIbeHf@BPv, size = 82, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\Patches value_name = AllPatches, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 value_name = ProductName, data = Adobe Reader, size = 26, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 value_name = PackageCode, data = 08F0ADFDF002B7B4DB56290568476C8A, size = 66, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 value_name = Language, data = 1033, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 value_name = Version, data = 201326593, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 value_name = Assignment, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 value_name = AdvertiseFlags, data = 388, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 value_name = InstanceType, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 value_name = AuthorizedLUAApp, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 value_name = DeploymentFlags, data = 3, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\UpgradeCodes\1FB7268953FC9EF428A2FDDA944DDFE5 value_name = 4A78C4EDFD652F04FBB339415F8F16B0, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0\SourceList value_name = PackageName, data = setup.msi, size = 20, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0\SourceList\Net value_name = 1, data = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\, size = 136, type = REG_EXPAND_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 value_name = Clients, data = 11462296, size = 6, type = REG_MULTI_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0\SourceList value_name = LastUsedSource, data = n;1;C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\, size = 144, type = REG_EXPAND_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress data = C:\Windows\Installer\30dea.ipi, size = 62, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders value_name = C:\Config.Msi\, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts value_name = C:\Config.Msi\30deb.rbs, data = 30686889, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts value_name = C:\Config.Msi\30deb.rbsLow, data = 1163887856, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\490EF1B1D5DB88F45B337159197E181D value_name = B382549EC85704A48B1501660D4EE98A, data = C:\Program Files\Remote Utilities - Host\Monitor\x86\, size = 108, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\029705A57F1E1AD4F97654DAD0C441E3 value_name = B382549EC85704A48B1501660D4EE98A, data = C:\Program Files\Remote Utilities - Host\Monitor\x64\, size = 108, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45BAE6295648E74689FC47BF4E730EB value_name = B382549EC85704A48B1501660D4EE98A, data = C:\Program Files\Remote Utilities - Host\, size = 84, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6364F69515D55F943B4B3F3C669ECD32 value_name = B382549EC85704A48B1501660D4EE98A, data = C:\Program Files\Remote Utilities - Host\, size = 84, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6364F69515D55F943B4B3F3C669ECD32 value_name = 00000000000000000000000000000000, data = C:\Program Files\Remote Utilities - Host\, size = 84, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6EDC4423414699340B5D245426472701 value_name = B382549EC85704A48B1501660D4EE98A, data = C:\Program Files\Remote Utilities - Host\, size = 84, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B296F791ACC797D4585ADE4002D2800D value_name = B382549EC85704A48B1501660D4EE98A, data = C:\Program Files\Remote Utilities - Host\, size = 84, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\481CA97E83DA62B4980D577BEC1AF92A value_name = B382549EC85704A48B1501660D4EE98A, data = C:\Program Files\Remote Utilities - Host\Printer\x86\, size = 108, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E081FFDBED9215946AE89615F366707B value_name = B382549EC85704A48B1501660D4EE98A, data = C:\Program Files\Remote Utilities - Host\Printer\x64\, size = 108, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders value_name = C:\Program Files\Remote Utilities - Host\, data = 1, size = 4, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders value_name = C:\Program Files\Remote Utilities - Host\Monitor\, data = 1, size = 4, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders value_name = C:\Program Files\Remote Utilities - Host\Monitor\x64\, data = 1, size = 4, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders value_name = C:\Program Files\Remote Utilities - Host\Monitor\x86\, data = 1, size = 4, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders value_name = C:\Program Files\Remote Utilities - Host\Printer\x86\, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders value_name = C:\Program Files\Remote Utilities - Host\Printer\, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders value_name = C:\Program Files\Remote Utilities - Host\Printer\x64\, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SYSTEM\Remote Utilities Host Installer value_name = notification, size = 1010, type = REG_BINARY True 1
Fn
Data
Write Value HKEY_LOCAL_MACHINE\SYSTEM\Remote Utilities Host Installer value_name = UserAccess, size = 0, type = REG_BINARY True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SYSTEM\Remote Utilities Host Installer value_name = Password, size = 256, type = REG_BINARY True 1
Fn
Data
Write Value HKEY_LOCAL_MACHINE\SYSTEM\Remote Utilities Host Installer value_name = SyncUserAccess, size = 128, type = REG_BINARY True 1
Fn
Data
Write Value HKEY_LOCAL_MACHINE\SYSTEM\Remote Utilities Host Installer value_name = Options, size = 1796, type = REG_BINARY True 1
Fn
Data
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = RegOwner, data = QHj0zZAa cGNHFmiOCuf, size = 42, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = RegCompany, data = Tmj08Zpauy, size = 22, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = ProductID, data = none, size = 10, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = LocalPackage, data = C:\Windows\Installer\30dec.msi, size = 62, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = AuthorizedCDFPrefix, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = Comments, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = Contact, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = DisplayVersion, data = 6.255.6801, size = 22, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = HelpLink, data = https://www.remoteutilities.com/, size = 66, type = REG_EXPAND_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = HelpTelephone, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = InstallDate, data = 20180828, size = 18, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = InstallLocation, data = C:\Program Files\Remote Utilities - Host\, size = 84, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = InstallSource, data = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\, size = 98, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = ModifyPath, data = MsiExec.exe /X{E945283B-758C-4A40-B851-1066D0E49EA8}, size = 106, type = REG_EXPAND_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = NoModify, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = NoRepair, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = Publisher, data = Remote Utilities LLC, size = 42, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = Readme, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = Size, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = EstimatedSize, data = 27041, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = UninstallString, data = MsiExec.exe /X{E945283B-758C-4A40-B851-1066D0E49EA8}, size = 106, type = REG_EXPAND_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = URLInfoAbout, data = https://www.remoteutilities.com/, size = 66, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = URLUpdateInfo, data = https://www.remoteutilities.com/, size = 66, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = VersionMajor, data = 6, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = VersionMinor, data = 255, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = WindowsInstaller, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = Version, data = 117381777, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = Language, data = 1033, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = AuthorizedCDFPrefix, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = Comments, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = Contact, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = DisplayVersion, data = 6.255.6801, size = 22, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = HelpLink, data = https://www.remoteutilities.com/, size = 66, type = REG_EXPAND_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = HelpTelephone, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = InstallDate, data = 20180828, size = 18, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = InstallLocation, data = C:\Program Files\Remote Utilities - Host\, size = 84, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = InstallSource, data = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\, size = 98, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = ModifyPath, data = MsiExec.exe /X{E945283B-758C-4A40-B851-1066D0E49EA8}, size = 106, type = REG_EXPAND_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = NoModify, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = NoRepair, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = Publisher, data = Remote Utilities LLC, size = 42, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = Readme, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = Size, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = EstimatedSize, data = 27041, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = UninstallString, data = MsiExec.exe /X{E945283B-758C-4A40-B851-1066D0E49EA8}, size = 106, type = REG_EXPAND_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = URLInfoAbout, data = https://www.remoteutilities.com/, size = 66, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = URLUpdateInfo, data = https://www.remoteutilities.com/, size = 66, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = VersionMajor, data = 6, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = VersionMinor, data = 255, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = WindowsInstaller, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = Version, data = 117381777, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = Language, data = 1033, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\509B38EF4554FFD4794F292971C81B17 value_name = B382549EC85704A48B1501660D4EE98A, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties value_name = DisplayName, data = Remote Utilities - Host, size = 48, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E945283B-758C-4A40-B851-1066D0E49EA8} value_name = DisplayName, data = Remote Utilities - Host, size = 48, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Features\B382549EC85704A48B1501660D4EE98A value_name = RMS, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\Features value_name = RMS, data = ($$f+qdkWAi9~vWJQSDlmQ@%EFWoy@xtXc`$cxy79!2S0MLL,?W]Xvccoz(fnj9hDlGOj?H=4}gyUgT.SJ@14!Pgf92W.=='tB@(UFX4+20Tu@E'_Y$N65rkF83Ms%k&1@Z(xzc+1d=]bwQ(fvyxW?n(+2B3T0oc, size = 322, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders value_name = C:\Windows\Installer\{E945283B-758C-4A40-B851-1066D0E49EA8}\, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\Patches value_name = AllPatches, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A value_name = ProductName, data = Remote Utilities - Host, size = 48, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A value_name = PackageCode, data = C2B715477A86B9840B3BD5A0C6916BB6, size = 66, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A value_name = Language, data = 1033, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A value_name = Version, data = 117381777, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A value_name = Assignment, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A value_name = AdvertiseFlags, data = 388, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A value_name = ProductIcon, data = C:\Windows\Installer\{E945283B-758C-4A40-B851-1066D0E49EA8}\ARPPRODUCTICON.exe, size = 158, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A value_name = InstanceType, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A value_name = AuthorizedLUAApp, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A value_name = DeploymentFlags, data = 3, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\UpgradeCodes\509B38EF4554FFD4794F292971C81B17 value_name = B382549EC85704A48B1501660D4EE98A, size = 2, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A\SourceList value_name = PackageName, data = host6.8_unsigned.msi, size = 42, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A\SourceList\Net value_name = 1, data = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\, size = 98, type = REG_EXPAND_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A\SourceList\Media value_name = DiskPrompt, data = [1], size = 8, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A\SourceList\Media value_name = 1, data = DISK1;1, size = 16, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A value_name = Clients, data = 12378656, size = 6, type = REG_MULTI_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A\SourceList value_name = LastUsedSource, data = n;1;C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\, size = 106, type = REG_EXPAND_SZ True 1
Fn
Delete Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts - True 2
Fn
Delete Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback - True 2
Fn
Delete Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress - True 2
Fn
Delete Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders value_name = C:\Config.Msi\ True 1
Fn
Delete Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts value_name = C:\Config.Msi\30de6.rbs True 1
Fn
Delete Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts value_name = C:\Config.Msi\30de6.rbsLow True 1
Fn
Delete Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders value_name = C:\Config.Msi\ True 1
Fn
Delete Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts value_name = C:\Config.Msi\30deb.rbs True 1
Fn
Delete Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts value_name = C:\Config.Msi\30deb.rbsLow True 1
Fn
Enumerate Keys HKEY_CURRENT_USER - False 4
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - False 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData - False 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData - True 2
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData - False 2
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData - False 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData - False 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products - False 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData - False 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData - True 2
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData - False 2
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData - False 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData - False 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Enumerate Values HKEY_CURRENT_USER\Environment - True 1
Fn
Enumerate Values HKEY_CURRENT_USER\Environment - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0\SourceList\Net - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Enumerate Values HKEY_CURRENT_USER\Environment - True 1
Fn
Enumerate Values HKEY_CURRENT_USER\Environment - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A\SourceList\Net - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Get Key Info HKEY_CURRENT_USER\Environment - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0\SourceList\Net - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment - True 1
Fn
Get Key Info HKEY_CURRENT_USER\Environment - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A\SourceList\Net - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts - True 1
Fn
For performance reasons, the remaining 4 entries are omitted.
The remaining entries can be found in glog.xml.
Process (7)
»
Operation Process Additional Information Success Count Logfile
Create C:\Windows\system32\MsiExec.exe os_pid = 0xa6c, creation_flags = CREATE_NORMAL_PRIORITY_CLASS, CREATE_UNICODE_ENVIRONMENT, show_window = SW_HIDE True 1
Fn
Create C:\Windows\system32\MsiExec.exe os_pid = 0xd78, creation_flags = CREATE_NORMAL_PRIORITY_CLASS, CREATE_UNICODE_ENVIRONMENT, show_window = SW_HIDE True 1
Fn
Create C:\Windows\system32\MsiExec.exe os_pid = 0xf68, creation_flags = CREATE_NORMAL_PRIORITY_CLASS, CREATE_UNICODE_ENVIRONMENT, show_window = SW_HIDE True 1
Fn
Create "C:\Program Files\Remote Utilities - Host\rfusclient.exe" -msi_copy "C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi" os_pid = 0xf90, creation_flags = CREATE_NORMAL_PRIORITY_CLASS, CREATE_UNICODE_ENVIRONMENT, show_window = SW_HIDE True 1
Fn
Create "C:\Program Files\Remote Utilities - Host\rutserv.exe" /silentinstall os_pid = 0xfa8, creation_flags = CREATE_SUSPENDED, CREATE_NORMAL_PRIORITY_CLASS, CREATE_UNICODE_ENVIRONMENT, show_window = SW_HIDE True 1
Fn
Create "C:\Program Files\Remote Utilities - Host\rutserv.exe" /firewall os_pid = 0xfc4, creation_flags = CREATE_SUSPENDED, CREATE_NORMAL_PRIORITY_CLASS, CREATE_UNICODE_ENVIRONMENT, show_window = SW_HIDE True 1
Fn
Create "C:\Program Files\Remote Utilities - Host\rutserv.exe" /start os_pid = 0x504, creation_flags = CREATE_SUSPENDED, CREATE_NORMAL_PRIORITY_CLASS, CREATE_UNICODE_ENVIRONMENT, CREATE_BREAKAWAY_FROM_JOB, show_window = SW_HIDE True 1
Fn
Thread (3)
»
Operation Process Additional Information Success Count Logfile
Resume - os_tid = 0xfac True 1
Fn
Resume - os_tid = 0xfc8 True 1
Fn
Resume - os_tid = 0x89c True 1
Fn
Module (135)
»
Operation Module Additional Information Success Count Logfile
Load C:\Windows\system32\OLE32.DLL base_address = 0x76750000 True 1
Fn
Load C:\Windows\system32\SHLWAPI.DLL base_address = 0x76e10000 True 1
Fn
Load C:\Windows\system32\RPCRT4.DLL base_address = 0x75680000 True 1
Fn
Load C:\Windows\system32\TSAPPCMP.DLL base_address = 0x0 False 1
Fn
Load Msi.dll base_address = 0x6f040000 True 12
Fn
Load C:\Windows\system32\USERENV.DLL base_address = 0x74a30000 True 2
Fn
Load MsiMsg.dll base_address = 0x71f40002 True 1
Fn
Load Ntdll.dll base_address = 0x77230000 True 1
Fn
Load COMCTL32 base_address = 0x74360000 True 2
Fn
Load C:\Windows\system32\NETAPI32.DLL base_address = 0x73c60000 True 1
Fn
Load C:\Windows\system32\SRCLIENT.DLL base_address = 0x6e4e0000 True 1
Fn
Load C:\Windows\system32\APPHELP.DLL base_address = 0x718b0000 True 1
Fn
Load C:\Windows\system32\VERSION.DLL base_address = 0x748d0000 True 2
Fn
Load C:\Windows\system32\sxs.DLL base_address = 0x752e0000 True 4
Fn
Load C:\Windows\system32\MSCOREE.DLL base_address = 0x6e180000 True 2
Fn
Load C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll base_address = 0x730001 True 2
Fn
Load C:\Windows\system32\RSTRTMGR.DLL base_address = 0x6c490000 True 1
Fn
Load C:\Windows\system32\SHELL32.DLL base_address = 0x75830000 True 2
Fn
Load C:\Windows\system32\NTDLL.DLL base_address = 0x77230000 True 1
Fn
Load C:\Windows\system32\SFC.DLL base_address = 0x6e5b0000 True 3
Fn
Load C:\Windows\system32\KERNELBASE.DLL base_address = 0x75540000 True 1
Fn
Load C:\Windows\system32\SAGE.DLL base_address = 0x0 False 4
Fn
Load C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll base_address = 0x540001 True 2
Fn
Load CABINET base_address = 0x6e710000 True 1
Fn
Get Handle MSCOREE base_address = 0x0 False 2
Fn
Get Filename c:\windows\system32\msi.dll process_name = c:\windows\system32\msiexec.exe, file_name_orig = C:\Windows\system32\msi.dll, size = 260 True 3
Fn
Get Address c:\windows\system32\ole32.dll function = CoImpersonateClient, address_out = 0x7675fed0 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoRevertToSelf, address_out = 0x76760065 True 1
Fn
Get Address c:\windows\system32\msi.dll function = DllGetClassObject, address_out = 0x6f06183e True 6
Fn
Get Address c:\windows\system32\ole32.dll function = CoCreateInstance, address_out = 0x76799d0b True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = CreateRestrictedToken, address_out = 0x76a33148 True 1
Fn
Get Address c:\windows\system32\shlwapi.dll function = UrlIsW, address_out = 0x76e26763 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetFileAttributesExW, address_out = 0x7695273d True 1
Fn
Get Address c:\windows\system32\rpcrt4.dll function = I_RpcBindingInqLocalClientPID, address_out = 0x756b2019 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoGetCallContext, address_out = 0x7676b385 True 1
Fn
Get Address c:\windows\system32\msi.dll function = QueryInstanceCount, address_out = 0x6f052ae2 True 12
Fn
Get Address c:\windows\system32\userenv.dll function = CreateEnvironmentBlock, address_out = 0x74a31a7a True 2
Fn
Get Address c:\windows\system32\userenv.dll function = DestroyEnvironmentBlock, address_out = 0x74a31a4e True 2
Fn
Get Address c:\windows\system32\kernel32.dll function = GetThreadPreferredUILanguages, address_out = 0x769522d7 True 1
Fn
Get Address c:\windows\system32\ntdll.dll function = WinSqmIsOptedIn, address_out = 0x77296c03 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = WTSGetActiveConsoleSessionId, address_out = 0x7694480b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = InitCommonControlsEx, address_out = 0x743809ce True 2
Fn
Get Address c:\windows\system32\ole32.dll function = CoInitialize, address_out = 0x7676b636 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoTaskMemAlloc, address_out = 0x7679ea4c True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoTaskMemFree, address_out = 0x767a6f41 True 1
Fn
Get Address c:\windows\system32\netapi32.dll function = NetGetJoinInformation, address_out = 0x73c42c3f True 1
Fn
Get Address c:\windows\system32\netapi32.dll function = NetApiBufferFree, address_out = 0x73c513d2 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = StgOpenStorage, address_out = 0x7676480e True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoGetMalloc, address_out = 0x76796265 True 1
Fn
Get Address c:\windows\system32\srclient.dll function = SRSetRestorePointW, address_out = 0x6e4e2ff5 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = CreateWellKnownSid, address_out = 0x76a0481e True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SaferiChangeRegistryScope, address_out = 0x76a40595 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SaferIdentifyLevel, address_out = 0x76a12102 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SaferGetLevelInformation, address_out = 0x769f9094 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SaferCloseLevel, address_out = 0x76a13825 True 1
Fn
Get Address Unknown module name function = ApphelpGetMsiProperties, address_out = 0x718d7525 True 1
Fn
Get Address Unknown module name function = SdbInitDatabase, address_out = 0x718d65b0 True 1
Fn
Get Address Unknown module name function = GetFileVersionInfoSizeW, address_out = 0x748d19d9 True 2
Fn
Get Address Unknown module name function = GetFileVersionInfoW, address_out = 0x748d19f4 True 1
Fn
Get Address Unknown module name function = VerQueryValueW, address_out = 0x748d1b51 True 1
Fn
Get Address Unknown module name function = GetCORSystemDirectory, address_out = 0x6e1831d0 True 2
Fn
Get Address Unknown module name function = RmStartSession, address_out = 0x6c49474b True 1
Fn
Get Address Unknown module name function = SHGetFolderPathW, address_out = 0x758b5708 True 2
Fn
Get Address c:\windows\system32\ole32.dll function = CoInitializeEx, address_out = 0x767909ad True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = GetSecurityInfo, address_out = 0x769fb3e4 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SetEntriesInAclW, address_out = 0x76a02a66 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SetSecurityInfo, address_out = 0x769f9edf True 1
Fn
Get Address c:\windows\system32\ntdll.dll function = RtlCreateEnvironment, address_out = 0x7723bb67 True 1
Fn
Get Address c:\windows\system32\ntdll.dll function = RtlDestroyEnvironment, address_out = 0x772a17d6 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoQueryProxyBlanket, address_out = 0x76786224 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoUninitialize, address_out = 0x767986d3 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoIsHandlerConnected, address_out = 0x768139b5 True 1
Fn
Get Address Unknown module name function = SfcIsKeyProtected, address_out = 0x6e5a36cb True 3
Fn
Get Address c:\windows\system32\kernelbase.dll function = NotifyRedirectedStringChange, address_out = 0x7555c66d True 1
Fn
Get Address Unknown module name function = RmEndSession, address_out = 0x6c494979 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadExecutionState, address_out = 0x7697883d True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoDisconnectObject, address_out = 0x7676e604 True 1
Fn
Get Address Unknown module name function = FDICreate, address_out = 0x6e711c3f True 1
Fn
Get Address Unknown module name function = FDICopy, address_out = 0x6e711849 True 1
Fn
Get Address Unknown module name function = FDIIsCabinet, address_out = 0x6e7159bd True 1
Fn
Get Address Unknown module name function = FDIDestroy, address_out = 0x6e711693 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SaferComputeTokenFromLevel, address_out = 0x76a13352 True 1
Fn
User (122)
»
Operation Additional Information Success Count Logfile
Lookup Privilege privilege = SeCreateTokenPrivilege, luid = 2 True 1
Fn
Lookup Privilege privilege = SeAssignPrimaryTokenPrivilege, luid = 3 True 1
Fn
Lookup Privilege privilege = SeLockMemoryPrivilege, luid = 4 True 1
Fn
Lookup Privilege privilege = SeIncreaseQuotaPrivilege, luid = 5 True 1
Fn
Lookup Privilege privilege = SeUnsolicitedInputPrivilege, luid = 0 False 1
Fn
Lookup Privilege privilege = SeMachineAccountPrivilege, luid = 6 True 1
Fn
Lookup Privilege privilege = SeTcbPrivilege, luid = 7 True 1
Fn
Lookup Privilege privilege = SeSecurityPrivilege, luid = 8 True 1
Fn
Lookup Privilege privilege = SeTakeOwnershipPrivilege, luid = 9 True 47
Fn
Lookup Privilege privilege = SeLoadDriverPrivilege, luid = 10 True 1
Fn
Lookup Privilege privilege = SeSystemProfilePrivilege, luid = 11 True 1
Fn
Lookup Privilege privilege = SeSystemtimePrivilege, luid = 12 True 1
Fn
Lookup Privilege privilege = SeProfileSingleProcessPrivilege, luid = 13 True 1
Fn
Lookup Privilege privilege = SeIncreaseBasePriorityPrivilege, luid = 14 True 1
Fn
Lookup Privilege privilege = SeCreatePagefilePrivilege, luid = 15 True 1
Fn
Lookup Privilege privilege = SeCreatePermanentPrivilege, luid = 16 True 1
Fn
Lookup Privilege privilege = SeBackupPrivilege, luid = 17 True 1
Fn
Lookup Privilege privilege = SeRestorePrivilege, luid = 18 True 47
Fn
Lookup Privilege privilege = SeShutdownPrivilege, luid = 19 True 1
Fn
Lookup Privilege privilege = SeDebugPrivilege, luid = 20 True 1
Fn
Lookup Privilege privilege = SeAuditPrivilege, luid = 21 True 1
Fn
Lookup Privilege privilege = SeSystemEnvironmentPrivilege, luid = 22 True 1
Fn
Lookup Privilege privilege = SeChangeNotifyPrivilege, luid = 23 True 1
Fn
Lookup Privilege privilege = SeRemoteShutdownPrivilege, luid = 24 True 1
Fn
Lookup Privilege privilege = SeUndockPrivilege, luid = 25 True 1
Fn
Lookup Privilege privilege = SeSyncAgentPrivilege, luid = 26 True 1
Fn
Lookup Privilege privilege = SeEnableDelegationPrivilege, luid = 27 True 1
Fn
Lookup Privilege privilege = SeManageVolumePrivilege, luid = 28 True 1
Fn
Lookup Privilege privilege = SeImpersonatePrivilege, luid = 29 True 1
Fn
Lookup Privilege privilege = SeCreateGlobalPrivilege, luid = 30 True 1
Fn
Window (4)
»
Operation Window Name Additional Information Success Count Logfile
Create - class_name = MsiHiddenWindow, wndproc_parameter = 0 True 1
Fn
Create - class_name = MsiHiddenWindow, wndproc_parameter = 0 True 1
Fn
Create - class_name = MsiHiddenWindow, wndproc_parameter = 0 True 1
Fn
Create - class_name = MsiHiddenWindow, wndproc_parameter = 0 True 1
Fn
System (2285)
»
Operation Additional Information Success Count Logfile
Get Computer Name result_out = CRH2YWU7 True 2
Fn
Sleep duration = -1 (infinite) True 38
Fn
Sleep duration = 150 milliseconds (0.150 seconds) True 830
Fn
Sleep duration = 30000 milliseconds (30.000 seconds) True 853
Fn
Sleep duration = 300 milliseconds (0.300 seconds) True 352
Fn
Sleep duration = -1 (infinite) False 1
Fn
Get Time type = Ticks, time = 116860 True 1
Fn
Get Time type = Ticks, time = 148544 True 1
Fn
Get Time type = Local Time, time = 2018-08-28 08:28:12 (Local Time) True 2
Fn
Get Time type = Ticks, time = 200227 True 1
Fn
Get Time type = Ticks, time = 200258 True 2
Fn
Get Time type = Ticks, time = 200274 True 4
Fn
Get Time type = Ticks, time = 200289 True 7
Fn
Get Time type = System Time, time = 2018-08-28 10:29:04 (UTC) True 1
Fn
Get Time type = Ticks, time = 201974 True 1
Fn
Get Time type = Local Time, time = 2018-08-28 08:29:07 (Local Time) True 3
Fn
Get Time type = System Time, time = 2018-08-28 10:29:13 (UTC) True 1
Fn
Get Time type = Local Time, time = 2018-08-28 08:29:13 (Local Time) True 1
Fn
Get Time type = Local Time, time = 2018-08-28 08:29:14 (Local Time) True 1
Fn
Get Time type = Local Time, time = 2018-08-28 08:29:40 (Local Time) True 2
Fn
Get Time type = Ticks, time = 236731 True 5
Fn
Get Time type = Ticks, time = 236747 True 6
Fn
Get Time type = Ticks, time = 236762 True 6
Fn
Get Time type = Ticks, time = 236793 True 7
Fn
Get Time type = Ticks, time = 236809 True 5
Fn
Get Time type = Ticks, time = 236825 True 4
Fn
Get Time type = Ticks, time = 236871 True 5
Fn
Get Time type = Ticks, time = 236887 True 5
Fn
Get Time type = Ticks, time = 236903 True 6
Fn
Get Time type = Ticks, time = 236934 True 5
Fn
Get Time type = Ticks, time = 236949 True 6
Fn
Get Time type = System Time, time = 1627-02-08 02:09:33 (UTC) True 1
Fn
Get Time type = Ticks, time = 237667 True 1
Fn
Get Time type = Ticks, time = 237729 True 1
Fn
Get Time type = System Time, time = 1627-02-08 02:09:35 (UTC) True 5
Fn
Get Time type = System Time, time = 1627-02-08 02:09:36 (UTC) True 5
Fn
Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 67
Fn
Get Time type = System Time, time = 1627-02-08 02:09:38 (UTC) True 1
Fn
Get Time type = Local Time, time = 2018-08-28 08:29:46 (Local Time) True 1
Fn
Get Time type = Local Time, time = 2018-08-28 08:29:58 (Local Time) True 1
Fn
Get Info type = System Directory, result_out = C:\Windows\system32 True 28
Fn
Get Info type = Operating System True 6
Fn
Get Info type = Windows Directory, result_out = C:\Windows True 4
Fn
Mutex (4)
»
Operation Additional Information Success Count Logfile
Open mutex_name = Global\_MSIExecute, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\_MSIExecute, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\_MSIExecute, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\_MSIExecute, desired_access = SYNCHRONIZE True 1
Fn
Environment (176)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 8
Fn
Data
Get Environment String name = _MSI_TEST False 2
Fn
Get Environment String name = MsiBreak False 9
Fn
Set Environment String name = ALLUSERSPROFILE True 2
Fn
Set Environment String name = APPDATA True 1
Fn
Set Environment String name = CommonProgramFiles True 2
Fn
Set Environment String name = COMPUTERNAME True 2
Fn
Set Environment String name = ComSpec True 2
Fn
Set Environment String name = FP_NO_HOST_CHECK True 2
Fn
Set Environment String name = LOCALAPPDATA True 1
Fn
Set Environment String name = NUMBER_OF_PROCESSORS True 2
Fn
Set Environment String name = OS True 2
Fn
Set Environment String name = Path True 2
Fn
Set Environment String name = PATHEXT True 2
Fn
Set Environment String name = PROCESSOR_ARCHITECTURE True 2
Fn
Set Environment String name = PROCESSOR_IDENTIFIER True 2
Fn
Set Environment String name = PROCESSOR_LEVEL True 2
Fn
Set Environment String name = PROCESSOR_REVISION True 2
Fn
Set Environment String name = ProgramData True 2
Fn
Set Environment String name = ProgramFiles True 2
Fn
Set Environment String name = PSModulePath True 2
Fn
Set Environment String name = PUBLIC True 2
Fn
Set Environment String name = SystemDrive True 2
Fn
Set Environment String name = SystemRoot True 2
Fn
Set Environment String name = TEMP True 2
Fn
Set Environment String name = TMP True 2
Fn
Set Environment String name = USERDOMAIN True 1
Fn
Set Environment String name = USERNAME True 2
Fn
Set Environment String name = USERPROFILE True 2
Fn
Set Environment String name = windir True 2
Fn
Set Environment String name = ALLUSERSPROFILE, value = C:\ProgramData True 4
Fn
Set Environment String name = CommonProgramFiles, value = C:\Program Files\Common Files True 4
Fn
Set Environment String name = COMPUTERNAME, value = CRH2YWU7 True 4
Fn
Set Environment String name = ComSpec, value = C:\Windows\system32\cmd.exe True 4
Fn
Set Environment String name = FP_NO_HOST_CHECK, value = NO True 4
Fn
Set Environment String name = NUMBER_OF_PROCESSORS, value = 1 True 4
Fn
Set Environment String name = OS, value = Windows_NT True 4
Fn
Set Environment String name = Path, value = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ True 2
Fn
Set Environment String name = PATHEXT, value = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 4
Fn
Set Environment String name = PROCESSOR_ARCHITECTURE, value = x86 True 4
Fn
Set Environment String name = PROCESSOR_IDENTIFIER, value = x86 Family 6 Model 94 Stepping 3, GenuineIntel True 4
Fn
Set Environment String name = PROCESSOR_LEVEL, value = 6 True 4
Fn
Set Environment String name = PROCESSOR_REVISION, value = 5e03 True 4
Fn
Set Environment String name = ProgramData, value = C:\ProgramData True 4
Fn
Set Environment String name = ProgramFiles, value = C:\Program Files True 4
Fn
Set Environment String name = PSModulePath, value = C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ True 4
Fn
Set Environment String name = PUBLIC, value = C:\Users\Public True 4
Fn
Set Environment String name = SystemDrive, value = C: True 4
Fn
Set Environment String name = SystemRoot, value = C:\Windows True 4
Fn
Set Environment String name = TEMP, value = C:\Windows\TEMP True 2
Fn
Set Environment String name = TMP, value = C:\Windows\TEMP True 2
Fn
Set Environment String name = USERNAME, value = SYSTEM True 2
Fn
Set Environment String name = USERPROFILE, value = C:\Users\Default True 2
Fn
Set Environment String name = windir, value = C:\Windows True 4
Fn
Set Environment String name = APPDATA, value = C:\Users\EEBsYm5\AppData\Roaming True 2
Fn
Set Environment String name = HOMEDRIVE, value = C: True 2
Fn
Set Environment String name = HOMEPATH, value = \Users\EEBsYm5 True 2
Fn
Set Environment String name = LOCALAPPDATA, value = C:\Users\EEBsYm5\AppData\Local True 2
Fn
Set Environment String name = LOGONSERVER, value = \\CRH2YWU7 True 2
Fn
Set Environment String name = TEMP, value = C:\Users\EEBsYm5\AppData\Local\Temp True 2
Fn
Set Environment String name = TMP, value = C:\Users\EEBsYm5\AppData\Local\Temp True 2
Fn
Set Environment String name = USERDOMAIN, value = CRH2YWU7 True 2
Fn
Set Environment String name = USERNAME, value = EEBsYm5 True 2
Fn
Set Environment String name = USERPROFILE, value = C:\Users\EEBsYm5 True 2
Fn
Process #3: msiexec.exe
1920 1657
»
Information Value
ID #3
File Name c:\windows\system32\msiexec.exe
Command Line C:\Windows\system32\MsiExec.exe -Embedding 184DC0E98E8691C9B1AAA08C2752D03C C
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:01:01, Reason: Child Process
Unmonitor End Time: 00:03:53, Reason: Terminated by Timeout
Monitor Duration 00:02:52
OS Process Information
»
Information Value
PID 0xa6c
Parent PID 0xa44 (c:\windows\system32\msiexec.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x A70
0x A74
0x A78
0x A7C
0x A80
0x A88
0x A8C
0x A94
0x AA4
0x AEC
0x AF0
0x AF4
0x AF8
0x AFC
0x B00
0x BAC
0x BB4
0x BBC
0x DD4
0x DE4
0x DE8
0x DEC
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x00026fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000040000 0x00040000 0x00041fff Pagefile Backed Memory r True False False -
locale.nls 0x00050000 0x000b6fff Memory Mapped File r False False False -
pagefile_0x00000000000c0000 0x000c0000 0x000c1fff Pagefile Backed Memory rw True False False -
msiexec.exe.mui 0x000d0000 0x000d0fff Memory Mapped File rw False False False -
private_0x00000000000e0000 0x000e0000 0x000e0fff Private Memory rw True False False -
private_0x00000000000f0000 0x000f0000 0x000f0fff Private Memory rw True False False -
windowsshell.manifest 0x00100000 0x00100fff Memory Mapped File r False False False -
pagefile_0x0000000000100000 0x00100000 0x00100fff Pagefile Backed Memory r True False False -
private_0x0000000000110000 0x00110000 0x0011ffff Private Memory rw True False False -
pagefile_0x0000000000120000 0x00120000 0x00121fff Pagefile Backed Memory r True False False -
private_0x0000000000130000 0x00130000 0x0016ffff Private Memory rw True False False -
pagefile_0x0000000000170000 0x00170000 0x00237fff Pagefile Backed Memory r True False False -
rpcss.dll 0x00240000 0x0029bfff Memory Mapped File r False False False -
pagefile_0x0000000000240000 0x00240000 0x00240fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000250000 0x00250000 0x00250fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000260000 0x00260000 0x00260fff Pagefile Backed Memory rw True False False -
private_0x0000000000270000 0x00270000 0x002affff Private Memory rw True False False -
pagefile_0x0000000000270000 0x00270000 0x00270fff Pagefile Backed Memory r True False False -
pagefile_0x00000000002b0000 0x002b0000 0x002b0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000002c0000 0x002c0000 0x002c1fff Pagefile Backed Memory r True False False -
index.dat 0x002d0000 0x002d7fff Memory Mapped File rw True False False -
private_0x00000000002e0000 0x002e0000 0x003dffff Private Memory rw True False False -
pagefile_0x00000000003e0000 0x003e0000 0x004e0fff Pagefile Backed Memory r True False False -
index.dat 0x004f0000 0x0051bfff Memory Mapped File rw True False False -
private_0x0000000000520000 0x00520000 0x0055ffff Private Memory rw True False False -
rsaenh.dll 0x00560000 0x0059bfff Memory Mapped File r False False False -
index.dat 0x00560000 0x0056ffff Memory Mapped File rw True False False -
private_0x0000000000570000 0x00570000 0x005bffff Private Memory rw True False False -
pagefile_0x0000000000570000 0x00570000 0x00570fff Pagefile Backed Memory r True False False -
private_0x0000000000580000 0x00580000 0x005bffff Private Memory rw True False False -
private_0x00000000005a0000 0x005a0000 0x005dffff Private Memory rw True False False -
pagefile_0x00000000005c0000 0x005c0000 0x005c0fff Pagefile Backed Memory rw True False False -
urlmon.dll.mui 0x005d0000 0x005d7fff Memory Mapped File rw False False False -
private_0x00000000005e0000 0x005e0000 0x0061ffff Private Memory rw True False False -
pagefile_0x0000000000620000 0x00620000 0x00620fff Pagefile Backed Memory r True False False -
private_0x0000000000640000 0x00640000 0x0067ffff Private Memory rw True False False -
pagefile_0x0000000000680000 0x00680000 0x0075efff Pagefile Backed Memory r True False False -
msiexec.exe 0x00780000 0x00793fff Memory Mapped File rwx True False False -
pagefile_0x00000000007a0000 0x007a0000 0x0139ffff Pagefile Backed Memory r True False False -
sortdefault.nls 0x013a0000 0x0166efff Memory Mapped File r False False False -
private_0x0000000001690000 0x01690000 0x016cffff Private Memory rw True False False -
private_0x0000000001700000 0x01700000 0x0170ffff Private Memory rw True False False -
private_0x0000000001710000 0x01710000 0x0174ffff Private Memory rw True False False -
private_0x0000000001730000 0x01730000 0x0176ffff Private Memory rw True False False -
private_0x0000000001740000 0x01740000 0x0177ffff Private Memory rw True False False -
private_0x0000000001750000 0x01750000 0x018fffff Private Memory rw True False False -
private_0x00000000017b0000 0x017b0000 0x017bffff Private Memory rw True False False -
private_0x00000000017c0000 0x017c0000 0x017fffff Private Memory rw True False False -
private_0x00000000017c0000 0x017c0000 0x0181ffff Private Memory rw True False False -
private_0x00000000017c0000 0x017c0000 0x0182ffff Private Memory rw True False False -
private_0x00000000017e0000 0x017e0000 0x0181ffff Private Memory rw True False False -
private_0x0000000001830000 0x01830000 0x0186ffff Private Memory rw True False False -
private_0x00000000018c0000 0x018c0000 0x018fffff Private Memory rw True False False -
private_0x0000000001900000 0x01900000 0x01a0ffff Private Memory rw True False False -
private_0x0000000001940000 0x01940000 0x0197ffff Private Memory rw True False False -
private_0x0000000001980000 0x01980000 0x019bffff Private Memory rw True False False -
private_0x0000000001a00000 0x01a00000 0x01a0ffff Private Memory rw True False False -
private_0x0000000001a10000 0x01a10000 0x01b0ffff Private Memory rw True False False -
private_0x0000000001b10000 0x01b10000 0x01d0ffff Private Memory rw True False False -
private_0x0000000001b10000 0x01b10000 0x01c0ffff Private Memory rw True False False -
private_0x0000000001b30000 0x01b30000 0x01b6ffff Private Memory rw True False False -
private_0x0000000001b50000 0x01b50000 0x01b8ffff Private Memory rw True False False -
private_0x0000000001cd0000 0x01cd0000 0x01d0ffff Private Memory rw True False False -
private_0x0000000001d10000 0x01d10000 0x01d4ffff Private Memory rw True False False -
private_0x0000000001df0000 0x01df0000 0x01e2ffff Private Memory rw True False False -
private_0x0000000001f10000 0x01f10000 0x01f4ffff Private Memory rw True False False -
msi32f7.tmp 0x6c440000 0x6c48dfff Memory Mapped File rwx True False False -
msiecb1.tmp 0x6e4a0000 0x6e4edfff Memory Mapped File rwx True True False
...
npmproxy.dll 0x6e700000 0x6e707fff Memory Mapped File rwx False False False -
netprofm.dll 0x6e8a0000 0x6e8f9fff Memory Mapped File rwx False False False -
msic85d.tmp 0x6ee80000 0x6ee98fff Memory Mapped File rwx True True False
...
msi.dll 0x6f040000 0x6f27ffff Memory Mapped File rwx False False False -
rasadhlp.dll 0x704a0000 0x704a5fff Memory Mapped File rwx False False False -
msicf22.tmp 0x71f20000 0x71f38fff Memory Mapped File rwx True True False
...
sensapi.dll 0x71f20000 0x71f25fff Memory Mapped File rwx False False False -
winrnr.dll 0x71f60000 0x71f67fff Memory Mapped File rwx False False False -
pnrpnsp.dll 0x71f70000 0x71f81fff Memory Mapped File rwx False False False -
rasman.dll 0x725f0000 0x72604fff Memory Mapped File rwx False False False -
rasapi32.dll 0x72610000 0x72661fff Memory Mapped File rwx False False False -
rtutils.dll 0x73390000 0x7339cfff Memory Mapped File rwx False False False -
napinsp.dll 0x733c0000 0x733cffff Memory Mapped File rwx False False False -
dhcpcsvc.dll 0x73670000 0x73681fff Memory Mapped File rwx False False False -
dhcpcsvc6.dll 0x73690000 0x7369cfff Memory Mapped File rwx False False False -
fwpuclnt.dll 0x736b0000 0x736e7fff Memory Mapped File rwx False False False -
winnsi.dll 0x737c0000 0x737c6fff Memory Mapped File rwx False False False -
iphlpapi.dll 0x737d0000 0x737ebfff Memory Mapped File rwx False False False -
nlaapi.dll 0x738f0000 0x738fffff Memory Mapped File rwx False False False -
ntmarta.dll 0x73c00000 0x73c20fff Memory Mapped File rwx False False False -
uxtheme.dll 0x741e0000 0x7421ffff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
version.dll 0x748d0000 0x748d8fff Memory Mapped File rwx False False False -
wshtcpip.dll 0x74960000 0x74964fff Memory Mapped File rwx False False False -
rsaenh.dll 0x74bf0000 0x74c2afff Memory Mapped File rwx False False False -
dnsapi.dll 0x74cd0000 0x74d13fff Memory Mapped File rwx False False False -
wship6.dll 0x74e00000 0x74e05fff Memory Mapped File rwx False False False -
mswsock.dll 0x74e10000 0x74e4bfff Memory Mapped File rwx False False False -
cryptsp.dll 0x74e50000 0x74e65fff Memory Mapped File rwx False False False -
sspicli.dll 0x752b0000 0x752cafff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x75370000 0x7537dfff Memory Mapped File rwx False False False -
profapi.dll 0x75380000 0x7538afff Memory Mapped File rwx False False False -
msasn1.dll 0x753f0000 0x753fbfff Memory Mapped File rwx False False False -
crypt32.dll 0x75420000 0x7553cfff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
wldap32.dll 0x75730000 0x75774fff Memory Mapped File rwx False False False -
clbcatq.dll 0x75780000 0x75802fff Memory Mapped File rwx False False False -
nsi.dll 0x75810000 0x75815fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
wininet.dll 0x76650000 0x76744fff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
urlmon.dll 0x76e70000 0x76fa5fff Memory Mapped File rwx False False False -
iertutil.dll 0x76fb0000 0x771aafff Memory Mapped File rwx False False False -
comdlg32.dll 0x771b0000 0x7722afff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
normaliz.dll 0x77370000 0x77372fff Memory Mapped File rwx False False False -
ws2_32.dll 0x77380000 0x773b4fff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
private_0x000000007ffaf000 0x7ffaf000 0x7ffaffff Private Memory rw True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffd3000 0x7ffd3000 0x7ffd3fff Private Memory rw True False False -
private_0x000000007ffd4000 0x7ffd4000 0x7ffd4fff Private Memory rw True False False -
private_0x000000007ffd5000 0x7ffd5000 0x7ffd5fff Private Memory rw True False False -
private_0x000000007ffd6000 0x7ffd6000 0x7ffd6fff Private Memory rw True False False -
private_0x000000007ffd7000 0x7ffd7000 0x7ffd7fff Private Memory rw True False False -
private_0x000000007ffd8000 0x7ffd8000 0x7ffd8fff Private Memory rw True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory rw True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory rw True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
For performance reasons, the remaining 25 entries are omitted.
The remaining entries can be found in flog.txt.
Created Files
»
Filename File Size Hash Values YARA Match Actions
c:\windows\tasks\{de4c87a4-56df-40f2-bf3b-9314f5f8610b}.job 1.30 KB MD5: 6d2953aecb9fbe84dc91348d2fa4b0dc
SHA1: 32eca5d0f4c2ad3aa59a99fe4391f0a1b4120923
SHA256: 076f5bd18aa1da33b7bce288ac15639132c1609bccfd8b523cf7095394f71e36
SSDeep: 24:dI+IftIxh1nDP52kl7VR+DP2eSypUWDSqIxSfLI3ipV5+dzON:CftIVnToGp0TxphdIgDI3SqdzO 		False
...
C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part 10.00 MB MD5: fe81caf55bd98d3b8d53bdd38f214dcb
SHA1: 0defd3e408dee73b55e8d05ac2df12b86c8d7302
SHA256: 914d529465cdc3b7598bd4c0457583f2e779180fd206f85867f9abd7f8cd739b
SSDeep: 196608:itDW2c3gwhxOn0UM0Uyqn6Stt6MNfW9BKzFhBgDwdlzOoxJOh1odBPg14Kq4QKxY:I/ln0Dyqntt6MJsKzFhBDlzxJ+1o36Ij 		False
...
Host Behavior
COM (5)
»
Operation Class Interface Additional Information Success Count Logfile
Create 000C101C-0000-0000-C000-000000000046 00000000-0000-0000-C000-000000000046 cls_context = CLSCTX_LOCAL_SERVER True 1
Fn
Create 4DF0C730-DF9D-4AE3-9153-AA6B82E9795A 8BE2D872-86AA-4D47-B776-32CCA40C7018 cls_context = CLSCTX_INPROC_SERVER True 3
Fn
Create 148BD52A-A2AB-11CE-B11F-00AA00530503 148BD527-A2AB-11CE-B11F-00AA00530503 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
File (1678)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL False 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create Directory C:\Users - False 1
Fn
Create Directory C:\Users\EEBsYm5 - False 1
Fn
Create Directory C:\Users\EEBsYm5\AppData - False 1
Fn
Create Directory C:\Users\EEBsYm5\AppData\Roaming - False 1
Fn
Create Directory C:\Users\EEBsYm5\AppData\Roaming\Adobe - False 1
Fn
Create Directory C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader - True 1
Fn
Create Directory C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites - True 1
Fn
Create Directory C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication - True 1
Fn
Get Info STD_OUTPUT_HANDLE type = file_type False 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part type = size True 1
Fn
Get Info - type = size True 1
Fn
Open STD_OUTPUT_HANDLE - True 5
Fn
Open STD_INPUT_HANDLE - True 4
Fn
Open STD_ERROR_HANDLE - True 4
Fn
Move C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe source_filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part True 1
Fn
Write C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part size = 610 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part size = 8192 True 1648
Fn
Data
Write C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part size = 8094 True 1
Fn
Data
Delete C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe - False 1
Fn
Registry (2)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InetStp - False 1
Fn
Enumerate Keys HKEY_CURRENT_USER - False 1
Fn
Process (3)
»
Operation Process Additional Information Success Count Logfile
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe show_window = SW_SHOWNORMAL True 1
Fn
Get Info c:\windows\system32\msiexec.exe type = PROCESS_WOW64_INFORMATION True 1
Fn
Open c:\users\eebsym5\desktop\adobereader_dcupd_en_cra_install.exe desired_access = SYNCHRONIZE True 1
Fn
Module (209)
»
Operation Module Additional Information Success Count Logfile
Load COMCTL32 base_address = 0x74360000 True 1
Fn
Load C:\Windows\system32\OLE32.DLL base_address = 0x76750000 True 1
Fn
Load Msi.dll base_address = 0x6f040000 True 1
Fn
Load ADVAPI32.dll base_address = 0x769f0000 True 1
Fn
Load WININET.dll base_address = 0x76650000 True 1
Fn
Get Handle c:\windows\system32\msiexec.exe base_address = 0x780000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76910000 True 78
Fn
Get Filename - process_name = c:\windows\system32\msiexec.exe, file_name_orig = C:\Windows\system32\MsiExec.exe, size = 260 True 4
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = InitCommonControlsEx, address_out = 0x743809ce True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoInitializeEx, address_out = 0x767909ad True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoInitializeSecurity, address_out = 0x76777259 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoCreateInstance, address_out = 0x76799d0b True 1
Fn
Get Address c:\windows\system32\msi.dll function = DllGetClassObject, address_out = 0x6f06183e True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoIsHandlerConnected, address_out = 0x768139b5 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = RegOpenKeyExW, address_out = 0x76a0468d True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = FlsAlloc, address_out = 0x7696418d True 4
Fn
Get Address c:\windows\system32\kernel32.dll function = FlsGetValue, address_out = 0x76961e16 True 4
Fn
Get Address c:\windows\system32\kernel32.dll function = FlsSetValue, address_out = 0x769676e6 True 4
Fn
Get Address c:\windows\system32\kernel32.dll function = FlsFree, address_out = 0x76961f61 True 4
Fn
Get Address c:\windows\system32\kernel32.dll function = EncodePointer, address_out = 0x7728a295 True 41
Fn
Get Address c:\windows\system32\kernel32.dll function = DecodePointer, address_out = 0x7728cd10 True 41
Fn
Get Address c:\windows\system32\kernel32.dll function = IsProcessorFeaturePresent, address_out = 0x769676b5 True 4
Fn
Get Address c:\windows\system32\kernel32.dll function = IsWow64Process, address_out = 0x76954785 True 1
Fn
Get Address c:\windows\system32\wininet.dll function = InternetOpenW, address_out = 0x76679197 True 1
Fn
Get Address c:\windows\system32\wininet.dll function = InternetSetStatusCallbackW, address_out = 0x766cc065 True 1
Fn
Get Address c:\windows\system32\wininet.dll function = InternetCrackUrlW, address_out = 0x76698930 True 1
Fn
Get Address c:\windows\system32\wininet.dll function = InternetConnectW, address_out = 0x7667492c True 1
Fn
Get Address c:\windows\system32\wininet.dll function = HttpOpenRequestW, address_out = 0x76674a42 True 1
Fn
Get Address c:\windows\system32\wininet.dll function = HttpSendRequestW, address_out = 0x7667ba12 True 1
Fn
Get Address c:\windows\system32\wininet.dll function = HttpQueryInfoW, address_out = 0x76675c75 True 2
Fn
Get Address c:\windows\system32\wininet.dll function = InternetCloseHandle, address_out = 0x7666ab49 True 1
Fn
Get Address c:\windows\system32\wininet.dll function = InternetQueryDataAvailable, address_out = 0x76675e5d True 1
Fn
Get Address c:\windows\system32\wininet.dll function = InternetReadFile, address_out = 0x7666b406 True 1
Fn
Service (1)
»
Operation Additional Information Success Count Logfile
Get Info - True 1
Fn
System (11)
»
Operation Additional Information Success Count Logfile
Sleep duration = -1 (infinite) False 1
Fn
Get Time type = System Time, time = 2018-08-28 10:27:41 (UTC) True 1
Fn
Get Time type = Ticks, time = 116953 True 1
Fn
Get Time type = System Time, time = 2018-08-28 10:29:14 (UTC) True 1
Fn
Get Info type = Operating System True 5
Fn
Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Get Info type = Operating System True 1
Fn
Environment (4)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 4
Fn
Data
Network Behavior
HTTP Sessions (1)
»
Information Value
Total Data Sent 200 bytes
Total Data Received 12.88 MB
Contacted Host Count 1
Contacted Hosts adobemacromedia.com
HTTP Session #1
»
Information Value
User Agent AdvancedInstaller
Server Name adobemacromedia.com
Server Port 80
Data Sent 200
Data Received 13509128
Operation Additional Information Success Count Logfile
Open Session user_agent = AdvancedInstaller, access_type = INTERNET_OPEN_TYPE_PRECONFIG, flags = INTERNET_FLAG_ASYNC True 1
Fn
Open Connection protocol = HTTP, server_name = adobemacromedia.com, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.0, target_resource = /setup.exe, accept_types = 26737692, flags = INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_KEEP_CONNECTION, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = adobemacromedia.com/setup.exe False 1
Fn
Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_CONTENT_LENGTH, size_out = 4 True 1
Fn
Data
Read Response size = 610, size_out = 610 True 1
Fn
Data
Read Response size = 8192, size_out = 8192 True 1648
Fn
Data
Read Response size = 8094, size_out = 8094 True 1
Fn
Data
Close Session - True 1
Fn
Process #5: adobereader_dcupd_en_cra_install.exe
495 0
»
Information Value
ID #5
File Name c:\users\eebsym5\desktop\adobereader_dcupd_en_cra_install.exe
Command Line "C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe" /i "C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi" CHAINERUIPROCESSID="2564Chainer" EXECUTEACTION="INSTALL" SECONDSEQUENCE="1" CLIENTPROCESSID="2564" ADDLOCAL="MainFeature,RequiredApplication" ACTION="INSTALL" CLIENTUILEVEL="0" PRIMARYFOLDER="APPDIR" ROOTDRIVE="C:\" AI_PREREQFILES="C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe" AI_PREREQDIRS="C:\Users\EEBsYm5\AppData\Roaming\Adobe" EXE_CMD_LINE="/exenoupdates /exelang 0 /noprereqs " AI_SETUPEXEPATH="C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe" SETUPEXEDIR="C:\Users\EEBsYm5\Desktop\" TARGETDIR="C:\" APPDIR="C:\Program Files\Adobe\Adobe Reader\"
Initial Working Directory C:\Users\EEBsYm5\Desktop\
Monitor Start Time: 00:01:39, Reason: Child Process
Unmonitor End Time: 00:02:51, Reason: Self Terminated
Monitor Duration 00:01:12
OS Process Information
»
Information Value
PID 0xbc0
Parent PID 0xa04 (c:\users\eebsym5\desktop\adobereader_dcupd_en_cra_install.exe)
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x BC4
0x BCC
0x BD0
0x BD4
0x BD8
0x BDC
0x BE0
0x BE4
0x BE8
0x DC8
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x00020fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000040000 0x00040000 0x00041fff Pagefile Backed Memory r True False False -
private_0x0000000000050000 0x00050000 0x0014ffff Private Memory rw True False False -
private_0x0000000000150000 0x00150000 0x00150fff Private Memory rw True False False -
pagefile_0x0000000000160000 0x00160000 0x00160fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000170000 0x00170000 0x00171fff Pagefile Backed Memory r True False False -
private_0x0000000000180000 0x00180000 0x0018ffff Private Memory rw True False False -
pagefile_0x0000000000190000 0x00190000 0x00191fff Pagefile Backed Memory r True False False -
private_0x00000000001a0000 0x001a0000 0x0029ffff Private Memory rw True False False -
locale.nls 0x002a0000 0x00306fff Memory Mapped File r False False False -
pagefile_0x0000000000310000 0x00310000 0x003d7fff Pagefile Backed Memory r True False False -
pagefile_0x00000000003e0000 0x003e0000 0x004e0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000004f0000 0x004f0000 0x010effff Pagefile Backed Memory r True False False -
private_0x00000000010f0000 0x010f0000 0x011bffff Private Memory rw True False False -
pagefile_0x00000000010f0000 0x010f0000 0x010f0fff Pagefile Backed Memory r True False False -
pagefile_0x0000000001100000 0x01100000 0x01100fff Pagefile Backed Memory r True False False -
cversions.1.db 0x01110000 0x01113fff Memory Mapped File r True False False -
pagefile_0x0000000001110000 0x01110000 0x01116fff Pagefile Backed Memory r True False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001a.db 0x01120000 0x0113efff Memory Mapped File r True False False -
pagefile_0x0000000001140000 0x01140000 0x01140fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000001150000 0x01150000 0x01151fff Pagefile Backed Memory rw True False False -
msimsg.dll.mui 0x01160000 0x01173fff Memory Mapped File rw False False False -
private_0x0000000001180000 0x01180000 0x011bffff Private Memory rw True False False -
private_0x00000000011c0000 0x011c0000 0x011cffff Private Memory rw True False False -
private_0x00000000011d0000 0x011d0000 0x0120ffff Private Memory rw True False False -
private_0x0000000001210000 0x01210000 0x0137ffff Private Memory rw True False False -
private_0x0000000001210000 0x01210000 0x0130ffff Private Memory rw True False False -
sxs.dll.mui 0x01310000 0x01315fff Memory Mapped File rw False False False -
sxs.dll 0x01310000 0x0136cfff Memory Mapped File r False False False -
fusion.dll 0x01310000 0x01326fff Memory Mapped File r True False False -
private_0x0000000001310000 0x01310000 0x01310fff Private Memory rw True False False -
private_0x0000000001330000 0x01330000 0x01330fff Private Memory rw True False False -
private_0x0000000001370000 0x01370000 0x0137ffff Private Memory rw True False False -
adobereader_dcupd_en_cra_install.exe 0x01380000 0x014fdfff Memory Mapped File rwx True True False
...
private_0x0000000001500000 0x01500000 0x0167ffff Private Memory rw True False False -
private_0x0000000001500000 0x01500000 0x015fffff Private Memory rw True False False -
sxs.dll.mui 0x01600000 0x01605fff Memory Mapped File rw False False False -
private_0x0000000001670000 0x01670000 0x0167ffff Private Memory rw True False False -
sortdefault.nls 0x01680000 0x0194efff Memory Mapped File r False False False -
pagefile_0x0000000001950000 0x01950000 0x01a2efff Pagefile Backed Memory r True False False -
private_0x0000000001a70000 0x01a70000 0x01b6ffff Private Memory rw True False False -
private_0x0000000001b70000 0x01b70000 0x01beffff Private Memory rw True False False -
private_0x0000000001c10000 0x01c10000 0x01d0ffff Private Memory rw True False False -
private_0x0000000001d10000 0x01d10000 0x01e10fff Private Memory rw True False False -
pagefile_0x0000000001d10000 0x01d10000 0x02102fff Pagefile Backed Memory r True False False -
pagefile_0x0000000002110000 0x02110000 0x0250ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000002510000 0x02510000 0x02603fff Pagefile Backed Memory r True False False -
private_0x0000000002530000 0x02530000 0x0262ffff Private Memory rw True False False -
pagefile_0x0000000002630000 0x02630000 0x02723fff Pagefile Backed Memory r True False False -
private_0x0000000002650000 0x02650000 0x0274ffff Private Memory rw True False False -
pagefile_0x0000000002750000 0x02750000 0x02843fff Pagefile Backed Memory r True False False -
private_0x00000000028d0000 0x028d0000 0x029cffff Private Memory rw True False False -
private_0x00000000029d0000 0x029d0000 0x02abffff Private Memory rw True False False -
kernelbase.dll.mui 0x029d0000 0x02a8ffff Memory Mapped File rw False False False -
private_0x0000000002ab0000 0x02ab0000 0x02abffff Private Memory rw True False False -
private_0x0000000002b00000 0x02b00000 0x02bfffff Private Memory rw True False False -
pagefile_0x0000000002c00000 0x02c00000 0x02cf3fff Pagefile Backed Memory r True False False -
private_0x0000000002d30000 0x02d30000 0x02d6ffff Private Memory rwx True False False -
private_0x0000000002d70000 0x02d70000 0x02e6ffff Private Memory rw True False False -
private_0x0000000002d80000 0x02d80000 0x02e7ffff Private Memory rw True False False -
private_0x0000000002e90000 0x02e90000 0x02f8ffff Private Memory rw True False False -
private_0x0000000002f90000 0x02f90000 0x0308ffff Private Memory rw True False False -
private_0x0000000003130000 0x03130000 0x0316ffff Private Memory rw True False False -
pagefile_0x0000000003170000 0x03170000 0x0356ffff Pagefile Backed Memory rw True False False -
clr.dll 0x6b330000 0x6b9d7fff Memory Mapped File rwx True False False -
clr.dll 0x6b9e0000 0x6c087fff Memory Mapped File rwx True False False -
msihnd.dll 0x6e0a0000 0x6e0f4fff Memory Mapped File rwx False False False -
mscoreei.dll 0x6e100000 0x6e177fff Memory Mapped File rwx True False False -
mscoree.dll 0x6e180000 0x6e1c9fff Memory Mapped File rwx True False False -
riched20.dll 0x6e1d0000 0x6e245fff Memory Mapped File rwx False False False -
fusion.dll 0x6e4b0000 0x6e4c5fff Memory Mapped File rwx True False False -
fusion.dll 0x6e4d0000 0x6e4e5fff Memory Mapped File rwx True False False -
msi.dll 0x6f040000 0x6f27ffff Memory Mapped File rwx False False False -
dbghelp.dll 0x6f8f0000 0x6f9dafff Memory Mapped File rwx False False False -
apphelp.dll 0x718b0000 0x718fbfff Memory Mapped File rwx False False False -
msimsg.dll 0x71f40000 0x71f46fff Memory Mapped File rwx False False False -
msimg32.dll 0x71f50000 0x71f54fff Memory Mapped File rwx False False False -
ntmarta.dll 0x73c00000 0x73c20fff Memory Mapped File rwx False False False -
samcli.dll 0x73c30000 0x73c3efff Memory Mapped File rwx False False False -
wkscli.dll 0x73c40000 0x73c4efff Memory Mapped File rwx False False False -
netutils.dll 0x73c50000 0x73c58fff Memory Mapped File rwx False False False -
netapi32.dll 0x73c60000 0x73c70fff Memory Mapped File rwx False False False -
dwmapi.dll 0x73eb0000 0x73ec2fff Memory Mapped File rwx False False False -
gdiplus.dll 0x74050000 0x741dffff Memory Mapped File rwx False False False -
uxtheme.dll 0x741e0000 0x7421ffff Memory Mapped File rwx False False False -
propsys.dll 0x74220000 0x74314fff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
version.dll 0x748d0000 0x748d8fff Memory Mapped File rwx False False False -
rsaenh.dll 0x74bf0000 0x74c2afff Memory Mapped File rwx False False False -
cryptsp.dll 0x74e50000 0x74e65fff Memory Mapped File rwx False False False -
srvcli.dll 0x75220000 0x75238fff Memory Mapped File rwx False False False -
secur32.dll 0x75290000 0x75297fff Memory Mapped File rwx False False False -
sspicli.dll 0x752b0000 0x752cafff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
sxs.dll 0x752e0000 0x7533efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x75370000 0x7537dfff Memory Mapped File rwx False False False -
profapi.dll 0x75380000 0x7538afff Memory Mapped File rwx False False False -
msasn1.dll 0x753f0000 0x753fbfff Memory Mapped File rwx False False False -
devobj.dll 0x75400000 0x75411fff Memory Mapped File rwx False False False -
crypt32.dll 0x75420000 0x7553cfff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
cfgmgr32.dll 0x75590000 0x755b6fff Memory Mapped File rwx False False False -
wintrust.dll 0x75650000 0x7567cfff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
wldap32.dll 0x75730000 0x75774fff Memory Mapped File rwx False False False -
clbcatq.dll 0x75780000 0x75802fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
setupapi.dll 0x764b0000 0x7664cfff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
comdlg32.dll 0x771b0000 0x7722afff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
imagehlp.dll 0x77430000 0x77459fff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffd6000 0x7ffd6000 0x7ffd6fff Private Memory rw True False False -
private_0x000000007ffd7000 0x7ffd7000 0x7ffd7fff Private Memory rw True False False -
private_0x000000007ffd8000 0x7ffd8000 0x7ffd8fff Private Memory rw True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory rw True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory rw True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Host Behavior
File (445)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create \\.\pipe\ToServer2564 desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Open STD_INPUT_HANDLE - True 1
Fn
Open STD_OUTPUT_HANDLE - True 1
Fn
Open STD_ERROR_HANDLE - True 1
Fn
Read \\.\pipe\ToServer2564 size = 1024, size_out = 10 True 110
Fn
Data
Read \\.\pipe\ToServer2564 size = 1024, size_out = 2 True 110
Fn
Data
Write \\.\pipe\ToServer2564 size = 18 True 108
Fn
Data
Write \\.\pipe\ToServer2564 size = 42 True 2
Fn
Data
Write \\.\pipe\ToServer2564 size = 16 True 2
Fn
Data
Write \\.\pipe\ToServer2564 size = 86 True 1
Fn
Data
Write \\.\pipe\ToServer2564 size = 62 True 2
Fn
Data
Write \\.\pipe\ToServer2564 size = 78 True 1
Fn
Data
Write \\.\pipe\ToServer2564 size = 0 True 103
Fn
Write \\.\pipe\ToServer2564 size = 72 True 1
Fn
Data
Registry (1)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer - True 1
Fn
Module (43)
»
Operation Module Additional Information Success Count Logfile
Load RICHED20.DLL base_address = 0x6e1d0000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76910000 True 15
Fn
Get Filename - process_name = c:\users\eebsym5\desktop\adobereader_dcupd_en_cra_install.exe, file_name_orig = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 260 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = FlsAlloc, address_out = 0x7696418d True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = FlsGetValue, address_out = 0x76961e16 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = FlsSetValue, address_out = 0x769676e6 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = FlsFree, address_out = 0x76961f61 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = EncodePointer, address_out = 0x7728a295 True 9
Fn
Get Address c:\windows\system32\kernel32.dll function = DecodePointer, address_out = 0x7728cd10 True 6
Fn
Get Address c:\windows\system32\kernel32.dll function = IsProcessorFeaturePresent, address_out = 0x769676b5 True 1
Fn
Get Address c:\windows\system32\msi.dll function = 137, address_out = 0x6f054e3e True 1
Fn
Get Address c:\windows\system32\msi.dll function = 281, address_out = 0x6f103183 True 1
Fn
Get Address c:\windows\system32\msi.dll function = 118, address_out = 0x6f113f4c True 1
Fn
Get Address c:\windows\system32\msi.dll function = 171, address_out = 0x6f112a79 True 1
Fn
Get Address c:\windows\system32\msi.dll function = 150, address_out = 0x6f11220b True 1
Fn
Get Address c:\windows\system32\msi.dll function = 34, address_out = 0x6f112be1 True 1
Fn
System (5)
»
Operation Additional Information Success Count Logfile
Get Time type = System Time, time = 2018-08-28 10:28:11 (UTC) True 2
Fn
Get Time type = Ticks, time = 147576 True 1
Fn
Get Time type = System Time, time = 2018-08-28 10:28:12 (UTC) True 2
Fn
Environment (1)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 1
Fn
Data
Process #10: msiexec.exe
141 0
»
Information Value
ID #10
File Name c:\windows\system32\msiexec.exe
Command Line C:\Windows\system32\MsiExec.exe -Embedding DF038523499942DC9F17A1C1DC9158CF
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:02:41, Reason: Child Process
Unmonitor End Time: 00:02:50, Reason: Self Terminated
Monitor Duration 00:00:09
OS Process Information
»
Information Value
PID 0xd78
Parent PID 0xa44 (c:\windows\system32\msiexec.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x D7C
0x D84
0x D8C
0x D90
0x D94
0x D98
0x DA0
0x DAC
0x DBC
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x00026fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000040000 0x00040000 0x00041fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000050000 0x00050000 0x00051fff Pagefile Backed Memory rw True False False -
msiexec.exe.mui 0x00060000 0x00060fff Memory Mapped File rw False False False -
private_0x0000000000070000 0x00070000 0x00070fff Private Memory rw True False False -
private_0x0000000000080000 0x00080000 0x0008ffff Private Memory rw True False False -
private_0x0000000000090000 0x00090000 0x000cffff Private Memory rw True False False -
locale.nls 0x000d0000 0x00136fff Memory Mapped File r False False False -
pagefile_0x0000000000140000 0x00140000 0x00207fff Pagefile Backed Memory r True False False -
private_0x0000000000210000 0x00210000 0x00210fff Private Memory rw True False False -
windowsshell.manifest 0x00220000 0x00220fff Memory Mapped File r False False False -
pagefile_0x0000000000220000 0x00220000 0x00220fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000230000 0x00230000 0x00231fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000240000 0x00240000 0x00240fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000250000 0x00250000 0x00250fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000260000 0x00260000 0x00260fff Pagefile Backed Memory rw True False False -
private_0x0000000000270000 0x00270000 0x0036ffff Private Memory rw True False False -
pagefile_0x0000000000370000 0x00370000 0x00470fff Pagefile Backed Memory r True False False -
sortdefault.nls 0x00480000 0x0074efff Memory Mapped File r False False False -
pagefile_0x0000000000750000 0x00750000 0x00750fff Pagefile Backed Memory r True False False -
private_0x0000000000760000 0x00760000 0x0076ffff Private Memory rw True False False -
msiexec.exe 0x00780000 0x00793fff Memory Mapped File rwx True False False -
pagefile_0x00000000007a0000 0x007a0000 0x0139ffff Pagefile Backed Memory r True False False -
rpcss.dll 0x013a0000 0x013fbfff Memory Mapped File r False False False -
rsaenh.dll 0x013a0000 0x013dbfff Memory Mapped File r False False False -
private_0x00000000013a0000 0x013a0000 0x0143ffff Private Memory rw True False False -
private_0x0000000001440000 0x01440000 0x0147ffff Private Memory rw True False False -
private_0x00000000014a0000 0x014a0000 0x014dffff Private Memory rw True False False -
pagefile_0x00000000014e0000 0x014e0000 0x015befff Pagefile Backed Memory r True False False -
private_0x00000000015d0000 0x015d0000 0x0160ffff Private Memory rw True False False -
private_0x0000000001640000 0x01640000 0x0167ffff Private Memory rw True False False -
private_0x0000000001680000 0x01680000 0x016bffff Private Memory rw True False False -
private_0x00000000016c0000 0x016c0000 0x0175ffff Private Memory rw True False False -
private_0x0000000001710000 0x01710000 0x0174ffff Private Memory rw True False False -
private_0x0000000001730000 0x01730000 0x0176ffff Private Memory rw True False False -
private_0x0000000001750000 0x01750000 0x0187ffff Private Memory rw True False False -
private_0x0000000001750000 0x01750000 0x0184ffff Private Memory rw True False False -
private_0x0000000001770000 0x01770000 0x0186ffff Private Memory rw True False False -
private_0x0000000001870000 0x01870000 0x0187ffff Private Memory rw True False False -
msi1832.tmp 0x6c440000 0x6c48dfff Memory Mapped File rwx True True False
...
msi14e6.tmp 0x6e250000 0x6e268fff Memory Mapped File rwx True True False
...
msi.dll 0x6f040000 0x6f27ffff Memory Mapped File rwx False False False -
uxtheme.dll 0x741e0000 0x7421ffff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
version.dll 0x748d0000 0x748d8fff Memory Mapped File rwx False False False -
rsaenh.dll 0x74bf0000 0x74c2afff Memory Mapped File rwx False False False -
cryptsp.dll 0x74e50000 0x74e65fff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x75370000 0x7537dfff Memory Mapped File rwx False False False -
profapi.dll 0x75380000 0x7538afff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
clbcatq.dll 0x75780000 0x75802fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
comdlg32.dll 0x771b0000 0x7722afff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory rw True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory rw True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Host Behavior
COM (4)
»
Operation Class Interface Additional Information Success Count Logfile
Create 000C101C-0000-0000-C000-000000000046 00000000-0000-0000-C000-000000000046 cls_context = CLSCTX_LOCAL_SERVER True 1
Fn
Create 4DF0C730-DF9D-4AE3-9153-AA6B82E9795A 8BE2D872-86AA-4D47-B776-32CCA40C7018 cls_context = CLSCTX_INPROC_SERVER True 3
Fn
File (21)
»
Operation Filename Additional Information Success Count Logfile
Create \\.\pipe\ToServerAdvinst_Estimate_C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\.\pipe\ToServerAdvinst_Extract_C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Get Info STD_OUTPUT_HANDLE type = file_type False 1
Fn
Open STD_OUTPUT_HANDLE - True 4
Fn
Open STD_INPUT_HANDLE - True 3
Fn
Open STD_ERROR_HANDLE - True 3
Fn
Read \\.\pipe\ToServerAdvinst_Estimate_C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe size = 32656, size_out = 2 True 2
Fn
Data
Read \\.\pipe\ToServerAdvinst_Extract_C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe size = 32656, size_out = 18 True 1
Fn
Data
Write \\.\pipe\ToServerAdvinst_Estimate_C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe size = 4 True 3
Fn
Data
Write \\.\pipe\ToServerAdvinst_Extract_C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe size = 4 True 2
Fn
Data
Registry (2)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InetStp - False 1
Fn
Enumerate Keys HKEY_CURRENT_USER - False 1
Fn
Process (2)
»
Operation Process Additional Information Success Count Logfile
Get Info c:\windows\system32\msiexec.exe type = PROCESS_WOW64_INFORMATION True 1
Fn
Open c:\windows\system32\msiexec.exe desired_access = SYNCHRONIZE True 1
Fn
Module (99)
»
Operation Module Additional Information Success Count Logfile
Load COMCTL32 base_address = 0x74360000 True 1
Fn
Load C:\Windows\system32\OLE32.DLL base_address = 0x76750000 True 1
Fn
Load Msi.dll base_address = 0x6f040000 True 1
Fn
Load ADVAPI32.dll base_address = 0x769f0000 True 1
Fn
Get Handle c:\windows\system32\msiexec.exe base_address = 0x780000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76910000 True 36
Fn
Get Filename - process_name = c:\windows\system32\msiexec.exe, file_name_orig = C:\Windows\system32\MsiExec.exe, size = 260 True 3
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = InitCommonControlsEx, address_out = 0x743809ce True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoInitializeEx, address_out = 0x767909ad True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoInitializeSecurity, address_out = 0x76777259 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoCreateInstance, address_out = 0x76799d0b True 1
Fn
Get Address c:\windows\system32\msi.dll function = DllGetClassObject, address_out = 0x6f06183e True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoIsHandlerConnected, address_out = 0x768139b5 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = RegOpenKeyExW, address_out = 0x76a0468d True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = FlsAlloc, address_out = 0x7696418d True 3
Fn
Get Address c:\windows\system32\kernel32.dll function = FlsGetValue, address_out = 0x76961e16 True 3
Fn
Get Address c:\windows\system32\kernel32.dll function = FlsSetValue, address_out = 0x769676e6 True 3
Fn
Get Address c:\windows\system32\kernel32.dll function = FlsFree, address_out = 0x76961f61 True 3
Fn
Get Address c:\windows\system32\kernel32.dll function = EncodePointer, address_out = 0x7728a295 True 24
Fn
Get Address c:\windows\system32\kernel32.dll function = DecodePointer, address_out = 0x7728cd10 True 9
Fn
Get Address c:\windows\system32\kernel32.dll function = IsProcessorFeaturePresent, address_out = 0x769676b5 True 3
Fn
System (7)
»
Operation Additional Information Success Count Logfile
Sleep duration = -1 (infinite) True 1
Fn
Get Time type = System Time, time = 2018-08-28 10:29:06 (UTC) True 1
Fn
Get Time type = Ticks, time = 202021 True 1
Fn
Get Info type = Operating System True 3
Fn
Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Environment (3)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 3
Fn
Data
Process #11: setup.exe
1795 0
»
Information Value
ID #11
File Name c:\users\eebsym5\appdata\roaming\adobe\adobe reader\prerequisites\requiredapplication\setup.exe
Command Line "C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe"
Initial Working Directory C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\
Monitor Start Time: 00:02:51, Reason: Child Process
Unmonitor End Time: 00:03:53, Reason: Terminated by Timeout
Monitor Duration 00:01:02
OS Process Information
»
Information Value
PID 0xdf0
Parent PID 0xa6c (c:\windows\system32\msiexec.exe)
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x DF4
0x DF8
0x DFC
0x E00
0x E04
0x EA4
0x EE0
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x00020fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x0012ffff Private Memory rw True False False -
pagefile_0x0000000000130000 0x00130000 0x00133fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000140000 0x00140000 0x00142fff Pagefile Backed Memory r True False False -
locale.nls 0x00150000 0x001b6fff Memory Mapped File r False False False -
private_0x00000000001c0000 0x001c0000 0x001c0fff Private Memory rw True False False -
pagefile_0x00000000001d0000 0x001d0000 0x001d6fff Pagefile Backed Memory r True False False -
pagefile_0x00000000001e0000 0x001e0000 0x001e1fff Pagefile Backed Memory r True False False -
pagefile_0x00000000001f0000 0x001f0000 0x001f1fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000200000 0x00200000 0x00200fff Pagefile Backed Memory rw True False False -
private_0x0000000000210000 0x00210000 0x0021ffff Private Memory rw True False False -
rpcss.dll 0x00220000 0x0027bfff Memory Mapped File r False False False -
private_0x0000000000220000 0x00220000 0x0029ffff Private Memory rw True False False -
private_0x00000000002a0000 0x002a0000 0x0039ffff Private Memory rw True False False -
pagefile_0x00000000003a0000 0x003a0000 0x003a1fff Pagefile Backed Memory r True False False -
pagefile_0x00000000003b0000 0x003b0000 0x003b0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000003c0000 0x003c0000 0x003c0fff Pagefile Backed Memory r True False False -
cversions.1.db 0x003d0000 0x003d3fff Memory Mapped File r True False False -
pagefile_0x00000000003d0000 0x003d0000 0x003d1fff Pagefile Backed Memory r True False False -
msctf.dll.mui 0x003d0000 0x003d0fff Memory Mapped File rw False False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001a.db 0x003e0000 0x003fefff Memory Mapped File r True False False -
setup.exe 0x00400000 0x00432fff Memory Mapped File rwx True True False
...
pagefile_0x0000000000440000 0x00440000 0x00507fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000510000 0x00510000 0x00610fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000620000 0x00620000 0x0121ffff Pagefile Backed Memory r True False False -
private_0x0000000001220000 0x01220000 0x0131ffff Private Memory - True False False -
private_0x0000000001320000 0x01320000 0x0151ffff Private Memory rw True False False -
pagefile_0x0000000001320000 0x01320000 0x013fefff Pagefile Backed Memory r True False False -
private_0x0000000001400000 0x01400000 0x014cffff Private Memory rw True False False -
pagefile_0x0000000001400000 0x01400000 0x01400fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000001410000 0x01410000 0x01411fff Pagefile Backed Memory r True False False -
cversions.2.db 0x01410000 0x01413fff Memory Mapped File r True False False -
{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db 0x01420000 0x0144ffff Memory Mapped File r True False False -
cversions.2.db 0x01450000 0x01453fff Memory Mapped File r True False False -
private_0x0000000001490000 0x01490000 0x014cffff Private Memory rw True False False -
private_0x00000000014e0000 0x014e0000 0x0151ffff Private Memory rw True False False -
private_0x0000000001520000 0x01520000 0x016affff Private Memory rw True False False -
private_0x0000000001520000 0x01520000 0x01620fff Private Memory rw True False False -
private_0x0000000001520000 0x01520000 0x0161ffff Private Memory rw True False False -
private_0x0000000001670000 0x01670000 0x016affff Private Memory rw True False False -
staticcache.dat 0x016b0000 0x01fdffff Memory Mapped File r False False False -
pagefile_0x0000000001fe0000 0x01fe0000 0x023d2fff Pagefile Backed Memory r True False False -
sortdefault.nls 0x023e0000 0x026aefff Memory Mapped File r False False False -
private_0x00000000026b0000 0x026b0000 0x027affff Private Memory rw True False False -
private_0x00000000027b0000 0x027b0000 0x029bffff Private Memory - True False False -
private_0x00000000029c0000 0x029c0000 0x02abffff Private Memory rw True False False -
{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db 0x02ac0000 0x02b25fff Memory Mapped File r True False False -
cabinet.dll 0x6e710000 0x6e724fff Memory Mapped File rwx False False False -
winmm.dll 0x6e9f0000 0x6ea21fff Memory Mapped File rwx False False False -
msftedit.dll 0x72df0000 0x72e83fff Memory Mapped File rwx False False False -
ntmarta.dll 0x73c00000 0x73c20fff Memory Mapped File rwx False False False -
dwmapi.dll 0x73eb0000 0x73ec2fff Memory Mapped File rwx False False False -
uxtheme.dll 0x741e0000 0x7421ffff Memory Mapped File rwx False False False -
propsys.dll 0x74220000 0x74314fff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
sspicli.dll 0x752b0000 0x752cafff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
profapi.dll 0x75380000 0x7538afff Memory Mapped File rwx False False False -
msasn1.dll 0x753f0000 0x753fbfff Memory Mapped File rwx False False False -
devobj.dll 0x75400000 0x75411fff Memory Mapped File rwx False False False -
crypt32.dll 0x75420000 0x7553cfff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
cfgmgr32.dll 0x75590000 0x755b6fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
wldap32.dll 0x75730000 0x75774fff Memory Mapped File rwx False False False -
clbcatq.dll 0x75780000 0x75802fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
setupapi.dll 0x764b0000 0x7664cfff Memory Mapped File rwx False False False -
wininet.dll 0x76650000 0x76744fff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
urlmon.dll 0x76e70000 0x76fa5fff Memory Mapped File rwx False False False -
iertutil.dll 0x76fb0000 0x771aafff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffd3000 0x7ffd3000 0x7ffd3fff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Created Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp 8.00 MB MD5: 9ae575f6a34e8871a32c43471d9d13d8
SHA1: 3e351eb6c1345f89a8b35df0422a393b69452ac9
SHA256: 567e249593dfc9d38fe100ac65ab61354db4df1a2c0cf2c98f238f73b86fef05
SSDeep: 196608:h850aYC5474KshSrnY0BLvpudECcInoaHbWt5:h85b54bsYnYIvcC8W3 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp 4.10 MB MD5: cab49c9a9a736317337fe877343483d6
SHA1: c2afc29ced8833786c7b8147dfd5caded1b566b3
SHA256: 9f726f48895110cee07f50e7cb5e85fed787c579c8a77f772b086bcc0fc0ca94
SSDeep: 98304:y1O3TwuO8UCzOnLbVNQrP93EblVidAaakfIbv:y1GUmUVcPyld6Ibv 		False
...
C:\inst_fold\arm.7z 10.00 MB MD5: 7874c4ad19fbed665ed3e6b8d90a009c
SHA1: bffa277a7329622d9fdd95e7c2fc2acaae788cc7
SHA256: 82db7c2be6139244569f2b0661c3960c8dcfaf00280ac4f98d07a5dbf798c6b5
SSDeep: 196608:4jzRE/T/wS/db6xrQf7MPif9Bhf1W2vDpjsA+xwYCCxOhR9CBAaz5jC4k6CW0O:iY/5J6xriMPilv1W2vDpqxKCxiR91qka 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp 4.70 MB MD5: f05355bd99cbbd28dcb7c222882cb208
SHA1: ee9c1219f3583aff481e0795b9282e93f23f69b5
SHA256: 7e7997651bc4760b1519618acc39f6fcbfd60da7516de1cd58ac59da2ae465bc
SSDeep: 98304:SdnIq4bwbRG4bOikbjJ6ozsz0vvg8k9lRZlHPfeEuPbbmLfG:Bq4QKxQ0vo8k9rHf7uPEO 		False
...
C:\inst_fold\7zaa.exe 674.50 KB MD5: 0184e6ebe133ef41a8cc6ef98a263712
SHA1: cb9f603e061aef833a2db501aa8ba6ba007d768e
SHA256: dd6d7af00ef4ca89a319a230cdd094275c3a1d365807fe5b34133324bdaa0229
SSDeep: 12288:rmJysC11szmzqS/Vf3gny3MhcGsnWrfATfkeafIO3rn1ExwnZE1f:r9s/zmT/my8zoW6ff4rn1ExwZE 		False
...
C:\inst_fold\7za.dll 250.50 KB MD5: 4ca574943165d792efadffff193a5395
SHA1: 282c147dd34ec7bb7d5631ea25c69b656b3f1d62
SHA256: 7f1e0ea1984aacaee736f3082560d53f3e990b44d6e5d2b9ed38a148de79a0fb
SSDeep: 3072:8xDDNhSGkz5e5cfll2+NkqXGJFGOm26C2zIvr1FnYzyrnJEYAAAAA+hIefckRQEH:R6Wl20LA4OBrn+NedRO7xn3T 		False
...
C:\inst_fold\7zxa.dll 144.00 KB MD5: 4d183847804e733fb6a197e24272e870
SHA1: 11a11deee65803c75fffb496f91494e6e1e4b7fc
SHA256: 7f964a73d3bd666a494b6eb82aa984bc0b4e77172a78aa4be786d9a578103224
SSDeep: 3072:TYpNRok2PQFDTQQYvanxOokAAAAA+cQKiG3iral6W60b:ahFDTQdZG3zUW6 		False
...
C:\inst_fold\waitbefore.bat 0.34 KB MD5: 4cbe466d2b15ee4997fe7fbd23948f9f
SHA1: d15991cff4dbe40619fc67f9aee107753baa394a
SHA256: f7f833279725977cfcfe274688352ea1f7c8b118bc6d9c30fa22624bfcb1c525
SSDeep: 6:WAFDMP1t0wL0xaXpjuFDMP1zc0wL0xaXpjuFDMP13WN60wL0xaXpEFKwl/n:Wgo0y0xOpu50y0xOpujY0y0xOpEFJ 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp 8.00 MB MD5: 9e55e2d9cb3f05e91f3595a72dbe9d4c
SHA1: d07076ddb26fb08e098ba7f31ca930b245ed51ad
SHA256: 71a7922ead2456dffb960e97462019cce2b7058fd64dd7c9abd409daf3100392
SSDeep: 196608:gW2c3gwhxOn0UM0Uyqn6Stt6MNfW9BKzFhBgDwdlzOoxJOh1odBPg149:g/ln0Dyqntt6MJsKzFhBDlzxJ+1o3t 		False
...
Host Behavior
File (1615)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\$inst\2.tmp desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\$inst\2.tmp desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\$inst\7.tmp desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\$inst\9.tmp desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\inst_fold\waitbefore.bat desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\inst_fold\waitbefore.bat desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\inst_fold\7za.dll desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\inst_fold\7za.dll desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\inst_fold\7zaa.exe desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\inst_fold\7zaa.exe desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\inst_fold\7zxa.dll desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\inst_fold\7zxa.dll desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\inst_fold\arm.7z desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 2
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 2
Fn
Create C:\inst_fold\arm.7z desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Create Directory C:\Users\EEBsYm5\AppData\Local\Temp\$inst - True 1
Fn
Create Directory C:\inst_fold - True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\$inst type = file_attributes False 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp type = file_attributes True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe type = size True 2
Fn
Get Info C:\inst_fold\waitbefore.bat type = file_attributes False 1
Fn
Get Info C:\inst_fold type = file_attributes False 1
Fn
Get Info C:\inst_fold\7za.dll type = file_attributes False 1
Fn
Get Info C:\inst_fold type = file_attributes True 4
Fn
Get Info C:\inst_fold\7zaa.exe type = file_attributes False 1
Fn
Get Info C:\inst_fold\7zxa.dll type = file_attributes False 1
Fn
Get Info C:\inst_fold\arm.7z type = file_attributes False 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp type = file_attributes True 1
Fn
Read C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe size = 8, size_out = 8 True 4
Fn
Data
Read C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe size = 1, size_out = 1 True 494
Fn
Data
Read System Paging File size = 8, size_out = 0 False 2
Fn
Read C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe size = 524288, size_out = 524288 True 25
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 36, size_out = 36 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 256, size_out = 256 True 7
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 16, size_out = 16 True 5
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 8, size_out = 8 True 160
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 18182, size_out = 18182 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 16366, size_out = 16366 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 16890, size_out = 16890 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 14932, size_out = 14932 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 16156, size_out = 16156 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 17214, size_out = 17214 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 14344, size_out = 14344 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 12966, size_out = 12966 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 13852, size_out = 13852 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 11506, size_out = 11506 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 11618, size_out = 11618 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 15856, size_out = 15856 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 15942, size_out = 15942 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 14856, size_out = 14856 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 15892, size_out = 15892 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 7252, size_out = 7252 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 3054, size_out = 3054 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 13692, size_out = 13692 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 14930, size_out = 14930 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 14096, size_out = 14096 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 7164, size_out = 7164 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 11198, size_out = 11198 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 8980, size_out = 8980 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 1114, size_out = 1114 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 11314, size_out = 11314 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 13196, size_out = 13196 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 13416, size_out = 13416 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 7130, size_out = 7130 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 6342, size_out = 6342 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 4784, size_out = 4784 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 2774, size_out = 2774 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 1830, size_out = 1830 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 5278, size_out = 5278 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 23218, size_out = 23218 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 32894, size_out = 32894 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 32821, size_out = 32821 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 32768, size_out = 32768 True 61
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 32785, size_out = 32785 True 32
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 32784, size_out = 32784 True 29
Fn
Data
Read C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe size = 214754, size_out = 214754 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 36, size_out = 36 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 256, size_out = 256 True 3
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 8, size_out = 8 True 123
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 16, size_out = 16 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 8642, size_out = 8642 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 32784, size_out = 32784 True 27
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 32768, size_out = 32768 True 60
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 32785, size_out = 32785 True 33
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 36, size_out = 36 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 256, size_out = 256 True 3
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 16, size_out = 16 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 4 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 524288 True 16
Fn
Data
Write C:\inst_fold\waitbefore.bat size = 353 True 1
Fn
Data
Write C:\inst_fold\7za.dll size = 32415 True 1
Fn
Data
Write C:\inst_fold\7za.dll size = 32768 True 6
Fn
Data
Write C:\inst_fold\7za.dll size = 27489 True 1
Fn
Data
Write C:\inst_fold\7zaa.exe size = 5279 True 1
Fn
Data
Write C:\inst_fold\7zaa.exe size = 32768 True 20
Fn
Data
Write C:\inst_fold\7zaa.exe size = 30049 True 1
Fn
Data
Write C:\inst_fold\7zxa.dll size = 2719 True 1
Fn
Data
Write C:\inst_fold\7zxa.dll size = 32768 True 4
Fn
Data
Write C:\inst_fold\7zxa.dll size = 13665 True 1
Fn
Data
Write C:\inst_fold\arm.7z size = 19103 True 1
Fn
Data
Write C:\inst_fold\arm.7z size = 32768 True 394
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 4 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 524288 True 9
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 214754 True 1
Fn
Data
Write C:\inst_fold\arm.7z size = 6972 True 1
Fn
Data
Delete C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp - True 1
Fn
Delete C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp - True 1
Fn
Registry (28)
»
Operation Key Additional Information Success Count Logfile
Create Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\H&S Tech 4.0.0.1 - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\H&S Tech 4.0.0.1 - True 13
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\H&S Tech 4.0.0.1 value_name = DisplayName, data = H&S Tech 4.0.0.1, size = 17, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\H&S Tech 4.0.0.1 value_name = DisplayVersion, data = 4.0.0.1, size = 8, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\H&S Tech 4.0.0.1 value_name = VersionMajor, data = 4, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\H&S Tech 4.0.0.1 value_name = VersionMinor, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\H&S Tech 4.0.0.1 value_name = Publisher, data = HIC Ltd., size = 9, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\H&S Tech 4.0.0.1 value_name = DisplayIcon, data = C:\Program Files\HIC Ltd.\H&S Tech\Uninstall.exe, size = 49, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\H&S Tech 4.0.0.1 value_name = UninstallString, data = C:\Program Files\HIC Ltd.\H&S Tech\Uninstall.exe, size = 49, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\H&S Tech 4.0.0.1 value_name = InstallLocation, data = C:\Program Files\HIC Ltd.\H&S Tech\, size = 36, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\H&S Tech 4.0.0.1 value_name = InstallSource, data = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\, size = 87, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\H&S Tech 4.0.0.1 value_name = InstallDate, data = 20180828, size = 9, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\H&S Tech 4.0.0.1 value_name = Language, data = 1033, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\H&S Tech 4.0.0.1 value_name = EstimatedSize, data = 13703, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\H&S Tech 4.0.0.1 value_name = NoModify, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\H&S Tech 4.0.0.1 value_name = NoRepair, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Process (3)
»
Operation Process Additional Information Success Count Logfile
Create C:\inst_fold\waitbefore.bat show_window = SW_HIDE True 1
Fn
Create C:\inst_fold\7zaa.exe show_window = SW_HIDE True 1
Fn
Create C:\inst_fold\fp.exe show_window = SW_SHOWNORMAL True 1
Fn
Module (11)
»
Operation Module Additional Information Success Count Logfile
Load msftedit base_address = 0x72df0000 True 1
Fn
Load comctl32 base_address = 0x74360000 True 1
Fn
Get Handle c:\users\eebsym5\appdata\roaming\adobe\adobe reader\prerequisites\requiredapplication\setup.exe base_address = 0x400000 True 1
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\roaming\adobe\adobe reader\prerequisites\requiredapplication\setup.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 260 True 3
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = InitCommonControlsEx, address_out = 0x743809ce True 5
Fn
Window (93)
»
Operation Window Name Additional Information Success Count Logfile
Create * class_name = obj_App, wndproc_parameter = 0 True 1
Fn
Create Smart Install Maker class_name = obj_Form, wndproc_parameter = 0 True 1
Fn
Create * class_name = obj_Form, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_RichEdit50W, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_RichEdit50W, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_EDIT, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_SysListView32, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_RichEdit50W, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_EDIT, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Create Welcome to the H&S Tech Setup Wizard class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create This wizard will guide you through the installation of H&S Tech. It is recommended that you close all other applications before starting Setup. This will make it possible to update relevant system files without having to reboot your computer. Click Next to continue. class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Create Copyright © 2017, HIC Ltd. class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_msctls_progress32, wndproc_parameter = 0 True 1
Fn
Set Attribute * class_name = obj_App, index = 18446744073709551595, new_long = 19005444 False 1
Fn
Set Attribute Smart Install Maker class_name = obj_Form, index = 18446744073709551595, new_long = 19006120 False 1
Fn
Set Attribute * class_name = obj_Form, index = 18446744073709551595, new_long = 19026260 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 19030452 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 19033188 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 19033784 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 19034148 False 1
Fn
Set Attribute - class_name = obj_BUTTON, index = 18446744073709551595, new_long = 19035852 False 1
Fn
Set Attribute - class_name = obj_BUTTON, index = 18446744073709551595, new_long = 19036480 False 1
Fn
Set Attribute - class_name = obj_BUTTON, index = 18446744073709551595, new_long = 19037092 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 19038396 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 19040460 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 19041076 False 1
Fn
Set Attribute - class_name = obj_RichEdit50W, index = 18446744073709551595, new_long = 19041728 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 19042860 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 19043568 False 1
Fn
Set Attribute - class_name = obj_RichEdit50W, index = 18446744073709551595, new_long = 19044164 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 19048936 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 19049700 False 1
Fn
Set Attribute - class_name = obj_EDIT, index = 18446744073709551595, new_long = 19050352 False 1
Fn
Set Attribute - class_name = obj_SysListView32, index = 18446744073709551595, new_long = 19050796 False 1
Fn
Set Attribute - class_name = obj_SysListView32, index = 18446744073709551600, new_long = 1174487117 True 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 19052072 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 19052648 False 1
Fn
Set Attribute - class_name = obj_BUTTON, index = 18446744073709551595, new_long = 19053260 False 1
Fn
Set Attribute - class_name = obj_BUTTON, index = 18446744073709551595, new_long = 19053872 False 1
Fn
Set Attribute - class_name = obj_BUTTON, index = 18446744073709551595, new_long = 19054500 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 19055868 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 19056716 False 1
Fn
Set Attribute - class_name = obj_RichEdit50W, index = 18446744073709551595, new_long = 19057368 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 19045180 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 19045756 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 19046388 False 1
Fn
Set Attribute - class_name = obj_BUTTON, index = 18446744073709551595, new_long = 19047020 False 1
Fn
Set Attribute - class_name = obj_EDIT, index = 18446744073709551595, new_long = 19047688 False 1
Fn
Set Attribute - class_name = obj_BUTTON, index = 18446744073709551595, new_long = 19048304 False 1
Fn
Set Attribute - class_name = obj_BUTTON, index = 18446744073709551595, new_long = 19039096 False 1
Fn
Set Attribute - class_name = obj_BUTTON, index = 18446744073709551595, new_long = 19039728 False 1
Fn
Set Attribute Welcome to the H&S Tech Setup Wizard class_name = obj_STATIC, index = 18446744073709551595, new_long = 19034708 False 1
Fn
Set Attribute This wizard will guide you through the installation of H&S Tech. It is recommended that you close all other applications before starting Setup. This will make it possible to update relevant system files without having to reboot your computer. Click Next to continue. class_name = obj_STATIC, index = 18446744073709551595, new_long = 19035276 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 19037764 False 1
Fn
Set Attribute - class_name = obj_BUTTON, index = 18446744073709551595, new_long = 19028356 False 1
Fn
Set Attribute Copyright © 2017, HIC Ltd. class_name = obj_STATIC, index = 18446744073709551595, new_long = 19027692 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 19058368 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 19058944 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 19059576 False 1
Fn
Set Attribute - class_name = obj_msctls_progress32, index = 18446744073709551595, new_long = 19060192 False 1
Fn
Keyboard (1)
»
Operation Additional Information Success Count Logfile
Get Info type = 0, result_out = 4 True 1
Fn
System (6)
»
Operation Additional Information Success Count Logfile
Get Cursor x_out = 1079, y_out = 594 True 2
Fn
Get Time type = Local Time, time = 2018-08-28 08:29:19 (Local Time) True 1
Fn
Get Info type = Operating System True 3
Fn
Process #12: cmd.exe
234 0
»
Information Value
ID #12
File Name c:\windows\system32\cmd.exe
Command Line cmd /c ""C:\inst_fold\waitbefore.bat" "
Initial Working Directory C:\inst_fold\
Monitor Start Time: 00:02:56, Reason: Child Process
Unmonitor End Time: 00:03:01, Reason: Self Terminated
Monitor Duration 00:00:05
OS Process Information
»
Information Value
PID 0xe08
Parent PID 0xdf0 (c:\users\eebsym5\appdata\roaming\adobe\adobe reader\prerequisites\requiredapplication\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x E0C
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000040000 0x00040000 0x00040fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000050000 0x00050000 0x00056fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000060000 0x00060000 0x00061fff Pagefile Backed Memory rw True False False -
private_0x0000000000070000 0x00070000 0x0016ffff Private Memory rw True False False -
locale.nls 0x00170000 0x001d6fff Memory Mapped File r False False False -
private_0x00000000001e0000 0x001e0000 0x001e0fff Private Memory rw True False False -
private_0x00000000001f0000 0x001f0000 0x001f0fff Private Memory rw True False False -
private_0x0000000000200000 0x00200000 0x0020ffff Private Memory rw True False False -
private_0x0000000000220000 0x00220000 0x0031ffff Private Memory rw True False False -
pagefile_0x0000000000320000 0x00320000 0x003e7fff Pagefile Backed Memory r True False False -
private_0x0000000000410000 0x00410000 0x0041ffff Private Memory rw True False False -
pagefile_0x0000000000420000 0x00420000 0x00520fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000530000 0x00530000 0x0112ffff Pagefile Backed Memory r True False False -
pagefile_0x0000000001130000 0x01130000 0x01292fff Pagefile Backed Memory r True False False -
cmd.exe 0x4a7d0000 0x4a81bfff Memory Mapped File rwx True False False -
winbrand.dll 0x6de30000 0x6de36fff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Host Behavior
File (183)
»
Operation Filename Additional Information Success Count Logfile
Create C:\inst_fold\waitbefore.bat desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 2
Fn
Get Info C:\inst_fold type = file_attributes True 2
Fn
Get Info "C:\inst_fold\waitbefore.bat" type = file_attributes False 1
Fn
Get Info STD_INPUT_HANDLE type = file_type True 2
Fn
Get Info STD_OUTPUT_HANDLE type = file_type True 27
Fn
Get Info STD_INPUT_HANDLE type = file_type True 1
Fn
Open STD_OUTPUT_HANDLE - True 86
Fn
Open STD_INPUT_HANDLE - True 3
Fn
Open STD_INPUT_HANDLE - True 8
Fn
Open STD_INPUT_HANDLE - True 3
Fn
Open STD_INPUT_HANDLE - True 3
Fn
Open STD_INPUT_HANDLE - True 6
Fn
Read STD_INPUT_HANDLE size = 8191, size_out = 353 True 1
Fn
Data
Read STD_INPUT_HANDLE size = 8191, size_out = 338 True 1
Fn
Data
Read STD_INPUT_HANDLE size = 8191, size_out = 292 True 1
Fn
Data
Read STD_INPUT_HANDLE size = 8191, size_out = 268 True 1
Fn
Data
Read STD_INPUT_HANDLE size = 8191, size_out = 237 True 1
Fn
Data
Read STD_INPUT_HANDLE size = 8191, size_out = 187 True 1
Fn
Data
Read STD_INPUT_HANDLE size = 8191, size_out = 163 True 1
Fn
Data
Read STD_INPUT_HANDLE size = 8191, size_out = 132 True 1
Fn
Data
Read STD_INPUT_HANDLE size = 8191, size_out = 83 True 1
Fn
Data
Read STD_INPUT_HANDLE size = 8191, size_out = 59 True 1
Fn
Data
Read STD_INPUT_HANDLE size = 8191, size_out = 28 True 1
Fn
Data
Read STD_INPUT_HANDLE size = 8191, size_out = 0 True 1
Fn
Write STD_OUTPUT_HANDLE size = 2 True 11
Fn
Data
Write STD_OUTPUT_HANDLE size = 13 True 4
Fn
Data
Write STD_OUTPUT_HANDLE size = 3 True 4
Fn
Data
Write STD_OUTPUT_HANDLE size = 11 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 8 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 4 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 19 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 10 True 3
Fn
Data
Write STD_OUTPUT_HANDLE size = 22 True 1
Fn
Data
Registry (17)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Command Processor - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Module (12)
»
Operation Module Additional Information Success Count Logfile
Load ADVAPI32.dll base_address = 0x769f0000 True 1
Fn
Get Handle c:\windows\system32\cmd.exe base_address = 0x4a7d0000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76910000 True 2
Fn
Get Filename - process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x769624c2 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CopyFileExW, address_out = 0x7694ac6c True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsDebuggerPresent, address_out = 0x76953ea8 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetConsoleInputExeNameW, address_out = 0x76962732 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SaferIdentifyLevel, address_out = 0x76a12102 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SaferComputeTokenFromLevel, address_out = 0x76a13352 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SaferCloseLevel, address_out = 0x76a13825 True 1
Fn
System (2)
»
Operation Additional Information Success Count Logfile
Get Time type = System Time, time = 2018-08-28 10:29:19 (UTC) True 1
Fn
Get Time type = Ticks, time = 215421 True 1
Fn
Environment (18)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 5
Fn
Data
Get Environment String name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ True 1
Fn
Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 2
Fn
Get Environment String name = PROMPT False 1
Fn
Get Environment String name = COMSPEC, result_out = C:\Windows\system32\cmd.exe True 1
Fn
Get Environment String name = KEYS False 1
Fn
Get Environment String name = PROMPT, result_out = $P$G True 4
Fn
Set Environment String name = PROMPT, value = $P$G True 1
Fn
Set Environment String name = =C:, value = C:\inst_fold True 1
Fn
Set Environment String name = cntproc, value = 0 True 1
Fn
Process #19: 7zaa.exe
98 0
»
Information Value
ID #19
File Name c:\inst_fold\7zaa.exe
Command Line "C:\inst_fold\7zaa.exe" x -oC:\inst_fold -pdsiSDJJiojeflOSIOwp3#DSIJ23jeewE@_SDD_as2 C:\inst_fold\arm.7z
Initial Working Directory C:\inst_fold\
Monitor Start Time: 00:03:00, Reason: Child Process
Unmonitor End Time: 00:03:04, Reason: Self Terminated
Monitor Duration 00:00:04
OS Process Information
»
Information Value
PID 0xea8
Parent PID 0xdf0 (c:\users\eebsym5\appdata\roaming\adobe\adobe reader\prerequisites\requiredapplication\setup.exe)
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x EAC
0x EC0
0x EC4
0x EC8
0x ECC
0x ED0
0x ED4
0x ED8
0x EDC
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x0012ffff Private Memory rw True False False -
pagefile_0x0000000000130000 0x00130000 0x00133fff Pagefile Backed Memory r True False False -
private_0x0000000000140000 0x00140000 0x00140fff Private Memory rw True False False -
private_0x0000000000150000 0x00150000 0x00150fff Private Memory rw True False False -
private_0x0000000000170000 0x00170000 0x0026ffff Private Memory rw True False False -
locale.nls 0x00270000 0x002d6fff Memory Mapped File r False False False -
pagefile_0x00000000002e0000 0x002e0000 0x003a7fff Pagefile Backed Memory r True False False -
private_0x00000000003c0000 0x003c0000 0x003cffff Private Memory rw True False False -
7zaa.exe 0x00400000 0x004b3fff Memory Mapped File rwx True True False
...
pagefile_0x00000000004c0000 0x004c0000 0x005c0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000005d0000 0x005d0000 0x011cffff Pagefile Backed Memory r True False False -
private_0x00000000011d0000 0x011d0000 0x012cffff Private Memory rw True False False -
private_0x00000000012d0000 0x012d0000 0x013cffff Private Memory rw True False False -
private_0x00000000013d0000 0x013d0000 0x014cffff Private Memory rw True False False -
private_0x00000000013d0000 0x013d0000 0x014d0fff Private Memory rw True False False -
private_0x00000000014e0000 0x014e0000 0x015e0fff Private Memory rw True False False -
private_0x00000000015f0000 0x015f0000 0x016f0fff Private Memory rw True False False -
private_0x0000000001700000 0x01700000 0x01800fff Private Memory rw True False False -
private_0x0000000001810000 0x01810000 0x02810fff Private Memory rw True False False -
private_0x0000000002820000 0x02820000 0x02920fff Private Memory rw True False False -
private_0x0000000002930000 0x02930000 0x02a2ffff Private Memory rw True False False -
private_0x0000000002a30000 0x02a30000 0x02b2ffff Private Memory rw True False False -
private_0x0000000002b30000 0x02b30000 0x02c2ffff Private Memory rw True False False -
private_0x0000000002c30000 0x02c30000 0x02d2ffff Private Memory rw True False False -
private_0x0000000002d30000 0x02d30000 0x02e2ffff Private Memory rw True False False -
private_0x0000000002e30000 0x02e30000 0x02f2ffff Private Memory rw True False False -
private_0x0000000002f30000 0x02f30000 0x0302ffff Private Memory rw True False False -
private_0x0000000003030000 0x03030000 0x030affff Private Memory rw True False False -
private_0x00000000030b0000 0x030b0000 0x0312ffff Private Memory rw True False False -
private_0x0000000003130000 0x03130000 0x031affff Private Memory rw True False False -
private_0x00000000031b0000 0x031b0000 0x0322ffff Private Memory rw True False False -
private_0x0000000003230000 0x03230000 0x0326ffff Private Memory rw True False False -
private_0x0000000003270000 0x03270000 0x032effff Private Memory rw True False False -
private_0x00000000032f0000 0x032f0000 0x0336ffff Private Memory rw True False False -
private_0x0000000003370000 0x03370000 0x033effff Private Memory rw True False False -
private_0x00000000033f0000 0x033f0000 0x0346ffff Private Memory rw True False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffd6000 0x7ffd6000 0x7ffd6fff Private Memory rw True False False -
private_0x000000007ffd7000 0x7ffd7000 0x7ffd7fff Private Memory rw True False False -
private_0x000000007ffd8000 0x7ffd8000 0x7ffd8fff Private Memory rw True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory rw True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory rw True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Host Behavior
File (49)
»
Operation Filename Additional Information Success Count Logfile
Open STD_OUTPUT_HANDLE - True 1
Fn
Read - size = 32, size_out = 32 True 1
Fn
Data
Read - size = 240, size_out = 240 True 1
Fn
Data
Read - size = 1616, size_out = 1616 True 1
Fn
Data
Read - size = 5984, size_out = 5984 True 1
Fn
Data
Read - size = 1856, size_out = 1856 True 1
Fn
Data
Read - size = 524288, size_out = 524288 True 24
Fn
Data
Read - size = 343984, size_out = 343984 True 1
Fn
Data
Write - size = 262144 True 17
Fn
Data
Write - size = 26450 True 1
Fn
Data
Module (4)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76910000 True 2
Fn
Get Address c:\windows\system32\kernel32.dll function = FindFirstStreamW, address_out = 0x7696c8fa True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = FindNextStreamW, address_out = 0x7696c838 True 1
Fn
User (2)
»
Operation Additional Information Success Count Logfile
Lookup Privilege privilege = SeRestorePrivilege, luid = 18 True 1
Fn
Lookup Privilege privilege = SeCreateSymbolicLinkPrivilege, luid = 35 True 1
Fn
System (37)
»
Operation Additional Information Success Count Logfile
Sleep duration = -1 (infinite) True 34
Fn
Get Time type = Ticks, time = 220569 True 1
Fn
Get Info type = Operating System True 2
Fn
Process #20: fp.exe
2062 0
»
Information Value
ID #20
File Name c:\inst_fold\fp.exe
Command Line "C:\inst_fold\fp.exe"
Initial Working Directory C:\inst_fold\
Monitor Start Time: 00:03:04, Reason: Child Process
Unmonitor End Time: 00:03:53, Reason: Terminated by Timeout
Monitor Duration 00:00:49
OS Process Information
»
Information Value
PID 0xee8
Parent PID 0xdf0 (c:\users\eebsym5\appdata\roaming\adobe\adobe reader\prerequisites\requiredapplication\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x EEC
0x EF0
0x EF4
0x EFC
0x F00
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x00020fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x0012ffff Private Memory rw True False False -
pagefile_0x0000000000130000 0x00130000 0x00133fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000140000 0x00140000 0x00141fff Pagefile Backed Memory r True False False -
locale.nls 0x00150000 0x001b6fff Memory Mapped File r False False False -
pagefile_0x00000000001c0000 0x001c0000 0x00287fff Pagefile Backed Memory r True False False -
private_0x0000000000290000 0x00290000 0x00290fff Private Memory rw True False False -
private_0x00000000002a0000 0x002a0000 0x002affff Private Memory rw True False False -
pagefile_0x00000000002b0000 0x002b0000 0x002b6fff Pagefile Backed Memory r True False False -
pagefile_0x00000000002c0000 0x002c0000 0x002c1fff Pagefile Backed Memory r True False False -
pagefile_0x00000000002d0000 0x002d0000 0x002d1fff Pagefile Backed Memory rw True False False -
private_0x00000000002e0000 0x002e0000 0x003dffff Private Memory rw True False False -
pagefile_0x00000000003e0000 0x003e0000 0x003e0fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000003f0000 0x003f0000 0x003f1fff Pagefile Backed Memory r True False False -
fp.exe 0x00400000 0x00432fff Memory Mapped File rwx True False False -
pagefile_0x0000000000440000 0x00440000 0x00540fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000550000 0x00550000 0x0114ffff Pagefile Backed Memory r True False False -
private_0x0000000001150000 0x01150000 0x0124ffff Private Memory - True False False -
private_0x0000000001250000 0x01250000 0x0132ffff Private Memory rw True False False -
rpcss.dll 0x01250000 0x012abfff Memory Mapped File r False False False -
private_0x0000000001250000 0x01250000 0x012cffff Private Memory rw True False False -
pagefile_0x00000000012d0000 0x012d0000 0x012d0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000012e0000 0x012e0000 0x012e0fff Pagefile Backed Memory r True False False -
private_0x00000000012f0000 0x012f0000 0x0132ffff Private Memory rw True False False -
pagefile_0x0000000001330000 0x01330000 0x0140efff Pagefile Backed Memory r True False False -
private_0x0000000001410000 0x01410000 0x0160ffff Private Memory rw True False False -
private_0x0000000001410000 0x01410000 0x01510fff Private Memory rw True False False -
private_0x0000000001410000 0x01410000 0x0150ffff Private Memory rw True False False -
cversions.1.db 0x01510000 0x01513fff Memory Mapped File r True False False -
pagefile_0x0000000001510000 0x01510000 0x01511fff Pagefile Backed Memory r True False False -
msctf.dll.mui 0x01510000 0x01510fff Memory Mapped File rw False False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001a.db 0x01520000 0x0153efff Memory Mapped File r True False False -
pagefile_0x0000000001540000 0x01540000 0x01540fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000001550000 0x01550000 0x01551fff Pagefile Backed Memory r True False False -
cversions.2.db 0x01550000 0x01553fff Memory Mapped File r True False False -
{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db 0x01560000 0x0158ffff Memory Mapped File r True False False -
cversions.2.db 0x01590000 0x01593fff Memory Mapped File r True False False -
private_0x00000000015d0000 0x015d0000 0x0160ffff Private Memory rw True False False -
staticcache.dat 0x01610000 0x01f3ffff Memory Mapped File r False False False -
pagefile_0x0000000001f40000 0x01f40000 0x02332fff Pagefile Backed Memory r True False False -
sortdefault.nls 0x02340000 0x0260efff Memory Mapped File r False False False -
private_0x0000000002610000 0x02610000 0x0280ffff Private Memory rw True False False -
private_0x0000000002610000 0x02610000 0x0270ffff Private Memory rw True False False -
{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db 0x02710000 0x02775fff Memory Mapped File r True False False -
private_0x00000000027d0000 0x027d0000 0x0280ffff Private Memory rw True False False -
private_0x0000000002810000 0x02810000 0x02a1ffff Private Memory - True False False -
private_0x0000000002a20000 0x02a20000 0x02b1ffff Private Memory rw True False False -
cabinet.dll 0x6e710000 0x6e724fff Memory Mapped File rwx False False False -
winmm.dll 0x6e9f0000 0x6ea21fff Memory Mapped File rwx False False False -
msftedit.dll 0x72df0000 0x72e83fff Memory Mapped File rwx False False False -
ntmarta.dll 0x73c00000 0x73c20fff Memory Mapped File rwx False False False -
dwmapi.dll 0x73eb0000 0x73ec2fff Memory Mapped File rwx False False False -
uxtheme.dll 0x741e0000 0x7421ffff Memory Mapped File rwx False False False -
propsys.dll 0x74220000 0x74314fff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
sspicli.dll 0x752b0000 0x752cafff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
profapi.dll 0x75380000 0x7538afff Memory Mapped File rwx False False False -
msasn1.dll 0x753f0000 0x753fbfff Memory Mapped File rwx False False False -
devobj.dll 0x75400000 0x75411fff Memory Mapped File rwx False False False -
crypt32.dll 0x75420000 0x7553cfff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
cfgmgr32.dll 0x75590000 0x755b6fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
wldap32.dll 0x75730000 0x75774fff Memory Mapped File rwx False False False -
clbcatq.dll 0x75780000 0x75802fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
setupapi.dll 0x764b0000 0x7664cfff Memory Mapped File rwx False False False -
wininet.dll 0x76650000 0x76744fff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
urlmon.dll 0x76e70000 0x76fa5fff Memory Mapped File rwx False False False -
iertutil.dll 0x76fb0000 0x771aafff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Created Files
»
Filename File Size Hash Values YARA Match Actions
C:\inst_fold\armgrd.bat 0.09 KB MD5: d833294a72a08af29ecbd2e08ccbfa57
SHA1: 5edafdc1de263f545e04bdc0a9b8252fb3de94c8
SHA256: c2acf0a62ecf18449fe1c503eec18371fae1c50727796bd223df764c190dfd93
SSDeep: 3:7qlKjk/1JqWkcSqVXKV/lglkSizz:+2IJ7kcSq9KV/lglkSizz 		False
...
C:\inst_fold\armstart.exe 10.00 MB MD5: 38513031ebf24a4f9961513b0e088e4a
SHA1: 04b813c1dbd1321dc24f52867c73dfcaf37db7d6
SHA256: a00f943d7883bf34102ebf764250dd36c036eb9fc6b606e84513ac1a1a5a571d
SSDeep: 196608:B9dkmSzs6GGrkjQBpsBkpCJ8PlUPRuqMpudfoWtz4:B9dkJsyrkupvp2udiq 		False
...
C:\inst_fold\armforce.exe 1.89 MB MD5: 9245b8ec3d40d640e5cf5183f49ce2f6
SHA1: 958bd732f9650abfee5861141b7cfafd8ff72717
SHA256: 9d40cee14ba2375d57bc18d8492368483b28f7639d742523f797857990196ffd
SSDeep: 24576:Iu5PPVfiM+HMHy4p7k8HOEDh+uQ5E3h36M:Iu53Vfkoy4p7kA 		False
...
C:\inst_fold\armfix.reg 11.46 KB MD5: 6db860145ae50b5e375081c013ea7365
SHA1: d9796e00553fb8ede91a4ea4fd54bd2166cac7a8
SHA256: ae8590919e2b31b0d20ae3c60c1d3eb897e1ec099b0e04a5c134867af6d88996
SSDeep: 192:78YpGSArpJQU0bUxFgpPUJP2yUXNypyZPyQ7TOd9ShKF/Tybr/vba5IlUx8pV8Ad:789rYEzP29NBnzTisGctbh8q1 		False
...
C:\inst_fold\armsettings.bat 0.75 KB MD5: 8e8d34abd3bc8eefff1e3124acb81dd5
SHA1: 3467220a315a1af9228a13d442ce27e3da28ce28
SHA256: 7c1615e7505593d6a3532b01d224c64a2411b1208d7614db4052398c86811d68
SSDeep: 12:DL01Jf0Z8Jf0wJeKZ8JeKCkH+VM1t2LJ10J19NLKJ19AgkLetVj/+ga64q9V8qxM:DLKZjZlaqkeVMMb0bfKbexCtVzxaTq9w 		False
...
C:\inst_fold\armwake.lnk 0.67 KB MD5: cf958df8cf3bc7cbfdb0d49b40a8b972
SHA1: 7f7c6e90b12ae01309b88f91efd6499ed67cf7c3
SHA256: bc68e8a098137aae47c7a602ada1ba612df4d628ccb0db8fe155df2557769fcb
SSDeep: 12:81SS+csIXKRlUPUa/YQvBJjA+TekQABdEHQv8p:81SBx8PUa/Nv7AEekQArWQv8p 		False
...
C:\inst_fold\armstatus.bat 0.76 KB MD5: e85383ce681bf253025cc35d74e4c97e
SHA1: aa0dbec35fbc4fd6e2530607f3dae0e6c2bd55cb
SHA256: fce121b3b55141f85c1004b11776daf0b9c1d226dbe5163927c26fe0e27204e1
SSDeep: 12:j24zsRMT0y0xZrWl6gow6uaJImzODjVaRMT0y0xZr12dEYc02kndHJ:l4MaMQtLbFaD8MajsEYmkD 		False
...
C:\inst_fold\armdaemon.js 0.18 KB MD5: a775e77402b091d79af550297e884cee
SHA1: 18589c483d0ce11d2f9332a0c70f8d18a65e1f50
SHA256: e551a009d48db940818b9d5199638a1552c36533d3a81b77bb7fcb9601577f60
SSDeep: 3:qxLtdxFY/iMIzvnjjbxQzCHkxLuALd/LVBsOOTpeqK3xLnLjvUyhc7l1K3xLqxAQ:qvVnTvjj6CHAzd/pB3OT5An/vKlcdKAQ 		False
...
C:\inst_fold\armstatus.exe 1.90 MB MD5: 536b8e509b970ffebf115c66d6af7e3c
SHA1: f787d8b4a4716e13220d89940c3ea69868114fd9
SHA256: 938efd3a6e96d296b3404c3f3e653a86aeba671c9747ce13c6c14ec2101428b9
SSDeep: 24576:V9c/ardILiw+ygSblvB6QWi01cfPvwuQ593h3eN:VO/wdIAYxB6QWPE 		False
...
Host Behavior
File (1876)
»
Operation Filename Additional Information Success Count Logfile
Create C:\inst_fold\fp.exe desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\$inst\2.tmp desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\$inst\2.tmp desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\$inst\7.tmp desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\$inst\9.tmp desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\inst_fold\fp.exe desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\inst_fold\armdaemon.js desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\inst_fold\armdaemon.js desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\inst_fold\armfix.reg desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\inst_fold\armfix.reg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\inst_fold\armgrd.bat desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\inst_fold\armgrd.bat desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\inst_fold\armforce.exe desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\inst_fold\armforce.exe desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\inst_fold\armsettings.bat desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\inst_fold\armsettings.bat desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\inst_fold\armstart.exe desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 2
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 2
Fn
Create C:\inst_fold\armstart.exe desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\inst_fold\armstatus.exe desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\inst_fold\armstatus.exe desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\inst_fold\armwake.lnk desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\inst_fold\armwake.lnk desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\inst_fold\armstatus.bat desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\inst_fold\armstatus.bat desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\$inst type = file_attributes True 1
Fn
Get Info C:\inst_fold\fp.exe type = size True 2
Fn
Get Info C:\inst_fold\armdaemon.js type = file_attributes False 1
Fn
Get Info C:\inst_fold type = file_attributes True 9
Fn
Get Info C:\inst_fold\armfix.reg type = file_attributes False 1
Fn
Get Info C:\inst_fold\armgrd.bat type = file_attributes False 1
Fn
Get Info C:\inst_fold\armforce.exe type = file_attributes False 1
Fn
Get Info C:\inst_fold\armsettings.bat type = file_attributes False 1
Fn
Get Info C:\inst_fold\armstart.exe type = file_attributes False 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp type = file_attributes True 1
Fn
Get Info C:\inst_fold\armstatus.exe type = file_attributes False 1
Fn
Get Info C:\inst_fold\armwake.lnk type = file_attributes False 1
Fn
Get Info C:\inst_fold\armstatus.bat type = file_attributes False 1
Fn
Read C:\inst_fold\fp.exe size = 8, size_out = 8 True 4
Fn
Data
Read C:\inst_fold\fp.exe size = 1, size_out = 1 True 494
Fn
Data
Read System Paging File size = 8, size_out = 0 False 2
Fn
Read C:\inst_fold\fp.exe size = 524288, size_out = 524288 True 24
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 36, size_out = 36 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 256, size_out = 256 True 8
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 16, size_out = 16 True 6
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 8, size_out = 8 True 187
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 10118, size_out = 10118 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 13618, size_out = 13618 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 16650, size_out = 16650 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 16216, size_out = 16216 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 9134, size_out = 9134 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 9150, size_out = 9150 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 10518, size_out = 10518 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 7364, size_out = 7364 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 7254, size_out = 7254 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 6928, size_out = 6928 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 7490, size_out = 7490 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 8262, size_out = 8262 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 6914, size_out = 6914 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 8628, size_out = 8628 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 5852, size_out = 5852 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 4716, size_out = 4716 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 7360, size_out = 7360 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 5700, size_out = 5700 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 8086, size_out = 8086 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 9644, size_out = 9644 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 8548, size_out = 8548 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 7514, size_out = 7514 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 4622, size_out = 4622 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 3704, size_out = 3704 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 3724, size_out = 3724 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 3886, size_out = 3886 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 5450, size_out = 5450 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 4682, size_out = 4682 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 6674, size_out = 6674 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 5850, size_out = 5850 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 5458, size_out = 5458 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 5132, size_out = 5132 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 5608, size_out = 5608 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 5436, size_out = 5436 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 5680, size_out = 5680 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 5426, size_out = 5426 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 5378, size_out = 5378 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 5578, size_out = 5578 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 5572, size_out = 5572 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 6432, size_out = 6432 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 6400, size_out = 6400 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 3018, size_out = 3018 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 2522, size_out = 2522 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 2712, size_out = 2712 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 1592, size_out = 1592 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 1680, size_out = 1680 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 2456, size_out = 2456 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 1842, size_out = 1842 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 2112, size_out = 2112 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 1942, size_out = 1942 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 1702, size_out = 1702 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 2386, size_out = 2386 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 2096, size_out = 2096 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 1484, size_out = 1484 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 1780, size_out = 1780 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 1886, size_out = 1886 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 3160, size_out = 3160 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 1730, size_out = 1730 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 3154, size_out = 3154 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 2930, size_out = 2930 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 5392, size_out = 5392 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 18010, size_out = 18010 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 17418, size_out = 17418 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 18008, size_out = 18008 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 31928, size_out = 31928 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 23575, size_out = 23575 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 32768, size_out = 32768 True 60
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 32784, size_out = 32784 True 32
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 32785, size_out = 32785 True 27
Fn
Data
Read C:\inst_fold\fp.exe size = 101058, size_out = 101058 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 36, size_out = 36 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 256, size_out = 256 True 4
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 8, size_out = 8 True 122
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 16, size_out = 16 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 31523, size_out = 31523 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 32768, size_out = 32768 True 60
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 32784, size_out = 32784 True 30
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 32785, size_out = 32785 True 29
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 17111, size_out = 17111 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 36, size_out = 36 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 256, size_out = 256 True 6
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 16, size_out = 16 True 4
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 8, size_out = 8 True 62
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 11854, size_out = 11854 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 14610, size_out = 14610 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 16968, size_out = 16968 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 15318, size_out = 15318 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 8796, size_out = 8796 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 9450, size_out = 9450 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 9072, size_out = 9072 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 7248, size_out = 7248 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 6942, size_out = 6942 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 7170, size_out = 7170 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 7208, size_out = 7208 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 9320, size_out = 9320 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 7494, size_out = 7494 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 7752, size_out = 7752 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 5128, size_out = 5128 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 4636, size_out = 4636 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 8266, size_out = 8266 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 5302, size_out = 5302 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 7722, size_out = 7722 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 10880, size_out = 10880 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 8558, size_out = 8558 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 7116, size_out = 7116 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 4332, size_out = 4332 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 3834, size_out = 3834 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 3978, size_out = 3978 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 4010, size_out = 4010 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 4144, size_out = 4144 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 5410, size_out = 5410 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 7220, size_out = 7220 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 5642, size_out = 5642 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 5946, size_out = 5946 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 5286, size_out = 5286 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 5266, size_out = 5266 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 5380, size_out = 5380 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 5760, size_out = 5760 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 5616, size_out = 5616 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 5530, size_out = 5530 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 5284, size_out = 5284 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 5492, size_out = 5492 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 7210, size_out = 7210 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 5340, size_out = 5340 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 2054, size_out = 2054 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 3096, size_out = 3096 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 2782, size_out = 2782 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 2390, size_out = 2390 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 1784, size_out = 1784 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 1606, size_out = 1606 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 2238, size_out = 2238 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 1940, size_out = 1940 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 1932, size_out = 1932 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 2068, size_out = 2068 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 1780, size_out = 1780 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 2192, size_out = 2192 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 2272, size_out = 2272 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 1494, size_out = 1494 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 1748, size_out = 1748 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 1596, size_out = 1596 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 3278, size_out = 3278 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 3220, size_out = 3220 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 3422, size_out = 3422 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 4390, size_out = 4390 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 4 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp size = 524288 True 16
Fn
Data
Write C:\inst_fold\armdaemon.js size = 181 True 1
Fn
Data
Write C:\inst_fold\armfix.reg size = 11734 True 1
Fn
Data
Write C:\inst_fold\armgrd.bat size = 89 True 1
Fn
Data
Write C:\inst_fold\armforce.exe size = 20764 True 1
Fn
Data
Write C:\inst_fold\armforce.exe size = 32768 True 59
Fn
Data
Write C:\inst_fold\armforce.exe size = 31488 True 1
Fn
Data
Write C:\inst_fold\armsettings.bat size = 767 True 1
Fn
Data
Write C:\inst_fold\armstart.exe size = 513 True 1
Fn
Data
Write C:\inst_fold\armstart.exe size = 32768 True 367
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 4 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 524288 True 8
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp size = 101058 True 1
Fn
Data
Write C:\inst_fold\armstart.exe size = 17110 True 1
Fn
Data
Write C:\inst_fold\armstatus.exe size = 32768 True 60
Fn
Data
Write C:\inst_fold\armstatus.exe size = 26826 True 1
Fn
Data
Write C:\inst_fold\armwake.lnk size = 681 True 1
Fn
Data
Write C:\inst_fold\armstatus.bat size = 775 True 1
Fn
Data
Delete C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp - True 1
Fn
Delete C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp - True 1
Fn
Registry (28)
»
Operation Key Additional Information Success Count Logfile
Create Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Flash Player 2.5.1.1 - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Flash Player 2.5.1.1 - True 13
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Flash Player 2.5.1.1 value_name = DisplayName, data = Flash Player 2.5.1.1, size = 21, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Flash Player 2.5.1.1 value_name = DisplayVersion, data = 2.5.1.1, size = 8, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Flash Player 2.5.1.1 value_name = VersionMajor, data = 2, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Flash Player 2.5.1.1 value_name = VersionMinor, data = 5, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Flash Player 2.5.1.1 value_name = Publisher, data = Kimox Player Inc, size = 17, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Flash Player 2.5.1.1 value_name = DisplayIcon, data = C:\Program Files\Kimox Player Inc\Flash Player\Uninstall.exe, size = 61, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Flash Player 2.5.1.1 value_name = UninstallString, data = C:\Program Files\Kimox Player Inc\Flash Player\Uninstall.exe, size = 61, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Flash Player 2.5.1.1 value_name = InstallLocation, data = C:\Program Files\Kimox Player Inc\Flash Player\, size = 48, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Flash Player 2.5.1.1 value_name = InstallSource, data = C:\inst_fold\, size = 14, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Flash Player 2.5.1.1 value_name = InstallDate, data = 20180828, size = 9, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Flash Player 2.5.1.1 value_name = Language, data = 1033, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Flash Player 2.5.1.1 value_name = EstimatedSize, data = 15660, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Flash Player 2.5.1.1 value_name = NoModify, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Flash Player 2.5.1.1 value_name = NoRepair, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Process (1)
»
Operation Process Additional Information Success Count Logfile
Create C:\inst_fold\armstart.exe show_window = SW_SHOWNORMAL True 1
Fn
Module (11)
»
Operation Module Additional Information Success Count Logfile
Load msftedit base_address = 0x72df0000 True 1
Fn
Load comctl32 base_address = 0x74360000 True 1
Fn
Get Handle c:\inst_fold\fp.exe base_address = 0x400000 True 1
Fn
Get Filename - process_name = c:\inst_fold\fp.exe, file_name_orig = C:\inst_fold\fp.exe, size = 260 True 3
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = InitCommonControlsEx, address_out = 0x743809ce True 5
Fn
Window (93)
»
Operation Window Name Additional Information Success Count Logfile
Create * class_name = obj_App, wndproc_parameter = 0 True 1
Fn
Create Smart Install Maker class_name = obj_Form, wndproc_parameter = 0 True 1
Fn
Create * class_name = obj_Form, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_RichEdit50W, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_RichEdit50W, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_EDIT, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_SysListView32, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_RichEdit50W, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_EDIT, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Create Welcome to the Flash Player Setup Wizard class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create This wizard will guide you through the installation of Flash Player. It is recommended that you close all other applications before starting Setup. This will make it possible to update relevant system files without having to reboot your computer. Click Next to continue. class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Create Copyright © 2017, Kimox Player Inc class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Create - class_name = obj_msctls_progress32, wndproc_parameter = 0 True 1
Fn
Set Attribute * class_name = obj_App, index = 18446744073709551595, new_long = 18153476 False 1
Fn
Set Attribute Smart Install Maker class_name = obj_Form, index = 18446744073709551595, new_long = 18154152 False 1
Fn
Set Attribute * class_name = obj_Form, index = 18446744073709551595, new_long = 18175372 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 18179564 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 18173356 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 18182176 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 18183196 False 1
Fn
Set Attribute - class_name = obj_BUTTON, index = 18446744073709551595, new_long = 18184988 False 1
Fn
Set Attribute - class_name = obj_BUTTON, index = 18446744073709551595, new_long = 18185616 False 1
Fn
Set Attribute - class_name = obj_BUTTON, index = 18446744073709551595, new_long = 18186228 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 18187596 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 18189660 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 18190276 False 1
Fn
Set Attribute - class_name = obj_RichEdit50W, index = 18446744073709551595, new_long = 18190928 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 18192060 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 18192768 False 1
Fn
Set Attribute - class_name = obj_RichEdit50W, index = 18446744073709551595, new_long = 18193364 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 18198084 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 18198640 False 1
Fn
Set Attribute - class_name = obj_EDIT, index = 18446744073709551595, new_long = 18199216 False 1
Fn
Set Attribute - class_name = obj_SysListView32, index = 18446744073709551595, new_long = 18199792 False 1
Fn
Set Attribute - class_name = obj_SysListView32, index = 18446744073709551600, new_long = 1174487117 True 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 18201148 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 18201724 False 1
Fn
Set Attribute - class_name = obj_BUTTON, index = 18446744073709551595, new_long = 18202336 False 1
Fn
Set Attribute - class_name = obj_BUTTON, index = 18446744073709551595, new_long = 18202968 False 1
Fn
Set Attribute - class_name = obj_BUTTON, index = 18446744073709551595, new_long = 18203652 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 18204984 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 18205832 False 1
Fn
Set Attribute - class_name = obj_RichEdit50W, index = 18446744073709551595, new_long = 18206484 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 18194380 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 18194956 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 18195588 False 1
Fn
Set Attribute - class_name = obj_BUTTON, index = 18446744073709551595, new_long = 18196220 False 1
Fn
Set Attribute - class_name = obj_EDIT, index = 18446744073709551595, new_long = 18196836 False 1
Fn
Set Attribute - class_name = obj_BUTTON, index = 18446744073709551595, new_long = 18197452 False 1
Fn
Set Attribute - class_name = obj_BUTTON, index = 18446744073709551595, new_long = 18188296 False 1
Fn
Set Attribute - class_name = obj_BUTTON, index = 18446744073709551595, new_long = 18188928 False 1
Fn
Set Attribute Welcome to the Flash Player Setup Wizard class_name = obj_STATIC, index = 18446744073709551595, new_long = 18183844 False 1
Fn
Set Attribute This wizard will guide you through the installation of Flash Player. It is recommended that you close all other applications before starting Setup. This will make it possible to update relevant system files without having to reboot your computer. Click Next to continue. class_name = obj_STATIC, index = 18446744073709551595, new_long = 18184412 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 18186964 False 1
Fn
Set Attribute - class_name = obj_BUTTON, index = 18446744073709551595, new_long = 18177468 False 1
Fn
Set Attribute Copyright © 2017, Kimox Player Inc class_name = obj_STATIC, index = 18446744073709551595, new_long = 18176804 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 18207484 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 18208060 False 1
Fn
Set Attribute - class_name = obj_STATIC, index = 18446744073709551595, new_long = 18208692 False 1
Fn
Set Attribute - class_name = obj_msctls_progress32, index = 18446744073709551595, new_long = 18209308 False 1
Fn
Keyboard (1)
»
Operation Additional Information Success Count Logfile
Get Info type = 0, result_out = 4 True 1
Fn
System (6)
»
Operation Additional Information Success Count Logfile
Get Cursor x_out = 977, y_out = 417 True 2
Fn
Get Time type = Local Time, time = 2018-08-28 08:29:30 (Local Time) True 1
Fn
Get Info type = Operating System True 3
Fn
Process #21: armstart.exe
178 0
»
Information Value
ID #21
File Name c:\inst_fold\armstart.exe
Command Line "C:\inst_fold\armstart.exe"
Initial Working Directory C:\inst_fold\
Monitor Start Time: 00:03:10, Reason: Child Process
Unmonitor End Time: 00:03:53, Reason: Terminated by Timeout
Monitor Duration 00:00:43
OS Process Information
»
Information Value
PID 0xf04
Parent PID 0xee8 (c:\inst_fold\fp.exe)
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x F08
0x F0C
0x F10
0x F14
0x F18
0x F1C
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x00020fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x0012ffff Private Memory rw True False False -
pagefile_0x0000000000130000 0x00130000 0x00133fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000140000 0x00140000 0x00141fff Pagefile Backed Memory r True False False -
locale.nls 0x00150000 0x001b6fff Memory Mapped File r False False False -
private_0x00000000001c0000 0x001c0000 0x001c0fff Private Memory rw True False False -
private_0x00000000001d0000 0x001d0000 0x001dffff Private Memory rw True False False -
pagefile_0x00000000001e0000 0x001e0000 0x001e0fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000001f0000 0x001f0000 0x001f1fff Pagefile Backed Memory r True False False -
private_0x0000000000200000 0x00200000 0x0021ffff Private Memory rw True False False -
pagefile_0x0000000000200000 0x00200000 0x00201fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000210000 0x00210000 0x00210fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000220000 0x00220000 0x00220fff Pagefile Backed Memory r True False False -
oleaccrc.dll 0x00230000 0x00230fff Memory Mapped File r False False False -
pagefile_0x0000000000240000 0x00240000 0x00241fff Pagefile Backed Memory r True False False -
private_0x0000000000250000 0x00250000 0x0034ffff Private Memory rw True False False -
private_0x0000000000350000 0x00350000 0x003bffff Private Memory rw True False False -
cversions.1.db 0x00350000 0x00353fff Memory Mapped File r True False False -
cversions.2.db 0x00350000 0x00353fff Memory Mapped File r True False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001a.db 0x00360000 0x0037efff Memory Mapped File r True False False -
private_0x0000000000380000 0x00380000 0x003bffff Private Memory rw True False False -
pagefile_0x00000000003c0000 0x003c0000 0x003c0fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000003d0000 0x003d0000 0x003d6fff Pagefile Backed Memory r True False False -
pagefile_0x00000000003e0000 0x003e0000 0x003e1fff Pagefile Backed Memory rw True False False -
cversions.2.db 0x003f0000 0x003f3fff Memory Mapped File r True False False -
armstart.exe 0x00400000 0x00428fff Memory Mapped File rwx True True False
...
pagefile_0x0000000000430000 0x00430000 0x004f7fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000500000 0x00500000 0x00600fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000610000 0x00610000 0x0120ffff Pagefile Backed Memory r True False False -
sortdefault.nls 0x01210000 0x014defff Memory Mapped File r False False False -
pagefile_0x00000000014e0000 0x014e0000 0x015befff Pagefile Backed Memory r True False False -
private_0x00000000015c0000 0x015c0000 0x016bffff Private Memory rw True False False -
private_0x00000000016c0000 0x016c0000 0x017bffff Private Memory rw True False False -
private_0x00000000017c0000 0x017c0000 0x023c0fff Private Memory rw True False False -
pagefile_0x00000000017c0000 0x017c0000 0x01bb2fff Pagefile Backed Memory r True False False -
private_0x0000000001bc0000 0x01bc0000 0x01cc0fff Private Memory rw True False False -
private_0x0000000001bc0000 0x01bc0000 0x01cbffff Private Memory rw True False False -
private_0x0000000001cc0000 0x01cc0000 0x01dc0fff Private Memory rw True False False -
{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db 0x01cc0000 0x01ceffff Memory Mapped File r True False False -
{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db 0x01cf0000 0x01d55fff Memory Mapped File r True False False -
pagefile_0x0000000001d60000 0x01d60000 0x01d60fff Pagefile Backed Memory rw True False False -
private_0x0000000001d70000 0x01d70000 0x01e6ffff Private Memory rw True False False -
private_0x00000000023d0000 0x023d0000 0x024d0fff Private Memory rw True False False -
ieframe.dll 0x6cff0000 0x6da6ffff Memory Mapped File rwx False False False -
shdocvw.dll 0x6f590000 0x6f5bdfff Memory Mapped File rwx False False False -
apphelp.dll 0x718b0000 0x718fbfff Memory Mapped File rwx False False False -
oleacc.dll 0x72360000 0x7239bfff Memory Mapped File rwx False False False -
ntmarta.dll 0x73c00000 0x73c20fff Memory Mapped File rwx False False False -
dwmapi.dll 0x73eb0000 0x73ec2fff Memory Mapped File rwx False False False -
uxtheme.dll 0x741e0000 0x7421ffff Memory Mapped File rwx False False False -
propsys.dll 0x74220000 0x74314fff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
sspicli.dll 0x752b0000 0x752cafff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
profapi.dll 0x75380000 0x7538afff Memory Mapped File rwx False False False -
msasn1.dll 0x753f0000 0x753fbfff Memory Mapped File rwx False False False -
devobj.dll 0x75400000 0x75411fff Memory Mapped File rwx False False False -
crypt32.dll 0x75420000 0x7553cfff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
cfgmgr32.dll 0x75590000 0x755b6fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
wldap32.dll 0x75730000 0x75774fff Memory Mapped File rwx False False False -
clbcatq.dll 0x75780000 0x75802fff Memory Mapped File rwx False False False -
psapi.dll 0x75820000 0x75824fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
setupapi.dll 0x764b0000 0x7664cfff Memory Mapped File rwx False False False -
wininet.dll 0x76650000 0x76744fff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
urlmon.dll 0x76e70000 0x76fa5fff Memory Mapped File rwx False False False -
iertutil.dll 0x76fb0000 0x771aafff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Created Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe 9.50 MB MD5: 3c5850ef227bb206e507551c471ee8df
SHA1: 8943aab98043f28918a0c8d31d7a0076b5bffb1c
SHA256: a803bd4522ec8804adf5e548b2ffc9e3afa7eee179d96945de1a5980b5616445
SSDeep: 196608:6mzxqB4pQOdPLoDzS3lC7FCws+8w05anNfzY+ke8N:6mzxKxS5anNfceq 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi 9.25 MB MD5: d5e65d9a0bdbae81a53c7529d8d84ebe
SHA1: 0ded26345926faf919f9c8985e8b7b9f8e9c1b93
SHA256: a15c9de7714dda314144535bb4d3eb34ab240bfaeaae9a7b755a2211e2d96b68
SSDeep: 196608:7J5BzfEU0vFR51DupvqzsuvoYuFZnERejnTamopOYDmWM2:tHkvF3cpvMiVF9HoOYDw2 		False
...
Host Behavior
File (87)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000 type = file_attributes False 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi type = file_attributes False 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe type = file_attributes False 1
Fn
Read - size = 32, size_out = 32 True 1
Fn
Data
Read - size = 1048576, size_out = 1048576 True 3
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi size = 4194304 True 1
Fn
Write C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe size = 131068 True 69
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe size = 131069 True 2
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe size = 131071 True 3
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe size = 131072 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe size = 126249 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe size = 4 True 1
Fn
Data
Process (1)
»
Operation Process Additional Information Success Count Logfile
Create installer.exe show_window = SW_HIDE True 1
Fn
Module (2)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\inst_fold\armstart.exe base_address = 0x400000 True 2
Fn
Window (1)
»
Operation Window Name Additional Information Success Count Logfile
Create - class_name = Static, wndproc_parameter = 0 True 1
Fn
System (2)
»
Operation Additional Information Success Count Logfile
Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Get Info type = Operating System True 1
Fn
Environment (82)
»
Operation Additional Information Success Count Logfile
Get Environment String name = 7zSfxString3 False 2
Fn
Get Environment String name = 7zSfxString40 False 2
Fn
Get Environment String name = 7zSfxString2 False 2
Fn
Get Environment String name = 7zSfxString5 False 2
Fn
Get Environment String name = 7zSfxString21 False 2
Fn
Get Environment String name = 7zSfxString22 False 2
Fn
Get Environment String name = 7zSfxString23 False 2
Fn
Get Environment String name = 7zSfxString4 False 2
Fn
Get Environment String name = 7zSfxString1 False 1
Fn
Get Environment String name = 7zSfxString44 False 1
Fn
Get Environment String name = 7zSfxString6 False 1
Fn
Get Environment String name = 7zSfxString7 False 1
Fn
Get Environment String name = 7zSfxString8 False 1
Fn
Get Environment String name = 7zSfxString9 False 1
Fn
Get Environment String name = 7zSfxString10 False 1
Fn
Get Environment String name = 7zSfxString11 False 1
Fn
Get Environment String name = 7zSfxString12 False 1
Fn
Get Environment String name = 7zSfxString13 False 1
Fn
Get Environment String name = 7zSfxString14 False 1
Fn
Get Environment String name = 7zSfxString15 False 1
Fn
Get Environment String name = 7zSfxString16 False 1
Fn
Get Environment String name = 7zSfxString17 False 1
Fn
Get Environment String name = 7zSfxString18 False 1
Fn
Get Environment String name = 7zSfxString19 False 1
Fn
Get Environment String name = 7zSfxString20 False 1
Fn
Get Environment String name = 7zSfxString33 False 1
Fn
Get Environment String name = 7zSfxString34 False 1
Fn
Get Environment String name = 7zSfxString24 False 1
Fn
Get Environment String name = 7zSfxString25 False 1
Fn
Get Environment String name = 7zSfxString26 False 1
Fn
Get Environment String name = 7zSfxString27 False 1
Fn
Get Environment String name = 7zSfxString28 False 1
Fn
Get Environment String name = 7zSfxString29 False 1
Fn
Get Environment String name = 7zSfxString30 False 1
Fn
Get Environment String name = 7zSfxString31 False 1
Fn
Get Environment String name = 7zSfxString32 False 1
Fn
Get Environment String name = 7zSfxString35 False 1
Fn
Get Environment String name = 7zSfxString36 False 1
Fn
Get Environment String name = 7zSfxString37 False 1
Fn
Get Environment String name = 7zSfxString38 False 1
Fn
Get Environment String name = 7zSfxString39 False 1
Fn
Get Environment String name = 7zSfxString41 False 1
Fn
Get Environment String name = 7zSfxString42 False 1
Fn
Get Environment String name = 7zSfxString43 False 1
Fn
Set Environment String name = 7zSfxFolder00, value = C:\Users\EEBsYm5\Desktop True 1
Fn
Set Environment String name = 7zSfxFolder02, value = C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs True 1
Fn
Set Environment String name = 7zSfxFolder05, value = C:\Users\EEBsYm5\Documents True 1
Fn
Set Environment String name = MyDocuments, value = C:\Users\EEBsYm5\Documents True 1
Fn
Set Environment String name = MyDocs, value = C:\Users\EEBsYm5\Documents True 1
Fn
Set Environment String name = 7zSfxFolder06, value = C:\Users\EEBsYm5\Favorites True 1
Fn
Set Environment String name = 7zSfxFolder07, value = C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup True 1
Fn
Set Environment String name = 7zSfxFolder08, value = C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Windows\Recent True 1
Fn
Set Environment String name = 7zSfxFolder09, value = C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Windows\SendTo True 1
Fn
Set Environment String name = 7zSfxFolder11, value = C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Windows\Start Menu True 1
Fn
Set Environment String name = 7zSfxFolder13, value = C:\Users\EEBsYm5\Music True 1
Fn
Set Environment String name = 7zSfxFolder14, value = C:\Users\EEBsYm5\Videos True 1
Fn
Set Environment String name = 7zSfxFolder16, value = C:\Users\EEBsYm5\Desktop True 1
Fn
Set Environment String name = UserDesktop, value = C:\Users\EEBsYm5\Desktop True 1
Fn
Set Environment String name = 7zSfxFolder19, value = C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Windows\Network Shortcuts True 1
Fn
Set Environment String name = 7zSfxFolder20, value = C:\Windows\Fonts True 1
Fn
Set Environment String name = 7zSfxFolder21, value = C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Windows\Templates True 1
Fn
Set Environment String name = 7zSfxFolder22, value = C:\ProgramData\Microsoft\Windows\Start Menu True 1
Fn
Set Environment String name = 7zSfxFolder23, value = C:\ProgramData\Microsoft\Windows\Start Menu\Programs True 1
Fn
Set Environment String name = 7zSfxFolder24, value = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup True 1
Fn
Set Environment String name = 7zSfxFolder25, value = C:\Users\Public\Desktop True 1
Fn
Set Environment String name = CommonDesktop, value = C:\Users\Public\Desktop True 1
Fn
Set Environment String name = 7zSfxFolder26, value = C:\Users\EEBsYm5\AppData\Roaming True 1
Fn
Set Environment String name = 7zSfxFolder27, value = C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Windows\Printer Shortcuts True 1
Fn
Set Environment String name = 7zSfxFolder28, value = C:\Users\EEBsYm5\AppData\Local True 1
Fn
Set Environment String name = 7zSfxFolder29, value = C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup True 1
Fn
Set Environment String name = 7zSfxFolder30, value = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup True 1
Fn
Set Environment String name = 7zSfxFolder31, value = C:\Users\EEBsYm5\Favorites True 1
Fn
Set Environment String name = 7zSfxFolder32, value = C:\Users\EEBsYm5\AppData\Local\Microsoft\Windows\Temporary Internet Files True 1
Fn
Set Environment String name = 7zSfxFolder33, value = C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Windows\Cookies True 1
Fn
Process #22: installer.exe
1501 0
»
Information Value
ID #22
File Name c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe
Command Line "C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe" /rsetup
Initial Working Directory C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\
Monitor Start Time: 00:03:17, Reason: Child Process
Unmonitor End Time: 00:03:53, Reason: Terminated by Timeout
Monitor Duration 00:00:36
OS Process Information
»
Information Value
PID 0xf20
Parent PID 0xf04 (c:\inst_fold\armstart.exe)
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x F24
0x F28
0x F2C
0x F30
0x F34
0x F38
0x F3C
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x00020fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x0012ffff Private Memory rw True False False -
pagefile_0x0000000000130000 0x00130000 0x00133fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000140000 0x00140000 0x00141fff Pagefile Backed Memory r True False False -
locale.nls 0x00150000 0x001b6fff Memory Mapped File r False False False -
pagefile_0x00000000001c0000 0x001c0000 0x00287fff Pagefile Backed Memory r True False False -
private_0x0000000000290000 0x00290000 0x00290fff Private Memory rw True False False -
pagefile_0x00000000002a0000 0x002a0000 0x002a0fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000002b0000 0x002b0000 0x002b1fff Pagefile Backed Memory r True False False -
private_0x00000000002c0000 0x002c0000 0x003bffff Private Memory rw True False False -
private_0x00000000003c0000 0x003c0000 0x003c0fff Private Memory rw True False False -
pagefile_0x00000000003d0000 0x003d0000 0x003d0fff Pagefile Backed Memory rw True False False -
private_0x00000000003e0000 0x003e0000 0x003e0fff Private Memory rwx True False False -
pagefile_0x00000000003f0000 0x003f0000 0x003f6fff Pagefile Backed Memory r True False False -
installer.exe 0x00400000 0x00e22fff Memory Mapped File rwx True True False
...
pagefile_0x0000000000e30000 0x00e30000 0x00f30fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000f40000 0x00f40000 0x00f41fff Pagefile Backed Memory rw True False False -
private_0x0000000000f50000 0x00f50000 0x00f5ffff Private Memory rw True False False -
pagefile_0x0000000000f60000 0x00f60000 0x01b5ffff Pagefile Backed Memory r True False False -
private_0x0000000001b60000 0x01b60000 0x01c5ffff Private Memory rw True False False -
private_0x0000000001c60000 0x01c60000 0x01cbffff Private Memory rw True False False -
private_0x0000000001c60000 0x01c60000 0x01c6ffff Private Memory rw True False False -
pagefile_0x0000000001c70000 0x01c70000 0x01c70fff Pagefile Backed Memory rw True False False -
private_0x0000000001c80000 0x01c80000 0x01cbffff Private Memory rw True False False -
comctl32.dll.mui 0x01cc0000 0x01cc2fff Memory Mapped File rw False False False -
private_0x0000000001cd0000 0x01cd0000 0x01cd0fff Private Memory rw True False False -
private_0x0000000001ce0000 0x01ce0000 0x01ceffff Private Memory rw True False False -
private_0x0000000001cf0000 0x01cf0000 0x01e2ffff Private Memory rw True False False -
pagefile_0x0000000001e30000 0x01e30000 0x027aefff Pagefile Backed Memory r True False False -
pagefile_0x0000000001e30000 0x01e30000 0x01f0efff Pagefile Backed Memory r True False False -
private_0x0000000001f10000 0x01f10000 0x0200ffff Private Memory rw True False False -
sortdefault.nls 0x02010000 0x022defff Memory Mapped File r False False False -
private_0x00000000022e0000 0x022e0000 0x026dffff Private Memory - True False False -
private_0x00000000026e0000 0x026e0000 0x0275ffff Private Memory - True False False -
private_0x0000000002760000 0x02760000 0x02b5ffff Private Memory - True False False -
private_0x0000000002b60000 0x02b60000 0x02bdffff Private Memory - True False False -
private_0x0000000002be0000 0x02be0000 0x02fdffff Private Memory - True False False -
private_0x0000000002fe0000 0x02fe0000 0x0305ffff Private Memory - True False False -
private_0x0000000003060000 0x03060000 0x0345ffff Private Memory - True False False -
private_0x0000000003460000 0x03460000 0x034dffff Private Memory - True False False -
pagefile_0x00000000034e0000 0x034e0000 0x038d2fff Pagefile Backed Memory r True False False -
rpcss.dll 0x038e0000 0x0393bfff Memory Mapped File r False False False -
private_0x00000000038e0000 0x038e0000 0x039dffff Private Memory rw True False False -
private_0x00000000039e0000 0x039e0000 0x03adffff Private Memory rw True False False -
private_0x0000000003ae0000 0x03ae0000 0x03c6ffff Private Memory rw True False False -
private_0x0000000003ae0000 0x03ae0000 0x03b0ffff Private Memory rw True False False -
private_0x0000000003ae0000 0x03ae0000 0x03ae0fff Private Memory rw True False False -
private_0x0000000003af0000 0x03af0000 0x03af0fff Private Memory rw True False False -
private_0x0000000003b00000 0x03b00000 0x03b0ffff Private Memory rw True False False -
private_0x0000000003b10000 0x03b10000 0x03b10fff Private Memory rw True False False -
private_0x0000000003b20000 0x03b20000 0x03c1ffff Private Memory rw True False False -
c_20127.nls 0x03b20000 0x03b30fff Memory Mapped File r False False False -
pagefile_0x0000000003c20000 0x03c20000 0x03c21fff Pagefile Backed Memory r True False False -
private_0x0000000003c30000 0x03c30000 0x03c6ffff Private Memory rw True False False -
staticcache.dat 0x03c70000 0x0459ffff Memory Mapped File r False False False -
private_0x00000000045a0000 0x045a0000 0x046dffff Private Memory rw True False False -
pagefile_0x00000000046e0000 0x046e0000 0x046e0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000046f0000 0x046f0000 0x046f0fff Pagefile Backed Memory r True False False -
oleaccrc.dll 0x04700000 0x04700fff Memory Mapped File r False False False -
pagefile_0x0000000004710000 0x04710000 0x04711fff Pagefile Backed Memory r True False False -
private_0x0000000004720000 0x04720000 0x0481ffff Private Memory rw True False False -
cversions.1.db 0x04820000 0x04823fff Memory Mapped File r True False False -
cversions.2.db 0x04820000 0x04823fff Memory Mapped File r True False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001a.db 0x04830000 0x0484efff Memory Mapped File r True False False -
pagefile_0x0000000004850000 0x04850000 0x04850fff Pagefile Backed Memory rw True False False -
private_0x0000000004860000 0x04860000 0x04960fff Private Memory rw True False False -
{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db 0x04860000 0x0488ffff Memory Mapped File r True False False -
cversions.2.db 0x04890000 0x04893fff Memory Mapped File r True False False -
{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db 0x048a0000 0x04905fff Memory Mapped File r True False False -
pagefile_0x0000000004910000 0x04910000 0x04910fff Pagefile Backed Memory rw True False False -
private_0x0000000004920000 0x04920000 0x04a1ffff Private Memory rw True False False -
ieframe.dll 0x6cff0000 0x6da6ffff Memory Mapped File rwx False False False -
security.dll 0x6de20000 0x6de22fff Memory Mapped File rwx False False False -
winmm.dll 0x6e9f0000 0x6ea21fff Memory Mapped File rwx False False False -
webio.dll 0x6fcf0000 0x6fd3efff Memory Mapped File rwx False False False -
winhttp.dll 0x6fd40000 0x6fd97fff Memory Mapped File rwx False False False -
winspool.drv 0x70200000 0x70250fff Memory Mapped File rwx False False False -
apphelp.dll 0x718b0000 0x718fbfff Memory Mapped File rwx False False False -
olepro32.dll 0x71de0000 0x71df8fff Memory Mapped File rwx False False False -
faultrep.dll 0x71e00000 0x71e51fff Memory Mapped File rwx False False False -
wsock32.dll 0x71e60000 0x71e66fff Memory Mapped File rwx False False False -
shfolder.dll 0x71f00000 0x71f04fff Memory Mapped File rwx False False False -
msimg32.dll 0x71f50000 0x71f54fff Memory Mapped File rwx False False False -
oleacc.dll 0x72360000 0x7239bfff Memory Mapped File rwx False False False -
ntmarta.dll 0x73c00000 0x73c20fff Memory Mapped File rwx False False False -
wkscli.dll 0x73c40000 0x73c4efff Memory Mapped File rwx False False False -
netutils.dll 0x73c50000 0x73c58fff Memory Mapped File rwx False False False -
netapi32.dll 0x73c60000 0x73c70fff Memory Mapped File rwx False False False -
wtsapi32.dll 0x73d60000 0x73d6cfff Memory Mapped File rwx False False False -
dwmapi.dll 0x73eb0000 0x73ec2fff Memory Mapped File rwx False False False -
gdiplus.dll 0x74050000 0x741dffff Memory Mapped File rwx False False False -
uxtheme.dll 0x741e0000 0x7421ffff Memory Mapped File rwx False False False -
propsys.dll 0x74220000 0x74314fff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
version.dll 0x748d0000 0x748d8fff Memory Mapped File rwx False False False -
srvcli.dll 0x75220000 0x75238fff Memory Mapped File rwx False False False -
secur32.dll 0x75290000 0x75297fff Memory Mapped File rwx False False False -
sspicli.dll 0x752b0000 0x752cafff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
winsta.dll 0x75340000 0x75368fff Memory Mapped File rwx False False False -
profapi.dll 0x75380000 0x7538afff Memory Mapped File rwx False False False -
msasn1.dll 0x753f0000 0x753fbfff Memory Mapped File rwx False False False -
devobj.dll 0x75400000 0x75411fff Memory Mapped File rwx False False False -
crypt32.dll 0x75420000 0x7553cfff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
cfgmgr32.dll 0x75590000 0x755b6fff Memory Mapped File rwx False False False -
wintrust.dll 0x75650000 0x7567cfff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
wldap32.dll 0x75730000 0x75774fff Memory Mapped File rwx False False False -
clbcatq.dll 0x75780000 0x75802fff Memory Mapped File rwx False False False -
nsi.dll 0x75810000 0x75815fff Memory Mapped File rwx False False False -
psapi.dll 0x75820000 0x75824fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
setupapi.dll 0x764b0000 0x7664cfff Memory Mapped File rwx False False False -
wininet.dll 0x76650000 0x76744fff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
urlmon.dll 0x76e70000 0x76fa5fff Memory Mapped File rwx False False False -
iertutil.dll 0x76fb0000 0x771aafff Memory Mapped File rwx False False False -
comdlg32.dll 0x771b0000 0x7722afff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
ws2_32.dll 0x77380000 0x773b4fff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffd8000 0x7ffd8000 0x7ffd8fff Private Memory rw True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory rw True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory rw True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Hook Information
»
Type Installer Target Size Information Actions
Code installer.exe:+0xb0db6 kernel32.dll:CreateThread+0x1c 4 bytes -
...
Code installer.exe:+0xb10f8 kernel32.dll:CreateThread+0x1c 4 bytes -
...
IAT installer.exe:+0x7549e 53. entry of shlwapi.dll 4 bytes kernel32.dll:QueueUserWorkItem+0x0 now points to installer.exe:__dbk_fcall_wrapper+0x9ed44
...
IAT installer.exe:+0x7549e 53. entry of shlwapi.dll 4 bytes installer.exe:__dbk_fcall_wrapper+0x9ed44 now points to kernel32.dll:QueueUserWorkItem+0x0
...
IAT installer.exe:+0x7549e 1140. entry of shell32.dll 4 bytes kernel32.dll:QueueUserWorkItem+0x0 now points to installer.exe:__dbk_fcall_wrapper+0x9ed44
...
IAT installer.exe:+0x7549e 1140. entry of shell32.dll 4 bytes installer.exe:__dbk_fcall_wrapper+0x9ed44 now points to kernel32.dll:QueueUserWorkItem+0x0
...
Host Behavior
File (205)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\killself.bat desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create Directory C:\Users\EEBsYm5\AppData\Local\Temp\ - False 1
Fn
Create Directory C:\Users\EEBsYm5\AppData\Local\Temp\installer.madExcept - True 1
Fn
Create Pipe Anonymous read pipe size = 0 True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\installer.madExcept\ type = file_attributes True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe type = size True 1
Fn
Open Mapping madExceptRestart$f20 desired_access = FILE_MAP_READ False 1
Fn
Open Mapping madExceptSettingsBuf2$f20 desired_access = FILE_MAP_WRITE, FILE_MAP_READ False 1
Fn
Read - size = 144, size_out = 0 False 191
Fn
Read - size = 144, size_out = 144 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Local\Temp\killself.bat size = 422 True 1
Fn
Data
Delete Directory C:\Users\EEBsYm5\AppData\Local\Temp\installer.madExcept\ - True 1
Fn
Delete C:\Users\EEBsYm5\AppData\Local\Temp\installer.madExcept\. - False 1
Fn
Delete C:\Users\EEBsYm5\AppData\Local\Temp\installer.madExcept\.. - False 1
Fn
Registry (410)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Embarcadero\Locales - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales - False 2
Fn
Open Key HKEY_CURRENT_USER\Software\CodeGear\Locales - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\CodeGear\Locales - False 2
Fn
Open Key HKEY_CURRENT_USER\Software\Borland\Locales - False 2
Fn
Open Key HKEY_CURRENT_USER\Software\Borland\Delphi\Locales - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = InstallDate, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = InstallDate, data = 1496235695, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = ProductName, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = ProductName, data = Windows 7 Professional, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = ProductId, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = ProductId, data = 00371-223-0192682-86871, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography value_name = MachineGuid, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography value_name = MachineGuid, data = cdd36b99-6027-4bbf-bf10-e7f8b416e3fb, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Display, data = (UTC+04:30) Kabul, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Std, data = Afghanistan Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Dlt, data = Afghanistan Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Display, data = (UTC-09:00) Alaska, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Std, data = Alaskan Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Dlt, data = Alaskan Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST value_name = LastEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST value_name = 2006, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST value_name = 2007, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Display, data = (UTC+03:00) Kuwait, Riyadh, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Std, data = Arab Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Dlt, data = Arab Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Display, data = (UTC+04:00) Abu Dhabi, Muscat, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Std, data = Arabian Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Dlt, data = Arabian Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Display, data = (UTC+03:00) Baghdad, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Std, data = Arabic Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Dlt, data = Arabic Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = LastEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = 2006, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = 2007, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = 2008, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Display, data = (UTC-03:00) Buenos Aires, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Std, data = Argentina Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Dlt, data = Argentina Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = LastEntry, data = 2010, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = 2006, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = 2007, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = 2008, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = 2009, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = 2010, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Display, data = (UTC-04:00) Atlantic Time (Canada), type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Std, data = Atlantic Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Dlt, data = Atlantic Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST value_name = LastEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST value_name = 2006, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST value_name = 2007, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Display, data = (UTC+09:30) Darwin, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Std, data = AUS Central Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Dlt, data = AUS Central Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Display, data = (UTC+10:00) Canberra, Melbourne, Sydney, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Std, data = AUS Eastern Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Dlt, data = AUS Eastern Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST value_name = FirstEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST value_name = LastEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST value_name = 2007, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST value_name = 2008, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Display, data = (UTC+04:00) Baku, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Std, data = Azerbaijan Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Dlt, data = Azerbaijan Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Display, data = (UTC-01:00) Azores, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Std, data = Azores Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Dlt, data = Azores Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Display, data = (UTC+06:00) Dhaka, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Std, data = Bangladesh Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Dlt, data = Bangladesh Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = FirstEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = LastEntry, data = 2010, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = 2008, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = 2009, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = 2010, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Display, data = (UTC-06:00) Saskatchewan, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Std, data = Canada Central Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Dlt, data = Canada Central Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time value_name = Display, data = (UTC-01:00) Cape Verde Is., type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time value_name = Std, data = Cape Verde Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time value_name = Dlt, data = Cape Verde Daylight Time, type = REG_SZ True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 2
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time - True 1
Fn
Process (2)
»
Operation Process Additional Information Success Count Logfile
Create msiexec show_window = SW_SHOWNORMAL True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\killself.bat os_pid = 0x894, creation_flags = CREATE_NORMAL_PRIORITY_CLASS, show_window = SW_HIDE True 1
Fn
Thread (2)
»
Operation Process Additional Information Success Count Logfile
Create c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe proc_address = 0x4b050c, proc_parameter = 31331680, flags = THREAD_RUNS_IMMEDIATELY True 1
Fn
Open - os_tid = 0xf28 True 1
Fn
Module (574)
»
Operation Module Additional Information Success Count Logfile
Load kernel32.dll base_address = 0x76910000 True 33
Fn
Load FaultRep.dll base_address = 0x71e00000 True 1
Fn
Load wtsapi32.dll base_address = 0x73d60000 True 1
Fn
Load uxtheme.dll base_address = 0x741e0000 True 2
Fn
Load olepro32.dll base_address = 0x71de0000 True 1
Fn
Load security.dll base_address = 0x6de20000 True 1
Fn
Load UxTheme.dll base_address = 0x741e0000 True 1
Fn
Load Shcore.dll base_address = 0x0 False 1
Fn
Load user32.dll base_address = 0x76b40000 True 1
Fn
Load gdiplus.dll base_address = 0x74050000 True 1
Fn
Load dwmapi.dll base_address = 0x73eb0000 True 1
Fn
Get Handle c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe base_address = 0x400000 True 5
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76910000 True 13
Fn
Get Handle c:\windows\system32\oleaut32.dll base_address = 0x76c10000 True 1
Fn
Get Handle c:\windows\system32\ntdll.dll base_address = 0x77230000 True 3
Fn
Get Handle c:\windows\system32\advapi32.dll base_address = 0x769f0000 True 2
Fn
Get Handle vcl320.bpl base_address = 0x0 False 1
Fn
Get Handle c:\windows\system32\user32.dll base_address = 0x76b40000 True 9
Fn
Get Handle c:\windows\system32\msvcrt.dll base_address = 0x76a90000 True 2
Fn
Get Handle c:\windows\system32\kernelbase.dll base_address = 0x75540000 True 1
Fn
Get Handle c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll base_address = 0x74360000 True 1
Fn
Get Filename c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 522 True 1
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 261 True 2
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 260 True 1
Fn
Get Filename c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 260 True 4
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 12
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 260 False 40
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\winmm.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\webio.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\winhttp.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\winspool.drv, size = 260 True 2
Fn
Get Filename c:\windows\system32\faultrep.dll process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\FaultRep.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\wsock32.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\SHFolder.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\ntmarta.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\wkscli.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\netutils.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\netapi32.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\version.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\srvcli.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\MSASN1.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\CRYPT32.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\KERNELBASE.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\wintrust.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\RPCRT4.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\WLDAP32.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\NSI.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\SHELL32.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\LPK.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 260 True 1
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\wininet.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\ole32.dll, size = 260 True 1
Fn
Get Filename c:\windows\system32\kernel32.dll process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 260 True 3
Fn
Get Filename c:\windows\system32\advapi32.dll process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\ADVAPI32.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\msvcrt.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\USER32.dll, size = 260 True 1
Fn
Get Filename c:\windows\system32\oleaut32.dll process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\OLEAUT32.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\MSCTF.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\USP10.dll, size = 260 True 1
Fn
Get Filename c:\windows\system32\kernelbase.dll process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\KERNELBASE.dll, size = 260 True 1
Fn
Get Filename c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 256 True 1
Fn
Get Filename vcl320.bpl process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 261 True 1
Fn
Get Filename c:\windows\system32\kernel32.dll process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 261 True 1
Fn
Get Filename Shcore.dll process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 261 True 3
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, size = 260 False 13
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\System32\ieframe.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\apphelp.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\System32\OLEACC.dll, size = 260 True 1
Fn
Get Filename c:\windows\system32\wtsapi32.dll process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\wtsapi32.dll, size = 260 True 1
Fn
Get Filename c:\windows\system32\dwmapi.dll process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\dwmapi.dll, size = 260 True 1
Fn
Get Filename c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 260 True 1
Fn
Get Filename c:\windows\system32\uxtheme.dll process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\PROPSYS.dll, size = 260 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetThreadPreferredUILanguages, address_out = 0x769522d7 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadPreferredUILanguages, address_out = 0x7694e627 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetThreadUILanguage, address_out = 0x7694ae42 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetNativeSystemInfo, address_out = 0x7694be77 True 2
Fn
Get Address c:\windows\system32\kernel32.dll function = GetDiskFreeSpaceExW, address_out = 0x7694de40 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetLogicalProcessorInformation, address_out = 0x76942004 True 2
Fn
Get Address c:\windows\system32\oleaut32.dll function = VariantChangeTypeEx, address_out = 0x76c14c28 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarNeg, address_out = 0x76c8c802 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarNot, address_out = 0x76c8ec66 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarAdd, address_out = 0x76c35934 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarSub, address_out = 0x76c8d332 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarMul, address_out = 0x76c8dbd4 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarDiv, address_out = 0x76c8e405 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarIdiv, address_out = 0x76c8f00a True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarMod, address_out = 0x76c8f15e True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarAnd, address_out = 0x76c35a98 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarOr, address_out = 0x76c8ecfa True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarXor, address_out = 0x76c8ee2e True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarCmp, address_out = 0x76c2b0dc True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarI4FromStr, address_out = 0x76c26fab True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarR4FromStr, address_out = 0x76c301a0 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarR8FromStr, address_out = 0x76c2699e True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarDateFromStr, address_out = 0x76c36ba7 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarCyFromStr, address_out = 0x76c56c12 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarBoolFromStr, address_out = 0x76c2dbd1 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarBstrFromCy, address_out = 0x76c37fdc True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarBstrFromDate, address_out = 0x76c27a2a True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarBstrFromBool, address_out = 0x76c30355 True 1
Fn
Get Address c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe function = GetLeakReport, address_out = 0x0 False 1
Fn
Get Address c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe function = @Madexcept@initialization$qqrv, address_out = 0x0 False 1
Fn
Get Address c:\windows\system32\faultrep.dll function = ReportFault, address_out = 0x71e05457 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = OpenThread, address_out = 0x76966733 True 1
Fn
Get Address c:\windows\system32\ntdll.dll function = NtOpenThread, address_out = 0x77275e08 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SetEntriesInAclA, address_out = 0x76a415e9 True 2
Fn
Get Address c:\windows\system32\ntdll.dll function = NtQuerySystemInformation, address_out = 0x772761f8 True 1
Fn
Get Address c:\windows\system32\ntdll.dll function = RtlGetVersion, address_out = 0x772965e3 True 1
Fn
Get Address Unknown module name address_out = 0x0 False 1
Fn
Get Address c:\windows\system32\user32.dll function = SetThreadDpiAwarenessContext, address_out = 0x0 False 1
Fn
Get Address c:\windows\system32\user32.dll function = ChangeWindowMessageFilterEx, address_out = 0x76b524c8 True 1
Fn
Get Address c:\windows\system32\msvcrt.dll function = _CxxThrowException, address_out = 0x76ab3557 True 2
Fn
Get Address c:\windows\system32\kernelbase.dll function = CreateRemoteThreadEx, address_out = 0x7554be34 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CreateThread, address_out = 0x7696375d True 1
Fn
Get Address c:\windows\system32\wtsapi32.dll function = WTSRegisterSessionNotification, address_out = 0x73d61cbc True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BufferedPaintInit, address_out = 0x741e940e True 2
Fn
Get Address c:\windows\system32\user32.dll function = AnimateWindow, address_out = 0x76b70620 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = InitializeFlatSB, address_out = 0x7443f803 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = UninitializeFlatSB, address_out = 0x7436d1ea True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_GetScrollProp, address_out = 0x7443f81f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_SetScrollProp, address_out = 0x743e07d0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_EnableScrollBar, address_out = 0x7443f84b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_ShowScrollBar, address_out = 0x7443f83a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_GetScrollRange, address_out = 0x7443f829 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_GetScrollInfo, address_out = 0x743e08b6 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_GetScrollPos, address_out = 0x7443f80e True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_SetScrollPos, address_out = 0x743e0894 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_SetScrollInfo, address_out = 0x743e08c7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_SetScrollRange, address_out = 0x743e08a5 True 1
Fn
Get Address c:\windows\system32\user32.dll function = SetLayeredWindowAttributes, address_out = 0x76b4a6dc True 1
Fn
Get Address c:\windows\system32\olepro32.dll function = OleCreatePropertyFrame, address_out = 0x71de20ea True 1
Fn
Get Address c:\windows\system32\olepro32.dll function = OleCreateFontIndirect, address_out = 0x71de20b7 True 1
Fn
Get Address c:\windows\system32\olepro32.dll function = OleCreatePictureIndirect, address_out = 0x71de20c8 True 1
Fn
Get Address c:\windows\system32\olepro32.dll function = OleLoadPicture, address_out = 0x71de20d9 True 1
Fn
Get Address c:\windows\system32\security.dll function = InitSecurityInterfaceW, address_out = 0x752b5b53 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = InitializeCriticalSection, address_out = 0x7728a149 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = OpenThemeData, address_out = 0x741e73d2 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = CloseThemeData, address_out = 0x741e6a18 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeBackground, address_out = 0x741e3982 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeText, address_out = 0x741e4ea1 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeBackgroundContentRect, address_out = 0x741ecd2e True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeBackgroundExtent, address_out = 0x741ef8bf True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemePartSize, address_out = 0x741ecdb1 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeTextExtent, address_out = 0x741e2d57 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeTextMetrics, address_out = 0x741ef992 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeBackgroundRegion, address_out = 0x741f165d True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = HitTestThemeBackground, address_out = 0x741f3ce3 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeEdge, address_out = 0x74203b52 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeIcon, address_out = 0x742135e7 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsThemePartDefined, address_out = 0x741e85b4 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsThemeBackgroundPartiallyTransparent, address_out = 0x741e60ab True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeColor, address_out = 0x741e616c True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeMetric, address_out = 0x741f06e2 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeString, address_out = 0x742122e4 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeBool, address_out = 0x741e7c1f True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeInt, address_out = 0x741e616c True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeEnumValue, address_out = 0x741e616c True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemePosition, address_out = 0x74212350 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeFont, address_out = 0x741eff21 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeRect, address_out = 0x741f3611 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeMargins, address_out = 0x741e86e9 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeIntList, address_out = 0x742123b1 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemePropertyOrigin, address_out = 0x74203fbb True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = SetWindowTheme, address_out = 0x741f0134 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeFilename, address_out = 0x74212412 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysColor, address_out = 0x74203274 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysColorBrush, address_out = 0x7421301e True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysBool, address_out = 0x74213172 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysSize, address_out = 0x7421320b True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysFont, address_out = 0x742129c4 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysString, address_out = 0x74212b3f True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysInt, address_out = 0x74212bd3 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsThemeActive, address_out = 0x741ef785 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsAppThemed, address_out = 0x741ef869 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetWindowTheme, address_out = 0x741edf46 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = EnableThemeDialogTexture, address_out = 0x741efcaf True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsThemeDialogTextureEnabled, address_out = 0x7421312b True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeAppProperties, address_out = 0x741f0fb1 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = SetThemeAppProperties, address_out = 0x74213296 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetCurrentThemeName, address_out = 0x741f05dd True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeDocumentationProperty, address_out = 0x74212932 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeParentBackground, address_out = 0x741e53e5 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = EnableTheming, address_out = 0x74212feb True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsWow64Process, address_out = 0x76954785 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = QueueUserWorkItem, address_out = 0x76953c22 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeTextEx, address_out = 0x741e63e6 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BeginBufferedPaint, address_out = 0x741e49a1 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BufferedPaintClear, address_out = 0x741e6395 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BufferedPaintSetAlpha, address_out = 0x741fe6b3 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BufferedPaintUnInit, address_out = 0x741e94ab True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = EndBufferedPaint, address_out = 0x741e3f9a True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BeginPanningFeedback, address_out = 0x74210731 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = UpdatePanningFeedback, address_out = 0x7421068d True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = EndPanningFeedback, address_out = 0x742106cc True 1
Fn
Get Address c:\windows\system32\user32.dll function = GetSystemMetricsForDpi, address_out = 0x0 False 1
Fn
Get Address c:\windows\system32\user32.dll function = GetGestureInfo, address_out = 0x76b8b30d True 1
Fn
Get Address c:\windows\system32\user32.dll function = CloseGestureInfoHandle, address_out = 0x76b8b38a True 1
Fn
Get Address c:\windows\system32\user32.dll function = SetGestureConfig, address_out = 0x76b44715 True 1
Fn
Get Address c:\windows\system32\user32.dll function = LogicalToPhysicalPoint, address_out = 0x76b76e4f True 1
Fn
Get Address c:\windows\system32\user32.dll function = PhysicalToLogicalPoint, address_out = 0x76b76e63 True 1
Fn
Get Address c:\windows\system32\user32.dll function = IsProcessDPIAware, address_out = 0x76b5212e True 1
Fn
Get Address c:\windows\system32\user32.dll function = WindowFromDC, address_out = 0x76b52116 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipAlloc, address_out = 0x74092437 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipFree, address_out = 0x740924b2 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdiplusStartup, address_out = 0x74075600 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdiplusShutdown, address_out = 0x740756be True 2
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCloneBrush, address_out = 0x7407d7e8 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDeleteBrush, address_out = 0x7407d8c2 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetBrushType, address_out = 0x7407d95f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateSolidFill, address_out = 0x7409701b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetSolidFillColor, address_out = 0x7407dfe0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetSolidFillColor, address_out = 0x7407e083 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreatePathGradient, address_out = 0x7409682f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreatePathGradientI, address_out = 0x740968f1 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreatePathGradientFromPath, address_out = 0x74096a43 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientCenterColor, address_out = 0x7407f0ce True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientCenterColor, address_out = 0x7407f196 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientSurroundColorsWithCount, address_out = 0x7407f23a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientSurroundColorsWithCount, address_out = 0x7407f368 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientPath, address_out = 0x7407f524 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientPath, address_out = 0x7407f524 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientCenterPoint, address_out = 0x7407f567 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientCenterPointI, address_out = 0x7407f621 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientCenterPoint, address_out = 0x7407f6b5 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientCenterPointI, address_out = 0x7407f76f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientRect, address_out = 0x7407f94a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientRectI, address_out = 0x7407f9ff True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientPointCount, address_out = 0x7407f7dd True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientSurroundColorCount, address_out = 0x7407f890 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientGammaCorrection, address_out = 0x7407fab7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientGammaCorrection, address_out = 0x7407fb54 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientBlendCount, address_out = 0x7407e7f0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientBlend, address_out = 0x7407fc07 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientBlend, address_out = 0x7407e97a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientPresetBlendCount, address_out = 0x7407fcdb True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientPresetBlend, address_out = 0x7407fd95 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientPresetBlend, address_out = 0x7407ff41 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientSigmaBlend, address_out = 0x74080184 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientLinearBlend, address_out = 0x7407eeb7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientWrapMode, address_out = 0x7407f01b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientWrapMode, address_out = 0x74080236 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientTransform, address_out = 0x740802da True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientTransform, address_out = 0x7407dc34 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipResetPathGradientTransform, address_out = 0x7407dd3d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipMultiplyPathGradientTransform, address_out = 0x740803e3 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipTranslatePathGradientTransform, address_out = 0x740804fc True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipScalePathGradientTransform, address_out = 0x740805d5 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipRotatePathGradientTransform, address_out = 0x7407dde0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientFocusScales, address_out = 0x740806ae True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientFocusScales, address_out = 0x74080793 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrush, address_out = 0x7407e139 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrushI, address_out = 0x7407e22f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrushFromRect, address_out = 0x7407e2fe True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrushFromRectI, address_out = 0x7407e3ee True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrushFromRectWithAngle, address_out = 0x7407e4b6 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrushFromRectWithAngleI, address_out = 0x7407e5ad True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineRect, address_out = 0x7407f94a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineRectI, address_out = 0x7407f9ff True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineColors, address_out = 0x7407e67c True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineColors, address_out = 0x7407e731 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineGammaCorrection, address_out = 0x74075765 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineGammaCorrection, address_out = 0x740757be True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineBlendCount, address_out = 0x7407e7f0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineBlend, address_out = 0x7407e8a6 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineBlend, address_out = 0x7407e97a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLinePresetBlendCount, address_out = 0x7407fcdb True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLinePresetBlend, address_out = 0x7407ea4e True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLinePresetBlend, address_out = 0x7407ec63 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineSigmaBlend, address_out = 0x74080184 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineLinearBlend, address_out = 0x7407eeb7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineWrapMode, address_out = 0x7407ef69 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineWrapMode, address_out = 0x7407f01b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineTransform, address_out = 0x740802da True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineTransform, address_out = 0x7407dc34 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipResetLineTransform, address_out = 0x7407dd3d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipMultiplyLineTransform, address_out = 0x740803e3 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipTranslateLineTransform, address_out = 0x740804fc True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipScaleLineTransform, address_out = 0x740805d5 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipRotateLineTransform, address_out = 0x7407dde0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateHatchBrush, address_out = 0x74096266 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetHatchStyle, address_out = 0x7407da12 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetHatchForegroundColor, address_out = 0x7407dac8 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetHatchBackgroundColor, address_out = 0x7407db7e True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreatePen1, address_out = 0x7408083a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreatePen2, address_out = 0x7408096b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipClonePen, address_out = 0x74080abe True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDeletePen, address_out = 0x74080b95 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenFillType, address_out = 0x74082491 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenBrushFill, address_out = 0x740822c1 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenBrushFill, address_out = 0x740823cc True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenColor, address_out = 0x74082157 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenColor, address_out = 0x74082201 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenMode, address_out = 0x740819cc True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenMode, address_out = 0x74081a6f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenUnit, address_out = 0x74080d9b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenUnit, address_out = 0x74080e5a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenWidth, address_out = 0x74080c4d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenWidth, address_out = 0x74080ceb True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenDashStyle, address_out = 0x7408254e True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenDashStyle, address_out = 0x740825fe True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenLineCap197819, address_out = 0x74080f0a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenStartCap, address_out = 0x74080fb1 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenEndCap, address_out = 0x74081052 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenDashCap197819, address_out = 0x740810f3 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenStartCap, address_out = 0x74081194 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenEndCap, address_out = 0x74081244 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenDashCap197819, address_out = 0x740812f4 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenLineJoin, address_out = 0x740813ab True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenLineJoin, address_out = 0x74081449 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenCustomStartCap, address_out = 0x740814f9 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenCustomStartCap, address_out = 0x74081601 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenCustomEndCap, address_out = 0x740816b8 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenCustomEndCap, address_out = 0x740817c0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenMiterLimit, address_out = 0x74081877 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenMiterLimit, address_out = 0x7408191c True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenTransform, address_out = 0x74081b1f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenTransform, address_out = 0x74081c25 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipResetPenTransform, address_out = 0x74081d2b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipMultiplyPenTransform, address_out = 0x74081dcb True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipTranslatePenTransform, address_out = 0x74081ee1 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipScalePenTransform, address_out = 0x74081fb7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipRotatePenTransform, address_out = 0x7408208d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenDashOffset, address_out = 0x7408269f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenDashOffset, address_out = 0x7408274f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenDashCount, address_out = 0x740827ed True 1
Fn
Get Address c:\windows\system32\user32.dll function = EnableNonClientDpiScaling, address_out = 0x0 False 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmDefWindowProc, address_out = 0x73eb3df4 True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmEnableBlurBehindWindow, address_out = 0x73eb2945 True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmEnableComposition, address_out = 0x73eb720a True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmEnableMMCSS, address_out = 0x73eb37dd True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmExtendFrameIntoClientArea, address_out = 0x73eb3510 True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmGetColorizationColor, address_out = 0x73eb6f9a True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmGetWindowAttribute, address_out = 0x73eb1c76 True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmIsCompositionEnabled, address_out = 0x73eb1610 True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmSetWindowAttribute, address_out = 0x73eb16c0 True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmSetIconicThumbnail, address_out = 0x73eb85ea True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmSetIconicLivePreviewBitmap, address_out = 0x73eb88fd True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmInvalidateIconicBitmaps, address_out = 0x73eb3742 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetDynamicTimeZoneInformation, address_out = 0x76942565 True 1
Fn
Get Address c:\windows\system32\user32.dll function = UpdateLayeredWindow, address_out = 0x76b4a420 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 30
Fn
Create Mapping - filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 4 True 1
Fn
Create Mapping C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Create Mapping - filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 20 True 1
Fn
Map - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, desired_access = FILE_MAP_ALL_ACCESS True 1
Fn
Map C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, desired_access = FILE_MAP_READ True 1
Fn
Map - process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, desired_access = FILE_MAP_ALL_ACCESS True 1
Fn
Window (13)
»
Operation Window Name Additional Information Success Count Logfile
Create - wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Create installer class_name = TApplication, wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 4067311 True 1
Fn
Set Attribute installer class_name = TApplication, index = 18446744073709551612, new_long = 4067298 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 4067272 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 4067259 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 4067246 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 4067233 True 1
Fn
System (223)
»
Operation Additional Information Success Count Logfile
Get Computer Name result_out = CRH2YWU7 True 1
Fn
Get Computer Name result_out = cRh2YWu7, type = ComputerNameDnsFullyQualified True 2
Fn
Get Time type = Local Time, time = 2018-08-28 08:29:59 (Local Time) True 64
Fn
Register Hook type = WH_CBT, hookproc_address = 0x65b278 True 1
Fn
Register Hook type = WH_CALLWNDPROC, hookproc_address = 0x9cdb7c True 1
Fn
Get Info type = Operating System True 142
Fn
Get Info type = Hardware Information True 4
Fn
Get Info type = Operating System True 5
Fn
Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Get Info type = Operating System False 1
Fn
Mutex (14)
»
Operation Additional Information Success Count Logfile
Create mutex_name = madExceptSettingsMtx$f20 True 1
Fn
Create - True 1
Fn
Create - True 1
Fn
Create - True 1
Fn
Create mutex_name = madExceptSettingsMtx$f20 True 1
Fn
Release mutex_name = madExceptSettingsMtx$f20 True 1
Fn
Release - True 3
Fn
Release - True 4
Fn
Release mutex_name = madExceptSettingsMtx$f20 True 1
Fn
Process #23: msiexec.exe
13 0
»
Information Value
ID #23
File Name c:\windows\system32\msiexec.exe
Command Line "C:\Windows\System32\msiexec.exe" /i "C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi" /qn
Initial Working Directory C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\
Monitor Start Time: 00:03:22, Reason: Child Process
Unmonitor End Time: 00:03:44, Reason: Self Terminated
Monitor Duration 00:00:22
OS Process Information
»
Information Value
PID 0xf40
Parent PID 0xf20 (c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x F44
0x F48
0x F4C
0x F50
0x F54
0x F58
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x00026fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000040000 0x00040000 0x00041fff Pagefile Backed Memory r True False False -
locale.nls 0x00050000 0x000b6fff Memory Mapped File r False False False -
pagefile_0x00000000000c0000 0x000c0000 0x000c1fff Pagefile Backed Memory rw True False False -
private_0x00000000000d0000 0x000d0000 0x0010ffff Private Memory rw True False False -
pagefile_0x0000000000110000 0x00110000 0x001d7fff Pagefile Backed Memory r True False False -
msiexec.exe.mui 0x001e0000 0x001e0fff Memory Mapped File rw False False False -
private_0x00000000001f0000 0x001f0000 0x001f0fff Private Memory rw True False False -
private_0x0000000000200000 0x00200000 0x00200fff Private Memory rw True False False -
windowsshell.manifest 0x00210000 0x00210fff Memory Mapped File r False False False -
pagefile_0x0000000000210000 0x00210000 0x00210fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000220000 0x00220000 0x00221fff Pagefile Backed Memory r True False False -
rsaenh.dll 0x00230000 0x0026bfff Memory Mapped File r False False False -
private_0x0000000000230000 0x00230000 0x002affff Private Memory rw True False False -
msimsg.dll.mui 0x002b0000 0x002c3fff Memory Mapped File rw False False False -
pagefile_0x00000000002d0000 0x002d0000 0x002d0fff Pagefile Backed Memory r True False False -
private_0x00000000002e0000 0x002e0000 0x002effff Private Memory rw True False False -
pagefile_0x00000000002f0000 0x002f0000 0x002f2fff Pagefile Backed Memory rw True False False -
private_0x0000000000300000 0x00300000 0x003fffff Private Memory rw True False False -
pagefile_0x0000000000400000 0x00400000 0x00500fff Pagefile Backed Memory r True False False -
rpcss.dll 0x00510000 0x0056bfff Memory Mapped File r False False False -
private_0x0000000000510000 0x00510000 0x006bffff Private Memory rw True False False -
pagefile_0x0000000000510000 0x00510000 0x005eefff Pagefile Backed Memory r True False False -
private_0x00000000005f0000 0x005f0000 0x0062ffff Private Memory rw True False False -
pagefile_0x0000000000630000 0x00630000 0x00630fff Pagefile Backed Memory rw True False False -
private_0x0000000000680000 0x00680000 0x006bffff Private Memory rw True False False -
private_0x0000000000740000 0x00740000 0x0077ffff Private Memory rw True False False -
msiexec.exe 0x00780000 0x00793fff Memory Mapped File rwx True False False -
pagefile_0x00000000007a0000 0x007a0000 0x0139ffff Pagefile Backed Memory r True False False -
sortdefault.nls 0x013a0000 0x0166efff Memory Mapped File r False False False -
pagefile_0x0000000001670000 0x01670000 0x01a6ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000001a70000 0x01a70000 0x023aefff Pagefile Backed Memory r True False False -
private_0x0000000001aa0000 0x01aa0000 0x01adffff Private Memory rw True False False -
private_0x0000000001af0000 0x01af0000 0x01b2ffff Private Memory rw True False False -
private_0x0000000001b60000 0x01b60000 0x01b9ffff Private Memory rw True False False -
msi.dll 0x6f040000 0x6f27ffff Memory Mapped File rwx False False False -
msimsg.dll 0x71f40000 0x71f46fff Memory Mapped File rwx False False False -
wkscli.dll 0x73c40000 0x73c4efff Memory Mapped File rwx False False False -
netutils.dll 0x73c50000 0x73c58fff Memory Mapped File rwx False False False -
netapi32.dll 0x73c60000 0x73c70fff Memory Mapped File rwx False False False -
uxtheme.dll 0x741e0000 0x7421ffff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74bf0000 0x74c2afff Memory Mapped File rwx False False False -
cryptsp.dll 0x74e50000 0x74e65fff Memory Mapped File rwx False False False -
srvcli.dll 0x75220000 0x75238fff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x75370000 0x7537dfff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
clbcatq.dll 0x75780000 0x75802fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory rw True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory rw True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Host Behavior
File (2)
»
Operation Filename Additional Information Success Count Logfile
Get Info STD_OUTPUT_HANDLE type = file_type False 1
Fn
Open STD_OUTPUT_HANDLE - True 1
Fn
Process (1)
»
Operation Process Additional Information Success Count Logfile
Get Info c:\windows\system32\msiexec.exe type = PROCESS_WOW64_INFORMATION True 1
Fn
Module (5)
»
Operation Module Additional Information Success Count Logfile
Load COMCTL32 base_address = 0x74360000 True 1
Fn
Get Handle c:\windows\system32\msiexec.exe base_address = 0x780000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76910000 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = InitCommonControlsEx, address_out = 0x743809ce True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = HeapSetInformation, address_out = 0x76964157 True 1
Fn
System (5)
»
Operation Additional Information Success Count Logfile
Get Time type = System Time, time = 1627-02-08 02:09:32 (UTC) True 1
Fn
Get Time type = Ticks, time = 236232 True 1
Fn
Get Info type = Operating System True 2
Fn
Get Info type = Operating System True 1
Fn
Process #24: msiexec.exe
70 0
»
Information Value
ID #24
File Name c:\windows\system32\msiexec.exe
Command Line C:\Windows\system32\MsiExec.exe -Embedding A4D0C1CE16160E0F223C158924CA3115
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:23, Reason: Child Process
Unmonitor End Time: 00:03:43, Reason: Self Terminated
Monitor Duration 00:00:20
OS Process Information
»
Information Value
PID 0xf68
Parent PID 0xa44 (c:\windows\system32\msiexec.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x F6C
0x F70
0x F74
0x F78
0x F7C
0x F80
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x00026fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000040000 0x00040000 0x00041fff Pagefile Backed Memory r True False False -
locale.nls 0x00050000 0x000b6fff Memory Mapped File r False False False -
pagefile_0x00000000000c0000 0x000c0000 0x000c1fff Pagefile Backed Memory rw True False False -
msiexec.exe.mui 0x000d0000 0x000d0fff Memory Mapped File rw False False False -
private_0x00000000000e0000 0x000e0000 0x000effff Private Memory rw True False False -
private_0x00000000000f0000 0x000f0000 0x000f0fff Private Memory rw True False False -
private_0x0000000000100000 0x00100000 0x00100fff Private Memory rw True False False -
windowsshell.manifest 0x00110000 0x00110fff Memory Mapped File r False False False -
pagefile_0x0000000000110000 0x00110000 0x00110fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000120000 0x00120000 0x00121fff Pagefile Backed Memory r True False False -
rpcss.dll 0x00130000 0x0018bfff Memory Mapped File r False False False -
pagefile_0x0000000000130000 0x00130000 0x00130fff Pagefile Backed Memory r True False False -
rsaenh.dll 0x00140000 0x0017bfff Memory Mapped File r False False False -
pagefile_0x0000000000140000 0x00140000 0x00140fff Pagefile Backed Memory r True False False -
private_0x0000000000190000 0x00190000 0x001cffff Private Memory rw True False False -
private_0x0000000000240000 0x00240000 0x0027ffff Private Memory rw True False False -
private_0x0000000000280000 0x00280000 0x0037ffff Private Memory rw True False False -
pagefile_0x0000000000380000 0x00380000 0x00447fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000450000 0x00450000 0x00550fff Pagefile Backed Memory r True False False -
private_0x00000000005e0000 0x005e0000 0x0061ffff Private Memory rw True False False -
private_0x0000000000690000 0x00690000 0x006cffff Private Memory rw True False False -
private_0x00000000006d0000 0x006d0000 0x0070ffff Private Memory rw True False False -
private_0x0000000000730000 0x00730000 0x0076ffff Private Memory rw True False False -
msiexec.exe 0x00780000 0x00793fff Memory Mapped File rwx True False False -
pagefile_0x00000000007a0000 0x007a0000 0x0139ffff Pagefile Backed Memory r True False False -
sortdefault.nls 0x013a0000 0x0166efff Memory Mapped File r False False False -
msia089.tmp 0x10000000 0x10029fff Memory Mapped File rwx True True False
...
msi.dll 0x6f040000 0x6f27ffff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74bf0000 0x74c2afff Memory Mapped File rwx False False False -
cryptsp.dll 0x74e50000 0x74e65fff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x75370000 0x7537dfff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
clbcatq.dll 0x75780000 0x75802fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
comdlg32.dll 0x771b0000 0x7722afff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffd5000 0x7ffd5000 0x7ffd5fff Private Memory rw True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory rw True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Host Behavior
COM (1)
»
Operation Class Interface Additional Information Success Count Logfile
Create 000C101C-0000-0000-C000-000000000046 00000000-0000-0000-C000-000000000046 cls_context = CLSCTX_LOCAL_SERVER True 1
Fn
File (5)
»
Operation Filename Additional Information Success Count Logfile
Get Info STD_OUTPUT_HANDLE type = file_type False 1
Fn
Open STD_OUTPUT_HANDLE - True 2
Fn
Open STD_INPUT_HANDLE - True 1
Fn
Open STD_ERROR_HANDLE - True 1
Fn
Registry (1)
»
Operation Key Additional Information Success Count Logfile
Enumerate Keys HKEY_CURRENT_USER - False 1
Fn
Process (2)
»
Operation Process Additional Information Success Count Logfile
Get Info c:\windows\system32\msiexec.exe type = PROCESS_WOW64_INFORMATION True 1
Fn
Open c:\windows\system32\msiexec.exe desired_access = SYNCHRONIZE True 1
Fn
Module (47)
»
Operation Module Additional Information Success Count Logfile
Load COMCTL32 base_address = 0x74360000 True 1
Fn
Load C:\Windows\system32\OLE32.DLL base_address = 0x76750000 True 1
Fn
Load Msi.dll base_address = 0x6f040000 True 1
Fn
Get Handle c:\windows\system32\msiexec.exe base_address = 0x780000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76910000 True 4
Fn
Get Filename - process_name = c:\windows\system32\msiexec.exe, file_name_orig = C:\Windows\system32\MsiExec.exe, size = 260 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = InitCommonControlsEx, address_out = 0x743809ce True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoInitializeEx, address_out = 0x767909ad True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoInitializeSecurity, address_out = 0x76777259 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoCreateInstance, address_out = 0x76799d0b True 1
Fn
Get Address c:\windows\system32\msi.dll function = DllGetClassObject, address_out = 0x6f06183e True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoIsHandlerConnected, address_out = 0x768139b5 True 1
Fn
Get Address c:\windows\system32\kernel32.dll address_out = 0x7696418d True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = FlsFree, address_out = 0x76961f61 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = FlsGetValue, address_out = 0x76961e16 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = FlsSetValue, address_out = 0x769676e6 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = InitializeCriticalSectionEx, address_out = 0x76963879 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CreateSemaphoreExW, address_out = 0x76942111 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadStackGuarantee, address_out = 0x76952510 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CreateThreadpoolTimer, address_out = 0x7694b009 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadpoolTimer, address_out = 0x772589be True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = WaitForThreadpoolTimerCallbacks, address_out = 0x7724c02a True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CloseThreadpoolTimer, address_out = 0x7724c0d2 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CreateThreadpoolWait, address_out = 0x76943f78 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadpoolWait, address_out = 0x77258bfb True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CloseThreadpoolWait, address_out = 0x7724b567 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = FlushProcessWriteBuffers, address_out = 0x77275998 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = FreeLibraryWhenCallbackReturns, address_out = 0x77242251 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetCurrentProcessorNumber, address_out = 0x772428f6 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetLogicalProcessorInformation, address_out = 0x76942004 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CreateSymbolicLinkW, address_out = 0x76999aa9 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetDefaultDllDirectories, address_out = 0x0 False 1
Fn
Get Address c:\windows\system32\kernel32.dll function = EnumSystemLocalesEx, address_out = 0x7699f3cf True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CompareStringEx, address_out = 0x7696ebc6 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetDateFormatEx, address_out = 0x769af29f True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetLocaleInfoEx, address_out = 0x769453a5 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetTimeFormatEx, address_out = 0x769af21a True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetUserDefaultLocaleName, address_out = 0x7699f70b True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsValidLocaleName, address_out = 0x7699f71b True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = LCMapStringEx, address_out = 0x7699f72b True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetCurrentPackageId, address_out = 0x0 False 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsWow64Process, address_out = 0x76954785 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetNativeSystemInfo, address_out = 0x7694be77 True 2
Fn
System (10)
»
Operation Additional Information Success Count Logfile
Sleep duration = -1 (infinite) True 1
Fn
Get Time type = System Time, time = 1627-02-08 02:09:34 (UTC) True 1
Fn
Get Time type = Ticks, time = 237776 True 1
Fn
Get Info type = Operating System True 2
Fn
Get Info type = System Directory, result_out = C:\Windows\system32 True 2
Fn
Get Info type = Windows Directory, result_out = C:\Windows True 1
Fn
Get Info type = Hardware Information True 2
Fn
Environment (1)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 1
Fn
Data
Process #25: rfusclient.exe
738 0
»
Information Value
ID #25
File Name c:\program files\remote utilities - host\rfusclient.exe
Command Line "C:\Program Files\Remote Utilities - Host\rfusclient.exe" -msi_copy "C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi"
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:28, Reason: Child Process
Unmonitor End Time: 00:03:31, Reason: Self Terminated
Monitor Duration 00:00:03
OS Process Information
»
Information Value
PID 0xf90
Parent PID 0xa44 (c:\windows\system32\msiexec.exe)
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x F94
0x F98
0x F9C
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x00020fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x0012ffff Private Memory rw True False False -
pagefile_0x0000000000130000 0x00130000 0x00133fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000140000 0x00140000 0x00141fff Pagefile Backed Memory r True False False -
locale.nls 0x00150000 0x001b6fff Memory Mapped File r False False False -
private_0x00000000001c0000 0x001c0000 0x002bffff Private Memory rw True False False -
pagefile_0x00000000002c0000 0x002c0000 0x00387fff Pagefile Backed Memory r True False False -
private_0x0000000000390000 0x00390000 0x00390fff Private Memory rw True False False -
tzres.dll 0x003a0000 0x003a0fff Memory Mapped File r False False False -
private_0x00000000003a0000 0x003a0000 0x003a0fff Private Memory rwx True False False -
pagefile_0x00000000003b0000 0x003b0000 0x003b1fff Pagefile Backed Memory r True False False -
pagefile_0x00000000003c0000 0x003c0000 0x003c6fff Pagefile Backed Memory r True False False -
private_0x00000000003d0000 0x003d0000 0x003dffff Private Memory rw True False False -
pagefile_0x00000000003e0000 0x003e0000 0x003e1fff Pagefile Backed Memory rw True False False -
private_0x00000000003f0000 0x003f0000 0x003fffff Private Memory rw True False False -
rfusclient.exe 0x00400000 0x00a05fff Memory Mapped File rwx True True False
...
pagefile_0x0000000000a10000 0x00a10000 0x00b10fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000b20000 0x00b20000 0x0171ffff Pagefile Backed Memory r True False False -
private_0x0000000001720000 0x01720000 0x0185ffff Private Memory rw True False False -
pagefile_0x0000000001860000 0x01860000 0x01860fff Pagefile Backed Memory rw True False False -
private_0x0000000001870000 0x01870000 0x01870fff Private Memory rw True False False -
comctl32.dll.mui 0x01880000 0x01882fff Memory Mapped File rw False False False -
private_0x00000000018a0000 0x018a0000 0x018a1fff Private Memory rw True False False -
private_0x00000000018b0000 0x018b0000 0x018bffff Private Memory rw True False False -
pagefile_0x00000000018c0000 0x018c0000 0x01cb2fff Pagefile Backed Memory r True False False -
private_0x0000000001cc0000 0x01cc0000 0x01e7ffff Private Memory rw True False False -
pagefile_0x0000000001cc0000 0x01cc0000 0x01d9efff Pagefile Backed Memory r True False False -
rpcss.dll 0x01da0000 0x01dfbfff Memory Mapped File r False False False -
private_0x0000000001e40000 0x01e40000 0x01e7ffff Private Memory rw True False False -
private_0x0000000001e80000 0x01e80000 0x01f7ffff Private Memory rw True False False -
private_0x0000000001f80000 0x01f80000 0x0207ffff Private Memory rw True False False -
private_0x0000000002080000 0x02080000 0x0228ffff Private Memory rw True False False -
private_0x0000000002080000 0x02080000 0x0212ffff Private Memory rw True False False -
private_0x0000000002130000 0x02130000 0x021effff Private Memory rw True False False -
private_0x0000000002250000 0x02250000 0x0228ffff Private Memory rw True False False -
staticcache.dat 0x02290000 0x02bbffff Memory Mapped File r False False False -
sortdefault.nls 0x02bc0000 0x02e8efff Memory Mapped File r False False False -
private_0x0000000002e90000 0x02e90000 0x0302ffff Private Memory rw True False False -
private_0x0000000002e90000 0x02e90000 0x02f90fff Private Memory rw True False False -
private_0x0000000002ff0000 0x02ff0000 0x0302ffff Private Memory rw True False False -
security.dll 0x6de20000 0x6de22fff Memory Mapped File rwx False False False -
riched20.dll 0x6e1d0000 0x6e245fff Memory Mapped File rwx False False False -
winmm.dll 0x6e9f0000 0x6ea21fff Memory Mapped File rwx False False False -
idndl.dll 0x6f010000 0x6f01afff Memory Mapped File rwx False False False -
oledlg.dll 0x6f020000 0x6f03bfff Memory Mapped File rwx False False False -
winspool.drv 0x70200000 0x70250fff Memory Mapped File rwx False False False -
olepro32.dll 0x71de0000 0x71df8fff Memory Mapped File rwx False False False -
shfolder.dll 0x71f00000 0x71f04fff Memory Mapped File rwx False False False -
fwpuclnt.dll 0x736b0000 0x736e7fff Memory Mapped File rwx False False False -
winnsi.dll 0x737c0000 0x737c6fff Memory Mapped File rwx False False False -
iphlpapi.dll 0x737d0000 0x737ebfff Memory Mapped File rwx False False False -
wkscli.dll 0x73c40000 0x73c4efff Memory Mapped File rwx False False False -
netutils.dll 0x73c50000 0x73c58fff Memory Mapped File rwx False False False -
netapi32.dll 0x73c60000 0x73c70fff Memory Mapped File rwx False False False -
msacm32.dll 0x73c90000 0x73ca3fff Memory Mapped File rwx False False False -
wtsapi32.dll 0x73d60000 0x73d6cfff Memory Mapped File rwx False False False -
dwmapi.dll 0x73eb0000 0x73ec2fff Memory Mapped File rwx False False False -
gdiplus.dll 0x74050000 0x741dffff Memory Mapped File rwx False False False -
uxtheme.dll 0x741e0000 0x7421ffff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
version.dll 0x748d0000 0x748d8fff Memory Mapped File rwx False False False -
srvcli.dll 0x75220000 0x75238fff Memory Mapped File rwx False False False -
secur32.dll 0x75290000 0x75297fff Memory Mapped File rwx False False False -
sspicli.dll 0x752b0000 0x752cafff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
winsta.dll 0x75340000 0x75368fff Memory Mapped File rwx False False False -
profapi.dll 0x75380000 0x7538afff Memory Mapped File rwx False False False -
msasn1.dll 0x753f0000 0x753fbfff Memory Mapped File rwx False False False -
crypt32.dll 0x75420000 0x7553cfff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
nsi.dll 0x75810000 0x75815fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
wininet.dll 0x76650000 0x76744fff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
urlmon.dll 0x76e70000 0x76fa5fff Memory Mapped File rwx False False False -
iertutil.dll 0x76fb0000 0x771aafff Memory Mapped File rwx False False False -
comdlg32.dll 0x771b0000 0x7722afff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
normaliz.dll 0x77370000 0x77372fff Memory Mapped File rwx False False False -
ws2_32.dll 0x77380000 0x773b4fff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Host Behavior
File (11)
»
Operation Filename Additional Information Success Count Logfile
Create Directory C:\ProgramData\Remote Utilities - True 1
Fn
Create Directory C:\ProgramData\Remote Utilities\msi - True 1
Fn
Create Directory C:\ProgramData\Remote Utilities\msi\68001_{E945283B-758C-4A40-B851-1066D0E49EA8} - True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi type = file_attributes True 1
Fn
Get Info C:\ProgramData\Remote Utilities\msi\68001_{E945283B-758C-4A40-B851-1066D0E49EA8} type = file_attributes False 2
Fn
Get Info C:\ProgramData\Remote Utilities\msi type = file_attributes False 1
Fn
Get Info C:\ProgramData\Remote Utilities type = file_attributes False 1
Fn
Get Info C:\ProgramData type = file_attributes True 1
Fn
Get Info C:\ProgramData\Remote Utilities\msi\68001_{E945283B-758C-4A40-B851-1066D0E49EA8}\host6.8_unsigned.msi type = file_attributes False 1
Fn
Copy C:\ProgramData\Remote Utilities\msi\68001_{E945283B-758C-4A40-B851-1066D0E49EA8}\host6.8_unsigned.msi source_filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi True 1
Fn
Registry (30)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Embarcadero\Locales - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales - False 2
Fn
Open Key HKEY_CURRENT_USER\Software\CodeGear\Locales - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\CodeGear\Locales - False 2
Fn
Open Key HKEY_CURRENT_USER\Software\Borland\Locales - False 2
Fn
Open Key HKEY_CURRENT_USER\Software\Borland\Delphi\Locales - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography - True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes value_name = MS Shell Dlg 2, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes value_name = MS Shell Dlg 2, data = Tahoma, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = InstallDate, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = InstallDate, data = 1496235695, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = ProductName, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = ProductName, data = Windows 7 Professional, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = ProductId, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = ProductId, data = 00371-223-0192682-86871, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography value_name = MachineGuid, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography value_name = MachineGuid, data = cdd36b99-6027-4bbf-bf10-e7f8b416e3fb, type = REG_SZ True 1
Fn
Module (432)
»
Operation Module Additional Information Success Count Logfile
Load kernel32.dll base_address = 0x76910000 True 2
Fn
Load Msctf.dll base_address = 0x76ca0000 True 1
Fn
Load imm32.dll base_address = 0x76490000 True 1
Fn
Load wtsapi32.dll base_address = 0x73d60000 True 1
Fn
Load uxtheme.dll base_address = 0x741e0000 True 2
Fn
Load olepro32.dll base_address = 0x71de0000 True 1
Fn
Load security.dll base_address = 0x6de20000 True 1
Fn
Load RICHED20.DLL base_address = 0x6e1d0000 True 1
Fn
Load Shcore.dll base_address = 0x0 False 1
Fn
Load gdiplus.dll base_address = 0x74050000 True 1
Fn
Load user32.dll base_address = 0x76b40000 True 1
Fn
Load WS2_32.DLL base_address = 0x77380000 True 1
Fn
Load Fwpuclnt.dll base_address = 0x736b0000 True 1
Fn
Load IdnDL.dll base_address = 0x6f010000 True 1
Fn
Load Normaliz.dll base_address = 0x77370000 True 1
Fn
Load iphlpapi.dll base_address = 0x737d0000 True 1
Fn
Get Handle c:\program files\remote utilities - host\rfusclient.exe base_address = 0x400000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76910000 True 12
Fn
Get Handle c:\windows\system32\oleaut32.dll base_address = 0x76c10000 True 1
Fn
Get Handle c:\windows\system32\ole32.dll base_address = 0x76750000 True 1
Fn
Get Handle c:\windows\system32\user32.dll base_address = 0x76b40000 True 4
Fn
Get Handle c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll base_address = 0x74360000 True 1
Fn
Get Filename c:\program files\remote utilities - host\rfusclient.exe process_name = c:\program files\remote utilities - host\rfusclient.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rfusclient.exe, size = 522 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rfusclient.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rfusclient.exe, size = 261 True 3
Fn
Get Filename c:\program files\remote utilities - host\rfusclient.exe process_name = c:\program files\remote utilities - host\rfusclient.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rfusclient.exe, size = 256 True 1
Fn
Get Filename c:\windows\system32\kernel32.dll process_name = c:\program files\remote utilities - host\rfusclient.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 261 True 1
Fn
Get Filename RICHED20.DLL process_name = c:\program files\remote utilities - host\rfusclient.exe, file_name_orig = C:\Windows\system32\RICHED20.DLL, size = 261 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetThreadPreferredUILanguages, address_out = 0x769522d7 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadPreferredUILanguages, address_out = 0x7694e627 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetThreadUILanguage, address_out = 0x7694ae42 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetNativeSystemInfo, address_out = 0x7694be77 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetDiskFreeSpaceExW, address_out = 0x7694de40 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetLogicalProcessorInformation, address_out = 0x76942004 True 2
Fn
Get Address c:\windows\system32\oleaut32.dll function = VariantChangeTypeEx, address_out = 0x76c14c28 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarNeg, address_out = 0x76c8c802 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarNot, address_out = 0x76c8ec66 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarAdd, address_out = 0x76c35934 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarSub, address_out = 0x76c8d332 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarMul, address_out = 0x76c8dbd4 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarDiv, address_out = 0x76c8e405 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarIdiv, address_out = 0x76c8f00a True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarMod, address_out = 0x76c8f15e True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarAnd, address_out = 0x76c35a98 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarOr, address_out = 0x76c8ecfa True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarXor, address_out = 0x76c8ee2e True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarCmp, address_out = 0x76c2b0dc True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarI4FromStr, address_out = 0x76c26fab True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarR4FromStr, address_out = 0x76c301a0 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarR8FromStr, address_out = 0x76c2699e True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarDateFromStr, address_out = 0x76c36ba7 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarCyFromStr, address_out = 0x76c56c12 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarBoolFromStr, address_out = 0x76c2dbd1 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarBstrFromCy, address_out = 0x76c37fdc True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarBstrFromDate, address_out = 0x76c27a2a True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarBstrFromBool, address_out = 0x76c30355 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = InitializeConditionVariable, address_out = 0x77289981 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = WakeConditionVariable, address_out = 0x772d5a7b True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = WakeAllConditionVariable, address_out = 0x772545a5 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SleepConditionVariableCS, address_out = 0x769418be True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoCreateInstanceEx, address_out = 0x76799d4e True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoInitializeEx, address_out = 0x767909ad True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoAddRefServerProcess, address_out = 0x767b3cf3 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoReleaseServerProcess, address_out = 0x767b4314 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoResumeClassObjects, address_out = 0x7675ea02 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoSuspendClassObjects, address_out = 0x767bbb02 True 1
Fn
Get Address c:\windows\system32\wtsapi32.dll function = WTSRegisterSessionNotification, address_out = 0x73d61cbc True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BufferedPaintInit, address_out = 0x741e940e True 1
Fn
Get Address c:\windows\system32\user32.dll function = AnimateWindow, address_out = 0x76b70620 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = InitializeFlatSB, address_out = 0x7443f803 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = UninitializeFlatSB, address_out = 0x7436d1ea True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_GetScrollProp, address_out = 0x7443f81f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_SetScrollProp, address_out = 0x743e07d0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_EnableScrollBar, address_out = 0x7443f84b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_ShowScrollBar, address_out = 0x7443f83a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_GetScrollRange, address_out = 0x7443f829 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_GetScrollInfo, address_out = 0x743e08b6 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_GetScrollPos, address_out = 0x7443f80e True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_SetScrollPos, address_out = 0x743e0894 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_SetScrollInfo, address_out = 0x743e08c7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_SetScrollRange, address_out = 0x743e08a5 True 1
Fn
Get Address c:\windows\system32\user32.dll function = SetLayeredWindowAttributes, address_out = 0x76b4a6dc True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetFileSizeEx, address_out = 0x769559ef True 1
Fn
Get Address c:\windows\system32\olepro32.dll function = OleCreatePropertyFrame, address_out = 0x71de20ea True 1
Fn
Get Address c:\windows\system32\olepro32.dll function = OleCreateFontIndirect, address_out = 0x71de20b7 True 1
Fn
Get Address c:\windows\system32\olepro32.dll function = OleCreatePictureIndirect, address_out = 0x71de20c8 True 1
Fn
Get Address c:\windows\system32\olepro32.dll function = OleLoadPicture, address_out = 0x71de20d9 True 1
Fn
Get Address c:\windows\system32\security.dll function = InitSecurityInterfaceW, address_out = 0x752b5b53 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = InitializeCriticalSection, address_out = 0x7728a149 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsWow64Process, address_out = 0x76954785 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = QueueUserWorkItem, address_out = 0x76953c22 True 1
Fn
Get Address c:\windows\system32\user32.dll function = GetSystemMetricsForDpi, address_out = 0x0 False 1
Fn
Get Address c:\windows\system32\user32.dll function = WindowFromDC, address_out = 0x76b52116 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipAlloc, address_out = 0x74092437 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipFree, address_out = 0x740924b2 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdiplusStartup, address_out = 0x74075600 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdiplusShutdown, address_out = 0x740756be True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCloneBrush, address_out = 0x7407d7e8 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDeleteBrush, address_out = 0x7407d8c2 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetBrushType, address_out = 0x7407d95f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateSolidFill, address_out = 0x7409701b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetSolidFillColor, address_out = 0x7407dfe0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetSolidFillColor, address_out = 0x7407e083 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreatePathGradient, address_out = 0x7409682f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreatePathGradientI, address_out = 0x740968f1 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreatePathGradientFromPath, address_out = 0x74096a43 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientCenterColor, address_out = 0x7407f0ce True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientCenterColor, address_out = 0x7407f196 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientSurroundColorsWithCount, address_out = 0x7407f23a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientSurroundColorsWithCount, address_out = 0x7407f368 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientPath, address_out = 0x7407f524 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientPath, address_out = 0x7407f524 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientCenterPoint, address_out = 0x7407f567 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientCenterPointI, address_out = 0x7407f621 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientCenterPoint, address_out = 0x7407f6b5 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientCenterPointI, address_out = 0x7407f76f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientRect, address_out = 0x7407f94a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientRectI, address_out = 0x7407f9ff True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientPointCount, address_out = 0x7407f7dd True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientSurroundColorCount, address_out = 0x7407f890 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientGammaCorrection, address_out = 0x7407fab7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientGammaCorrection, address_out = 0x7407fb54 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientBlendCount, address_out = 0x7407e7f0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientBlend, address_out = 0x7407fc07 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientBlend, address_out = 0x7407e97a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientPresetBlendCount, address_out = 0x7407fcdb True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientPresetBlend, address_out = 0x7407fd95 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientPresetBlend, address_out = 0x7407ff41 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientSigmaBlend, address_out = 0x74080184 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientLinearBlend, address_out = 0x7407eeb7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientWrapMode, address_out = 0x7407f01b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientWrapMode, address_out = 0x74080236 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientTransform, address_out = 0x740802da True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientTransform, address_out = 0x7407dc34 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipResetPathGradientTransform, address_out = 0x7407dd3d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipMultiplyPathGradientTransform, address_out = 0x740803e3 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipTranslatePathGradientTransform, address_out = 0x740804fc True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipScalePathGradientTransform, address_out = 0x740805d5 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipRotatePathGradientTransform, address_out = 0x7407dde0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientFocusScales, address_out = 0x740806ae True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientFocusScales, address_out = 0x74080793 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrush, address_out = 0x7407e139 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrushI, address_out = 0x7407e22f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrushFromRect, address_out = 0x7407e2fe True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrushFromRectI, address_out = 0x7407e3ee True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrushFromRectWithAngle, address_out = 0x7407e4b6 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrushFromRectWithAngleI, address_out = 0x7407e5ad True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineRect, address_out = 0x7407f94a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineRectI, address_out = 0x7407f9ff True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineColors, address_out = 0x7407e67c True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineColors, address_out = 0x7407e731 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineGammaCorrection, address_out = 0x74075765 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineGammaCorrection, address_out = 0x740757be True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineBlendCount, address_out = 0x7407e7f0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineBlend, address_out = 0x7407e8a6 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineBlend, address_out = 0x7407e97a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLinePresetBlendCount, address_out = 0x7407fcdb True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLinePresetBlend, address_out = 0x7407ea4e True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLinePresetBlend, address_out = 0x7407ec63 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineSigmaBlend, address_out = 0x74080184 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineLinearBlend, address_out = 0x7407eeb7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineWrapMode, address_out = 0x7407ef69 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineWrapMode, address_out = 0x7407f01b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineTransform, address_out = 0x740802da True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineTransform, address_out = 0x7407dc34 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipResetLineTransform, address_out = 0x7407dd3d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipMultiplyLineTransform, address_out = 0x740803e3 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipTranslateLineTransform, address_out = 0x740804fc True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipScaleLineTransform, address_out = 0x740805d5 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipRotateLineTransform, address_out = 0x7407dde0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateHatchBrush, address_out = 0x74096266 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetHatchStyle, address_out = 0x7407da12 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetHatchForegroundColor, address_out = 0x7407dac8 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetHatchBackgroundColor, address_out = 0x7407db7e True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreatePen1, address_out = 0x7408083a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreatePen2, address_out = 0x7408096b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipClonePen, address_out = 0x74080abe True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDeletePen, address_out = 0x74080b95 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenFillType, address_out = 0x74082491 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenBrushFill, address_out = 0x740822c1 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenBrushFill, address_out = 0x740823cc True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenColor, address_out = 0x74082157 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenColor, address_out = 0x74082201 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenMode, address_out = 0x740819cc True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenMode, address_out = 0x74081a6f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenUnit, address_out = 0x74080d9b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenUnit, address_out = 0x74080e5a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenWidth, address_out = 0x74080c4d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenWidth, address_out = 0x74080ceb True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenDashStyle, address_out = 0x7408254e True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenDashStyle, address_out = 0x740825fe True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenLineCap197819, address_out = 0x74080f0a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenStartCap, address_out = 0x74080fb1 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenEndCap, address_out = 0x74081052 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenDashCap197819, address_out = 0x740810f3 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenStartCap, address_out = 0x74081194 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenEndCap, address_out = 0x74081244 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenDashCap197819, address_out = 0x740812f4 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenLineJoin, address_out = 0x740813ab True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenLineJoin, address_out = 0x74081449 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenCustomStartCap, address_out = 0x740814f9 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenCustomStartCap, address_out = 0x74081601 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenCustomEndCap, address_out = 0x740816b8 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenCustomEndCap, address_out = 0x740817c0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenMiterLimit, address_out = 0x74081877 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenMiterLimit, address_out = 0x7408191c True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenTransform, address_out = 0x74081b1f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenTransform, address_out = 0x74081c25 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipResetPenTransform, address_out = 0x74081d2b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipMultiplyPenTransform, address_out = 0x74081dcb True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipTranslatePenTransform, address_out = 0x74081ee1 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipScalePenTransform, address_out = 0x74081fb7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipRotatePenTransform, address_out = 0x7408208d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenDashOffset, address_out = 0x7408269f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenDashOffset, address_out = 0x7408274f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenDashCount, address_out = 0x740827ed True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenDashArray, address_out = 0x7408289d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenDashArray, address_out = 0x74082957 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenCompoundCount, address_out = 0x74082a11 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenCompoundArray, address_out = 0x74082ac1 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenCompoundArray, address_out = 0x74082b7b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateCustomLineCap, address_out = 0x74082c35 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDeleteCustomLineCap, address_out = 0x74082fd3 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCloneCustomLineCap, address_out = 0x74082e1f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetCustomLineCapType, address_out = 0x74082f1c True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetCustomLineCapStrokeCaps, address_out = 0x7408306d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetCustomLineCapStrokeCaps, address_out = 0x74083113 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetCustomLineCapStrokeJoin, address_out = 0x740831f5 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetCustomLineCapStrokeJoin, address_out = 0x7408328f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetCustomLineCapBaseCap, address_out = 0x7408334c True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetCustomLineCapBaseCap, address_out = 0x740833ef True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetCustomLineCapBaseInset, address_out = 0x740834ac True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetCustomLineCapBaseInset, address_out = 0x74083546 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetCustomLineCapWidthScale, address_out = 0x74083603 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetCustomLineCapWidthScale, address_out = 0x7408369d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateAdjustableArrowCap, address_out = 0x74096b01 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetAdjustableArrowCapHeight, address_out = 0x7408375a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetAdjustableArrowCapHeight, address_out = 0x74083801 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetAdjustableArrowCapWidth, address_out = 0x740838b5 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetAdjustableArrowCapWidth, address_out = 0x7408395c True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetAdjustableArrowCapMiddleInset, address_out = 0x74083a10 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetAdjustableArrowCapMiddleInset, address_out = 0x74083ab7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetAdjustableArrowCapFillState, address_out = 0x74083b6b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetAdjustableArrowCapFillState, address_out = 0x74083c0e True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipFlush, address_out = 0x740885af True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateFromHDC, address_out = 0x7408826b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateFromHDC2, address_out = 0x74088315 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateFromHWND, address_out = 0x740883c0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateFromHWNDICM, address_out = 0x7408846a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDeleteGraphics, address_out = 0x74088514 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetDC, address_out = 0x740930e7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipReleaseDC, address_out = 0x740931ae True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGraphicsClear, address_out = 0x7408c077 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateHalftonePalette, address_out = 0x74094cf8 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawLine, address_out = 0x7408a03b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawLineI, address_out = 0x7408a15f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawLines, address_out = 0x7408a1ca True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawLinesI, address_out = 0x7408a2f6 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipFillRectangle, address_out = 0x7408c11f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipFillRectangleI, address_out = 0x7408c24a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipFillRectangles, address_out = 0x7408c2b5 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipFillRectanglesI, address_out = 0x7408c3e2 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipFillRegion, address_out = 0x7408d302 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawImage, address_out = 0x7408de88 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawImageI, address_out = 0x7408e003 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawArc, address_out = 0x7408a40f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawArcI, address_out = 0x7408a549 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawBezier, address_out = 0x7408a5c2 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawBezierI, address_out = 0x7408a70a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawBeziers, address_out = 0x7408a791 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawBeziersI, address_out = 0x7408a8bb True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawRectangle, address_out = 0x7408a9f7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawRectangleI, address_out = 0x7408ab1b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawRectangles, address_out = 0x7408ab86 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawRectanglesI, address_out = 0x7408acb0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawEllipse, address_out = 0x7408adec True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawEllipseI, address_out = 0x7408af10 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawPie, address_out = 0x7408af7b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawPieI, address_out = 0x7408b0b5 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawPolygon, address_out = 0x7408b12e True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawPolygonI, address_out = 0x7408b258 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawCurve, address_out = 0x7408b4eb True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawCurveI, address_out = 0x7408b615 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawCurve2, address_out = 0x7408b72e True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawCurve2I, address_out = 0x7408b866 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawCurve3, address_out = 0x7408b986 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawCurve3I, address_out = 0x7408babd True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawClosedCurve, address_out = 0x7408bbe3 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawClosedCurveI, address_out = 0x7408bd0d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawClosedCurve2, address_out = 0x7408be26 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDrawClosedCurve2I, address_out = 0x7408bf57 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipFillPolygon, address_out = 0x7408c4fb True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipFillPolygonI, address_out = 0x7408c62b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipFillPolygon2, address_out = 0x7408c747 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipFillPolygon2I, address_out = 0x7408c874 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipFillEllipse, address_out = 0x7408c98d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipFillEllipseI, address_out = 0x7408cab8 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipFillPie, address_out = 0x7408cb23 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipFillPieI, address_out = 0x7408cc60 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipFillClosedCurve, address_out = 0x7408ce56 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipFillClosedCurveI, address_out = 0x7408cf8f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipFillClosedCurve2, address_out = 0x7408d0a8 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipFillClosedCurve2I, address_out = 0x7408d1df True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetWorldTransform, address_out = 0x7408919c True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipResetWorldTransform, address_out = 0x740892a0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipMultiplyWorldTransform, address_out = 0x7408933e True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipTranslateWorldTransform, address_out = 0x7408947c True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipScaleWorldTransform, address_out = 0x74089550 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipRotateWorldTransform, address_out = 0x74089624 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetWorldTransform, address_out = 0x740896ec True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipResetPageTransform, address_out = 0x740897e2 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPageUnit, address_out = 0x74089888 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPageScale, address_out = 0x740899f7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPageUnit, address_out = 0x74089939 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPageScale, address_out = 0x74089aa8 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetDpiX, address_out = 0x74089b4d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetDpiY, address_out = 0x74089bfe True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipTransformPoints, address_out = 0x74089caf True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipTransformPointsI, address_out = 0x74089d70 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetNearestColor, address_out = 0x74089f84 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipLoadImageFromStream, address_out = 0x74083cc2 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipLoadImageFromStreamICM, address_out = 0x74083e68 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateBitmapFromFile, address_out = 0x74085e1f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateBitmapFromStream, address_out = 0x74085cd2 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateBitmapFromStreamICM, address_out = 0x74085f6d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateBitmapFromFileICM, address_out = 0x740860bb True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipImageGetFrameCount, address_out = 0x7408451f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipImageSelectActiveFrame, address_out = 0x740845ba True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipImageRotateFlip, address_out = 0x7408466f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetImagePalette, address_out = 0x74085646 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetImagePalette, address_out = 0x74085700 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetImagePaletteSize, address_out = 0x740857ce True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPropertyCount, address_out = 0x74084707 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPropertyIdList, address_out = 0x740847a2 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPropertyItemSize, address_out = 0x74084840 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPropertyItem, address_out = 0x740848de True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPropertySize, address_out = 0x7408497f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetAllPropertyItems, address_out = 0x74084a1d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipRemovePropertyItem, address_out = 0x74084abe True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPropertyItem, address_out = 0x74084b59 True 1
Fn
Get Address c:\windows\system32\user32.dll function = SetProcessDPIAware, address_out = 0x76b5e95c True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = OpenThemeData, address_out = 0x741e73d2 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = CloseThemeData, address_out = 0x741e6a18 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeBackground, address_out = 0x741e3982 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeText, address_out = 0x741e4ea1 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeBackgroundContentRect, address_out = 0x741ecd2e True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeBackgroundExtent, address_out = 0x741ef8bf True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemePartSize, address_out = 0x741ecdb1 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeTextExtent, address_out = 0x741e2d57 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeTextMetrics, address_out = 0x741ef992 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeBackgroundRegion, address_out = 0x741f165d True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = HitTestThemeBackground, address_out = 0x741f3ce3 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeEdge, address_out = 0x74203b52 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeIcon, address_out = 0x742135e7 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsThemePartDefined, address_out = 0x741e85b4 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsThemeBackgroundPartiallyTransparent, address_out = 0x741e60ab True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeColor, address_out = 0x741e616c True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeMetric, address_out = 0x741f06e2 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeString, address_out = 0x742122e4 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeBool, address_out = 0x741e7c1f True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeInt, address_out = 0x741e616c True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeEnumValue, address_out = 0x741e616c True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemePosition, address_out = 0x74212350 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeFont, address_out = 0x741eff21 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeRect, address_out = 0x741f3611 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeMargins, address_out = 0x741e86e9 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeIntList, address_out = 0x742123b1 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemePropertyOrigin, address_out = 0x74203fbb True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = SetWindowTheme, address_out = 0x741f0134 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeFilename, address_out = 0x74212412 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysColor, address_out = 0x74203274 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysColorBrush, address_out = 0x7421301e True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysBool, address_out = 0x74213172 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysSize, address_out = 0x7421320b True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysFont, address_out = 0x742129c4 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysString, address_out = 0x74212b3f True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysInt, address_out = 0x74212bd3 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsThemeActive, address_out = 0x741ef785 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsAppThemed, address_out = 0x741ef869 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetWindowTheme, address_out = 0x741edf46 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = EnableThemeDialogTexture, address_out = 0x741efcaf True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsThemeDialogTextureEnabled, address_out = 0x7421312b True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeAppProperties, address_out = 0x741f0fb1 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = SetThemeAppProperties, address_out = 0x74213296 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetCurrentThemeName, address_out = 0x741f05dd True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeDocumentationProperty, address_out = 0x74212932 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeParentBackground, address_out = 0x741e53e5 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = EnableTheming, address_out = 0x74212feb True 1
Fn
Get Address c:\windows\system32\ws2_32.dll function = WSAStartup, address_out = 0x77383ab2 True 1
Fn
Get Address c:\windows\system32\ws2_32.dll function = GetAddrInfoW, address_out = 0x77384889 True 1
Fn
Get Address c:\windows\system32\ws2_32.dll function = GetNameInfoW, address_out = 0x773866af True 1
Fn
Get Address c:\windows\system32\ws2_32.dll function = FreeAddrInfoW, address_out = 0x77384b1b True 1
Fn
Get Address c:\windows\system32\ws2_32.dll function = InetPtonW, address_out = 0x773939dc True 1
Fn
Get Address c:\windows\system32\ws2_32.dll function = InetNtopW, address_out = 0x77393abf True 1
Fn
Get Address c:\windows\system32\ws2_32.dll function = GetAddrInfoExW, address_out = 0x7738d1ea True 1
Fn
Get Address c:\windows\system32\ws2_32.dll function = SetAddrInfoExW, address_out = 0x7738f4f6 True 1
Fn
Get Address c:\windows\system32\ws2_32.dll function = FreeAddrInfoExW, address_out = 0x7738e14d True 1
Fn
Get Address c:\windows\system32\fwpuclnt.dll function = WSASetSocketSecurity, address_out = 0x736cba9a True 1
Fn
Get Address c:\windows\system32\fwpuclnt.dll function = WSAQuerySocketSecurity, address_out = 0x736cbaed True 1
Fn
Get Address c:\windows\system32\fwpuclnt.dll function = WSASetSocketPeerTargetName, address_out = 0x736cbb1e True 1
Fn
Get Address c:\windows\system32\fwpuclnt.dll function = WSADeleteSocketPeerTargetName, address_out = 0x736cbb4e True 1
Fn
Get Address c:\windows\system32\fwpuclnt.dll function = WSAImpersonateSocketPeer, address_out = 0x736cbb7e True 1
Fn
Get Address c:\windows\system32\fwpuclnt.dll function = WSARevertImpersonation, address_out = 0x736cbcfd True 1
Fn
Get Address c:\windows\system32\idndl.dll function = DownlevelGetLocaleScripts, address_out = 0x6f012a5b True 1
Fn
Get Address c:\windows\system32\idndl.dll function = DownlevelGetStringScripts, address_out = 0x6f012b2f True 1
Fn
Get Address c:\windows\system32\idndl.dll function = DownlevelVerifyScripts, address_out = 0x6f012dad True 1
Fn
Get Address c:\windows\system32\normaliz.dll function = IdnToUnicode, address_out = 0x769af707 True 1
Fn
Get Address c:\windows\system32\normaliz.dll function = IdnToNameprepUnicode, address_out = 0x769af6b4 True 1
Fn
Get Address c:\windows\system32\normaliz.dll function = IdnToAscii, address_out = 0x76948bb8 True 1
Fn
Get Address c:\windows\system32\normaliz.dll function = IsNormalizedString, address_out = 0x769af662 True 1
Fn
Get Address c:\windows\system32\normaliz.dll function = NormalizeString, address_out = 0x769af5ea True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = DeleteCriticalSection, address_out = 0x77289ac5 True 1
Fn
Get Address c:\windows\system32\ws2_32.dll function = WSACleanup, address_out = 0x77383c5f True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BufferedPaintUnInit, address_out = 0x741e94ab True 1
Fn
Window (28)
»
Operation Window Name Additional Information Success Count Logfile
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Create rfusclient class_name = TApplication, wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindowEx, wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindowEx, wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Create Remote Manipulator System Helper class_name = TfmMain, wndproc_parameter = 0 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3805167 True 1
Fn
Set Attribute rfusclient class_name = TApplication, index = 18446744073709551612, new_long = 3805154 True 1
Fn
Set Attribute rfusclient class_name = TApplication, index = 18446744073709551596, new_long = 384 True 1
Fn
Set Attribute - class_name = TPUtilWindowEx, index = 0, new_long = 6682512 False 1
Fn
Set Attribute - class_name = TPUtilWindowEx, index = 4, new_long = 24461184 False 1
Fn
Set Attribute - class_name = TPUtilWindowEx, index = 18446744073709551612, new_long = 6671332 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3805115 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3805102 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3805089 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3805076 True 1
Fn
Set Attribute - class_name = TPUtilWindowEx, index = 0, new_long = 7698532 False 1
Fn
Set Attribute - class_name = TPUtilWindowEx, index = 4, new_long = 25470800 False 1
Fn
Set Attribute - class_name = TPUtilWindowEx, index = 18446744073709551612, new_long = 6671332 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3805063 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3805050 True 1
Fn
Set Attribute Remote Manipulator System Helper class_name = TfmMain, index = 18446744073709551612, new_long = 3805128 True 1
Fn
Set Attribute Remote Manipulator System Helper class_name = TfmMain, index = 18446744073709551596, new_long = 327936 True 1
Fn
Keyboard (1)
»
Operation Additional Information Success Count Logfile
Get Info type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 True 1
Fn
System (80)
»
Operation Additional Information Success Count Logfile
Open Desktop desktop_name = Default True 1
Fn
Get Computer Name result_out = cRh2YWu7, type = ComputerNameDnsFullyQualified True 3
Fn
Get Computer Name result_out = CRH2YWU7 True 1
Fn
Get Time type = Local Time, time = 2018-08-28 08:29:47 (Local Time) True 64
Fn
Get Info type = Operating System True 3
Fn
Get Info type = Hardware Information True 3
Fn
Get Info type = Operating System True 5
Fn
Process #26: rutserv.exe
1738 0
»
Information Value
ID #26
File Name c:\program files\remote utilities - host\rutserv.exe
Command Line "C:\Program Files\Remote Utilities - Host\rutserv.exe" /silentinstall
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:31, Reason: Child Process
Unmonitor End Time: 00:03:40, Reason: Self Terminated
Monitor Duration 00:00:09
OS Process Information
»
Information Value
PID 0xfa8
Parent PID 0xa44 (c:\windows\system32\msiexec.exe)
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x FAC
0x FB0
0x FB4
0x FB8
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x00020fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x0012ffff Private Memory rw True False False -
pagefile_0x0000000000130000 0x00130000 0x00133fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000140000 0x00140000 0x00141fff Pagefile Backed Memory r True False False -
private_0x0000000000150000 0x00150000 0x0024ffff Private Memory rw True False False -
locale.nls 0x00250000 0x002b6fff Memory Mapped File r False False False -
private_0x00000000002c0000 0x002c0000 0x002c0fff Private Memory rw True False False -
private_0x00000000002d0000 0x002d0000 0x002dffff Private Memory rw True False False -
pagefile_0x00000000002e0000 0x002e0000 0x003a7fff Pagefile Backed Memory r True False False -
pagefile_0x00000000003b0000 0x003b0000 0x003b0fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000003c0000 0x003c0000 0x003c1fff Pagefile Backed Memory r True False False -
private_0x00000000003d0000 0x003d0000 0x003d0fff Private Memory rw True False False -
pagefile_0x00000000003e0000 0x003e0000 0x003e0fff Pagefile Backed Memory rw True False False -
private_0x00000000003f0000 0x003f0000 0x003f0fff Private Memory rwx True False False -
rutserv.exe 0x00400000 0x00e22fff Memory Mapped File rwx True True False
...
pagefile_0x0000000000e30000 0x00e30000 0x00f30fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000f40000 0x00f40000 0x01b3ffff Pagefile Backed Memory r True False False -
private_0x0000000001b40000 0x01b40000 0x01c7ffff Private Memory rw True False False -
pagefile_0x0000000001c80000 0x01c80000 0x01c86fff Pagefile Backed Memory r True False False -
private_0x0000000001c90000 0x01c90000 0x01c9ffff Private Memory rw True False False -
rutserv.exe 0x01ca0000 0x0261efff Memory Mapped File r True False False -
private_0x0000000001ca0000 0x01ca0000 0x01e4ffff Private Memory rw True False False -
pagefile_0x0000000001ca0000 0x01ca0000 0x01d7efff Pagefile Backed Memory r True False False -
private_0x0000000001d80000 0x01d80000 0x01dfffff Private Memory - True False False -
pagefile_0x0000000001e00000 0x01e00000 0x01e01fff Pagefile Backed Memory rw True False False -
private_0x0000000001e10000 0x01e10000 0x01e4ffff Private Memory rw True False False -
private_0x0000000001e50000 0x01e50000 0x01f4ffff Private Memory rw True False False -
sortdefault.nls 0x01f50000 0x0221efff Memory Mapped File r False False False -
private_0x0000000002220000 0x02220000 0x0261ffff Private Memory - True False False -
private_0x0000000002620000 0x02620000 0x02a1ffff Private Memory - True False False -
private_0x0000000002a20000 0x02a20000 0x02a9ffff Private Memory - True False False -
private_0x0000000002aa0000 0x02aa0000 0x02e9ffff Private Memory - True False False -
private_0x0000000002ea0000 0x02ea0000 0x02f1ffff Private Memory - True False False -
private_0x0000000002f20000 0x02f20000 0x0331ffff Private Memory - True False False -
private_0x0000000003320000 0x03320000 0x0339ffff Private Memory - True False False -
pagefile_0x00000000033a0000 0x033a0000 0x03792fff Pagefile Backed Memory r True False False -
rpcss.dll 0x037a0000 0x037fbfff Memory Mapped File r False False False -
private_0x00000000037a0000 0x037a0000 0x0389ffff Private Memory rw True False False -
private_0x00000000038a0000 0x038a0000 0x0399ffff Private Memory rw True False False -
private_0x00000000039a0000 0x039a0000 0x03a0ffff Private Memory rw True False False -
private_0x00000000039a0000 0x039a0000 0x039affff Private Memory rw True False False -
pagefile_0x00000000039b0000 0x039b0000 0x039b0fff Pagefile Backed Memory rw True False False -
comctl32.dll.mui 0x039c0000 0x039c2fff Memory Mapped File rw False False False -
private_0x00000000039d0000 0x039d0000 0x03a0ffff Private Memory rw True False False -
staticcache.dat 0x03a10000 0x0433ffff Memory Mapped File r False False False -
private_0x0000000004340000 0x04340000 0x0453ffff Private Memory rw True False False -
private_0x0000000004340000 0x04340000 0x04340fff Private Memory rw True False False -
private_0x0000000004350000 0x04350000 0x04350fff Private Memory rw True False False -
private_0x0000000004360000 0x04360000 0x04360fff Private Memory rw True False False -
private_0x0000000004370000 0x04370000 0x04370fff Private Memory rw True False False -
private_0x0000000004380000 0x04380000 0x044bffff Private Memory rw True False False -
private_0x00000000044c0000 0x044c0000 0x044cffff Private Memory rw True False False -
pagefile_0x00000000044c0000 0x044c0000 0x044d9fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000044d0000 0x044d0000 0x044e9fff Pagefile Backed Memory rw True False False -
private_0x0000000004530000 0x04530000 0x0453ffff Private Memory rw True False False -
pagefile_0x0000000004540000 0x04540000 0x0494ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000004950000 0x04950000 0x04d5ffff Pagefile Backed Memory rw True False False -
security.dll 0x6de20000 0x6de22fff Memory Mapped File rwx False False False -
winmm.dll 0x6e9f0000 0x6ea21fff Memory Mapped File rwx False False False -
webio.dll 0x6fcf0000 0x6fd3efff Memory Mapped File rwx False False False -
winhttp.dll 0x6fd40000 0x6fd97fff Memory Mapped File rwx False False False -
winspool.drv 0x70200000 0x70250fff Memory Mapped File rwx False False False -
olepro32.dll 0x71de0000 0x71df8fff Memory Mapped File rwx False False False -
faultrep.dll 0x71e00000 0x71e51fff Memory Mapped File rwx False False False -
wsock32.dll 0x71e60000 0x71e66fff Memory Mapped File rwx False False False -
shfolder.dll 0x71f00000 0x71f04fff Memory Mapped File rwx False False False -
msimg32.dll 0x71f50000 0x71f54fff Memory Mapped File rwx False False False -
ntmarta.dll 0x73c00000 0x73c20fff Memory Mapped File rwx False False False -
wkscli.dll 0x73c40000 0x73c4efff Memory Mapped File rwx False False False -
netutils.dll 0x73c50000 0x73c58fff Memory Mapped File rwx False False False -
netapi32.dll 0x73c60000 0x73c70fff Memory Mapped File rwx False False False -
wtsapi32.dll 0x73d60000 0x73d6cfff Memory Mapped File rwx False False False -
dwmapi.dll 0x73eb0000 0x73ec2fff Memory Mapped File rwx False False False -
gdiplus.dll 0x74050000 0x741dffff Memory Mapped File rwx False False False -
uxtheme.dll 0x741e0000 0x7421ffff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
version.dll 0x748d0000 0x748d8fff Memory Mapped File rwx False False False -
srvcli.dll 0x75220000 0x75238fff Memory Mapped File rwx False False False -
secur32.dll 0x75290000 0x75297fff Memory Mapped File rwx False False False -
sspicli.dll 0x752b0000 0x752cafff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
winsta.dll 0x75340000 0x75368fff Memory Mapped File rwx False False False -
msasn1.dll 0x753f0000 0x753fbfff Memory Mapped File rwx False False False -
crypt32.dll 0x75420000 0x7553cfff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
wintrust.dll 0x75650000 0x7567cfff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
wldap32.dll 0x75730000 0x75774fff Memory Mapped File rwx False False False -
nsi.dll 0x75810000 0x75815fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
wininet.dll 0x76650000 0x76744fff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
urlmon.dll 0x76e70000 0x76fa5fff Memory Mapped File rwx False False False -
iertutil.dll 0x76fb0000 0x771aafff Memory Mapped File rwx False False False -
comdlg32.dll 0x771b0000 0x7722afff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
ws2_32.dll 0x77380000 0x773b4fff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffd8000 0x7ffd8000 0x7ffd8fff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Hook Information
»
Type Installer Target Size Information Actions
Code rutserv.exe:+0xb0db6 kernel32.dll:CreateThread+0x1c 4 bytes -
...
Code rutserv.exe:+0xb10f8 kernel32.dll:CreateThread+0x1c 4 bytes -
...
IAT rutserv.exe:+0x7549e 1140. entry of shell32.dll 4 bytes kernel32.dll:QueueUserWorkItem+0x0 now points to rutserv.exe:__dbk_fcall_wrapper+0x9ed44
...
IAT rutserv.exe:+0x7549e 1140. entry of shell32.dll 4 bytes rutserv.exe:__dbk_fcall_wrapper+0x9ed44 now points to kernel32.dll:QueueUserWorkItem+0x0
...
IAT rutserv.exe:+0x7549e 53. entry of shlwapi.dll 4 bytes kernel32.dll:QueueUserWorkItem+0x0 now points to rutserv.exe:__dbk_fcall_wrapper+0x9ed44
...
IAT rutserv.exe:+0x7549e 53. entry of shlwapi.dll 4 bytes rutserv.exe:__dbk_fcall_wrapper+0x9ed44 now points to kernel32.dll:QueueUserWorkItem+0x0
...
Host Behavior
File (67)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Program Files\Remote Utilities - Host\rutserv.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create Directory C:\Users\EEBsYm5\AppData\Local\Temp\ - False 1
Fn
Create Directory C:\Users\EEBsYm5\AppData\Local\Temp\rutserv.madExcept - True 1
Fn
Create Pipe Anonymous read pipe size = 0 True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\rutserv.madExcept\ type = file_attributes True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\rutserv.exe type = size True 1
Fn
Open Mapping madExceptRestart$fa8 desired_access = FILE_MAP_READ False 1
Fn
Open Mapping madExceptSettingsBuf2$fa8 desired_access = FILE_MAP_WRITE, FILE_MAP_READ False 1
Fn
Read - size = 144, size_out = 0 False 55
Fn
Read - size = 144, size_out = 144 True 1
Fn
Data
Delete Directory C:\Users\EEBsYm5\AppData\Local\Temp\rutserv.madExcept\ - True 1
Fn
Delete C:\Users\EEBsYm5\AppData\Local\Temp\rutserv.madExcept\. - False 1
Fn
Delete C:\Users\EEBsYm5\AppData\Local\Temp\rutserv.madExcept\.. - False 1
Fn
Registry (414)
»
Operation Key Additional Information Success Count Logfile
Create Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RManService - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Embarcadero\Locales - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales - False 2
Fn
Open Key HKEY_CURRENT_USER\Software\CodeGear\Locales - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\CodeGear\Locales - False 2
Fn
Open Key HKEY_CURRENT_USER\Software\Borland\Locales - False 2
Fn
Open Key HKEY_CURRENT_USER\Software\Borland\Delphi\Locales - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes value_name = MS Shell Dlg 2, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes value_name = MS Shell Dlg 2, data = Tahoma, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = InstallDate, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = InstallDate, data = 1496235695, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = ProductName, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = ProductName, data = Windows 7 Professional, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = ProductId, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = ProductId, data = 00371-223-0192682-86871, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography value_name = MachineGuid, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography value_name = MachineGuid, data = cdd36b99-6027-4bbf-bf10-e7f8b416e3fb, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Display, data = (UTC+04:30) Kabul, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Std, data = Afghanistan Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Dlt, data = Afghanistan Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Display, data = (UTC-09:00) Alaska, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Std, data = Alaskan Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Dlt, data = Alaskan Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST value_name = LastEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST value_name = 2006, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST value_name = 2007, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Display, data = (UTC+03:00) Kuwait, Riyadh, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Std, data = Arab Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Dlt, data = Arab Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Display, data = (UTC+04:00) Abu Dhabi, Muscat, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Std, data = Arabian Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Dlt, data = Arabian Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Display, data = (UTC+03:00) Baghdad, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Std, data = Arabic Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Dlt, data = Arabic Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = LastEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = 2006, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = 2007, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = 2008, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Display, data = (UTC-03:00) Buenos Aires, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Std, data = Argentina Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Dlt, data = Argentina Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = LastEntry, data = 2010, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = 2006, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = 2007, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = 2008, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = 2009, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = 2010, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Display, data = (UTC-04:00) Atlantic Time (Canada), type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Std, data = Atlantic Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Dlt, data = Atlantic Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST value_name = LastEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST value_name = 2006, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST value_name = 2007, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Display, data = (UTC+09:30) Darwin, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Std, data = AUS Central Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Dlt, data = AUS Central Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Display, data = (UTC+10:00) Canberra, Melbourne, Sydney, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Std, data = AUS Eastern Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Dlt, data = AUS Eastern Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST value_name = FirstEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST value_name = LastEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST value_name = 2007, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST value_name = 2008, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Display, data = (UTC+04:00) Baku, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Std, data = Azerbaijan Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Dlt, data = Azerbaijan Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Display, data = (UTC-01:00) Azores, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Std, data = Azores Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Dlt, data = Azores Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Display, data = (UTC+06:00) Dhaka, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Std, data = Bangladesh Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Dlt, data = Bangladesh Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = FirstEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = LastEntry, data = 2010, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = 2008, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = 2009, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = 2010, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Display, data = (UTC-06:00) Saskatchewan, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Std, data = Canada Central Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Dlt, data = Canada Central Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time value_name = Display, data = (UTC-01:00) Cape Verde Is., type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time value_name = Std, data = Cape Verde Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time value_name = Dlt, data = Cape Verde Daylight Time, type = REG_SZ True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 2
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time - True 1
Fn
Thread (1)
»
Operation Process Additional Information Success Count Logfile
Open - os_tid = 0xfb0 True 1
Fn
Module (809)
»
Operation Module Additional Information Success Count Logfile
Load kernel32.dll base_address = 0x76910000 True 59
Fn
Load FaultRep.dll base_address = 0x71e00000 True 1
Fn
Load Msctf.dll base_address = 0x76ca0000 True 1
Fn
Load imm32.dll base_address = 0x76490000 True 1
Fn
Load wtsapi32.dll base_address = 0x73d60000 True 1
Fn
Load uxtheme.dll base_address = 0x741e0000 True 2
Fn
Load olepro32.dll base_address = 0x71de0000 True 1
Fn
Load security.dll base_address = 0x6de20000 True 1
Fn
Load UxTheme.dll base_address = 0x741e0000 True 1
Fn
Load Shcore.dll base_address = 0x0 False 1
Fn
Load user32.dll base_address = 0x76b40000 True 1
Fn
Load gdiplus.dll base_address = 0x74050000 True 2
Fn
Load dwmapi.dll base_address = 0x73eb0000 True 1
Fn
Get Handle c:\program files\remote utilities - host\rutserv.exe base_address = 0x400000 True 6
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76910000 True 20
Fn
Get Handle c:\windows\system32\oleaut32.dll base_address = 0x76c10000 True 1
Fn
Get Handle c:\windows\system32\ntdll.dll base_address = 0x77230000 True 3
Fn
Get Handle c:\windows\system32\advapi32.dll base_address = 0x769f0000 True 7
Fn
Get Handle vcl320.bpl base_address = 0x0 False 1
Fn
Get Handle vclx320.bpl base_address = 0x0 False 1
Fn
Get Handle fmx320.bpl base_address = 0x0 False 1
Fn
Get Handle c:\windows\system32\user32.dll base_address = 0x76b40000 True 9
Fn
Get Handle c:\windows\system32\msvcrt.dll base_address = 0x76a90000 True 2
Fn
Get Handle c:\windows\system32\kernelbase.dll base_address = 0x75540000 True 1
Fn
Get Handle c:\windows\system32\ole32.dll base_address = 0x76750000 True 1
Fn
Get Handle c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll base_address = 0x74360000 True 1
Fn
Get Filename c:\program files\remote utilities - host\rutserv.exe process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 522 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 261 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 True 1
Fn
Get Filename c:\program files\remote utilities - host\rutserv.exe process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 True 6
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 12
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 35
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winmm.dll, size = 260 True 4
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\webio.dll, size = 260 True 4
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winhttp.dll, size = 260 True 4
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winspool.drv, size = 260 True 4
Fn
Get Filename c:\windows\system32\faultrep.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\FaultRep.dll, size = 260 True 4
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wsock32.dll, size = 260 True 4
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHFolder.dll, size = 260 True 4
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ntmarta.dll, size = 260 True 4
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wkscli.dll, size = 260 True 4
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\netutils.dll, size = 260 True 4
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\netapi32.dll, size = 260 True 4
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll, size = 260 True 3
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\version.dll, size = 260 True 4
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\srvcli.dll, size = 260 True 4
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\MSASN1.dll, size = 260 True 4
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\CRYPT32.dll, size = 260 True 4
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\KERNELBASE.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wintrust.dll, size = 260 True 4
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\RPCRT4.dll, size = 260 True 4
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\WLDAP32.dll, size = 260 True 3
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\NSI.dll, size = 260 True 3
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHELL32.dll, size = 260 True 3
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\LPK.dll, size = 260 True 3
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 260 True 3
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wininet.dll, size = 260 True 3
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ole32.dll, size = 260 True 3
Fn
Get Filename c:\windows\system32\kernel32.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 260 True 5
Fn
Get Filename c:\windows\system32\advapi32.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ADVAPI32.dll, size = 260 True 3
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\msvcrt.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\USER32.dll, size = 260 True 2
Fn
Get Filename c:\windows\system32\oleaut32.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\OLEAUT32.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\MSCTF.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\USP10.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHLWAPI.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\urlmon.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 13
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 260 True 2
Fn
Get Filename c:\windows\system32\kernelbase.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\KERNELBASE.dll, size = 260 True 3
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, size = 260 False 26
Fn
Get Filename c:\windows\system32\msvcrt.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\msvcrt.dll, size = 260 True 1
Fn
Get Filename c:\program files\remote utilities - host\rutserv.exe process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 256 True 1
Fn
Get Filename fmx320.bpl process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 261 True 2
Fn
Get Filename c:\windows\system32\kernel32.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 261 True 1
Fn
Get Filename Shcore.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 261 True 31
Fn
Get Filename c:\windows\system32\wtsapi32.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wtsapi32.dll, size = 260 True 1
Fn
Get Filename c:\windows\system32\dwmapi.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\dwmapi.dll, size = 260 True 1
Fn
Get Filename c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 260 True 1
Fn
Get Filename c:\windows\system32\uxtheme.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 260 True 1
Fn
Get Filename c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\CRYPTBASE.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\WINSTA.dll, size = 260 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetThreadPreferredUILanguages, address_out = 0x769522d7 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadPreferredUILanguages, address_out = 0x7694e627 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetThreadUILanguage, address_out = 0x7694ae42 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetNativeSystemInfo, address_out = 0x7694be77 True 2
Fn
Get Address c:\windows\system32\kernel32.dll function = GetDiskFreeSpaceExW, address_out = 0x7694de40 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetLogicalProcessorInformation, address_out = 0x76942004 True 2
Fn
Get Address c:\windows\system32\oleaut32.dll function = VariantChangeTypeEx, address_out = 0x76c14c28 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarNeg, address_out = 0x76c8c802 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarNot, address_out = 0x76c8ec66 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarAdd, address_out = 0x76c35934 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarSub, address_out = 0x76c8d332 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarMul, address_out = 0x76c8dbd4 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarDiv, address_out = 0x76c8e405 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarIdiv, address_out = 0x76c8f00a True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarMod, address_out = 0x76c8f15e True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarAnd, address_out = 0x76c35a98 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarOr, address_out = 0x76c8ecfa True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarXor, address_out = 0x76c8ee2e True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarCmp, address_out = 0x76c2b0dc True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarI4FromStr, address_out = 0x76c26fab True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarR4FromStr, address_out = 0x76c301a0 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarR8FromStr, address_out = 0x76c2699e True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarDateFromStr, address_out = 0x76c36ba7 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarCyFromStr, address_out = 0x76c56c12 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarBoolFromStr, address_out = 0x76c2dbd1 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarBstrFromCy, address_out = 0x76c37fdc True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarBstrFromDate, address_out = 0x76c27a2a True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarBstrFromBool, address_out = 0x76c30355 True 1
Fn
Get Address c:\program files\remote utilities - host\rutserv.exe function = GetLeakReport, address_out = 0x0 False 1
Fn
Get Address c:\program files\remote utilities - host\rutserv.exe function = @Madexcept@initialization$qqrv, address_out = 0x0 False 1
Fn
Get Address c:\windows\system32\faultrep.dll function = ReportFault, address_out = 0x71e05457 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = OpenThread, address_out = 0x76966733 True 1
Fn
Get Address c:\windows\system32\ntdll.dll function = NtOpenThread, address_out = 0x77275e08 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SetEntriesInAclA, address_out = 0x76a415e9 True 3
Fn
Get Address c:\windows\system32\ntdll.dll function = NtQuerySystemInformation, address_out = 0x772761f8 True 1
Fn
Get Address c:\windows\system32\ntdll.dll function = RtlGetVersion, address_out = 0x772965e3 True 1
Fn
Get Address Unknown module name address_out = 0x0 False 1
Fn
Get Address c:\windows\system32\user32.dll function = SetThreadDpiAwarenessContext, address_out = 0x0 False 1
Fn
Get Address c:\windows\system32\user32.dll function = ChangeWindowMessageFilterEx, address_out = 0x76b524c8 True 1
Fn
Get Address c:\windows\system32\msvcrt.dll function = _CxxThrowException, address_out = 0x76ab3557 True 2
Fn
Get Address c:\windows\system32\kernelbase.dll function = CreateRemoteThreadEx, address_out = 0x7554be34 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CreateThread, address_out = 0x7696375d True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = InitializeConditionVariable, address_out = 0x77289981 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = WakeConditionVariable, address_out = 0x772d5a7b True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = WakeAllConditionVariable, address_out = 0x772545a5 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SleepConditionVariableCS, address_out = 0x769418be True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoCreateInstanceEx, address_out = 0x76799d4e True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoInitializeEx, address_out = 0x767909ad True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoAddRefServerProcess, address_out = 0x767b3cf3 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoReleaseServerProcess, address_out = 0x767b4314 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoResumeClassObjects, address_out = 0x7675ea02 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoSuspendClassObjects, address_out = 0x767bbb02 True 1
Fn
Get Address c:\windows\system32\wtsapi32.dll function = WTSRegisterSessionNotification, address_out = 0x73d61cbc True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BufferedPaintInit, address_out = 0x741e940e True 2
Fn
Get Address c:\windows\system32\user32.dll function = AnimateWindow, address_out = 0x76b70620 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = InitializeFlatSB, address_out = 0x7443f803 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = UninitializeFlatSB, address_out = 0x7436d1ea True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_GetScrollProp, address_out = 0x7443f81f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_SetScrollProp, address_out = 0x743e07d0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_EnableScrollBar, address_out = 0x7443f84b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_ShowScrollBar, address_out = 0x7443f83a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_GetScrollRange, address_out = 0x7443f829 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_GetScrollInfo, address_out = 0x743e08b6 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_GetScrollPos, address_out = 0x7443f80e True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_SetScrollPos, address_out = 0x743e0894 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_SetScrollInfo, address_out = 0x743e08c7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_SetScrollRange, address_out = 0x743e08a5 True 1
Fn
Get Address c:\windows\system32\user32.dll function = SetLayeredWindowAttributes, address_out = 0x76b4a6dc True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetFileSizeEx, address_out = 0x769559ef True 1
Fn
Get Address c:\windows\system32\olepro32.dll function = OleCreatePropertyFrame, address_out = 0x71de20ea True 1
Fn
Get Address c:\windows\system32\olepro32.dll function = OleCreateFontIndirect, address_out = 0x71de20b7 True 1
Fn
Get Address c:\windows\system32\olepro32.dll function = OleCreatePictureIndirect, address_out = 0x71de20c8 True 1
Fn
Get Address c:\windows\system32\olepro32.dll function = OleLoadPicture, address_out = 0x71de20d9 True 1
Fn
Get Address c:\windows\system32\security.dll function = InitSecurityInterfaceW, address_out = 0x752b5b53 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = InitializeCriticalSection, address_out = 0x7728a149 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = OpenThemeData, address_out = 0x741e73d2 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = CloseThemeData, address_out = 0x741e6a18 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeBackground, address_out = 0x741e3982 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeText, address_out = 0x741e4ea1 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeBackgroundContentRect, address_out = 0x741ecd2e True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeBackgroundExtent, address_out = 0x741ef8bf True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemePartSize, address_out = 0x741ecdb1 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeTextExtent, address_out = 0x741e2d57 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeTextMetrics, address_out = 0x741ef992 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeBackgroundRegion, address_out = 0x741f165d True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = HitTestThemeBackground, address_out = 0x741f3ce3 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeEdge, address_out = 0x74203b52 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeIcon, address_out = 0x742135e7 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsThemePartDefined, address_out = 0x741e85b4 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsThemeBackgroundPartiallyTransparent, address_out = 0x741e60ab True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeColor, address_out = 0x741e616c True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeMetric, address_out = 0x741f06e2 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeString, address_out = 0x742122e4 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeBool, address_out = 0x741e7c1f True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeInt, address_out = 0x741e616c True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeEnumValue, address_out = 0x741e616c True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemePosition, address_out = 0x74212350 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeFont, address_out = 0x741eff21 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeRect, address_out = 0x741f3611 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeMargins, address_out = 0x741e86e9 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeIntList, address_out = 0x742123b1 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemePropertyOrigin, address_out = 0x74203fbb True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = SetWindowTheme, address_out = 0x741f0134 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeFilename, address_out = 0x74212412 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysColor, address_out = 0x74203274 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysColorBrush, address_out = 0x7421301e True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysBool, address_out = 0x74213172 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysSize, address_out = 0x7421320b True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysFont, address_out = 0x742129c4 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysString, address_out = 0x74212b3f True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysInt, address_out = 0x74212bd3 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsThemeActive, address_out = 0x741ef785 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsAppThemed, address_out = 0x741ef869 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetWindowTheme, address_out = 0x741edf46 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = EnableThemeDialogTexture, address_out = 0x741efcaf True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsThemeDialogTextureEnabled, address_out = 0x7421312b True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeAppProperties, address_out = 0x741f0fb1 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = SetThemeAppProperties, address_out = 0x74213296 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetCurrentThemeName, address_out = 0x741f05dd True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeDocumentationProperty, address_out = 0x74212932 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeParentBackground, address_out = 0x741e53e5 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = EnableTheming, address_out = 0x74212feb True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsWow64Process, address_out = 0x76954785 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = QueueUserWorkItem, address_out = 0x76953c22 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeTextEx, address_out = 0x741e63e6 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BeginBufferedPaint, address_out = 0x741e49a1 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BufferedPaintClear, address_out = 0x741e6395 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BufferedPaintSetAlpha, address_out = 0x741fe6b3 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BufferedPaintUnInit, address_out = 0x741e94ab True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = EndBufferedPaint, address_out = 0x741e3f9a True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BeginPanningFeedback, address_out = 0x74210731 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = UpdatePanningFeedback, address_out = 0x7421068d True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = EndPanningFeedback, address_out = 0x742106cc True 1
Fn
Get Address c:\windows\system32\user32.dll function = GetSystemMetricsForDpi, address_out = 0x0 False 1
Fn
Get Address c:\windows\system32\user32.dll function = GetGestureInfo, address_out = 0x76b8b30d True 1
Fn
Get Address c:\windows\system32\user32.dll function = CloseGestureInfoHandle, address_out = 0x76b8b38a True 1
Fn
Get Address c:\windows\system32\user32.dll function = SetGestureConfig, address_out = 0x76b44715 True 1
Fn
Get Address c:\windows\system32\user32.dll function = LogicalToPhysicalPoint, address_out = 0x76b76e4f True 1
Fn
Get Address c:\windows\system32\user32.dll function = PhysicalToLogicalPoint, address_out = 0x76b76e63 True 1
Fn
Get Address c:\windows\system32\user32.dll function = IsProcessDPIAware, address_out = 0x76b5212e True 1
Fn
Get Address c:\windows\system32\user32.dll function = WindowFromDC, address_out = 0x76b52116 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipAlloc, address_out = 0x74092437 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipFree, address_out = 0x740924b2 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdiplusStartup, address_out = 0x74075600 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdiplusShutdown, address_out = 0x740756be True 2
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCloneBrush, address_out = 0x7407d7e8 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDeleteBrush, address_out = 0x7407d8c2 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetBrushType, address_out = 0x7407d95f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateSolidFill, address_out = 0x7409701b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetSolidFillColor, address_out = 0x7407dfe0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetSolidFillColor, address_out = 0x7407e083 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreatePathGradient, address_out = 0x7409682f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreatePathGradientI, address_out = 0x740968f1 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreatePathGradientFromPath, address_out = 0x74096a43 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientCenterColor, address_out = 0x7407f0ce True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientCenterColor, address_out = 0x7407f196 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientSurroundColorsWithCount, address_out = 0x7407f23a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientSurroundColorsWithCount, address_out = 0x7407f368 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientPath, address_out = 0x7407f524 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientPath, address_out = 0x7407f524 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientCenterPoint, address_out = 0x7407f567 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientCenterPointI, address_out = 0x7407f621 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientCenterPoint, address_out = 0x7407f6b5 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientCenterPointI, address_out = 0x7407f76f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientRect, address_out = 0x7407f94a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientRectI, address_out = 0x7407f9ff True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientPointCount, address_out = 0x7407f7dd True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientSurroundColorCount, address_out = 0x7407f890 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientGammaCorrection, address_out = 0x7407fab7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientGammaCorrection, address_out = 0x7407fb54 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientBlendCount, address_out = 0x7407e7f0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientBlend, address_out = 0x7407fc07 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientBlend, address_out = 0x7407e97a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientPresetBlendCount, address_out = 0x7407fcdb True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientPresetBlend, address_out = 0x7407fd95 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientPresetBlend, address_out = 0x7407ff41 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientSigmaBlend, address_out = 0x74080184 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientLinearBlend, address_out = 0x7407eeb7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientWrapMode, address_out = 0x7407f01b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientWrapMode, address_out = 0x74080236 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientTransform, address_out = 0x740802da True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientTransform, address_out = 0x7407dc34 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipResetPathGradientTransform, address_out = 0x7407dd3d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipMultiplyPathGradientTransform, address_out = 0x740803e3 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipTranslatePathGradientTransform, address_out = 0x740804fc True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipScalePathGradientTransform, address_out = 0x740805d5 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipRotatePathGradientTransform, address_out = 0x7407dde0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientFocusScales, address_out = 0x740806ae True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientFocusScales, address_out = 0x74080793 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrush, address_out = 0x7407e139 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrushI, address_out = 0x7407e22f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrushFromRect, address_out = 0x7407e2fe True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrushFromRectI, address_out = 0x7407e3ee True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrushFromRectWithAngle, address_out = 0x7407e4b6 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrushFromRectWithAngleI, address_out = 0x7407e5ad True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineRect, address_out = 0x7407f94a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineRectI, address_out = 0x7407f9ff True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineColors, address_out = 0x7407e67c True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineColors, address_out = 0x7407e731 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineGammaCorrection, address_out = 0x74075765 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineGammaCorrection, address_out = 0x740757be True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineBlendCount, address_out = 0x7407e7f0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineBlend, address_out = 0x7407e8a6 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineBlend, address_out = 0x7407e97a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLinePresetBlendCount, address_out = 0x7407fcdb True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLinePresetBlend, address_out = 0x7407ea4e True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLinePresetBlend, address_out = 0x7407ec63 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineSigmaBlend, address_out = 0x74080184 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineLinearBlend, address_out = 0x7407eeb7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineWrapMode, address_out = 0x7407ef69 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineWrapMode, address_out = 0x7407f01b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineTransform, address_out = 0x740802da True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineTransform, address_out = 0x7407dc34 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipResetLineTransform, address_out = 0x7407dd3d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipMultiplyLineTransform, address_out = 0x740803e3 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipTranslateLineTransform, address_out = 0x740804fc True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipScaleLineTransform, address_out = 0x740805d5 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipRotateLineTransform, address_out = 0x7407dde0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateHatchBrush, address_out = 0x74096266 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetHatchStyle, address_out = 0x7407da12 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetHatchForegroundColor, address_out = 0x7407dac8 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetHatchBackgroundColor, address_out = 0x7407db7e True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreatePen1, address_out = 0x7408083a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreatePen2, address_out = 0x7408096b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipClonePen, address_out = 0x74080abe True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDeletePen, address_out = 0x74080b95 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenFillType, address_out = 0x74082491 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenBrushFill, address_out = 0x740822c1 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenBrushFill, address_out = 0x740823cc True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenColor, address_out = 0x74082157 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenColor, address_out = 0x74082201 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenMode, address_out = 0x740819cc True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenMode, address_out = 0x74081a6f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenUnit, address_out = 0x74080d9b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenUnit, address_out = 0x74080e5a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenWidth, address_out = 0x74080c4d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenWidth, address_out = 0x74080ceb True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenDashStyle, address_out = 0x7408254e True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenDashStyle, address_out = 0x740825fe True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenLineCap197819, address_out = 0x74080f0a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenStartCap, address_out = 0x74080fb1 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenEndCap, address_out = 0x74081052 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenDashCap197819, address_out = 0x740810f3 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenStartCap, address_out = 0x74081194 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenEndCap, address_out = 0x74081244 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenDashCap197819, address_out = 0x740812f4 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenLineJoin, address_out = 0x740813ab True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenLineJoin, address_out = 0x74081449 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenCustomStartCap, address_out = 0x740814f9 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenCustomStartCap, address_out = 0x74081601 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenCustomEndCap, address_out = 0x740816b8 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenCustomEndCap, address_out = 0x740817c0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenMiterLimit, address_out = 0x74081877 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenMiterLimit, address_out = 0x7408191c True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenTransform, address_out = 0x74081b1f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenTransform, address_out = 0x74081c25 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipResetPenTransform, address_out = 0x74081d2b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipMultiplyPenTransform, address_out = 0x74081dcb True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipTranslatePenTransform, address_out = 0x74081ee1 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipScalePenTransform, address_out = 0x74081fb7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipRotatePenTransform, address_out = 0x7408208d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenDashOffset, address_out = 0x7408269f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenDashOffset, address_out = 0x7408274f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenDashCount, address_out = 0x740827ed True 1
Fn
Get Address c:\windows\system32\user32.dll function = EnableNonClientDpiScaling, address_out = 0x0 False 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmDefWindowProc, address_out = 0x73eb3df4 True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmEnableBlurBehindWindow, address_out = 0x73eb2945 True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmEnableComposition, address_out = 0x73eb720a True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmEnableMMCSS, address_out = 0x73eb37dd True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmExtendFrameIntoClientArea, address_out = 0x73eb3510 True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmGetColorizationColor, address_out = 0x73eb6f9a True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmGetWindowAttribute, address_out = 0x73eb1c76 True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmIsCompositionEnabled, address_out = 0x73eb1610 True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmSetWindowAttribute, address_out = 0x73eb16c0 True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmSetIconicThumbnail, address_out = 0x73eb85ea True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmSetIconicLivePreviewBitmap, address_out = 0x73eb88fd True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmInvalidateIconicBitmaps, address_out = 0x73eb3742 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetDynamicTimeZoneInformation, address_out = 0x76942565 True 1
Fn
Get Address c:\windows\system32\user32.dll function = GetScrollBarInfo, address_out = 0x76b54e11 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll address_out = 0x74075600 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 56
Fn
Get Address c:\windows\system32\advapi32.dll function = CheckTokenMembership, address_out = 0x769fdf04 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetCurrentProcess, address_out = 0x7695cdcf True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = OpenProcessToken, address_out = 0x76a04304 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = LookupPrivilegeValueW, address_out = 0x76a041b3 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = AdjustTokenPrivileges, address_out = 0x76a0418e True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CloseHandle, address_out = 0x7695ca7c True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetLastError, address_out = 0x7695bf00 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetCurrentProcessId, address_out = 0x7695cac4 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CreateToolhelp32Snapshot, address_out = 0x7694f731 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = Heap32ListFirst, address_out = 0x769a02e7 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = Heap32ListNext, address_out = 0x769a0391 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = Heap32First, address_out = 0x769a0429 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = Heap32Next, address_out = 0x769a0614 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = Toolhelp32ReadProcessMemory, address_out = 0x769a0819 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = Process32First, address_out = 0x7697443d True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = Process32Next, address_out = 0x76974505 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = Process32FirstW, address_out = 0x7694fa35 True 2
Fn
Get Address c:\windows\system32\kernel32.dll function = Process32NextW, address_out = 0x7694faca True 2
Fn
Get Address c:\windows\system32\kernel32.dll function = Thread32First, address_out = 0x76977e4c True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = Thread32Next, address_out = 0x76977edc True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = Module32First, address_out = 0x769a0859 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = Module32Next, address_out = 0x769a0942 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = Module32FirstW, address_out = 0x7694c59e True 2
Fn
Get Address c:\windows\system32\kernel32.dll function = Module32NextW, address_out = 0x7694c11f True 2
Fn
Create Mapping - filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 4 True 1
Fn
Create Mapping C:\Program Files\Remote Utilities - Host\rutserv.exe filename = C:\Program Files\Remote Utilities - Host\rutserv.exe, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Create Mapping - filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 20 True 1
Fn
Map - process_name = c:\program files\remote utilities - host\rutserv.exe, desired_access = FILE_MAP_ALL_ACCESS True 1
Fn
Map C:\Program Files\Remote Utilities - Host\rutserv.exe process_name = c:\program files\remote utilities - host\rutserv.exe, desired_access = FILE_MAP_READ True 1
Fn
Map - process_name = c:\program files\remote utilities - host\rutserv.exe, desired_access = FILE_MAP_ALL_ACCESS True 1
Fn
Service (6)
»
Operation Additional Information Success Count Logfile
Create service_name = RManService True 1
Fn
Open database_name = SERVICES_ACTIVE_DATABASE False 1
Fn
Open database_name = SERVICES_ACTIVE_DATABASE True 1
Fn
Open Manager database_name = SERVICES_ACTIVE_DATABASE True 1
Fn
Open Manager database_name = SERVICES_ACTIVE_DATABASE True 1
Fn
Set Config service_name = RManService True 1
Fn
User (1)
»
Operation Additional Information Success Count Logfile
Lookup Privilege privilege = SeDebugPrivilege, luid = 20 True 1
Fn
Window (13)
»
Operation Window Name Additional Information Success Count Logfile
Create - wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Create rutserv class_name = TApplication, wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 4132847 True 1
Fn
Set Attribute rutserv class_name = TApplication, index = 18446744073709551612, new_long = 4132834 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 4132808 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 4132795 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 4132782 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 4132769 True 1
Fn
Keyboard (1)
»
Operation Additional Information Success Count Logfile
Get Info type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 True 1
Fn
System (323)
»
Operation Additional Information Success Count Logfile
Get Computer Name result_out = cRh2YWu7, type = ComputerNameDnsFullyQualified True 3
Fn
Get Computer Name result_out = CRH2YWU7 True 1
Fn
Get Time type = Local Time, time = 2018-08-28 08:29:50 (Local Time) True 1
Fn
Get Time type = Local Time, time = 2018-08-28 08:29:55 (Local Time) True 64
Fn
Register Hook type = WH_CBT, hookproc_address = 0x65b278 True 1
Fn
Register Hook type = WH_CALLWNDPROC, hookproc_address = 0x9cdb7c True 1
Fn
Register Hook type = WH_GETMESSAGE, hookproc_address = 0x9cdbbc True 1
Fn
Register Hook type = WH_MOUSE, hookproc_address = 0x9cdb5c True 1
Fn
Get Info type = Operating System True 238
Fn
Get Info type = Hardware Information True 4
Fn
Get Info type = Operating System True 5
Fn
Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Get Info type = Operating System False 1
Fn
Mutex (13)
»
Operation Additional Information Success Count Logfile
Create mutex_name = madExceptSettingsMtx$fa8 True 1
Fn
Create - True 1
Fn
Create - True 1
Fn
Create - True 1
Fn
Create mutex_name = madExceptSettingsMtx$fa8 True 1
Fn
Release mutex_name = madExceptSettingsMtx$fa8 True 1
Fn
Release - True 2
Fn
Release - True 4
Fn
Release mutex_name = madExceptSettingsMtx$fa8 True 1
Fn
Debug (1)
»
Operation Process Additional Information Success Count Logfile
Print c:\program files\remote utilities - host\rutserv.exe type = DEBUG_STRING, text = 28-08-2018_08:29:50:304#T:Error NTSetPrivilege - SE_DEBUG_NAME True 1
Fn
Process #27: rutserv.exe
1585 0
»
Information Value
ID #27
File Name c:\program files\remote utilities - host\rutserv.exe
Command Line "C:\Program Files\Remote Utilities - Host\rutserv.exe" /firewall
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:38, Reason: Child Process
Unmonitor End Time: 00:03:43, Reason: Self Terminated
Monitor Duration 00:00:05
OS Process Information
»
Information Value
PID 0xfc4
Parent PID 0xa44 (c:\windows\system32\msiexec.exe)
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x FC8
0x FD0
0x FD4
0x FD8
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x00020fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x0012ffff Private Memory rw True False False -
pagefile_0x0000000000130000 0x00130000 0x00133fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000140000 0x00140000 0x00141fff Pagefile Backed Memory r True False False -
locale.nls 0x00150000 0x001b6fff Memory Mapped File r False False False -
private_0x00000000001c0000 0x001c0000 0x001c0fff Private Memory rw True False False -
pagefile_0x00000000001d0000 0x001d0000 0x001d0fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000001e0000 0x001e0000 0x001e1fff Pagefile Backed Memory r True False False -
private_0x00000000001f0000 0x001f0000 0x001f0fff Private Memory rw True False False -
pagefile_0x0000000000200000 0x00200000 0x00200fff Pagefile Backed Memory rw True False False -
private_0x0000000000210000 0x00210000 0x00210fff Private Memory rwx True False False -
private_0x0000000000220000 0x00220000 0x0031ffff Private Memory rw True False False -
pagefile_0x0000000000320000 0x00320000 0x003e7fff Pagefile Backed Memory r True False False -
pagefile_0x00000000003f0000 0x003f0000 0x003f6fff Pagefile Backed Memory r True False False -
rutserv.exe 0x00400000 0x00e22fff Memory Mapped File rwx True True False
...
pagefile_0x0000000000e30000 0x00e30000 0x00f30fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000f40000 0x00f40000 0x00f41fff Pagefile Backed Memory rw True False False -
rpcss.dll 0x00f50000 0x00fabfff Memory Mapped File r False False False -
private_0x0000000000f50000 0x00f50000 0x00f5ffff Private Memory rw True False False -
pagefile_0x0000000000f60000 0x00f60000 0x00f60fff Pagefile Backed Memory rw True False False -
comctl32.dll.mui 0x00f70000 0x00f72fff Memory Mapped File rw False False False -
private_0x0000000000f80000 0x00f80000 0x00f80fff Private Memory rw True False False -
private_0x0000000000f90000 0x00f90000 0x00f90fff Private Memory rw True False False -
private_0x0000000000fa0000 0x00fa0000 0x00fa0fff Private Memory rw True False False -
private_0x0000000000fb0000 0x00fb0000 0x00fbffff Private Memory rw True False False -
private_0x0000000000fc0000 0x00fc0000 0x00fc0fff Private Memory rw True False False -
private_0x0000000000fd0000 0x00fd0000 0x00fdffff Private Memory rw True False False -
pagefile_0x0000000000fe0000 0x00fe0000 0x01bdffff Pagefile Backed Memory r True False False -
private_0x0000000001be0000 0x01be0000 0x01d1ffff Private Memory rw True False False -
rutserv.exe 0x01d20000 0x0269efff Memory Mapped File r True False False -
private_0x0000000001d20000 0x01d20000 0x01f0ffff Private Memory rw True False False -
pagefile_0x0000000001d20000 0x01d20000 0x01dfefff Pagefile Backed Memory r True False False -
private_0x0000000001e00000 0x01e00000 0x01e7ffff Private Memory - True False False -
pagefile_0x0000000001e80000 0x01e80000 0x01e80fff Pagefile Backed Memory r True False False -
pagefile_0x0000000001e90000 0x01e90000 0x01e90fff Pagefile Backed Memory r True False False -
firewallapi.dll 0x01ea0000 0x01eaafff Memory Mapped File r False False False -
stdole2.tlb 0x01eb0000 0x01eb3fff Memory Mapped File r False False False -
private_0x0000000001ed0000 0x01ed0000 0x01f0ffff Private Memory rw True False False -
private_0x0000000001f10000 0x01f10000 0x0200ffff Private Memory rw True False False -
sortdefault.nls 0x02010000 0x022defff Memory Mapped File r False False False -
private_0x00000000022e0000 0x022e0000 0x026dffff Private Memory - True False False -
private_0x00000000026e0000 0x026e0000 0x02adffff Private Memory - True False False -
private_0x0000000002ae0000 0x02ae0000 0x02b5ffff Private Memory - True False False -
private_0x0000000002b60000 0x02b60000 0x02f5ffff Private Memory - True False False -
private_0x0000000002f60000 0x02f60000 0x02fdffff Private Memory - True False False -
private_0x0000000002fe0000 0x02fe0000 0x033dffff Private Memory - True False False -
private_0x00000000033e0000 0x033e0000 0x0345ffff Private Memory - True False False -
pagefile_0x0000000003460000 0x03460000 0x03852fff Pagefile Backed Memory r True False False -
private_0x0000000003860000 0x03860000 0x0395ffff Private Memory rw True False False -
private_0x0000000003960000 0x03960000 0x03a5ffff Private Memory rw True False False -
private_0x0000000003a60000 0x03a60000 0x03b0ffff Private Memory rw True False False -
pagefile_0x0000000003a60000 0x03a60000 0x03a95fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000003a60000 0x03a60000 0x03a83fff Pagefile Backed Memory rw True False False -
private_0x0000000003ad0000 0x03ad0000 0x03b0ffff Private Memory rw True False False -
staticcache.dat 0x03b10000 0x0443ffff Memory Mapped File r False False False -
private_0x0000000004440000 0x04440000 0x0463ffff Private Memory rw True False False -
private_0x0000000004440000 0x04440000 0x0457ffff Private Memory rw True False False -
private_0x0000000004630000 0x04630000 0x0463ffff Private Memory rw True False False -
private_0x0000000004640000 0x04640000 0x0473ffff Private Memory rw True False False -
security.dll 0x6de20000 0x6de22fff Memory Mapped File rwx False False False -
winmm.dll 0x6e9f0000 0x6ea21fff Memory Mapped File rwx False False False -
webio.dll 0x6fcf0000 0x6fd3efff Memory Mapped File rwx False False False -
winhttp.dll 0x6fd40000 0x6fd97fff Memory Mapped File rwx False False False -
winspool.drv 0x70200000 0x70250fff Memory Mapped File rwx False False False -
olepro32.dll 0x71de0000 0x71df8fff Memory Mapped File rwx False False False -
faultrep.dll 0x71e00000 0x71e51fff Memory Mapped File rwx False False False -
wsock32.dll 0x71e60000 0x71e66fff Memory Mapped File rwx False False False -
shfolder.dll 0x71f00000 0x71f04fff Memory Mapped File rwx False False False -
msimg32.dll 0x71f50000 0x71f54fff Memory Mapped File rwx False False False -
ntmarta.dll 0x73c00000 0x73c20fff Memory Mapped File rwx False False False -
wkscli.dll 0x73c40000 0x73c4efff Memory Mapped File rwx False False False -
netutils.dll 0x73c50000 0x73c58fff Memory Mapped File rwx False False False -
netapi32.dll 0x73c60000 0x73c70fff Memory Mapped File rwx False False False -
wtsapi32.dll 0x73d60000 0x73d6cfff Memory Mapped File rwx False False False -
dwmapi.dll 0x73eb0000 0x73ec2fff Memory Mapped File rwx False False False -
gdiplus.dll 0x74050000 0x741dffff Memory Mapped File rwx False False False -
uxtheme.dll 0x741e0000 0x7421ffff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
version.dll 0x748d0000 0x748d8fff Memory Mapped File rwx False False False -
firewallapi.dll 0x748e0000 0x74955fff Memory Mapped File rwx False False False -
srvcli.dll 0x75220000 0x75238fff Memory Mapped File rwx False False False -
secur32.dll 0x75290000 0x75297fff Memory Mapped File rwx False False False -
sspicli.dll 0x752b0000 0x752cafff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
sxs.dll 0x752e0000 0x7533efff Memory Mapped File rwx False False False -
winsta.dll 0x75340000 0x75368fff Memory Mapped File rwx False False False -
msasn1.dll 0x753f0000 0x753fbfff Memory Mapped File rwx False False False -
crypt32.dll 0x75420000 0x7553cfff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
wintrust.dll 0x75650000 0x7567cfff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
wldap32.dll 0x75730000 0x75774fff Memory Mapped File rwx False False False -
clbcatq.dll 0x75780000 0x75802fff Memory Mapped File rwx False False False -
nsi.dll 0x75810000 0x75815fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
wininet.dll 0x76650000 0x76744fff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
urlmon.dll 0x76e70000 0x76fa5fff Memory Mapped File rwx False False False -
iertutil.dll 0x76fb0000 0x771aafff Memory Mapped File rwx False False False -
comdlg32.dll 0x771b0000 0x7722afff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
ws2_32.dll 0x77380000 0x773b4fff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Hook Information
»
Type Installer Target Size Information Actions
Code rutserv.exe:+0xb0db6 kernel32.dll:CreateThread+0x1c 4 bytes -
...
Code rutserv.exe:+0xb10f8 kernel32.dll:CreateThread+0x1c 4 bytes -
...
IAT rutserv.exe:+0x7549e 1140. entry of shell32.dll 4 bytes kernel32.dll:QueueUserWorkItem+0x0 now points to rutserv.exe:__dbk_fcall_wrapper+0x9ed44
...
IAT rutserv.exe:+0x7549e 1140. entry of shell32.dll 4 bytes rutserv.exe:__dbk_fcall_wrapper+0x9ed44 now points to kernel32.dll:QueueUserWorkItem+0x0
...
IAT rutserv.exe:+0x7549e 53. entry of shlwapi.dll 4 bytes kernel32.dll:QueueUserWorkItem+0x0 now points to rutserv.exe:__dbk_fcall_wrapper+0x9ed44
...
IAT rutserv.exe:+0x7549e 53. entry of shlwapi.dll 4 bytes rutserv.exe:__dbk_fcall_wrapper+0x9ed44 now points to kernel32.dll:QueueUserWorkItem+0x0
...
Host Behavior
COM (3)
»
Operation Class Interface Additional Information Success Count Logfile
Create E2B3C97F-6AE1-41AC-817A-F6F92166D7DD 00020400-0000-0000-C000-000000000046 cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER True 1
Fn
Create 2C5BC43E-3369-4C33-AB0C-BE9469677AF4 00020400-0000-0000-C000-000000000046 cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER True 1
Fn
Create 304CE942-6E39-40D8-943A-B913C40C9CD4 00020400-0000-0000-C000-000000000046 cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER True 1
Fn
File (22)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Program Files\Remote Utilities - Host\rutserv.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create Directory C:\Users\EEBsYm5\AppData\Local\Temp\ - False 1
Fn
Create Directory C:\Users\EEBsYm5\AppData\Local\Temp\rutserv.madExcept - True 1
Fn
Create Pipe Anonymous read pipe size = 0 True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\rutserv.madExcept\ type = file_attributes True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\rutserv.exe type = size True 1
Fn
Open Mapping madExceptRestart$fc4 desired_access = FILE_MAP_READ False 1
Fn
Open Mapping madExceptSettingsBuf2$fc4 desired_access = FILE_MAP_WRITE, FILE_MAP_READ False 1
Fn
Read - size = 144, size_out = 0 False 10
Fn
Read - size = 144, size_out = 144 True 1
Fn
Data
Delete Directory C:\Users\EEBsYm5\AppData\Local\Temp\rutserv.madExcept\ - True 1
Fn
Delete C:\Users\EEBsYm5\AppData\Local\Temp\rutserv.madExcept\. - False 1
Fn
Delete C:\Users\EEBsYm5\AppData\Local\Temp\rutserv.madExcept\.. - False 1
Fn
Registry (410)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Embarcadero\Locales - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales - False 2
Fn
Open Key HKEY_CURRENT_USER\Software\CodeGear\Locales - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\CodeGear\Locales - False 2
Fn
Open Key HKEY_CURRENT_USER\Software\Borland\Locales - False 2
Fn
Open Key HKEY_CURRENT_USER\Software\Borland\Delphi\Locales - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = InstallDate, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = InstallDate, data = 1496235695, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = ProductName, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = ProductName, data = Windows 7 Professional, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = ProductId, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = ProductId, data = 00371-223-0192682-86871, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography value_name = MachineGuid, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography value_name = MachineGuid, data = cdd36b99-6027-4bbf-bf10-e7f8b416e3fb, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Display, data = (UTC+04:30) Kabul, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Std, data = Afghanistan Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Dlt, data = Afghanistan Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Display, data = (UTC-09:00) Alaska, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Std, data = Alaskan Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Dlt, data = Alaskan Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST value_name = LastEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST value_name = 2006, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST value_name = 2007, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Display, data = (UTC+03:00) Kuwait, Riyadh, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Std, data = Arab Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Dlt, data = Arab Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Display, data = (UTC+04:00) Abu Dhabi, Muscat, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Std, data = Arabian Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Dlt, data = Arabian Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Display, data = (UTC+03:00) Baghdad, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Std, data = Arabic Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Dlt, data = Arabic Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = LastEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = 2006, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = 2007, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = 2008, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Display, data = (UTC-03:00) Buenos Aires, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Std, data = Argentina Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Dlt, data = Argentina Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = LastEntry, data = 2010, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = 2006, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = 2007, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = 2008, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = 2009, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = 2010, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Display, data = (UTC-04:00) Atlantic Time (Canada), type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Std, data = Atlantic Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Dlt, data = Atlantic Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST value_name = LastEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST value_name = 2006, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST value_name = 2007, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Display, data = (UTC+09:30) Darwin, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Std, data = AUS Central Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Dlt, data = AUS Central Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Display, data = (UTC+10:00) Canberra, Melbourne, Sydney, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Std, data = AUS Eastern Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Dlt, data = AUS Eastern Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST value_name = FirstEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST value_name = LastEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST value_name = 2007, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST value_name = 2008, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Display, data = (UTC+04:00) Baku, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Std, data = Azerbaijan Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Dlt, data = Azerbaijan Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Display, data = (UTC-01:00) Azores, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Std, data = Azores Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Dlt, data = Azores Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Display, data = (UTC+06:00) Dhaka, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Std, data = Bangladesh Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Dlt, data = Bangladesh Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = FirstEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = LastEntry, data = 2010, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = 2008, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = 2009, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = 2010, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Display, data = (UTC-06:00) Saskatchewan, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Std, data = Canada Central Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Dlt, data = Canada Central Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time value_name = Display, data = (UTC-01:00) Cape Verde Is., type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time value_name = Std, data = Cape Verde Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time value_name = Dlt, data = Cape Verde Daylight Time, type = REG_SZ True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 2
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time - True 1
Fn
Process (74)
»
Operation Process Additional Information Success Count Logfile
Get filename c:\windows\system32\smss.exe file_name = C:\Windows\System32\smss.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\csrss.exe file_name = C:\Windows\System32\csrss.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\wininit.exe file_name = C:\Windows\System32\wininit.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\csrss.exe file_name = C:\Windows\System32\csrss.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\winlogon.exe file_name = C:\Windows\System32\winlogon.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\services.exe file_name = C:\Windows\System32\services.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\lsass.exe file_name = C:\Windows\System32\lsass.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\lsm.exe file_name = C:\Windows\System32\lsm.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\svchost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\svchost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\svchost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\svchost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\svchost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\svchost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\svchost.exe, flags = PROCESS_NAME_WIN32 True 5
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\spoolsv.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\taskhost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\taskeng.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\dwm.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\explorer.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Microsoft Visual Studio 8\helped.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Windows Portable Devices\guestbook-jam-stages.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Microsoft Synchronization Services\watts_flights.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Windows Sidebar\question increasingly.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Mozilla Maintenance Service\briefing myth.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\DVD Maker\belowturkishcatch.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Adobe\ebay.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Windows Portable Devices\competingquantity.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\MSBuild\clients-confident-leasing.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Windows Mail\storage-ne-lips.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Microsoft Analysis Services\valued-seeds-belgium.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Microsoft Visual Studio 8\podcast_religion.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Java\cheat.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Microsoft Office\slovak.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Windows Journal\transition.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Windows Sidebar\similarly src timber.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\MSBuild\socket edinburgh.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Windows Mail\view.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Google\defense.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Microsoft Analysis Services\controls_experts.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\msiexec.exe, flags = PROCESS_NAME_WIN32 True 4
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\sppsvc.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\VSSVC.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\inst_fold\fp.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\inst_fold\armstart.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Remote Utilities - Host\rutserv.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Open System Idle Process desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Open System desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Open c:\windows\system32\smss.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\csrss.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\wininit.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\csrss.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\winlogon.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\services.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\lsass.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\lsm.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\svchost.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\svchost.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\svchost.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\svchost.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\svchost.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\audiodg.exe desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Open c:\windows\system32\svchost.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\svchost.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Thread (1)
»
Operation Process Additional Information Success Count Logfile
Open - os_tid = 0xfd0 True 1
Fn
Module (672)
»
Operation Module Additional Information Success Count Logfile
Load kernel32.dll base_address = 0x76910000 True 59
Fn
Load FaultRep.dll base_address = 0x71e00000 True 1
Fn
Load wtsapi32.dll base_address = 0x73d60000 True 1
Fn
Load uxtheme.dll base_address = 0x741e0000 True 2
Fn
Load olepro32.dll base_address = 0x71de0000 True 1
Fn
Load security.dll base_address = 0x6de20000 True 1
Fn
Load UxTheme.dll base_address = 0x741e0000 True 1
Fn
Load Shcore.dll base_address = 0x0 False 1
Fn
Load user32.dll base_address = 0x76b40000 True 1
Fn
Load gdiplus.dll base_address = 0x74050000 True 1
Fn
Load dwmapi.dll base_address = 0x73eb0000 True 1
Fn
Load ntdll.dll base_address = 0x77230000 True 1
Fn
Get Handle c:\program files\remote utilities - host\rutserv.exe base_address = 0x400000 True 6
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76910000 True 13
Fn
Get Handle c:\windows\system32\oleaut32.dll base_address = 0x76c10000 True 1
Fn
Get Handle c:\windows\system32\ntdll.dll base_address = 0x77230000 True 3
Fn
Get Handle c:\windows\system32\advapi32.dll base_address = 0x769f0000 True 2
Fn
Get Handle vcl320.bpl base_address = 0x0 False 1
Fn
Get Handle c:\windows\system32\user32.dll base_address = 0x76b40000 True 9
Fn
Get Handle c:\windows\system32\msvcrt.dll base_address = 0x76a90000 True 2
Fn
Get Handle c:\windows\system32\kernelbase.dll base_address = 0x75540000 True 1
Fn
Get Handle c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll base_address = 0x74360000 True 1
Fn
Get Filename c:\program files\remote utilities - host\rutserv.exe process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 522 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 261 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 True 1
Fn
Get Filename c:\program files\remote utilities - host\rutserv.exe process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 True 5
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 11
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 35
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winmm.dll, size = 260 True 3
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\webio.dll, size = 260 True 3
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winhttp.dll, size = 260 True 3
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winspool.drv, size = 260 True 3
Fn
Get Filename c:\windows\system32\faultrep.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\FaultRep.dll, size = 260 True 3
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wsock32.dll, size = 260 True 3
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHFolder.dll, size = 260 True 3
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ntmarta.dll, size = 260 True 3
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wkscli.dll, size = 260 True 3
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\netutils.dll, size = 260 True 3
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\netapi32.dll, size = 260 True 3
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\version.dll, size = 260 True 3
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\srvcli.dll, size = 260 True 3
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\MSASN1.dll, size = 260 True 3
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\CRYPT32.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\KERNELBASE.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wintrust.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\RPCRT4.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\WLDAP32.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\NSI.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHELL32.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\LPK.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wininet.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ole32.dll, size = 260 True 2
Fn
Get Filename c:\windows\system32\kernel32.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 260 True 4
Fn
Get Filename c:\windows\system32\advapi32.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ADVAPI32.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\msvcrt.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\USER32.dll, size = 260 True 2
Fn
Get Filename c:\windows\system32\oleaut32.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\OLEAUT32.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\MSCTF.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\USP10.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHLWAPI.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\urlmon.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 12
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 260 True 1
Fn
Get Filename c:\windows\system32\kernelbase.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\KERNELBASE.dll, size = 260 True 1
Fn
Get Filename c:\program files\remote utilities - host\rutserv.exe process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 256 True 1
Fn
Get Filename vcl320.bpl process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 261 True 1
Fn
Get Filename c:\windows\system32\kernel32.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 261 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, size = 260 False 13
Fn
Get Filename c:\windows\system32\wtsapi32.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wtsapi32.dll, size = 260 True 1
Fn
Get Filename c:\windows\system32\dwmapi.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\dwmapi.dll, size = 260 True 1
Fn
Get Filename c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 260 True 1
Fn
Get Filename c:\windows\system32\uxtheme.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 260 True 1
Fn
Get Filename c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\FirewallAPI.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\CRYPTBASE.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SXS.DLL, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\WINSTA.dll, size = 260 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetThreadPreferredUILanguages, address_out = 0x769522d7 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadPreferredUILanguages, address_out = 0x7694e627 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetThreadUILanguage, address_out = 0x7694ae42 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetNativeSystemInfo, address_out = 0x7694be77 True 2
Fn
Get Address c:\windows\system32\kernel32.dll function = GetDiskFreeSpaceExW, address_out = 0x7694de40 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetLogicalProcessorInformation, address_out = 0x76942004 True 2
Fn
Get Address c:\windows\system32\oleaut32.dll function = VariantChangeTypeEx, address_out = 0x76c14c28 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarNeg, address_out = 0x76c8c802 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarNot, address_out = 0x76c8ec66 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarAdd, address_out = 0x76c35934 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarSub, address_out = 0x76c8d332 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarMul, address_out = 0x76c8dbd4 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarDiv, address_out = 0x76c8e405 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarIdiv, address_out = 0x76c8f00a True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarMod, address_out = 0x76c8f15e True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarAnd, address_out = 0x76c35a98 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarOr, address_out = 0x76c8ecfa True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarXor, address_out = 0x76c8ee2e True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarCmp, address_out = 0x76c2b0dc True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarI4FromStr, address_out = 0x76c26fab True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarR4FromStr, address_out = 0x76c301a0 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarR8FromStr, address_out = 0x76c2699e True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarDateFromStr, address_out = 0x76c36ba7 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarCyFromStr, address_out = 0x76c56c12 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarBoolFromStr, address_out = 0x76c2dbd1 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarBstrFromCy, address_out = 0x76c37fdc True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarBstrFromDate, address_out = 0x76c27a2a True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarBstrFromBool, address_out = 0x76c30355 True 1
Fn
Get Address c:\program files\remote utilities - host\rutserv.exe function = GetLeakReport, address_out = 0x0 False 1
Fn
Get Address c:\program files\remote utilities - host\rutserv.exe function = @Madexcept@initialization$qqrv, address_out = 0x0 False 1
Fn
Get Address c:\windows\system32\faultrep.dll function = ReportFault, address_out = 0x71e05457 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = OpenThread, address_out = 0x76966733 True 1
Fn
Get Address c:\windows\system32\ntdll.dll function = NtOpenThread, address_out = 0x77275e08 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SetEntriesInAclA, address_out = 0x76a415e9 True 2
Fn
Get Address c:\windows\system32\ntdll.dll function = NtQuerySystemInformation, address_out = 0x772761f8 True 2
Fn
Get Address c:\windows\system32\ntdll.dll function = RtlGetVersion, address_out = 0x772965e3 True 1
Fn
Get Address Unknown module name address_out = 0x0 False 1
Fn
Get Address c:\windows\system32\user32.dll function = SetThreadDpiAwarenessContext, address_out = 0x0 False 1
Fn
Get Address c:\windows\system32\user32.dll function = ChangeWindowMessageFilterEx, address_out = 0x76b524c8 True 1
Fn
Get Address c:\windows\system32\msvcrt.dll function = _CxxThrowException, address_out = 0x76ab3557 True 2
Fn
Get Address c:\windows\system32\kernelbase.dll function = CreateRemoteThreadEx, address_out = 0x7554be34 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CreateThread, address_out = 0x7696375d True 1
Fn
Get Address c:\windows\system32\wtsapi32.dll function = WTSRegisterSessionNotification, address_out = 0x73d61cbc True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BufferedPaintInit, address_out = 0x741e940e True 2
Fn
Get Address c:\windows\system32\user32.dll function = AnimateWindow, address_out = 0x76b70620 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = InitializeFlatSB, address_out = 0x7443f803 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = UninitializeFlatSB, address_out = 0x7436d1ea True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_GetScrollProp, address_out = 0x7443f81f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_SetScrollProp, address_out = 0x743e07d0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_EnableScrollBar, address_out = 0x7443f84b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_ShowScrollBar, address_out = 0x7443f83a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_GetScrollRange, address_out = 0x7443f829 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_GetScrollInfo, address_out = 0x743e08b6 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_GetScrollPos, address_out = 0x7443f80e True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_SetScrollPos, address_out = 0x743e0894 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_SetScrollInfo, address_out = 0x743e08c7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_SetScrollRange, address_out = 0x743e08a5 True 1
Fn
Get Address c:\windows\system32\user32.dll function = SetLayeredWindowAttributes, address_out = 0x76b4a6dc True 1
Fn
Get Address c:\windows\system32\olepro32.dll function = OleCreatePropertyFrame, address_out = 0x71de20ea True 1
Fn
Get Address c:\windows\system32\olepro32.dll function = OleCreateFontIndirect, address_out = 0x71de20b7 True 1
Fn
Get Address c:\windows\system32\olepro32.dll function = OleCreatePictureIndirect, address_out = 0x71de20c8 True 1
Fn
Get Address c:\windows\system32\olepro32.dll function = OleLoadPicture, address_out = 0x71de20d9 True 1
Fn
Get Address c:\windows\system32\security.dll function = InitSecurityInterfaceW, address_out = 0x752b5b53 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = InitializeCriticalSection, address_out = 0x7728a149 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = OpenThemeData, address_out = 0x741e73d2 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = CloseThemeData, address_out = 0x741e6a18 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeBackground, address_out = 0x741e3982 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeText, address_out = 0x741e4ea1 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeBackgroundContentRect, address_out = 0x741ecd2e True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeBackgroundExtent, address_out = 0x741ef8bf True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemePartSize, address_out = 0x741ecdb1 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeTextExtent, address_out = 0x741e2d57 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeTextMetrics, address_out = 0x741ef992 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeBackgroundRegion, address_out = 0x741f165d True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = HitTestThemeBackground, address_out = 0x741f3ce3 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeEdge, address_out = 0x74203b52 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeIcon, address_out = 0x742135e7 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsThemePartDefined, address_out = 0x741e85b4 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsThemeBackgroundPartiallyTransparent, address_out = 0x741e60ab True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeColor, address_out = 0x741e616c True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeMetric, address_out = 0x741f06e2 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeString, address_out = 0x742122e4 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeBool, address_out = 0x741e7c1f True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeInt, address_out = 0x741e616c True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeEnumValue, address_out = 0x741e616c True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemePosition, address_out = 0x74212350 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeFont, address_out = 0x741eff21 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeRect, address_out = 0x741f3611 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeMargins, address_out = 0x741e86e9 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeIntList, address_out = 0x742123b1 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemePropertyOrigin, address_out = 0x74203fbb True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = SetWindowTheme, address_out = 0x741f0134 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeFilename, address_out = 0x74212412 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysColor, address_out = 0x74203274 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysColorBrush, address_out = 0x7421301e True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysBool, address_out = 0x74213172 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysSize, address_out = 0x7421320b True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysFont, address_out = 0x742129c4 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysString, address_out = 0x74212b3f True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysInt, address_out = 0x74212bd3 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsThemeActive, address_out = 0x741ef785 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsAppThemed, address_out = 0x741ef869 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetWindowTheme, address_out = 0x741edf46 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = EnableThemeDialogTexture, address_out = 0x741efcaf True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsThemeDialogTextureEnabled, address_out = 0x7421312b True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeAppProperties, address_out = 0x741f0fb1 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = SetThemeAppProperties, address_out = 0x74213296 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetCurrentThemeName, address_out = 0x741f05dd True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeDocumentationProperty, address_out = 0x74212932 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeParentBackground, address_out = 0x741e53e5 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = EnableTheming, address_out = 0x74212feb True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsWow64Process, address_out = 0x76954785 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = QueueUserWorkItem, address_out = 0x76953c22 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeTextEx, address_out = 0x741e63e6 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BeginBufferedPaint, address_out = 0x741e49a1 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BufferedPaintClear, address_out = 0x741e6395 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BufferedPaintSetAlpha, address_out = 0x741fe6b3 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BufferedPaintUnInit, address_out = 0x741e94ab True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = EndBufferedPaint, address_out = 0x741e3f9a True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BeginPanningFeedback, address_out = 0x74210731 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = UpdatePanningFeedback, address_out = 0x7421068d True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = EndPanningFeedback, address_out = 0x742106cc True 1
Fn
Get Address c:\windows\system32\user32.dll function = GetSystemMetricsForDpi, address_out = 0x0 False 1
Fn
Get Address c:\windows\system32\user32.dll function = GetGestureInfo, address_out = 0x76b8b30d True 1
Fn
Get Address c:\windows\system32\user32.dll function = CloseGestureInfoHandle, address_out = 0x76b8b38a True 1
Fn
Get Address c:\windows\system32\user32.dll function = SetGestureConfig, address_out = 0x76b44715 True 1
Fn
Get Address c:\windows\system32\user32.dll function = LogicalToPhysicalPoint, address_out = 0x76b76e4f True 1
Fn
Get Address c:\windows\system32\user32.dll function = PhysicalToLogicalPoint, address_out = 0x76b76e63 True 1
Fn
Get Address c:\windows\system32\user32.dll function = IsProcessDPIAware, address_out = 0x76b5212e True 1
Fn
Get Address c:\windows\system32\user32.dll function = WindowFromDC, address_out = 0x76b52116 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipAlloc, address_out = 0x74092437 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipFree, address_out = 0x740924b2 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdiplusStartup, address_out = 0x74075600 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdiplusShutdown, address_out = 0x740756be True 2
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCloneBrush, address_out = 0x7407d7e8 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDeleteBrush, address_out = 0x7407d8c2 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetBrushType, address_out = 0x7407d95f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateSolidFill, address_out = 0x7409701b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetSolidFillColor, address_out = 0x7407dfe0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetSolidFillColor, address_out = 0x7407e083 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreatePathGradient, address_out = 0x7409682f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreatePathGradientI, address_out = 0x740968f1 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreatePathGradientFromPath, address_out = 0x74096a43 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientCenterColor, address_out = 0x7407f0ce True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientCenterColor, address_out = 0x7407f196 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientSurroundColorsWithCount, address_out = 0x7407f23a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientSurroundColorsWithCount, address_out = 0x7407f368 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientPath, address_out = 0x7407f524 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientPath, address_out = 0x7407f524 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientCenterPoint, address_out = 0x7407f567 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientCenterPointI, address_out = 0x7407f621 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientCenterPoint, address_out = 0x7407f6b5 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientCenterPointI, address_out = 0x7407f76f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientRect, address_out = 0x7407f94a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientRectI, address_out = 0x7407f9ff True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientPointCount, address_out = 0x7407f7dd True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientSurroundColorCount, address_out = 0x7407f890 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientGammaCorrection, address_out = 0x7407fab7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientGammaCorrection, address_out = 0x7407fb54 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientBlendCount, address_out = 0x7407e7f0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientBlend, address_out = 0x7407fc07 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientBlend, address_out = 0x7407e97a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientPresetBlendCount, address_out = 0x7407fcdb True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientPresetBlend, address_out = 0x7407fd95 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientPresetBlend, address_out = 0x7407ff41 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientSigmaBlend, address_out = 0x74080184 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientLinearBlend, address_out = 0x7407eeb7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientWrapMode, address_out = 0x7407f01b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientWrapMode, address_out = 0x74080236 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientTransform, address_out = 0x740802da True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientTransform, address_out = 0x7407dc34 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipResetPathGradientTransform, address_out = 0x7407dd3d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipMultiplyPathGradientTransform, address_out = 0x740803e3 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipTranslatePathGradientTransform, address_out = 0x740804fc True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipScalePathGradientTransform, address_out = 0x740805d5 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipRotatePathGradientTransform, address_out = 0x7407dde0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientFocusScales, address_out = 0x740806ae True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientFocusScales, address_out = 0x74080793 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrush, address_out = 0x7407e139 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrushI, address_out = 0x7407e22f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrushFromRect, address_out = 0x7407e2fe True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrushFromRectI, address_out = 0x7407e3ee True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrushFromRectWithAngle, address_out = 0x7407e4b6 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrushFromRectWithAngleI, address_out = 0x7407e5ad True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineRect, address_out = 0x7407f94a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineRectI, address_out = 0x7407f9ff True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineColors, address_out = 0x7407e67c True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineColors, address_out = 0x7407e731 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineGammaCorrection, address_out = 0x74075765 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineGammaCorrection, address_out = 0x740757be True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineBlendCount, address_out = 0x7407e7f0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineBlend, address_out = 0x7407e8a6 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineBlend, address_out = 0x7407e97a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLinePresetBlendCount, address_out = 0x7407fcdb True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLinePresetBlend, address_out = 0x7407ea4e True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLinePresetBlend, address_out = 0x7407ec63 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineSigmaBlend, address_out = 0x74080184 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineLinearBlend, address_out = 0x7407eeb7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineWrapMode, address_out = 0x7407ef69 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineWrapMode, address_out = 0x7407f01b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineTransform, address_out = 0x740802da True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineTransform, address_out = 0x7407dc34 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipResetLineTransform, address_out = 0x7407dd3d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipMultiplyLineTransform, address_out = 0x740803e3 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipTranslateLineTransform, address_out = 0x740804fc True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipScaleLineTransform, address_out = 0x740805d5 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipRotateLineTransform, address_out = 0x7407dde0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateHatchBrush, address_out = 0x74096266 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetHatchStyle, address_out = 0x7407da12 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetHatchForegroundColor, address_out = 0x7407dac8 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetHatchBackgroundColor, address_out = 0x7407db7e True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreatePen1, address_out = 0x7408083a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreatePen2, address_out = 0x7408096b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipClonePen, address_out = 0x74080abe True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDeletePen, address_out = 0x74080b95 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenFillType, address_out = 0x74082491 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenBrushFill, address_out = 0x740822c1 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenBrushFill, address_out = 0x740823cc True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenColor, address_out = 0x74082157 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenColor, address_out = 0x74082201 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenMode, address_out = 0x740819cc True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenMode, address_out = 0x74081a6f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenUnit, address_out = 0x74080d9b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenUnit, address_out = 0x74080e5a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenWidth, address_out = 0x74080c4d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenWidth, address_out = 0x74080ceb True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenDashStyle, address_out = 0x7408254e True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenDashStyle, address_out = 0x740825fe True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenLineCap197819, address_out = 0x74080f0a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenStartCap, address_out = 0x74080fb1 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenEndCap, address_out = 0x74081052 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenDashCap197819, address_out = 0x740810f3 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenStartCap, address_out = 0x74081194 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenEndCap, address_out = 0x74081244 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenDashCap197819, address_out = 0x740812f4 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenLineJoin, address_out = 0x740813ab True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenLineJoin, address_out = 0x74081449 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenCustomStartCap, address_out = 0x740814f9 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenCustomStartCap, address_out = 0x74081601 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenCustomEndCap, address_out = 0x740816b8 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenCustomEndCap, address_out = 0x740817c0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenMiterLimit, address_out = 0x74081877 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenMiterLimit, address_out = 0x7408191c True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenTransform, address_out = 0x74081b1f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenTransform, address_out = 0x74081c25 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipResetPenTransform, address_out = 0x74081d2b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipMultiplyPenTransform, address_out = 0x74081dcb True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipTranslatePenTransform, address_out = 0x74081ee1 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipScalePenTransform, address_out = 0x74081fb7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipRotatePenTransform, address_out = 0x7408208d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenDashOffset, address_out = 0x7408269f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenDashOffset, address_out = 0x7408274f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenDashCount, address_out = 0x740827ed True 1
Fn
Get Address c:\windows\system32\user32.dll function = EnableNonClientDpiScaling, address_out = 0x0 False 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmDefWindowProc, address_out = 0x73eb3df4 True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmEnableBlurBehindWindow, address_out = 0x73eb2945 True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmEnableComposition, address_out = 0x73eb720a True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmEnableMMCSS, address_out = 0x73eb37dd True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmExtendFrameIntoClientArea, address_out = 0x73eb3510 True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmGetColorizationColor, address_out = 0x73eb6f9a True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmGetWindowAttribute, address_out = 0x73eb1c76 True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmIsCompositionEnabled, address_out = 0x73eb1610 True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmSetWindowAttribute, address_out = 0x73eb16c0 True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmSetIconicThumbnail, address_out = 0x73eb85ea True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmSetIconicLivePreviewBitmap, address_out = 0x73eb88fd True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmInvalidateIconicBitmaps, address_out = 0x73eb3742 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetDynamicTimeZoneInformation, address_out = 0x76942565 True 1
Fn
Get Address c:\windows\system32\user32.dll function = DrawTextW, address_out = 0x76b55b6a True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 56
Fn
Create Mapping - filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 4 True 1
Fn
Create Mapping C:\Program Files\Remote Utilities - Host\rutserv.exe filename = C:\Program Files\Remote Utilities - Host\rutserv.exe, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Create Mapping - filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 20 True 1
Fn
Map - process_name = c:\program files\remote utilities - host\rutserv.exe, desired_access = FILE_MAP_ALL_ACCESS True 1
Fn
Map C:\Program Files\Remote Utilities - Host\rutserv.exe process_name = c:\program files\remote utilities - host\rutserv.exe, desired_access = FILE_MAP_READ True 1
Fn
Map - process_name = c:\program files\remote utilities - host\rutserv.exe, desired_access = FILE_MAP_ALL_ACCESS True 1
Fn
Window (13)
»
Operation Window Name Additional Information Success Count Logfile
Create - wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Create rutserv class_name = TApplication, wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 2166767 True 1
Fn
Set Attribute rutserv class_name = TApplication, index = 18446744073709551612, new_long = 2166754 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 2166728 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 2166715 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 2166702 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 2166689 True 1
Fn
System (291)
»
Operation Additional Information Success Count Logfile
Get Computer Name result_out = CRH2YWU7 True 1
Fn
Get Computer Name result_out = cRh2YWu7, type = ComputerNameDnsFullyQualified True 2
Fn
Get Time type = Ticks, time = 252394 True 3
Fn
Get Time type = Ticks, time = 252409 True 14
Fn
Get Time type = Ticks, time = 252425 True 2
Fn
Get Time type = Local Time, time = 2018-08-28 08:29:57 (Local Time) True 64
Fn
Register Hook type = WH_CBT, hookproc_address = 0x65b278 True 1
Fn
Register Hook type = WH_CALLWNDPROC, hookproc_address = 0x9cdb7c True 1
Fn
Get Info type = Operating System True 189
Fn
Get Info type = Hardware Information True 4
Fn
Get Info type = Operating System True 5
Fn
Get Info type = SYSTEM_PROCESS_INFORMATION False 2
Fn
Get Info type = SYSTEM_PROCESS_INFORMATION True 2
Fn
Get Info type = Operating System False 1
Fn
Mutex (13)
»
Operation Additional Information Success Count Logfile
Create mutex_name = madExceptSettingsMtx$fc4 True 1
Fn
Create - True 1
Fn
Create - True 1
Fn
Create - True 1
Fn
Create mutex_name = madExceptSettingsMtx$fc4 True 1
Fn
Release mutex_name = madExceptSettingsMtx$fc4 True 1
Fn
Release - True 2
Fn
Release - True 4
Fn
Release mutex_name = madExceptSettingsMtx$fc4 True 1
Fn
Process #31: rutserv.exe
1431 0
»
Information Value
ID #31
File Name c:\program files\remote utilities - host\rutserv.exe
Command Line "C:\Program Files\Remote Utilities - Host\rutserv.exe" /start
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:42, Reason: Child Process
Unmonitor End Time: 00:03:53, Reason: Terminated by Timeout
Monitor Duration 00:00:11
OS Process Information
»
Information Value
PID 0x504
Parent PID 0xa44 (c:\windows\system32\msiexec.exe)
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x 89C
0x 6C4
0x 670
0x 8A4
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x00020fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x0012ffff Private Memory rw True False False -
pagefile_0x0000000000130000 0x00130000 0x00133fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000140000 0x00140000 0x00141fff Pagefile Backed Memory r True False False -
locale.nls 0x00150000 0x001b6fff Memory Mapped File r False False False -
private_0x00000000001c0000 0x001c0000 0x001c0fff Private Memory rw True False False -
pagefile_0x00000000001d0000 0x001d0000 0x001d0fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000001e0000 0x001e0000 0x001e1fff Pagefile Backed Memory r True False False -
private_0x00000000001f0000 0x001f0000 0x002effff Private Memory rw True False False -
private_0x00000000002f0000 0x002f0000 0x002f0fff Private Memory rw True False False -
pagefile_0x0000000000300000 0x00300000 0x00300fff Pagefile Backed Memory rw True False False -
private_0x0000000000310000 0x00310000 0x00310fff Private Memory rwx True False False -
pagefile_0x0000000000320000 0x00320000 0x00326fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000330000 0x00330000 0x00331fff Pagefile Backed Memory rw True False False -
private_0x0000000000340000 0x00340000 0x0034ffff Private Memory rw True False False -
pagefile_0x0000000000350000 0x00350000 0x00350fff Pagefile Backed Memory rw True False False -
comctl32.dll.mui 0x00360000 0x00362fff Memory Mapped File rw False False False -
private_0x0000000000370000 0x00370000 0x00370fff Private Memory rw True False False -
private_0x0000000000380000 0x00380000 0x0038ffff Private Memory rw True False False -
rpcss.dll 0x00390000 0x003ebfff Memory Mapped File r False False False -
private_0x0000000000390000 0x00390000 0x00390fff Private Memory rw True False False -
private_0x00000000003a0000 0x003a0000 0x003a0fff Private Memory rw True False False -
private_0x00000000003b0000 0x003b0000 0x003b0fff Private Memory rw True False False -
rutserv.exe 0x00400000 0x00e22fff Memory Mapped File rwx True True False
...
pagefile_0x0000000000e30000 0x00e30000 0x00ef7fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000f00000 0x00f00000 0x01000fff Pagefile Backed Memory r True False False -
pagefile_0x0000000001010000 0x01010000 0x01c0ffff Pagefile Backed Memory r True False False -
private_0x0000000001c10000 0x01c10000 0x01d4ffff Private Memory rw True False False -
private_0x0000000001d50000 0x01d50000 0x01d5ffff Private Memory rw True False False -
rutserv.exe 0x01d60000 0x026defff Memory Mapped File r True False False -
private_0x0000000001d60000 0x01d60000 0x01f0ffff Private Memory rw True False False -
pagefile_0x0000000001d60000 0x01d60000 0x01e3efff Pagefile Backed Memory r True False False -
private_0x0000000001e40000 0x01e40000 0x01ebffff Private Memory - True False False -
private_0x0000000001ed0000 0x01ed0000 0x01f0ffff Private Memory rw True False False -
private_0x0000000001f10000 0x01f10000 0x0200ffff Private Memory rw True False False -
sortdefault.nls 0x02010000 0x022defff Memory Mapped File r False False False -
private_0x00000000022e0000 0x022e0000 0x026dffff Private Memory - True False False -
private_0x00000000026e0000 0x026e0000 0x02adffff Private Memory - True False False -
private_0x0000000002ae0000 0x02ae0000 0x02b5ffff Private Memory - True False False -
private_0x0000000002b60000 0x02b60000 0x02f5ffff Private Memory - True False False -
private_0x0000000002f60000 0x02f60000 0x02fdffff Private Memory - True False False -
private_0x0000000002fe0000 0x02fe0000 0x033dffff Private Memory - True False False -
private_0x00000000033e0000 0x033e0000 0x0345ffff Private Memory - True False False -
pagefile_0x0000000003460000 0x03460000 0x03852fff Pagefile Backed Memory r True False False -
private_0x0000000003860000 0x03860000 0x0395ffff Private Memory rw True False False -
private_0x0000000003960000 0x03960000 0x03a5ffff Private Memory rw True False False -
private_0x0000000003a60000 0x03a60000 0x03b5ffff Private Memory rw True False False -
private_0x0000000003a60000 0x03a60000 0x03aeffff Private Memory rw True False False -
private_0x0000000003b20000 0x03b20000 0x03b5ffff Private Memory rw True False False -
staticcache.dat 0x03b60000 0x0448ffff Memory Mapped File r False False False -
private_0x0000000004490000 0x04490000 0x045cffff Private Memory rw True False False -
security.dll 0x6de20000 0x6de22fff Memory Mapped File rwx False False False -
winmm.dll 0x6e9f0000 0x6ea21fff Memory Mapped File rwx False False False -
webio.dll 0x6fcf0000 0x6fd3efff Memory Mapped File rwx False False False -
winhttp.dll 0x6fd40000 0x6fd97fff Memory Mapped File rwx False False False -
winspool.drv 0x70200000 0x70250fff Memory Mapped File rwx False False False -
olepro32.dll 0x71de0000 0x71df8fff Memory Mapped File rwx False False False -
faultrep.dll 0x71e00000 0x71e51fff Memory Mapped File rwx False False False -
wsock32.dll 0x71e60000 0x71e66fff Memory Mapped File rwx False False False -
shfolder.dll 0x71f00000 0x71f04fff Memory Mapped File rwx False False False -
msimg32.dll 0x71f50000 0x71f54fff Memory Mapped File rwx False False False -
ntmarta.dll 0x73c00000 0x73c20fff Memory Mapped File rwx False False False -
wkscli.dll 0x73c40000 0x73c4efff Memory Mapped File rwx False False False -
netutils.dll 0x73c50000 0x73c58fff Memory Mapped File rwx False False False -
netapi32.dll 0x73c60000 0x73c70fff Memory Mapped File rwx False False False -
wtsapi32.dll 0x73d60000 0x73d6cfff Memory Mapped File rwx False False False -
dwmapi.dll 0x73eb0000 0x73ec2fff Memory Mapped File rwx False False False -
gdiplus.dll 0x74050000 0x741dffff Memory Mapped File rwx False False False -
uxtheme.dll 0x741e0000 0x7421ffff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
version.dll 0x748d0000 0x748d8fff Memory Mapped File rwx False False False -
srvcli.dll 0x75220000 0x75238fff Memory Mapped File rwx False False False -
secur32.dll 0x75290000 0x75297fff Memory Mapped File rwx False False False -
sspicli.dll 0x752b0000 0x752cafff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
winsta.dll 0x75340000 0x75368fff Memory Mapped File rwx False False False -
msasn1.dll 0x753f0000 0x753fbfff Memory Mapped File rwx False False False -
crypt32.dll 0x75420000 0x7553cfff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
wintrust.dll 0x75650000 0x7567cfff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
wldap32.dll 0x75730000 0x75774fff Memory Mapped File rwx False False False -
nsi.dll 0x75810000 0x75815fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
wininet.dll 0x76650000 0x76744fff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
urlmon.dll 0x76e70000 0x76fa5fff Memory Mapped File rwx False False False -
iertutil.dll 0x76fb0000 0x771aafff Memory Mapped File rwx False False False -
comdlg32.dll 0x771b0000 0x7722afff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
ws2_32.dll 0x77380000 0x773b4fff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Hook Information
»
Type Installer Target Size Information Actions
Code rutserv.exe:+0xb0db6 kernel32.dll:CreateThread+0x1c 4 bytes -
...
IAT rutserv.exe:+0x7549e 1140. entry of shell32.dll 4 bytes kernel32.dll:QueueUserWorkItem+0x0 now points to rutserv.exe:__dbk_fcall_wrapper+0x9ed44
...
IAT rutserv.exe:+0x7549e 53. entry of shlwapi.dll 4 bytes kernel32.dll:QueueUserWorkItem+0x0 now points to rutserv.exe:__dbk_fcall_wrapper+0x9ed44
...
Host Behavior
File (63)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Program Files\Remote Utilities - Host\rutserv.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create Directory C:\Users\EEBsYm5\AppData\Local\Temp\ - False 1
Fn
Create Directory C:\Users\EEBsYm5\AppData\Local\Temp\rutserv.madExcept - True 1
Fn
Create Pipe Anonymous read pipe size = 0 True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\rutserv.madExcept\ type = file_attributes True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\rutserv.exe type = size True 1
Fn
Open Mapping madExceptRestart$504 desired_access = FILE_MAP_READ False 1
Fn
Open Mapping madExceptSettingsBuf2$504 desired_access = FILE_MAP_WRITE, FILE_MAP_READ False 1
Fn
Read - size = 144, size_out = 0 False 52
Fn
Delete Directory C:\Users\EEBsYm5\AppData\Local\Temp\rutserv.madExcept\ - True 1
Fn
Delete C:\Users\EEBsYm5\AppData\Local\Temp\rutserv.madExcept\. - False 1
Fn
Delete C:\Users\EEBsYm5\AppData\Local\Temp\rutserv.madExcept\.. - False 1
Fn
Registry (410)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Embarcadero\Locales - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales - False 2
Fn
Open Key HKEY_CURRENT_USER\Software\CodeGear\Locales - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\CodeGear\Locales - False 2
Fn
Open Key HKEY_CURRENT_USER\Software\Borland\Locales - False 2
Fn
Open Key HKEY_CURRENT_USER\Software\Borland\Delphi\Locales - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = InstallDate, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = InstallDate, data = 1496235695, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = ProductName, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = ProductName, data = Windows 7 Professional, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = ProductId, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = ProductId, data = 00371-223-0192682-86871, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography value_name = MachineGuid, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography value_name = MachineGuid, data = cdd36b99-6027-4bbf-bf10-e7f8b416e3fb, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Display, data = (UTC+04:30) Kabul, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Std, data = Afghanistan Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Dlt, data = Afghanistan Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Display, data = (UTC-09:00) Alaska, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Std, data = Alaskan Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Dlt, data = Alaskan Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST value_name = LastEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST value_name = 2006, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST value_name = 2007, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Display, data = (UTC+03:00) Kuwait, Riyadh, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Std, data = Arab Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Dlt, data = Arab Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Display, data = (UTC+04:00) Abu Dhabi, Muscat, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Std, data = Arabian Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Dlt, data = Arabian Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Display, data = (UTC+03:00) Baghdad, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Std, data = Arabic Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Dlt, data = Arabic Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = LastEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = 2006, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = 2007, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = 2008, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Display, data = (UTC-03:00) Buenos Aires, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Std, data = Argentina Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Dlt, data = Argentina Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = LastEntry, data = 2010, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = 2006, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = 2007, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = 2008, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = 2009, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = 2010, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Display, data = (UTC-04:00) Atlantic Time (Canada), type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Std, data = Atlantic Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Dlt, data = Atlantic Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST value_name = LastEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST value_name = 2006, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST value_name = 2007, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Display, data = (UTC+09:30) Darwin, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Std, data = AUS Central Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Dlt, data = AUS Central Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Display, data = (UTC+10:00) Canberra, Melbourne, Sydney, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Std, data = AUS Eastern Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Dlt, data = AUS Eastern Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST value_name = FirstEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST value_name = LastEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST value_name = 2007, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST value_name = 2008, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Display, data = (UTC+04:00) Baku, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Std, data = Azerbaijan Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Dlt, data = Azerbaijan Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Display, data = (UTC-01:00) Azores, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Std, data = Azores Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Dlt, data = Azores Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Display, data = (UTC+06:00) Dhaka, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Std, data = Bangladesh Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Dlt, data = Bangladesh Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = FirstEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = LastEntry, data = 2010, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = 2008, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = 2009, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = 2010, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Display, data = (UTC-06:00) Saskatchewan, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Std, data = Canada Central Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Dlt, data = Canada Central Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time value_name = Display, data = (UTC-01:00) Cape Verde Is., type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time value_name = Std, data = Cape Verde Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time value_name = Dlt, data = Cape Verde Daylight Time, type = REG_SZ True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 2
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time - True 1
Fn
Process (74)
»
Operation Process Additional Information Success Count Logfile
Get filename c:\windows\system32\smss.exe file_name = C:\Windows\System32\smss.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\csrss.exe file_name = C:\Windows\System32\csrss.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\wininit.exe file_name = C:\Windows\System32\wininit.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\csrss.exe file_name = C:\Windows\System32\csrss.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\winlogon.exe file_name = C:\Windows\System32\winlogon.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\services.exe file_name = C:\Windows\System32\services.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\lsass.exe file_name = C:\Windows\System32\lsass.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\lsm.exe file_name = C:\Windows\System32\lsm.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\svchost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\svchost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\svchost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\svchost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\svchost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\svchost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\svchost.exe, flags = PROCESS_NAME_WIN32 True 5
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\spoolsv.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\taskhost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\taskeng.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\dwm.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\explorer.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Microsoft Visual Studio 8\helped.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Windows Portable Devices\guestbook-jam-stages.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Microsoft Synchronization Services\watts_flights.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Windows Sidebar\question increasingly.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Mozilla Maintenance Service\briefing myth.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\DVD Maker\belowturkishcatch.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Adobe\ebay.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Windows Portable Devices\competingquantity.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\MSBuild\clients-confident-leasing.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Windows Mail\storage-ne-lips.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Microsoft Analysis Services\valued-seeds-belgium.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Microsoft Visual Studio 8\podcast_religion.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Java\cheat.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Microsoft Office\slovak.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Windows Journal\transition.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Windows Sidebar\similarly src timber.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\MSBuild\socket edinburgh.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Windows Mail\view.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Google\defense.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Microsoft Analysis Services\controls_experts.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\msiexec.exe, flags = PROCESS_NAME_WIN32 True 2
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\sppsvc.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\VSSVC.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\inst_fold\fp.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\inst_fold\armstart.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\wbem\WMIADAP.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\wbem\WmiPrvSE.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Remote Utilities - Host\rutserv.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Open System Idle Process desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Open System desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Open c:\windows\system32\smss.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\csrss.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\wininit.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\csrss.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\winlogon.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\services.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\lsass.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\lsm.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\svchost.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\svchost.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\svchost.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\svchost.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\svchost.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\audiodg.exe desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Open c:\windows\system32\svchost.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\svchost.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Thread (1)
»
Operation Process Additional Information Success Count Logfile
Open - os_tid = 0x6c4 True 1
Fn
Module (609)
»
Operation Module Additional Information Success Count Logfile
Load kernel32.dll base_address = 0x76910000 True 59
Fn
Load FaultRep.dll base_address = 0x71e00000 True 1
Fn
Load wtsapi32.dll base_address = 0x73d60000 True 1
Fn
Load uxtheme.dll base_address = 0x741e0000 True 2
Fn
Load olepro32.dll base_address = 0x71de0000 True 1
Fn
Load security.dll base_address = 0x6de20000 True 1
Fn
Load UxTheme.dll base_address = 0x741e0000 True 1
Fn
Load Shcore.dll base_address = 0x0 False 1
Fn
Load user32.dll base_address = 0x76b40000 True 1
Fn
Load gdiplus.dll base_address = 0x74050000 True 1
Fn
Load dwmapi.dll base_address = 0x73eb0000 True 1
Fn
Load ntdll.dll base_address = 0x77230000 True 1
Fn
Get Handle c:\program files\remote utilities - host\rutserv.exe base_address = 0x400000 True 5
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76910000 True 13
Fn
Get Handle c:\windows\system32\oleaut32.dll base_address = 0x76c10000 True 1
Fn
Get Handle c:\windows\system32\ntdll.dll base_address = 0x77230000 True 3
Fn
Get Handle c:\windows\system32\advapi32.dll base_address = 0x769f0000 True 2
Fn
Get Handle vcl320.bpl base_address = 0x0 False 1
Fn
Get Handle c:\windows\system32\user32.dll base_address = 0x76b40000 True 9
Fn
Get Handle c:\windows\system32\msvcrt.dll base_address = 0x76a90000 True 2
Fn
Get Handle c:\windows\system32\kernelbase.dll base_address = 0x75540000 True 1
Fn
Get Handle c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll base_address = 0x74360000 True 1
Fn
Get Filename c:\program files\remote utilities - host\rutserv.exe process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 522 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 261 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 True 1
Fn
Get Filename c:\program files\remote utilities - host\rutserv.exe process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 True 4
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 11
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 12
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winmm.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\webio.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winhttp.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winspool.drv, size = 260 True 2
Fn
Get Filename c:\windows\system32\faultrep.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\FaultRep.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wsock32.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHFolder.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ntmarta.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wkscli.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\netutils.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\netapi32.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\version.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\srvcli.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\MSASN1.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\CRYPT32.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\KERNELBASE.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wintrust.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\RPCRT4.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\WLDAP32.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\NSI.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHELL32.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\LPK.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wininet.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ole32.dll, size = 260 True 2
Fn
Get Filename c:\windows\system32\kernel32.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 260 True 4
Fn
Get Filename c:\windows\system32\advapi32.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ADVAPI32.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\msvcrt.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\USER32.dll, size = 260 True 2
Fn
Get Filename c:\windows\system32\oleaut32.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\OLEAUT32.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\MSCTF.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\USP10.dll, size = 260 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHLWAPI.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\urlmon.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 12
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 260 True 1
Fn
Get Filename c:\windows\system32\kernelbase.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\KERNELBASE.dll, size = 260 True 1
Fn
Get Filename c:\program files\remote utilities - host\rutserv.exe process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 256 True 1
Fn
Get Filename vcl320.bpl process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 261 True 1
Fn
Get Filename c:\windows\system32\kernel32.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 261 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetThreadPreferredUILanguages, address_out = 0x769522d7 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadPreferredUILanguages, address_out = 0x7694e627 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetThreadUILanguage, address_out = 0x7694ae42 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetNativeSystemInfo, address_out = 0x7694be77 True 2
Fn
Get Address c:\windows\system32\kernel32.dll function = GetDiskFreeSpaceExW, address_out = 0x7694de40 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetLogicalProcessorInformation, address_out = 0x76942004 True 2
Fn
Get Address c:\windows\system32\oleaut32.dll function = VariantChangeTypeEx, address_out = 0x76c14c28 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarNeg, address_out = 0x76c8c802 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarNot, address_out = 0x76c8ec66 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarAdd, address_out = 0x76c35934 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarSub, address_out = 0x76c8d332 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarMul, address_out = 0x76c8dbd4 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarDiv, address_out = 0x76c8e405 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarIdiv, address_out = 0x76c8f00a True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarMod, address_out = 0x76c8f15e True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarAnd, address_out = 0x76c35a98 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarOr, address_out = 0x76c8ecfa True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarXor, address_out = 0x76c8ee2e True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarCmp, address_out = 0x76c2b0dc True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarI4FromStr, address_out = 0x76c26fab True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarR4FromStr, address_out = 0x76c301a0 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarR8FromStr, address_out = 0x76c2699e True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarDateFromStr, address_out = 0x76c36ba7 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarCyFromStr, address_out = 0x76c56c12 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarBoolFromStr, address_out = 0x76c2dbd1 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarBstrFromCy, address_out = 0x76c37fdc True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarBstrFromDate, address_out = 0x76c27a2a True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarBstrFromBool, address_out = 0x76c30355 True 1
Fn
Get Address c:\program files\remote utilities - host\rutserv.exe function = GetLeakReport, address_out = 0x0 False 1
Fn
Get Address c:\program files\remote utilities - host\rutserv.exe function = @Madexcept@initialization$qqrv, address_out = 0x0 False 1
Fn
Get Address c:\windows\system32\faultrep.dll function = ReportFault, address_out = 0x71e05457 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = OpenThread, address_out = 0x76966733 True 1
Fn
Get Address c:\windows\system32\ntdll.dll function = NtOpenThread, address_out = 0x77275e08 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SetEntriesInAclA, address_out = 0x76a415e9 True 2
Fn
Get Address c:\windows\system32\ntdll.dll function = NtQuerySystemInformation, address_out = 0x772761f8 True 2
Fn
Get Address c:\windows\system32\ntdll.dll function = RtlGetVersion, address_out = 0x772965e3 True 1
Fn
Get Address Unknown module name address_out = 0x0 False 1
Fn
Get Address c:\windows\system32\user32.dll function = SetThreadDpiAwarenessContext, address_out = 0x0 False 1
Fn
Get Address c:\windows\system32\user32.dll function = ChangeWindowMessageFilterEx, address_out = 0x76b524c8 True 1
Fn
Get Address c:\windows\system32\msvcrt.dll function = _CxxThrowException, address_out = 0x76ab3557 True 2
Fn
Get Address c:\windows\system32\kernelbase.dll function = CreateRemoteThreadEx, address_out = 0x7554be34 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CreateThread, address_out = 0x7696375d True 1
Fn
Get Address c:\windows\system32\wtsapi32.dll function = WTSRegisterSessionNotification, address_out = 0x73d61cbc True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BufferedPaintInit, address_out = 0x741e940e True 2
Fn
Get Address c:\windows\system32\user32.dll function = AnimateWindow, address_out = 0x76b70620 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = InitializeFlatSB, address_out = 0x7443f803 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = UninitializeFlatSB, address_out = 0x7436d1ea True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_GetScrollProp, address_out = 0x7443f81f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_SetScrollProp, address_out = 0x743e07d0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_EnableScrollBar, address_out = 0x7443f84b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_ShowScrollBar, address_out = 0x7443f83a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_GetScrollRange, address_out = 0x7443f829 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_GetScrollInfo, address_out = 0x743e08b6 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_GetScrollPos, address_out = 0x7443f80e True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_SetScrollPos, address_out = 0x743e0894 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_SetScrollInfo, address_out = 0x743e08c7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_SetScrollRange, address_out = 0x743e08a5 True 1
Fn
Get Address c:\windows\system32\user32.dll function = SetLayeredWindowAttributes, address_out = 0x76b4a6dc True 1
Fn
Get Address c:\windows\system32\olepro32.dll function = OleCreatePropertyFrame, address_out = 0x71de20ea True 1
Fn
Get Address c:\windows\system32\olepro32.dll function = OleCreateFontIndirect, address_out = 0x71de20b7 True 1
Fn
Get Address c:\windows\system32\olepro32.dll function = OleCreatePictureIndirect, address_out = 0x71de20c8 True 1
Fn
Get Address c:\windows\system32\olepro32.dll function = OleLoadPicture, address_out = 0x71de20d9 True 1
Fn
Get Address c:\windows\system32\security.dll function = InitSecurityInterfaceW, address_out = 0x752b5b53 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = InitializeCriticalSection, address_out = 0x7728a149 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = OpenThemeData, address_out = 0x741e73d2 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = CloseThemeData, address_out = 0x741e6a18 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeBackground, address_out = 0x741e3982 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeText, address_out = 0x741e4ea1 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeBackgroundContentRect, address_out = 0x741ecd2e True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeBackgroundExtent, address_out = 0x741ef8bf True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemePartSize, address_out = 0x741ecdb1 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeTextExtent, address_out = 0x741e2d57 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeTextMetrics, address_out = 0x741ef992 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeBackgroundRegion, address_out = 0x741f165d True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = HitTestThemeBackground, address_out = 0x741f3ce3 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeEdge, address_out = 0x74203b52 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeIcon, address_out = 0x742135e7 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsThemePartDefined, address_out = 0x741e85b4 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsThemeBackgroundPartiallyTransparent, address_out = 0x741e60ab True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeColor, address_out = 0x741e616c True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeMetric, address_out = 0x741f06e2 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeString, address_out = 0x742122e4 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeBool, address_out = 0x741e7c1f True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeInt, address_out = 0x741e616c True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeEnumValue, address_out = 0x741e616c True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemePosition, address_out = 0x74212350 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeFont, address_out = 0x741eff21 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeRect, address_out = 0x741f3611 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeMargins, address_out = 0x741e86e9 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeIntList, address_out = 0x742123b1 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemePropertyOrigin, address_out = 0x74203fbb True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = SetWindowTheme, address_out = 0x741f0134 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeFilename, address_out = 0x74212412 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysColor, address_out = 0x74203274 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysColorBrush, address_out = 0x7421301e True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysBool, address_out = 0x74213172 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysSize, address_out = 0x7421320b True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysFont, address_out = 0x742129c4 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysString, address_out = 0x74212b3f True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysInt, address_out = 0x74212bd3 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsThemeActive, address_out = 0x741ef785 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsAppThemed, address_out = 0x741ef869 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetWindowTheme, address_out = 0x741edf46 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = EnableThemeDialogTexture, address_out = 0x741efcaf True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsThemeDialogTextureEnabled, address_out = 0x7421312b True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeAppProperties, address_out = 0x741f0fb1 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = SetThemeAppProperties, address_out = 0x74213296 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetCurrentThemeName, address_out = 0x741f05dd True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeDocumentationProperty, address_out = 0x74212932 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeParentBackground, address_out = 0x741e53e5 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = EnableTheming, address_out = 0x74212feb True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsWow64Process, address_out = 0x76954785 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = QueueUserWorkItem, address_out = 0x76953c22 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeTextEx, address_out = 0x741e63e6 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BeginBufferedPaint, address_out = 0x741e49a1 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BufferedPaintClear, address_out = 0x741e6395 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BufferedPaintSetAlpha, address_out = 0x741fe6b3 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BufferedPaintUnInit, address_out = 0x741e94ab True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = EndBufferedPaint, address_out = 0x741e3f9a True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BeginPanningFeedback, address_out = 0x74210731 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = UpdatePanningFeedback, address_out = 0x7421068d True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = EndPanningFeedback, address_out = 0x742106cc True 1
Fn
Get Address c:\windows\system32\user32.dll function = GetSystemMetricsForDpi, address_out = 0x0 False 1
Fn
Get Address c:\windows\system32\user32.dll function = GetGestureInfo, address_out = 0x76b8b30d True 1
Fn
Get Address c:\windows\system32\user32.dll function = CloseGestureInfoHandle, address_out = 0x76b8b38a True 1
Fn
Get Address c:\windows\system32\user32.dll function = SetGestureConfig, address_out = 0x76b44715 True 1
Fn
Get Address c:\windows\system32\user32.dll function = LogicalToPhysicalPoint, address_out = 0x76b76e4f True 1
Fn
Get Address c:\windows\system32\user32.dll function = PhysicalToLogicalPoint, address_out = 0x76b76e63 True 1
Fn
Get Address c:\windows\system32\user32.dll function = IsProcessDPIAware, address_out = 0x76b5212e True 1
Fn
Get Address c:\windows\system32\user32.dll function = WindowFromDC, address_out = 0x76b52116 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipAlloc, address_out = 0x74092437 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipFree, address_out = 0x740924b2 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdiplusStartup, address_out = 0x74075600 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdiplusShutdown, address_out = 0x740756be True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCloneBrush, address_out = 0x7407d7e8 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDeleteBrush, address_out = 0x7407d8c2 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetBrushType, address_out = 0x7407d95f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateSolidFill, address_out = 0x7409701b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetSolidFillColor, address_out = 0x7407dfe0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetSolidFillColor, address_out = 0x7407e083 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreatePathGradient, address_out = 0x7409682f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreatePathGradientI, address_out = 0x740968f1 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreatePathGradientFromPath, address_out = 0x74096a43 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientCenterColor, address_out = 0x7407f0ce True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientCenterColor, address_out = 0x7407f196 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientSurroundColorsWithCount, address_out = 0x7407f23a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientSurroundColorsWithCount, address_out = 0x7407f368 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientPath, address_out = 0x7407f524 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientPath, address_out = 0x7407f524 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientCenterPoint, address_out = 0x7407f567 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientCenterPointI, address_out = 0x7407f621 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientCenterPoint, address_out = 0x7407f6b5 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientCenterPointI, address_out = 0x7407f76f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientRect, address_out = 0x7407f94a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientRectI, address_out = 0x7407f9ff True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientPointCount, address_out = 0x7407f7dd True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientSurroundColorCount, address_out = 0x7407f890 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientGammaCorrection, address_out = 0x7407fab7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientGammaCorrection, address_out = 0x7407fb54 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientBlendCount, address_out = 0x7407e7f0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientBlend, address_out = 0x7407fc07 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientBlend, address_out = 0x7407e97a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientPresetBlendCount, address_out = 0x7407fcdb True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientPresetBlend, address_out = 0x7407fd95 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientPresetBlend, address_out = 0x7407ff41 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientSigmaBlend, address_out = 0x74080184 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientLinearBlend, address_out = 0x7407eeb7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientWrapMode, address_out = 0x7407f01b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientWrapMode, address_out = 0x74080236 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientTransform, address_out = 0x740802da True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientTransform, address_out = 0x7407dc34 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipResetPathGradientTransform, address_out = 0x7407dd3d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipMultiplyPathGradientTransform, address_out = 0x740803e3 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipTranslatePathGradientTransform, address_out = 0x740804fc True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipScalePathGradientTransform, address_out = 0x740805d5 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipRotatePathGradientTransform, address_out = 0x7407dde0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientFocusScales, address_out = 0x740806ae True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientFocusScales, address_out = 0x74080793 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrush, address_out = 0x7407e139 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrushI, address_out = 0x7407e22f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrushFromRect, address_out = 0x7407e2fe True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrushFromRectI, address_out = 0x7407e3ee True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrushFromRectWithAngle, address_out = 0x7407e4b6 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrushFromRectWithAngleI, address_out = 0x7407e5ad True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineRect, address_out = 0x7407f94a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineRectI, address_out = 0x7407f9ff True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineColors, address_out = 0x7407e67c True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineColors, address_out = 0x7407e731 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineGammaCorrection, address_out = 0x74075765 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineGammaCorrection, address_out = 0x740757be True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineBlendCount, address_out = 0x7407e7f0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineBlend, address_out = 0x7407e8a6 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineBlend, address_out = 0x7407e97a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLinePresetBlendCount, address_out = 0x7407fcdb True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLinePresetBlend, address_out = 0x7407ea4e True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLinePresetBlend, address_out = 0x7407ec63 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineSigmaBlend, address_out = 0x74080184 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineLinearBlend, address_out = 0x7407eeb7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineWrapMode, address_out = 0x7407ef69 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineWrapMode, address_out = 0x7407f01b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineTransform, address_out = 0x740802da True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineTransform, address_out = 0x7407dc34 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipResetLineTransform, address_out = 0x7407dd3d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipMultiplyLineTransform, address_out = 0x740803e3 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipTranslateLineTransform, address_out = 0x740804fc True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipScaleLineTransform, address_out = 0x740805d5 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipRotateLineTransform, address_out = 0x7407dde0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateHatchBrush, address_out = 0x74096266 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetHatchStyle, address_out = 0x7407da12 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetHatchForegroundColor, address_out = 0x7407dac8 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetHatchBackgroundColor, address_out = 0x7407db7e True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreatePen1, address_out = 0x7408083a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreatePen2, address_out = 0x7408096b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipClonePen, address_out = 0x74080abe True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDeletePen, address_out = 0x74080b95 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenFillType, address_out = 0x74082491 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenBrushFill, address_out = 0x740822c1 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenBrushFill, address_out = 0x740823cc True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenColor, address_out = 0x74082157 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenColor, address_out = 0x74082201 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenMode, address_out = 0x740819cc True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenMode, address_out = 0x74081a6f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenUnit, address_out = 0x74080d9b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenUnit, address_out = 0x74080e5a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenWidth, address_out = 0x74080c4d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenWidth, address_out = 0x74080ceb True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenDashStyle, address_out = 0x7408254e True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenDashStyle, address_out = 0x740825fe True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenLineCap197819, address_out = 0x74080f0a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenStartCap, address_out = 0x74080fb1 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenEndCap, address_out = 0x74081052 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenDashCap197819, address_out = 0x740810f3 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenStartCap, address_out = 0x74081194 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenEndCap, address_out = 0x74081244 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenDashCap197819, address_out = 0x740812f4 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenLineJoin, address_out = 0x740813ab True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenLineJoin, address_out = 0x74081449 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenCustomStartCap, address_out = 0x740814f9 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenCustomStartCap, address_out = 0x74081601 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenCustomEndCap, address_out = 0x740816b8 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenCustomEndCap, address_out = 0x740817c0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenMiterLimit, address_out = 0x74081877 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenMiterLimit, address_out = 0x7408191c True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenTransform, address_out = 0x74081b1f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenTransform, address_out = 0x74081c25 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipResetPenTransform, address_out = 0x74081d2b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipMultiplyPenTransform, address_out = 0x74081dcb True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipTranslatePenTransform, address_out = 0x74081ee1 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipScalePenTransform, address_out = 0x74081fb7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipRotatePenTransform, address_out = 0x7408208d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenDashOffset, address_out = 0x7408269f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenDashOffset, address_out = 0x7408274f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenDashCount, address_out = 0x740827ed True 1
Fn
Get Address c:\windows\system32\user32.dll function = EnableNonClientDpiScaling, address_out = 0x0 False 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmDefWindowProc, address_out = 0x73eb3df4 True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmEnableBlurBehindWindow, address_out = 0x73eb2945 True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmEnableComposition, address_out = 0x73eb720a True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmEnableMMCSS, address_out = 0x73eb37dd True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmExtendFrameIntoClientArea, address_out = 0x73eb3510 True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmGetColorizationColor, address_out = 0x73eb6f9a True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmGetWindowAttribute, address_out = 0x73eb1c76 True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmIsCompositionEnabled, address_out = 0x73eb1610 True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmSetWindowAttribute, address_out = 0x73eb16c0 True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmSetIconicThumbnail, address_out = 0x73eb85ea True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmSetIconicLivePreviewBitmap, address_out = 0x73eb88fd True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmInvalidateIconicBitmaps, address_out = 0x73eb3742 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetDynamicTimeZoneInformation, address_out = 0x76942565 True 1
Fn
Get Address c:\windows\system32\user32.dll function = DrawTextW, address_out = 0x76b55b6a True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 56
Fn
Create Mapping - filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 4 True 1
Fn
Create Mapping C:\Program Files\Remote Utilities - Host\rutserv.exe filename = C:\Program Files\Remote Utilities - Host\rutserv.exe, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Create Mapping - filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 20 True 1
Fn
Map - process_name = c:\program files\remote utilities - host\rutserv.exe, desired_access = FILE_MAP_ALL_ACCESS True 1
Fn
Map C:\Program Files\Remote Utilities - Host\rutserv.exe process_name = c:\program files\remote utilities - host\rutserv.exe, desired_access = FILE_MAP_READ True 1
Fn
Map - process_name = c:\program files\remote utilities - host\rutserv.exe, desired_access = FILE_MAP_ALL_ACCESS True 1
Fn
Service (1)
»
Operation Additional Information Success Count Logfile
Start - False 1
Fn
Window (13)
»
Operation Window Name Additional Information Success Count Logfile
Create - wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Create rutserv class_name = TApplication, wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3215343 True 1
Fn
Set Attribute rutserv class_name = TApplication, index = 18446744073709551612, new_long = 3215330 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3215304 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3215291 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3215278 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3215265 True 1
Fn
System (167)
»
Operation Additional Information Success Count Logfile
Get Computer Name result_out = CRH2YWU7 True 1
Fn
Get Computer Name result_out = cRh2YWu7, type = ComputerNameDnsFullyQualified True 2
Fn
Get Time type = Ticks, time = 255092 True 2
Fn
Get Time type = Ticks, time = 255186 True 11
Fn
Get Time type = Ticks, time = 255202 True 5
Fn
Get Time type = Ticks, time = 255217 True 1
Fn
Register Hook type = WH_CBT, hookproc_address = 0x65b278 True 1
Fn
Register Hook type = WH_CALLWNDPROC, hookproc_address = 0x9cdb7c True 1
Fn
Get Info type = Operating System True 129
Fn
Get Info type = Hardware Information True 4
Fn
Get Info type = Operating System True 5
Fn
Get Info type = SYSTEM_PROCESS_INFORMATION False 2
Fn
Get Info type = SYSTEM_PROCESS_INFORMATION True 2
Fn
Get Info type = Operating System False 1
Fn
Mutex (11)
»
Operation Additional Information Success Count Logfile
Create mutex_name = madExceptSettingsMtx$504 True 1
Fn
Create - True 1
Fn
Create - True 1
Fn
Create - True 1
Fn
Release mutex_name = madExceptSettingsMtx$504 True 1
Fn
Release - True 2
Fn
Release - True 4
Fn
Process #32: cmd.exe
81 0
»
Information Value
ID #32
File Name c:\windows\system32\cmd.exe
Command Line cmd /c C:\Users\EEBsYm5\AppData\Local\Temp\killself.bat
Initial Working Directory C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\
Monitor Start Time: 00:03:43, Reason: Child Process
Unmonitor End Time: 00:03:53, Reason: Terminated by Timeout
Monitor Duration 00:00:10
OS Process Information
»
Information Value
PID 0x894
Parent PID 0xf20 (c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 890
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000040000 0x00040000 0x00040fff Pagefile Backed Memory r True False False -
locale.nls 0x00050000 0x000b6fff Memory Mapped File r False False False -
private_0x00000000000c0000 0x000c0000 0x001bffff Private Memory rw True False False -
pagefile_0x00000000001c0000 0x001c0000 0x001c6fff Pagefile Backed Memory r True False False -
pagefile_0x00000000001d0000 0x001d0000 0x001d1fff Pagefile Backed Memory rw True False False -
private_0x00000000001e0000 0x001e0000 0x001e0fff Private Memory rw True False False -
private_0x00000000001f0000 0x001f0000 0x002effff Private Memory rw True False False -
private_0x00000000002f0000 0x002f0000 0x002f0fff Private Memory rw True False False -
private_0x0000000000300000 0x00300000 0x0030ffff Private Memory rw True False False -
private_0x0000000000330000 0x00330000 0x0033ffff Private Memory rw True False False -
pagefile_0x0000000000340000 0x00340000 0x00407fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000410000 0x00410000 0x00510fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000520000 0x00520000 0x0111ffff Pagefile Backed Memory r True False False -
pagefile_0x0000000001120000 0x01120000 0x01282fff Pagefile Backed Memory r True False False -
cmd.exe 0x49e70000 0x49ebbfff Memory Mapped File rwx True False False -
winbrand.dll 0x6de30000 0x6de36fff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Host Behavior
File (36)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Users\EEBsYm5\AppData\Local\Temp\killself.bat desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 2
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000 type = file_attributes True 2
Fn
Get Info STD_INPUT_HANDLE type = file_type True 1
Fn
Open STD_OUTPUT_HANDLE - True 3
Fn
Open STD_INPUT_HANDLE - True 2
Fn
Open STD_INPUT_HANDLE - True 15
Fn
Read STD_INPUT_HANDLE size = 8191, size_out = 422 True 1
Fn
Data
Read STD_INPUT_HANDLE size = 8191, size_out = 412 True 5
Fn
Data
Read STD_INPUT_HANDLE size = 8191, size_out = 343 True 5
Fn
Data
Registry (17)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Command Processor - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 56, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Module (12)
»
Operation Module Additional Information Success Count Logfile
Load ADVAPI32.dll base_address = 0x769f0000 True 1
Fn
Get Handle c:\windows\system32\cmd.exe base_address = 0x49e70000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76910000 True 2
Fn
Get Filename - process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x769624c2 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CopyFileExW, address_out = 0x7694ac6c True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsDebuggerPresent, address_out = 0x76953ea8 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetConsoleInputExeNameW, address_out = 0x76962732 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SaferIdentifyLevel, address_out = 0x76a12102 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SaferComputeTokenFromLevel, address_out = 0x76a13352 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SaferCloseLevel, address_out = 0x76a13825 True 1
Fn
System (2)
»
Operation Additional Information Success Count Logfile
Get Time type = System Time, time = 2018-08-28 10:30:00 (UTC) True 1
Fn
Get Time type = Ticks, time = 256496 True 1
Fn
Environment (12)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 4
Fn
Data
Get Environment String name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ True 1
Fn
Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 2
Fn
Get Environment String name = PROMPT False 1
Fn
Get Environment String name = COMSPEC, result_out = C:\Windows\system32\cmd.exe True 1
Fn
Get Environment String name = KEYS False 1
Fn
Set Environment String name = PROMPT, value = $P$G True 1
Fn
Set Environment String name = =C:, value = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000 True 1
Fn
Process #35: services.exe
0 0
»
Information Value
ID #35
File Name c:\windows\system32\services.exe
Command Line C:\Windows\system32\services.exe
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:44, Reason: Created Daemon
Unmonitor End Time: 00:03:53, Reason: Terminated by Timeout
Monitor Duration 00:00:09
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x1d8
Parent PID 0x178 (c:\windows\system32\wininit.exe)
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x CDC
0x 110
0x 550
0x 4A0
0x 288
0x 250
0x 22C
0x 220
0x 474
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x00026fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000040000 0x00040000 0x00040fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000050000 0x00050000 0x00051fff Pagefile Backed Memory rw True False False -
private_0x0000000000060000 0x00060000 0x00060fff Private Memory rw True False False -
private_0x0000000000070000 0x00070000 0x00070fff Private Memory rw True False False -
locale.nls 0x000d0000 0x00136fff Memory Mapped File r False False False -
pagefile_0x0000000000140000 0x00140000 0x00207fff Pagefile Backed Memory r True False False -
private_0x0000000000250000 0x00250000 0x0034ffff Private Memory rw True False False -
pagefile_0x0000000000350000 0x00350000 0x00450fff Pagefile Backed Memory r True False False -
private_0x00000000004a0000 0x004a0000 0x004a0fff Private Memory rw True False False -
private_0x00000000004b0000 0x004b0000 0x004bffff Private Memory rw True False False -
private_0x0000000000500000 0x00500000 0x00500fff Private Memory rw True False False -
services.exe 0x00520000 0x00560fff Memory Mapped File rwx False False False -
pagefile_0x0000000000570000 0x00570000 0x005effff Pagefile Backed Memory r True False False -
pagefile_0x00000000005f0000 0x005f0000 0x009e2fff Pagefile Backed Memory r True False False -
private_0x0000000000a00000 0x00a00000 0x00a3ffff Private Memory rw True False False -
private_0x0000000000a50000 0x00a50000 0x00a8ffff Private Memory rw True False False -
private_0x0000000000b30000 0x00b30000 0x00b6ffff Private Memory rw True False False -
private_0x0000000000b90000 0x00b90000 0x00bcffff Private Memory rw True False False -
private_0x0000000000c30000 0x00c30000 0x00c6ffff Private Memory rw True False False -
private_0x0000000000cb0000 0x00cb0000 0x00ceffff Private Memory rw True False False -
private_0x0000000000cf0000 0x00cf0000 0x00d2ffff Private Memory rw True False False -
private_0x0000000000d40000 0x00d40000 0x00d7ffff Private Memory rw True False False -
private_0x0000000000e30000 0x00e30000 0x00e6ffff Private Memory rw True False False -
private_0x0000000000fa0000 0x00fa0000 0x00fdffff Private Memory rw True False False -
private_0x0000000001050000 0x01050000 0x0114ffff Private Memory rw True False False -
sortdefault.nls 0x01150000 0x0141efff Memory Mapped File r False False False -
private_0x0000000001420000 0x01420000 0x0151ffff Private Memory rw True False False -
private_0x0000000001520000 0x01520000 0x0161ffff Private Memory rw True False False -
private_0x0000000001620000 0x01620000 0x0181ffff Private Memory rw True False False -
private_0x0000000001820000 0x01820000 0x01c1ffff Private Memory rw True False False -
wtsapi32.dll 0x73d60000 0x73d6cfff Memory Mapped File rwx False False False -
wshtcpip.dll 0x74960000 0x74964fff Memory Mapped File rwx False False False -
ubpm.dll 0x74af0000 0x74b1bfff Memory Mapped File rwx False False False -
credssp.dll 0x74b20000 0x74b27fff Memory Mapped File rwx False False False -
wship6.dll 0x74e00000 0x74e05fff Memory Mapped File rwx False False False -
mswsock.dll 0x74e10000 0x74e4bfff Memory Mapped File rwx False False False -
authz.dll 0x74fe0000 0x74ffafff Memory Mapped File rwx False False False -
srvcli.dll 0x75220000 0x75238fff Memory Mapped File rwx False False False -
scesrv.dll 0x75240000 0x7528dfff Memory Mapped File rwx False False False -
secur32.dll 0x75290000 0x75297fff Memory Mapped File rwx False False False -
scext.dll 0x752a0000 0x752aefff Memory Mapped File rwx False False False -
sspicli.dll 0x752b0000 0x752cafff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
winsta.dll 0x75340000 0x75368fff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x75370000 0x7537dfff Memory Mapped File rwx False False False -
profapi.dll 0x75380000 0x7538afff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
nsi.dll 0x75810000 0x75815fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
ws2_32.dll 0x77380000 0x773b4fff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
private_0x000000007ffac000 0x7ffac000 0x7ffacfff Private Memory rw True False False -
private_0x000000007ffae000 0x7ffae000 0x7ffaefff Private Memory rw True False False -
private_0x000000007ffaf000 0x7ffaf000 0x7ffaffff Private Memory rw True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffd3000 0x7ffd3000 0x7ffd3fff Private Memory rw True False False -
private_0x000000007ffd8000 0x7ffd8000 0x7ffd8fff Private Memory rw True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory rw True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Process #45: rutserv.exe
1407 0
»
Information Value
ID #45
File Name c:\program files\remote utilities - host\rutserv.exe
Command Line "C:\Program Files\Remote Utilities - Host\rutserv.exe"
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:44, Reason: Child Process
Unmonitor End Time: 00:03:53, Reason: Terminated by Timeout
Monitor Duration 00:00:09
OS Process Information
»
Information Value
PID 0x7ec
Parent PID 0x1d8 (c:\windows\system32\services.exe)
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x 8B8
0x 174
0x 508
0x 63C
0x 7AC
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x00020fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x0012ffff Private Memory rw True False False -
pagefile_0x0000000000130000 0x00130000 0x00133fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000140000 0x00140000 0x00141fff Pagefile Backed Memory r True False False -
locale.nls 0x00150000 0x001b6fff Memory Mapped File r False False False -
pagefile_0x00000000001c0000 0x001c0000 0x00287fff Pagefile Backed Memory r True False False -
private_0x0000000000290000 0x00290000 0x00290fff Private Memory rw True False False -
pagefile_0x00000000002a0000 0x002a0000 0x002a0fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000002b0000 0x002b0000 0x002b1fff Pagefile Backed Memory r True False False -
private_0x00000000002c0000 0x002c0000 0x002c0fff Private Memory rw True False False -
pagefile_0x00000000002d0000 0x002d0000 0x002d0fff Pagefile Backed Memory rw True False False -
private_0x00000000002e0000 0x002e0000 0x002e0fff Private Memory rwx True False False -
private_0x00000000002f0000 0x002f0000 0x003effff Private Memory rw True False False -
pagefile_0x00000000003f0000 0x003f0000 0x003f6fff Pagefile Backed Memory r True False False -
rutserv.exe 0x00400000 0x00e22fff Memory Mapped File rwx True True False
...
pagefile_0x0000000000e30000 0x00e30000 0x00f30fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000f40000 0x00f40000 0x00f41fff Pagefile Backed Memory rw True False False -
private_0x0000000000f50000 0x00f50000 0x00f5ffff Private Memory rw True False False -
private_0x0000000000f60000 0x00f60000 0x00f6ffff Private Memory rw True False False -
pagefile_0x0000000000f70000 0x00f70000 0x00feffff Pagefile Backed Memory r True False False -
private_0x0000000000ff0000 0x00ff0000 0x0106ffff Private Memory - True False False -
rpcss.dll 0x01070000 0x010cbfff Memory Mapped File r False False False -
pagefile_0x0000000001070000 0x01070000 0x01070fff Pagefile Backed Memory rw True False False -
comctl32.dll.mui 0x01080000 0x01082fff Memory Mapped File rw False False False -
private_0x0000000001090000 0x01090000 0x01090fff Private Memory rw True False False -
private_0x00000000010a0000 0x010a0000 0x010a0fff Private Memory rw True False False -
private_0x00000000010b0000 0x010b0000 0x010b0fff Private Memory rw True False False -
private_0x00000000010c0000 0x010c0000 0x010cffff Private Memory rw True False False -
pagefile_0x00000000010c0000 0x010c0000 0x010c8fff Pagefile Backed Memory rw True False False -
private_0x00000000010c0000 0x010c0000 0x010c0fff Private Memory rwx True False False -
pagefile_0x00000000010d0000 0x010d0000 0x010d8fff Pagefile Backed Memory rw True False False -
private_0x00000000010d0000 0x010d0000 0x010d0fff Private Memory rwx True False False -
private_0x00000000010e0000 0x010e0000 0x010effff Private Memory rw True False False -
private_0x00000000010f0000 0x010f0000 0x0122ffff Private Memory rw True False False -
rutserv.exe 0x01230000 0x01baefff Memory Mapped File r True True False
...
private_0x0000000001230000 0x01230000 0x0132ffff Private Memory rw True False False -
sortdefault.nls 0x01330000 0x015fefff Memory Mapped File r False False False -
private_0x0000000001600000 0x01600000 0x019fffff Private Memory - True False False -
private_0x0000000001a00000 0x01a00000 0x01dfffff Private Memory - True False False -
private_0x0000000001e00000 0x01e00000 0x01e7ffff Private Memory - True False False -
private_0x0000000001e80000 0x01e80000 0x0227ffff Private Memory - True False False -
private_0x0000000002280000 0x02280000 0x022fffff Private Memory - True False False -
private_0x0000000002300000 0x02300000 0x026fffff Private Memory - True False False -
private_0x0000000002700000 0x02700000 0x0277ffff Private Memory - True False False -
pagefile_0x0000000002780000 0x02780000 0x02b72fff Pagefile Backed Memory r True False False -
private_0x0000000002b80000 0x02b80000 0x02c7ffff Private Memory rw True False False -
private_0x0000000002c80000 0x02c80000 0x02d7ffff Private Memory rw True False False -
private_0x0000000002d80000 0x02d80000 0x02ebffff Private Memory rw True False False -
private_0x0000000002d80000 0x02d80000 0x02e1ffff Private Memory rw True False False -
private_0x0000000002e80000 0x02e80000 0x02ebffff Private Memory rw True False False -
private_0x0000000002ec0000 0x02ec0000 0x02ffffff Private Memory rw True False False -
private_0x0000000002ec0000 0x02ec0000 0x02fbffff Private Memory rw True False False -
private_0x0000000002ff0000 0x02ff0000 0x02ffffff Private Memory rw True False False -
private_0x0000000003000000 0x03000000 0x0313ffff Private Memory rw True False False -
private_0x0000000003140000 0x03140000 0x0323ffff Private Memory rw True False False -
private_0x0000000003240000 0x03240000 0x0333ffff Private Memory rw True False False -
security.dll 0x6de20000 0x6de22fff Memory Mapped File rwx False False False -
winmm.dll 0x6e9f0000 0x6ea21fff Memory Mapped File rwx False False False -
idndl.dll 0x6f030000 0x6f03afff Memory Mapped File rwx False False False -
webio.dll 0x6fcf0000 0x6fd3efff Memory Mapped File rwx False False False -
winhttp.dll 0x6fd40000 0x6fd97fff Memory Mapped File rwx False False False -
winspool.drv 0x70200000 0x70250fff Memory Mapped File rwx False False False -
olepro32.dll 0x71de0000 0x71df8fff Memory Mapped File rwx False False False -
faultrep.dll 0x71e00000 0x71e51fff Memory Mapped File rwx False False False -
wsock32.dll 0x71e60000 0x71e66fff Memory Mapped File rwx False False False -
shfolder.dll 0x71f00000 0x71f04fff Memory Mapped File rwx False False False -
msimg32.dll 0x71f50000 0x71f54fff Memory Mapped File rwx False False False -
fwpuclnt.dll 0x736b0000 0x736e7fff Memory Mapped File rwx False False False -
winnsi.dll 0x737c0000 0x737c6fff Memory Mapped File rwx False False False -
iphlpapi.dll 0x737d0000 0x737ebfff Memory Mapped File rwx False False False -
ntmarta.dll 0x73c00000 0x73c20fff Memory Mapped File rwx False False False -
wkscli.dll 0x73c40000 0x73c4efff Memory Mapped File rwx False False False -
netutils.dll 0x73c50000 0x73c58fff Memory Mapped File rwx False False False -
netapi32.dll 0x73c60000 0x73c70fff Memory Mapped File rwx False False False -
wtsapi32.dll 0x73d60000 0x73d6cfff Memory Mapped File rwx False False False -
dwmapi.dll 0x73eb0000 0x73ec2fff Memory Mapped File rwx False False False -
gdiplus.dll 0x74050000 0x741dffff Memory Mapped File rwx False False False -
uxtheme.dll 0x741e0000 0x7421ffff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
version.dll 0x748d0000 0x748d8fff Memory Mapped File rwx False False False -
srvcli.dll 0x75220000 0x75238fff Memory Mapped File rwx False False False -
secur32.dll 0x75290000 0x75297fff Memory Mapped File rwx False False False -
sspicli.dll 0x752b0000 0x752cafff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
winsta.dll 0x75340000 0x75368fff Memory Mapped File rwx False False False -
msasn1.dll 0x753f0000 0x753fbfff Memory Mapped File rwx False False False -
crypt32.dll 0x75420000 0x7553cfff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
wintrust.dll 0x75650000 0x7567cfff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
wldap32.dll 0x75730000 0x75774fff Memory Mapped File rwx False False False -
nsi.dll 0x75810000 0x75815fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
wininet.dll 0x76650000 0x76744fff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
urlmon.dll 0x76e70000 0x76fa5fff Memory Mapped File rwx False False False -
iertutil.dll 0x76fb0000 0x771aafff Memory Mapped File rwx False False False -
comdlg32.dll 0x771b0000 0x7722afff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
normaliz.dll 0x77370000 0x77372fff Memory Mapped File rwx False False False -
ws2_32.dll 0x77380000 0x773b4fff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
private_0x000000007ed60000 0x7ed60000 0x7f6effff Private Memory rw True False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory rw True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory rw True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Hook Information
»
Type Installer Target Size Information Actions
Code rutserv.exe:+0xb0db6 kernel32.dll:CreateThread+0x1c 4 bytes -
...
IAT rutserv.exe:+0x7549e 1140. entry of shell32.dll 4 bytes kernel32.dll:QueueUserWorkItem+0x0 now points to rutserv.exe:__dbk_fcall_wrapper+0x9ed44
...
IAT rutserv.exe:+0x7549e 53. entry of shlwapi.dll 4 bytes kernel32.dll:QueueUserWorkItem+0x0 now points to rutserv.exe:__dbk_fcall_wrapper+0x9ed44
...
Host Behavior
File (63)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Program Files\Remote Utilities - Host\rutserv.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Remote Utilities - Host\rutserv.exe desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create Directory C:\Windows\TEMP\ - False 1
Fn
Create Directory C:\Windows\TEMP\rutserv.madExcept - True 1
Fn
Create Pipe Anonymous read pipe size = 0 True 1
Fn
Get Info C:\Windows\TEMP\rutserv.madExcept\ type = file_attributes True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\rutserv.exe type = size True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Chinese Simplified.lg type = file_attributes True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Chinese Traditional.lg type = file_attributes True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Czech.lg type = file_attributes True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Danish.lg type = file_attributes True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Dutch.lg type = file_attributes True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\English.lg type = file_attributes True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\French.lg type = file_attributes True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\German.lg type = file_attributes True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Hebrew.lg type = file_attributes True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Italian.lg type = file_attributes True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Japanese.lg type = file_attributes True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Korean.lg type = file_attributes True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Norwegian.lg type = file_attributes True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Polish.lg type = file_attributes True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Portuguese, Brazilian.lg type = file_attributes True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Portuguese.lg type = file_attributes True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Spanish.lg type = file_attributes True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Swedish.lg type = file_attributes True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\Turkish.lg type = file_attributes True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\RIPCServer.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\RWLN.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\vp8decoder.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\vp8encoder.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\webmmux.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\webmvorbisdecoder.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Remote Utilities - Host\webmvorbisencoder.dll type = file_attributes True 1
Fn
Open Mapping madExceptRestart$7ec desired_access = FILE_MAP_READ False 1
Fn
Open Mapping madExceptSettingsBuf2$7ec desired_access = FILE_MAP_WRITE, FILE_MAP_READ False 1
Fn
Read - size = 144, size_out = 0 False 24
Fn
Read C:\Program Files\Remote Utilities - Host\rutserv.exe size = 9956368 False 1
Fn
Delete Directory C:\Windows\TEMP\rutserv.madExcept\ - True 1
Fn
Delete C:\Windows\TEMP\rutserv.madExcept\. - False 1
Fn
Delete C:\Windows\TEMP\rutserv.madExcept\.. - False 1
Fn
Registry (410)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Embarcadero\Locales - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales - False 2
Fn
Open Key HKEY_CURRENT_USER\Software\CodeGear\Locales - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\CodeGear\Locales - False 2
Fn
Open Key HKEY_CURRENT_USER\Software\Borland\Locales - False 2
Fn
Open Key HKEY_CURRENT_USER\Software\Borland\Delphi\Locales - False 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = InstallDate, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = InstallDate, data = 1496235695, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = ProductName, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = ProductName, data = Windows 7 Professional, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = ProductId, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = ProductId, data = 00371-223-0192682-86871, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography value_name = MachineGuid, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography value_name = MachineGuid, data = cdd36b99-6027-4bbf-bf10-e7f8b416e3fb, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Display, data = (UTC+04:30) Kabul, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Std, data = Afghanistan Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Dlt, data = Afghanistan Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Display, data = (UTC-09:00) Alaska, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Std, data = Alaskan Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Dlt, data = Alaskan Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST value_name = LastEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST value_name = 2006, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST value_name = 2007, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Display, data = (UTC+03:00) Kuwait, Riyadh, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Std, data = Arab Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Dlt, data = Arab Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Display, data = (UTC+04:00) Abu Dhabi, Muscat, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Std, data = Arabian Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Dlt, data = Arabian Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Display, data = (UTC+03:00) Baghdad, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Std, data = Arabic Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Dlt, data = Arabic Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = LastEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = 2006, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = 2007, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST value_name = 2008, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Display, data = (UTC-03:00) Buenos Aires, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Std, data = Argentina Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Dlt, data = Argentina Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = LastEntry, data = 2010, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = 2006, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = 2007, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = 2008, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = 2009, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST value_name = 2010, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Display, data = (UTC-04:00) Atlantic Time (Canada), type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Std, data = Atlantic Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Dlt, data = Atlantic Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST value_name = LastEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST value_name = 2006, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST value_name = 2007, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Display, data = (UTC+09:30) Darwin, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Std, data = AUS Central Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Dlt, data = AUS Central Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Display, data = (UTC+10:00) Canberra, Melbourne, Sydney, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Std, data = AUS Eastern Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Dlt, data = AUS Eastern Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST value_name = FirstEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST value_name = LastEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST value_name = 2007, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST value_name = 2008, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Display, data = (UTC+04:00) Baku, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Std, data = Azerbaijan Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Dlt, data = Azerbaijan Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Display, data = (UTC-01:00) Azores, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Std, data = Azores Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Dlt, data = Azores Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Display, data = (UTC+06:00) Dhaka, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Std, data = Bangladesh Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Dlt, data = Bangladesh Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = FirstEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = LastEntry, data = 2010, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = 2008, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = 2009, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST value_name = 2010, type = REG_BINARY True 2
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Display, data = (UTC-06:00) Saskatchewan, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Std, data = Canada Central Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Dlt, data = Canada Central Daylight Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = MapID, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = Index, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time value_name = TZI, type = REG_BINARY True 3
Fn
Data
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time value_name = Display, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time value_name = Display, data = (UTC-01:00) Cape Verde Is., type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time value_name = Std, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time value_name = Std, data = Cape Verde Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time value_name = Dlt, data = Cape Verde Daylight Time, type = REG_SZ True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones - True 2
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time - True 1
Fn
Process (78)
»
Operation Process Additional Information Success Count Logfile
Get filename c:\windows\system32\smss.exe file_name = C:\Windows\System32\smss.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\csrss.exe file_name = C:\Windows\System32\csrss.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\wininit.exe file_name = C:\Windows\System32\wininit.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\csrss.exe file_name = C:\Windows\System32\csrss.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\winlogon.exe file_name = C:\Windows\System32\winlogon.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\services.exe file_name = C:\Windows\System32\services.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\lsass.exe file_name = C:\Windows\System32\lsass.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\lsm.exe file_name = C:\Windows\System32\lsm.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\svchost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\svchost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\svchost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\svchost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\svchost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\svchost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\svchost.exe, flags = PROCESS_NAME_WIN32 True 5
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\spoolsv.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\taskhost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\taskeng.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\dwm.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\explorer.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Microsoft Visual Studio 8\helped.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Windows Portable Devices\guestbook-jam-stages.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Microsoft Synchronization Services\watts_flights.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Windows Sidebar\question increasingly.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Mozilla Maintenance Service\briefing myth.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\DVD Maker\belowturkishcatch.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Adobe\ebay.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Windows Portable Devices\competingquantity.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\MSBuild\clients-confident-leasing.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Windows Mail\storage-ne-lips.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Microsoft Analysis Services\valued-seeds-belgium.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Microsoft Visual Studio 8\podcast_religion.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Java\cheat.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Microsoft Office\slovak.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Windows Journal\transition.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Windows Sidebar\similarly src timber.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\MSBuild\socket edinburgh.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Windows Mail\view.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Google\defense.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Microsoft Analysis Services\controls_experts.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\msiexec.exe, flags = PROCESS_NAME_WIN32 True 2
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\sppsvc.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\VSSVC.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\wbem\WmiPrvSE.exe, flags = PROCESS_NAME_WIN32 True 2
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\inst_fold\fp.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\inst_fold\armstart.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\wbem\WMIADAP.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Program Files\Remote Utilities - Host\rutserv.exe, flags = PROCESS_NAME_WIN32 True 2
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\cmd.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Get filename c:\windows\system32\svchost.exe file_name = C:\Windows\System32\conhost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Open System Idle Process desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Open System desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Open c:\windows\system32\smss.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\csrss.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\wininit.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\csrss.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\winlogon.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\services.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\lsass.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\lsm.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\svchost.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\svchost.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\svchost.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\svchost.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\svchost.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\audiodg.exe desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Open c:\windows\system32\svchost.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Open c:\windows\system32\svchost.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Thread (1)
»
Operation Process Additional Information Success Count Logfile
Open - os_tid = 0x174 True 1
Fn
Module (619)
»
Operation Module Additional Information Success Count Logfile
Load kernel32.dll base_address = 0x76910000 True 63
Fn
Load FaultRep.dll base_address = 0x71e00000 True 1
Fn
Load wtsapi32.dll base_address = 0x73d60000 True 1
Fn
Load uxtheme.dll base_address = 0x741e0000 True 2
Fn
Load olepro32.dll base_address = 0x71de0000 True 1
Fn
Load security.dll base_address = 0x6de20000 True 1
Fn
Load UxTheme.dll base_address = 0x741e0000 True 1
Fn
Load Shcore.dll base_address = 0x0 False 1
Fn
Load user32.dll base_address = 0x76b40000 True 1
Fn
Load gdiplus.dll base_address = 0x74050000 True 1
Fn
Load dwmapi.dll base_address = 0x73eb0000 True 1
Fn
Load ntdll.dll base_address = 0x77230000 True 2
Fn
Load Fwpuclnt.dll base_address = 0x736b0000 True 1
Fn
Load IdnDL.dll base_address = 0x6f030000 True 1
Fn
Load Normaliz.dll base_address = 0x77370000 True 1
Fn
Load iphlpapi.dll base_address = 0x737d0000 True 1
Fn
Get Handle c:\program files\remote utilities - host\rutserv.exe base_address = 0x400000 True 4
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76910000 True 14
Fn
Get Handle c:\windows\system32\oleaut32.dll base_address = 0x76c10000 True 1
Fn
Get Handle c:\windows\system32\ntdll.dll base_address = 0x77230000 True 3
Fn
Get Handle c:\windows\system32\advapi32.dll base_address = 0x769f0000 True 4
Fn
Get Handle vcl320.bpl base_address = 0x0 False 1
Fn
Get Handle c:\windows\system32\user32.dll base_address = 0x76b40000 True 9
Fn
Get Handle c:\windows\system32\msvcrt.dll base_address = 0x76a90000 True 2
Fn
Get Handle c:\windows\system32\kernelbase.dll base_address = 0x75540000 True 1
Fn
Get Handle c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll base_address = 0x74360000 True 1
Fn
Get Filename c:\program files\remote utilities - host\rutserv.exe process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 522 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 261 True 2
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 True 1
Fn
Get Filename c:\program files\remote utilities - host\rutserv.exe process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 True 4
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 12
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 5
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winmm.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\webio.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winhttp.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winspool.drv, size = 260 True 1
Fn
Get Filename c:\windows\system32\faultrep.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\FaultRep.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wsock32.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHFolder.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ntmarta.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wkscli.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\netutils.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\netapi32.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\version.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\srvcli.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\MSASN1.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\CRYPT32.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\KERNELBASE.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wintrust.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\RPCRT4.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\WLDAP32.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\NSI.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHELL32.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\LPK.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wininet.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ole32.dll, size = 260 True 1
Fn
Get Filename c:\windows\system32\kernel32.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 260 True 3
Fn
Get Filename c:\windows\system32\advapi32.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ADVAPI32.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\msvcrt.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\USER32.dll, size = 260 True 1
Fn
Get Filename c:\windows\system32\oleaut32.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\OLEAUT32.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\MSCTF.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\USP10.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHLWAPI.dll, size = 260 True 1
Fn
Get Filename - process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\urlmon.dll, size = 260 True 1
Fn
Get Filename c:\windows\system32\kernelbase.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\KERNELBASE.dll, size = 260 True 1
Fn
Get Filename c:\program files\remote utilities - host\rutserv.exe process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 256 True 1
Fn
Get Filename vcl320.bpl process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 261 True 1
Fn
Get Filename c:\windows\system32\kernel32.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 261 True 1
Fn
Get Filename Shcore.dll process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 261 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetThreadPreferredUILanguages, address_out = 0x769522d7 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadPreferredUILanguages, address_out = 0x7694e627 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetThreadUILanguage, address_out = 0x7694ae42 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetNativeSystemInfo, address_out = 0x7694be77 True 2
Fn
Get Address c:\windows\system32\kernel32.dll function = GetDiskFreeSpaceExW, address_out = 0x7694de40 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetLogicalProcessorInformation, address_out = 0x76942004 True 2
Fn
Get Address c:\windows\system32\oleaut32.dll function = VariantChangeTypeEx, address_out = 0x76c14c28 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarNeg, address_out = 0x76c8c802 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarNot, address_out = 0x76c8ec66 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarAdd, address_out = 0x76c35934 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarSub, address_out = 0x76c8d332 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarMul, address_out = 0x76c8dbd4 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarDiv, address_out = 0x76c8e405 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarIdiv, address_out = 0x76c8f00a True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarMod, address_out = 0x76c8f15e True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarAnd, address_out = 0x76c35a98 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarOr, address_out = 0x76c8ecfa True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarXor, address_out = 0x76c8ee2e True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarCmp, address_out = 0x76c2b0dc True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarI4FromStr, address_out = 0x76c26fab True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarR4FromStr, address_out = 0x76c301a0 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarR8FromStr, address_out = 0x76c2699e True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarDateFromStr, address_out = 0x76c36ba7 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarCyFromStr, address_out = 0x76c56c12 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarBoolFromStr, address_out = 0x76c2dbd1 True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarBstrFromCy, address_out = 0x76c37fdc True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarBstrFromDate, address_out = 0x76c27a2a True 1
Fn
Get Address c:\windows\system32\oleaut32.dll function = VarBstrFromBool, address_out = 0x76c30355 True 1
Fn
Get Address c:\program files\remote utilities - host\rutserv.exe function = GetLeakReport, address_out = 0x0 False 1
Fn
Get Address c:\program files\remote utilities - host\rutserv.exe function = @Madexcept@initialization$qqrv, address_out = 0x0 False 1
Fn
Get Address c:\windows\system32\faultrep.dll function = ReportFault, address_out = 0x71e05457 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = OpenThread, address_out = 0x76966733 True 1
Fn
Get Address c:\windows\system32\ntdll.dll function = NtOpenThread, address_out = 0x77275e08 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SetEntriesInAclA, address_out = 0x76a415e9 True 4
Fn
Get Address c:\windows\system32\ntdll.dll function = NtQuerySystemInformation, address_out = 0x772761f8 True 2
Fn
Get Address c:\windows\system32\ntdll.dll function = RtlGetVersion, address_out = 0x772965e3 True 1
Fn
Get Address Unknown module name address_out = 0x0 False 1
Fn
Get Address c:\windows\system32\user32.dll function = SetThreadDpiAwarenessContext, address_out = 0x0 False 1
Fn
Get Address c:\windows\system32\user32.dll function = ChangeWindowMessageFilterEx, address_out = 0x76b524c8 True 1
Fn
Get Address c:\windows\system32\msvcrt.dll function = _CxxThrowException, address_out = 0x76ab3557 True 2
Fn
Get Address c:\windows\system32\kernelbase.dll function = CreateRemoteThreadEx, address_out = 0x7554be34 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CreateThread, address_out = 0x7696375d True 1
Fn
Get Address c:\windows\system32\wtsapi32.dll function = WTSRegisterSessionNotification, address_out = 0x73d61cbc True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BufferedPaintInit, address_out = 0x741e940e True 2
Fn
Get Address c:\windows\system32\user32.dll function = AnimateWindow, address_out = 0x76b70620 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = InitializeFlatSB, address_out = 0x7443f803 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = UninitializeFlatSB, address_out = 0x7436d1ea True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_GetScrollProp, address_out = 0x7443f81f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_SetScrollProp, address_out = 0x743e07d0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_EnableScrollBar, address_out = 0x7443f84b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_ShowScrollBar, address_out = 0x7443f83a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_GetScrollRange, address_out = 0x7443f829 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_GetScrollInfo, address_out = 0x743e08b6 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_GetScrollPos, address_out = 0x7443f80e True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_SetScrollPos, address_out = 0x743e0894 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_SetScrollInfo, address_out = 0x743e08c7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = FlatSB_SetScrollRange, address_out = 0x743e08a5 True 1
Fn
Get Address c:\windows\system32\user32.dll function = SetLayeredWindowAttributes, address_out = 0x76b4a6dc True 1
Fn
Get Address c:\windows\system32\olepro32.dll function = OleCreatePropertyFrame, address_out = 0x71de20ea True 1
Fn
Get Address c:\windows\system32\olepro32.dll function = OleCreateFontIndirect, address_out = 0x71de20b7 True 1
Fn
Get Address c:\windows\system32\olepro32.dll function = OleCreatePictureIndirect, address_out = 0x71de20c8 True 1
Fn
Get Address c:\windows\system32\olepro32.dll function = OleLoadPicture, address_out = 0x71de20d9 True 1
Fn
Get Address c:\windows\system32\security.dll function = InitSecurityInterfaceW, address_out = 0x752b5b53 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = InitializeCriticalSection, address_out = 0x7728a149 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = OpenThemeData, address_out = 0x741e73d2 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = CloseThemeData, address_out = 0x741e6a18 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeBackground, address_out = 0x741e3982 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeText, address_out = 0x741e4ea1 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeBackgroundContentRect, address_out = 0x741ecd2e True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeBackgroundExtent, address_out = 0x741ef8bf True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemePartSize, address_out = 0x741ecdb1 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeTextExtent, address_out = 0x741e2d57 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeTextMetrics, address_out = 0x741ef992 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeBackgroundRegion, address_out = 0x741f165d True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = HitTestThemeBackground, address_out = 0x741f3ce3 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeEdge, address_out = 0x74203b52 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeIcon, address_out = 0x742135e7 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsThemePartDefined, address_out = 0x741e85b4 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsThemeBackgroundPartiallyTransparent, address_out = 0x741e60ab True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeColor, address_out = 0x741e616c True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeMetric, address_out = 0x741f06e2 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeString, address_out = 0x742122e4 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeBool, address_out = 0x741e7c1f True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeInt, address_out = 0x741e616c True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeEnumValue, address_out = 0x741e616c True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemePosition, address_out = 0x74212350 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeFont, address_out = 0x741eff21 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeRect, address_out = 0x741f3611 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeMargins, address_out = 0x741e86e9 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeIntList, address_out = 0x742123b1 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemePropertyOrigin, address_out = 0x74203fbb True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = SetWindowTheme, address_out = 0x741f0134 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeFilename, address_out = 0x74212412 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysColor, address_out = 0x74203274 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysColorBrush, address_out = 0x7421301e True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysBool, address_out = 0x74213172 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysSize, address_out = 0x7421320b True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysFont, address_out = 0x742129c4 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysString, address_out = 0x74212b3f True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysInt, address_out = 0x74212bd3 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsThemeActive, address_out = 0x741ef785 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsAppThemed, address_out = 0x741ef869 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetWindowTheme, address_out = 0x741edf46 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = EnableThemeDialogTexture, address_out = 0x741efcaf True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsThemeDialogTextureEnabled, address_out = 0x7421312b True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeAppProperties, address_out = 0x741f0fb1 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = SetThemeAppProperties, address_out = 0x74213296 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetCurrentThemeName, address_out = 0x741f05dd True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeDocumentationProperty, address_out = 0x74212932 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeParentBackground, address_out = 0x741e53e5 True 2
Fn
Get Address c:\windows\system32\uxtheme.dll function = EnableTheming, address_out = 0x74212feb True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsWow64Process, address_out = 0x76954785 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = QueueUserWorkItem, address_out = 0x76953c22 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeTextEx, address_out = 0x741e63e6 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BeginBufferedPaint, address_out = 0x741e49a1 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BufferedPaintClear, address_out = 0x741e6395 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BufferedPaintSetAlpha, address_out = 0x741fe6b3 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BufferedPaintUnInit, address_out = 0x741e94ab True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = EndBufferedPaint, address_out = 0x741e3f9a True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = BeginPanningFeedback, address_out = 0x74210731 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = UpdatePanningFeedback, address_out = 0x7421068d True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = EndPanningFeedback, address_out = 0x742106cc True 1
Fn
Get Address c:\windows\system32\user32.dll function = GetSystemMetricsForDpi, address_out = 0x0 False 1
Fn
Get Address c:\windows\system32\user32.dll function = GetGestureInfo, address_out = 0x76b8b30d True 1
Fn
Get Address c:\windows\system32\user32.dll function = CloseGestureInfoHandle, address_out = 0x76b8b38a True 1
Fn
Get Address c:\windows\system32\user32.dll function = SetGestureConfig, address_out = 0x76b44715 True 1
Fn
Get Address c:\windows\system32\user32.dll function = LogicalToPhysicalPoint, address_out = 0x76b76e4f True 1
Fn
Get Address c:\windows\system32\user32.dll function = PhysicalToLogicalPoint, address_out = 0x76b76e63 True 1
Fn
Get Address c:\windows\system32\user32.dll function = IsProcessDPIAware, address_out = 0x76b5212e True 1
Fn
Get Address c:\windows\system32\user32.dll function = WindowFromDC, address_out = 0x76b52116 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipAlloc, address_out = 0x74092437 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipFree, address_out = 0x740924b2 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdiplusStartup, address_out = 0x74075600 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdiplusShutdown, address_out = 0x740756be True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCloneBrush, address_out = 0x7407d7e8 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDeleteBrush, address_out = 0x7407d8c2 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetBrushType, address_out = 0x7407d95f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateSolidFill, address_out = 0x7409701b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetSolidFillColor, address_out = 0x7407dfe0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetSolidFillColor, address_out = 0x7407e083 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreatePathGradient, address_out = 0x7409682f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreatePathGradientI, address_out = 0x740968f1 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreatePathGradientFromPath, address_out = 0x74096a43 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientCenterColor, address_out = 0x7407f0ce True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientCenterColor, address_out = 0x7407f196 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientSurroundColorsWithCount, address_out = 0x7407f23a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientSurroundColorsWithCount, address_out = 0x7407f368 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientPath, address_out = 0x7407f524 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientPath, address_out = 0x7407f524 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientCenterPoint, address_out = 0x7407f567 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientCenterPointI, address_out = 0x7407f621 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientCenterPoint, address_out = 0x7407f6b5 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientCenterPointI, address_out = 0x7407f76f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientRect, address_out = 0x7407f94a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientRectI, address_out = 0x7407f9ff True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientPointCount, address_out = 0x7407f7dd True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientSurroundColorCount, address_out = 0x7407f890 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientGammaCorrection, address_out = 0x7407fab7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientGammaCorrection, address_out = 0x7407fb54 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientBlendCount, address_out = 0x7407e7f0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientBlend, address_out = 0x7407fc07 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientBlend, address_out = 0x7407e97a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientPresetBlendCount, address_out = 0x7407fcdb True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientPresetBlend, address_out = 0x7407fd95 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientPresetBlend, address_out = 0x7407ff41 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientSigmaBlend, address_out = 0x74080184 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientLinearBlend, address_out = 0x7407eeb7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientWrapMode, address_out = 0x7407f01b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientWrapMode, address_out = 0x74080236 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientTransform, address_out = 0x740802da True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientTransform, address_out = 0x7407dc34 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipResetPathGradientTransform, address_out = 0x7407dd3d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipMultiplyPathGradientTransform, address_out = 0x740803e3 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipTranslatePathGradientTransform, address_out = 0x740804fc True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipScalePathGradientTransform, address_out = 0x740805d5 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipRotatePathGradientTransform, address_out = 0x7407dde0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPathGradientFocusScales, address_out = 0x740806ae True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPathGradientFocusScales, address_out = 0x74080793 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrush, address_out = 0x7407e139 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrushI, address_out = 0x7407e22f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrushFromRect, address_out = 0x7407e2fe True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrushFromRectI, address_out = 0x7407e3ee True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrushFromRectWithAngle, address_out = 0x7407e4b6 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateLineBrushFromRectWithAngleI, address_out = 0x7407e5ad True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineRect, address_out = 0x7407f94a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineRectI, address_out = 0x7407f9ff True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineColors, address_out = 0x7407e67c True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineColors, address_out = 0x7407e731 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineGammaCorrection, address_out = 0x74075765 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineGammaCorrection, address_out = 0x740757be True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineBlendCount, address_out = 0x7407e7f0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineBlend, address_out = 0x7407e8a6 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineBlend, address_out = 0x7407e97a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLinePresetBlendCount, address_out = 0x7407fcdb True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLinePresetBlend, address_out = 0x7407ea4e True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLinePresetBlend, address_out = 0x7407ec63 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineSigmaBlend, address_out = 0x74080184 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineLinearBlend, address_out = 0x7407eeb7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineWrapMode, address_out = 0x7407ef69 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineWrapMode, address_out = 0x7407f01b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetLineTransform, address_out = 0x740802da True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetLineTransform, address_out = 0x7407dc34 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipResetLineTransform, address_out = 0x7407dd3d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipMultiplyLineTransform, address_out = 0x740803e3 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipTranslateLineTransform, address_out = 0x740804fc True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipScaleLineTransform, address_out = 0x740805d5 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipRotateLineTransform, address_out = 0x7407dde0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateHatchBrush, address_out = 0x74096266 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetHatchStyle, address_out = 0x7407da12 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetHatchForegroundColor, address_out = 0x7407dac8 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetHatchBackgroundColor, address_out = 0x7407db7e True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreatePen1, address_out = 0x7408083a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreatePen2, address_out = 0x7408096b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipClonePen, address_out = 0x74080abe True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDeletePen, address_out = 0x74080b95 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenFillType, address_out = 0x74082491 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenBrushFill, address_out = 0x740822c1 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenBrushFill, address_out = 0x740823cc True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenColor, address_out = 0x74082157 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenColor, address_out = 0x74082201 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenMode, address_out = 0x740819cc True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenMode, address_out = 0x74081a6f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenUnit, address_out = 0x74080d9b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenUnit, address_out = 0x74080e5a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenWidth, address_out = 0x74080c4d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenWidth, address_out = 0x74080ceb True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenDashStyle, address_out = 0x7408254e True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenDashStyle, address_out = 0x740825fe True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenLineCap197819, address_out = 0x74080f0a True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenStartCap, address_out = 0x74080fb1 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenEndCap, address_out = 0x74081052 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenDashCap197819, address_out = 0x740810f3 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenStartCap, address_out = 0x74081194 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenEndCap, address_out = 0x74081244 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenDashCap197819, address_out = 0x740812f4 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenLineJoin, address_out = 0x740813ab True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenLineJoin, address_out = 0x74081449 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenCustomStartCap, address_out = 0x740814f9 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenCustomStartCap, address_out = 0x74081601 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenCustomEndCap, address_out = 0x740816b8 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenCustomEndCap, address_out = 0x740817c0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenMiterLimit, address_out = 0x74081877 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenMiterLimit, address_out = 0x7408191c True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenTransform, address_out = 0x74081b1f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenTransform, address_out = 0x74081c25 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipResetPenTransform, address_out = 0x74081d2b True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipMultiplyPenTransform, address_out = 0x74081dcb True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipTranslatePenTransform, address_out = 0x74081ee1 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipScalePenTransform, address_out = 0x74081fb7 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipRotatePenTransform, address_out = 0x7408208d True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenDashOffset, address_out = 0x7408269f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSetPenDashOffset, address_out = 0x7408274f True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetPenDashCount, address_out = 0x740827ed True 1
Fn
Get Address c:\windows\system32\user32.dll function = EnableNonClientDpiScaling, address_out = 0x0 False 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmDefWindowProc, address_out = 0x73eb3df4 True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmEnableBlurBehindWindow, address_out = 0x73eb2945 True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmEnableComposition, address_out = 0x73eb720a True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmEnableMMCSS, address_out = 0x73eb37dd True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmExtendFrameIntoClientArea, address_out = 0x73eb3510 True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmGetColorizationColor, address_out = 0x73eb6f9a True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmGetWindowAttribute, address_out = 0x73eb1c76 True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmIsCompositionEnabled, address_out = 0x73eb1610 True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmSetWindowAttribute, address_out = 0x73eb16c0 True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmSetIconicThumbnail, address_out = 0x73eb85ea True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmSetIconicLivePreviewBitmap, address_out = 0x73eb88fd True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmInvalidateIconicBitmaps, address_out = 0x73eb3742 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetDynamicTimeZoneInformation, address_out = 0x76942565 True 1
Fn
Get Address c:\windows\system32\user32.dll function = DrawTextW, address_out = 0x76b55b6a True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 60
Fn
Get Address c:\windows\system32\kernel32.dll function = CreateToolhelp32Snapshot, address_out = 0x7694f731 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = Heap32ListFirst, address_out = 0x769a02e7 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = Heap32ListNext, address_out = 0x769a0391 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = Heap32First, address_out = 0x769a0429 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = Heap32Next, address_out = 0x769a0614 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = Toolhelp32ReadProcessMemory, address_out = 0x769a0819 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = Process32First, address_out = 0x7697443d True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = Process32Next, address_out = 0x76974505 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = Process32FirstW, address_out = 0x7694fa35 True 2
Fn
Get Address c:\windows\system32\kernel32.dll function = Process32NextW, address_out = 0x7694faca True 2
Fn
Get Address c:\windows\system32\kernel32.dll function = Thread32First, address_out = 0x76977e4c True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = Thread32Next, address_out = 0x76977edc True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = Module32First, address_out = 0x769a0859 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = Module32Next, address_out = 0x769a0942 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = Module32FirstW, address_out = 0x7694c59e True 2
Fn
Get Address c:\windows\system32\kernel32.dll function = Module32NextW, address_out = 0x7694c11f True 2
Fn
Get Address c:\windows\system32\user32.dll function = SetProcessDPIAware, address_out = 0x76b5e95c True 1
Fn
Get Address c:\windows\system32\ws2_32.dll function = GetAddrInfoW, address_out = 0x77384889 True 1
Fn
Get Address c:\windows\system32\ws2_32.dll function = GetNameInfoW, address_out = 0x773866af True 1
Fn
Get Address c:\windows\system32\ws2_32.dll function = FreeAddrInfoW, address_out = 0x77384b1b True 1
Fn
Get Address c:\windows\system32\ws2_32.dll function = InetPtonW, address_out = 0x773939dc True 1
Fn
Get Address c:\windows\system32\ws2_32.dll function = InetNtopW, address_out = 0x77393abf True 1
Fn
Get Address c:\windows\system32\ws2_32.dll function = GetAddrInfoExW, address_out = 0x7738d1ea True 1
Fn
Get Address c:\windows\system32\ws2_32.dll function = SetAddrInfoExW, address_out = 0x7738f4f6 True 1
Fn
Get Address c:\windows\system32\ws2_32.dll function = FreeAddrInfoExW, address_out = 0x7738e14d True 1
Fn
Get Address c:\windows\system32\fwpuclnt.dll function = WSASetSocketSecurity, address_out = 0x736cba9a True 1
Fn
Get Address c:\windows\system32\fwpuclnt.dll function = WSAQuerySocketSecurity, address_out = 0x736cbaed True 1
Fn
Get Address c:\windows\system32\fwpuclnt.dll function = WSASetSocketPeerTargetName, address_out = 0x736cbb1e True 1
Fn
Get Address c:\windows\system32\fwpuclnt.dll function = WSADeleteSocketPeerTargetName, address_out = 0x736cbb4e True 1
Fn
Get Address c:\windows\system32\fwpuclnt.dll function = WSAImpersonateSocketPeer, address_out = 0x736cbb7e True 1
Fn
Get Address c:\windows\system32\fwpuclnt.dll function = WSARevertImpersonation, address_out = 0x736cbcfd True 1
Fn
Get Address c:\windows\system32\idndl.dll function = DownlevelGetLocaleScripts, address_out = 0x6f032a5b True 1
Fn
Get Address c:\windows\system32\idndl.dll function = DownlevelGetStringScripts, address_out = 0x6f032b2f True 1
Fn
Get Address c:\windows\system32\idndl.dll function = DownlevelVerifyScripts, address_out = 0x6f032dad True 1
Fn
Get Address c:\windows\system32\normaliz.dll function = IdnToUnicode, address_out = 0x769af707 True 1
Fn
Get Address c:\windows\system32\normaliz.dll function = IdnToNameprepUnicode, address_out = 0x769af6b4 True 1
Fn
Get Address c:\windows\system32\normaliz.dll function = IdnToAscii, address_out = 0x76948bb8 True 1
Fn
Get Address c:\windows\system32\normaliz.dll function = IsNormalizedString, address_out = 0x769af662 True 1
Fn
Get Address c:\windows\system32\normaliz.dll function = NormalizeString, address_out = 0x769af5ea True 1
Fn
Get Address c:\windows\system32\ntdll.dll function = wine_get_version, address_out = 0x0 False 1
Fn
Create Mapping - filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 4 True 1
Fn
Create Mapping C:\Program Files\Remote Utilities - Host\rutserv.exe filename = C:\Program Files\Remote Utilities - Host\rutserv.exe, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Create Mapping - filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 20 True 1
Fn
Map - process_name = c:\program files\remote utilities - host\rutserv.exe, desired_access = FILE_MAP_ALL_ACCESS True 1
Fn
Map C:\Program Files\Remote Utilities - Host\rutserv.exe process_name = c:\program files\remote utilities - host\rutserv.exe, desired_access = FILE_MAP_READ True 1
Fn
Map - process_name = c:\program files\remote utilities - host\rutserv.exe, desired_access = FILE_MAP_ALL_ACCESS True 1
Fn
Service (2)
»
Operation Additional Information Success Count Logfile
Get Info - False 1
Fn
Get Info - True 1
Fn
Window (16)
»
Operation Window Name Additional Information Success Count Logfile
Create - wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Create rutserv class_name = TApplication, wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Create - class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3018735 True 1
Fn
Set Attribute rutserv class_name = TApplication, index = 18446744073709551612, new_long = 3018722 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3018696 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3018683 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3018670 True 1
Fn
Set Attribute - class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3018657 True 1
Fn
Set Attribute rutserv class_name = TApplication, index = 18446744073709551596, new_long = 384 True 1
Fn
Set Attribute - index = 18446744073709551596, new_long = 327936 True 1
Fn
Set Attribute rutserv class_name = TApplication, index = 18446744073709551596, new_long = 134218112 True 1
Fn
System (116)
»
Operation Additional Information Success Count Logfile
Get Computer Name result_out = CRH2YWU7 True 1
Fn
Get Computer Name result_out = cRh2YWu7, type = ComputerNameDnsFullyQualified True 2
Fn
Get Time type = Ticks, time = 260428 True 3
Fn
Get Time type = Ticks, time = 260786 True 6
Fn
Get Time type = Ticks, time = 260802 True 10
Fn
Get Time type = Ticks, time = 261754 True 1
Fn
Register Hook type = WH_CBT, hookproc_address = 0x65b278 True 1
Fn
Register Hook type = WH_CALLWNDPROC, hookproc_address = 0x9cdb7c True 1
Fn
Get Info type = Operating System True 77
Fn
Get Info type = Hardware Information True 4
Fn
Get Info type = Operating System True 5
Fn
Get Info type = SYSTEM_PROCESS_INFORMATION False 2
Fn
Get Info type = SYSTEM_PROCESS_INFORMATION True 2
Fn
Get Info type = Operating System False 1
Fn
Mutex (13)
»
Operation Additional Information Success Count Logfile
Create mutex_name = madExceptSettingsMtx$7ec True 1
Fn
Create - True 1
Fn
Create - True 1
Fn
Create - True 1
Fn
Create mutex_name = HookTThread$7ec True 1
Fn
Create mutex_name = HookTThread$7ec True 1
Fn
Release mutex_name = madExceptSettingsMtx$7ec True 1
Fn
Release - True 2
Fn
Release - True 4
Fn
Process #46: explorer.exe
0 0
»
Information Value
ID #46
File Name c:\windows\explorer.exe
Command Line C:\Windows\Explorer.EXE
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:49, Reason: Injection
Unmonitor End Time: 00:03:53, Reason: Terminated by Timeout
Monitor Duration 00:00:04
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x5ac
Parent PID 0xffffffffffffffff (Unknown)
Is Created or Modified Executable False
Integrity Level Medium
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x 170
0x 8C8
0x 51C
0x 7A0
0x 71C
0x 734
0x 6F8
0x 6B8
0x 6B0
0x 6A8
0x 674
0x 418
0x 72C
0x 6F8
0x 6CC
0x 6C8
0x 6C0
0x 6AC
0x 6A4
0x 67C
0x 604
0x 5F8
0x 5E8
0x 5BC
0x 5B0
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x00021fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000040000 0x00040000 0x00041fff Pagefile Backed Memory r True False False -
locale.nls 0x00050000 0x000b6fff Memory Mapped File r False False False -
pagefile_0x00000000000c0000 0x000c0000 0x000c6fff Pagefile Backed Memory r True False False -
pagefile_0x00000000000d0000 0x000d0000 0x000d1fff Pagefile Backed Memory rw True False False -
private_0x00000000000e0000 0x000e0000 0x000e0fff Private Memory rw True False False -
private_0x00000000000f0000 0x000f0000 0x000f0fff Private Memory rw True False False -
private_0x0000000000100000 0x00100000 0x0011ffff Private Memory rw True False False -
private_0x0000000000120000 0x00120000 0x0015ffff Private Memory rw True False False -
pagefile_0x0000000000160000 0x00160000 0x00160fff Pagefile Backed Memory rw True False False -
private_0x0000000000170000 0x00170000 0x001affff Private Memory rw True False False -
pagefile_0x00000000001b0000 0x001b0000 0x00277fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000280000 0x00280000 0x00281fff Pagefile Backed Memory r True False False -
private_0x0000000000290000 0x00290000 0x00290fff Private Memory rw True False False -
pagefile_0x00000000002a0000 0x002a0000 0x002a1fff Pagefile Backed Memory r True False False -
private_0x00000000002b0000 0x002b0000 0x002d6fff Private Memory rw True False False -
private_0x00000000002e0000 0x002e0000 0x003dffff Private Memory rw True False False -
pagefile_0x00000000003e0000 0x003e0000 0x004e0fff Pagefile Backed Memory r True False False -
private_0x00000000004f0000 0x004f0000 0x00529fff Private Memory rw True False False -
pagefile_0x0000000000530000 0x00530000 0x00530fff Pagefile Backed Memory r True False False -
private_0x0000000000540000 0x00540000 0x00599fff Private Memory rw True False False -
private_0x00000000005a0000 0x005a0000 0x005affff Private Memory rw True False False -
pagefile_0x00000000005b0000 0x005b0000 0x009a2fff Pagefile Backed Memory r True False False -
pagefile_0x00000000009b0000 0x009b0000 0x009b0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000009c0000 0x009c0000 0x009c2fff Pagefile Backed Memory r True False False -
private_0x00000000009d0000 0x009d0000 0x009d3fff Private Memory rw True False False -
private_0x00000000009e0000 0x009e0000 0x009f7fff Private Memory rw True False False -
explorer.exe 0x00a00000 0x00c80fff Memory Mapped File rwx False False False -
pagefile_0x0000000000c90000 0x00c90000 0x0188ffff Pagefile Backed Memory r True False False -
private_0x0000000001890000 0x01890000 0x0198ffff Private Memory rw True False False -
private_0x0000000001990000 0x01990000 0x01a1ffff Private Memory rw True False False -
private_0x0000000001a20000 0x01a20000 0x01a2ffff Private Memory rw True False False -
private_0x0000000001a30000 0x01a30000 0x01a30fff Private Memory rw True False False -
private_0x0000000001a40000 0x01a40000 0x01a4ffff Private Memory - True False False -
private_0x0000000001a50000 0x01a50000 0x01a5ffff Private Memory rw True False False -
private_0x0000000001a60000 0x01a60000 0x01a9ffff Private Memory rw True False False -
pagefile_0x0000000001aa0000 0x01aa0000 0x01b7efff Pagefile Backed Memory r True False False -
sortdefault.nls 0x01b80000 0x01e4efff Memory Mapped File r False False False -
pagefile_0x0000000001e50000 0x01e50000 0x01e51fff Pagefile Backed Memory r True False False -
pagefile_0x0000000001e60000 0x01e60000 0x01e61fff Pagefile Backed Memory r True False False -
private_0x0000000001e70000 0x01e70000 0x01e70fff Private Memory rw True False False -
private_0x0000000001e80000 0x01e80000 0x01eaffff Private Memory rw True False False -
private_0x0000000001eb0000 0x01eb0000 0x01eb2fff Private Memory rw True False False -
private_0x0000000001ec0000 0x01ec0000 0x01efffff Private Memory rw True False False -
comctl32.dll.mui 0x01f40000 0x01f42fff Memory Mapped File rw False False False -
private_0x0000000001f50000 0x01f50000 0x01f5ffff Private Memory rw True False False -
private_0x0000000001f60000 0x01f60000 0x01f6ffff Private Memory rw True False False -
private_0x0000000001f70000 0x01f70000 0x01f7ffff Private Memory rw True False False -
private_0x0000000001f80000 0x01f80000 0x01f8ffff Private Memory rw True False False -
private_0x0000000001f90000 0x01f90000 0x01f9ffff Private Memory rw True False False -
private_0x0000000001fa0000 0x01fa0000 0x01faffff Private Memory rw True False False -
private_0x0000000001fb0000 0x01fb0000 0x01fbffff Private Memory rw True False False -
private_0x0000000001fc0000 0x01fc0000 0x01fcffff Private Memory rw True False False -
private_0x0000000001fd0000 0x01fd0000 0x01fdffff Private Memory rw True False False -
private_0x0000000001fe0000 0x01fe0000 0x01feffff Private Memory rw True False False -
pagefile_0x0000000001ff0000 0x01ff0000 0x01ff1fff Pagefile Backed Memory r True False False -
private_0x0000000002000000 0x02000000 0x0207ffff Private Memory rw True False False -
private_0x0000000002080000 0x02080000 0x0208ffff Private Memory rw True False False -
private_0x0000000002090000 0x02090000 0x02090fff Private Memory rw True False False -
private_0x00000000020a0000 0x020a0000 0x020a0fff Private Memory rw True False False -
private_0x00000000020b0000 0x020b0000 0x020b0fff Private Memory rw True False False -
private_0x00000000020c0000 0x020c0000 0x020c3fff Private Memory rw True False False -
private_0x00000000020d0000 0x020d0000 0x020d7fff Private Memory rw True False False -
private_0x0000000002100000 0x02100000 0x02108fff Private Memory rw True False False -
private_0x0000000002110000 0x02110000 0x02110fff Private Memory rw True False False -
private_0x0000000002120000 0x02120000 0x0212ffff Private Memory rw True False False -
private_0x0000000002140000 0x02140000 0x0217ffff Private Memory rw True False False -
netshell.dll.mui 0x02240000 0x02250fff Memory Mapped File rw False False False -
pagefile_0x0000000002290000 0x02290000 0x02291fff Pagefile Backed Memory r True False False -
pagefile_0x00000000022a0000 0x022a0000 0x022a0fff Pagefile Backed Memory rw True False False -
index.dat 0x022c0000 0x022ebfff Memory Mapped File rw True False False -
index.dat 0x022f0000 0x022f7fff Memory Mapped File rw True False False -
index.dat 0x02300000 0x0230ffff Memory Mapped File rw True False False -
urlmon.dll.mui 0x02310000 0x02317fff Memory Mapped File rw False False False -
pagefile_0x0000000002320000 0x02320000 0x02320fff Pagefile Backed Memory rw True False False -
private_0x0000000002330000 0x02330000 0x02355fff Private Memory rw True False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001a.db 0x02360000 0x0237efff Memory Mapped File r True False False -
pagefile_0x0000000002380000 0x02380000 0x02380fff Pagefile Backed Memory rw True False False -
cversions.2.db 0x02390000 0x02393fff Memory Mapped File r True False False -
{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db 0x023a0000 0x023cffff Memory Mapped File r True False False -
cversions.2.db 0x023d0000 0x023d3fff Memory Mapped File r True False False -
pagefile_0x00000000023e0000 0x023e0000 0x023e1fff Pagefile Backed Memory r True False False -
pagefile_0x00000000023f0000 0x023f0000 0x023f1fff Pagefile Backed Memory r True False False -
private_0x0000000002400000 0x02400000 0x02400fff Private Memory rw True False False -
private_0x0000000002410000 0x02410000 0x02413fff Private Memory rw True False False -
private_0x0000000002420000 0x02420000 0x0245ffff Private Memory rw True False False -
private_0x0000000002460000 0x02460000 0x0249ffff Private Memory rw True False False -
private_0x00000000024a0000 0x024a0000 0x024a3fff Private Memory rw True False False -
pagefile_0x00000000024b0000 0x024b0000 0x024b1fff Pagefile Backed Memory r True False False -
private_0x00000000024c0000 0x024c0000 0x024fffff Private Memory rw True False False -
private_0x0000000002500000 0x02500000 0x02500fff Private Memory rw True False False -
private_0x0000000002510000 0x02510000 0x02510fff Private Memory rw True False False -
private_0x0000000002520000 0x02520000 0x02520fff Private Memory rw True False False -
private_0x0000000002530000 0x02530000 0x02530fff Private Memory rw True False False -
private_0x0000000002540000 0x02540000 0x0257ffff Private Memory rw True False False -
staticcache.dat 0x02580000 0x02eaffff Memory Mapped File r False False False -
pagefile_0x0000000002eb0000 0x02eb0000 0x02eb0fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000002ec0000 0x02ec0000 0x02ec1fff Pagefile Backed Memory r True False False -
cversions.2.db 0x02ed0000 0x02ed3fff Memory Mapped File r True False False -
pagefile_0x0000000002ee0000 0x02ee0000 0x02ee1fff Pagefile Backed Memory r True False False -
{0b09c990-dfff-4f54-a0f7-84dceb6a5b2b}.2.ver0x0000000000000001.db 0x02ef0000 0x02ef0fff Memory Mapped File r True False False -
cversions.2.db 0x02f00000 0x02f03fff Memory Mapped File r True False False -
private_0x0000000002f10000 0x02f10000 0x02f10fff Private Memory rw True False False -
{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db 0x02f20000 0x02f85fff Memory Mapped File r True False False -
private_0x0000000002f90000 0x02f90000 0x0308ffff Private Memory rw True False False -
pagefile_0x0000000003090000 0x03090000 0x03091fff Pagefile Backed Memory r True False False -
cversions.2.db 0x030a0000 0x030a3fff Memory Mapped File r True False False -
private_0x00000000030b0000 0x030b0000 0x030b0fff Private Memory rwx True False False -
pagefile_0x00000000030c0000 0x030c0000 0x030c1fff Pagefile Backed Memory r True False False -
pagefile_0x00000000030d0000 0x030d0000 0x030d1fff Pagefile Backed Memory r True False False -
pagefile_0x00000000030e0000 0x030e0000 0x030e1fff Pagefile Backed Memory r True False False -
private_0x00000000030f0000 0x030f0000 0x030f0fff Private Memory rw True False False -
private_0x0000000003100000 0x03100000 0x03100fff Private Memory rw True False False -
private_0x0000000003110000 0x03110000 0x0314ffff Private Memory rw True False False -
private_0x0000000003150000 0x03150000 0x03150fff Private Memory rw True False False -
{e09a7d78-232a-4473-ac51-d6dfbb0b032a}.2.ver0x0000000000000002.db 0x03190000 0x03190fff Memory Mapped File r True False False -
index.dat 0x031a0000 0x031affff Memory Mapped File rw True False False -
pagefile_0x00000000031b0000 0x031b0000 0x031b1fff Pagefile Backed Memory r True False False -
actioncenter.dll.mui 0x031c0000 0x031c4fff Memory Mapped File rw False False False -
private_0x00000000031d0000 0x031d0000 0x031d1fff Private Memory rwx True False False -
cversions.2.db 0x031e0000 0x031e3fff Memory Mapped File r True False False -
{7a77eb19-3f1f-481b-a465-50389a60f663}.2.ver0x0000000000000001.db 0x031f0000 0x031f0fff Memory Mapped File r True False False -
private_0x0000000003230000 0x03230000 0x0326ffff Private Memory rw True False False -
private_0x0000000003270000 0x03270000 0x032affff Private Memory rw True False False -
private_0x00000000032b0000 0x032b0000 0x032b0fff Private Memory rw True False False -
private_0x00000000032c0000 0x032c0000 0x032c0fff Private Memory rw True False False -
private_0x00000000032d0000 0x032d0000 0x032d0fff Private Memory rw True False False -
private_0x00000000032e0000 0x032e0000 0x032e0fff Private Memory rw True False False -
private_0x00000000032f0000 0x032f0000 0x032f0fff Private Memory rw True False False -
pagefile_0x0000000003310000 0x03310000 0x03310fff Pagefile Backed Memory r True False False -
wdmaud.drv.mui 0x03320000 0x03320fff Memory Mapped File rw False False False -
private_0x0000000003390000 0x03390000 0x03390fff Private Memory rw True False False -
private_0x00000000033a0000 0x033a0000 0x033a0fff Private Memory rw True False False -
pagefile_0x00000000033b0000 0x033b0000 0x033b1fff Pagefile Backed Memory r True False False -
oleaccrc.dll 0x033c0000 0x033c0fff Memory Mapped File r False False False -
private_0x00000000033d0000 0x033d0000 0x034cffff Private Memory rw True False False -
private_0x00000000034d0000 0x034d0000 0x0350ffff Private Memory rw True False False -
private_0x0000000003510000 0x03510000 0x0354ffff Private Memory rw True False False -
pagefile_0x00000000035a0000 0x035a0000 0x035a1fff Pagefile Backed Memory r True False False -
private_0x00000000035c0000 0x035c0000 0x035fffff Private Memory rwx True False False -
private_0x0000000003600000 0x03600000 0x03647fff Private Memory rw True False False -
pagefile_0x0000000003650000 0x03650000 0x03651fff Pagefile Backed Memory r True False False -
private_0x0000000003680000 0x03680000 0x03680fff Private Memory rw True False False -
mmdevapi.dll.mui 0x03690000 0x03690fff Memory Mapped File rw False False False -
private_0x00000000036a0000 0x036a0000 0x036a1fff Private Memory rw True False False -
pagefile_0x00000000036b0000 0x036b0000 0x036b0fff Pagefile Backed Memory r True False False -
private_0x00000000036c0000 0x036c0000 0x036fffff Private Memory rw True False False -
pagefile_0x0000000003710000 0x03710000 0x03710fff Pagefile Backed Memory rw True False False -
For performance reasons, the remaining 218 entries are omitted.
The remaining entries can be found in flog.txt.
Injection Information
»
Injection Type Source Process Source Os Thread ID Information Success Count Logfile
Modify Control Flow #45: c:\program files\remote utilities - host\rutserv.exe 0x8b8 os_tid = 0x5f8 True 1
Fn
Modify Control Flow #45: c:\program files\remote utilities - host\rutserv.exe 0x8b8 os_tid = 0x5f8 True 1
Fn
Modify Control Flow #45: c:\program files\remote utilities - host\rutserv.exe 0x8b8 os_tid = 0x5f8 True 1
Fn
Process #47: taskeng.exe
0 0
»
Information Value
ID #47
File Name c:\windows\system32\taskeng.exe
Command Line taskeng.exe {7737867F-ACDD-43AC-B745-B8B549957EED} S-1-5-21-3785418085-2572485238-895829336-1000:CRH2YWU7\EEBsYm5:Interactive:Highest[1]
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:49, Reason: Injection
Unmonitor End Time: 00:03:53, Reason: Terminated by Timeout
Monitor Duration 00:00:04
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x58c
Parent PID 0x358 (Unknown)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 944
0x 6D0
0x 5A0
0x 594
0x 590
Injection Information
»
Injection Type Source Process Source Os Thread ID Information Success Count Logfile
Modify Control Flow #45: c:\program files\remote utilities - host\rutserv.exe 0x8b8 os_tid = 0x590 True 1
Fn
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image