e93cf7c4...3775 | Sequential Behavior
Logo
Try VMRay Analyzer
VTI SCORE: 93/100
Dynamic Analysis Report
Classification: Dropper, Rootkit, Spyware, Downloader

e93cf7c4f464ff015bda21fed805744beaf2d631ccd7cc81eb8a434a5bc73775 (SHA256)

adobereader_dcupd_en_cra_install.exe

Windows Exe (x86-32)

Created at 2018-08-28 10:26:00

...

Notifications (2/3)

Some extracted files may be missing in the report since the total file extraction size limit was reached during the analysis. You can increase the limit in the configuration settings.

The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.

Code overwrite was observed during this analysis. Note that the analysis results may be affected by this modification by the sample.

Grouped Sequential

Monitored Processes

Process Graph

Process Graph Legend
Process Overview
»
ID PID Monitor Reason Integrity Level Image Name Command Line Origin ID
#1 0xa04 Analysis Target High (Elevated) adobereader_dcupd_en_cra_install.exe "C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe" -
#2 0xa44 RPC Server System (Elevated) msiexec.exe C:\Windows\system32\msiexec.exe /V #1
#3 0xa6c Child Process High (Elevated) msiexec.exe C:\Windows\system32\MsiExec.exe -Embedding 184DC0E98E8691C9B1AAA08C2752D03C C #2
#5 0xbc0 Child Process High (Elevated) adobereader_dcupd_en_cra_install.exe "C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe" /i "C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi" CHAINERUIPROCESSID="2564Chainer" EXECUTEACTION="INSTALL" SECONDSEQUENCE="1" CLIENTPROCESSID="2564" ADDLOCAL="MainFeature,RequiredApplication" ACTION="INSTALL" CLIENTUILEVEL="0" PRIMARYFOLDER="APPDIR" ROOTDRIVE="C:\" AI_PREREQFILES="C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe" AI_PREREQDIRS="C:\Users\EEBsYm5\AppData\Roaming\Adobe" EXE_CMD_LINE="/exenoupdates /exelang 0 /noprereqs " AI_SETUPEXEPATH="C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe" SETUPEXEDIR="C:\Users\EEBsYm5\Desktop\" TARGETDIR="C:\" APPDIR="C:\Program Files\Adobe\Adobe Reader\" #1
#10 0xd78 Child Process High (Elevated) msiexec.exe C:\Windows\system32\MsiExec.exe -Embedding DF038523499942DC9F17A1C1DC9158CF #2
#11 0xdf0 Child Process High (Elevated) setup.exe "C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe" #3
#12 0xe08 Child Process High (Elevated) cmd.exe cmd /c ""C:\inst_fold\waitbefore.bat" " #11
#19 0xea8 Child Process High (Elevated) 7zaa.exe "C:\inst_fold\7zaa.exe" x -oC:\inst_fold -pdsiSDJJiojeflOSIOwp3#DSIJ23jeewE@_SDD_as2 C:\inst_fold\arm.7z #11
#20 0xee8 Child Process High (Elevated) fp.exe "C:\inst_fold\fp.exe" #11
#21 0xf04 Child Process High (Elevated) armstart.exe "C:\inst_fold\armstart.exe" #20
#22 0xf20 Child Process High (Elevated) installer.exe "C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe" /rsetup #21
#23 0xf40 Child Process High (Elevated) msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi" /qn #22
#24 0xf68 Child Process High (Elevated) msiexec.exe C:\Windows\system32\MsiExec.exe -Embedding A4D0C1CE16160E0F223C158924CA3115 #2
#25 0xf90 Child Process High (Elevated) rfusclient.exe "C:\Program Files\Remote Utilities - Host\rfusclient.exe" -msi_copy "C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi" #2
#26 0xfa8 Child Process System (Elevated) rutserv.exe "C:\Program Files\Remote Utilities - Host\rutserv.exe" /silentinstall #2
#27 0xfc4 Child Process System (Elevated) rutserv.exe "C:\Program Files\Remote Utilities - Host\rutserv.exe" /firewall #2
#31 0x504 Child Process System (Elevated) rutserv.exe "C:\Program Files\Remote Utilities - Host\rutserv.exe" /start #2
#32 0x894 Child Process High (Elevated) cmd.exe cmd /c C:\Users\EEBsYm5\AppData\Local\Temp\killself.bat #22
#35 0x1d8 Created Daemon System (Elevated) services.exe C:\Windows\system32\services.exe #31
#45 0x7ec Child Process System (Elevated) rutserv.exe "C:\Program Files\Remote Utilities - Host\rutserv.exe" #35
#46 0x5ac Injection Medium explorer.exe C:\Windows\Explorer.EXE #45
#47 0x58c Injection High (Elevated) taskeng.exe taskeng.exe {7737867F-ACDD-43AC-B745-B8B549957EED} S-1-5-21-3785418085-2572485238-895829336-1000:CRH2YWU7\EEBsYm5:Interactive:Highest[1] #45

Behavior Information - Sequential View

Process #1: adobereader_dcupd_en_cra_install.exe
3194 0
»
Information Value
ID #1
File Name c:\users\eebsym5\desktop\adobereader_dcupd_en_cra_install.exe
Command Line "C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe"
Initial Working Directory C:\Users\EEBsYm5\Desktop\
Monitor Start Time: 00:00:38, Reason: Analysis Target
Unmonitor End Time: 00:03:53, Reason: Terminated by Timeout
Monitor Duration 00:03:15
OS Process Information
»
Information Value
PID 0xa04
Parent PID 0x5ac (c:\windows\explorer.exe)
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x A08
0x A0C
0x A10
0x A14
0x A18
0x A1C
0x A28
0x A2C
0x A30
0x A34
0x A38
0x A3C
0x A40
0x A64
0x A68
0x A90
0x AA0
0x AA8
0x AE0
0x AE4
0x AE8
0x BB0
0x BB8
0x DA4
0x DD0
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000040000 0x00040000 0x00041fff Pagefile Backed Memory r True False False -
locale.nls 0x00050000 0x000b6fff Memory Mapped File r False False False -
pagefile_0x00000000000c0000 0x000c0000 0x00187fff Pagefile Backed Memory r True False False -
private_0x0000000000190000 0x00190000 0x00190fff Private Memory rw True False False -
private_0x00000000001a0000 0x001a0000 0x001a0fff Private Memory rw True False False -
private_0x00000000001b0000 0x001b0000 0x002affff Private Memory rw True False False -
pagefile_0x00000000002b0000 0x002b0000 0x002b0fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000002c0000 0x002c0000 0x002c1fff Pagefile Backed Memory r True False False -
private_0x00000000002d0000 0x002d0000 0x0035ffff Private Memory rw True False False -
rpcss.dll 0x002d0000 0x0032bfff Memory Mapped File r False False False -
pagefile_0x00000000002d0000 0x002d0000 0x002d1fff Pagefile Backed Memory r True False False -
pagefile_0x00000000002e0000 0x002e0000 0x002e0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000002f0000 0x002f0000 0x002f6fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000300000 0x00300000 0x00301fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000310000 0x00310000 0x00310fff Pagefile Backed Memory r True False False -
cversions.1.db 0x00320000 0x00323fff Memory Mapped File r True False False -
private_0x0000000000320000 0x00320000 0x00320fff Private Memory rwx True False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001a.db 0x00330000 0x0034efff Memory Mapped File r True False False -
private_0x0000000000350000 0x00350000 0x0035ffff Private Memory rw True False False -
private_0x0000000000360000 0x00360000 0x0045ffff Private Memory rw True False False -
pagefile_0x0000000000460000 0x00460000 0x00560fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000570000 0x00570000 0x0116ffff Pagefile Backed Memory r True False False -
pagefile_0x0000000001170000 0x01170000 0x0124efff Pagefile Backed Memory r True False False -
pagefile_0x0000000001250000 0x01250000 0x01250fff Pagefile Backed Memory rw True False False -
private_0x0000000001260000 0x01260000 0x0129ffff Private Memory rw True False False -
private_0x00000000012a0000 0x012a0000 0x012a0fff Private Memory rw True False False -
pagefile_0x00000000012b0000 0x012b0000 0x012b1fff Pagefile Backed Memory r True False False -
msctf.dll.mui 0x012b0000 0x012b0fff Memory Mapped File rw False False False -
pagefile_0x00000000012c0000 0x012c0000 0x012c1fff Pagefile Backed Memory r True False False -
private_0x00000000012c0000 0x012c0000 0x0133ffff Private Memory rw True False False -
pagefile_0x0000000001340000 0x01340000 0x01341fff Pagefile Backed Memory r True False False -
private_0x0000000001350000 0x01350000 0x0136ffff Private Memory rw True False False -
pagefile_0x0000000001370000 0x01370000 0x01371fff Pagefile Backed Memory r True False False -
private_0x0000000001370000 0x01370000 0x0137ffff Private Memory rw True False False -
adobereader_dcupd_en_cra_install.exe 0x01380000 0x014fdfff Memory Mapped File rwx True True False
...
private_0x0000000001500000 0x01500000 0x015fffff Private Memory rw True False False -
private_0x0000000001600000 0x01600000 0x017fffff Private Memory rw True False False -
private_0x0000000001600000 0x01600000 0x016fffff Private Memory rw True False False -
rsaenh.dll 0x01700000 0x0173bfff Memory Mapped File r False False False -
msimsg.dll.mui 0x01700000 0x01713fff Memory Mapped File rw False False False -
sxs.dll.mui 0x01720000 0x01725fff Memory Mapped File rw False False False -
sxs.dll 0x01720000 0x0177cfff Memory Mapped File r False False False -
fusion.dll 0x01720000 0x01736fff Memory Mapped File r True False False -
private_0x0000000001730000 0x01730000 0x01730fff Private Memory rw True False False -
sxs.dll.mui 0x01780000 0x01785fff Memory Mapped File rw False False False -
private_0x00000000017f0000 0x017f0000 0x017fffff Private Memory rw True False False -
sortdefault.nls 0x01800000 0x01acefff Memory Mapped File r False False False -
private_0x0000000001ad0000 0x01ad0000 0x01c6ffff Private Memory rw True False False -
private_0x0000000001ad0000 0x01ad0000 0x01bd0fff Private Memory rw True False False -
private_0x0000000001b30000 0x01b30000 0x01c2ffff Private Memory rw True False False -
private_0x0000000001c30000 0x01c30000 0x01c6ffff Private Memory rw True False False -
private_0x0000000001ce0000 0x01ce0000 0x01ddffff Private Memory rw True False False -
private_0x0000000001ed0000 0x01ed0000 0x01fcffff Private Memory rw True False False -
pagefile_0x0000000001fd0000 0x01fd0000 0x023c2fff Pagefile Backed Memory r True False False -
private_0x00000000024c0000 0x024c0000 0x025bffff Private Memory rw True False False -
private_0x00000000025c0000 0x025c0000 0x0271ffff Private Memory rw True False False -
pagefile_0x00000000025c0000 0x025c0000 0x026b3fff Pagefile Backed Memory r True False False -
private_0x00000000026e0000 0x026e0000 0x0271ffff Private Memory rw True False False -
staticcache.dat 0x02720000 0x0304ffff Memory Mapped File r False False False -
private_0x0000000003080000 0x03080000 0x0317ffff Private Memory rw True False False -
private_0x00000000030a0000 0x030a0000 0x0319ffff Private Memory rw True False False -
private_0x0000000003100000 0x03100000 0x031fffff Private Memory rw True False False -
private_0x0000000003200000 0x03200000 0x032fffff Private Memory rw True False False -
private_0x0000000003330000 0x03330000 0x0342ffff Private Memory rw True False False -
pagefile_0x0000000003430000 0x03430000 0x0382ffff Pagefile Backed Memory rw True False False -
private_0x0000000003460000 0x03460000 0x0355ffff Private Memory rw True False False -
pagefile_0x0000000003560000 0x03560000 0x0395ffff Pagefile Backed Memory rw True False False -
private_0x0000000003590000 0x03590000 0x0368ffff Private Memory rw True False False -
private_0x00000000036a0000 0x036a0000 0x0379ffff Private Memory rw True False False -
pagefile_0x00000000037a0000 0x037a0000 0x03b9ffff Pagefile Backed Memory rw True False False -
private_0x0000000003ba0000 0x03ba0000 0x03d9ffff Private Memory rw True False False -
private_0x0000000003ba0000 0x03ba0000 0x03d5ffff Private Memory rwx True False False -
private_0x0000000003d90000 0x03d90000 0x03d9ffff Private Memory rw True False False -
clr.dll 0x6c290000 0x6c937fff Memory Mapped File rwx True False False -
clr.dll 0x6c940000 0x6cfe7fff Memory Mapped File rwx True False False -
msihnd.dll 0x6e0a0000 0x6e0f4fff Memory Mapped File rwx False False False -
mscoreei.dll 0x6e100000 0x6e177fff Memory Mapped File rwx True False False -
mscoree.dll 0x6e180000 0x6e1c9fff Memory Mapped File rwx True False False -
riched20.dll 0x6e1d0000 0x6e245fff Memory Mapped File rwx False False False -
fusion.dll 0x6e440000 0x6e455fff Memory Mapped File rwx True False False -
fusion.dll 0x6ee80000 0x6ee95fff Memory Mapped File rwx True False False -
msi.dll 0x6f040000 0x6f27ffff Memory Mapped File rwx False False False -
dbghelp.dll 0x6f8f0000 0x6f9dafff Memory Mapped File rwx False False False -
apphelp.dll 0x718b0000 0x718fbfff Memory Mapped File rwx False False False -
explorerframe.dll 0x71930000 0x71a9efff Memory Mapped File rwx False False False -
msimsg.dll 0x71f40000 0x71f46fff Memory Mapped File rwx False False False -
msimg32.dll 0x71f50000 0x71f54fff Memory Mapped File rwx False False False -
ntmarta.dll 0x73c00000 0x73c20fff Memory Mapped File rwx False False False -
samcli.dll 0x73c30000 0x73c3efff Memory Mapped File rwx False False False -
wkscli.dll 0x73c40000 0x73c4efff Memory Mapped File rwx False False False -
netutils.dll 0x73c50000 0x73c58fff Memory Mapped File rwx False False False -
netapi32.dll 0x73c60000 0x73c70fff Memory Mapped File rwx False False False -
dwmapi.dll 0x73eb0000 0x73ec2fff Memory Mapped File rwx False False False -
duser.dll 0x73f60000 0x73f8efff Memory Mapped File rwx False False False -
dui70.dll 0x73f90000 0x74041fff Memory Mapped File rwx False False False -
gdiplus.dll 0x74050000 0x741dffff Memory Mapped File rwx False False False -
uxtheme.dll 0x741e0000 0x7421ffff Memory Mapped File rwx False False False -
propsys.dll 0x74220000 0x74314fff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
version.dll 0x748d0000 0x748d8fff Memory Mapped File rwx False False False -
rsaenh.dll 0x74bf0000 0x74c2afff Memory Mapped File rwx False False False -
cryptsp.dll 0x74e50000 0x74e65fff Memory Mapped File rwx False False False -
srvcli.dll 0x75220000 0x75238fff Memory Mapped File rwx False False False -
secur32.dll 0x75290000 0x75297fff Memory Mapped File rwx False False False -
sspicli.dll 0x752b0000 0x752cafff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
sxs.dll 0x752e0000 0x7533efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x75370000 0x7537dfff Memory Mapped File rwx False False False -
profapi.dll 0x75380000 0x7538afff Memory Mapped File rwx False False False -
devobj.dll 0x75400000 0x75411fff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
cfgmgr32.dll 0x75590000 0x755b6fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
wldap32.dll 0x75730000 0x75774fff Memory Mapped File rwx False False False -
clbcatq.dll 0x75780000 0x75802fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
setupapi.dll 0x764b0000 0x7664cfff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
comdlg32.dll 0x771b0000 0x7722afff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffd3000 0x7ffd3000 0x7ffd3fff Private Memory rw True False False -
private_0x000000007ffd6000 0x7ffd6000 0x7ffd6fff Private Memory rw True False False -
private_0x000000007ffd7000 0x7ffd7000 0x7ffd7fff Private Memory rw True False False -
private_0x000000007ffd8000 0x7ffd8000 0x7ffd8fff Private Memory rw True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory rw True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory rw True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
For performance reasons, the remaining 40 entries are omitted.
The remaining entries can be found in flog.txt.
Created Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\info 1.05 KB MD5: 554ff4c199562515d758c9abff5c2943
SHA1: 9e3bab3a975e638ead9e03731ae82fa1dbcd178c
SHA256: 9ae4a96bf2a349667e844acc1e2ac4f89361a6182268438f4d063df3a6fc47bc
SSDeep: 12:hEipI3VFpSyZ9I7imddddGDxxOxzma3ZmRgRtqVtipMLXwHqfM:hEigFpTz1xA6aJmRgwi6LgHcM 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\exclamation.ico 13.12 KB MD5: 93d722fa20a988a5c257a58bf155dc66
SHA1: 30c0d19f02cb39f8804dafe6af483a09c76e2338
SHA256: f587867eed0bec33ef150f3a8525bde9b6746c705543874e56653aa80ea53225
SSDeep: 96:KYvlkFEXFYU2+yCvIFA13cJ/rrrrrpbEn5UnanjPRZfZy1wvI8:bVXuzd6IF0czwNPDZfI8 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\removeex.ico 14.73 KB MD5: aa0a5f0280c98006741b6cb56c3a360e
SHA1: ac820bbec6d08545a4a4818df9eb09b521bf2e40
SHA256: 2ac61cea48ccdb1751cb6b93ba90267508ed6ac900b2e2ac6ead172c9b8958f2
SSDeep: 192:4cYE5eZRboMB6f5iR59urg5N+qdrzt2eYi:4cAshf5quryvdPwzi 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\aipackagechainer.exe 274.00 KB MD5: b4f05778c1e9bcf0bcbf0733fd6c763b
SHA1: e0f0a2cf06ed43581fed238aba71eb8bad82cbea
SHA256: 1d6d2d7e16f333759348d331d69b0a5a7e135f4bb9d3615edc59e305341324ea
SSDeep: 6144:/y2Mm/e3Yq28Ra1TdbTLOfPZhK0IJKZJx/d:qLmmLR25bTKfPjWJ+P 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\installing.jpg 1.75 KB MD5: a98e2f7d5dc055ad4b4b6d92126d9190
SHA1: c2db85dcf7bf991e8bba0d39f952748dc98d41d6
SHA256: 65751616edb29437b01cd352b8651835ca585942a78adaac589f9f8c16039470
SSDeep: 24:jjJdY5R9YB5j/vo9s5RVkB6+ANYPV/RBcmSSntyT7tlA+YkXHHWYC/ZxWtXPFU1/:HJZjYEVkM+mYNRSmdncq90nUxWtXP200 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\New 0.31 KB MD5: c23cbf002d82192481b61ed7ec0890f4
SHA1: dd373901c73760ca36907ff04691f5504ff00abe
SHA256: 4f92e804a11453382ebff7fb0958879bae88fe3366306911dec9d811cd306eed
SSDeep: 3:PFErXllvlNl/AXll/lFl/Ft/HtAiotuZt/nZllBe+llBe+llBe+llBe+llBe+lll:k9ij1BjjjjjTtXGuwtOZBl 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\collecting.jpg 1.75 KB MD5: 9a740549bd117bc16f6acb8d884604d2
SHA1: da20e48acde3a7097f8335541de40fe94c600e0a
SHA256: 0daed44a8e14750614afda54781621d400fed0d2ecee9a4a402f5964d3cd3f5a
SSDeep: 48:HJ7nCZOg1kIkRxgPueOXK1HRiVdqx+qZ/FkUD:HJjCR1wiOXK1xMqxEUD 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\aicustact.dll 90.62 KB MD5: 6a9c36332255fca66c688c75aa68e1de
SHA1: 2a03e2a5e6a8d9e2b0cfb4e2cc1923d9c08578c1
SHA256: 7b7ebada5da99a20c44eaf77e6d673985da42d9b7cb4f5e4235b7579581ae170
SSDeep: 1536:pysRX1fpScTNumPTXhMw+m3/3Uw5VJdK5KviuWyVstdEpH:jXtpSchuqP3Z5VJZVDp 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\Prereq.dll 295.12 KB MD5: b831569a917e0e543fccdf3672c7a10e
SHA1: df1e395dc41ab8d1ae9401e4d2181fdfa24623cd
SHA256: e2d7938bea1174359bac78d610678ba586db58fab70901ba287623560a9a9fe6
SSDeep: 6144:InoEknCuM9Rhyj06nqdsbEsE/Cl3xo4hTUR/b8+:IoEknjM9Ren1bEsEKl3xonRD8+ 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\preparing.jpg 1.76 KB MD5: d20270537ae700b03b988fc7471c820e
SHA1: 3b68b1be0a7d30df6ed8952c34794e90102b77df
SHA256: a8c29d7365a7ed4191b20d08be6274215f5f12be420e826852205c4f3755dbb4
SSDeep: 24:jjJdY5FXXI4jKnP7lf0xdIOZNfHmLSOp+7KgzjTl779R438M969t5Wbgnb4JZKP:HJsXY3P7yxJumcajTtpRFMg99nb4jKP 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\completeex.ico 14.73 KB MD5: 3eafe3ae99bf33e9f59d970f21ebef39
SHA1: e9895cb920fdeb8907ce37d9666d4999a1de5d2f
SHA256: 5f6c78970ee7e3d668eb8a4acb5d251c76599424a0b0372e7665527516d4c312
SSDeep: 192:lN3tnZnyRZF64hc28fwy+aXE25b6K0FHQHVd42oJ2zwZlaw484:lN37Yai8IaD5T0FHQHg29wZla04 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\finalizing.jpg 1.66 KB MD5: 02f6bbe060f32e49e3caf2de8e60ec7f
SHA1: 4674875a4f264a947da6bf6f626b9bd50325d034
SHA256: 20072ae2e122a6407dac4771544158d7bcecebf98404c22001b0e69f79c8580d
SSDeep: 48:HJnkSA0qNcJaaNITrMsqptTT79UMRrgJf8:HJnLVJaaGP5gtTVRgV8 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\cmdlinkarrow 2.79 KB MD5: 983358ce03817f1ca404befbe1e4d96a
SHA1: 75ce6ce80606bbb052dd35351ed95435892baf8d
SHA256: 7f0121322785c107bfdfe343e49f06c604c719baff849d07b6e099675d173961
SSDeep: 48:QFFZ+f+zd+kHeNTM9/+Xz++++++++YWWS0i6I:QFFEw4Xc+D++++++++ypi9 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\background.jpg 34.94 KB MD5: c12b97d5a230a72970b0947ffd1d2ce1
SHA1: f5aa3204ee60f34d736303dbf61f7342f95eaab2
SHA256: 8dfa97d18acaeaa0ed13a43cca6802d5c3637ead536991915ac3d88636ba08d5
SSDeep: 768:v0yNWUFquARfzbOo6CD+NaScnRksCpFMbcJZrhncZ1PoP:MyNBYta3CCVcRksXqXcZ1q 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\repairex.ico 14.73 KB MD5: 4dba3637f5fceaadd2184bd8a0f0fb95
SHA1: a858418c32f5d45f15ab01cafc652b507de2a42b
SHA256: c1ad1e78a112974326b44f75fe302723a4fc8ac1ccd96c9887403f6ddf8e607d
SSDeep: 192:+q2qe82nprAWkcWFW57oVht/k2VxomK0qHTk4TdrofvMxnVRYAn4vf:ej84ArgojFTVxoz0qHNTdr+vKVRYAIf 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\lzmaextractor.dll 12.12 KB MD5: 6a06d2405b81845330ae5c97b31d2663
SHA1: 75293a2c50528d86197976a1a74beb97a6202a65
SHA256: 6e0f72297a10eb38593faf6d52ce964c45873f2e2f4fdcf468fb592fb763851c
SSDeep: 192:r2FFw7VkzjNB1CMGVfozI2az9FU8zQyMrj6Pou7+wta43UN5:iO0j1CMGVfqIrrVMCguS4kj 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\Up 0.31 KB MD5: 83730ac00391fb0f02f56fe2e4207a10
SHA1: 139fed8f0216132450e66bda0fbbdc2a5bd333af
SHA256: 573e3260eed63604f24f6f10ce5294e25e22fda9e5bfd9010134de6e684bab98
SSDeep: 3:PFErXllvlNl/AXll/lFl/Ft/HtAiotuZt/nreBB+eKemhlRhmeemfB+ll5evZ/Xy:k9ij1KBBhK9jwmfBuiKaq5n 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\typicalex.ico 14.73 KB MD5: eb3f9054bb5f95ed6b10ec4e16a026be
SHA1: 35760271a03029996bda26d5d596cfcc465e3ea9
SHA256: e330fa8030aa0465b02880133addba0a8c6011b511f6968b413bf45516f7275e
SSDeep: 192:entnoFoTahmFxRYq7mE25b6K0FHQHVd4oXb2zwNf3i4ij:enWuPFxt785T0FHQHgo2wNf3oj 		False
...
\\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi 973.00 KB MD5: faefe083c40bc8a079c200424386f000
SHA1: 3ac616ee5902e23ead8ae3b252080a3f2097135e
SHA256: fe01fe7743184d35430f0f1439e826bb6e6e40c74401da017e3db3dd8166a6ec
SSDeep: 24576:P8FsyPEkYoSsnl3xonRD8PuLmmLM8PjWJ+SkJO:P86voSsl3xonRD8PuLjLhPSJ+SkJ 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\tabback 0.83 KB MD5: 4c3dda35e23d44e273d82f7f4c38470a
SHA1: b62bc59f3eed29d3509c7908da72041bd9495178
SHA256: e728f79439e07df1afbcf03e8788fa0b8b08cf459db31fc8568bc511bf799537
SSDeep: 24:kUGGGGGGGGjg/QUVdLbCKKKKKKWqqqqqqr:kGUVdnCKKKKKKWqqqqqqr 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\customex.ico 14.73 KB MD5: 1b5701d7f753135c22cc1ae694ffaf4b
SHA1: 966bdef4159022fcc8740b6eb75b8d7ac4212504
SHA256: aeba695175ed96d3ede9fe30e486df59c64a5fd802c15cb67f55e03a0537cd13
SSDeep: 192:lN3tnFnyRZF64BiTfwy+aXE25b6K0FHQHVd4RhE2zwZlaw484:lN3XYa5TIaD5T0FHQHgRfwZla04 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\white.jpg 1.20 KB MD5: 57d130ddf327fcc5da636a6ab4d7c112
SHA1: d674f332d4f79c70d4a97bfd9e504a8f3a2c26b6
SHA256: 990eab9faaae9f78201ef00a72f7b59773eed2b2fc9ec72250c67f376ee0500f
SSDeep: 3:nSullBbsRllAqp/y4FKKn5bbeWfa5QpUolHmBkDt0+EtZtE//Wmst18n:3llxqQ8AfQRGSDt0RZty/Wmsw 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\infoex.ico 21.96 KB MD5: fd535e63f539eacb3f11d03b52b39a80
SHA1: a7f8c942e5672f2972c82210a38cc8861435f643
SHA256: 0086bc01150989f553a0a4ae0e14926c6e247cedda312e1f946ae35d575742ab
SSDeep: 192:0DT6aNn0CgAevbxezcSptuGH0BJ1cBYehJjbQypQ6X8rdb:/aNn0DAoN4c8HH031/QQ6XWZ 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\minbackground.jpg 8.75 KB MD5: ec713b6158a057b7825274ae4e1cf183
SHA1: c8178cf6a46e14e82f4ebde407ff04ff931ca7dd
SHA256: 04942fb23c0fb15aa732881c411fd2b4f44a621267e2c1de182c39b014a87211
SSDeep: 192:W+AZfX5qVtV50vrOalV2vNWeXx8W/WsyPSSj8F+paC:W+A9X5A50iOV11qWsjPF+3 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\whitesmall.jpg 0.54 KB MD5: 4429f170056663efd1486395e8eb0af6
SHA1: ae9b01a44c8ee5ae7146f0523e512ee32dc284ad
SHA256: ffe2980d90152ef603555a735b7cba1917c99bb67061b44d6ac6f12e6384bdd9
SSDeep: 3:nSullBbsRllAqp/y4FKKn5bbeWfa5QpUolG5PkDt0+EtZtE//WmstN8n:3llxqQ8AfQRG5cDt0RZty/WmsY 		False
...
Threads
Thread 0xa08
728 0
»
Category Operation Information Success Count Logfile
System Get Time type = System Time, time = 2018-08-28 10:27:37 (UTC) True 1
Fn
System Get Time type = Ticks, time = 112648 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsAlloc, address_out = 0x7696418d True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsGetValue, address_out = 0x76961e16 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsSetValue, address_out = 0x769676e6 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsFree, address_out = 0x76961f61 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Filename process_name = c:\users\eebsym5\desktop\adobereader_dcupd_en_cra_install.exe, file_name_orig = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 260 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x769676b5 True 1
Fn
System Get Time type = System Time, time = 2018-08-28 10:27:37 (UTC) True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = IsWow64Process, address_out = 0x76954785 True 1
Fn
Module Load module_name = gdiplus.dll, base_address = 0x74050000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdiplusStartup, address_out = 0x74075600 True 1
Fn
Module Load module_name = RICHED20.DLL, base_address = 0x6e1d0000 True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\desktop\adobereader_dcupd_en_cra_install.exe, file_name_orig = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 260 True 1
Fn
File Create filename = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 1024, size_out = 1024 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 74, size_out = 74 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 24, size_out = 24 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 18, size_out = 18 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 24, size_out = 24 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 62, size_out = 62 True 1
Fn
Data
File Create filename = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 618, size_out = 618 True 1
Fn
Data
Environment Get Environment String name = USERPROFILE True 1
Fn
Environment Get Environment String name = USERPROFILE, result_out = C:\Users\EEBsYm5 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = InterlockedPushEntrySList, address_out = 0x7728994f True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = InterlockedPopEntrySList, address_out = 0x772868c7 True 1
Fn
Window Set Attribute index = 4, new_long = 3280880 True 1
Fn
System Sleep duration = -1 (infinite) True 2
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Window Set Attribute index = 4, new_long = 3280880 True 1
Fn
System Sleep duration = -1 (infinite) True 2
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\InterbootContext False 3
Fn
Registry Delete Key reg_name = HKEY_CURRENT_USER\InterbootContext False 1
Fn
COM Create interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Window Set Attribute index = 4, new_long = 3280864 True 1
Fn
Window Set Attribute index = 18446744073709551612, new_long = 3280848 True 1
Fn
Window Set Attribute index = 18446744073709551600, new_long = 1342341376 True 1
Fn
Window Create class_name = tooltips_class32, wndproc_parameter = 0 True 1
Fn
System Get Info type = Operating System True 1
Fn
Window Set Attribute index = 18446744073709551612, new_long = 1949808841 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetSystemDefaultUILanguage, address_out = 0x7694731d True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetUserDefaultUILanguage, address_out = 0x769522ef True 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
System Sleep duration = -1 (infinite) True 1
Fn
Window Set Attribute index = 4, new_long = 3280864 True 1
Fn
Module Load module_name = dwmapi.dll, base_address = 0x73eb0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmSetWindowAttribute, address_out = 0x73eb16c0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 2
Fn
Window Set Attribute index = 18446744073709551600, new_long = 80216132 True 2
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute index = 18446744073709551600, new_long = 80216132 True 2
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute index = 0, new_long = 0 False 5
Fn
Window Set Attribute index = 18446744073709551600, new_long = 80216132 True 1
Fn
Window Set Attribute index = 18446744073709551600, new_long = 348651588 True 1
Fn
Window Set Attribute index = 0, new_long = 1 False 1
Fn
Window Create window_name = Background, class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute window_name = Background, class_name = STATIC, index = 18446744073709551612, new_long = 3280848 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipAlloc, address_out = 0x74092437 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateBitmapFromFile, address_out = 0x74085e1f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetImageRawFormat, address_out = 0x74085498 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetImageHeight, address_out = 0x74085144 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetImageWidth, address_out = 0x7408506f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateFromHDC, address_out = 0x7408826b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetInterpolationMode, address_out = 0x7408901b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateImageAttributes, address_out = 0x74087648 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetImageAttributesWrapMode, address_out = 0x740880da True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawImageRectRectI, address_out = 0x74096ea0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDisposeImageAttributes, address_out = 0x740877e9 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDeleteGraphics, address_out = 0x74088514 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDisposeImage, address_out = 0x74084cc8 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipFree, address_out = 0x740924b2 True 1
Fn
Window Create class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551612, new_long = 3280832 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280816 True 1
Fn
Window Create class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551612, new_long = 3280800 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280784 True 1
Fn
Window Create class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551612, new_long = 3280768 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280752 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280736 True 1
Fn
Window Create window_name = GlobalProgress, class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute window_name = GlobalProgress, class_name = STATIC, index = 18446744073709551612, new_long = 3280720 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280704 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280688 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280672 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280656 True 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551600, new_long = 1443045377 True 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551600, new_long = 1577263104 True 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551600, new_long = 1577263104 True 1
Fn
Window Set Attribute index = 0, new_long = 1 False 1
Fn
Window Set Attribute index = 0, new_long = 0 False 7
Fn
Window Set Attribute index = 18446744073709551600, new_long = 80216132 True 1
Fn
Window Set Attribute index = 18446744073709551600, new_long = 348651588 True 1
Fn
Window Set Attribute index = 0, new_long = 1 False 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute window_name = GlobalProgress, class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551612, new_long = 1949873301 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551612, new_long = 1949873301 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551612, new_long = 1949873301 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute window_name = Background, class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Create window_name = Background, class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute window_name = Background, class_name = STATIC, index = 18446744073709551612, new_long = 3280848 True 1
Fn
Window Create class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551612, new_long = 3280832 True 1
Fn
Window Create class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551612, new_long = 3280816 True 1
Fn
Window Create class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551612, new_long = 3280800 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280784 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280768 True 1
Fn
Window Create window_name = GlobalProgress, class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute window_name = GlobalProgress, class_name = STATIC, index = 18446744073709551612, new_long = 3280752 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280736 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280720 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280704 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280688 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280672 True 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551600, new_long = 1443045377 True 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551600, new_long = 1443045376 True 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551600, new_long = 1577263104 True 1
Fn
Window Set Attribute index = 0, new_long = 1 False 1
Fn
Window Set Attribute index = 0, new_long = 0 False 17
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551600, new_long = 1443045377 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 3
Fn
Window Set Attribute index = 18446744073709551600, new_long = 348782660 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute index = 18446744073709551600, new_long = 80347204 True 1
Fn
Window Set Attribute index = 18446744073709551600, new_long = 348782660 True 1
Fn
Window Set Attribute index = 0, new_long = 1 False 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute window_name = GlobalProgress, class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551612, new_long = 1949873301 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551612, new_long = 1949873301 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551612, new_long = 1949873301 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute window_name = Background, class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Create window_name = Background, class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute window_name = Background, class_name = STATIC, index = 18446744073709551612, new_long = 3280848 True 1
Fn
Window Create class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551612, new_long = 3280832 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280816 True 1
Fn
Window Create class_name = EDIT, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = EDIT, index = 18446744073709551612, new_long = 3280800 True 1
Fn
Window Create class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551612, new_long = 3280784 True 1
Fn
Window Create class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551612, new_long = 3280768 True 1
Fn
Window Create class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551612, new_long = 3280752 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280736 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280720 True 1
Fn
Window Create window_name = GlobalProgress, class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute window_name = GlobalProgress, class_name = STATIC, index = 18446744073709551612, new_long = 3280704 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280688 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280672 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280656 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280640 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280624 True 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551600, new_long = 1443045377 True 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551600, new_long = 1443045376 True 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551600, new_long = 1443045376 True 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551600, new_long = 1443045376 True 1
Fn
Window Set Attribute index = 0, new_long = 1 False 1
Fn
Window Set Attribute index = 0, new_long = 0 False 17
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551600, new_long = 1443045377 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 3
Fn
Window Set Attribute index = 0, new_long = 1 False 1
Fn
Window Set Attribute index = 18446744073709551600, new_long = 348651588 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute index = 18446744073709551600, new_long = 80216132 True 1
Fn
Window Set Attribute index = 18446744073709551600, new_long = 348651588 True 1
Fn
Window Set Attribute index = 0, new_long = 1 False 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute window_name = GlobalProgress, class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551612, new_long = 1949873301 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551612, new_long = 1949873301 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551612, new_long = 1949873301 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = EDIT, index = 18446744073709551612, new_long = 1949735376 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551612, new_long = 1949873301 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute window_name = Background, class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Create window_name = Background, class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute window_name = Background, class_name = STATIC, index = 18446744073709551612, new_long = 3280848 True 1
Fn
Window Create class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551612, new_long = 3280832 True 1
Fn
Service Open Manager database_name = SERVICES_ACTIVE_DATABASE True 1
Fn
Window Create class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551612, new_long = 3280816 True 1
Fn
Window Create class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551612, new_long = 3280800 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280784 True 1
Fn
Window Create window_name = GlobalProgress, class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute window_name = GlobalProgress, class_name = STATIC, index = 18446744073709551612, new_long = 3280768 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280752 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280736 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280720 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280704 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280688 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280672 True 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551600, new_long = 1443045377 True 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551600, new_long = 1443045376 True 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551600, new_long = 1443045376 True 1
Fn
Window Set Attribute index = 0, new_long = 1 False 2
Fn
Window Set Attribute index = 0, new_long = 0 False 13
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551600, new_long = 1443045377 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 3
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 51, address_out = 0x6f11715c True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 221, address_out = 0x6f117915 True 1
Fn
System Sleep duration = 500 milliseconds (0.500 seconds) True 1
Fn
Window Set Attribute index = 0, new_long = 1 False 1
Fn
Window Set Attribute index = 0, new_long = 0 False 20
Fn
Window Set Attribute index = 18446744073709551600, new_long = 80216132 True 1
Fn
Window Set Attribute index = 18446744073709551600, new_long = 348651588 True 1
Fn
Window Set Attribute index = 0, new_long = 1 False 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute window_name = GlobalProgress, class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551612, new_long = 1949873301 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551612, new_long = 1949873301 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551612, new_long = 1949873301 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute window_name = Background, class_name = STATIC, index = 18446744073709551612, new_long = 1949808841 True 1
Fn
Window Create window_name = Background, class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute window_name = Background, class_name = STATIC, index = 18446744073709551612, new_long = 3280848 True 1
Fn
Window Create class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551612, new_long = 3280832 True 1
Fn
Window Create class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551612, new_long = 3280816 True 1
Fn
Window Create class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551612, new_long = 3280800 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280784 True 1
Fn
Window Create window_name = GlobalProgress, class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute window_name = GlobalProgress, class_name = STATIC, index = 18446744073709551612, new_long = 3280768 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280752 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280736 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280720 True 1
Fn
Window Create class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute class_name = STATIC, index = 18446744073709551612, new_long = 3280704 True 1
Fn
Window Create window_name = ProgressBar, class_name = msctls_progress32, wndproc_parameter = 0 True 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute window_name = ProgressBar, class_name = msctls_progress32, index = 18446744073709551612, new_long = 3280688 True 1
Fn
COM Create interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551600, new_long = 1443045377 True 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551600, new_long = 1577263104 True 1
Fn
Window Set Attribute class_name = BUTTON, index = 18446744073709551600, new_long = 1577263104 True 1
Fn
Window Set Attribute index = 0, new_long = 1 False 1
Fn
Window Set Attribute index = 0, new_long = 0 False 1
Fn
Window Set Attribute index = 0, new_long = 1 False 1
Fn
Window Set Attribute index = 0, new_long = 0 False 32
Fn
Window Set Attribute index = 0, new_long = 1 False 1
Fn
Window Set Attribute index = 0, new_long = 0 False 18
Fn
Window Set Attribute index = 0, new_long = 1 False 1
Fn
Window Set Attribute index = 0, new_long = 0 False 81
Fn
Window Set Attribute index = 0, new_long = 1 False 27
Fn
Window Set Attribute index = 0, new_long = 0 False 6
Fn
Window Set Attribute index = 0, new_long = 1 False 2
Fn
Thread 0xa1c
3 0
»
Category Operation Information Success Count Logfile
Module Load module_name = msi.dll, base_address = 0x6f040000 True 2
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 205, address_out = 0x6f0fb80b True 1
Fn
Thread 0xa28
10 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
System Get Info type = Operating System True 1
Fn
System Get Info type = Operating System True 1
Fn
Thread 0xa2c
40 0
»
Category Operation Information Success Count Logfile
File Create Directory \\?\C:\Users False 1
Fn
File Create Directory \\?\C:\Users\EEBsYm5 False 1
Fn
File Create Directory \\?\C:\Users\EEBsYm5\AppData False 1
Fn
File Create Directory \\?\C:\Users\EEBsYm5\AppData\Roaming False 1
Fn
File Create Directory \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe False 1
Fn
File Create Directory \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1 True 1
Fn
File Create Directory \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install True 1
Fn
File Create filename = \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Read filename = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 65536 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 65536 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 65536 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 65536 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 65536 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 65536 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 65536 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 65536 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 65536 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 65536 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 65536 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 65536 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 65536 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 65536 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 65536 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 13312, size_out = 13312 True 1
Fn
Data
File Write filename = \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 13312 True 1
Fn
Data
Thread 0xa30
12 0
»
Category Operation Information Success Count Logfile
File Create Pipe pipe_name = \device\namedpipe\toserveradvinst_estimate_c:\users\eebsym5\desktop\adobereader_dcupd_en_cra_install.exe, open_mode = PIPE_ACCESS_INBOUND, PIPE_ACCESS_OUTBOUND, pipe_mode = PIPE_READMODE_MESSAGE, PIPE_TYPE_MESSAGE, max_instances = 255 True 1
Fn
File Create Pipe pipe_name = \device\namedpipe\toserveradvinst_extract_c:\users\eebsym5\desktop\adobereader_dcupd_en_cra_install.exe, open_mode = PIPE_ACCESS_INBOUND, PIPE_ACCESS_OUTBOUND, pipe_mode = PIPE_READMODE_MESSAGE, PIPE_TYPE_MESSAGE, max_instances = 255 True 1
Fn
File Read size = 32656, size_out = 4 True 1
Fn
Data
File Write size = 2 True 1
Fn
Data
File Read size = 32656, size_out = 4 True 1
Fn
Data
File Write size = 2 True 1
Fn
Data
File Read size = 32656, size_out = 4 True 1
Fn
Data
File Read filename = \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 32656, size_out = 4 True 1
Fn
Data
File Write filename = \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 18 True 1
Fn
Data
File Read filename = \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 32656, size_out = 4 True 1
Fn
Data
File Write filename = \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 10 True 1
Fn
Data
File Read filename = \\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 32656, size_out = 0 False 1
Fn
Thread 0xa34
1069 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 141, address_out = 0x6f054f9e True 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 195, address_out = 0x6f0f3b47 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 137, address_out = 0x6f054e3e True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 281, address_out = 0x6f103183 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 92, address_out = 0x6f113c0d True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 52, address_out = 0x6f110d59 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 32, address_out = 0x6f110137 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 159, address_out = 0x6f11058f True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 166, address_out = 0x6f110911 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 115, address_out = 0x6f111796 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 118, address_out = 0x6f113f4c True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 8, address_out = 0x6f10fe95 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 160, address_out = 0x6f1106b3 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 158, address_out = 0x6f110a2f True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 94, address_out = 0x6f0ef5c3 True 1
Fn
System Get Time type = System Time, time = 2018-08-28 10:27:38 (UTC) True 2
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 74, address_out = 0x6f115a23 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 49, address_out = 0x6f1124b9 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 78, address_out = 0x6f114113 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 150, address_out = 0x6f11220b True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = IsWow64Process, address_out = 0x76954785 True 1
Fn
System Get Info type = Hardware Information True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 145, address_out = 0x6f115e05 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer, value_name = Version, data = 8.0.7601.17514, type = REG_SZ True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 116, address_out = 0x6f111735 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 47, address_out = 0x6f112f41 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 34, address_out = 0x6f112be1 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 147, address_out = 0x6f1169e1 True 1
Fn
File Create Pipe pipe_name = \device\namedpipe\toserver2564, open_mode = PIPE_ACCESS_INBOUND, PIPE_ACCESS_OUTBOUND, pipe_mode = PIPE_READMODE_MESSAGE, PIPE_TYPE_MESSAGE, max_instances = 255 True 1
Fn
Process Create process_name = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, show_window = SW_SHOWNORMAL True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 42 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 86 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 62 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 78 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 62 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 72 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 42 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 30 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 42 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 62 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 78 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 50 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 60 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 80 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 90 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 122 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 86 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 96 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 128 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 126 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 64 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 96 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 88 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 98 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 130 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 142 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 84 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 116 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 124 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 78 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 110 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 70 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 80 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 112 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 66 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 76 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 108 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 82 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 92 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 124 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 120 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 74 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 20 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 106 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 108 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 62 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 94 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 70 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 80 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 112 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 116 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 70 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 102 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 176 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 86 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 118 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 112 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 76 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 112 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 108 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 102 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 76 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 20 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 44 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 42 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 42 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 42 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 42 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 42 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 42 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 40 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 108 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 122 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 90 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 122 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 70 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 80 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 112 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 70 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 80 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 112 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 128 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 88 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 120 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 132 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 80 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 20 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 144 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 40 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 40 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 62 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 40 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 40 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 40 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 40 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 40 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 112 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 128 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 80 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 112 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 94 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 70 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 102 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 98 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 74 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 106 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 138 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 86 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 118 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 118 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 76 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 108 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 140 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 94 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 126 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 86 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 68 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 100 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 94 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 72 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 104 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 78 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 64 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 96 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 64 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 74 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 106 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 124 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 76 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 66 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 40 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 40 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 108 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 82 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 92 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 0 True 1
Fn
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 30 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 124 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 94 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 70 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 102 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 112 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 74 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 106 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 92 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 64 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 96 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 102 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 76 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 108 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 120 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 80 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 112 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 136 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 88 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 120 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 134 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 82 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 114 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 110 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 78 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 110 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 134 True 1
Fn
Data
File Read size = 1024, size_out = 16 True 1
Fn
Data
File Read size = 1024, size_out = 84 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 104 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 40 True 1
Fn
Data
File Read size = 1024, size_out = 18 True 1
Fn
Data
File Read size = 1024, size_out = 40 True 1
Fn
Data
For performance reasons, the remaining 68 entries are omitted.
The remaining entries can be found in glog.xml.
Thread 0xa38
465 0
»
Category Operation Information Success Count Logfile
System Get Time type = System Time, time = 2018-08-28 10:27:39 (UTC) True 8
Fn
System Get Time type = System Time, time = 2018-08-28 10:27:40 (UTC) True 14
Fn
System Get Time type = System Time, time = 2018-08-28 10:27:41 (UTC) True 6
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 171, address_out = 0x6f112a79 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 17, address_out = 0x6f111394 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 125, address_out = 0x6f1155ae True 1
Fn
System Get Time type = System Time, time = 2018-08-28 10:27:41 (UTC) True 26
Fn
File Create Directory C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 114, address_out = 0x6f111565 True 1
Fn
System Get Info type = Operating System True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\Up, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 120, address_out = 0x6f1119ed True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\Up, size = 318 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\Up, size = 0 True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\removeex.ico, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\removeex.ico, size = 15086 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\removeex.ico, size = 0 True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\finalizing.jpg, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\finalizing.jpg, size = 1701 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\finalizing.jpg, size = 0 True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\infoex.ico, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\infoex.ico, size = 22486 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\infoex.ico, size = 0 True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\New, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\New, size = 318 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\New, size = 0 True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\whitesmall.jpg, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\whitesmall.jpg, size = 554 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\whitesmall.jpg, size = 0 True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\background.jpg, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\background.jpg, size = 35778 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\background.jpg, size = 0 True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\repairex.ico, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\repairex.ico, size = 15086 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\repairex.ico, size = 0 True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\tabback, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\tabback, size = 854 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\tabback, size = 0 True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\exclamation.ico, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\exclamation.ico, size = 13430 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\exclamation.ico, size = 0 True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\typicalex.ico, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\typicalex.ico, size = 15086 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\typicalex.ico, size = 0 True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\completeex.ico, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\completeex.ico, size = 15086 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\completeex.ico, size = 0 True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\preparing.jpg, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\preparing.jpg, size = 1799 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\preparing.jpg, size = 0 True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\collecting.jpg, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\collecting.jpg, size = 1790 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\collecting.jpg, size = 0 True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\minbackground.jpg, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\minbackground.jpg, size = 8955 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\minbackground.jpg, size = 0 True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\info, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\info, size = 1078 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\info, size = 0 True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\installing.jpg, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\installing.jpg, size = 1794 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\installing.jpg, size = 0 True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\customex.ico, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\customex.ico, size = 15086 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\customex.ico, size = 0 True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\white.jpg, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\white.jpg, size = 1232 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\white.jpg, size = 0 True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\aicustact.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\aicustact.dll, size = 51200 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\aicustact.dll, size = 41600 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\aicustact.dll, size = 0 True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\cmdlinkarrow, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\cmdlinkarrow, size = 2862 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\cmdlinkarrow, size = 0 True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\aipackagechainer.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\aipackagechainer.exe, size = 51200 True 5
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\aipackagechainer.exe, size = 24576 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\aipackagechainer.exe, size = 0 True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\lzmaextractor.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\lzmaextractor.dll, size = 12416 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\lzmaextractor.dll, size = 0 True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\Prereq.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\Prereq.dll, size = 51200 True 5
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\Prereq.dll, size = 46208 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\Prereq.dll, size = 0 True 1
Fn
System Get Time type = System Time, time = 2018-08-28 10:27:42 (UTC) True 42
Fn
System Get Time type = System Time, time = 2018-08-28 10:27:43 (UTC) True 49
Fn
System Get Time type = System Time, time = 2018-08-28 10:27:47 (UTC) True 10
Fn
System Get Time type = System Time, time = 2018-08-28 10:27:50 (UTC) True 59
Fn
System Get Time type = System Time, time = 2018-08-28 10:27:51 (UTC) True 12
Fn
System Get Time type = System Time, time = 2018-08-28 10:27:52 (UTC) True 14
Fn
System Get Time type = System Time, time = 2018-08-28 10:27:53 (UTC) True 12
Fn
System Get Time type = System Time, time = 2018-08-28 10:27:54 (UTC) True 12
Fn
System Get Time type = System Time, time = 2018-08-28 10:27:55 (UTC) True 14
Fn
System Get Time type = System Time, time = 2018-08-28 10:27:56 (UTC) True 12
Fn
System Get Time type = System Time, time = 2018-08-28 10:27:57 (UTC) True 12
Fn
System Get Time type = System Time, time = 2018-08-28 10:27:58 (UTC) True 14
Fn
System Get Time type = System Time, time = 2018-08-28 10:27:59 (UTC) True 12
Fn
System Get Time type = System Time, time = 2018-08-28 10:28:00 (UTC) True 14
Fn
System Get Time type = System Time, time = 2018-08-28 10:28:01 (UTC) True 12
Fn
System Get Time type = System Time, time = 2018-08-28 10:28:02 (UTC) True 12
Fn
System Get Time type = System Time, time = 2018-08-28 10:28:03 (UTC) True 14
Fn
System Get Time type = System Time, time = 2018-08-28 10:28:04 (UTC) True 285
Fn
System Get Time type = System Time, time = 2018-08-28 10:28:05 (UTC) True 498
Fn
Thread 0xaa8
8 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
System Get Cursor x_out = 894, y_out = 688 True 1
Fn
Thread 0xae0
8 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
System Get Cursor x_out = 898, y_out = 683 True 1
Fn
Thread 0xae4
8 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
System Get Cursor x_out = 891, y_out = 687 True 1
Fn
Process #2: msiexec.exe
7489 0
»
Information Value
ID #2
File Name c:\windows\system32\msiexec.exe
Command Line C:\Windows\system32\msiexec.exe /V
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:00:55, Reason: RPC Server
Unmonitor End Time: 00:03:53, Reason: Terminated by Timeout
Monitor Duration 00:02:58
OS Process Information
»
Information Value
PID 0xa44
Parent PID 0x1d8 (c:\windows\system32\services.exe)
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSecurityPrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x A60
0x A5C
0x A58
0x A50
0x A4C
0x A48
0x A84
0x BF0
0x C48
0x C50
0x C54
0x C58
0x C5C
0x C60
0x C64
0x C68
0x C6C
0x C7C
0x C80
0x C84
0x CD4
0x CD8
0x CE4
0x D70
0x D74
0x D9C
0x DA8
0x DB8
0x F5C
0x F60
0x F64
0x F84
0x F8C
0x FA4
0x FC0
0x 870
0x 8AC
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x00026fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000040000 0x00040000 0x00041fff Pagefile Backed Memory r True False False -
private_0x0000000000050000 0x00050000 0x0008ffff Private Memory rw True False False -
locale.nls 0x00090000 0x000f6fff Memory Mapped File r False False False -
pagefile_0x0000000000100000 0x00100000 0x0017ffff Pagefile Backed Memory r True False False -
pagefile_0x0000000000180000 0x00180000 0x00181fff Pagefile Backed Memory rw True False False -
msiexec.exe.mui 0x00190000 0x00190fff Memory Mapped File rw False False False -
private_0x00000000001a0000 0x001a0000 0x001a0fff Private Memory rw True False False -
private_0x00000000001b0000 0x001b0000 0x001b0fff Private Memory rw True False False -
private_0x00000000001c0000 0x001c0000 0x002bffff Private Memory rw True False False -
pagefile_0x00000000002c0000 0x002c0000 0x00387fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000390000 0x00390000 0x00390fff Pagefile Backed Memory r True False False -
pagefile_0x00000000003a0000 0x003a0000 0x003a1fff Pagefile Backed Memory r True False False -
msimsg.dll.mui 0x003b0000 0x003c3fff Memory Mapped File rw False False False -
pagefile_0x00000000003d0000 0x003d0000 0x003d0fff Pagefile Backed Memory r True False False -
msxml3r.dll 0x003e0000 0x003e0fff Memory Mapped File r False False False -
private_0x00000000003f0000 0x003f0000 0x0040ffff Private Memory - True False False -
private_0x0000000000410000 0x00410000 0x0041ffff Private Memory rw True False False -
pagefile_0x0000000000420000 0x00420000 0x00520fff Pagefile Backed Memory r True False False -
eventcls.dll 0x00530000 0x00533fff Memory Mapped File r False False False -
private_0x0000000000540000 0x00540000 0x0057ffff Private Memory rw True False False -
30dea.ipi 0x00540000 0x00545fff Memory Mapped File r True True False
...
private_0x0000000000580000 0x00580000 0x005bffff Private Memory rw True False False -
stdole2.tlb 0x005c0000 0x005c3fff Memory Mapped File r False False False -
private_0x00000000005d0000 0x005d0000 0x0060ffff Private Memory rw True False False -
private_0x0000000000610000 0x00610000 0x0068ffff Private Memory rw True False False -
private_0x0000000000690000 0x00690000 0x006dffff Private Memory rw True False False -
pagefile_0x0000000000690000 0x00690000 0x00691fff Pagefile Backed Memory rw True False False -
private_0x00000000006a0000 0x006a0000 0x006dffff Private Memory rw True False False -
pagefile_0x00000000006e0000 0x006e0000 0x006e1fff Pagefile Backed Memory rw True False False -
private_0x00000000006f0000 0x006f0000 0x0072ffff Private Memory rw True False False -
private_0x0000000000730000 0x00730000 0x0074ffff Private Memory - True False False -
private_0x0000000000750000 0x00750000 0x0076ffff Private Memory - True False False -
msiexec.exe 0x00780000 0x00793fff Memory Mapped File rwx True False False -
sortdefault.nls 0x007a0000 0x00a6efff Memory Mapped File r False False False -
private_0x0000000000a70000 0x00a70000 0x00aaffff Private Memory rw True False False -
private_0x0000000000ab0000 0x00ab0000 0x00aeffff Private Memory rw True False False -
private_0x0000000000af0000 0x00af0000 0x00b0ffff Private Memory - True False False -
private_0x0000000000b20000 0x00b20000 0x00b5ffff Private Memory rw True False False -
pagefile_0x0000000000b60000 0x00b60000 0x00c53fff Pagefile Backed Memory r True False False -
30de4.msi 0x00b60000 0x00c53fff Memory Mapped File r True True False
...
30dea.ipi 0x00bd0000 0x00c4ffff Memory Mapped File rw True True False
...
~df54fa1b59b3d37990.tmp 0x00c50000 0x00ccffff Memory Mapped File rw True True False
...
~df577b02bd34c74022.tmp 0x00c50000 0x00ccffff Memory Mapped File rw True True False
...
pagefile_0x0000000000c60000 0x00c60000 0x00d53fff Pagefile Backed Memory r True False False -
30de5.ipi 0x00ca0000 0x00d1ffff Memory Mapped File rw True True False
...
30de5.ipi 0x00cc0000 0x00d3ffff Memory Mapped File rw True True False
...
private_0x0000000000d60000 0x00d60000 0x00e5ffff Private Memory rw True False False -
pagefile_0x0000000000e60000 0x00e60000 0x01252fff Pagefile Backed Memory r True False False -
private_0x0000000001260000 0x01260000 0x013cffff Private Memory rw True False False -
kernelbase.dll.mui 0x01260000 0x0131ffff Memory Mapped File rw False False False -
private_0x0000000001320000 0x01320000 0x0135ffff Private Memory rw True False False -
private_0x0000000001360000 0x01360000 0x0137ffff Private Memory - True False False -
private_0x0000000001390000 0x01390000 0x013cffff Private Memory rw True False False -
private_0x00000000013d0000 0x013d0000 0x015bffff Private Memory rw True False False -
private_0x00000000013d0000 0x013d0000 0x0152ffff Private Memory rw True False False -
private_0x00000000013d0000 0x013d0000 0x013effff Private Memory - True False False -
~df22707f64d7b3e78b.tmp 0x013d0000 0x0144ffff Memory Mapped File rw True True False
...
private_0x00000000013f0000 0x013f0000 0x0142ffff Private Memory rw True False False -
private_0x0000000001430000 0x01430000 0x0144ffff Private Memory - True False False -
private_0x0000000001450000 0x01450000 0x0148ffff Private Memory rw True False False -
private_0x0000000001490000 0x01490000 0x014cffff Private Memory rw True False False -
private_0x00000000014d0000 0x014d0000 0x014effff Private Memory - True False False -
private_0x00000000014f0000 0x014f0000 0x0152ffff Private Memory rw True False False -
private_0x0000000001530000 0x01530000 0x0154ffff Private Memory - True False False -
private_0x0000000001550000 0x01550000 0x0156ffff Private Memory - True False False -
private_0x0000000001580000 0x01580000 0x015bffff Private Memory rw True False False -
private_0x00000000015c0000 0x015c0000 0x017dffff Private Memory rw True False False -
private_0x00000000015c0000 0x015c0000 0x0175ffff Private Memory rw True False False -
private_0x00000000015c0000 0x015c0000 0x015fffff Private Memory rw True False False -
private_0x0000000001600000 0x01600000 0x0161ffff Private Memory - True False False -
private_0x0000000001620000 0x01620000 0x0163ffff Private Memory - True False False -
private_0x0000000001640000 0x01640000 0x0167ffff Private Memory rw True False False -
private_0x0000000001680000 0x01680000 0x016bffff Private Memory rw True False False -
private_0x0000000001720000 0x01720000 0x0175ffff Private Memory rw True False False -
private_0x00000000017a0000 0x017a0000 0x017dffff Private Memory rw True False False -
private_0x00000000017e0000 0x017e0000 0x0197ffff Private Memory rw True False False -
private_0x0000000001800000 0x01800000 0x0183ffff Private Memory rw True False False -
private_0x0000000001870000 0x01870000 0x018affff Private Memory rw True False False -
private_0x0000000001900000 0x01900000 0x0193ffff Private Memory rw True False False -
private_0x0000000001940000 0x01940000 0x0197ffff Private Memory rw True False False -
private_0x0000000001980000 0x01980000 0x01d7ffff Private Memory rw True False False -
private_0x0000000001e10000 0x01e10000 0x01f0ffff Private Memory rw True False False -
private_0x0000000001f10000 0x01f10000 0x0200ffff Private Memory rw True False False -
private_0x00000000020c0000 0x020c0000 0x020fffff Private Memory rw True False False -
pagefile_0x0000000002100000 0x02100000 0x0238afff Pagefile Backed Memory rw True False False -
private_0x0000000002390000 0x02390000 0x0261afff Private Memory rw True False False -
private_0x0000000002620000 0x02620000 0x028b2fff Private Memory rw True False False -
30de8.msi 0x02cb0000 0x035eefff Memory Mapped File r True True False
...
30de8.msi 0x039f0000 0x0432efff Memory Mapped File r True True False
...
msxml3.dll 0x6bf00000 0x6c032fff Memory Mapped File rwx False False False -
vss_ps.dll 0x6dab0000 0x6dab9fff Memory Mapped File rwx False False False -
spp.dll 0x6e4b0000 0x6e4dffff Memory Mapped File rwx False False False -
srclient.dll 0x6e4e0000 0x6e4ecfff Memory Mapped File rwx False False False -
msi.dll 0x6f040000 0x6f27ffff Memory Mapped File rwx True False False -
vsstrace.dll 0x70370000 0x7037ffff Memory Mapped File rwx False False False -
vssapi.dll 0x70380000 0x70495fff Memory Mapped File rwx False False False -
msimsg.dll 0x71f40000 0x71f46fff Memory Mapped File rwx False False False -
es.dll 0x73820000 0x73866fff Memory Mapped File rwx False False False -
dsrole.dll 0x73880000 0x73888fff Memory Mapped File rwx False False False -
atl.dll 0x738a0000 0x738b3fff Memory Mapped File rwx False False False -
samcli.dll 0x73c30000 0x73c3efff Memory Mapped File rwx False False False -
wkscli.dll 0x73c40000 0x73c4efff Memory Mapped File rwx False False False -
netutils.dll 0x73c50000 0x73c58fff Memory Mapped File rwx False False False -
netapi32.dll 0x73c60000 0x73c70fff Memory Mapped File rwx False False False -
propsys.dll 0x74220000 0x74314fff Memory Mapped File rwx False False False -
samlib.dll 0x74320000 0x74331fff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
userenv.dll 0x74a30000 0x74a46fff Memory Mapped File rwx False False False -
rsaenh.dll 0x74bf0000 0x74c2afff Memory Mapped File rwx False False False -
cryptsp.dll 0x74e50000 0x74e65fff Memory Mapped File rwx False False False -
srvcli.dll 0x75220000 0x75238fff Memory Mapped File rwx False False False -
sspicli.dll 0x752b0000 0x752cafff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
sxs.dll 0x752e0000 0x7533efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x75370000 0x7537dfff Memory Mapped File rwx False False False -
profapi.dll 0x75380000 0x7538afff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
clbcatq.dll 0x75780000 0x75802fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
private_0x000000007ffa8000 0x7ffa8000 0x7ffa8fff Private Memory rw True False False -
private_0x000000007ffa9000 0x7ffa9000 0x7ffa9fff Private Memory rw True False False -
private_0x000000007ffaa000 0x7ffaa000 0x7ffaafff Private Memory rw True False False -
private_0x000000007ffab000 0x7ffab000 0x7ffabfff Private Memory rw True False False -
private_0x000000007ffac000 0x7ffac000 0x7ffacfff Private Memory rw True False False -
private_0x000000007ffad000 0x7ffad000 0x7ffadfff Private Memory rw True False False -
private_0x000000007ffae000 0x7ffae000 0x7ffaefff Private Memory rw True False False -
private_0x000000007ffaf000 0x7ffaf000 0x7ffaffff Private Memory rw True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffd3000 0x7ffd3000 0x7ffd3fff Private Memory rw True False False -
private_0x000000007ffd4000 0x7ffd4000 0x7ffd4fff Private Memory rw True False False -
private_0x000000007ffd5000 0x7ffd5000 0x7ffd5fff Private Memory rw True False False -
private_0x000000007ffd6000 0x7ffd6000 0x7ffd6fff Private Memory rw True False False -
private_0x000000007ffd7000 0x7ffd7000 0x7ffd7fff Private Memory rw True False False -
private_0x000000007ffd8000 0x7ffd8000 0x7ffd8fff Private Memory rw True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory rw True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory rw True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
For performance reasons, the remaining 77 entries are omitted.
The remaining entries can be found in flog.txt.
Created Files
»
Filename File Size Hash Values YARA Match Actions
C:\Program Files\Remote Utilities - Host\RIPCServer.dll 151.52 KB MD5: 435d9e1fd4b87308f0f91da25530d4ec
SHA1: a9b0c513b930f4c2ef86cb75a8de1fe16eb6d996
SHA256: 05040b677d7697b4f97da173c6c07146d3bde327833fd2022bf2cb67f90389ca
SSDeep: 3072:WvQPgrvHfETaxPSki7FlC+y/DPHSeqqSDUDPBcHnIO3gH:WvQovp07FGaXgH 		False
...
C:\Program Files\Remote Utilities - Host\Italian.lg 54.97 KB MD5: dfcc06cd5e145a631806c1d011ad0fba
SHA1: d53236889246db20ad22f4811d24c7257c9b635d
SHA256: 9848f250729fe0a81118aa027592ad0ef98d8428e808fa7bafa0903a93c4d94b
SSDeep: 384:Sm01Cwq1dgmzJFUr8jmu3xwZBdGsWbITzqlf288Fuz2O5qi4NZhhia2nQec7b8wH:EkcIzSiGwarec7IDVmA8eY 		False
...
C:\Program Files\Remote Utilities - Host\vp8encoder.dll 1.57 MB MD5: 3e6c2703e1c8b6b2b3512aff48099462
SHA1: b17a7f9cce16540b1f0e3dceae9dc7e8e855cb1b
SHA256: 616a0047b5f28a071fc26dd9b0fd90d5110c77a3635565cebc24b6362d8c9844
SSDeep: 49152:iSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSvSSSSSSSSSSSSSSSlwwwwwwwwwwwwwwf:iSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS1 		False
...
C:\Program Files\Remote Utilities - Host\Dutch.lg 55.85 KB MD5: 00c905e8da73cf386c210d28e3797f6c
SHA1: 512b1c68ad520bbd77733cf71e376333c509c183
SHA256: 83813ca174f76a126e05f6cca58be24ce2a48a2632e9bf6bfa46a353d01111b6
SSDeep: 384:SKgzSDh81zMEAgcj6Av24RMDQDLXedTvjq0RjD8ZbK6BmmhWYpjUwkQZQuxtWv6M:SY21zVg+aeq0Rv8ZbnTFaObLfWucLOmD 		False
...
C:\Program Files\Remote Utilities - Host\Turkish.lg 54.52 KB MD5: 8a4b15f09ab2301fdbf99acd5274bf88
SHA1: 88bee09f9690dce0f323909d53525f60e076e854
SHA256: 00d3aa64e2afe9b92f2d13255a86eee0f289d9d257229289de0e2020626f0508
SSDeep: 768:aE0cXwLfmn/ft4QtV82UByhgrhfOXXVLbxcmH6Aa7Tvf:aqXw4HRO1fOXXVLbD6Aa7Tvf 		False
...
C:\Program Files\Remote Utilities - Host\Hebrew.lg 46.78 KB MD5: 516352f3ff5dc96d8cfbd6abf069aabd
SHA1: b52524bec89b956fba232d7a72205e63e029d5d0
SHA256: 6387f12ff599445016b7f5b191170f077fe50c8b986a7d9650abfb7ccb6377f5
SSDeep: 384:XncbAZHwCIo7HKInFzEnac+Q8ZUUBIbN08bZavbiSoBV205ZT1xD1O8Vcm+yWQRJ:m8QSQp7hNRMho9H 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\fwproc.exe 88.52 KB MD5: ea59044d08afd020fa6d5af9e5e7cf5a
SHA1: d6958e403f452fc2d1bf7fcd8b2edc691d935d68
SHA256: 78436d1fef2d60bbe0a693d8425b8c30e9db167422ee8004eb965773ff6c00ae
SSDeep: 1536:0NpkB9q5HeZJobIusCnXTqFC34d9KJ3w4tjBgYf:bPqOobJs8Eoa4tjBgW 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\unidrv_rup.dll 375.02 KB MD5: 06bcbd5ebae3130b47c5ef8d9566df15
SHA1: 0e908eec1e77c96b1f83ddd42a678944b605fa47
SHA256: df33f57c24dcf3d878d545906f452b2ce691452350b72fc19c42a04a79b2bfc2
SSDeep: 6144:rplBo/TK5C+psQzJzCSX6hjg+4GRr3CoA7f3j5G+hinZ5P31uGX7Zum8oyk7lATH:X0/djgEUhWnJ2UlxqOttoICvPn/318SN 		False
...
C:\Program Files\Remote Utilities - Host\Monitor\x86\drvinstaller32.exe 145.02 KB MD5: 2dc45cbcce2a4d1eb1e28d1d51e53ad6
SHA1: d7a62a73bc27886ed524bc961392038f018c4150
SHA256: f5d93809fdc5912f82201ae5e1626085b5f798c2f4d7c9e5cca7dfacace69d33
SSDeep: 1536:vTm/S/7UOlwFZxYEJTnp6EaGdBVBbM4nQmcpi7EBzSeOYzkOQvvJCoXTZBaCQtnW:8SzUOyxpfznQUokjun2Dr9CYQrLgB 		False
...
c:\system volume information\spp\metadata-2 5.52 MB MD5: 4f7d527ec892e6f46b17a808d1e410e0
SHA1: 95617678f95fdb3dc77dc53ecf7396148ee6ab13
SHA256: b02501a1b4d2a65e9b2e21d0260cdd9f0f1915a27e83732f0896db2608fcd946
SSDeep: 12288:Osb/YEzT4G0ncLYHCau/Ox11+DWOQmg9fwIQ55LPnStrmEaff5qUO/jsl:9jgB11+mcfEUO78 		False
...
C:\Program Files\Remote Utilities - Host\Monitor\x86\lockscr.sys 13.48 KB MD5: fa01dab3229ca22caaa15a245c488f6f
SHA1: 9b8aa9041529aa5c0b1f2fbc0ad73744d95b5ceb
SHA256: e1363e7b917c96a03c74e6e7dfcc1e374b64ef86005e9f7d624cf77b785a85ba
SSDeep: 192:F6/uzfJZBlnYe+PjPJdZubhlCVuuImqAZscF8Bd1LchCt:42zB5nYPLXZgwgAZsHLcIt 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\unires_vpd.dll 753.02 KB MD5: d9da1c64400ac31989dcb7f37a1c0994
SHA1: 6357f03b367dfc75575da5e8092fe7da28703c4b
SHA256: 42153140f3cb25ed59444703e1ebd004dee97209fc9ac91ae4823290bcc86ce1
SSDeep: 12288:SkoGBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinL5+:2GBEGbL4Np84TQazCSiR5+ 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\progress.exe 19.52 KB MD5: ecbe7572b3b6bdf275c51da7e5ca3d94
SHA1: 1af52869ba692bbc04712721b19a1bef5762d132
SHA256: da6104aa160e4861ef3892020fbb9f4966a0bc7280a8c2e4f8d5f739ec0f0cdd
SSDeep: 384:nSZPGL9A2TdR5W6D4+ZSZQwgMSZsHLPK6jH6x:nkP0A65XIg2PKgax 		False
...
C:\Program Files\Remote Utilities - Host\Norwegian.lg 51.90 KB MD5: 3cdf55746e6889e8fff300e54a287bcc
SHA1: 57c38147c92b86f7bceeb4dbd9ad1d720410b07d
SHA256: d3014f26e0b5bd84f694c8ad18f0de48ce3cbcbaa2f649070f161c64702cae3d
SSDeep: 1536:IzYWB3TwZOFLoAapzop2DL+p/uSAoILpUNW:IzYWB3Tw3XDac 		False
...
C:\Program Files\Remote Utilities - Host\webmvorbisencoder.dll 861.02 KB MD5: 74a8ebf5d8e08e284d734fe5feebd67d
SHA1: 87fb627c6e63eb41e26f389b38d525ccf0c11590
SHA256: 1a9632b9e061b56017d2eb8d15c20e60a9518b4de5faa0399eaba0a17c10045d
SSDeep: 12288:OTAPYZEyRr+NDnaLyx2lz8MSjtX08pYRc29qcQmsGahsQZsbRNeb:lYF+Eyx2lzujtEIYRc1cQmsGa7ONeb 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\setupdrv.exe 60.52 KB MD5: e6fad6f55219253a16fe5bb92c80ce15
SHA1: 01a34aa45c1cebe15fddc5b1f73848228b9a2436
SHA256: 57ebd191c1a040759be022480bc8d11fc3f3bc3214343b99c95ddf3eae47f5d2
SSDeep: 768:kA7DDwprhlrMKK9jfcKk5NijGA/z0TIx0PqfyljmkjxOarHg2PKgV:kcHcViK0r0a7xOlOarHgYv 		False
...
C:\Program Files\Remote Utilities - Host\rfusclient.exe 5.47 MB MD5: 848a53dc549be0386e5da0f49700c389
SHA1: e918192d2b5c565a9b2756a1d01070c6608f361c
SHA256: faf0c5e4ef7dbcfd863377c55a4d1d87a3f6a58c13a8a9882e11012066f31976
SSDeep: 49152:fToOPDphyCs76leS+ZdHP0pCDYIHvdddCOQyxdN3AzqT2TNO9jiu5Ky987l:fToOHyCKZ1vdCOQybN3YkiQKBl 		False
...
C:\Program Files\Remote Utilities - Host\Arabic.lg 49.23 KB MD5: e51a34c8198ba9a59e53f0503777e75b
SHA1: 83d93b4a520b08efa14b55c80c5db8f85d5ca9e4
SHA256: 5810c1f2453156015e43dc8844b8463eaa47be877c07834e67723815aa60c5d3
SSDeep: 384:8uSWZIpfcBVSNiDvZI/BMJkb7/DvVVqx8sjXDtnMKhcD66KnLQ+IpvcuDudd3tzu:oaI5M7rhcDx+LnzBs 		False
...
C:\Windows\Installer\30de5.ipi 20.00 KB MD5: e23870ca79aa009cfd47a52b9e3daea4
SHA1: bc46655cb2ddb41f0817af2345e5e9ef99725ce6
SHA256: 2f1110409b520807dafac3d7bda3af563ac70f1e226a713f0a22387c6638e96a
SSDeep: 48:T0scDHcvuheToEzSkdzfdzfIgUIg8UvZF7ieTxpDI8TSkdzYdzyK+Jo7:TBahe/z/IDIMMe3I8T017 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\stdnames_vpd.gpd 8.34 KB MD5: 5da53abe26e7dec28f2596a508068f69
SHA1: a2f08b02c15be2a75045696499a50eccad2f0972
SHA256: 67fefe5e8ef784f61cd6bfcfaa65660d76b12aadcafdd444e54fb74dd3a28bc3
SSDeep: 96:yDkcq9LThAr8J9cogg/QbzUToVPgOOetxM3AzEzWb:NjThm8JC986ITRCzEzc 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\rupui2.exe 172.52 KB MD5: 65c68866b4d28bf39f96143ec40957de
SHA1: c24c1c8323e4a99a3a4c0cc164fb8b62ca0bc0ce
SHA256: 8e663c200e585c094695aa2f3eb93be28708d0a555e9fe372bf0adab6ab6c81b
SSDeep: 1536:rHNLMFvAoLVe7SYJ4dt9W73Ghsiwje8yHPNbIxTT7sqFLE/o0vqaXaO/taOrAjKJ:rhOvZYQ7WusiFvNboZwTT/taOQU1gk 		False
...
C:\Program Files\Remote Utilities - Host\webmvorbisdecoder.dll 366.02 KB MD5: 2943b9910b1c7cc04024888502885256
SHA1: e2ac697a558fa85ff4c9e2bb114138870a80f146
SHA256: 78115050f4e99372fc10b19a14af60e623ddfda224c8e96340cb5d8166507e2b
SSDeep: 6144:EaoH9sDRlDLD0GDkEp00tc6TKUOmrRK1jRsAOO04sAO88RtwgV:goPH0GgEp0gVd1ValsQXsHzV 		False
...
C:\Program Files\Remote Utilities - Host\German.lg 54.82 KB MD5: 42b83b0d09167cb42582b5f830b44ebb
SHA1: a9d5d467643aca034a983ebbb595d2fedd19062a
SHA256: 56b73a451ecc9d3f99892b397ef1b5006b6f9296765d01fbdc7fc3d979400bbd
SSDeep: 384:BWOrmAW/HVZK8sEy8hsNrcbzfwA/AlcLwhi55cR5WC/N4JdGy2TSZEQiNtp34hBc:pXW/0rcbjtlwhJR5j/2JdF2WeNtp3etS 		False
...
C:\Windows\Installer\30dea.ipi 24.00 KB MD5: d802ddd04a850b75448fd86eb3d729ba
SHA1: 5a4da634628525a22eb0fcd1f2502bcbf02c810a
SHA256: 4962ce82cf9563a9ff984c00e8058f16acab7faf9a35be1b1ca6672328e70fa9
SSDeep: 96:1URykWhDeto5aMTXkXiXxfrLtySjqlCMTXkXiXxfrL6m:18aC25Xfjqls 		False
...
C:\Program Files\Remote Utilities - Host\Japanese.lg 42.14 KB MD5: 58319662af8f62390737c9df99f23dba
SHA1: 19d0549605e76343555a3486aac9b072fe47e878
SHA256: 4df73b25972b4388f2ffe70b88d4cfc739aed58dc0a72163b96cd407eb8d4388
SSDeep: 384:FOcgi7ScbYvKxPLpAgwCMH9yL/VcdnQZfGl/8gUeFmNyEQvxQpdX2vSV:llQKxTpAgcIu4f8UeLqV 		False
...
C:\Program Files\Remote Utilities - Host\English.lg 52.83 KB MD5: 6396e5ade56e4f45c4f59ca210385f58
SHA1: 88f8778e8f960001ee558255e22418d8ea17446a
SHA256: fe57254a0c2a3593d618bea7d43074c7b637ec3021f0b51073c0d95f65bae882
SSDeep: 384:bKrZjali4EH/1NesnYQ90NfOgisWZBAosFwmlefDYsOsFPJjs1TqjB:e22TZGvlefH7x 		False
...
C:\Program Files\Remote Utilities - Host\Spanish.lg 54.96 KB MD5: 542fb52c74f0f92c5cbe734cf75145b5
SHA1: 6bca28849913bf4f61b3d48791737a00f9718ee7
SHA256: c157ce11631f26462c764bab24b0700f019a2213b36a92002d886d156afa7b03
SSDeep: 384:VLBpSitsBwgxNMJN44gwUnz4j9U+u/ISQh1kSXZC1Zt/bqdDEp9lg0yBrJFuZj6P:FNPaNfWNJcZqwGCYO3S 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\aicustact.dll 90.62 KB MD5: 6a9c36332255fca66c688c75aa68e1de
SHA1: 2a03e2a5e6a8d9e2b0cfb4e2cc1923d9c08578c1
SHA256: 7b7ebada5da99a20c44eaf77e6d673985da42d9b7cb4f5e4235b7579581ae170
SSDeep: 1536:pysRX1fpScTNumPTXhMw+m3/3Uw5VJdK5KviuWyVstdEpH:jXtpSchuqP3Z5VJZVDp 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\Prereq.dll 295.12 KB MD5: b831569a917e0e543fccdf3672c7a10e
SHA1: df1e395dc41ab8d1ae9401e4d2181fdfa24623cd
SHA256: e2d7938bea1174359bac78d610678ba586db58fab70901ba287623560a9a9fe6
SSDeep: 6144:InoEknCuM9Rhyj06nqdsbEsE/Cl3xo4hTUR/b8+:IoEknjM9Ren1bEsEKl3xonRD8+ 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\VPDAgent.exe 200.52 KB MD5: 99f58392eaac2a939c74063f654ce047
SHA1: f92473806edb447cc5387739adbc293a5eb20326
SHA256: 1ab16655e3f91d66667b62319d735f334191f9ff66d0bd1dcf9437221438f584
SSDeep: 6144:0RfBITBF/zFWCNgzjXZbx/9XDHPnahPf8MmthzSENJbStUwzJgV:cfoBF/zFWCNgzjXZbxlXDHPnahPf8MmH 		False
...
C:\Program Files\Remote Utilities - Host\Chinese Simplified.lg 37.10 KB MD5: 844e2b8e4ad580ff845402a6b3b88846
SHA1: 1e76d2008eee1a896d207dd9c3c1a504dc9d06de
SHA256: 4d646a6af146c05cdb4644f62605cb40196595e6ed3aabcaf92e7d081c4eebf1
SSDeep: 768:w4ZeAyS/v3c0kjkcpH7O0ne68XPfHynIlxBQk6WoB:fZeA5voj/Y/HHyv 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\rup.gpd 14.32 KB MD5: 151f3af412abd6bf05d160a70f8873d8
SHA1: 0efcf48401d546ce101920496dcbbf3ab252ee87
SHA256: 4c21b9663120b494d0f5112eb5f9e0aab4b659a5bf5d5301ee4d5a98abb20f25
SSDeep: 384:U1EQCc2g2N2A2X2Y2j2+2BgQzaZah25Dy:3RLormTqdB1aZzy 		False
...
C:\Program Files\Remote Utilities - Host\Danish.lg 52.64 KB MD5: ab723f51a48801456d39bb48396beada
SHA1: a721d0afa24cbfb99c97431be42113426ab6638f
SHA256: 3db7b110d7df4402b0ac207d28debb735cfd476ef42c2f71bbba5108a0b96da5
SSDeep: 384:gT1z3OH0gvqC4T1AIP28VpsjIvAAcs1jrnLA7lFTt9jMAlI4r:DHqTv5jruTtD 		False
...
C:\Program Files\Remote Utilities - Host\Monitor\x64\drvinstaller64.exe 218.52 KB MD5: bf25bed1f6c00110503ae135e500ebdf
SHA1: 4ac12609265f47f75f2cdbe0fa0bf313cfe5e149
SHA256: 5517516030166606f2bdcd34a4990dee896a22be1fc23c700fc16743520c519a
SSDeep: 1536:7UYAqkUIVQaz5e3fdDJVBbM4L6LG1F33AknTZ9IM3eFyINtiR+uqPXJeyr3XLT5S:lA1UIVuNJ3V+kRsoyrXLTvDLS2Ofogz 		False
...
C:\Program Files\Remote Utilities - Host\webmmux.dll 261.02 KB MD5: 026d12b240e081794c730c1ed24a6f33
SHA1: bb6c0544ecc2c8db68b23b8e4feab5b3261b4666
SHA256: d639adb51c6e3ee8c249d11eb8db606ba2aa37d4f12f80f2b9685d8f560984bf
SSDeep: 3072:BW218gr7s2yIHB0pTPdTX9zUbEbStE97zjAs1RtTcJTfIv0se7POWu/HgsGU1VTB:BWSfr7sXSmPDbKPJ6/AsNk+ZgAl 		False
...
C:\Program Files\Remote Utilities - Host\EULA.rtf 49.55 KB MD5: 722fe688f60b4649265f5177a8c0c0ca
SHA1: 9532e0de2b2d1eeacc19f15602904ae14231df6b
SHA256: 2e551329bf8cb93e665c17bac916776d75091ff190b7ccff8a48fb0de0d582b5
SSDeep: 384:p7hqMNkNVhaaU1/6tMIENPtQXj9/RXGMQchPmP9tjkJ7Olh2uk4wYi6rGs85sxX5:p7qZMIENPkjdR2MQchuP7jkJN/dsxyu 		False
...
C:\Program Files\Remote Utilities - Host\Chinese Traditional.lg 37.35 KB MD5: 420f3450e1dbf4ecbe48125bef79155e
SHA1: eedd628146fe8722aa8f5a9cc9a84ff86bc403ee
SHA256: ac397a585dd2e48f8ee01d2e50d4d87e138d24d6f6f7c442507feab796c3a9ed
SSDeep: 768:YP1tFWwXC1a0ogJWbXcTRB4N24nXX3G6FnVxCn3be+4:Y9t/C1atb1XHG6qU 		False
...
C:\Program Files\Remote Utilities - Host\vp8decoder.dll 381.02 KB MD5: 381f1b7d8f7da904827980dae02f77a9
SHA1: 81d4d5724533b26391301be2b462f580395d5485
SHA256: f14dab0b9f18aced330729b4a772e6b139817be01783b97b92e9af5fc26615d2
SSDeep: 6144:JIIDyjBnydesbWoiwS7dVIclCzoqHO/gCaEkkH8TuX6RTrWD4siZMZ+LG4IPWwcW:JI8tiDOzyH9H8Tu6h04fZMZoMPuvf8r 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\ruppm.dll 56.02 KB MD5: fcb5be7562659b998cdd84a1eecc1532
SHA1: 519cfebeb99981f8a58ae44ea47a361fd1fcd4f1
SHA256: 524209869f6428f5c2da7f8a3c18fdb4f028a553f9ef2f09cbc4ab7743b31c5b
SSDeep: 768:639rZiJf4Fqj9IarpbsMUxbkTKkl+CvtZLkVSXUopD2PGos3+U/g2PKgDvWr:Hj9IarpbsMUxbWKGztZoVSND0z2ZgYpg 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\unidrvui_rup.dll 738.52 KB MD5: 5068f38eb382ad52f03a77b3848fa3ed
SHA1: 3b8dedceeb87b9a8b577767a581e0101efaff067
SHA256: 5d8b6fb32894d41d2fda5a22c755bdea5864eb7078cec0943da474a8f24e2c04
SSDeep: 12288:PlIoM3g2e9Bg7Lg3yfKDPc97QpAxuKdwSGnZGxKW:PvM36KkyCLW7QCwSGoKW 		False
...
c:\users\eebsym5\appdata\local\temp\~df54fa1b59b3d37990.tmp 72.00 KB MD5: d079f7f21a3728ef492cd65f5f4b2524
SHA1: 51bdb9a0e235ecc3d74e04dbb013f8b7943c5680
SHA256: c5ec80345a8bc09f47782c1aac001a97152e7c405b9d786e55e9f9f711c64325
SSDeep: 96:vH9qlCMTXkXiXxfrLv5aMTXkXiXxfrLtySYt:/9qld5Xfo 		False
...
C:\Program Files\Remote Utilities - Host\Swedish.lg 52.10 KB MD5: 6b46297240dfc309a99b133e94c916c3
SHA1: ce4f36af4cbf6ebd15cf6e0e6dc8b72e61872027
SHA256: 88f45f3cc9999a1e35967cd7f33d2d15c0c31b13336fbf93e754e1af8903d9c1
SSDeep: 768:uExwiB90PPNythEEnIzmO250yOXu5sYA4YnXt:uni2PNytCEnIzmO2QXu5sYA4YnXt 		False
...
C:\Program Files\Remote Utilities - Host\French.lg 56.07 KB MD5: 7c2276331e1e744cf702858fbb041039
SHA1: a5c7c0067a96b7e8cd11d8b3c205494147a2da4e
SHA256: 0b05f6ada359e0c3295d32087874bf2888e60400fe3a9ec4d54a849031bfe915
SSDeep: 384:uGTDMQmpXpiwV+Bcp7D6AfZbKrHt/Adyu+AFeM12yATQHwUZAOqSA+lFS:PC1X2gyO13HbHY 		False
...
C:\Program Files\Remote Utilities - Host\Monitor\x64\lockscr.inf 1.74 KB MD5: a4e8736aa55b109b40c786a637991116
SHA1: 20c1b886361974bcb608a79b2fd7598092ae821b
SHA256: 097c3da78321ac553966d4ebabfe1a533dbb1b383010ebf165eede9c631dc6dd
SSDeep: 48:jshukkXFbsf0tz6Joq7mgHwuMgHPgHKJDWlFVfXj07J:jMYQi6JoimIMsRJDWlFZIl 		False
...
c:\users\eebsym5\appdata\local\temp\~df22707f64d7b3e78b.tmp 72.00 KB MD5: ae7fabbe080fb69b1c25a0fa6cac36a1
SHA1: 6826fa13794056b16d94beff6612dba0838b27c8
SHA256: ea099bf41805ea7f60bd55747a723223bca45cac86c88048586cdbd271b78327
SSDeep: 48:4o7ZEl7SkdzYdzvSkdzfdzfIgUIg8UvZF7ieTxpDI8svTo4:97mBm/IDIMMe3I8svZ 		False
...
C:\Program Files\Remote Utilities - Host\Monitor\x86\lockscr.inf 1.74 KB MD5: 22d30a038b3db6ef939bb05f697eb3d4
SHA1: 7e76546c510fd6a2aab96592f4b1a5a40eca74bc
SHA256: 1f9fe7037c44ba4fd44e15b8cfabe79265331d6ae146045fa15e2c02c6212c1a
SSDeep: 48:jshGkkXFbsf0tz6Joq7mgHwuMgHPgHKJDWlFVfXj07J:jMwQi6JoimIMsRJDWlFZIl 		False
...
c:\users\eebsym5\appdata\local\temp\~df79f05337c4b95565.tmp 0.50 KB MD5: bf619eac0cdf3f68d496ea9344137e8b
SHA1: 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256: 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SSDeep: 3:: 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\rupui.dll 27.02 KB MD5: 06fbee958a668325bb760204e70563cc
SHA1: 5f364d4c80eddc1b2e286ea6fa42898eb0171a9d
SHA256: e3cccf9d3d72d446b375b1ddc99c54aeb0bb303f4580ae5541886bb2ab36c12f
SSDeep: 768:WmK+cIcN08XOJVrPULt1gvshDE0qmYl47g2PKgY:6+BcNXeJV0DlB7gY2 		False
...
C:\Program Files\Remote Utilities - Host\Czech.lg 52.96 KB MD5: d39727c9980021059a0f2073277e039e
SHA1: a59b8f6d517741a8cf8c88cbb9bc7ddfa8879f75
SHA256: f1900d97610996e7a71c354f3899c26324e5a5493374a4d697558e4c4f669257
SSDeep: 1536:O0vOy1dWVToDCWJRxHHO4hspLBPxrEXvLZJKQn6TYbjL6bgC+cYP2k:O0vOy1dWVToDCWJRxHHO4hspVPxrEXvd 		False
...
C:\Program Files\Remote Utilities - Host\Portuguese.lg 54.77 KB MD5: 18e6affb3bee46aeaf86efb1977f358b
SHA1: 0df0b1fb0e3e59bc2f52d2a2bdadd29bf0adebc7
SHA256: c6e7b98ea6fd6bd60d26c46ba6432000cf4c47c5ba137fb63e905cfc2b3d36ba
SSDeep: 768:KBj5qg4szsX0erv9Xp3TV8yz5FJhD1sWnqzFu9nwd49ZJnE:0MYCvd0G3ZJE 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\ntprint.inf 9.47 KB MD5: 6476f7217d9d6372361b9e49d701fb99
SHA1: e1155ab2acc8a9c9b3c83d1e98f816b84b5e7e25
SHA256: 6135d3c9956a00c22615e53d66085dabbe2fbb93df7b0cdf5c4f7f7b3829f58b
SSDeep: 192:jxUPudWfG9sPEd5yVplXhzPGeQ6cGIDGzBs+2o5WcicJXoNaTXy:jyxFeGIDIFXoNT 		False
...
\\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi 973.00 KB MD5: faefe083c40bc8a079c200424386f000
SHA1: 3ac616ee5902e23ead8ae3b252080a3f2097135e
SHA256: fe01fe7743184d35430f0f1439e826bb6e6e40c74401da017e3db3dd8166a6ec
SSDeep: 24576:P8FsyPEkYoSsnl3xonRD8PuLmmLM8PjWJ+SkJO:P86voSsl3xonRD8PuLjLhPSJ+SkJ 		False
...
C:\Program Files\Remote Utilities - Host\Portuguese, Brazilian.lg 54.60 KB MD5: 119f5f60b0d87bd3a9e34eefe510cead
SHA1: 07835dce1a48d571d1e8a5a4ff1f47f44bac3992
SHA256: b9793f0ede71f259dc242c926cdc8f70fdb241a8a0f22c7206fb51b7e0a43002
SSDeep: 384:1ZxUvMzwgsBD5ujNuKXXXx2WGOwZD13jQjgmYc/+nxSIdIJTN/JmG:rIOaupD3xOOREmonxwTNX 		False
...
C:\Program Files\Remote Utilities - Host\Monitor\x64\lockscr.cat 8.68 KB MD5: a9790fa84c8d1511f3b7f9dc4c97435f
SHA1: 0342a477e0a8779ad05e716f4d563ff676e1b2a4
SHA256: beb45913bc014d70ceb9e061b9683de36fe3d000f425c4df6151be1a37c6fb0c
SSDeep: 192:enYe+PjPJdZubhlCVuuImqAZscF8Bd1LM4L4Zyi:enYPLXZgwgAZsHLM4E 		False
...
c:\system volume information\spp\snapshot-2 2.83 KB MD5: ea43249a6f35f72835a9e0b5126ae002
SHA1: ffe78df566e2b37cdf4bb469cae4d29c1e7c876a
SHA256: 2e0103284803513abb6ab3fbc6c350b63e170bafb5724b206ba1476fab8b7e79
SSDeep: 48:Xz9n+a6k38R6k3x9PrZRE85iGqKrGqdezYGqj1xs+jcPufeGp9bR1fOIgBKRBQ0V:jt+f2v23tcDKrDo0DjI4HzXOHBKQq 		False
...
C:\Program Files\Remote Utilities - Host\RWLN.dll 967.02 KB MD5: 534d6f176f6cbc725f9e7db8028cd3f7
SHA1: 35b53f2e344f4a908a551409d018a91dc58100d5
SHA256: e713f288a46aad762f76c945467bb3ea7c84edfc56cec1c4c1b40d9f919bdcc0
SSDeep: 12288:+EWFAQWGdxKCe/7BL83fQdRQ0TESX+EHjggwPzN:/ZG9e/tLHu0TESX+EHjKzN 		False
...
C:\Program Files\Remote Utilities - Host\Polish.lg 53.29 KB MD5: da9d399b473ccff29e6e8f9a5723cbfb
SHA1: d878b4206aaf64384162e96673845e913db34c69
SHA256: b885b4e1e7bea7c202c71313a60774143dd7cc18d1a0ec8412b47d53016ea3f3
SSDeep: 768:FlnI42juO0ISxfcndYoIw+hPj6Ewz0EMlkHYoTZ:FZg 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\rup.ini 0.04 KB MD5: ec01a42770693558a18ba4c72d9ada05
SHA1: 484bd82cabc1c6ecc8214b3c8e57258755725d79
SHA256: e1113b0f0daa2ce44dcc01dabfd8bdff21630c724a333868c87fb9822e60ebed
SSDeep: 3:z8ANyq3jIrc:z8cy2Ec 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\install.cmd 0.06 KB MD5: 23ada030ee52b855789e8fb0db6b5c4b
SHA1: 1f5b1274d7f86fbe2675c9c702196711de2a6d50
SHA256: e7ad95fc7303838383f6fddea9615bb70de8579f53e5df581c1557a01c37ce5e
SSDeep: 3:6L6Vm4uWkVm4uW5Bn:g6VmHpVmHiB 		False
...
C:\Program Files\Remote Utilities - Host\Korean.lg 40.54 KB MD5: dc4e41d98050548860bf92ca11345962
SHA1: 259fc2aa4622e202799bbb5d352e57da47a6988f
SHA256: 87ada3f861a2b04e39f633218b791cc9e08200dafe96b85538c2ce402fe1f0db
SSDeep: 384:Xj+dvdrVVSEriZidLa515S7tQKnZ+r8x1ubapR+YY6vviE5z/:yrRILS1bJnd 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\srvinst.exe 104.52 KB MD5: 79426fca71d40afb2d439574a716c07b
SHA1: c1015f2f39854df8db6ab2d5266fa5cdf1a0a90f
SHA256: 4bfe323c5b6fe21dc3247b764a6eb22d3ee8f682a412e99cb396f70153f0d014
SSDeep: 1536:PRanzPJhmWbR0e1/lbCV2bbtKb4Q08dNT7Itpfh+vtq1gYy:IzPOa0e195bt8pRAfhgtq1gf 		False
...
C:\Program Files\Remote Utilities - Host\Monitor\x86\lockscr.cat 8.68 KB MD5: d3710d7c70cdea8ced943458b2206bad
SHA1: d9851beae95f6035fd074706fccfd9cb8fecbc24
SHA256: 54a00f5913185f05d2011de575da343c64fac54e7a857ab5f066e68ab11368ef
SSDeep: 192:QKnYe+PjPJdZubhlCVuuImqAZscF8Bd1LM4X/g:QKnYPLXZgwgAZsHLM4o 		False
...
C:\Windows\Installer\30de5.ipi 20.00 KB MD5: 84abf78f611bc447e180ee4d9f2b5214
SHA1: 7fd8a7c777c71f2a6058f9ea56d96737cc9138db
SHA256: fe41866248a23b66bf1731eaa5b0af2d6e0f69fbb5dc0020652e6b943e3e8e4a
SSDeep: 48:y1kwGvcxzvuhUbeToEzSkdzfdzfIgUIg8UvZF7ieTxpDI8TSkdzYdzyK+Jo7:yqwG+6hge/z/IDIMMe3I8T017 		False
...
C:\Windows\Installer\MSIA089.tmp 153.21 KB MD5: 52185b209cfdb02d88b4a40a4bdf0911
SHA1: aa35fedfeefbee93bcca5a30feed8d240e2d1c95
SHA256: 756543551f27e9450dcf0ffdd10cd44af6fd0e8dbca037dee5b575683d5a9492
SSDeep: 1536:Ae5evr0fQtkUlPeG+U+n4PtjrqzN/cWJQaqYAJmmD+e7cKsWjcdlsKc8rlq6W9Eq:AievrFt0KyqmDqFJr+egmKc8rANw+ 		False
...
C:\Program Files\Remote Utilities - Host\Printer\x86\uninstall.cmd 0.08 KB MD5: 2c6ec773a407fd9bcba6fd1a273912c9
SHA1: 1fe0b0b8dd115fa853e193c4d6cc8882992cbdaa
SHA256: ad608f5672b2310308bf84919d4e2202a53e99854a4a0945ee38bacbb6ef8e72
SSDeep: 3:GKW3CvTzIcLW4NvaLuA:vsCvocLdNvAuA 		False
...
C:\Program Files\Remote Utilities - Host\Monitor\x64\lockscr.sys 15.53 KB MD5: 5ccfe71b2ef1b5df69bf50885b84128f
SHA1: 79ecfa80fb565cb59a64a1d316d52b57ebe2cd4e
SHA256: 6b4e94a66e1325aa746da3a0a34f1b3618a1ab008d9187c604e620e52f8b21ed
SSDeep: 192:fJxu7TS2JihqS+nWvnYe+PjPJdZubhlCVuuImqAZscF8Bd1LcdUf:fPu7YUmnYPLXZgwgAZsHLcWf 		False
...
Threads
Thread 0xa58
42 0
»
Category Operation Information Success Count Logfile
System Sleep duration = -1 (infinite) True 3
Fn
Module Load module_name = Msi.dll, base_address = 0x6f040000 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = QueryInstanceCount, address_out = 0x6f052ae2 True 1
Fn
System Sleep duration = -1 (infinite) True 1
Fn
Module Load module_name = Msi.dll, base_address = 0x6f040000 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = QueryInstanceCount, address_out = 0x6f052ae2 True 1
Fn
System Sleep duration = -1 (infinite) True 1
Fn
Module Load module_name = Msi.dll, base_address = 0x6f040000 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = QueryInstanceCount, address_out = 0x6f052ae2 True 1
Fn
System Sleep duration = -1 (infinite) True 2
Fn
Module Load module_name = Msi.dll, base_address = 0x6f040000 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = QueryInstanceCount, address_out = 0x6f052ae2 True 1
Fn
System Sleep duration = -1 (infinite) True 1
Fn
Module Load module_name = Msi.dll, base_address = 0x6f040000 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = QueryInstanceCount, address_out = 0x6f052ae2 True 1
Fn
System Sleep duration = -1 (infinite) True 1
Fn
Module Load module_name = Msi.dll, base_address = 0x6f040000 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = QueryInstanceCount, address_out = 0x6f052ae2 True 1
Fn
System Sleep duration = -1 (infinite) True 2
Fn
Module Load module_name = Msi.dll, base_address = 0x6f040000 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = QueryInstanceCount, address_out = 0x6f052ae2 True 1
Fn
System Sleep duration = -1 (infinite) True 1
Fn
Module Load module_name = Msi.dll, base_address = 0x6f040000 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = QueryInstanceCount, address_out = 0x6f052ae2 True 1
Fn
System Sleep duration = -1 (infinite) True 1
Fn
Module Load module_name = Msi.dll, base_address = 0x6f040000 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = QueryInstanceCount, address_out = 0x6f052ae2 True 1
Fn
System Sleep duration = -1 (infinite) True 2
Fn
Module Load module_name = Msi.dll, base_address = 0x6f040000 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = QueryInstanceCount, address_out = 0x6f052ae2 True 1
Fn
System Sleep duration = -1 (infinite) True 1
Fn
Module Load module_name = Msi.dll, base_address = 0x6f040000 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = QueryInstanceCount, address_out = 0x6f052ae2 True 1
Fn
System Sleep duration = -1 (infinite) True 1
Fn
Module Load module_name = Msi.dll, base_address = 0x6f040000 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = QueryInstanceCount, address_out = 0x6f052ae2 True 1
Fn
System Sleep duration = -1 (infinite) False 1
Fn
Thread 0xa50
22 0
»
Category Operation Information Success Count Logfile
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\OLE32.DLL, base_address = 0x76750000 True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoImpersonateClient, address_out = 0x7675fed0 True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoRevertToSelf, address_out = 0x76760065 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = DllGetClassObject, address_out = 0x6f06183e True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoCreateInstance, address_out = 0x76799d0b True 1
Fn
COM Create interface = 00000146-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = CreateRestrictedToken, address_out = 0x76a33148 True 1
Fn
System Get Time type = Ticks, time = 116860 True 1
Fn
Module Get Filename module_name = c:\windows\system32\msi.dll, process_name = c:\windows\system32\msiexec.exe, file_name_orig = C:\Windows\system32\msi.dll, size = 260 True 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\SHLWAPI.DLL, base_address = 0x76e10000 True 1
Fn
Module Get Address module_name = c:\windows\system32\shlwapi.dll, function = UrlIsW, address_out = 0x76e26763 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, value_name = NoDrives, data = 0, type = REG_NONE False 1
Fn
File Get Info filename = C:\Windows\system32, type = file_attributes True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetFileAttributesExW, address_out = 0x7695273d True 1
Fn
File Get Info filename = C:\Windows\system32\MsiExec.exe, type = file_attributes True 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Process Create process_name = C:\Windows\system32\MsiExec.exe, os_pid = 0xa6c, creation_flags = CREATE_NORMAL_PRIORITY_CLASS, CREATE_UNICODE_ENVIRONMENT, show_window = SW_HIDE True 1
Fn
System Sleep duration = -1 (infinite) True 1
Fn
Thread 0xa4c
506 0
»
Category Operation Information Success Count Logfile
Module Get Address module_name = c:\windows\system32\msi.dll, function = DllGetClassObject, address_out = 0x6f06183e True 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\RPCRT4.DLL, base_address = 0x75680000 True 1
Fn
Module Get Address module_name = c:\windows\system32\rpcrt4.dll, function = I_RpcBindingInqLocalClientPID, address_out = 0x756b2019 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = DllGetClassObject, address_out = 0x6f06183e True 1
Fn
Mutex Open mutex_name = Global\_MSIExecute, desired_access = SYNCHRONIZE True 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\TSAPPCMP.DLL, base_address = 0x0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Windows\Installer False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 1
Fn
System Get Time type = Ticks, time = 148544 True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoGetCallContext, address_out = 0x7676b385 True 1
Fn
User Lookup Privilege privilege = SeCreateTokenPrivilege, luid = 2 True 1
Fn
User Lookup Privilege privilege = SeAssignPrimaryTokenPrivilege, luid = 3 True 1
Fn
User Lookup Privilege privilege = SeLockMemoryPrivilege, luid = 4 True 1
Fn
User Lookup Privilege privilege = SeIncreaseQuotaPrivilege, luid = 5 True 1
Fn
User Lookup Privilege privilege = SeUnsolicitedInputPrivilege, luid = 0 False 1
Fn
User Lookup Privilege privilege = SeMachineAccountPrivilege, luid = 6 True 1
Fn
User Lookup Privilege privilege = SeTcbPrivilege, luid = 7 True 1
Fn
User Lookup Privilege privilege = SeSecurityPrivilege, luid = 8 True 1
Fn
User Lookup Privilege privilege = SeTakeOwnershipPrivilege, luid = 9 True 1
Fn
User Lookup Privilege privilege = SeLoadDriverPrivilege, luid = 10 True 1
Fn
User Lookup Privilege privilege = SeSystemProfilePrivilege, luid = 11 True 1
Fn
User Lookup Privilege privilege = SeSystemtimePrivilege, luid = 12 True 1
Fn
User Lookup Privilege privilege = SeProfileSingleProcessPrivilege, luid = 13 True 1
Fn
User Lookup Privilege privilege = SeIncreaseBasePriorityPrivilege, luid = 14 True 1
Fn
User Lookup Privilege privilege = SeCreatePagefilePrivilege, luid = 15 True 1
Fn
User Lookup Privilege privilege = SeCreatePermanentPrivilege, luid = 16 True 1
Fn
User Lookup Privilege privilege = SeBackupPrivilege, luid = 17 True 1
Fn
User Lookup Privilege privilege = SeRestorePrivilege, luid = 18 True 1
Fn
User Lookup Privilege privilege = SeShutdownPrivilege, luid = 19 True 1
Fn
User Lookup Privilege privilege = SeDebugPrivilege, luid = 20 True 1
Fn
User Lookup Privilege privilege = SeAuditPrivilege, luid = 21 True 1
Fn
User Lookup Privilege privilege = SeSystemEnvironmentPrivilege, luid = 22 True 1
Fn
User Lookup Privilege privilege = SeChangeNotifyPrivilege, luid = 23 True 1
Fn
User Lookup Privilege privilege = SeRemoteShutdownPrivilege, luid = 24 True 1
Fn
User Lookup Privilege privilege = SeUndockPrivilege, luid = 25 True 1
Fn
User Lookup Privilege privilege = SeSyncAgentPrivilege, luid = 26 True 1
Fn
User Lookup Privilege privilege = SeEnableDelegationPrivilege, luid = 27 True 1
Fn
User Lookup Privilege privilege = SeManageVolumePrivilege, luid = 28 True 1
Fn
User Lookup Privilege privilege = SeImpersonatePrivilege, luid = 29 True 1
Fn
User Lookup Privilege privilege = SeCreateGlobalPrivilege, luid = 30 True 1
Fn
System Get Time type = Local Time, time = 2018-08-28 08:28:12 (Local Time) True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = ComSpec, data = %SystemRoot%\system32\cmd.exe, type = REG_EXPAND_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = FP_NO_HOST_CHECK, data = NO, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = OS, data = Windows_NT, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = Path, data = %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\, type = REG_EXPAND_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = PATHEXT, data = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = PROCESSOR_ARCHITECTURE, data = x86, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = TEMP, data = %SystemRoot%\TEMP, type = REG_EXPAND_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = TMP, data = %SystemRoot%\TEMP, type = REG_EXPAND_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = USERNAME, data = SYSTEM, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = windir, data = %SystemRoot%, type = REG_EXPAND_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = PSModulePath, data = %SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\, type = REG_EXPAND_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = NUMBER_OF_PROCESSORS, data = 1, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = PROCESSOR_LEVEL, data = 6, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = PROCESSOR_IDENTIFIER, data = x86 Family 6 Model 94 Stepping 3, GenuineIntel, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = PROCESSOR_REVISION, data = 5e03, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Environment True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_CURRENT_USER\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_CURRENT_USER\Environment True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Environment, value_name = TEMP, data = %USERPROFILE%\AppData\Local\Temp, type = REG_EXPAND_SZ True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Environment, value_name = TMP, data = %USERPROFILE%\AppData\Local\Temp, type = REG_EXPAND_SZ True 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\USERENV.DLL, base_address = 0x74a30000 True 1
Fn
Module Get Address module_name = c:\windows\system32\userenv.dll, function = CreateEnvironmentBlock, address_out = 0x74a31a7a True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Environment Set Environment String name = ALLUSERSPROFILE True 1
Fn
Environment Set Environment String name = APPDATA True 1
Fn
Environment Set Environment String name = CommonProgramFiles True 1
Fn
Environment Set Environment String name = COMPUTERNAME True 1
Fn
Environment Set Environment String name = ComSpec True 1
Fn
Environment Set Environment String name = FP_NO_HOST_CHECK True 1
Fn
Environment Set Environment String name = LOCALAPPDATA True 1
Fn
Environment Set Environment String name = NUMBER_OF_PROCESSORS True 1
Fn
Environment Set Environment String name = OS True 1
Fn
Environment Set Environment String name = Path True 1
Fn
Environment Set Environment String name = PATHEXT True 1
Fn
Environment Set Environment String name = PROCESSOR_ARCHITECTURE True 1
Fn
Environment Set Environment String name = PROCESSOR_IDENTIFIER True 1
Fn
Environment Set Environment String name = PROCESSOR_LEVEL True 1
Fn
Environment Set Environment String name = PROCESSOR_REVISION True 1
Fn
Environment Set Environment String name = ProgramData True 1
Fn
Environment Set Environment String name = ProgramFiles True 1
Fn
Environment Set Environment String name = PSModulePath True 1
Fn
Environment Set Environment String name = PUBLIC True 1
Fn
Environment Set Environment String name = SystemDrive True 1
Fn
Environment Set Environment String name = SystemRoot True 1
Fn
Environment Set Environment String name = TEMP True 1
Fn
Environment Set Environment String name = TMP True 1
Fn
Environment Set Environment String name = USERDOMAIN True 1
Fn
Environment Set Environment String name = USERNAME True 1
Fn
Environment Set Environment String name = USERPROFILE True 1
Fn
Environment Set Environment String name = windir True 1
Fn
Environment Set Environment String name = ALLUSERSPROFILE, value = C:\ProgramData True 1
Fn
Environment Set Environment String name = CommonProgramFiles, value = C:\Program Files\Common Files True 1
Fn
Environment Set Environment String name = COMPUTERNAME, value = CRH2YWU7 True 1
Fn
Environment Set Environment String name = ComSpec, value = C:\Windows\system32\cmd.exe True 1
Fn
Environment Set Environment String name = FP_NO_HOST_CHECK, value = NO True 1
Fn
Environment Set Environment String name = NUMBER_OF_PROCESSORS, value = 1 True 1
Fn
Environment Set Environment String name = OS, value = Windows_NT True 1
Fn
Environment Set Environment String name = Path, value = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ True 1
Fn
Environment Set Environment String name = PATHEXT, value = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 1
Fn
Environment Set Environment String name = PROCESSOR_ARCHITECTURE, value = x86 True 1
Fn
Environment Set Environment String name = PROCESSOR_IDENTIFIER, value = x86 Family 6 Model 94 Stepping 3, GenuineIntel True 1
Fn
Environment Set Environment String name = PROCESSOR_LEVEL, value = 6 True 1
Fn
Environment Set Environment String name = PROCESSOR_REVISION, value = 5e03 True 1
Fn
Environment Set Environment String name = ProgramData, value = C:\ProgramData True 1
Fn
Environment Set Environment String name = ProgramFiles, value = C:\Program Files True 1
Fn
Environment Set Environment String name = PSModulePath, value = C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ True 1
Fn
Environment Set Environment String name = PUBLIC, value = C:\Users\Public True 1
Fn
Environment Set Environment String name = SystemDrive, value = C: True 1
Fn
Environment Set Environment String name = SystemRoot, value = C:\Windows True 1
Fn
Environment Set Environment String name = TEMP, value = C:\Windows\TEMP True 1
Fn
Environment Set Environment String name = TMP, value = C:\Windows\TEMP True 1
Fn
Environment Set Environment String name = USERNAME, value = SYSTEM True 1
Fn
Environment Set Environment String name = USERPROFILE, value = C:\Users\Default True 1
Fn
Environment Set Environment String name = windir, value = C:\Windows True 1
Fn
Module Get Address module_name = c:\windows\system32\userenv.dll, function = DestroyEnvironmentBlock, address_out = 0x74a31a4e True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Environment Set Environment String name = ALLUSERSPROFILE, value = C:\ProgramData True 1
Fn
Environment Set Environment String name = APPDATA, value = C:\Users\EEBsYm5\AppData\Roaming True 1
Fn
Environment Set Environment String name = CommonProgramFiles, value = C:\Program Files\Common Files True 1
Fn
Environment Set Environment String name = COMPUTERNAME, value = CRH2YWU7 True 1
Fn
Environment Set Environment String name = ComSpec, value = C:\Windows\system32\cmd.exe True 1
Fn
Environment Set Environment String name = FP_NO_HOST_CHECK, value = NO True 1
Fn
Environment Set Environment String name = HOMEDRIVE, value = C: True 1
Fn
Environment Set Environment String name = HOMEPATH, value = \Users\EEBsYm5 True 1
Fn
Environment Set Environment String name = LOCALAPPDATA, value = C:\Users\EEBsYm5\AppData\Local True 1
Fn
Environment Set Environment String name = LOGONSERVER, value = \\CRH2YWU7 True 1
Fn
Environment Set Environment String name = NUMBER_OF_PROCESSORS, value = 1 True 1
Fn
Environment Set Environment String name = OS, value = Windows_NT True 1
Fn
Environment Set Environment String name = PATHEXT, value = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 1
Fn
Environment Set Environment String name = PROCESSOR_ARCHITECTURE, value = x86 True 1
Fn
Environment Set Environment String name = PROCESSOR_IDENTIFIER, value = x86 Family 6 Model 94 Stepping 3, GenuineIntel True 1
Fn
Environment Set Environment String name = PROCESSOR_LEVEL, value = 6 True 1
Fn
Environment Set Environment String name = PROCESSOR_REVISION, value = 5e03 True 1
Fn
Environment Set Environment String name = ProgramData, value = C:\ProgramData True 1
Fn
Environment Set Environment String name = ProgramFiles, value = C:\Program Files True 1
Fn
Environment Set Environment String name = PSModulePath, value = C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ True 1
Fn
Environment Set Environment String name = PUBLIC, value = C:\Users\Public True 1
Fn
Environment Set Environment String name = SystemDrive, value = C: True 1
Fn
Environment Set Environment String name = SystemRoot, value = C:\Windows True 1
Fn
Environment Set Environment String name = TEMP, value = C:\Users\EEBsYm5\AppData\Local\Temp True 1
Fn
Environment Set Environment String name = TMP, value = C:\Users\EEBsYm5\AppData\Local\Temp True 1
Fn
Environment Set Environment String name = USERDOMAIN, value = CRH2YWU7 True 1
Fn
Environment Set Environment String name = USERNAME, value = EEBsYm5 True 1
Fn
Environment Set Environment String name = USERPROFILE, value = C:\Users\EEBsYm5 True 1
Fn
Environment Set Environment String name = windir, value = C:\Windows True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Environment Get Environment String name = _MSI_TEST False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER False 1
Fn
System Get Time type = Local Time, time = 2018-08-28 08:28:12 (Local Time) True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetThreadPreferredUILanguages, address_out = 0x769522d7 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = MsiMsg.dll, base_address = 0x71f40002 True 1
Fn
Module Load module_name = Ntdll.dll, base_address = 0x77230000 True 1
Fn
Module Get Address module_name = c:\windows\system32\ntdll.dll, function = WinSqmIsOptedIn, address_out = 0x77296c03 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = WTSGetActiveConsoleSessionId, address_out = 0x7694480b True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = COMCTL32, base_address = 0x74360000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = InitCommonControlsEx, address_out = 0x743809ce True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoInitialize, address_out = 0x7676b636 True 1
Fn
Window Create class_name = MsiHiddenWindow, wndproc_parameter = 0 True 1
Fn
Mutex Open mutex_name = Global\_MSIExecute, desired_access = SYNCHRONIZE True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoTaskMemAlloc, address_out = 0x7679ea4c True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoTaskMemFree, address_out = 0x767a6f41 True 1
Fn
System Sleep duration = 150 milliseconds (0.150 seconds) True 812
Fn
Module Get Address module_name = Unknown module name, function = RmEndSession, address_out = 0x6c494979 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress, data = C:\Windows\Installer\30de5.ipi, type = REG_SZ True 1
Fn
File Get Info filename = C:\Windows\Installer\30de5.ipi, type = file_attributes True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 1
Fn
Window Create class_name = MsiHiddenWindow, wndproc_parameter = 0 True 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Policies\Microsoft\Windows\Installer False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = SetThreadExecutionState, address_out = 0x7697883d True 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\SAGE.DLL, base_address = 0x0 False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Control Panel\Desktop True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Control Panel\Desktop, value_name = ScreenSaverIsSecure, data = 0, type = REG_NONE False 1
Fn
COM Create interface = 00000146-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress, data = C:\Windows\Installer\30de5.ipi, type = REG_SZ True 1
Fn
File Get Info filename = C:\Windows\Installer\30de5.ipi, type = file_attributes True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress, data = C:\Windows\Installer\30de5.ipi, type = REG_SZ True 1
Fn
File Delete filename = C:\Windows\Installer\30de5.ipi True 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\SFC.DLL, base_address = 0x6e5b0000 True 1
Fn
Module Get Address module_name = Unknown module name, function = SfcIsKeyProtected, address_out = 0x6e5a36cb True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress True 1
Fn
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress True 1
Fn
Registry Delete Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer True 1
Fn
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer True 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\SAGE.DLL, base_address = 0x0 False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER False 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoDisconnectObject, address_out = 0x7676e604 True 1
Fn
System Sleep duration = -1 (infinite) True 1
Fn
System Get Time type = Local Time, time = 2018-08-28 08:29:14 (Local Time) True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = DllGetClassObject, address_out = 0x6f06183e True 1
Fn
Mutex Open mutex_name = Global\_MSIExecute, desired_access = SYNCHRONIZE True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Windows\Installer False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 1
Fn
System Get Time type = Local Time, time = 2018-08-28 08:29:40 (Local Time) True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = ComSpec, data = %SystemRoot%\system32\cmd.exe, type = REG_EXPAND_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = FP_NO_HOST_CHECK, data = NO, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = OS, data = Windows_NT, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = Path, data = %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\, type = REG_EXPAND_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = PATHEXT, data = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = PROCESSOR_ARCHITECTURE, data = x86, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = TEMP, data = %SystemRoot%\TEMP, type = REG_EXPAND_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = TMP, data = %SystemRoot%\TEMP, type = REG_EXPAND_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = USERNAME, data = SYSTEM, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = windir, data = %SystemRoot%, type = REG_EXPAND_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = PSModulePath, data = %SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\, type = REG_EXPAND_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = NUMBER_OF_PROCESSORS, data = 1, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = PROCESSOR_LEVEL, data = 6, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = PROCESSOR_IDENTIFIER, data = x86 Family 6 Model 94 Stepping 3, GenuineIntel, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = PROCESSOR_REVISION, data = 5e03, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Environment True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_CURRENT_USER\Environment True 1
Fn
Registry Enumerate Values reg_name = HKEY_CURRENT_USER\Environment True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Environment, value_name = TEMP, data = %USERPROFILE%\AppData\Local\Temp, type = REG_EXPAND_SZ True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Environment, value_name = TMP, data = %USERPROFILE%\AppData\Local\Temp, type = REG_EXPAND_SZ True 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\USERENV.DLL, base_address = 0x74a30000 True 1
Fn
Module Get Address module_name = c:\windows\system32\userenv.dll, function = CreateEnvironmentBlock, address_out = 0x74a31a7a True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Environment Set Environment String name = ALLUSERSPROFILE True 1
Fn
Environment Set Environment String name = CommonProgramFiles True 1
Fn
Environment Set Environment String name = COMPUTERNAME True 1
Fn
Environment Set Environment String name = ComSpec True 1
Fn
Environment Set Environment String name = FP_NO_HOST_CHECK True 1
Fn
Environment Set Environment String name = NUMBER_OF_PROCESSORS True 1
Fn
Environment Set Environment String name = OS True 1
Fn
Environment Set Environment String name = Path True 1
Fn
Environment Set Environment String name = PATHEXT True 1
Fn
Environment Set Environment String name = PROCESSOR_ARCHITECTURE True 1
Fn
Environment Set Environment String name = PROCESSOR_IDENTIFIER True 1
Fn
Environment Set Environment String name = PROCESSOR_LEVEL True 1
Fn
Environment Set Environment String name = PROCESSOR_REVISION True 1
Fn
Environment Set Environment String name = ProgramData True 1
Fn
Environment Set Environment String name = ProgramFiles True 1
Fn
Environment Set Environment String name = PSModulePath True 1
Fn
Environment Set Environment String name = PUBLIC True 1
Fn
Environment Set Environment String name = SystemDrive True 1
Fn
Environment Set Environment String name = SystemRoot True 1
Fn
Environment Set Environment String name = TEMP True 1
Fn
Environment Set Environment String name = TMP True 1
Fn
Environment Set Environment String name = USERNAME True 1
Fn
Environment Set Environment String name = USERPROFILE True 1
Fn
Environment Set Environment String name = windir True 1
Fn
Environment Set Environment String name = ALLUSERSPROFILE, value = C:\ProgramData True 1
Fn
Environment Set Environment String name = CommonProgramFiles, value = C:\Program Files\Common Files True 1
Fn
Environment Set Environment String name = COMPUTERNAME, value = CRH2YWU7 True 1
Fn
Environment Set Environment String name = ComSpec, value = C:\Windows\system32\cmd.exe True 1
Fn
Environment Set Environment String name = FP_NO_HOST_CHECK, value = NO True 1
Fn
Environment Set Environment String name = NUMBER_OF_PROCESSORS, value = 1 True 1
Fn
Environment Set Environment String name = OS, value = Windows_NT True 1
Fn
Environment Set Environment String name = Path, value = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ True 1
Fn
Environment Set Environment String name = PATHEXT, value = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 1
Fn
Environment Set Environment String name = PROCESSOR_ARCHITECTURE, value = x86 True 1
Fn
Environment Set Environment String name = PROCESSOR_IDENTIFIER, value = x86 Family 6 Model 94 Stepping 3, GenuineIntel True 1
Fn
Environment Set Environment String name = PROCESSOR_LEVEL, value = 6 True 1
Fn
Environment Set Environment String name = PROCESSOR_REVISION, value = 5e03 True 1
Fn
Environment Set Environment String name = ProgramData, value = C:\ProgramData True 1
Fn
Environment Set Environment String name = ProgramFiles, value = C:\Program Files True 1
Fn
Environment Set Environment String name = PSModulePath, value = C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ True 1
Fn
Environment Set Environment String name = PUBLIC, value = C:\Users\Public True 1
Fn
Environment Set Environment String name = SystemDrive, value = C: True 1
Fn
Environment Set Environment String name = SystemRoot, value = C:\Windows True 1
Fn
Environment Set Environment String name = TEMP, value = C:\Windows\TEMP True 1
Fn
Environment Set Environment String name = TMP, value = C:\Windows\TEMP True 1
Fn
Environment Set Environment String name = USERNAME, value = SYSTEM True 1
Fn
Environment Set Environment String name = USERPROFILE, value = C:\Users\Default True 1
Fn
Environment Set Environment String name = windir, value = C:\Windows True 1
Fn
Module Get Address module_name = c:\windows\system32\userenv.dll, function = DestroyEnvironmentBlock, address_out = 0x74a31a4e True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Environment Set Environment String name = ALLUSERSPROFILE, value = C:\ProgramData True 1
Fn
Environment Set Environment String name = APPDATA, value = C:\Users\EEBsYm5\AppData\Roaming True 1
Fn
Environment Set Environment String name = CommonProgramFiles, value = C:\Program Files\Common Files True 1
Fn
Environment Set Environment String name = COMPUTERNAME, value = CRH2YWU7 True 1
Fn
Environment Set Environment String name = ComSpec, value = C:\Windows\system32\cmd.exe True 1
Fn
Environment Set Environment String name = FP_NO_HOST_CHECK, value = NO True 1
Fn
Environment Set Environment String name = HOMEDRIVE, value = C: True 1
Fn
Environment Set Environment String name = HOMEPATH, value = \Users\EEBsYm5 True 1
Fn
Environment Set Environment String name = LOCALAPPDATA, value = C:\Users\EEBsYm5\AppData\Local True 1
Fn
Environment Set Environment String name = LOGONSERVER, value = \\CRH2YWU7 True 1
Fn
Environment Set Environment String name = NUMBER_OF_PROCESSORS, value = 1 True 1
Fn
Environment Set Environment String name = OS, value = Windows_NT True 1
Fn
Environment Set Environment String name = PATHEXT, value = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 1
Fn
Environment Set Environment String name = PROCESSOR_ARCHITECTURE, value = x86 True 1
Fn
Environment Set Environment String name = PROCESSOR_IDENTIFIER, value = x86 Family 6 Model 94 Stepping 3, GenuineIntel True 1
Fn
Environment Set Environment String name = PROCESSOR_LEVEL, value = 6 True 1
Fn
Environment Set Environment String name = PROCESSOR_REVISION, value = 5e03 True 1
Fn
Environment Set Environment String name = ProgramData, value = C:\ProgramData True 1
Fn
Environment Set Environment String name = ProgramFiles, value = C:\Program Files True 1
Fn
Environment Set Environment String name = PSModulePath, value = C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ True 1
Fn
Environment Set Environment String name = PUBLIC, value = C:\Users\Public True 1
Fn
Environment Set Environment String name = SystemDrive, value = C: True 1
Fn
Environment Set Environment String name = SystemRoot, value = C:\Windows True 1
Fn
Environment Set Environment String name = TEMP, value = C:\Users\EEBsYm5\AppData\Local\Temp True 1
Fn
Environment Set Environment String name = TMP, value = C:\Users\EEBsYm5\AppData\Local\Temp True 1
Fn
Environment Set Environment String name = USERDOMAIN, value = CRH2YWU7 True 1
Fn
Environment Set Environment String name = USERNAME, value = EEBsYm5 True 1
Fn
Environment Set Environment String name = USERPROFILE, value = C:\Users\EEBsYm5 True 1
Fn
Environment Set Environment String name = windir, value = C:\Windows True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Environment Get Environment String name = _MSI_TEST False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER False 1
Fn
System Get Time type = Local Time, time = 2018-08-28 08:29:40 (Local Time) True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = COMCTL32, base_address = 0x74360000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = InitCommonControlsEx, address_out = 0x743809ce True 1
Fn
Window Create class_name = MsiHiddenWindow, wndproc_parameter = 0 True 1
Fn
Mutex Open mutex_name = Global\_MSIExecute, desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 150 milliseconds (0.150 seconds) True 18
Fn
System Sleep duration = 300 milliseconds (0.300 seconds) True 352
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress, data = C:\Windows\Installer\30dea.ipi, type = REG_SZ True 1
Fn
File Get Info filename = C:\Windows\Installer\30dea.ipi, type = file_attributes True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 1
Fn
Window Create class_name = MsiHiddenWindow, wndproc_parameter = 0 True 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Policies\Microsoft\Windows\Installer False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\SAGE.DLL, base_address = 0x0 False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Control Panel\Desktop True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Control Panel\Desktop, value_name = ScreenSaverIsSecure, data = 0, type = REG_NONE False 1
Fn
COM Create interface = 00000146-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress, data = C:\Windows\Installer\30dea.ipi, type = REG_SZ True 1
Fn
File Get Info filename = C:\Windows\Installer\30dea.ipi, type = file_attributes True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress, data = C:\Windows\Installer\30dea.ipi, type = REG_SZ True 1
Fn
File Delete filename = C:\Windows\Installer\30dea.ipi True 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\SFC.DLL, base_address = 0x6e5b0000 True 1
Fn
Module Get Address module_name = Unknown module name, function = SfcIsKeyProtected, address_out = 0x6e5a36cb True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress True 1
Fn
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress True 1
Fn
Registry Delete Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer True 1
Fn
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer True 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\SAGE.DLL, base_address = 0x0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\TempPackages False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER False 1
Fn
Environment Get Environment String - True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
System Get Time type = Local Time, time = 2018-08-28 08:29:58 (Local Time) True 1
Fn
Thread 0xbf0
1742 0
»
Category Operation Information Success Count Logfile
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\NETAPI32.DLL, base_address = 0x73c60000 True 1
Fn
Module Get Address module_name = c:\windows\system32\netapi32.dll, function = NetGetJoinInformation, address_out = 0x73c42c3f True 1
Fn
Module Get Address module_name = c:\windows\system32\netapi32.dll, function = NetApiBufferFree, address_out = 0x73c513d2 True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, type = file_attributes True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = StgOpenStorage, address_out = 0x7676480e True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoGetMalloc, address_out = 0x76796265 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\000041091A0090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\000041091A0090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000041091A0090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000041091A0090400000000000F01FEC, value_name = PackageCode, data = 09E55253E54BB364BB67063D0F10146D, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000041091A0090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000041091A0090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109440090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109440090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109440090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109440090400000000000F01FEC, value_name = PackageCode, data = 793FDB9B71F0FD14AAF4ED19CAAABD86, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109440090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109440090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109450090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109450090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109450090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109450090400000000000F01FEC, value_name = PackageCode, data = CE35E2E6EBAB1A14397F4CC2D0AA4584, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109450090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109450090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\000041094B0090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\000041094B0090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000041094B0090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000041094B0090400000000000F01FEC, value_name = PackageCode, data = 622E7EF2B9E975D4D8BFAFF0A297C06F, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000041094B0090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000041094B0090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109510090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109510090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109510090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109510090400000000000F01FEC, value_name = PackageCode, data = 598038F48D734CC46A9A4AF0AC2E4278, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109510090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109510090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109511090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109511090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109511090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109511090400000000000F01FEC, value_name = PackageCode, data = 816FB27986C2BBC45B79CDBF8325D5BA, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109511090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109511090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109610090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109610090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109610090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109610090400000000000F01FEC, value_name = PackageCode, data = B0ACB93F09F14724494C000662AB6D74, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109610090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109610090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109711090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109711090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109711090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109711090400000000000F01FEC, value_name = PackageCode, data = E2321CE91958748448711200E7D20418, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109711090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109711090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109810090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109810090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109810090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109810090400000000000F01FEC, value_name = PackageCode, data = DCB2B6E2CC0FCC1459CCD3D1D78733D3, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109810090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109810090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109910090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109910090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109910090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109910090400000000000F01FEC, value_name = PackageCode, data = 68E9D1251BE6DDA49A1D944C012B3A14, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109910090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109910090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109A10090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109A10090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109A10090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109A10090400000000000F01FEC, value_name = PackageCode, data = 3A206805BD250E64D9784FA6FBAB5FBA, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109A10090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109A10090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109AB0090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109AB0090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109AB0090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109AB0090400000000000F01FEC, value_name = PackageCode, data = 97D6CDA045D281D4D9454C4BA3C92EE0, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109AB0090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109AB0090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109B10090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109B10090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109B10090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109B10090400000000000F01FEC, value_name = PackageCode, data = 04FE7F5818D5F34438C4B429566F1453, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109B10090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109B10090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109C20090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109C20090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109C20090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109C20090400000000000F01FEC, value_name = PackageCode, data = DA7BFABD6A354234FAC72F5F0C2926B3, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109C20090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109C20090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109E60090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109E60090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109E60090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109E60090400000000000F01FEC, value_name = PackageCode, data = C87E8E08986094A4DBC40DEC753C3095, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109E60090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109E60090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109F10090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109F10090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F10090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F10090400000000000F01FEC, value_name = PackageCode, data = 7C5260941519C594E81869350151A817, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F10090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F10090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109F100A0C00000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109F100A0C00000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F100A0C00000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F100A0C00000000000F01FEC, value_name = PackageCode, data = 6352CF3BC32FE0F458E08617C1BB9961, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F100A0C00000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F100A0C00000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109F100C0400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109F100C0400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F100C0400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F100C0400000000000F01FEC, value_name = PackageCode, data = E495777FDAB42534C9D340B6C99F4AA7, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F100C0400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F100C0400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004119110000000000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004119110000000000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119110000000000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119110000000000000000F01FEC, value_name = PackageCode, data = AE5BDB166B0B28A4E98814F1FE57D3D5, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119110000000000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119110000000000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004119750000000000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004119750000000000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119750000000000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119750000000000000000F01FEC, value_name = PackageCode, data = 273A3C03368AD03429880740FF2A72FD, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119750000000000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119750000000000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004119B30000000000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004119B30000000000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119B30000000000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119B30000000000000000F01FEC, value_name = PackageCode, data = 089116C3615AA1D4E87BCD6A5BDC758E, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119B30000000000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119B30000000000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A, value_name = PackageCode, data = E554C16404AD3B9478B14103C87CECFF, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\21EE4A31AE32173319EEFE3BD6FDFFE3 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\21EE4A31AE32173319EEFE3BD6FDFFE3 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\21EE4A31AE32173319EEFE3BD6FDFFE3 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\21EE4A31AE32173319EEFE3BD6FDFFE3, value_name = PackageCode, data = 3514399E1BAE6AD4AA27688CBBE1FDC2, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\21EE4A31AE32173319EEFE3BD6FDFFE3 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\21EE4A31AE32173319EEFE3BD6FDFFE3, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\2246038675C7F37388062DC64EABA251 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\2246038675C7F37388062DC64EABA251 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\2246038675C7F37388062DC64EABA251 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\2246038675C7F37388062DC64EABA251, value_name = PackageCode, data = 425DC3227FCF0DE4BB0F0D2788F16225, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\2246038675C7F37388062DC64EABA251 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\2246038675C7F37388062DC64EABA251, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\22BEFC8F7E2A1793E9ADB411DEFE1C58 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\22BEFC8F7E2A1793E9ADB411DEFE1C58 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\22BEFC8F7E2A1793E9ADB411DEFE1C58 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\22BEFC8F7E2A1793E9ADB411DEFE1C58, value_name = PackageCode, data = 42DF3075D2FB41D4BAF24E510A63E136, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\22BEFC8F7E2A1793E9ADB411DEFE1C58 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\22BEFC8F7E2A1793E9ADB411DEFE1C58, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4755C4440EB6E323B9DD29F2C6C3A440 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4755C4440EB6E323B9DD29F2C6C3A440 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4755C4440EB6E323B9DD29F2C6C3A440 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4755C4440EB6E323B9DD29F2C6C3A440, value_name = PackageCode, data = 3F1CBA45071060E40AA8BCB9C8F5198C, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4755C4440EB6E323B9DD29F2C6C3A440 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4755C4440EB6E323B9DD29F2C6C3A440, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4EA42A62D9304AC4784BF238120754FF False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4EA42A62D9304AC4784BF238120754FF False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4EA42A62D9304AC4784BF238120754FF True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4EA42A62D9304AC4784BF238120754FF, value_name = PackageCode, data = 57BB70F73B3FE8242802F7708B9A2F38, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4EA42A62D9304AC4784BF238120754FF True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4EA42A62D9304AC4784BF238120754FF, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\68AB67CA7DA7FFFFB744AA0000000010 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\68AB67CA7DA7FFFFB744AA0000000010 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\68AB67CA7DA7FFFFB744AA0000000010 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\68AB67CA7DA7FFFFB744AA0000000010, value_name = PackageCode, data = 091E586FC60D5CF4CA046D066347342A, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\68AB67CA7DA7FFFFB744AA0000000010 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\68AB67CA7DA7FFFFB744AA0000000010, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\6E815EB96CCE9A53884E7857C57002F0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\6E815EB96CCE9A53884E7857C57002F0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0, value_name = PackageCode, data = B4E370007AE0BD84C914DF7A9EBB8493, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\838AE285991981530AC5BD9064F286CE False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\838AE285991981530AC5BD9064F286CE False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\838AE285991981530AC5BD9064F286CE True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\838AE285991981530AC5BD9064F286CE, value_name = PackageCode, data = B2DC948BACE96054AB7F12ABB351578E, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\838AE285991981530AC5BD9064F286CE True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\838AE285991981530AC5BD9064F286CE, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\C025571B2A687A53689168CD7369889B False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\C025571B2A687A53689168CD7369889B False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\C025571B2A687A53689168CD7369889B True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\C025571B2A687A53689168CD7369889B, value_name = PackageCode, data = C21C44A45E1638843A5DBCB198CD0247, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\C025571B2A687A53689168CD7369889B True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\C025571B2A687A53689168CD7369889B, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a, value_name = PackageCode, data = 84067013B7B56744BA0F51892982BC09, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\DC8A59DBF9D1DA5389A1E3975220E6BB False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\DC8A59DBF9D1DA5389A1E3975220E6BB False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\DC8A59DBF9D1DA5389A1E3975220E6BB True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\DC8A59DBF9D1DA5389A1E3975220E6BB, value_name = PackageCode, data = 3EB83B319B95F3645B773BEF173ADAA3, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\DC8A59DBF9D1DA5389A1E3975220E6BB True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\DC8A59DBF9D1DA5389A1E3975220E6BB, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\F60730A4A66673047777F5728467D401 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\F60730A4A66673047777F5728467D401 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\F60730A4A66673047777F5728467D401 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\F60730A4A66673047777F5728467D401, value_name = PackageCode, data = 0B95A7D38B9F344439144DA5D002FE78, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\F60730A4A66673047777F5728467D401 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\F60730A4A66673047777F5728467D401, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress False 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, type = file_attributes True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\SRCLIENT.DLL, base_address = 0x6e4e0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\srclient.dll, function = SRSetRestorePointW, address_out = 0x6e4e2ff5 True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, type = file_attributes True 1
Fn
System Get Info type = Windows Directory, result_out = C:\Windows True 1
Fn
File Get Info filename = C:\Windows\Installer, type = file_attributes True 1
Fn
File Get Info filename = C:\Windows\Installer\30de4.msi, type = file_attributes False 1
Fn
File Create filename = C:\Windows\Installer\30de4.msi, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Installer\30de4.msi, type = file_type True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, type = file_attributes True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
System Get Time type = Ticks, time = 200227 True 1
Fn
File Get Info filename = C:\Windows\Installer, type = file_attributes True 1
Fn
File Get Info filename = C:\Windows\Installer\30de4.msi, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\, type = file_attributes True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, type = file_type True 1
Fn
File Get Info filename = C:\Windows\Installer\30de4.msi, type = file_attributes True 1
Fn
File Create filename = C:\Windows\Installer\30de4.msi, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Windows\Installer\30de4.msi, type = file_type True 1
Fn
User Lookup Privilege privilege = SeRestorePrivilege, luid = 18 True 1
Fn
User Lookup Privilege privilege = SeTakeOwnershipPrivilege, luid = 9 True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, type = size True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de4.msi, size = 65536 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de4.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 200258 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de4.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 200258 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de4.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 200274 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de4.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 200274 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de4.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 200274 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de4.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 200274 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de4.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 200289 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de4.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 200289 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de4.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 200289 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de4.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 200289 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de4.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 200289 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de4.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 200289 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de4.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 200289 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, size = 65536, size_out = 13312 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de4.msi, size = 13312 True 1
Fn
Data
File Get Info filename = C:\Windows\Installer\30de4.msi, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, type = time True 1
Fn
System Get Time type = System Time, time = 2018-08-28 10:29:04 (UTC) True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
File Get Info filename = C:\Windows\Installer\30de4.msi, type = file_attributes True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = CreateWellKnownSid, address_out = 0x76a0481e True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = SaferiChangeRegistryScope, address_out = 0x76a40595 True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = SaferIdentifyLevel, address_out = 0x76a12102 True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = SaferGetLevelInformation, address_out = 0x769f9094 True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = SaferCloseLevel, address_out = 0x76a13825 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData False 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\APPHELP.DLL, base_address = 0x718b0000 True 1
Fn
Module Get Address module_name = Unknown module name, function = ApphelpGetMsiProperties, address_out = 0x718d7525 True 1
Fn
Module Get Address module_name = Unknown module name, function = SdbInitDatabase, address_out = 0x718d65b0 True 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\VERSION.DLL, base_address = 0x748d0000 True 1
Fn
Module Get Address module_name = Unknown module name, function = GetFileVersionInfoSizeW, address_out = 0x748d19d9 True 1
Fn
Module Get Address module_name = Unknown module name, function = GetFileVersionInfoW, address_out = 0x748d19f4 True 1
Fn
Module Get Address module_name = Unknown module name, function = VerQueryValueW, address_out = 0x748d1b51 True 1
Fn
Module Load module_name = C:\Windows\system32\sxs.DLL, base_address = 0x752e0000 True 1
Fn
Module Get Handle module_name = MSCOREE, base_address = 0x0 False 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\MSCOREE.DLL, base_address = 0x6e180000 True 1
Fn
Module Get Address module_name = Unknown module name, function = GetCORSystemDirectory, address_out = 0x6e1831d0 True 1
Fn
File Get Info filename = C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll, type = file_attributes True 1
Fn
Module Load module_name = C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll, base_address = 0x730001 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Policies\Microsoft\Windows\Installer False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 3
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\, type = file_attributes True 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Policies\Microsoft\Windows\Installer False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, type = file_attributes True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 8
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 2
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Policies\Microsoft\Windows\Installer False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\RSTRTMGR.DLL, base_address = 0x6c490000 True 1
Fn
Module Get Address module_name = Unknown module name, function = RmStartSession, address_out = 0x6c49474b True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager, value_name = PendingFileRenameOperations, data = 0, type = REG_NONE False 1
Fn
System Get Info type = Operating System True 3
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion, value_name = ProgramFilesDir, data = 67 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion, value_name = CommonFilesDir, data = 67 True 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\SHELL32.DLL, base_address = 0x75830000 True 1
Fn
Module Get Address module_name = Unknown module name, function = SHGetFolderPathW, address_out = 0x758b5708 True 1
Fn
System Get Computer Name result_out = CRH2YWU7 True 1
Fn
Module Load module_name = C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll, base_address = 0x730001 True 1
Fn
Module Load module_name = C:\Windows\system32\sxs.DLL, base_address = 0x752e0000 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 2
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Policies\Microsoft\Windows\Installer False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 2
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 5
Fn
Environment Get Environment String name = MsiBreak False 1
Fn
File Create Temp File filename = C:\Windows\Installer\MSI14E6.tmp, path = C:\Windows\Installer, prefix = MSI True 1
Fn
User Lookup Privilege privilege = SeRestorePrivilege, luid = 18 True 1
Fn
User Lookup Privilege privilege = SeTakeOwnershipPrivilege, luid = 9 True 1
Fn
File Create filename = C:\Windows\Installer\MSI14E6.tmp, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Windows\Installer\MSI14E6.tmp, size = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\MSI14E6.tmp, size = 27264 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 27
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\4A78C4EDFD652F04FBB339415F8F16B0, type = file_attributes False 2
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
File Get Info filename = C:\, type = file_attributes True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 9
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData False 1
Fn
File Get Info filename = C:\Program Files\Adobe\Adobe Reader\, type = file_attributes False 1
Fn
File Get Info filename = C:\Windows\, type = file_attributes True 1
Fn
File Get Info filename = C:\Program Files\Adobe\Adobe Reader\, type = file_attributes False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 6
Fn
Environment Get Environment String name = MsiBreak False 1
Fn
File Create Temp File filename = C:\Windows\Installer\MSI1832.tmp, path = C:\Windows\Installer, prefix = MSI True 1
Fn
User Lookup Privilege privilege = SeRestorePrivilege, luid = 18 True 1
Fn
User Lookup Privilege privilege = SeTakeOwnershipPrivilege, luid = 9 True 1
Fn
File Create filename = C:\Windows\Installer\MSI1832.tmp, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Windows\Installer\MSI1832.tmp, size = 65536 True 4
Fn
Data
File Write filename = C:\Windows\Installer\MSI1832.tmp, size = 40064 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 8
Fn
File Get Info filename = C:\Windows\Installer, type = file_attributes True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
File Get Info filename = C:\Windows\Installer, type = file_attributes True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
File Get Info filename = C:\Windows\Installer, type = file_attributes True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
File Get Info filename = C:\Windows\Installer, type = file_attributes True 2
Fn
File Get Info filename = C:\Windows\Installer\30de4.msi, type = file_attributes True 1
Fn
File Get Info filename = C:\Windows\Installer, type = file_attributes True 6
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\4A78C4EDFD652F04FBB339415F8F16B0, type = file_attributes False 1
Fn
File Get Info filename = C:\Windows\Installer, type = file_attributes True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed, type = file_attributes True 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\, type = file_attributes True 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004109450090400000000000F01FEC\CacheSize.txt, type = file_attributes False 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\00004109450090400000000000F01FEC\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\000041094B0090400000000000F01FEC\CacheSize.txt, type = file_attributes True 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\000041094B0090400000000000F01FEC\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\000041094B0090400000000000F01FEC\CacheSize.txt, type = file_type True 1
Fn
File Read filename = C:\Windows\Installer\$PatchCache$\Managed\000041094B0090400000000000F01FEC\CacheSize.txt, size = 512, size_out = 6 True 1
Fn
Data
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004109510090400000000000F01FEC\CacheSize.txt, type = file_attributes False 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\00004109510090400000000000F01FEC\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004109511090400000000000F01FEC\CacheSize.txt, type = file_attributes False 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\00004109511090400000000000F01FEC\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004109810090400000000000F01FEC\CacheSize.txt, type = file_attributes False 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\00004109810090400000000000F01FEC\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004109B10090400000000000F01FEC\CacheSize.txt, type = file_attributes False 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\00004109B10090400000000000F01FEC\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004109C20090400000000000F01FEC\CacheSize.txt, type = file_attributes False 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\00004109C20090400000000000F01FEC\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004109E60090400000000000F01FEC\CacheSize.txt, type = file_attributes True 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\00004109E60090400000000000F01FEC\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004109E60090400000000000F01FEC\CacheSize.txt, type = file_type True 1
Fn
File Read filename = C:\Windows\Installer\$PatchCache$\Managed\00004109E60090400000000000F01FEC\CacheSize.txt, size = 512, size_out = 6 True 1
Fn
Data
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400000000000F01FEC\CacheSize.txt, type = file_attributes True 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400000000000F01FEC\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400000000000F01FEC\CacheSize.txt, type = file_type True 1
Fn
File Read filename = C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400000000000F01FEC\CacheSize.txt, size = 512, size_out = 6 True 1
Fn
Data
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004109F100A0C00000000000F01FEC\CacheSize.txt, type = file_attributes True 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\00004109F100A0C00000000000F01FEC\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004109F100A0C00000000000F01FEC\CacheSize.txt, type = file_type True 1
Fn
File Read filename = C:\Windows\Installer\$PatchCache$\Managed\00004109F100A0C00000000000F01FEC\CacheSize.txt, size = 512, size_out = 6 True 1
Fn
Data
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400000000000F01FEC\CacheSize.txt, type = file_attributes True 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400000000000F01FEC\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400000000000F01FEC\CacheSize.txt, type = file_type True 1
Fn
File Read filename = C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400000000000F01FEC\CacheSize.txt, size = 512, size_out = 6 True 1
Fn
Data
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\CacheSize.txt, type = file_attributes False 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004119750000000000000000F01FEC\CacheSize.txt, type = file_attributes True 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\00004119750000000000000000F01FEC\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004119750000000000000000F01FEC\CacheSize.txt, type = file_type True 1
Fn
File Read filename = C:\Windows\Installer\$PatchCache$\Managed\00004119750000000000000000F01FEC\CacheSize.txt, size = 512, size_out = 7 True 1
Fn
Data
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004119B30000000000000000F01FEC\CacheSize.txt, type = file_attributes True 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\00004119B30000000000000000F01FEC\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004119B30000000000000000F01FEC\CacheSize.txt, type = file_type True 1
Fn
File Read filename = C:\Windows\Installer\$PatchCache$\Managed\00004119B30000000000000000F01FEC\CacheSize.txt, size = 512, size_out = 7 True 1
Fn
Data
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\CacheSize.txt, type = file_attributes False 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\c1c4f01781cc94c4c8fb1542c0981a2a\CacheSize.txt, type = file_attributes False 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\c1c4f01781cc94c4c8fb1542c0981a2a\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ False 1
Fn
System Get Info type = Windows Directory, result_out = C:\Windows True 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\UnManaged, type = file_attributes False 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\4A78C4EDFD652F04FBB339415F8F16B0, type = file_attributes False 1
Fn
File Get Info filename = C:\Windows\Installer, type = file_attributes True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 10
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Policies\Microsoft\Windows\Installer False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress False 3
Fn
System Get Info type = Windows Directory, result_out = C:\Windows True 1
Fn
File Get Info filename = C:\Windows\Installer, type = file_attributes True 1
Fn
File Get Info filename = C:\Windows\Installer\30de5.ipi, type = file_attributes False 1
Fn
File Create filename = C:\Windows\Installer\30de5.ipi, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Installer\30de5.ipi, type = file_type True 1
Fn
File Get Info filename = C:\Windows\Installer\30de5.ipi, type = file_attributes True 1
Fn
Registry Create Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress True 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress, data = C:\Windows\Installer\30de5.ipi, size = 62, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 9
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi, type = file_attributes True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\, type = file_attributes True 1
Fn
File Create Temp File filename = C:\Windows\Installer\MSI1E1C.tmp, path = C:\Windows\Installer, prefix = MSI True 1
Fn
User Lookup Privilege privilege = SeRestorePrivilege, luid = 18 True 1
Fn
User Lookup Privilege privilege = SeTakeOwnershipPrivilege, luid = 9 True 1
Fn
File Create filename = C:\Windows\Installer\MSI1E1C.tmp, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Installer\MSI1E1C.tmp, type = file_attributes True 1
Fn
File Create filename = C:\Windows\Installer\MSI1E1C.tmp, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Installer\MSI1E1C.tmp, type = file_type True 1
Fn
File Get Info filename = C:\Windows\Installer\MSI1E1C.tmp, type = size True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 12
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 30
Fn
Environment Get Environment String name = MsiBreak False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 6
Fn
Environment Get Environment String name = MsiBreak False 1
Fn
File Create Temp File filename = C:\Windows\Installer\MSI1F07.tmp, path = C:\Windows\Installer, prefix = MSI True 1
Fn
User Lookup Privilege privilege = SeRestorePrivilege, luid = 18 True 1
Fn
User Lookup Privilege privilege = SeTakeOwnershipPrivilege, luid = 9 True 1
Fn
File Create filename = C:\Windows\Installer\MSI1F07.tmp, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Windows\Installer\MSI1F07.tmp, size = 65536 True 4
Fn
Data
File Write filename = C:\Windows\Installer\MSI1F07.tmp, size = 40064 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 3
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed False 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\4A78C4EDFD652F04FBB339415F8F16B0, type = file_attributes False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 9
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 3
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 3
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 3
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 3
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 45
Fn
File Get Info filename = C:\Windows\Installer\30de4.msi, type = file_attributes True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
File Get Info filename = C:\Windows\Installer, type = file_attributes True 2
Fn
File Get Info filename = C:\Windows\Installer\30de4.msi, type = file_attributes True 1
Fn
File Get Info filename = C:\Windows\Installer, type = file_attributes True 6
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\4A78C4EDFD652F04FBB339415F8F16B0, type = file_attributes False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 15
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 3
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 6
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\, type = file_attributes True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 2
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 4
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress, data = C:\Windows\Installer\30de5.ipi, type = REG_SZ True 1
Fn
File Get Info filename = C:\Windows\Installer\30de5.ipi, type = file_attributes True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 1
Fn
File Get Info filename = C:\Windows\Installer\MSI1E1C.tmp, type = file_attributes True 1
Fn
File Create filename = C:\Windows\Installer\MSI1E1C.tmp, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_DELETE True 1
Fn
File Get Info filename = C:\Windows\Installer\MSI1E1C.tmp, type = file_type True 1
Fn
File Get Info filename = C:\Windows\Installer\MSI1E1C.tmp, type = size True 1
Fn
File Get Info filename = C:\Windows\Installer, type = file_attributes True 1
Fn
File Get Info filename = C:, type = file_attributes True 1
Fn
File Create Temp File filename = C:\Config.Msi\MSI2243.tmp, path = C:\Config.Msi, prefix = MSI True 1
Fn
File Delete filename = C:\Config.Msi\MSI2243.tmp True 1
Fn
File Delete Directory directory = C:\Config.Msi True 1
Fn
Registry Create Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders True 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders, value_name = C:\Config.Msi\, size = 2, type = REG_SZ True 1
Fn
User Lookup Privilege privilege = SeRestorePrivilege, luid = 18 True 1
Fn
User Lookup Privilege privilege = SeTakeOwnershipPrivilege, luid = 9 True 1
Fn
File Get Info filename = C:\Config.Msi\30de6.rbs, type = file_attributes False 1
Fn
File Create filename = C:\Config.Msi\30de6.rbs, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Config.Msi\30de6.rbs, type = file_type True 1
Fn
File Get Info filename = C:\Config.Msi\30de6.rbs, type = file_attributes True 1
Fn
File Create filename = C:\Config.Msi\30de6.rbs, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Config.Msi\30de6.rbs, type = file_type True 1
Fn
File Get Info filename = C:\Config.Msi\30de6.rbs, type = size True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts False 1
Fn
Registry Create Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts True 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts, value_name = C:\Config.Msi\30de6.rbs, data = 30686889, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts, value_name = C:\Config.Msi\30de6.rbsLow, data = 826767856, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
File Read filename = C:\Windows\Installer\MSI1E1C.tmp, size = 1024, size_out = 1024 True 1
Fn
Data
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
File Get Info filename = C:\Windows\Installer, type = file_attributes True 1
Fn
Registry Create Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 6
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B99DCB78D08AE7046A3A76A15014354B False 1
Fn
Registry Create Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 True 1
Fn
Registry Create Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B99DCB78D08AE7046A3A76A15014354B True 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B99DCB78D08AE7046A3A76A15014354B, value_name = 4A78C4EDFD652F04FBB339415F8F16B0, data = 02:\Software\Caphyon\Advanced Installer\Prereqs\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}\12.0.1\RequiredApplication, size = 228, type = REG_SZ True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 2
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3606D44453621DC46BC17BA1F9DA739D False 1
Fn
Registry Create Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3606D44453621DC46BC17BA1F9DA739D True 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3606D44453621DC46BC17BA1F9DA739D, value_name = 4A78C4EDFD652F04FBB339415F8F16B0, data = 02:\Software\Adobe\Adobe Reader\Version, size = 80, type = REG_SZ True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 2
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DA75A08B421DA442A929C56444AD01F False 1
Fn
Registry Create Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DA75A08B421DA442A929C56444AD01F True 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DA75A08B421DA442A929C56444AD01F, value_name = 4A78C4EDFD652F04FBB339415F8F16B0, data = 02:\Software\Caphyon\Advanced Installer\LZMA\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}\12.0.1\AI_ExePath, size = 204, type = REG_SZ True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
File Create Temp File filename = C:\Windows\Installer\MSI27DF.tmp, path = C:\Windows\Installer, prefix = MSI True 1
Fn
User Lookup Privilege privilege = SeRestorePrivilege, luid = 18 True 1
Fn
User Lookup Privilege privilege = SeTakeOwnershipPrivilege, luid = 9 True 1
Fn
File Create filename = C:\Windows\Installer\MSI27DF.tmp, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
System Sleep duration = -1 (infinite) True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 2
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Adobe\Adobe Reader False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 2
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\SFC.DLL, base_address = 0x6e5b0000 True 1
Fn
Module Get Address module_name = Unknown module name, function = SfcIsKeyProtected, address_out = 0x6e5a36cb True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Adobe\Adobe Reader False 1
Fn
Registry Create Key reg_name = HKEY_LOCAL_MACHINE\Software\Adobe\Adobe Reader True 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Adobe\Adobe Reader, value_name = Version, data = 12.0.1, size = 14, type = REG_SZ True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Adobe\Adobe Reader, value_name = Path False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Adobe\Adobe Reader, value_name = Path, data = C:\Program Files\Adobe\Adobe Reader\, size = 74, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Caphyon\Advanced Installer\Prereqs\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}\12.0.1 False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 2
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Caphyon\Advanced Installer\Prereqs\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}\12.0.1 False 1
Fn
Registry Create Key reg_name = HKEY_LOCAL_MACHINE\Software\Caphyon\Advanced Installer\Prereqs\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}\12.0.1 True 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Caphyon\Advanced Installer\Prereqs\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}\12.0.1, value_name = RequiredApplication, data = 1, size = 4, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Caphyon\Advanced Installer\LZMA\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}\12.0.1 False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 2
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Caphyon\Advanced Installer\LZMA\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}\12.0.1 False 1
Fn
Registry Create Key reg_name = HKEY_LOCAL_MACHINE\Software\Caphyon\Advanced Installer\LZMA\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}\12.0.1 True 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Caphyon\Advanced Installer\LZMA\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}\12.0.1, value_name = AI_ExePath, data = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 124, type = REG_SZ True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
File Get Info filename = C:\Windows\Installer, type = file_attributes True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties False 1
Fn
File Get Info filename = C:\Windows\Installer, type = file_attributes True 1
Fn
File Get Info filename = C:\Windows\Installer\30de7.msi, type = file_attributes False 1
Fn
File Create filename = C:\Windows\Installer\30de7.msi, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Installer\30de7.msi, type = file_type True 1
Fn
File Delete filename = C:\Windows\Installer\30de7.msi True 1
Fn
File Get Info filename = C:\Windows\Installer\30de4.msi, type = file_attributes True 1
Fn
File Get Info filename = C:\Windows\Installer\30de7.msi, type = file_attributes False 1
Fn
File Get Info filename = C:\Windows\Installer\, type = file_attributes True 1
Fn
File Create filename = C:\Windows\Installer\30de4.msi, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Installer\30de4.msi, type = file_type True 1
Fn
File Get Info filename = C:\Windows\Installer\30de7.msi, type = file_attributes False 1
Fn
File Create filename = C:\Windows\Installer\30de7.msi, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Windows\Installer\30de7.msi, type = file_type True 1
Fn
User Lookup Privilege privilege = SeRestorePrivilege, luid = 18 True 1
Fn
User Lookup Privilege privilege = SeTakeOwnershipPrivilege, luid = 9 True 1
Fn
File Get Info filename = C:\Windows\Installer\30de4.msi, type = size True 1
Fn
File Get Info filename = C:\Windows\Installer\30de7.msi, type = file_attributes True 1
Fn
File Get Info filename = C:\Windows\Installer\30de4.msi, type = time True 1
Fn
System Get Time type = System Time, time = 2018-08-28 10:29:13 (UTC) True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties False 2
Fn
Registry Create Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties True 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = LocalPackage, data = C:\Windows\Installer\30de7.msi, size = 62, type = REG_SZ True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
System Get Time type = Local Time, time = 2018-08-28 08:29:13 (Local Time) True 1
Fn
User Lookup Privilege privilege = SeRestorePrivilege, luid = 18 True 1
Fn
User Lookup Privilege privilege = SeTakeOwnershipPrivilege, luid = 9 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = AuthorizedCDFPrefix False 1
Fn
Registry Create Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties True 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = AuthorizedCDFPrefix, size = 2, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = Comments False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = Comments, data = This installer database contains the logic and data required to install Adobe Reader., size = 172, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = Contact False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = Contact, size = 2, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = DisplayVersion False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = DisplayVersion, data = 12.0.1, size = 14, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = HelpLink False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = HelpLink, size = 2, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = HelpTelephone False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = HelpTelephone, size = 2, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = InstallDate False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = InstallDate, data = 20180828, size = 18, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = InstallLocation False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = InstallLocation, data = C:\Program Files\Adobe\Adobe Reader\, size = 74, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = InstallSource False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = InstallSource, data = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\, size = 136, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = ModifyPath False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = ModifyPath, data = MsiExec.exe /I{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, size = 106, type = REG_EXPAND_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = Publisher False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = Publisher, data = Adobe, size = 12, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = Readme False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = Readme, size = 2, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = Size False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = Size, size = 2, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = EstimatedSize False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = EstimatedSize, data = 0, type = REG_NONE False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = EstimatedSize, data = 979, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = UninstallString False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = UninstallString, data = MsiExec.exe /I{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, size = 106, type = REG_EXPAND_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = URLInfoAbout False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = URLInfoAbout, size = 2, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = URLUpdateInfo False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = URLUpdateInfo, size = 2, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = VersionMajor False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = VersionMajor, data = 12, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = VersionMinor False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = VersionMinor, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = WindowsInstaller False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = WindowsInstaller, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = Version False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = Version, data = 201326593, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = Language False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = Language, data = 1033, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall True 1
Fn
Registry Create Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall True 1
Fn
User Lookup Privilege privilege = SeRestorePrivilege, luid = 18 True 1
Fn
User Lookup Privilege privilege = SeTakeOwnershipPrivilege, luid = 9 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} False 2
Fn
Registry Create Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} True 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = AuthorizedCDFPrefix, size = 2, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = Comments False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = Comments, data = This installer database contains the logic and data required to install Adobe Reader., size = 172, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = Contact False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = Contact, size = 2, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = DisplayVersion False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = DisplayVersion, data = 12.0.1, size = 14, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = HelpLink False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = HelpLink, size = 2, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = HelpTelephone False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = HelpTelephone, size = 2, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = InstallDate False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = InstallDate, data = 20180828, size = 18, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = InstallLocation False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = InstallLocation, data = C:\Program Files\Adobe\Adobe Reader\, size = 74, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = InstallSource False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = InstallSource, data = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\, size = 136, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = ModifyPath False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = ModifyPath, data = MsiExec.exe /I{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, size = 106, type = REG_EXPAND_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = Publisher False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = Publisher, data = Adobe, size = 12, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = Readme False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = Readme, size = 2, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = Size False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = Size, size = 2, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = EstimatedSize False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = EstimatedSize, data = 0, type = REG_NONE False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = EstimatedSize, data = 979, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = UninstallString False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = UninstallString, data = MsiExec.exe /I{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, size = 106, type = REG_EXPAND_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = URLInfoAbout False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = URLInfoAbout, size = 2, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = URLUpdateInfo False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = URLUpdateInfo, size = 2, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = VersionMajor False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = VersionMajor, data = 12, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = VersionMinor False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = VersionMinor, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = WindowsInstaller False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = WindowsInstaller, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = Version False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = Version, data = 201326593, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = Language False 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = Language, data = 1033, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
User Lookup Privilege privilege = SeRestorePrivilege, luid = 18 True 1
Fn
User Lookup Privilege privilege = SeTakeOwnershipPrivilege, luid = 9 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1FB7268953FC9EF428A2FDDA944DDFE5 False 2
Fn
Registry Create Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1FB7268953FC9EF428A2FDDA944DDFE5 True 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1FB7268953FC9EF428A2FDDA944DDFE5, value_name = 4A78C4EDFD652F04FBB339415F8F16B0, size = 2, type = REG_SZ True 1
Fn
User Lookup Privilege privilege = SeRestorePrivilege, luid = 18 True 1
Fn
User Lookup Privilege privilege = SeTakeOwnershipPrivilege, luid = 9 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\Usage False 2
Fn
Registry Create Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\Usage True 1
Fn
User Lookup Privilege privilege = SeRestorePrivilege, luid = 18 True 1
Fn
User Lookup Privilege privilege = SeTakeOwnershipPrivilege, luid = 9 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = DisplayName False 1
Fn
Registry Create Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties True 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A78C4EDFD652F04FBB339415F8F16B0\InstallProperties, value_name = DisplayName, data = Adobe Reader, size = 26, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall True 1
Fn
Registry Create Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall True 1
Fn
User Lookup Privilege privilege = SeRestorePrivilege, luid = 18 True 1
Fn
User Lookup Privilege privilege = SeTakeOwnershipPrivilege, luid = 9 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B} True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DE4C87A4-56DF-40F2-BF3B-9314F5F8610B}, value_name = DisplayName False 1
Fn
For performance reasons, the remaining 161 entries are omitted.
The remaining entries can be found in glog.xml.
Thread 0xc80
14 0
»
Category Operation Information Success Count Logfile
Module Get Address module_name = c:\windows\system32\msi.dll, function = DllGetClassObject, address_out = 0x6f06183e True 1
Fn
System Get Time type = Local Time, time = 2018-08-28 08:29:07 (Local Time) True 3
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 2
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = DllGetClassObject, address_out = 0x6f06183e True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 7
Fn
Thread 0xd70
7 0
»
Category Operation Information Success Count Logfile
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoInitializeEx, address_out = 0x767909ad True 1
Fn
COM Create interface = 00000146-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
System Sleep duration = -1 (infinite) True 2
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoQueryProxyBlanket, address_out = 0x76786224 True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoUninitialize, address_out = 0x767986d3 True 1
Fn
File Delete filename = C:\Windows\Installer\MSI14E6.tmp True 1
Fn
Thread 0xd74
17 0
»
Category Operation Information Success Count Logfile
System Sleep duration = -1 (infinite) True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = GetSecurityInfo, address_out = 0x769fb3e4 True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = SetEntriesInAclW, address_out = 0x76a02a66 True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = SetSecurityInfo, address_out = 0x769f9edf True 1
Fn
COM Create interface = 00000146-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
System Get Time type = Ticks, time = 201974 True 1
Fn
Module Get Filename module_name = c:\windows\system32\msi.dll, process_name = c:\windows\system32\msiexec.exe, file_name_orig = C:\Windows\system32\msi.dll, size = 260 True 1
Fn
File Get Info filename = C:\Windows\system32, type = file_attributes True 1
Fn
File Get Info filename = C:\Windows\system32\MsiExec.exe, type = file_attributes True 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 2
Fn
Module Load module_name = C:\Windows\system32\NTDLL.DLL, base_address = 0x77230000 True 1
Fn
Module Get Address module_name = c:\windows\system32\ntdll.dll, function = RtlCreateEnvironment, address_out = 0x7723bb67 True 1
Fn
Process Create process_name = C:\Windows\system32\MsiExec.exe, os_pid = 0xd78, creation_flags = CREATE_NORMAL_PRIORITY_CLASS, CREATE_UNICODE_ENVIRONMENT, show_window = SW_HIDE True 1
Fn
Module Get Address module_name = c:\windows\system32\ntdll.dll, function = RtlDestroyEnvironment, address_out = 0x772a17d6 True 1
Fn
System Sleep duration = -1 (infinite) True 2
Fn
Thread 0xd9c
2 0
»
Category Operation Information Success Count Logfile
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoIsHandlerConnected, address_out = 0x768139b5 True 1
Fn
File Delete filename = C:\Windows\Installer\MSI1832.tmp True 1
Fn
Thread 0xda8
1 0
»
Category Operation Information Success Count Logfile
File Delete filename = C:\Windows\Installer\MSI1F07.tmp True 1
Fn
Thread 0xdb8
1 0
»
Category Operation Information Success Count Logfile
File Delete filename = C:\Windows\Installer\MSI27DF.tmp True 1
Fn
Thread 0xf5c
2170 0
»
Category Operation Information Success Count Logfile
File Get Info filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, type = file_attributes True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\000041091A0090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\000041091A0090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000041091A0090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000041091A0090400000000000F01FEC, value_name = PackageCode, data = 09E55253E54BB364BB67063D0F10146D, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000041091A0090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000041091A0090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109440090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109440090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109440090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109440090400000000000F01FEC, value_name = PackageCode, data = 793FDB9B71F0FD14AAF4ED19CAAABD86, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109440090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109440090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109450090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109450090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109450090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109450090400000000000F01FEC, value_name = PackageCode, data = CE35E2E6EBAB1A14397F4CC2D0AA4584, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109450090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109450090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\000041094B0090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\000041094B0090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000041094B0090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000041094B0090400000000000F01FEC, value_name = PackageCode, data = 622E7EF2B9E975D4D8BFAFF0A297C06F, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000041094B0090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000041094B0090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109510090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109510090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109510090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109510090400000000000F01FEC, value_name = PackageCode, data = 598038F48D734CC46A9A4AF0AC2E4278, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109510090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109510090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109511090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109511090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109511090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109511090400000000000F01FEC, value_name = PackageCode, data = 816FB27986C2BBC45B79CDBF8325D5BA, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109511090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109511090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109610090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109610090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109610090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109610090400000000000F01FEC, value_name = PackageCode, data = B0ACB93F09F14724494C000662AB6D74, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109610090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109610090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109711090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109711090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109711090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109711090400000000000F01FEC, value_name = PackageCode, data = E2321CE91958748448711200E7D20418, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109711090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109711090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109810090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109810090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109810090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109810090400000000000F01FEC, value_name = PackageCode, data = DCB2B6E2CC0FCC1459CCD3D1D78733D3, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109810090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109810090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109910090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109910090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109910090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109910090400000000000F01FEC, value_name = PackageCode, data = 68E9D1251BE6DDA49A1D944C012B3A14, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109910090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109910090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109A10090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109A10090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109A10090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109A10090400000000000F01FEC, value_name = PackageCode, data = 3A206805BD250E64D9784FA6FBAB5FBA, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109A10090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109A10090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109AB0090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109AB0090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109AB0090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109AB0090400000000000F01FEC, value_name = PackageCode, data = 97D6CDA045D281D4D9454C4BA3C92EE0, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109AB0090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109AB0090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109B10090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109B10090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109B10090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109B10090400000000000F01FEC, value_name = PackageCode, data = 04FE7F5818D5F34438C4B429566F1453, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109B10090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109B10090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109C20090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109C20090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109C20090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109C20090400000000000F01FEC, value_name = PackageCode, data = DA7BFABD6A354234FAC72F5F0C2926B3, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109C20090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109C20090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109E60090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109E60090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109E60090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109E60090400000000000F01FEC, value_name = PackageCode, data = C87E8E08986094A4DBC40DEC753C3095, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109E60090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109E60090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109F10090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109F10090400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F10090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F10090400000000000F01FEC, value_name = PackageCode, data = 7C5260941519C594E81869350151A817, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F10090400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F10090400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109F100A0C00000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109F100A0C00000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F100A0C00000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F100A0C00000000000F01FEC, value_name = PackageCode, data = 6352CF3BC32FE0F458E08617C1BB9961, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F100A0C00000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F100A0C00000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004109F100C0400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004109F100C0400000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F100C0400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F100C0400000000000F01FEC, value_name = PackageCode, data = E495777FDAB42534C9D340B6C99F4AA7, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F100C0400000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F100C0400000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004119110000000000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004119110000000000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119110000000000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119110000000000000000F01FEC, value_name = PackageCode, data = AE5BDB166B0B28A4E98814F1FE57D3D5, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119110000000000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119110000000000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004119750000000000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004119750000000000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119750000000000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119750000000000000000F01FEC, value_name = PackageCode, data = 273A3C03368AD03429880740FF2A72FD, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119750000000000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119750000000000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\00004119B30000000000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\00004119B30000000000000000F01FEC False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119B30000000000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119B30000000000000000F01FEC, value_name = PackageCode, data = 089116C3615AA1D4E87BCD6A5BDC758E, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119B30000000000000000F01FEC True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004119B30000000000000000F01FEC, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A, value_name = PackageCode, data = E554C16404AD3B9478B14103C87CECFF, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\21EE4A31AE32173319EEFE3BD6FDFFE3 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\21EE4A31AE32173319EEFE3BD6FDFFE3 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\21EE4A31AE32173319EEFE3BD6FDFFE3 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\21EE4A31AE32173319EEFE3BD6FDFFE3, value_name = PackageCode, data = 3514399E1BAE6AD4AA27688CBBE1FDC2, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\21EE4A31AE32173319EEFE3BD6FDFFE3 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\21EE4A31AE32173319EEFE3BD6FDFFE3, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\2246038675C7F37388062DC64EABA251 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\2246038675C7F37388062DC64EABA251 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\2246038675C7F37388062DC64EABA251 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\2246038675C7F37388062DC64EABA251, value_name = PackageCode, data = 425DC3227FCF0DE4BB0F0D2788F16225, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\2246038675C7F37388062DC64EABA251 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\2246038675C7F37388062DC64EABA251, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\22BEFC8F7E2A1793E9ADB411DEFE1C58 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\22BEFC8F7E2A1793E9ADB411DEFE1C58 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\22BEFC8F7E2A1793E9ADB411DEFE1C58 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\22BEFC8F7E2A1793E9ADB411DEFE1C58, value_name = PackageCode, data = 42DF3075D2FB41D4BAF24E510A63E136, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\22BEFC8F7E2A1793E9ADB411DEFE1C58 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\22BEFC8F7E2A1793E9ADB411DEFE1C58, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4755C4440EB6E323B9DD29F2C6C3A440 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4755C4440EB6E323B9DD29F2C6C3A440 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4755C4440EB6E323B9DD29F2C6C3A440 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4755C4440EB6E323B9DD29F2C6C3A440, value_name = PackageCode, data = 3F1CBA45071060E40AA8BCB9C8F5198C, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4755C4440EB6E323B9DD29F2C6C3A440 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4755C4440EB6E323B9DD29F2C6C3A440, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0, value_name = PackageCode, data = 08F0ADFDF002B7B4DB56290568476C8A, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4A78C4EDFD652F04FBB339415F8F16B0, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\4EA42A62D9304AC4784BF238120754FF False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\4EA42A62D9304AC4784BF238120754FF False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4EA42A62D9304AC4784BF238120754FF True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4EA42A62D9304AC4784BF238120754FF, value_name = PackageCode, data = 57BB70F73B3FE8242802F7708B9A2F38, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4EA42A62D9304AC4784BF238120754FF True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4EA42A62D9304AC4784BF238120754FF, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\68AB67CA7DA7FFFFB744AA0000000010 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\68AB67CA7DA7FFFFB744AA0000000010 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\68AB67CA7DA7FFFFB744AA0000000010 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\68AB67CA7DA7FFFFB744AA0000000010, value_name = PackageCode, data = 091E586FC60D5CF4CA046D066347342A, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\68AB67CA7DA7FFFFB744AA0000000010 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\68AB67CA7DA7FFFFB744AA0000000010, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\6E815EB96CCE9A53884E7857C57002F0 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\6E815EB96CCE9A53884E7857C57002F0 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0, value_name = PackageCode, data = B4E370007AE0BD84C914DF7A9EBB8493, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\838AE285991981530AC5BD9064F286CE False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\838AE285991981530AC5BD9064F286CE False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\838AE285991981530AC5BD9064F286CE True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\838AE285991981530AC5BD9064F286CE, value_name = PackageCode, data = B2DC948BACE96054AB7F12ABB351578E, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\838AE285991981530AC5BD9064F286CE True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\838AE285991981530AC5BD9064F286CE, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\C025571B2A687A53689168CD7369889B False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\C025571B2A687A53689168CD7369889B False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\C025571B2A687A53689168CD7369889B True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\C025571B2A687A53689168CD7369889B, value_name = PackageCode, data = C21C44A45E1638843A5DBCB198CD0247, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\C025571B2A687A53689168CD7369889B True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\C025571B2A687A53689168CD7369889B, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a, value_name = PackageCode, data = 84067013B7B56744BA0F51892982BC09, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\DC8A59DBF9D1DA5389A1E3975220E6BB False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\DC8A59DBF9D1DA5389A1E3975220E6BB False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\DC8A59DBF9D1DA5389A1E3975220E6BB True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\DC8A59DBF9D1DA5389A1E3975220E6BB, value_name = PackageCode, data = 3EB83B319B95F3645B773BEF173ADAA3, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\DC8A59DBF9D1DA5389A1E3975220E6BB True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\DC8A59DBF9D1DA5389A1E3975220E6BB, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\F60730A4A66673047777F5728467D401 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\F60730A4A66673047777F5728467D401 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\F60730A4A66673047777F5728467D401 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\F60730A4A66673047777F5728467D401, value_name = PackageCode, data = 0B95A7D38B9F344439144DA5D002FE78, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\F60730A4A66673047777F5728467D401 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\F60730A4A66673047777F5728467D401, value_name = InstanceType, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress False 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, type = file_attributes True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData False 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000, type = file_attributes True 1
Fn
File Get Info filename = C:\Windows\Installer, type = file_attributes True 1
Fn
File Get Info filename = C:\Windows\Installer\30de8.msi, type = file_attributes False 1
Fn
File Create filename = C:\Windows\Installer\30de8.msi, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Installer\30de8.msi, type = file_type True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, type = file_attributes True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
System Get Time type = Ticks, time = 236731 True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\, type = file_attributes True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, type = file_type True 1
Fn
File Get Info filename = C:\Windows\Installer\30de8.msi, type = file_attributes True 1
Fn
File Create filename = C:\Windows\Installer\30de8.msi, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Windows\Installer\30de8.msi, type = file_type True 1
Fn
User Lookup Privilege privilege = SeRestorePrivilege, luid = 18 True 1
Fn
User Lookup Privilege privilege = SeTakeOwnershipPrivilege, luid = 9 True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, type = size True 1
Fn
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236731 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236731 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236731 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236731 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236747 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236747 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236747 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236747 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236747 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236747 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236762 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236762 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236762 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236762 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236762 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236762 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236793 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236793 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236793 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236793 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236793 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236793 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236793 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236809 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236809 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236809 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236809 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236809 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236825 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236825 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236825 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236825 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236871 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236871 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236871 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236871 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236871 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236887 True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236887 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236887 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236887 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236887 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236903 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236903 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236903 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236903 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236903 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236903 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236934 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236934 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236934 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236934 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236934 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236949 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236949 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236949 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236949 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236949 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 1
Fn
Data
System Get Time type = Ticks, time = 236949 True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 65536, size_out = 65536 True 1
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 65536 True 88
Fn
Data
File Write filename = C:\Windows\Installer\30de8.msi, size = 61440 True 1
Fn
Data
File Get Info filename = C:\Windows\Installer\30de8.msi, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, type = time True 1
Fn
System Get Time type = System Time, time = 1627-02-08 02:09:33 (UTC) True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
File Get Info filename = C:\Windows\Installer\30de8.msi, type = file_attributes True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData False 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\VERSION.DLL, base_address = 0x748d0000 True 1
Fn
Module Get Address module_name = Unknown module name, function = GetFileVersionInfoSizeW, address_out = 0x748d19d9 True 1
Fn
Module Load module_name = C:\Windows\system32\sxs.DLL, base_address = 0x752e0000 True 1
Fn
Module Get Handle module_name = MSCOREE, base_address = 0x0 False 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\MSCOREE.DLL, base_address = 0x6e180000 True 1
Fn
Module Get Address module_name = Unknown module name, function = GetCORSystemDirectory, address_out = 0x6e1831d0 True 1
Fn
Module Load module_name = C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll, base_address = 0x540001 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Policies\Microsoft\Windows\Installer False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 3
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\, type = file_attributes True 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Policies\Microsoft\Windows\Installer False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, type = file_attributes True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 8
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 2
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Policies\Microsoft\Windows\Installer False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager, value_name = PendingFileRenameOperations, data = 0, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion, value_name = ProgramFilesDir, data = 67 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion, value_name = CommonFilesDir, data = 67 True 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\SHELL32.DLL, base_address = 0x75830000 True 1
Fn
Module Get Address module_name = Unknown module name, function = SHGetFolderPathW, address_out = 0x758b5708 True 1
Fn
System Get Computer Name result_out = CRH2YWU7 True 1
Fn
Module Load module_name = C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll, base_address = 0x540001 True 1
Fn
Module Load module_name = C:\Windows\system32\sxs.DLL, base_address = 0x752e0000 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = RegisteredOwner, data = 0, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion, value_name = RegisteredOwner, data = QHj0zZAa cGNHFmiOCuf, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = RegisteredOrganization, data = 0, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion, value_name = RegisteredOrganization, data = Tmj08Zpauy, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Policies\Microsoft\Windows\Installer False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 2
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress False 1
Fn
System Get Time type = Ticks, time = 237667 True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 5
Fn
Environment Get Environment String name = MsiBreak False 1
Fn
File Create Temp File filename = C:\Windows\Installer\MSIA089.tmp, path = C:\Windows\Installer, prefix = MSI True 1
Fn
User Lookup Privilege privilege = SeRestorePrivilege, luid = 18 True 1
Fn
User Lookup Privilege privilege = SeTakeOwnershipPrivilege, luid = 9 True 1
Fn
File Create filename = C:\Windows\Installer\MSIA089.tmp, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Windows\Installer\MSIA089.tmp, size = 65536 True 2
Fn
Data
File Write filename = C:\Windows\Installer\MSIA089.tmp, size = 25816 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 9
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\UpgradeCodes\509B38EF4554FFD4794F292971C81B17 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\UpgradeCodes\509B38EF4554FFD4794F292971C81B17 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\UpgradeCodes\509B38EF4554FFD4794F292971C81B17 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\UpgradeCodes\509B38EF4554FFD4794F292971C81B17 False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\UpgradeCodes\509B38EF4554FFD4794F292971C81B17 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\UpgradeCodes\509B38EF4554FFD4794F292971C81B17 False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 6
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\B382549EC85704A48B1501660D4EE98A, type = file_attributes False 2
Fn
File Get Info filename = C:, type = file_attributes True 1
Fn
File Get Info filename = C:\MSI30de9.tmp, type = file_attributes False 1
Fn
File Create Directory C:\MSI30de9.tmp True 1
Fn
File Delete Directory directory = C:\MSI30de9.tmp True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 3
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\, type = file_attributes True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 9
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData False 1
Fn
File Get Info filename = C:\, type = file_attributes True 1
Fn
File Get Info filename = C:\Windows\, type = file_attributes True 1
Fn
File Get Info filename = C:\Windows\system32\, type = file_attributes True 1
Fn
File Get Info filename = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\, type = file_attributes True 1
Fn
File Get Info filename = C:\Program Files\, type = file_attributes True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 13
Fn
File Get Info filename = C:\Windows\Installer, type = file_attributes True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 4
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Monitor\x86\drvinstaller32.exe, type = file_attributes False 2
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Monitor\x64\drvinstaller64.exe, type = file_attributes False 2
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 3
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\rutserv.exe, type = file_attributes False 2
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\rfusclient.exe, type = file_attributes False 2
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\vp8decoder.dll, type = file_attributes False 2
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\RWLN.dll, type = file_attributes False 2
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\RIPCServer.dll, type = file_attributes False 2
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\vp8encoder.dll, type = file_attributes False 2
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\webmmux.dll, type = file_attributes False 2
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\webmvorbisdecoder.dll, type = file_attributes False 2
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\webmvorbisencoder.dll, type = file_attributes False 2
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\fwproc.exe, type = file_attributes False 2
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\progress.exe, type = file_attributes False 2
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\rupui2.exe, type = file_attributes False 2
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\setupdrv.exe, type = file_attributes False 2
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\srvinst.exe, type = file_attributes False 2
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\VPDAgent.exe, type = file_attributes False 2
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\ruppm.dll, type = file_attributes False 2
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\rupui.dll, type = file_attributes False 2
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\unidrv_rup.dll, type = file_attributes False 2
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\unidrvui_rup.dll, type = file_attributes False 2
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\unires_vpd.dll, type = file_attributes False 2
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\fwproc_x64.exe, type = file_attributes False 2
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\progress.exe, type = file_attributes False 2
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\rupui2.exe, type = file_attributes False 2
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\setupdrv.exe, type = file_attributes False 2
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\srvinst_x64.exe, type = file_attributes False 2
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\VPDAgent_x64.exe, type = file_attributes False 2
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\ruppm.dll, type = file_attributes False 2
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\rupui.dll, type = file_attributes False 2
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\unidrv_rup.dll, type = file_attributes False 2
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\unidrvui_rup.dll, type = file_attributes False 2
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\unires_vpd.dll, type = file_attributes False 2
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
File Get Info filename = C:\Windows\Installer, type = file_attributes True 2
Fn
File Get Info filename = C:\Windows\Installer\30de8.msi, type = file_attributes True 1
Fn
File Get Info filename = C:\Windows\Installer, type = file_attributes True 6
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\B382549EC85704A48B1501660D4EE98A, type = file_attributes False 1
Fn
File Get Info filename = C:\Windows\Installer, type = file_attributes True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed, type = file_attributes True 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\, type = file_attributes True 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004109450090400000000000F01FEC\CacheSize.txt, type = file_attributes False 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\00004109450090400000000000F01FEC\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\000041094B0090400000000000F01FEC\CacheSize.txt, type = file_attributes True 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\000041094B0090400000000000F01FEC\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\000041094B0090400000000000F01FEC\CacheSize.txt, type = file_type True 1
Fn
File Read filename = C:\Windows\Installer\$PatchCache$\Managed\000041094B0090400000000000F01FEC\CacheSize.txt, size = 512, size_out = 6 True 1
Fn
Data
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004109510090400000000000F01FEC\CacheSize.txt, type = file_attributes False 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\00004109510090400000000000F01FEC\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004109511090400000000000F01FEC\CacheSize.txt, type = file_attributes False 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\00004109511090400000000000F01FEC\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004109810090400000000000F01FEC\CacheSize.txt, type = file_attributes False 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\00004109810090400000000000F01FEC\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004109B10090400000000000F01FEC\CacheSize.txt, type = file_attributes False 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\00004109B10090400000000000F01FEC\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004109C20090400000000000F01FEC\CacheSize.txt, type = file_attributes False 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\00004109C20090400000000000F01FEC\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004109E60090400000000000F01FEC\CacheSize.txt, type = file_attributes True 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\00004109E60090400000000000F01FEC\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004109E60090400000000000F01FEC\CacheSize.txt, type = file_type True 1
Fn
File Read filename = C:\Windows\Installer\$PatchCache$\Managed\00004109E60090400000000000F01FEC\CacheSize.txt, size = 512, size_out = 6 True 1
Fn
Data
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400000000000F01FEC\CacheSize.txt, type = file_attributes True 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400000000000F01FEC\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400000000000F01FEC\CacheSize.txt, type = file_type True 1
Fn
File Read filename = C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400000000000F01FEC\CacheSize.txt, size = 512, size_out = 6 True 1
Fn
Data
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004109F100A0C00000000000F01FEC\CacheSize.txt, type = file_attributes True 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\00004109F100A0C00000000000F01FEC\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004109F100A0C00000000000F01FEC\CacheSize.txt, type = file_type True 1
Fn
File Read filename = C:\Windows\Installer\$PatchCache$\Managed\00004109F100A0C00000000000F01FEC\CacheSize.txt, size = 512, size_out = 6 True 1
Fn
Data
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400000000000F01FEC\CacheSize.txt, type = file_attributes True 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400000000000F01FEC\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400000000000F01FEC\CacheSize.txt, type = file_type True 1
Fn
File Read filename = C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400000000000F01FEC\CacheSize.txt, size = 512, size_out = 6 True 1
Fn
Data
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\CacheSize.txt, type = file_attributes False 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004119750000000000000000F01FEC\CacheSize.txt, type = file_attributes True 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\00004119750000000000000000F01FEC\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004119750000000000000000F01FEC\CacheSize.txt, type = file_type True 1
Fn
File Read filename = C:\Windows\Installer\$PatchCache$\Managed\00004119750000000000000000F01FEC\CacheSize.txt, size = 512, size_out = 7 True 1
Fn
Data
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004119B30000000000000000F01FEC\CacheSize.txt, type = file_attributes True 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\00004119B30000000000000000F01FEC\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\00004119B30000000000000000F01FEC\CacheSize.txt, type = file_type True 1
Fn
File Read filename = C:\Windows\Installer\$PatchCache$\Managed\00004119B30000000000000000F01FEC\CacheSize.txt, size = 512, size_out = 7 True 1
Fn
Data
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\CacheSize.txt, type = file_attributes False 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\c1c4f01781cc94c4c8fb1542c0981a2a\CacheSize.txt, type = file_attributes False 1
Fn
File Create filename = C:\Windows\Installer\$PatchCache$\Managed\c1c4f01781cc94c4c8fb1542c0981a2a\CacheSize.txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ False 1
Fn
System Get Info type = Windows Directory, result_out = C:\Windows True 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\UnManaged, type = file_attributes False 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\B382549EC85704A48B1501660D4EE98A, type = file_attributes False 1
Fn
File Get Info filename = C:\Windows\Installer, type = file_attributes True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 10
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Policies\Microsoft\Windows\Installer False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress False 3
Fn
File Get Info filename = C:\Windows\Installer\30dea.ipi, type = file_attributes False 1
Fn
File Create filename = C:\Windows\Installer\30dea.ipi, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Installer\30dea.ipi, type = file_type True 1
Fn
File Get Info filename = C:\Windows\Installer\30dea.ipi, type = file_attributes True 1
Fn
Registry Create Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress True 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress, data = C:\Windows\Installer\30dea.ipi, size = 62, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 6
Fn
File Create Temp File filename = C:\Windows\Installer\MSIA423.tmp, path = C:\Windows\Installer, prefix = MSI True 1
Fn
User Lookup Privilege privilege = SeRestorePrivilege, luid = 18 True 1
Fn
User Lookup Privilege privilege = SeTakeOwnershipPrivilege, luid = 9 True 1
Fn
File Create filename = C:\Windows\Installer\MSIA423.tmp, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Installer\MSIA423.tmp, type = file_attributes True 1
Fn
File Create filename = C:\Windows\Installer\MSIA423.tmp, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Installer\MSIA423.tmp, type = file_type True 1
Fn
File Get Info filename = C:\Windows\Installer\MSIA423.tmp, type = size True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 12
Fn
File Write filename = C:\Windows\Installer\MSIA423.tmp, size = 1024 True 1
Fn
Data
System Sleep duration = 30000 milliseconds (30.000 seconds) True 12
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 76
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed False 1
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\B382549EC85704A48B1501660D4EE98A, type = file_attributes False 78
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 6
Fn
File Write filename = C:\Windows\Installer\MSIA423.tmp, size = 1024 True 1
Fn
Data
System Sleep duration = 30000 milliseconds (30.000 seconds) True 9
Fn
File Write filename = C:\Windows\Installer\MSIA423.tmp, size = 1024 True 1
Fn
Data
System Sleep duration = 30000 milliseconds (30.000 seconds) True 10
Fn
File Write filename = C:\Windows\Installer\MSIA423.tmp, size = 1024 True 1
Fn
Data
System Sleep duration = 30000 milliseconds (30.000 seconds) True 9
Fn
File Write filename = C:\Windows\Installer\MSIA423.tmp, size = 1024 True 1
Fn
Data
System Sleep duration = 30000 milliseconds (30.000 seconds) True 8
Fn
File Write filename = C:\Windows\Installer\MSIA423.tmp, size = 1024 True 1
Fn
Data
System Sleep duration = 30000 milliseconds (30.000 seconds) True 8
Fn
File Write filename = C:\Windows\Installer\MSIA423.tmp, size = 1024 True 1
Fn
Data
System Sleep duration = 30000 milliseconds (30.000 seconds) True 10
Fn
File Write filename = C:\Windows\Installer\MSIA423.tmp, size = 1024 True 1
Fn
Data
System Sleep duration = 30000 milliseconds (30.000 seconds) True 8
Fn
File Write filename = C:\Windows\Installer\MSIA423.tmp, size = 1024 True 1
Fn
Data
System Sleep duration = 30000 milliseconds (30.000 seconds) True 10
Fn
File Write filename = C:\Windows\Installer\MSIA423.tmp, size = 1024 True 1
Fn
Data
System Sleep duration = 30000 milliseconds (30.000 seconds) True 8
Fn
File Write filename = C:\Windows\Installer\MSIA423.tmp, size = 1024 True 1
Fn
Data
System Sleep duration = 30000 milliseconds (30.000 seconds) True 6
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\B382549EC85704A48B1501660D4EE98A, type = file_attributes False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 13
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 3
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 3
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 3
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 8
Fn
File Write filename = C:\Windows\Installer\MSIA423.tmp, size = 1024 True 2
Fn
Data
System Sleep duration = 30000 milliseconds (30.000 seconds) True 2
Fn
File Write filename = C:\Windows\Installer\MSIA423.tmp, size = 1024 True 1
Fn
Data
System Sleep duration = 30000 milliseconds (30.000 seconds) True 2
Fn
File Write filename = C:\Windows\Installer\MSIA423.tmp, size = 1024 True 4
Fn
Data
System Sleep duration = 30000 milliseconds (30.000 seconds) True 42
Fn
File Get Info filename = C:\Windows\Installer\30de8.msi, type = file_attributes True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
File Get Info filename = C:\Windows\Installer, type = file_attributes True 2
Fn
File Get Info filename = C:\Windows\Installer\30de8.msi, type = file_attributes True 1
Fn
File Get Info filename = C:\Windows\Installer, type = file_attributes True 6
Fn
File Get Info filename = C:\Windows\Installer\$PatchCache$\Managed\B382549EC85704A48B1501660D4EE98A, type = file_attributes False 1
Fn
File Write filename = C:\Windows\Installer\MSIA423.tmp, size = 1024 True 1
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B382549EC85704A48B1501660D4EE98A\InstallProperties False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
File Write filename = C:\Windows\Installer\MSIA423.tmp, size = 1024 True 249
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\, type = file_attributes True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3785418085-2572485238-895829336-1000\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_USERS\S-1-5-21-3785418085-2572485238-895829336-1000\Software\Microsoft\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
Environment Get Environment String name = MsiBreak False 1
Fn
File Write filename = C:\Windows\Installer\MSIA423.tmp, size = 1024 True 1
Fn
Data
Environment Get Environment String name = MsiBreak False 3
Fn
File Write filename = C:\Windows\Installer\MSIA423.tmp, size = 512 True 1
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress, data = C:\Windows\Installer\30dea.ipi, type = REG_SZ True 1
Fn
File Get Info filename = C:\Windows\Installer\30dea.ipi, type = file_attributes True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer False 1
Fn
File Get Info filename = C:\Windows\Installer\MSIA423.tmp, type = file_attributes True 1
Fn
File Create filename = C:\Windows\Installer\MSIA423.tmp, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_DELETE True 1
Fn
File Get Info filename = C:\Windows\Installer\MSIA423.tmp, type = file_type True 1
Fn
File Get Info filename = C:\Windows\Installer\MSIA423.tmp, type = size True 1
Fn
File Get Info filename = C:\Windows\Installer, type = file_attributes True 1
Fn
File Get Info filename = C:, type = file_attributes True 1
Fn
File Create Temp File filename = C:\Config.Msi\MSIA607.tmp, path = C:\Config.Msi, prefix = MSI True 1
Fn
File Delete filename = C:\Config.Msi\MSIA607.tmp True 1
Fn
File Delete Directory directory = C:\Config.Msi True 1
Fn
Registry Create Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders True 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders, value_name = C:\Config.Msi\, size = 2, type = REG_SZ True 1
Fn
User Lookup Privilege privilege = SeRestorePrivilege, luid = 18 True 1
Fn
User Lookup Privilege privilege = SeTakeOwnershipPrivilege, luid = 9 True 1
Fn
File Get Info filename = C:\Config.Msi\30deb.rbs, type = file_attributes False 1
Fn
File Create filename = C:\Config.Msi\30deb.rbs, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Config.Msi\30deb.rbs, type = file_type True 1
Fn
File Get Info filename = C:\Config.Msi\30deb.rbs, type = file_attributes True 1
Fn
File Create filename = C:\Config.Msi\30deb.rbs, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Config.Msi\30deb.rbs, type = file_type True 1
Fn
File Get Info filename = C:\Config.Msi\30deb.rbs, type = size True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts False 1
Fn
Registry Create Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts True 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts, value_name = C:\Config.Msi\30deb.rbs, data = 30686889, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts, value_name = C:\Config.Msi\30deb.rbsLow, data = 1163887856, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
File Read filename = C:\Windows\Installer\MSIA423.tmp, size = 1024, size_out = 1024 True 1
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B382549EC85704A48B1501660D4EE98A False 1
Fn
File Get Info filename = C:\Windows\Installer, type = file_attributes True 1
Fn
Registry Create Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes True 1
Fn
File Write filename = C:\Config.Msi\30deb.rbs, size = 259 True 1
Fn
Data
File Write filename = C:\Config.Msi\30deb.rbs, size = 20 True 1
Fn
Data
File Write filename = C:\Config.Msi\30deb.rbs, size = 33 True 1
Fn
Data
File Write filename = C:\Config.Msi\30deb.rbs, size = 92 True 1
Fn
Data
File Write filename = C:\Config.Msi\30deb.rbs, size = 54 True 1
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\490EF1B1D5DB88F45B337159197E181D False 1
Fn
Registry Create Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 True 1
Fn
Registry Create Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\490EF1B1D5DB88F45B337159197E181D True 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\490EF1B1D5DB88F45B337159197E181D, value_name = B382549EC85704A48B1501660D4EE98A, data = C:\Program Files\Remote Utilities - Host\Monitor\x86\, size = 108, type = REG_SZ True 1
Fn
File Write filename = C:\Config.Msi\30deb.rbs, size = 88 True 1
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\029705A57F1E1AD4F97654DAD0C441E3 False 1
Fn
For performance reasons, the remaining 418 entries are omitted.
The remaining entries can be found in glog.xml.
Thread 0xf60
4 0
»
Category Operation Information Success Count Logfile
COM Create interface = 00000146-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
System Sleep duration = -1 (infinite) True 2
Fn
File Delete filename = C:\Windows\Installer\MSIA089.tmp True 1
Fn
Thread 0xf64
10 0
»
Category Operation Information Success Count Logfile
System Sleep duration = -1 (infinite) True 1
Fn
COM Create interface = 00000146-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
System Get Time type = Ticks, time = 237729 True 1
Fn
Module Get Filename module_name = c:\windows\system32\msi.dll, process_name = c:\windows\system32\msiexec.exe, file_name_orig = C:\Windows\system32\msi.dll, size = 260 True 1
Fn
File Get Info filename = C:\Windows\system32, type = file_attributes True 1
Fn
File Get Info filename = C:\Windows\system32\MsiExec.exe, type = file_attributes True 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Process Create process_name = C:\Windows\system32\MsiExec.exe, os_pid = 0xf68, creation_flags = CREATE_NORMAL_PRIORITY_CLASS, CREATE_UNICODE_ENVIRONMENT, show_window = SW_HIDE True 1
Fn
System Sleep duration = -1 (infinite) True 2
Fn
Thread 0xf84
867 0
»
Category Operation Information Success Count Logfile
Module Load module_name = CABINET, base_address = 0x6e710000 True 1
Fn
Module Get Address module_name = Unknown module name, function = FDICreate, address_out = 0x6e711c3f True 1
Fn
Module Get Address module_name = Unknown module name, function = FDICopy, address_out = 0x6e711849 True 1
Fn
Module Get Address module_name = Unknown module name, function = FDIIsCabinet, address_out = 0x6e7159bd True 1
Fn
Module Get Address module_name = Unknown module name, function = FDIDestroy, address_out = 0x6e711693 True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Monitor\x86\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Monitor\x86\lockscr.sys, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Monitor\x86\lockscr.sys, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Monitor\x86\lockscr.sys, size = 13800 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:35 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Monitor\x86\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Monitor\x86\lockscr.inf, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Monitor\x86\lockscr.inf, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Monitor\x86\lockscr.inf, size = 1777 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:35 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Monitor\x86\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Monitor\x86\lockscr.cat, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Monitor\x86\lockscr.cat, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Monitor\x86\lockscr.cat, size = 8886 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:35 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Monitor\x86\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Monitor\x86\drvinstaller32.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Monitor\x86\drvinstaller32.exe, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Monitor\x86\drvinstaller32.exe, size = 8305 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Monitor\x86\drvinstaller32.exe, size = 32768 True 4
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Monitor\x86\drvinstaller32.exe, size = 9119 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:35 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Monitor\x64\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Monitor\x64\lockscr.sys, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Monitor\x64\lockscr.sys, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Monitor\x64\lockscr.sys, size = 15904 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:35 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Monitor\x64\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Monitor\x64\lockscr.inf, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Monitor\x64\lockscr.inf, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Monitor\x64\lockscr.inf, size = 1778 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:36 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Monitor\x64\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Monitor\x64\lockscr.cat, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Monitor\x64\lockscr.cat, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Monitor\x64\lockscr.cat, size = 5967 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Monitor\x64\lockscr.cat, size = 2919 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:36 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Monitor\x64\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Monitor\x64\drvinstaller64.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Monitor\x64\drvinstaller64.exe, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Monitor\x64\drvinstaller64.exe, size = 29849 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Monitor\x64\drvinstaller64.exe, size = 32768 True 5
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Monitor\x64\drvinstaller64.exe, size = 30071 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:36 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\rutserv.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\rutserv.exe, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 2697 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 32768 True 248
Fn
Data
File Get Info filename = C:\Program Files\Remote Utilities - Host\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\rfusclient.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\rfusclient.exe, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\rfusclient.exe, size = 32768 True 174
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\rfusclient.exe, size = 32272 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:36 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\vp8decoder.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\vp8decoder.dll, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\vp8decoder.dll, size = 32768 True 11
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\vp8decoder.dll, size = 29712 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:36 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\English.lg, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\English.lg, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\English.lg, size = 3056 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\English.lg, size = 32768 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\English.lg, size = 18272 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\RWLN.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\RWLN.dll, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\RWLN.dll, size = 14496 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\RWLN.dll, size = 32768 True 29
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\RWLN.dll, size = 25456 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\RIPCServer.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\RIPCServer.dll, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\RIPCServer.dll, size = 7312 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\RIPCServer.dll, size = 32768 True 4
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\RIPCServer.dll, size = 16768 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\EULA.rtf, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\EULA.rtf, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\EULA.rtf, size = 16000 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\EULA.rtf, size = 32768 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\EULA.rtf, size = 1976 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Spanish.lg, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Spanish.lg, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Spanish.lg, size = 30792 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Spanish.lg, size = 25484 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Hebrew.lg, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Hebrew.lg, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Hebrew.lg, size = 7284 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Hebrew.lg, size = 32768 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Hebrew.lg, size = 7854 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Turkish.lg, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Turkish.lg, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Turkish.lg, size = 24914 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Turkish.lg, size = 30916 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Polish.lg, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Polish.lg, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Polish.lg, size = 1852 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Polish.lg, size = 32768 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Polish.lg, size = 19952 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Japanese.lg, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Japanese.lg, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Japanese.lg, size = 12816 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Japanese.lg, size = 30334 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\French.lg, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\French.lg, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\French.lg, size = 2434 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\French.lg, size = 32768 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\French.lg, size = 22212 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\German.lg, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\German.lg, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\German.lg, size = 10556 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\German.lg, size = 32768 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\German.lg, size = 12814 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Arabic.lg, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Arabic.lg, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Arabic.lg, size = 19954 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Arabic.lg, size = 30456 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Portuguese, Brazilian.lg, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Portuguese, Brazilian.lg, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Portuguese, Brazilian.lg, size = 2312 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Portuguese, Brazilian.lg, size = 32768 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Portuguese, Brazilian.lg, size = 20826 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Chinese Traditional.lg, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Chinese Traditional.lg, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Chinese Traditional.lg, size = 11942 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Chinese Traditional.lg, size = 26302 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Czech.lg, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Czech.lg, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Czech.lg, size = 6466 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Czech.lg, size = 32768 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Czech.lg, size = 14998 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Dutch.lg, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Dutch.lg, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Dutch.lg, size = 17770 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Dutch.lg, size = 32768 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Dutch.lg, size = 6652 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Italian.lg, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Italian.lg, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Italian.lg, size = 26116 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Italian.lg, size = 30176 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Korean.lg, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Korean.lg, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Korean.lg, size = 2592 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Korean.lg, size = 32768 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Korean.lg, size = 6148 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Norwegian.lg, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Norwegian.lg, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Norwegian.lg, size = 26620 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Norwegian.lg, size = 26526 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Swedish.lg, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Swedish.lg, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Swedish.lg, size = 6242 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Swedish.lg, size = 32768 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Swedish.lg, size = 14342 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Danish.lg, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Danish.lg, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Danish.lg, size = 18426 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Danish.lg, size = 32768 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Danish.lg, size = 2712 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Chinese Simplified.lg, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Chinese Simplified.lg, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Chinese Simplified.lg, size = 30056 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Chinese Simplified.lg, size = 7936 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\vp8encoder.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\vp8encoder.dll, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\vp8encoder.dll, size = 24832 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\vp8encoder.dll, size = 32768 True 49
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\vp8encoder.dll, size = 11536 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\webmmux.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\webmmux.dll, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\webmmux.dll, size = 32768 True 8
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\webmmux.dll, size = 5136 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\webmvorbisdecoder.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\webmvorbisdecoder.dll, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\webmvorbisdecoder.dll, size = 27632 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\webmvorbisdecoder.dll, size = 32768 True 10
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\webmvorbisdecoder.dll, size = 19488 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\webmvorbisencoder.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\webmvorbisencoder.dll, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\webmvorbisencoder.dll, size = 13280 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\webmvorbisencoder.dll, size = 32768 True 26
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\webmvorbisencoder.dll, size = 16432 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Portuguese.lg, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Portuguese.lg, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Portuguese.lg, size = 16336 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Portuguese.lg, size = 32768 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Portuguese.lg, size = 6980 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x86\rup.ini, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\rup.ini, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\rup.ini, size = 40 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x86\fwproc.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\fwproc.exe, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\fwproc.exe, size = 25748 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\fwproc.exe, size = 32768 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\fwproc.exe, size = 32124 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x86\progress.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\progress.exe, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\progress.exe, size = 644 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\progress.exe, size = 19340 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x86\rupui2.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\rupui2.exe, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\rupui2.exe, size = 13428 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\rupui2.exe, size = 32768 True 4
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\rupui2.exe, size = 32156 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x86\setupdrv.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\setupdrv.exe, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\setupdrv.exe, size = 612 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\setupdrv.exe, size = 32768 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\setupdrv.exe, size = 28588 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x86\srvinst.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\srvinst.exe, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\srvinst.exe, size = 4180 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\srvinst.exe, size = 32768 True 3
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\srvinst.exe, size = 4540 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x86\VPDAgent.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\VPDAgent.exe, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\VPDAgent.exe, size = 28228 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\VPDAgent.exe, size = 32768 True 5
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\VPDAgent.exe, size = 13260 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x86\ruppm.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\ruppm.dll, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\ruppm.dll, size = 19508 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\ruppm.dll, size = 32768 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\ruppm.dll, size = 5084 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x86\rupui.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\rupui.dll, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\rupui.dll, size = 27664 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x86\unidrv_rup.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\unidrv_rup.dll, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\unidrv_rup.dll, size = 20 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\unidrv_rup.dll, size = 32768 True 11
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\unidrv_rup.dll, size = 23548 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x86\unidrvui_rup.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\unidrvui_rup.dll, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\unidrvui_rup.dll, size = 9220 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\unidrvui_rup.dll, size = 32768 True 22
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\unidrvui_rup.dll, size = 26124 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x86\unires_vpd.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\unires_vpd.dll, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\unires_vpd.dll, size = 6644 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\unires_vpd.dll, size = 32768 True 23
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\unires_vpd.dll, size = 10780 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x86\ntprint.inf, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\ntprint.inf, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\ntprint.inf, size = 9698 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x86\install.cmd, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\install.cmd, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\install.cmd, size = 60 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x86\uninstall.cmd, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\uninstall.cmd, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\uninstall.cmd, size = 79 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x86\rup.gpd, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\rup.gpd, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\rup.gpd, size = 14667 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x86\stdnames_vpd.gpd, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\stdnames_vpd.gpd, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\stdnames_vpd.gpd, size = 8264 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\stdnames_vpd.gpd, size = 6102 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x86\rup.lng, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\rup.lng, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\rup.lng, size = 26365 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x86\rup_s.lng, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\rup_s.lng, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\rup_s.lng, size = 301 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\rup_s.lng, size = 853 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x86\unidrv_rup.hlp, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x86\unidrv_rup.hlp, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x86\unidrv_rup.hlp, size = 21225 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x64\rup.ini, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\rup.ini, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\rup.ini, size = 40 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x64\fwproc_x64.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\fwproc_x64.exe, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\fwproc_x64.exe, size = 10650 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\fwproc_x64.exe, size = 10358 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x64\progress.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\progress.exe, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\progress.exe, size = 22410 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\progress.exe, size = 646 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x64\rupui2.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\rupui2.exe, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\rupui2.exe, size = 32122 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\rupui2.exe, size = 32768 True 5
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\rupui2.exe, size = 26774 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x64\setupdrv.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\setupdrv.exe, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\setupdrv.exe, size = 5994 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\setupdrv.exe, size = 32768 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\setupdrv.exe, size = 29862 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x64\srvinst_x64.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\srvinst_x64.exe, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\srvinst_x64.exe, size = 2906 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\srvinst_x64.exe, size = 32768 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\srvinst_x64.exe, size = 7350 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x64\VPDAgent_x64.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\VPDAgent_x64.exe, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\VPDAgent_x64.exe, size = 25418 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\VPDAgent_x64.exe, size = 32768 True 4
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\VPDAgent_x64.exe, size = 7878 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x64\ruppm.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\ruppm.dll, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\ruppm.dll, size = 24890 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\ruppm.dll, size = 32768 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\ruppm.dll, size = 5846 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x64\rupui.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\rupui.dll, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\rupui.dll, size = 26922 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\rupui.dll, size = 742 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x64\unidrv_rup.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\unidrv_rup.dll, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\unidrv_rup.dll, size = 32026 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\unidrv_rup.dll, size = 32768 True 13
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\unidrv_rup.dll, size = 29942 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x64\unidrvui_rup.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\unidrvui_rup.dll, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\unidrvui_rup.dll, size = 2826 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\unidrvui_rup.dll, size = 32768 True 27
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\unidrvui_rup.dll, size = 5382 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x64\unires_vpd.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\unires_vpd.dll, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\unires_vpd.dll, size = 27386 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\unires_vpd.dll, size = 32768 True 22
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\unires_vpd.dll, size = 22806 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x64\ntprint.inf, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\ntprint.inf, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\ntprint.inf, size = 9698 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x64\install.cmd, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\install.cmd, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\install.cmd, size = 68 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x64\uninstall.cmd, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\uninstall.cmd, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\uninstall.cmd, size = 87 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x64\rup.gpd, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\rup.gpd, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\rup.gpd, size = 14667 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x64\stdnames_vpd.gpd, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\stdnames_vpd.gpd, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\stdnames_vpd.gpd, size = 8248 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\stdnames_vpd.gpd, size = 6118 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x64\rup.lng, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\rup.lng, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\rup.lng, size = 26365 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x64\rup_s.lng, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\rup_s.lng, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\rup_s.lng, size = 285 True 1
Fn
Data
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\rup_s.lng, size = 869 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\, type = file_attributes True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\Printer\x64\unidrv_rup.hlp, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\Printer\x64\unidrv_rup.hlp, type = file_type True 1
Fn
File Write filename = C:\Program Files\Remote Utilities - Host\Printer\x64\unidrv_rup.hlp, size = 21225 True 1
Fn
Data
System Get Time type = System Time, time = 1627-02-08 02:09:37 (UTC) True 1
Fn
Thread 0xf8c
3 0
»
Category Operation Information Success Count Logfile
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = SaferComputeTokenFromLevel, address_out = 0x76a13352 True 1
Fn
Process Create process_name = "C:\Program Files\Remote Utilities - Host\rfusclient.exe" -msi_copy "C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi", os_pid = 0xf90, creation_flags = CREATE_NORMAL_PRIORITY_CLASS, CREATE_UNICODE_ENVIRONMENT, show_window = SW_HIDE True 1
Fn
System Sleep duration = -1 (infinite) True 1
Fn
Thread 0xfa4
4 0
»
Category Operation Information Success Count Logfile
Process Create process_name = "C:\Program Files\Remote Utilities - Host\rutserv.exe" /silentinstall, os_pid = 0xfa8, creation_flags = CREATE_SUSPENDED, CREATE_NORMAL_PRIORITY_CLASS, CREATE_UNICODE_ENVIRONMENT, show_window = SW_HIDE True 1
Fn
Thread Resume os_tid = 0xfac True 1
Fn
System Sleep duration = -1 (infinite) True 1
Fn
Thread 0xfc0
4 0
»
Category Operation Information Success Count Logfile
Process Create process_name = "C:\Program Files\Remote Utilities - Host\rutserv.exe" /firewall, os_pid = 0xfc4, creation_flags = CREATE_SUSPENDED, CREATE_NORMAL_PRIORITY_CLASS, CREATE_UNICODE_ENVIRONMENT, show_window = SW_HIDE True 1
Fn
Thread Resume os_tid = 0xfc8 True 1
Fn
System Sleep duration = -1 (infinite) True 1
Fn
Thread 0x870
4 0
»
Category Operation Information Success Count Logfile
Process Create process_name = "C:\Program Files\Remote Utilities - Host\rutserv.exe" /start, os_pid = 0x504, creation_flags = CREATE_SUSPENDED, CREATE_NORMAL_PRIORITY_CLASS, CREATE_UNICODE_ENVIRONMENT, CREATE_BREAKAWAY_FROM_JOB, show_window = SW_HIDE True 1
Fn
Thread Resume os_tid = 0x89c True 1
Fn
System Sleep duration = 30000 milliseconds (30.000 seconds) True 1
Fn
Process #3: msiexec.exe
1920 1660
»
Information Value
ID #3
File Name c:\windows\system32\msiexec.exe
Command Line C:\Windows\system32\MsiExec.exe -Embedding 184DC0E98E8691C9B1AAA08C2752D03C C
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:01:01, Reason: Child Process
Unmonitor End Time: 00:03:53, Reason: Terminated by Timeout
Monitor Duration 00:02:52
OS Process Information
»
Information Value
PID 0xa6c
Parent PID 0xa44 (c:\windows\system32\msiexec.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x A70
0x A74
0x A78
0x A7C
0x A80
0x A88
0x A8C
0x A94
0x AA4
0x AEC
0x AF0
0x AF4
0x AF8
0x AFC
0x B00
0x BAC
0x BB4
0x BBC
0x DD4
0x DE4
0x DE8
0x DEC
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x00026fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000040000 0x00040000 0x00041fff Pagefile Backed Memory r True False False -
locale.nls 0x00050000 0x000b6fff Memory Mapped File r False False False -
pagefile_0x00000000000c0000 0x000c0000 0x000c1fff Pagefile Backed Memory rw True False False -
msiexec.exe.mui 0x000d0000 0x000d0fff Memory Mapped File rw False False False -
private_0x00000000000e0000 0x000e0000 0x000e0fff Private Memory rw True False False -
private_0x00000000000f0000 0x000f0000 0x000f0fff Private Memory rw True False False -
windowsshell.manifest 0x00100000 0x00100fff Memory Mapped File r False False False -
pagefile_0x0000000000100000 0x00100000 0x00100fff Pagefile Backed Memory r True False False -
private_0x0000000000110000 0x00110000 0x0011ffff Private Memory rw True False False -
pagefile_0x0000000000120000 0x00120000 0x00121fff Pagefile Backed Memory r True False False -
private_0x0000000000130000 0x00130000 0x0016ffff Private Memory rw True False False -
pagefile_0x0000000000170000 0x00170000 0x00237fff Pagefile Backed Memory r True False False -
rpcss.dll 0x00240000 0x0029bfff Memory Mapped File r False False False -
pagefile_0x0000000000240000 0x00240000 0x00240fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000250000 0x00250000 0x00250fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000260000 0x00260000 0x00260fff Pagefile Backed Memory rw True False False -
private_0x0000000000270000 0x00270000 0x002affff Private Memory rw True False False -
pagefile_0x0000000000270000 0x00270000 0x00270fff Pagefile Backed Memory r True False False -
pagefile_0x00000000002b0000 0x002b0000 0x002b0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000002c0000 0x002c0000 0x002c1fff Pagefile Backed Memory r True False False -
index.dat 0x002d0000 0x002d7fff Memory Mapped File rw True False False -
private_0x00000000002e0000 0x002e0000 0x003dffff Private Memory rw True False False -
pagefile_0x00000000003e0000 0x003e0000 0x004e0fff Pagefile Backed Memory r True False False -
index.dat 0x004f0000 0x0051bfff Memory Mapped File rw True False False -
private_0x0000000000520000 0x00520000 0x0055ffff Private Memory rw True False False -
rsaenh.dll 0x00560000 0x0059bfff Memory Mapped File r False False False -
index.dat 0x00560000 0x0056ffff Memory Mapped File rw True False False -
private_0x0000000000570000 0x00570000 0x005bffff Private Memory rw True False False -
pagefile_0x0000000000570000 0x00570000 0x00570fff Pagefile Backed Memory r True False False -
private_0x0000000000580000 0x00580000 0x005bffff Private Memory rw True False False -
private_0x00000000005a0000 0x005a0000 0x005dffff Private Memory rw True False False -
pagefile_0x00000000005c0000 0x005c0000 0x005c0fff Pagefile Backed Memory rw True False False -
urlmon.dll.mui 0x005d0000 0x005d7fff Memory Mapped File rw False False False -
private_0x00000000005e0000 0x005e0000 0x0061ffff Private Memory rw True False False -
pagefile_0x0000000000620000 0x00620000 0x00620fff Pagefile Backed Memory r True False False -
private_0x0000000000640000 0x00640000 0x0067ffff Private Memory rw True False False -
pagefile_0x0000000000680000 0x00680000 0x0075efff Pagefile Backed Memory r True False False -
msiexec.exe 0x00780000 0x00793fff Memory Mapped File rwx True False False -
pagefile_0x00000000007a0000 0x007a0000 0x0139ffff Pagefile Backed Memory r True False False -
sortdefault.nls 0x013a0000 0x0166efff Memory Mapped File r False False False -
private_0x0000000001690000 0x01690000 0x016cffff Private Memory rw True False False -
private_0x0000000001700000 0x01700000 0x0170ffff Private Memory rw True False False -
private_0x0000000001710000 0x01710000 0x0174ffff Private Memory rw True False False -
private_0x0000000001730000 0x01730000 0x0176ffff Private Memory rw True False False -
private_0x0000000001740000 0x01740000 0x0177ffff Private Memory rw True False False -
private_0x0000000001750000 0x01750000 0x018fffff Private Memory rw True False False -
private_0x00000000017b0000 0x017b0000 0x017bffff Private Memory rw True False False -
private_0x00000000017c0000 0x017c0000 0x017fffff Private Memory rw True False False -
private_0x00000000017c0000 0x017c0000 0x0181ffff Private Memory rw True False False -
private_0x00000000017c0000 0x017c0000 0x0182ffff Private Memory rw True False False -
private_0x00000000017e0000 0x017e0000 0x0181ffff Private Memory rw True False False -
private_0x0000000001830000 0x01830000 0x0186ffff Private Memory rw True False False -
private_0x00000000018c0000 0x018c0000 0x018fffff Private Memory rw True False False -
private_0x0000000001900000 0x01900000 0x01a0ffff Private Memory rw True False False -
private_0x0000000001940000 0x01940000 0x0197ffff Private Memory rw True False False -
private_0x0000000001980000 0x01980000 0x019bffff Private Memory rw True False False -
private_0x0000000001a00000 0x01a00000 0x01a0ffff Private Memory rw True False False -
private_0x0000000001a10000 0x01a10000 0x01b0ffff Private Memory rw True False False -
private_0x0000000001b10000 0x01b10000 0x01d0ffff Private Memory rw True False False -
private_0x0000000001b10000 0x01b10000 0x01c0ffff Private Memory rw True False False -
private_0x0000000001b30000 0x01b30000 0x01b6ffff Private Memory rw True False False -
private_0x0000000001b50000 0x01b50000 0x01b8ffff Private Memory rw True False False -
private_0x0000000001cd0000 0x01cd0000 0x01d0ffff Private Memory rw True False False -
private_0x0000000001d10000 0x01d10000 0x01d4ffff Private Memory rw True False False -
private_0x0000000001df0000 0x01df0000 0x01e2ffff Private Memory rw True False False -
private_0x0000000001f10000 0x01f10000 0x01f4ffff Private Memory rw True False False -
msi32f7.tmp 0x6c440000 0x6c48dfff Memory Mapped File rwx True False False -
msiecb1.tmp 0x6e4a0000 0x6e4edfff Memory Mapped File rwx True True False
...
npmproxy.dll 0x6e700000 0x6e707fff Memory Mapped File rwx False False False -
netprofm.dll 0x6e8a0000 0x6e8f9fff Memory Mapped File rwx False False False -
msic85d.tmp 0x6ee80000 0x6ee98fff Memory Mapped File rwx True True False
...
msi.dll 0x6f040000 0x6f27ffff Memory Mapped File rwx False False False -
rasadhlp.dll 0x704a0000 0x704a5fff Memory Mapped File rwx False False False -
msicf22.tmp 0x71f20000 0x71f38fff Memory Mapped File rwx True True False
...
sensapi.dll 0x71f20000 0x71f25fff Memory Mapped File rwx False False False -
winrnr.dll 0x71f60000 0x71f67fff Memory Mapped File rwx False False False -
pnrpnsp.dll 0x71f70000 0x71f81fff Memory Mapped File rwx False False False -
rasman.dll 0x725f0000 0x72604fff Memory Mapped File rwx False False False -
rasapi32.dll 0x72610000 0x72661fff Memory Mapped File rwx False False False -
rtutils.dll 0x73390000 0x7339cfff Memory Mapped File rwx False False False -
napinsp.dll 0x733c0000 0x733cffff Memory Mapped File rwx False False False -
dhcpcsvc.dll 0x73670000 0x73681fff Memory Mapped File rwx False False False -
dhcpcsvc6.dll 0x73690000 0x7369cfff Memory Mapped File rwx False False False -
fwpuclnt.dll 0x736b0000 0x736e7fff Memory Mapped File rwx False False False -
winnsi.dll 0x737c0000 0x737c6fff Memory Mapped File rwx False False False -
iphlpapi.dll 0x737d0000 0x737ebfff Memory Mapped File rwx False False False -
nlaapi.dll 0x738f0000 0x738fffff Memory Mapped File rwx False False False -
ntmarta.dll 0x73c00000 0x73c20fff Memory Mapped File rwx False False False -
uxtheme.dll 0x741e0000 0x7421ffff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
version.dll 0x748d0000 0x748d8fff Memory Mapped File rwx False False False -
wshtcpip.dll 0x74960000 0x74964fff Memory Mapped File rwx False False False -
rsaenh.dll 0x74bf0000 0x74c2afff Memory Mapped File rwx False False False -
dnsapi.dll 0x74cd0000 0x74d13fff Memory Mapped File rwx False False False -
wship6.dll 0x74e00000 0x74e05fff Memory Mapped File rwx False False False -
mswsock.dll 0x74e10000 0x74e4bfff Memory Mapped File rwx False False False -
cryptsp.dll 0x74e50000 0x74e65fff Memory Mapped File rwx False False False -
sspicli.dll 0x752b0000 0x752cafff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x75370000 0x7537dfff Memory Mapped File rwx False False False -
profapi.dll 0x75380000 0x7538afff Memory Mapped File rwx False False False -
msasn1.dll 0x753f0000 0x753fbfff Memory Mapped File rwx False False False -
crypt32.dll 0x75420000 0x7553cfff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
wldap32.dll 0x75730000 0x75774fff Memory Mapped File rwx False False False -
clbcatq.dll 0x75780000 0x75802fff Memory Mapped File rwx False False False -
nsi.dll 0x75810000 0x75815fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
wininet.dll 0x76650000 0x76744fff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
urlmon.dll 0x76e70000 0x76fa5fff Memory Mapped File rwx False False False -
iertutil.dll 0x76fb0000 0x771aafff Memory Mapped File rwx False False False -
comdlg32.dll 0x771b0000 0x7722afff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
normaliz.dll 0x77370000 0x77372fff Memory Mapped File rwx False False False -
ws2_32.dll 0x77380000 0x773b4fff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
private_0x000000007ffaf000 0x7ffaf000 0x7ffaffff Private Memory rw True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffd3000 0x7ffd3000 0x7ffd3fff Private Memory rw True False False -
private_0x000000007ffd4000 0x7ffd4000 0x7ffd4fff Private Memory rw True False False -
private_0x000000007ffd5000 0x7ffd5000 0x7ffd5fff Private Memory rw True False False -
private_0x000000007ffd6000 0x7ffd6000 0x7ffd6fff Private Memory rw True False False -
private_0x000000007ffd7000 0x7ffd7000 0x7ffd7fff Private Memory rw True False False -
private_0x000000007ffd8000 0x7ffd8000 0x7ffd8fff Private Memory rw True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory rw True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory rw True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
For performance reasons, the remaining 25 entries are omitted.
The remaining entries can be found in flog.txt.
Created Files
»
Filename File Size Hash Values YARA Match Actions
c:\windows\tasks\{de4c87a4-56df-40f2-bf3b-9314f5f8610b}.job 1.30 KB MD5: 6d2953aecb9fbe84dc91348d2fa4b0dc
SHA1: 32eca5d0f4c2ad3aa59a99fe4391f0a1b4120923
SHA256: 076f5bd18aa1da33b7bce288ac15639132c1609bccfd8b523cf7095394f71e36
SSDeep: 24:dI+IftIxh1nDP52kl7VR+DP2eSypUWDSqIxSfLI3ipV5+dzON:CftIVnToGp0TxphdIgDI3SqdzO 		False
...
C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part 10.00 MB MD5: fe81caf55bd98d3b8d53bdd38f214dcb
SHA1: 0defd3e408dee73b55e8d05ac2df12b86c8d7302
SHA256: 914d529465cdc3b7598bd4c0457583f2e779180fd206f85867f9abd7f8cd739b
SSDeep: 196608:itDW2c3gwhxOn0UM0Uyqn6Stt6MNfW9BKzFhBgDwdlzOoxJOh1odBPg14Kq4QKxY:I/ln0Dyqntt6MJsKzFhBDlzxJ+1o36Ij 		False
...
Threads
Thread 0xa70
25 0
»
Category Operation Information Success Count Logfile
System Get Time type = System Time, time = 2018-08-28 10:27:41 (UTC) True 1
Fn
System Get Time type = Ticks, time = 116953 True 1
Fn
Module Get Handle module_name = c:\windows\system32\msiexec.exe, base_address = 0x780000 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = COMCTL32, base_address = 0x74360000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = InitCommonControlsEx, address_out = 0x743809ce True 1
Fn
System Get Info type = Operating System True 1
Fn
Process Get Info type = PROCESS_WOW64_INFORMATION True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type False 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\OLE32.DLL, base_address = 0x76750000 True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoInitializeEx, address_out = 0x767909ad True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER False 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoInitializeSecurity, address_out = 0x76777259 True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoCreateInstance, address_out = 0x76799d0b True 1
Fn
COM Create interface = 00000000-0000-0000-C000-000000000046, cls_context = CLSCTX_LOCAL_SERVER True 1
Fn
Module Load module_name = Msi.dll, base_address = 0x6f040000 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = DllGetClassObject, address_out = 0x6f06183e True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoIsHandlerConnected, address_out = 0x768139b5 True 1
Fn
System Sleep duration = -1 (infinite) False 1
Fn
Thread 0xa8c
1 0
»
Category Operation Information Success Count Logfile
Thread 0xa94
7 0
»
Category Operation Information Success Count Logfile
COM Create interface = 8BE2D872-86AA-4D47-B776-32CCA40C7018, cls_context = CLSCTX_INPROC_SERVER True 3
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = ADVAPI32.dll, base_address = 0x769f0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyExW, address_out = 0x76a0468d True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InetStp False 1
Fn
Thread 0xaec
41 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsAlloc, address_out = 0x7696418d True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsGetValue, address_out = 0x76961e16 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsSetValue, address_out = 0x769676e6 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsFree, address_out = 0x76961f61 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Environment Get Environment String - True 1
Fn
Data
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Module Get Filename process_name = c:\windows\system32\msiexec.exe, file_name_orig = C:\Windows\system32\MsiExec.exe, size = 260 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x769676b5 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = IsWow64Process, address_out = 0x76954785 True 1
Fn
System Get Info type = Operating System True 1
Fn
File Get Info type = size True 1
Fn
Thread 0xaf0
1684 1660
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Load module_name = WININET.dll, base_address = 0x76650000 True 1
Fn
Module Get Address module_name = c:\windows\system32\wininet.dll, function = InternetOpenW, address_out = 0x76679197 True 1
Fn
Inet Open Session user_agent = AdvancedInstaller, access_type = INTERNET_OPEN_TYPE_PRECONFIG, flags = INTERNET_FLAG_ASYNC True 1
Fn
Module Get Address module_name = c:\windows\system32\wininet.dll, function = InternetSetStatusCallbackW, address_out = 0x766cc065 True 1
Fn
Module Get Address module_name = c:\windows\system32\wininet.dll, function = InternetCrackUrlW, address_out = 0x76698930 True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL False 1
Fn
Module Get Address module_name = c:\windows\system32\wininet.dll, function = InternetConnectW, address_out = 0x7667492c True 1
Fn
Inet Open Connection protocol = HTTP, server_name = adobemacromedia.com, server_port = 80 True 1
Fn
Module Get Address module_name = c:\windows\system32\wininet.dll, function = HttpOpenRequestW, address_out = 0x76674a42 True 1
Fn
Inet Open HTTP Request http_verb = GET, http_version = HTTP/1.0, target_resource = /setup.exe, accept_types = 26737692, flags = INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_KEEP_CONNECTION, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Module Get Address module_name = c:\windows\system32\wininet.dll, function = HttpSendRequestW, address_out = 0x7667ba12 True 1
Fn
Inet Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = adobemacromedia.com/setup.exe False 1
Fn
Module Get Address module_name = c:\windows\system32\wininet.dll, function = HttpQueryInfoW, address_out = 0x76675c75 True 1
Fn
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Module Get Address module_name = c:\windows\system32\wininet.dll, function = HttpQueryInfoW, address_out = 0x76675c75 True 1
Fn
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_CONTENT_LENGTH, size_out = 4 True 1
Fn
Data
Module Get Address module_name = c:\windows\system32\wininet.dll, function = InternetCloseHandle, address_out = 0x7666ab49 True 1
Fn
Inet Close Session - False 1
Fn
File Create Directory C:\Users False 1
Fn
File Create Directory C:\Users\EEBsYm5 False 1
Fn
File Create Directory C:\Users\EEBsYm5\AppData False 1
Fn
File Create Directory C:\Users\EEBsYm5\AppData\Roaming False 1
Fn
File Create Directory C:\Users\EEBsYm5\AppData\Roaming\Adobe False 1
Fn
File Create Directory C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader True 1
Fn
File Create Directory C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites True 1
Fn
File Create Directory C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Module Get Address module_name = c:\windows\system32\wininet.dll, function = InternetQueryDataAvailable, address_out = 0x76675e5d True 1
Fn
Module Get Address module_name = c:\windows\system32\wininet.dll, function = InternetReadFile, address_out = 0x7666b406 True 1
Fn
Inet Read Response size = 610, size_out = 610 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 610 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
Inet Read Response size = 8192, size_out = 8192 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part, size = 8192 True 1
Fn
Data
For performance reasons, the remaining 2344 entries are omitted.
The remaining entries can be found in glog.xml.
Thread 0xaf4
7 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Thread 0xaf8
7 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Thread 0xafc
7 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Thread 0xb00
7 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Thread 0xbac
7 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Thread 0xbb4
33 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsAlloc, address_out = 0x7696418d True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsGetValue, address_out = 0x76961e16 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsSetValue, address_out = 0x769676e6 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsFree, address_out = 0x76961f61 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Environment Get Environment String - True 1
Fn
Data
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Module Get Filename process_name = c:\windows\system32\msiexec.exe, file_name_orig = C:\Windows\system32\MsiExec.exe, size = 260 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x769676b5 True 1
Fn
Thread 0xbbc
33 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsAlloc, address_out = 0x7696418d True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsGetValue, address_out = 0x76961e16 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsSetValue, address_out = 0x769676e6 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsFree, address_out = 0x76961f61 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Environment Get Environment String - True 1
Fn
Data
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Module Get Filename process_name = c:\windows\system32\msiexec.exe, file_name_orig = C:\Windows\system32\MsiExec.exe, size = 260 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x769676b5 True 1
Fn
Thread 0xdd4
38 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsAlloc, address_out = 0x7696418d True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsGetValue, address_out = 0x76961e16 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsSetValue, address_out = 0x769676e6 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsFree, address_out = 0x76961f61 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Environment Get Environment String - True 1
Fn
Data
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Module Get Filename process_name = c:\windows\system32\msiexec.exe, file_name_orig = C:\Windows\system32\MsiExec.exe, size = 260 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x769676b5 True 1
Fn
Service Get Info - True 1
Fn
COM Create interface = 148BD527-A2AB-11CE-B11F-00AA00530503, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
System Get Info type = Operating System True 1
Fn
System Get Time type = System Time, time = 2018-08-28 10:29:14 (UTC) True 1
Fn
Process Create process_name = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, show_window = SW_SHOWNORMAL True 1
Fn
Thread 0xde4
9 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Thread 0xde8
7 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Thread 0xdec
7 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Process #5: adobereader_dcupd_en_cra_install.exe
495 0
»
Information Value
ID #5
File Name c:\users\eebsym5\desktop\adobereader_dcupd_en_cra_install.exe
Command Line "C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe" /i "C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi" CHAINERUIPROCESSID="2564Chainer" EXECUTEACTION="INSTALL" SECONDSEQUENCE="1" CLIENTPROCESSID="2564" ADDLOCAL="MainFeature,RequiredApplication" ACTION="INSTALL" CLIENTUILEVEL="0" PRIMARYFOLDER="APPDIR" ROOTDRIVE="C:\" AI_PREREQFILES="C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe" AI_PREREQDIRS="C:\Users\EEBsYm5\AppData\Roaming\Adobe" EXE_CMD_LINE="/exenoupdates /exelang 0 /noprereqs " AI_SETUPEXEPATH="C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe" SETUPEXEDIR="C:\Users\EEBsYm5\Desktop\" TARGETDIR="C:\" APPDIR="C:\Program Files\Adobe\Adobe Reader\"
Initial Working Directory C:\Users\EEBsYm5\Desktop\
Monitor Start Time: 00:01:39, Reason: Child Process
Unmonitor End Time: 00:02:51, Reason: Self Terminated
Monitor Duration 00:01:12
OS Process Information
»
Information Value
PID 0xbc0
Parent PID 0xa04 (c:\users\eebsym5\desktop\adobereader_dcupd_en_cra_install.exe)
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x BC4
0x BCC
0x BD0
0x BD4
0x BD8
0x BDC
0x BE0
0x BE4
0x BE8
0x DC8
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x00020fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000040000 0x00040000 0x00041fff Pagefile Backed Memory r True False False -
private_0x0000000000050000 0x00050000 0x0014ffff Private Memory rw True False False -
private_0x0000000000150000 0x00150000 0x00150fff Private Memory rw True False False -
pagefile_0x0000000000160000 0x00160000 0x00160fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000170000 0x00170000 0x00171fff Pagefile Backed Memory r True False False -
private_0x0000000000180000 0x00180000 0x0018ffff Private Memory rw True False False -
pagefile_0x0000000000190000 0x00190000 0x00191fff Pagefile Backed Memory r True False False -
private_0x00000000001a0000 0x001a0000 0x0029ffff Private Memory rw True False False -
locale.nls 0x002a0000 0x00306fff Memory Mapped File r False False False -
pagefile_0x0000000000310000 0x00310000 0x003d7fff Pagefile Backed Memory r True False False -
pagefile_0x00000000003e0000 0x003e0000 0x004e0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000004f0000 0x004f0000 0x010effff Pagefile Backed Memory r True False False -
private_0x00000000010f0000 0x010f0000 0x011bffff Private Memory rw True False False -
pagefile_0x00000000010f0000 0x010f0000 0x010f0fff Pagefile Backed Memory r True False False -
pagefile_0x0000000001100000 0x01100000 0x01100fff Pagefile Backed Memory r True False False -
cversions.1.db 0x01110000 0x01113fff Memory Mapped File r True False False -
pagefile_0x0000000001110000 0x01110000 0x01116fff Pagefile Backed Memory r True False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001a.db 0x01120000 0x0113efff Memory Mapped File r True False False -
pagefile_0x0000000001140000 0x01140000 0x01140fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000001150000 0x01150000 0x01151fff Pagefile Backed Memory rw True False False -
msimsg.dll.mui 0x01160000 0x01173fff Memory Mapped File rw False False False -
private_0x0000000001180000 0x01180000 0x011bffff Private Memory rw True False False -
private_0x00000000011c0000 0x011c0000 0x011cffff Private Memory rw True False False -
private_0x00000000011d0000 0x011d0000 0x0120ffff Private Memory rw True False False -
private_0x0000000001210000 0x01210000 0x0137ffff Private Memory rw True False False -
private_0x0000000001210000 0x01210000 0x0130ffff Private Memory rw True False False -
sxs.dll.mui 0x01310000 0x01315fff Memory Mapped File rw False False False -
sxs.dll 0x01310000 0x0136cfff Memory Mapped File r False False False -
fusion.dll 0x01310000 0x01326fff Memory Mapped File r True False False -
private_0x0000000001310000 0x01310000 0x01310fff Private Memory rw True False False -
private_0x0000000001330000 0x01330000 0x01330fff Private Memory rw True False False -
private_0x0000000001370000 0x01370000 0x0137ffff Private Memory rw True False False -
adobereader_dcupd_en_cra_install.exe 0x01380000 0x014fdfff Memory Mapped File rwx True True False
...
private_0x0000000001500000 0x01500000 0x0167ffff Private Memory rw True False False -
private_0x0000000001500000 0x01500000 0x015fffff Private Memory rw True False False -
sxs.dll.mui 0x01600000 0x01605fff Memory Mapped File rw False False False -
private_0x0000000001670000 0x01670000 0x0167ffff Private Memory rw True False False -
sortdefault.nls 0x01680000 0x0194efff Memory Mapped File r False False False -
pagefile_0x0000000001950000 0x01950000 0x01a2efff Pagefile Backed Memory r True False False -
private_0x0000000001a70000 0x01a70000 0x01b6ffff Private Memory rw True False False -
private_0x0000000001b70000 0x01b70000 0x01beffff Private Memory rw True False False -
private_0x0000000001c10000 0x01c10000 0x01d0ffff Private Memory rw True False False -
private_0x0000000001d10000 0x01d10000 0x01e10fff Private Memory rw True False False -
pagefile_0x0000000001d10000 0x01d10000 0x02102fff Pagefile Backed Memory r True False False -
pagefile_0x0000000002110000 0x02110000 0x0250ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000002510000 0x02510000 0x02603fff Pagefile Backed Memory r True False False -
private_0x0000000002530000 0x02530000 0x0262ffff Private Memory rw True False False -
pagefile_0x0000000002630000 0x02630000 0x02723fff Pagefile Backed Memory r True False False -
private_0x0000000002650000 0x02650000 0x0274ffff Private Memory rw True False False -
pagefile_0x0000000002750000 0x02750000 0x02843fff Pagefile Backed Memory r True False False -
private_0x00000000028d0000 0x028d0000 0x029cffff Private Memory rw True False False -
private_0x00000000029d0000 0x029d0000 0x02abffff Private Memory rw True False False -
kernelbase.dll.mui 0x029d0000 0x02a8ffff Memory Mapped File rw False False False -
private_0x0000000002ab0000 0x02ab0000 0x02abffff Private Memory rw True False False -
private_0x0000000002b00000 0x02b00000 0x02bfffff Private Memory rw True False False -
pagefile_0x0000000002c00000 0x02c00000 0x02cf3fff Pagefile Backed Memory r True False False -
private_0x0000000002d30000 0x02d30000 0x02d6ffff Private Memory rwx True False False -
private_0x0000000002d70000 0x02d70000 0x02e6ffff Private Memory rw True False False -
private_0x0000000002d80000 0x02d80000 0x02e7ffff Private Memory rw True False False -
private_0x0000000002e90000 0x02e90000 0x02f8ffff Private Memory rw True False False -
private_0x0000000002f90000 0x02f90000 0x0308ffff Private Memory rw True False False -
private_0x0000000003130000 0x03130000 0x0316ffff Private Memory rw True False False -
pagefile_0x0000000003170000 0x03170000 0x0356ffff Pagefile Backed Memory rw True False False -
clr.dll 0x6b330000 0x6b9d7fff Memory Mapped File rwx True False False -
clr.dll 0x6b9e0000 0x6c087fff Memory Mapped File rwx True False False -
msihnd.dll 0x6e0a0000 0x6e0f4fff Memory Mapped File rwx False False False -
mscoreei.dll 0x6e100000 0x6e177fff Memory Mapped File rwx True False False -
mscoree.dll 0x6e180000 0x6e1c9fff Memory Mapped File rwx True False False -
riched20.dll 0x6e1d0000 0x6e245fff Memory Mapped File rwx False False False -
fusion.dll 0x6e4b0000 0x6e4c5fff Memory Mapped File rwx True False False -
fusion.dll 0x6e4d0000 0x6e4e5fff Memory Mapped File rwx True False False -
msi.dll 0x6f040000 0x6f27ffff Memory Mapped File rwx False False False -
dbghelp.dll 0x6f8f0000 0x6f9dafff Memory Mapped File rwx False False False -
apphelp.dll 0x718b0000 0x718fbfff Memory Mapped File rwx False False False -
msimsg.dll 0x71f40000 0x71f46fff Memory Mapped File rwx False False False -
msimg32.dll 0x71f50000 0x71f54fff Memory Mapped File rwx False False False -
ntmarta.dll 0x73c00000 0x73c20fff Memory Mapped File rwx False False False -
samcli.dll 0x73c30000 0x73c3efff Memory Mapped File rwx False False False -
wkscli.dll 0x73c40000 0x73c4efff Memory Mapped File rwx False False False -
netutils.dll 0x73c50000 0x73c58fff Memory Mapped File rwx False False False -
netapi32.dll 0x73c60000 0x73c70fff Memory Mapped File rwx False False False -
dwmapi.dll 0x73eb0000 0x73ec2fff Memory Mapped File rwx False False False -
gdiplus.dll 0x74050000 0x741dffff Memory Mapped File rwx False False False -
uxtheme.dll 0x741e0000 0x7421ffff Memory Mapped File rwx False False False -
propsys.dll 0x74220000 0x74314fff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
version.dll 0x748d0000 0x748d8fff Memory Mapped File rwx False False False -
rsaenh.dll 0x74bf0000 0x74c2afff Memory Mapped File rwx False False False -
cryptsp.dll 0x74e50000 0x74e65fff Memory Mapped File rwx False False False -
srvcli.dll 0x75220000 0x75238fff Memory Mapped File rwx False False False -
secur32.dll 0x75290000 0x75297fff Memory Mapped File rwx False False False -
sspicli.dll 0x752b0000 0x752cafff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
sxs.dll 0x752e0000 0x7533efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x75370000 0x7537dfff Memory Mapped File rwx False False False -
profapi.dll 0x75380000 0x7538afff Memory Mapped File rwx False False False -
msasn1.dll 0x753f0000 0x753fbfff Memory Mapped File rwx False False False -
devobj.dll 0x75400000 0x75411fff Memory Mapped File rwx False False False -
crypt32.dll 0x75420000 0x7553cfff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
cfgmgr32.dll 0x75590000 0x755b6fff Memory Mapped File rwx False False False -
wintrust.dll 0x75650000 0x7567cfff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
wldap32.dll 0x75730000 0x75774fff Memory Mapped File rwx False False False -
clbcatq.dll 0x75780000 0x75802fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
setupapi.dll 0x764b0000 0x7664cfff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
comdlg32.dll 0x771b0000 0x7722afff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
imagehlp.dll 0x77430000 0x77459fff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffd6000 0x7ffd6000 0x7ffd6fff Private Memory rw True False False -
private_0x000000007ffd7000 0x7ffd7000 0x7ffd7fff Private Memory rw True False False -
private_0x000000007ffd8000 0x7ffd8000 0x7ffd8fff Private Memory rw True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory rw True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory rw True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Threads
Thread 0xbc4
46 0
»
Category Operation Information Success Count Logfile
System Get Time type = System Time, time = 2018-08-28 10:28:11 (UTC) True 1
Fn
System Get Time type = Ticks, time = 147576 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsAlloc, address_out = 0x7696418d True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsGetValue, address_out = 0x76961e16 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsSetValue, address_out = 0x769676e6 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsFree, address_out = 0x76961f61 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Filename process_name = c:\users\eebsym5\desktop\adobereader_dcupd_en_cra_install.exe, file_name_orig = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 260 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x769676b5 True 1
Fn
System Get Time type = System Time, time = 2018-08-28 10:28:11 (UTC) True 1
Fn
Module Load module_name = RICHED20.DLL, base_address = 0x6e1d0000 True 1
Fn
File Create filename = C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 137, address_out = 0x6f054e3e True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 281, address_out = 0x6f103183 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 118, address_out = 0x6f113f4c True 1
Fn
System Get Time type = System Time, time = 2018-08-28 10:28:12 (UTC) True 2
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 150, address_out = 0x6f11220b True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = 34, address_out = 0x6f112be1 True 1
Fn
Thread 0xbd4
442 0
»
Category Operation Information Success Count Logfile
File Create filename = \\.\pipe\ToServer2564, desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
Module Get Address module_name = c:\windows\system32\msi.dll, function = 171, address_out = 0x6f112a79 True 1
Fn
File Write filename = \\.\pipe\ToServer2564, size = 42 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 16 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 86 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 62 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 78 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 62 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 16 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 72 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 42 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 18 True 1
Fn
Data
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 10 True 1
Fn
Data
File Write filename = \\.\pipe\ToServer2564, size = 0 True 1
Fn
File Read filename = \\.\pipe\ToServer2564, size = 1024, size_out = 2 True 1
Fn
Data
Thread 0xdc8
7 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Process #10: msiexec.exe
141 0
»
Information Value
ID #10
File Name c:\windows\system32\msiexec.exe
Command Line C:\Windows\system32\MsiExec.exe -Embedding DF038523499942DC9F17A1C1DC9158CF
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:02:41, Reason: Child Process
Unmonitor End Time: 00:02:50, Reason: Self Terminated
Monitor Duration 00:00:09
OS Process Information
»
Information Value
PID 0xd78
Parent PID 0xa44 (c:\windows\system32\msiexec.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x D7C
0x D84
0x D8C
0x D90
0x D94
0x D98
0x DA0
0x DAC
0x DBC
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x00026fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000040000 0x00040000 0x00041fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000050000 0x00050000 0x00051fff Pagefile Backed Memory rw True False False -
msiexec.exe.mui 0x00060000 0x00060fff Memory Mapped File rw False False False -
private_0x0000000000070000 0x00070000 0x00070fff Private Memory rw True False False -
private_0x0000000000080000 0x00080000 0x0008ffff Private Memory rw True False False -
private_0x0000000000090000 0x00090000 0x000cffff Private Memory rw True False False -
locale.nls 0x000d0000 0x00136fff Memory Mapped File r False False False -
pagefile_0x0000000000140000 0x00140000 0x00207fff Pagefile Backed Memory r True False False -
private_0x0000000000210000 0x00210000 0x00210fff Private Memory rw True False False -
windowsshell.manifest 0x00220000 0x00220fff Memory Mapped File r False False False -
pagefile_0x0000000000220000 0x00220000 0x00220fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000230000 0x00230000 0x00231fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000240000 0x00240000 0x00240fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000250000 0x00250000 0x00250fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000260000 0x00260000 0x00260fff Pagefile Backed Memory rw True False False -
private_0x0000000000270000 0x00270000 0x0036ffff Private Memory rw True False False -
pagefile_0x0000000000370000 0x00370000 0x00470fff Pagefile Backed Memory r True False False -
sortdefault.nls 0x00480000 0x0074efff Memory Mapped File r False False False -
pagefile_0x0000000000750000 0x00750000 0x00750fff Pagefile Backed Memory r True False False -
private_0x0000000000760000 0x00760000 0x0076ffff Private Memory rw True False False -
msiexec.exe 0x00780000 0x00793fff Memory Mapped File rwx True False False -
pagefile_0x00000000007a0000 0x007a0000 0x0139ffff Pagefile Backed Memory r True False False -
rpcss.dll 0x013a0000 0x013fbfff Memory Mapped File r False False False -
rsaenh.dll 0x013a0000 0x013dbfff Memory Mapped File r False False False -
private_0x00000000013a0000 0x013a0000 0x0143ffff Private Memory rw True False False -
private_0x0000000001440000 0x01440000 0x0147ffff Private Memory rw True False False -
private_0x00000000014a0000 0x014a0000 0x014dffff Private Memory rw True False False -
pagefile_0x00000000014e0000 0x014e0000 0x015befff Pagefile Backed Memory r True False False -
private_0x00000000015d0000 0x015d0000 0x0160ffff Private Memory rw True False False -
private_0x0000000001640000 0x01640000 0x0167ffff Private Memory rw True False False -
private_0x0000000001680000 0x01680000 0x016bffff Private Memory rw True False False -
private_0x00000000016c0000 0x016c0000 0x0175ffff Private Memory rw True False False -
private_0x0000000001710000 0x01710000 0x0174ffff Private Memory rw True False False -
private_0x0000000001730000 0x01730000 0x0176ffff Private Memory rw True False False -
private_0x0000000001750000 0x01750000 0x0187ffff Private Memory rw True False False -
private_0x0000000001750000 0x01750000 0x0184ffff Private Memory rw True False False -
private_0x0000000001770000 0x01770000 0x0186ffff Private Memory rw True False False -
private_0x0000000001870000 0x01870000 0x0187ffff Private Memory rw True False False -
msi1832.tmp 0x6c440000 0x6c48dfff Memory Mapped File rwx True True False
...
msi14e6.tmp 0x6e250000 0x6e268fff Memory Mapped File rwx True True False
...
msi.dll 0x6f040000 0x6f27ffff Memory Mapped File rwx False False False -
uxtheme.dll 0x741e0000 0x7421ffff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
version.dll 0x748d0000 0x748d8fff Memory Mapped File rwx False False False -
rsaenh.dll 0x74bf0000 0x74c2afff Memory Mapped File rwx False False False -
cryptsp.dll 0x74e50000 0x74e65fff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x75370000 0x7537dfff Memory Mapped File rwx False False False -
profapi.dll 0x75380000 0x7538afff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
clbcatq.dll 0x75780000 0x75802fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
comdlg32.dll 0x771b0000 0x7722afff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory rw True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory rw True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Threads
Thread 0xd7c
25 0
»
Category Operation Information Success Count Logfile
System Get Time type = System Time, time = 2018-08-28 10:29:06 (UTC) True 1
Fn
System Get Time type = Ticks, time = 202021 True 1
Fn
Module Get Handle module_name = c:\windows\system32\msiexec.exe, base_address = 0x780000 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = COMCTL32, base_address = 0x74360000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = InitCommonControlsEx, address_out = 0x743809ce True 1
Fn
System Get Info type = Operating System True 1
Fn
Process Get Info type = PROCESS_WOW64_INFORMATION True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type False 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\OLE32.DLL, base_address = 0x76750000 True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoInitializeEx, address_out = 0x767909ad True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER False 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoInitializeSecurity, address_out = 0x76777259 True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoCreateInstance, address_out = 0x76799d0b True 1
Fn
COM Create interface = 00000000-0000-0000-C000-000000000046, cls_context = CLSCTX_LOCAL_SERVER True 1
Fn
Module Load module_name = Msi.dll, base_address = 0x6f040000 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = DllGetClassObject, address_out = 0x6f06183e True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoIsHandlerConnected, address_out = 0x768139b5 True 1
Fn
System Sleep duration = -1 (infinite) True 1
Fn
Thread 0xd98
7 0
»
Category Operation Information Success Count Logfile
COM Create interface = 8BE2D872-86AA-4D47-B776-32CCA40C7018, cls_context = CLSCTX_INPROC_SERVER True 3
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = ADVAPI32.dll, base_address = 0x769f0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyExW, address_out = 0x76a0468d True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InetStp False 1
Fn
Thread 0xda0
33 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsAlloc, address_out = 0x7696418d True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsGetValue, address_out = 0x76961e16 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsSetValue, address_out = 0x769676e6 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsFree, address_out = 0x76961f61 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Environment Get Environment String - True 1
Fn
Data
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Module Get Filename process_name = c:\windows\system32\msiexec.exe, file_name_orig = C:\Windows\system32\MsiExec.exe, size = 260 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x769676b5 True 1
Fn
Thread 0xdac
39 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsAlloc, address_out = 0x7696418d True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsGetValue, address_out = 0x76961e16 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsSetValue, address_out = 0x769676e6 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsFree, address_out = 0x76961f61 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Environment Get Environment String - True 1
Fn
Data
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Module Get Filename process_name = c:\windows\system32\msiexec.exe, file_name_orig = C:\Windows\system32\MsiExec.exe, size = 260 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x769676b5 True 1
Fn
File Create filename = \\.\pipe\ToServerAdvinst_Estimate_C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
File Write filename = \\.\pipe\ToServerAdvinst_Estimate_C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 4 True 1
Fn
Data
File Read filename = \\.\pipe\ToServerAdvinst_Estimate_C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 32656, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServerAdvinst_Estimate_C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 4 True 1
Fn
Data
File Read filename = \\.\pipe\ToServerAdvinst_Estimate_C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 32656, size_out = 2 True 1
Fn
Data
File Write filename = \\.\pipe\ToServerAdvinst_Estimate_C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 4 True 1
Fn
Data
Thread 0xdbc
37 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsAlloc, address_out = 0x7696418d True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsGetValue, address_out = 0x76961e16 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsSetValue, address_out = 0x769676e6 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsFree, address_out = 0x76961f61 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x7728a295 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x7728cd10 True 1
Fn
Environment Get Environment String - True 1
Fn
Data
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Module Get Filename process_name = c:\windows\system32\msiexec.exe, file_name_orig = C:\Windows\system32\MsiExec.exe, size = 260 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x769676b5 True 1
Fn
File Create filename = \\.\pipe\ToServerAdvinst_Extract_C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
File Write filename = \\.\pipe\ToServerAdvinst_Extract_C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 4 True 1
Fn
Data
File Read filename = \\.\pipe\ToServerAdvinst_Extract_C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 32656, size_out = 18 True 1
Fn
Data
File Write filename = \\.\pipe\ToServerAdvinst_Extract_C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe, size = 4 True 1
Fn
Data
Process #11: setup.exe
1795 0
»
Information Value
ID #11
File Name c:\users\eebsym5\appdata\roaming\adobe\adobe reader\prerequisites\requiredapplication\setup.exe
Command Line "C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe"
Initial Working Directory C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\
Monitor Start Time: 00:02:51, Reason: Child Process
Unmonitor End Time: 00:03:53, Reason: Terminated by Timeout
Monitor Duration 00:01:02
OS Process Information
»
Information Value
PID 0xdf0
Parent PID 0xa6c (c:\windows\system32\msiexec.exe)
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x DF4
0x DF8
0x DFC
0x E00
0x E04
0x EA4
0x EE0
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x00020fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x0012ffff Private Memory rw True False False -
pagefile_0x0000000000130000 0x00130000 0x00133fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000140000 0x00140000 0x00142fff Pagefile Backed Memory r True False False -
locale.nls 0x00150000 0x001b6fff Memory Mapped File r False False False -
private_0x00000000001c0000 0x001c0000 0x001c0fff Private Memory rw True False False -
pagefile_0x00000000001d0000 0x001d0000 0x001d6fff Pagefile Backed Memory r True False False -
pagefile_0x00000000001e0000 0x001e0000 0x001e1fff Pagefile Backed Memory r True False False -
pagefile_0x00000000001f0000 0x001f0000 0x001f1fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000200000 0x00200000 0x00200fff Pagefile Backed Memory rw True False False -
private_0x0000000000210000 0x00210000 0x0021ffff Private Memory rw True False False -
rpcss.dll 0x00220000 0x0027bfff Memory Mapped File r False False False -
private_0x0000000000220000 0x00220000 0x0029ffff Private Memory rw True False False -
private_0x00000000002a0000 0x002a0000 0x0039ffff Private Memory rw True False False -
pagefile_0x00000000003a0000 0x003a0000 0x003a1fff Pagefile Backed Memory r True False False -
pagefile_0x00000000003b0000 0x003b0000 0x003b0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000003c0000 0x003c0000 0x003c0fff Pagefile Backed Memory r True False False -
cversions.1.db 0x003d0000 0x003d3fff Memory Mapped File r True False False -
pagefile_0x00000000003d0000 0x003d0000 0x003d1fff Pagefile Backed Memory r True False False -
msctf.dll.mui 0x003d0000 0x003d0fff Memory Mapped File rw False False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001a.db 0x003e0000 0x003fefff Memory Mapped File r True False False -
setup.exe 0x00400000 0x00432fff Memory Mapped File rwx True True False
...
pagefile_0x0000000000440000 0x00440000 0x00507fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000510000 0x00510000 0x00610fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000620000 0x00620000 0x0121ffff Pagefile Backed Memory r True False False -
private_0x0000000001220000 0x01220000 0x0131ffff Private Memory - True False False -
private_0x0000000001320000 0x01320000 0x0151ffff Private Memory rw True False False -
pagefile_0x0000000001320000 0x01320000 0x013fefff Pagefile Backed Memory r True False False -
private_0x0000000001400000 0x01400000 0x014cffff Private Memory rw True False False -
pagefile_0x0000000001400000 0x01400000 0x01400fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000001410000 0x01410000 0x01411fff Pagefile Backed Memory r True False False -
cversions.2.db 0x01410000 0x01413fff Memory Mapped File r True False False -
{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db 0x01420000 0x0144ffff Memory Mapped File r True False False -
cversions.2.db 0x01450000 0x01453fff Memory Mapped File r True False False -
private_0x0000000001490000 0x01490000 0x014cffff Private Memory rw True False False -
private_0x00000000014e0000 0x014e0000 0x0151ffff Private Memory rw True False False -
private_0x0000000001520000 0x01520000 0x016affff Private Memory rw True False False -
private_0x0000000001520000 0x01520000 0x01620fff Private Memory rw True False False -
private_0x0000000001520000 0x01520000 0x0161ffff Private Memory rw True False False -
private_0x0000000001670000 0x01670000 0x016affff Private Memory rw True False False -
staticcache.dat 0x016b0000 0x01fdffff Memory Mapped File r False False False -
pagefile_0x0000000001fe0000 0x01fe0000 0x023d2fff Pagefile Backed Memory r True False False -
sortdefault.nls 0x023e0000 0x026aefff Memory Mapped File r False False False -
private_0x00000000026b0000 0x026b0000 0x027affff Private Memory rw True False False -
private_0x00000000027b0000 0x027b0000 0x029bffff Private Memory - True False False -
private_0x00000000029c0000 0x029c0000 0x02abffff Private Memory rw True False False -
{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db 0x02ac0000 0x02b25fff Memory Mapped File r True False False -
cabinet.dll 0x6e710000 0x6e724fff Memory Mapped File rwx False False False -
winmm.dll 0x6e9f0000 0x6ea21fff Memory Mapped File rwx False False False -
msftedit.dll 0x72df0000 0x72e83fff Memory Mapped File rwx False False False -
ntmarta.dll 0x73c00000 0x73c20fff Memory Mapped File rwx False False False -
dwmapi.dll 0x73eb0000 0x73ec2fff Memory Mapped File rwx False False False -
uxtheme.dll 0x741e0000 0x7421ffff Memory Mapped File rwx False False False -
propsys.dll 0x74220000 0x74314fff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
sspicli.dll 0x752b0000 0x752cafff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
profapi.dll 0x75380000 0x7538afff Memory Mapped File rwx False False False -
msasn1.dll 0x753f0000 0x753fbfff Memory Mapped File rwx False False False -
devobj.dll 0x75400000 0x75411fff Memory Mapped File rwx False False False -
crypt32.dll 0x75420000 0x7553cfff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
cfgmgr32.dll 0x75590000 0x755b6fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
wldap32.dll 0x75730000 0x75774fff Memory Mapped File rwx False False False -
clbcatq.dll 0x75780000 0x75802fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
setupapi.dll 0x764b0000 0x7664cfff Memory Mapped File rwx False False False -
wininet.dll 0x76650000 0x76744fff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
urlmon.dll 0x76e70000 0x76fa5fff Memory Mapped File rwx False False False -
iertutil.dll 0x76fb0000 0x771aafff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffd3000 0x7ffd3000 0x7ffd3fff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Created Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp 8.00 MB MD5: 9ae575f6a34e8871a32c43471d9d13d8
SHA1: 3e351eb6c1345f89a8b35df0422a393b69452ac9
SHA256: 567e249593dfc9d38fe100ac65ab61354db4df1a2c0cf2c98f238f73b86fef05
SSDeep: 196608:h850aYC5474KshSrnY0BLvpudECcInoaHbWt5:h85b54bsYnYIvcC8W3 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp 4.10 MB MD5: cab49c9a9a736317337fe877343483d6
SHA1: c2afc29ced8833786c7b8147dfd5caded1b566b3
SHA256: 9f726f48895110cee07f50e7cb5e85fed787c579c8a77f772b086bcc0fc0ca94
SSDeep: 98304:y1O3TwuO8UCzOnLbVNQrP93EblVidAaakfIbv:y1GUmUVcPyld6Ibv 		False
...
C:\inst_fold\arm.7z 10.00 MB MD5: 7874c4ad19fbed665ed3e6b8d90a009c
SHA1: bffa277a7329622d9fdd95e7c2fc2acaae788cc7
SHA256: 82db7c2be6139244569f2b0661c3960c8dcfaf00280ac4f98d07a5dbf798c6b5
SSDeep: 196608:4jzRE/T/wS/db6xrQf7MPif9Bhf1W2vDpjsA+xwYCCxOhR9CBAaz5jC4k6CW0O:iY/5J6xriMPilv1W2vDpqxKCxiR91qka 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp 4.70 MB MD5: f05355bd99cbbd28dcb7c222882cb208
SHA1: ee9c1219f3583aff481e0795b9282e93f23f69b5
SHA256: 7e7997651bc4760b1519618acc39f6fcbfd60da7516de1cd58ac59da2ae465bc
SSDeep: 98304:SdnIq4bwbRG4bOikbjJ6ozsz0vvg8k9lRZlHPfeEuPbbmLfG:Bq4QKxQ0vo8k9rHf7uPEO 		False
...
C:\inst_fold\7zaa.exe 674.50 KB MD5: 0184e6ebe133ef41a8cc6ef98a263712
SHA1: cb9f603e061aef833a2db501aa8ba6ba007d768e
SHA256: dd6d7af00ef4ca89a319a230cdd094275c3a1d365807fe5b34133324bdaa0229
SSDeep: 12288:rmJysC11szmzqS/Vf3gny3MhcGsnWrfATfkeafIO3rn1ExwnZE1f:r9s/zmT/my8zoW6ff4rn1ExwZE 		False
...
C:\inst_fold\7za.dll 250.50 KB MD5: 4ca574943165d792efadffff193a5395
SHA1: 282c147dd34ec7bb7d5631ea25c69b656b3f1d62
SHA256: 7f1e0ea1984aacaee736f3082560d53f3e990b44d6e5d2b9ed38a148de79a0fb
SSDeep: 3072:8xDDNhSGkz5e5cfll2+NkqXGJFGOm26C2zIvr1FnYzyrnJEYAAAAA+hIefckRQEH:R6Wl20LA4OBrn+NedRO7xn3T 		False
...
C:\inst_fold\7zxa.dll 144.00 KB MD5: 4d183847804e733fb6a197e24272e870
SHA1: 11a11deee65803c75fffb496f91494e6e1e4b7fc
SHA256: 7f964a73d3bd666a494b6eb82aa984bc0b4e77172a78aa4be786d9a578103224
SSDeep: 3072:TYpNRok2PQFDTQQYvanxOokAAAAA+cQKiG3iral6W60b:ahFDTQdZG3zUW6 		False
...
C:\inst_fold\waitbefore.bat 0.34 KB MD5: 4cbe466d2b15ee4997fe7fbd23948f9f
SHA1: d15991cff4dbe40619fc67f9aee107753baa394a
SHA256: f7f833279725977cfcfe274688352ea1f7c8b118bc6d9c30fa22624bfcb1c525
SSDeep: 6:WAFDMP1t0wL0xaXpjuFDMP1zc0wL0xaXpjuFDMP13WN60wL0xaXpEFKwl/n:Wgo0y0xOpu50y0xOpujY0y0xOpEFJ 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp 8.00 MB MD5: 9e55e2d9cb3f05e91f3595a72dbe9d4c
SHA1: d07076ddb26fb08e098ba7f31ca930b245ed51ad
SHA256: 71a7922ead2456dffb960e97462019cce2b7058fd64dd7c9abd409daf3100392
SSDeep: 196608:gW2c3gwhxOn0UM0Uyqn6Stt6MNfW9BKzFhBgDwdlzOoxJOh1odBPg149:g/ln0Dyqntt6MJsKzFhBDlzxJ+1o3t 		False
...
Threads
Thread 0xdf4
1268 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\users\eebsym5\appdata\roaming\adobe\adobe reader\prerequisites\requiredapplication\setup.exe, base_address = 0x400000 True 1
Fn
Keyboard Get Info type = 0, result_out = 4 True 1
Fn
System Get Info type = Operating System True 2
Fn
Window Create window_name = *, class_name = obj_App, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = *, class_name = obj_App, index = 18446744073709551595, new_long = 19005444 False 1
Fn
Window Create window_name = Smart Install Maker, class_name = obj_Form, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = Smart Install Maker, class_name = obj_Form, index = 18446744073709551595, new_long = 19006120 False 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Local\Temp, type = file_attributes True 1
Fn
File Create Directory C:\Users\EEBsYm5\AppData\Local\Temp\$inst True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\roaming\adobe\adobe reader\prerequisites\requiredapplication\setup.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 260 True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 8, size_out = 8 True 4
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 1, size_out = 1 True 245
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 1, size_out = 1 True 249
Fn
Data
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\2.tmp, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\2.tmp, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
System Get Info type = Operating System True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\7.tmp, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ False 1
Fn
File Read filename = System Paging File, size = 8, size_out = 0 False 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\9.tmp, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ False 1
Fn
File Read filename = System Paging File, size = 8, size_out = 0 False 1
Fn
Window Create window_name = *, class_name = obj_Form, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = *, class_name = obj_Form, index = 18446744073709551595, new_long = 19026260 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 19030452 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 19033188 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 19033784 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 19034148 False 1
Fn
Window Create class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_BUTTON, index = 18446744073709551595, new_long = 19035852 False 1
Fn
Window Create class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_BUTTON, index = 18446744073709551595, new_long = 19036480 False 1
Fn
Window Create class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_BUTTON, index = 18446744073709551595, new_long = 19037092 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 19038396 False 1
Fn
Module Load module_name = msftedit, base_address = 0x72df0000 True 1
Fn
Module Load module_name = comctl32, base_address = 0x74360000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = InitCommonControlsEx, address_out = 0x743809ce True 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 19040460 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 19041076 False 1
Fn
Window Create class_name = obj_RichEdit50W, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_RichEdit50W, index = 18446744073709551595, new_long = 19041728 False 1
Fn
System Get Cursor x_out = 1079, y_out = 594 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = InitCommonControlsEx, address_out = 0x743809ce True 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 19042860 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 19043568 False 1
Fn
Window Create class_name = obj_RichEdit50W, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_RichEdit50W, index = 18446744073709551595, new_long = 19044164 False 1
Fn
System Get Cursor x_out = 1079, y_out = 594 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = InitCommonControlsEx, address_out = 0x743809ce True 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 19048936 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 19049700 False 1
Fn
Window Create class_name = obj_EDIT, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_EDIT, index = 18446744073709551595, new_long = 19050352 False 1
Fn
Window Create class_name = obj_SysListView32, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_SysListView32, index = 18446744073709551595, new_long = 19050796 False 1
Fn
Window Set Attribute class_name = obj_SysListView32, index = 18446744073709551600, new_long = 1174487117 True 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 19052072 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 19052648 False 1
Fn
Window Create class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_BUTTON, index = 18446744073709551595, new_long = 19053260 False 1
Fn
Window Create class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_BUTTON, index = 18446744073709551595, new_long = 19053872 False 1
Fn
Window Create class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_BUTTON, index = 18446744073709551595, new_long = 19054500 False 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = InitCommonControlsEx, address_out = 0x743809ce True 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 19055868 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 19056716 False 1
Fn
Window Create class_name = obj_RichEdit50W, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_RichEdit50W, index = 18446744073709551595, new_long = 19057368 False 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = InitCommonControlsEx, address_out = 0x743809ce True 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 19045180 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 19045756 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 19046388 False 1
Fn
Window Create class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_BUTTON, index = 18446744073709551595, new_long = 19047020 False 1
Fn
Window Create class_name = obj_EDIT, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_EDIT, index = 18446744073709551595, new_long = 19047688 False 1
Fn
Window Create class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_BUTTON, index = 18446744073709551595, new_long = 19048304 False 1
Fn
Window Create class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_BUTTON, index = 18446744073709551595, new_long = 19039096 False 1
Fn
Window Create class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_BUTTON, index = 18446744073709551595, new_long = 19039728 False 1
Fn
Window Create window_name = Welcome to the H&S Tech Setup Wizard, class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = Welcome to the H&S Tech Setup Wizard, class_name = obj_STATIC, index = 18446744073709551595, new_long = 19034708 False 1
Fn
Window Create window_name = This wizard will guide you through the installation of H&S Tech. It is recommended that you close all other applications before starting Setup. This will make it possible to update relevant system files without having to reboot your computer. Click Next to continue., class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = This wizard will guide you through the installation of H&S Tech. It is recommended that you close all other applications before starting Setup. This will make it possible to update relevant system files without having to reboot your computer. Click Next to continue., class_name = obj_STATIC, index = 18446744073709551595, new_long = 19035276 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 19037764 False 1
Fn
Window Create class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_BUTTON, index = 18446744073709551595, new_long = 19028356 False 1
Fn
Window Create window_name = Copyright © 2017, HIC Ltd. , class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = Copyright © 2017, HIC Ltd. , class_name = obj_STATIC, index = 18446744073709551595, new_long = 19027692 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 19058368 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 19058944 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 19059576 False 1
Fn
Window Create class_name = obj_msctls_progress32, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_msctls_progress32, index = 18446744073709551595, new_long = 19060192 False 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\roaming\adobe\adobe reader\prerequisites\requiredapplication\setup.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 260 True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 4 True 1
Fn
Data
File Get Info filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, type = size True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 36, size_out = 36 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 256, size_out = 256 True 2
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 16, size_out = 16 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 256, size_out = 256 True 1
Fn
Data
File Get Info filename = C:\inst_fold\waitbefore.bat, type = file_attributes False 1
Fn
File Get Info filename = C:\inst_fold, type = file_attributes False 1
Fn
File Create Directory C:\inst_fold True 1
Fn
File Create filename = C:\inst_fold\waitbefore.bat, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 2
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 18182, size_out = 18182 True 1
Fn
Data
File Write filename = C:\inst_fold\waitbefore.bat, size = 353 True 1
Fn
Data
File Create filename = C:\inst_fold\waitbefore.bat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 16, size_out = 16 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 256, size_out = 256 True 1
Fn
Data
File Get Info filename = C:\inst_fold\7za.dll, type = file_attributes False 1
Fn
File Get Info filename = C:\inst_fold, type = file_attributes True 1
Fn
File Create filename = C:\inst_fold\7za.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\inst_fold\7za.dll, size = 32415 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 16366, size_out = 16366 True 1
Fn
Data
File Write filename = C:\inst_fold\7za.dll, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 16890, size_out = 16890 True 1
Fn
Data
File Write filename = C:\inst_fold\7za.dll, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 14932, size_out = 14932 True 1
Fn
Data
File Write filename = C:\inst_fold\7za.dll, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 16156, size_out = 16156 True 1
Fn
Data
File Write filename = C:\inst_fold\7za.dll, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 17214, size_out = 17214 True 1
Fn
Data
File Write filename = C:\inst_fold\7za.dll, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 14344, size_out = 14344 True 1
Fn
Data
File Write filename = C:\inst_fold\7za.dll, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 12966, size_out = 12966 True 1
Fn
Data
File Write filename = C:\inst_fold\7za.dll, size = 27489 True 1
Fn
Data
File Create filename = C:\inst_fold\7za.dll, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 16, size_out = 16 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 256, size_out = 256 True 1
Fn
Data
File Get Info filename = C:\inst_fold\7zaa.exe, type = file_attributes False 1
Fn
File Get Info filename = C:\inst_fold, type = file_attributes True 1
Fn
File Create filename = C:\inst_fold\7zaa.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\inst_fold\7zaa.exe, size = 5279 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 13852, size_out = 13852 True 1
Fn
Data
File Write filename = C:\inst_fold\7zaa.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 11506, size_out = 11506 True 1
Fn
Data
File Write filename = C:\inst_fold\7zaa.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 11618, size_out = 11618 True 1
Fn
Data
File Write filename = C:\inst_fold\7zaa.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 15856, size_out = 15856 True 1
Fn
Data
File Write filename = C:\inst_fold\7zaa.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 15942, size_out = 15942 True 1
Fn
Data
File Write filename = C:\inst_fold\7zaa.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 14856, size_out = 14856 True 1
Fn
Data
File Write filename = C:\inst_fold\7zaa.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 15892, size_out = 15892 True 1
Fn
Data
File Write filename = C:\inst_fold\7zaa.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 7252, size_out = 7252 True 1
Fn
Data
File Write filename = C:\inst_fold\7zaa.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 3054, size_out = 3054 True 1
Fn
Data
File Write filename = C:\inst_fold\7zaa.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 13692, size_out = 13692 True 1
Fn
Data
File Write filename = C:\inst_fold\7zaa.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 14930, size_out = 14930 True 1
Fn
Data
File Write filename = C:\inst_fold\7zaa.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 14096, size_out = 14096 True 1
Fn
Data
File Write filename = C:\inst_fold\7zaa.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 7164, size_out = 7164 True 1
Fn
Data
File Write filename = C:\inst_fold\7zaa.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 11198, size_out = 11198 True 1
Fn
Data
File Write filename = C:\inst_fold\7zaa.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8980, size_out = 8980 True 1
Fn
Data
File Write filename = C:\inst_fold\7zaa.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 1114, size_out = 1114 True 1
Fn
Data
File Write filename = C:\inst_fold\7zaa.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 11314, size_out = 11314 True 1
Fn
Data
File Write filename = C:\inst_fold\7zaa.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 13196, size_out = 13196 True 1
Fn
Data
File Write filename = C:\inst_fold\7zaa.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 13416, size_out = 13416 True 1
Fn
Data
File Write filename = C:\inst_fold\7zaa.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 7130, size_out = 7130 True 1
Fn
Data
File Write filename = C:\inst_fold\7zaa.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 6342, size_out = 6342 True 1
Fn
Data
File Write filename = C:\inst_fold\7zaa.exe, size = 30049 True 1
Fn
Data
File Create filename = C:\inst_fold\7zaa.exe, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 16, size_out = 16 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 256, size_out = 256 True 1
Fn
Data
File Get Info filename = C:\inst_fold\7zxa.dll, type = file_attributes False 1
Fn
File Get Info filename = C:\inst_fold, type = file_attributes True 1
Fn
File Create filename = C:\inst_fold\7zxa.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\inst_fold\7zxa.dll, size = 2719 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 4784, size_out = 4784 True 1
Fn
Data
File Write filename = C:\inst_fold\7zxa.dll, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 2774, size_out = 2774 True 1
Fn
Data
File Write filename = C:\inst_fold\7zxa.dll, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 1830, size_out = 1830 True 1
Fn
Data
File Write filename = C:\inst_fold\7zxa.dll, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 5278, size_out = 5278 True 1
Fn
Data
File Write filename = C:\inst_fold\7zxa.dll, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 23218, size_out = 23218 True 1
Fn
Data
File Write filename = C:\inst_fold\7zxa.dll, size = 13665 True 1
Fn
Data
File Create filename = C:\inst_fold\7zxa.dll, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 16, size_out = 16 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 256, size_out = 256 True 1
Fn
Data
File Get Info filename = C:\inst_fold\arm.7z, type = file_attributes False 1
Fn
File Get Info filename = C:\inst_fold, type = file_attributes True 1
Fn
File Create filename = C:\inst_fold\arm.7z, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\inst_fold\arm.7z, size = 19103 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32894, size_out = 32894 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32821, size_out = 32821 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 119
Fn
Data
File Delete filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 4 True 1
Fn
Data
File Get Info filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, type = size True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe, size = 214754, size_out = 214754 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 214754 True 1
Fn
Data
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 36, size_out = 36 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 256, size_out = 256 True 2
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 16, size_out = 16 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 256, size_out = 256 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8642, size_out = 8642 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\arm.7z, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
For performance reasons, the remaining 110 entries are omitted.
The remaining entries can be found in glog.xml.
Process #12: cmd.exe
234 0
»
Information Value
ID #12
File Name c:\windows\system32\cmd.exe
Command Line cmd /c ""C:\inst_fold\waitbefore.bat" "
Initial Working Directory C:\inst_fold\
Monitor Start Time: 00:02:56, Reason: Child Process
Unmonitor End Time: 00:03:01, Reason: Self Terminated
Monitor Duration 00:00:05
OS Process Information
»
Information Value
PID 0xe08
Parent PID 0xdf0 (c:\users\eebsym5\appdata\roaming\adobe\adobe reader\prerequisites\requiredapplication\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x E0C
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000040000 0x00040000 0x00040fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000050000 0x00050000 0x00056fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000060000 0x00060000 0x00061fff Pagefile Backed Memory rw True False False -
private_0x0000000000070000 0x00070000 0x0016ffff Private Memory rw True False False -
locale.nls 0x00170000 0x001d6fff Memory Mapped File r False False False -
private_0x00000000001e0000 0x001e0000 0x001e0fff Private Memory rw True False False -
private_0x00000000001f0000 0x001f0000 0x001f0fff Private Memory rw True False False -
private_0x0000000000200000 0x00200000 0x0020ffff Private Memory rw True False False -
private_0x0000000000220000 0x00220000 0x0031ffff Private Memory rw True False False -
pagefile_0x0000000000320000 0x00320000 0x003e7fff Pagefile Backed Memory r True False False -
private_0x0000000000410000 0x00410000 0x0041ffff Private Memory rw True False False -
pagefile_0x0000000000420000 0x00420000 0x00520fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000530000 0x00530000 0x0112ffff Pagefile Backed Memory r True False False -
pagefile_0x0000000001130000 0x01130000 0x01292fff Pagefile Backed Memory r True False False -
cmd.exe 0x4a7d0000 0x4a81bfff Memory Mapped File rwx True False False -
winbrand.dll 0x6de30000 0x6de36fff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Threads
Thread 0xe0c
234 0
»
Category Operation Information Success Count Logfile
System Get Time type = System Time, time = 2018-08-28 10:29:19 (UTC) True 1
Fn
System Get Time type = Ticks, time = 215421 True 1
Fn
Module Get Handle module_name = c:\windows\system32\cmd.exe, base_address = 0x4a7d0000 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = SetThreadUILanguage, address_out = 0x769624c2 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 3
Fn
File Open filename = STD_INPUT_HANDLE True 2
Fn
Environment Get Environment String - True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Module Get Filename process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 True 1
Fn
Environment Get Environment String name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ True 1
Fn
Environment Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 1
Fn
Environment Get Environment String name = PROMPT False 1
Fn
Environment Set Environment String name = PROMPT, value = $P$G True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Environment Get Environment String name = COMSPEC, result_out = C:\Windows\system32\cmd.exe True 1
Fn
Environment Get Environment String name = KEYS False 1
Fn
File Get Info filename = C:\inst_fold, type = file_attributes True 2
Fn
Environment Set Environment String name = =C:, value = C:\inst_fold True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = CopyFileExW, address_out = 0x7694ac6c True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76953ea8 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x76962732 True 1
Fn
File Get Info filename = "C:\inst_fold\waitbefore.bat", type = file_attributes False 1
Fn
Environment Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 1
Fn
Module Load module_name = ADVAPI32.dll, base_address = 0x769f0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = SaferIdentifyLevel, address_out = 0x76a12102 True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = SaferComputeTokenFromLevel, address_out = 0x76a13352 True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = SaferCloseLevel, address_out = 0x76a13825 True 1
Fn
File Create filename = C:\inst_fold\waitbefore.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open filename = STD_INPUT_HANDLE True 2
Fn
File Read filename = STD_INPUT_HANDLE, size = 8191, size_out = 353 True 1
Fn
Data
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Get Info filename = STD_INPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 2 True 1
Fn
Data
Environment Get Environment String name = PROMPT, result_out = $P$G True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 13 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 3 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 11 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 2 True 1
Fn
Data
Environment Set Environment String name = cntproc, value = 0 True 1
Fn
Environment Get Environment String - True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\inst_fold\waitbefore.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open filename = STD_INPUT_HANDLE True 2
Fn
File Read filename = STD_INPUT_HANDLE, size = 8191, size_out = 338 True 1
Fn
Data
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Get Info filename = STD_INPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 2 True 1
Fn
Data
Environment Get Environment String name = PROMPT, result_out = $P$G True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 13 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 8 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 2 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 3 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 4 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 19 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 2 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 10 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 2 True 1
Fn
Data
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Read filename = STD_INPUT_HANDLE, size = 8191, size_out = 292 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 2 True 1
Fn
Data
Environment Get Environment String name = PROMPT, result_out = $P$G True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 13 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 3 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 10 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 2 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 10 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 2 True 1
Fn
Data
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Read filename = STD_INPUT_HANDLE, size = 8191, size_out = 268 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 2 True 1
Fn
Data
Environment Get Environment String name = PROMPT, result_out = $P$G True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 13 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 3 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 22 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 2 True 1
Fn
Data
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Read filename = STD_INPUT_HANDLE, size = 8191, size_out = 237 True 1
Fn
Data
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Read filename = STD_INPUT_HANDLE, size = 8191, size_out = 187 True 1
Fn
Data
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Read filename = STD_INPUT_HANDLE, size = 8191, size_out = 163 True 1
Fn
Data
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Read filename = STD_INPUT_HANDLE, size = 8191, size_out = 132 True 1
Fn
Data
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Read filename = STD_INPUT_HANDLE, size = 8191, size_out = 83 True 1
Fn
Data
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Read filename = STD_INPUT_HANDLE, size = 8191, size_out = 59 True 1
Fn
Data
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Read filename = STD_INPUT_HANDLE, size = 8191, size_out = 28 True 1
Fn
Data
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Read filename = STD_INPUT_HANDLE, size = 8191, size_out = 0 True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Get Info filename = STD_INPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
Process #19: 7zaa.exe
98 0
»
Information Value
ID #19
File Name c:\inst_fold\7zaa.exe
Command Line "C:\inst_fold\7zaa.exe" x -oC:\inst_fold -pdsiSDJJiojeflOSIOwp3#DSIJ23jeewE@_SDD_as2 C:\inst_fold\arm.7z
Initial Working Directory C:\inst_fold\
Monitor Start Time: 00:03:00, Reason: Child Process
Unmonitor End Time: 00:03:04, Reason: Self Terminated
Monitor Duration 00:00:04
OS Process Information
»
Information Value
PID 0xea8
Parent PID 0xdf0 (c:\users\eebsym5\appdata\roaming\adobe\adobe reader\prerequisites\requiredapplication\setup.exe)
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x EAC
0x EC0
0x EC4
0x EC8
0x ECC
0x ED0
0x ED4
0x ED8
0x EDC
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x0012ffff Private Memory rw True False False -
pagefile_0x0000000000130000 0x00130000 0x00133fff Pagefile Backed Memory r True False False -
private_0x0000000000140000 0x00140000 0x00140fff Private Memory rw True False False -
private_0x0000000000150000 0x00150000 0x00150fff Private Memory rw True False False -
private_0x0000000000170000 0x00170000 0x0026ffff Private Memory rw True False False -
locale.nls 0x00270000 0x002d6fff Memory Mapped File r False False False -
pagefile_0x00000000002e0000 0x002e0000 0x003a7fff Pagefile Backed Memory r True False False -
private_0x00000000003c0000 0x003c0000 0x003cffff Private Memory rw True False False -
7zaa.exe 0x00400000 0x004b3fff Memory Mapped File rwx True True False
...
pagefile_0x00000000004c0000 0x004c0000 0x005c0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000005d0000 0x005d0000 0x011cffff Pagefile Backed Memory r True False False -
private_0x00000000011d0000 0x011d0000 0x012cffff Private Memory rw True False False -
private_0x00000000012d0000 0x012d0000 0x013cffff Private Memory rw True False False -
private_0x00000000013d0000 0x013d0000 0x014cffff Private Memory rw True False False -
private_0x00000000013d0000 0x013d0000 0x014d0fff Private Memory rw True False False -
private_0x00000000014e0000 0x014e0000 0x015e0fff Private Memory rw True False False -
private_0x00000000015f0000 0x015f0000 0x016f0fff Private Memory rw True False False -
private_0x0000000001700000 0x01700000 0x01800fff Private Memory rw True False False -
private_0x0000000001810000 0x01810000 0x02810fff Private Memory rw True False False -
private_0x0000000002820000 0x02820000 0x02920fff Private Memory rw True False False -
private_0x0000000002930000 0x02930000 0x02a2ffff Private Memory rw True False False -
private_0x0000000002a30000 0x02a30000 0x02b2ffff Private Memory rw True False False -
private_0x0000000002b30000 0x02b30000 0x02c2ffff Private Memory rw True False False -
private_0x0000000002c30000 0x02c30000 0x02d2ffff Private Memory rw True False False -
private_0x0000000002d30000 0x02d30000 0x02e2ffff Private Memory rw True False False -
private_0x0000000002e30000 0x02e30000 0x02f2ffff Private Memory rw True False False -
private_0x0000000002f30000 0x02f30000 0x0302ffff Private Memory rw True False False -
private_0x0000000003030000 0x03030000 0x030affff Private Memory rw True False False -
private_0x00000000030b0000 0x030b0000 0x0312ffff Private Memory rw True False False -
private_0x0000000003130000 0x03130000 0x031affff Private Memory rw True False False -
private_0x00000000031b0000 0x031b0000 0x0322ffff Private Memory rw True False False -
private_0x0000000003230000 0x03230000 0x0326ffff Private Memory rw True False False -
private_0x0000000003270000 0x03270000 0x032effff Private Memory rw True False False -
private_0x00000000032f0000 0x032f0000 0x0336ffff Private Memory rw True False False -
private_0x0000000003370000 0x03370000 0x033effff Private Memory rw True False False -
private_0x00000000033f0000 0x033f0000 0x0346ffff Private Memory rw True False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffd6000 0x7ffd6000 0x7ffd6fff Private Memory rw True False False -
private_0x000000007ffd7000 0x7ffd7000 0x7ffd7fff Private Memory rw True False False -
private_0x000000007ffd8000 0x7ffd8000 0x7ffd8fff Private Memory rw True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory rw True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory rw True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Threads
Thread 0xeac
36 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FindFirstStreamW, address_out = 0x7696c8fa True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FindNextStreamW, address_out = 0x7696c838 True 1
Fn
System Get Info type = Operating System True 2
Fn
User Lookup Privilege privilege = SeRestorePrivilege, luid = 18 True 1
Fn
User Lookup Privilege privilege = SeCreateSymbolicLinkPrivilege, luid = 35 True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Read size = 32, size_out = 32 True 1
Fn
Data
File Read size = 240, size_out = 240 True 1
Fn
Data
File Write size = 262144 True 16
Fn
Data
System Get Time type = Ticks, time = 220569 True 1
Fn
File Write size = 262144 True 1
Fn
Data
File Write size = 26450 True 1
Fn
Data
Thread 0xec4
2 0
»
Category Operation Information Success Count Logfile
File Read size = 1616, size_out = 1616 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
Thread 0xec8
2 0
»
Category Operation Information Success Count Logfile
File Read size = 5984, size_out = 5984 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
Thread 0xecc
2 0
»
Category Operation Information Success Count Logfile
File Read size = 1856, size_out = 1856 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
Thread 0xed0
50 0
»
Category Operation Information Success Count Logfile
File Read size = 524288, size_out = 524288 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
File Read size = 524288, size_out = 524288 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
File Read size = 524288, size_out = 524288 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
File Read size = 524288, size_out = 524288 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
File Read size = 524288, size_out = 524288 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
File Read size = 524288, size_out = 524288 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
File Read size = 524288, size_out = 524288 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
File Read size = 524288, size_out = 524288 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
File Read size = 524288, size_out = 524288 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
File Read size = 524288, size_out = 524288 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
File Read size = 524288, size_out = 524288 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
File Read size = 524288, size_out = 524288 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
File Read size = 524288, size_out = 524288 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
File Read size = 524288, size_out = 524288 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
File Read size = 524288, size_out = 524288 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
File Read size = 524288, size_out = 524288 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
File Read size = 524288, size_out = 524288 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
File Read size = 524288, size_out = 524288 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
File Read size = 524288, size_out = 524288 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
File Read size = 524288, size_out = 524288 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
File Read size = 524288, size_out = 524288 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
File Read size = 524288, size_out = 524288 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
File Read size = 524288, size_out = 524288 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
File Read size = 524288, size_out = 524288 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
File Read size = 343984, size_out = 343984 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
Thread 0xed4
1 0
»
Category Operation Information Success Count Logfile
System Sleep duration = -1 (infinite) True 1
Fn
Thread 0xed8
1 0
»
Category Operation Information Success Count Logfile
System Sleep duration = -1 (infinite) True 1
Fn
Thread 0xedc
4 0
»
Category Operation Information Success Count Logfile
System Sleep duration = -1 (infinite) True 4
Fn
Process #20: fp.exe
2062 0
»
Information Value
ID #20
File Name c:\inst_fold\fp.exe
Command Line "C:\inst_fold\fp.exe"
Initial Working Directory C:\inst_fold\
Monitor Start Time: 00:03:04, Reason: Child Process
Unmonitor End Time: 00:03:53, Reason: Terminated by Timeout
Monitor Duration 00:00:49
OS Process Information
»
Information Value
PID 0xee8
Parent PID 0xdf0 (c:\users\eebsym5\appdata\roaming\adobe\adobe reader\prerequisites\requiredapplication\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x EEC
0x EF0
0x EF4
0x EFC
0x F00
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x00020fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x0012ffff Private Memory rw True False False -
pagefile_0x0000000000130000 0x00130000 0x00133fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000140000 0x00140000 0x00141fff Pagefile Backed Memory r True False False -
locale.nls 0x00150000 0x001b6fff Memory Mapped File r False False False -
pagefile_0x00000000001c0000 0x001c0000 0x00287fff Pagefile Backed Memory r True False False -
private_0x0000000000290000 0x00290000 0x00290fff Private Memory rw True False False -
private_0x00000000002a0000 0x002a0000 0x002affff Private Memory rw True False False -
pagefile_0x00000000002b0000 0x002b0000 0x002b6fff Pagefile Backed Memory r True False False -
pagefile_0x00000000002c0000 0x002c0000 0x002c1fff Pagefile Backed Memory r True False False -
pagefile_0x00000000002d0000 0x002d0000 0x002d1fff Pagefile Backed Memory rw True False False -
private_0x00000000002e0000 0x002e0000 0x003dffff Private Memory rw True False False -
pagefile_0x00000000003e0000 0x003e0000 0x003e0fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000003f0000 0x003f0000 0x003f1fff Pagefile Backed Memory r True False False -
fp.exe 0x00400000 0x00432fff Memory Mapped File rwx True False False -
pagefile_0x0000000000440000 0x00440000 0x00540fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000550000 0x00550000 0x0114ffff Pagefile Backed Memory r True False False -
private_0x0000000001150000 0x01150000 0x0124ffff Private Memory - True False False -
private_0x0000000001250000 0x01250000 0x0132ffff Private Memory rw True False False -
rpcss.dll 0x01250000 0x012abfff Memory Mapped File r False False False -
private_0x0000000001250000 0x01250000 0x012cffff Private Memory rw True False False -
pagefile_0x00000000012d0000 0x012d0000 0x012d0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000012e0000 0x012e0000 0x012e0fff Pagefile Backed Memory r True False False -
private_0x00000000012f0000 0x012f0000 0x0132ffff Private Memory rw True False False -
pagefile_0x0000000001330000 0x01330000 0x0140efff Pagefile Backed Memory r True False False -
private_0x0000000001410000 0x01410000 0x0160ffff Private Memory rw True False False -
private_0x0000000001410000 0x01410000 0x01510fff Private Memory rw True False False -
private_0x0000000001410000 0x01410000 0x0150ffff Private Memory rw True False False -
cversions.1.db 0x01510000 0x01513fff Memory Mapped File r True False False -
pagefile_0x0000000001510000 0x01510000 0x01511fff Pagefile Backed Memory r True False False -
msctf.dll.mui 0x01510000 0x01510fff Memory Mapped File rw False False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001a.db 0x01520000 0x0153efff Memory Mapped File r True False False -
pagefile_0x0000000001540000 0x01540000 0x01540fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000001550000 0x01550000 0x01551fff Pagefile Backed Memory r True False False -
cversions.2.db 0x01550000 0x01553fff Memory Mapped File r True False False -
{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db 0x01560000 0x0158ffff Memory Mapped File r True False False -
cversions.2.db 0x01590000 0x01593fff Memory Mapped File r True False False -
private_0x00000000015d0000 0x015d0000 0x0160ffff Private Memory rw True False False -
staticcache.dat 0x01610000 0x01f3ffff Memory Mapped File r False False False -
pagefile_0x0000000001f40000 0x01f40000 0x02332fff Pagefile Backed Memory r True False False -
sortdefault.nls 0x02340000 0x0260efff Memory Mapped File r False False False -
private_0x0000000002610000 0x02610000 0x0280ffff Private Memory rw True False False -
private_0x0000000002610000 0x02610000 0x0270ffff Private Memory rw True False False -
{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db 0x02710000 0x02775fff Memory Mapped File r True False False -
private_0x00000000027d0000 0x027d0000 0x0280ffff Private Memory rw True False False -
private_0x0000000002810000 0x02810000 0x02a1ffff Private Memory - True False False -
private_0x0000000002a20000 0x02a20000 0x02b1ffff Private Memory rw True False False -
cabinet.dll 0x6e710000 0x6e724fff Memory Mapped File rwx False False False -
winmm.dll 0x6e9f0000 0x6ea21fff Memory Mapped File rwx False False False -
msftedit.dll 0x72df0000 0x72e83fff Memory Mapped File rwx False False False -
ntmarta.dll 0x73c00000 0x73c20fff Memory Mapped File rwx False False False -
dwmapi.dll 0x73eb0000 0x73ec2fff Memory Mapped File rwx False False False -
uxtheme.dll 0x741e0000 0x7421ffff Memory Mapped File rwx False False False -
propsys.dll 0x74220000 0x74314fff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
sspicli.dll 0x752b0000 0x752cafff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
profapi.dll 0x75380000 0x7538afff Memory Mapped File rwx False False False -
msasn1.dll 0x753f0000 0x753fbfff Memory Mapped File rwx False False False -
devobj.dll 0x75400000 0x75411fff Memory Mapped File rwx False False False -
crypt32.dll 0x75420000 0x7553cfff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
cfgmgr32.dll 0x75590000 0x755b6fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
wldap32.dll 0x75730000 0x75774fff Memory Mapped File rwx False False False -
clbcatq.dll 0x75780000 0x75802fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
setupapi.dll 0x764b0000 0x7664cfff Memory Mapped File rwx False False False -
wininet.dll 0x76650000 0x76744fff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
urlmon.dll 0x76e70000 0x76fa5fff Memory Mapped File rwx False False False -
iertutil.dll 0x76fb0000 0x771aafff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Created Files
»
Filename File Size Hash Values YARA Match Actions
C:\inst_fold\armgrd.bat 0.09 KB MD5: d833294a72a08af29ecbd2e08ccbfa57
SHA1: 5edafdc1de263f545e04bdc0a9b8252fb3de94c8
SHA256: c2acf0a62ecf18449fe1c503eec18371fae1c50727796bd223df764c190dfd93
SSDeep: 3:7qlKjk/1JqWkcSqVXKV/lglkSizz:+2IJ7kcSq9KV/lglkSizz 		False
...
C:\inst_fold\armstart.exe 10.00 MB MD5: 38513031ebf24a4f9961513b0e088e4a
SHA1: 04b813c1dbd1321dc24f52867c73dfcaf37db7d6
SHA256: a00f943d7883bf34102ebf764250dd36c036eb9fc6b606e84513ac1a1a5a571d
SSDeep: 196608:B9dkmSzs6GGrkjQBpsBkpCJ8PlUPRuqMpudfoWtz4:B9dkJsyrkupvp2udiq 		False
...
C:\inst_fold\armforce.exe 1.89 MB MD5: 9245b8ec3d40d640e5cf5183f49ce2f6
SHA1: 958bd732f9650abfee5861141b7cfafd8ff72717
SHA256: 9d40cee14ba2375d57bc18d8492368483b28f7639d742523f797857990196ffd
SSDeep: 24576:Iu5PPVfiM+HMHy4p7k8HOEDh+uQ5E3h36M:Iu53Vfkoy4p7kA 		False
...
C:\inst_fold\armfix.reg 11.46 KB MD5: 6db860145ae50b5e375081c013ea7365
SHA1: d9796e00553fb8ede91a4ea4fd54bd2166cac7a8
SHA256: ae8590919e2b31b0d20ae3c60c1d3eb897e1ec099b0e04a5c134867af6d88996
SSDeep: 192:78YpGSArpJQU0bUxFgpPUJP2yUXNypyZPyQ7TOd9ShKF/Tybr/vba5IlUx8pV8Ad:789rYEzP29NBnzTisGctbh8q1 		False
...
C:\inst_fold\armsettings.bat 0.75 KB MD5: 8e8d34abd3bc8eefff1e3124acb81dd5
SHA1: 3467220a315a1af9228a13d442ce27e3da28ce28
SHA256: 7c1615e7505593d6a3532b01d224c64a2411b1208d7614db4052398c86811d68
SSDeep: 12:DL01Jf0Z8Jf0wJeKZ8JeKCkH+VM1t2LJ10J19NLKJ19AgkLetVj/+ga64q9V8qxM:DLKZjZlaqkeVMMb0bfKbexCtVzxaTq9w 		False
...
C:\inst_fold\armwake.lnk 0.67 KB MD5: cf958df8cf3bc7cbfdb0d49b40a8b972
SHA1: 7f7c6e90b12ae01309b88f91efd6499ed67cf7c3
SHA256: bc68e8a098137aae47c7a602ada1ba612df4d628ccb0db8fe155df2557769fcb
SSDeep: 12:81SS+csIXKRlUPUa/YQvBJjA+TekQABdEHQv8p:81SBx8PUa/Nv7AEekQArWQv8p 		False
...
C:\inst_fold\armstatus.bat 0.76 KB MD5: e85383ce681bf253025cc35d74e4c97e
SHA1: aa0dbec35fbc4fd6e2530607f3dae0e6c2bd55cb
SHA256: fce121b3b55141f85c1004b11776daf0b9c1d226dbe5163927c26fe0e27204e1
SSDeep: 12:j24zsRMT0y0xZrWl6gow6uaJImzODjVaRMT0y0xZr12dEYc02kndHJ:l4MaMQtLbFaD8MajsEYmkD 		False
...
C:\inst_fold\armdaemon.js 0.18 KB MD5: a775e77402b091d79af550297e884cee
SHA1: 18589c483d0ce11d2f9332a0c70f8d18a65e1f50
SHA256: e551a009d48db940818b9d5199638a1552c36533d3a81b77bb7fcb9601577f60
SSDeep: 3:qxLtdxFY/iMIzvnjjbxQzCHkxLuALd/LVBsOOTpeqK3xLnLjvUyhc7l1K3xLqxAQ:qvVnTvjj6CHAzd/pB3OT5An/vKlcdKAQ 		False
...
C:\inst_fold\armstatus.exe 1.90 MB MD5: 536b8e509b970ffebf115c66d6af7e3c
SHA1: f787d8b4a4716e13220d89940c3ea69868114fd9
SHA256: 938efd3a6e96d296b3404c3f3e653a86aeba671c9747ce13c6c14ec2101428b9
SSDeep: 24576:V9c/ardILiw+ygSblvB6QWi01cfPvwuQ593h3eN:VO/wdIAYxB6QWPE 		False
...
Threads
Thread 0xeec
1532 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\inst_fold\fp.exe, base_address = 0x400000 True 1
Fn
Keyboard Get Info type = 0, result_out = 4 True 1
Fn
System Get Info type = Operating System True 2
Fn
Window Create window_name = *, class_name = obj_App, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = *, class_name = obj_App, index = 18446744073709551595, new_long = 18153476 False 1
Fn
Window Create window_name = Smart Install Maker, class_name = obj_Form, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = Smart Install Maker, class_name = obj_Form, index = 18446744073709551595, new_long = 18154152 False 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst, type = file_attributes True 1
Fn
Module Get Filename process_name = c:\inst_fold\fp.exe, file_name_orig = C:\inst_fold\fp.exe, size = 260 True 1
Fn
File Create filename = C:\inst_fold\fp.exe, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\inst_fold\fp.exe, size = 8, size_out = 8 True 4
Fn
Data
File Read filename = C:\inst_fold\fp.exe, size = 1, size_out = 1 True 245
Fn
Data
File Read filename = C:\inst_fold\fp.exe, size = 1, size_out = 1 True 249
Fn
Data
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\2.tmp, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\2.tmp, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
System Get Info type = Operating System True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\7.tmp, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ False 1
Fn
File Read filename = System Paging File, size = 8, size_out = 0 False 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\9.tmp, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ False 1
Fn
File Read filename = System Paging File, size = 8, size_out = 0 False 1
Fn
Window Create window_name = *, class_name = obj_Form, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = *, class_name = obj_Form, index = 18446744073709551595, new_long = 18175372 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 18179564 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 18173356 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 18182176 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 18183196 False 1
Fn
Window Create class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_BUTTON, index = 18446744073709551595, new_long = 18184988 False 1
Fn
Window Create class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_BUTTON, index = 18446744073709551595, new_long = 18185616 False 1
Fn
Window Create class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_BUTTON, index = 18446744073709551595, new_long = 18186228 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 18187596 False 1
Fn
Module Load module_name = msftedit, base_address = 0x72df0000 True 1
Fn
Module Load module_name = comctl32, base_address = 0x74360000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = InitCommonControlsEx, address_out = 0x743809ce True 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 18189660 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 18190276 False 1
Fn
Window Create class_name = obj_RichEdit50W, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_RichEdit50W, index = 18446744073709551595, new_long = 18190928 False 1
Fn
System Get Cursor x_out = 977, y_out = 417 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = InitCommonControlsEx, address_out = 0x743809ce True 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 18192060 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 18192768 False 1
Fn
Window Create class_name = obj_RichEdit50W, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_RichEdit50W, index = 18446744073709551595, new_long = 18193364 False 1
Fn
System Get Cursor x_out = 977, y_out = 417 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = InitCommonControlsEx, address_out = 0x743809ce True 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 18198084 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 18198640 False 1
Fn
Window Create class_name = obj_EDIT, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_EDIT, index = 18446744073709551595, new_long = 18199216 False 1
Fn
Window Create class_name = obj_SysListView32, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_SysListView32, index = 18446744073709551595, new_long = 18199792 False 1
Fn
Window Set Attribute class_name = obj_SysListView32, index = 18446744073709551600, new_long = 1174487117 True 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 18201148 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 18201724 False 1
Fn
Window Create class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_BUTTON, index = 18446744073709551595, new_long = 18202336 False 1
Fn
Window Create class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_BUTTON, index = 18446744073709551595, new_long = 18202968 False 1
Fn
Window Create class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_BUTTON, index = 18446744073709551595, new_long = 18203652 False 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = InitCommonControlsEx, address_out = 0x743809ce True 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 18204984 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 18205832 False 1
Fn
Window Create class_name = obj_RichEdit50W, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_RichEdit50W, index = 18446744073709551595, new_long = 18206484 False 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = InitCommonControlsEx, address_out = 0x743809ce True 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 18194380 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 18194956 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 18195588 False 1
Fn
Window Create class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_BUTTON, index = 18446744073709551595, new_long = 18196220 False 1
Fn
Window Create class_name = obj_EDIT, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_EDIT, index = 18446744073709551595, new_long = 18196836 False 1
Fn
Window Create class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_BUTTON, index = 18446744073709551595, new_long = 18197452 False 1
Fn
Window Create class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_BUTTON, index = 18446744073709551595, new_long = 18188296 False 1
Fn
Window Create class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_BUTTON, index = 18446744073709551595, new_long = 18188928 False 1
Fn
Window Create window_name = Welcome to the Flash Player Setup Wizard, class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = Welcome to the Flash Player Setup Wizard, class_name = obj_STATIC, index = 18446744073709551595, new_long = 18183844 False 1
Fn
Window Create window_name = This wizard will guide you through the installation of Flash Player. It is recommended that you close all other applications before starting Setup. This will make it possible to update relevant system files without having to reboot your computer. Click Next to continue., class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = This wizard will guide you through the installation of Flash Player. It is recommended that you close all other applications before starting Setup. This will make it possible to update relevant system files without having to reboot your computer. Click Next to continue., class_name = obj_STATIC, index = 18446744073709551595, new_long = 18184412 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 18186964 False 1
Fn
Window Create class_name = obj_BUTTON, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_BUTTON, index = 18446744073709551595, new_long = 18177468 False 1
Fn
Window Create window_name = Copyright © 2017, Kimox Player Inc , class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = Copyright © 2017, Kimox Player Inc , class_name = obj_STATIC, index = 18446744073709551595, new_long = 18176804 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 18207484 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 18208060 False 1
Fn
Window Create class_name = obj_STATIC, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_STATIC, index = 18446744073709551595, new_long = 18208692 False 1
Fn
Window Create class_name = obj_msctls_progress32, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = obj_msctls_progress32, index = 18446744073709551595, new_long = 18209308 False 1
Fn
Module Get Filename process_name = c:\inst_fold\fp.exe, file_name_orig = C:\inst_fold\fp.exe, size = 260 True 1
Fn
File Create filename = C:\inst_fold\fp.exe, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 4 True 1
Fn
Data
File Get Info filename = C:\inst_fold\fp.exe, type = size True 1
Fn
File Read filename = C:\inst_fold\fp.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\inst_fold\fp.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\inst_fold\fp.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\inst_fold\fp.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\inst_fold\fp.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\inst_fold\fp.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\inst_fold\fp.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\inst_fold\fp.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\inst_fold\fp.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\inst_fold\fp.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\inst_fold\fp.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\inst_fold\fp.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\inst_fold\fp.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\inst_fold\fp.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\inst_fold\fp.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\inst_fold\fp.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 524288 True 1
Fn
Data
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 36, size_out = 36 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 256, size_out = 256 True 2
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 16, size_out = 16 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 256, size_out = 256 True 1
Fn
Data
File Get Info filename = C:\inst_fold\armdaemon.js, type = file_attributes False 1
Fn
File Get Info filename = C:\inst_fold, type = file_attributes True 1
Fn
File Create filename = C:\inst_fold\armdaemon.js, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 2
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 10118, size_out = 10118 True 1
Fn
Data
File Write filename = C:\inst_fold\armdaemon.js, size = 181 True 1
Fn
Data
File Create filename = C:\inst_fold\armdaemon.js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 16, size_out = 16 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 256, size_out = 256 True 1
Fn
Data
File Get Info filename = C:\inst_fold\armfix.reg, type = file_attributes False 1
Fn
File Get Info filename = C:\inst_fold, type = file_attributes True 1
Fn
File Create filename = C:\inst_fold\armfix.reg, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\inst_fold\armfix.reg, size = 11734 True 1
Fn
Data
File Create filename = C:\inst_fold\armfix.reg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 16, size_out = 16 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 256, size_out = 256 True 1
Fn
Data
File Get Info filename = C:\inst_fold\armgrd.bat, type = file_attributes False 1
Fn
File Get Info filename = C:\inst_fold, type = file_attributes True 1
Fn
File Create filename = C:\inst_fold\armgrd.bat, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\inst_fold\armgrd.bat, size = 89 True 1
Fn
Data
File Create filename = C:\inst_fold\armgrd.bat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 16, size_out = 16 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 256, size_out = 256 True 1
Fn
Data
File Get Info filename = C:\inst_fold\armforce.exe, type = file_attributes False 1
Fn
File Get Info filename = C:\inst_fold, type = file_attributes True 1
Fn
File Create filename = C:\inst_fold\armforce.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\inst_fold\armforce.exe, size = 20764 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 13618, size_out = 13618 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 16650, size_out = 16650 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 16216, size_out = 16216 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 9134, size_out = 9134 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 9150, size_out = 9150 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 10518, size_out = 10518 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 7364, size_out = 7364 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 7254, size_out = 7254 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 6928, size_out = 6928 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 7490, size_out = 7490 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8262, size_out = 8262 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 6914, size_out = 6914 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8628, size_out = 8628 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 5852, size_out = 5852 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 4716, size_out = 4716 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 7360, size_out = 7360 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 5700, size_out = 5700 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8086, size_out = 8086 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 9644, size_out = 9644 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8548, size_out = 8548 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 7514, size_out = 7514 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 4622, size_out = 4622 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 3704, size_out = 3704 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 3724, size_out = 3724 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 3886, size_out = 3886 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 5450, size_out = 5450 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 4682, size_out = 4682 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 6674, size_out = 6674 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 5850, size_out = 5850 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 5458, size_out = 5458 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 5132, size_out = 5132 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 5608, size_out = 5608 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 5436, size_out = 5436 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 5680, size_out = 5680 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 5426, size_out = 5426 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 5378, size_out = 5378 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 5578, size_out = 5578 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 5572, size_out = 5572 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 6432, size_out = 6432 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 6400, size_out = 6400 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 3018, size_out = 3018 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 2522, size_out = 2522 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 2712, size_out = 2712 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 1592, size_out = 1592 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 1680, size_out = 1680 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 2456, size_out = 2456 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 1842, size_out = 1842 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 2112, size_out = 2112 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 1942, size_out = 1942 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 1702, size_out = 1702 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 2386, size_out = 2386 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 2096, size_out = 2096 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 1484, size_out = 1484 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 1780, size_out = 1780 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 1886, size_out = 1886 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 3160, size_out = 3160 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 1730, size_out = 1730 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 3154, size_out = 3154 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 2930, size_out = 2930 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 5392, size_out = 5392 True 1
Fn
Data
File Write filename = C:\inst_fold\armforce.exe, size = 31488 True 1
Fn
Data
File Create filename = C:\inst_fold\armforce.exe, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 16, size_out = 16 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 256, size_out = 256 True 1
Fn
Data
File Get Info filename = C:\inst_fold\armsettings.bat, type = file_attributes False 1
Fn
File Get Info filename = C:\inst_fold, type = file_attributes True 1
Fn
File Create filename = C:\inst_fold\armsettings.bat, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\inst_fold\armsettings.bat, size = 767 True 1
Fn
Data
File Create filename = C:\inst_fold\armsettings.bat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 16, size_out = 16 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 256, size_out = 256 True 1
Fn
Data
File Get Info filename = C:\inst_fold\armstart.exe, type = file_attributes False 1
Fn
File Get Info filename = C:\inst_fold, type = file_attributes True 1
Fn
File Create filename = C:\inst_fold\armstart.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\inst_fold\armstart.exe, size = 513 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 18010, size_out = 18010 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 17418, size_out = 17418 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 18008, size_out = 18008 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 31928, size_out = 31928 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 23575, size_out = 23575 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 123
Fn
Data
File Delete filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 4 True 1
Fn
Data
File Get Info filename = C:\inst_fold\fp.exe, type = size True 1
Fn
File Read filename = C:\inst_fold\fp.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\inst_fold\fp.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\inst_fold\fp.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\inst_fold\fp.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\inst_fold\fp.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\inst_fold\fp.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\inst_fold\fp.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\inst_fold\fp.exe, size = 524288, size_out = 524288 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 524288 True 1
Fn
Data
File Read filename = C:\inst_fold\fp.exe, size = 101058, size_out = 101058 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 101058 True 1
Fn
Data
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 36, size_out = 36 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 256, size_out = 256 True 2
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 16, size_out = 16 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 256, size_out = 256 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 31523, size_out = 31523 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32784, size_out = 32784 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32785, size_out = 32785 True 1
Fn
Data
File Write filename = C:\inst_fold\armstart.exe, size = 32768 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 8, size_out = 8 True 1
Fn
Data
File Read filename = C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
For performance reasons, the remaining 393 entries are omitted.
The remaining entries can be found in glog.xml.
Process #21: armstart.exe
178 0
»
Information Value
ID #21
File Name c:\inst_fold\armstart.exe
Command Line "C:\inst_fold\armstart.exe"
Initial Working Directory C:\inst_fold\
Monitor Start Time: 00:03:10, Reason: Child Process
Unmonitor End Time: 00:03:53, Reason: Terminated by Timeout
Monitor Duration 00:00:43
OS Process Information
»
Information Value
PID 0xf04
Parent PID 0xee8 (c:\inst_fold\fp.exe)
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x F08
0x F0C
0x F10
0x F14
0x F18
0x F1C
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x00020fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x0012ffff Private Memory rw True False False -
pagefile_0x0000000000130000 0x00130000 0x00133fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000140000 0x00140000 0x00141fff Pagefile Backed Memory r True False False -
locale.nls 0x00150000 0x001b6fff Memory Mapped File r False False False -
private_0x00000000001c0000 0x001c0000 0x001c0fff Private Memory rw True False False -
private_0x00000000001d0000 0x001d0000 0x001dffff Private Memory rw True False False -
pagefile_0x00000000001e0000 0x001e0000 0x001e0fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000001f0000 0x001f0000 0x001f1fff Pagefile Backed Memory r True False False -
private_0x0000000000200000 0x00200000 0x0021ffff Private Memory rw True False False -
pagefile_0x0000000000200000 0x00200000 0x00201fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000210000 0x00210000 0x00210fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000220000 0x00220000 0x00220fff Pagefile Backed Memory r True False False -
oleaccrc.dll 0x00230000 0x00230fff Memory Mapped File r False False False -
pagefile_0x0000000000240000 0x00240000 0x00241fff Pagefile Backed Memory r True False False -
private_0x0000000000250000 0x00250000 0x0034ffff Private Memory rw True False False -
private_0x0000000000350000 0x00350000 0x003bffff Private Memory rw True False False -
cversions.1.db 0x00350000 0x00353fff Memory Mapped File r True False False -
cversions.2.db 0x00350000 0x00353fff Memory Mapped File r True False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001a.db 0x00360000 0x0037efff Memory Mapped File r True False False -
private_0x0000000000380000 0x00380000 0x003bffff Private Memory rw True False False -
pagefile_0x00000000003c0000 0x003c0000 0x003c0fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000003d0000 0x003d0000 0x003d6fff Pagefile Backed Memory r True False False -
pagefile_0x00000000003e0000 0x003e0000 0x003e1fff Pagefile Backed Memory rw True False False -
cversions.2.db 0x003f0000 0x003f3fff Memory Mapped File r True False False -
armstart.exe 0x00400000 0x00428fff Memory Mapped File rwx True True False
...
pagefile_0x0000000000430000 0x00430000 0x004f7fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000500000 0x00500000 0x00600fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000610000 0x00610000 0x0120ffff Pagefile Backed Memory r True False False -
sortdefault.nls 0x01210000 0x014defff Memory Mapped File r False False False -
pagefile_0x00000000014e0000 0x014e0000 0x015befff Pagefile Backed Memory r True False False -
private_0x00000000015c0000 0x015c0000 0x016bffff Private Memory rw True False False -
private_0x00000000016c0000 0x016c0000 0x017bffff Private Memory rw True False False -
private_0x00000000017c0000 0x017c0000 0x023c0fff Private Memory rw True False False -
pagefile_0x00000000017c0000 0x017c0000 0x01bb2fff Pagefile Backed Memory r True False False -
private_0x0000000001bc0000 0x01bc0000 0x01cc0fff Private Memory rw True False False -
private_0x0000000001bc0000 0x01bc0000 0x01cbffff Private Memory rw True False False -
private_0x0000000001cc0000 0x01cc0000 0x01dc0fff Private Memory rw True False False -
{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db 0x01cc0000 0x01ceffff Memory Mapped File r True False False -
{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db 0x01cf0000 0x01d55fff Memory Mapped File r True False False -
pagefile_0x0000000001d60000 0x01d60000 0x01d60fff Pagefile Backed Memory rw True False False -
private_0x0000000001d70000 0x01d70000 0x01e6ffff Private Memory rw True False False -
private_0x00000000023d0000 0x023d0000 0x024d0fff Private Memory rw True False False -
ieframe.dll 0x6cff0000 0x6da6ffff Memory Mapped File rwx False False False -
shdocvw.dll 0x6f590000 0x6f5bdfff Memory Mapped File rwx False False False -
apphelp.dll 0x718b0000 0x718fbfff Memory Mapped File rwx False False False -
oleacc.dll 0x72360000 0x7239bfff Memory Mapped File rwx False False False -
ntmarta.dll 0x73c00000 0x73c20fff Memory Mapped File rwx False False False -
dwmapi.dll 0x73eb0000 0x73ec2fff Memory Mapped File rwx False False False -
uxtheme.dll 0x741e0000 0x7421ffff Memory Mapped File rwx False False False -
propsys.dll 0x74220000 0x74314fff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
sspicli.dll 0x752b0000 0x752cafff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
profapi.dll 0x75380000 0x7538afff Memory Mapped File rwx False False False -
msasn1.dll 0x753f0000 0x753fbfff Memory Mapped File rwx False False False -
devobj.dll 0x75400000 0x75411fff Memory Mapped File rwx False False False -
crypt32.dll 0x75420000 0x7553cfff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
cfgmgr32.dll 0x75590000 0x755b6fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
wldap32.dll 0x75730000 0x75774fff Memory Mapped File rwx False False False -
clbcatq.dll 0x75780000 0x75802fff Memory Mapped File rwx False False False -
psapi.dll 0x75820000 0x75824fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
setupapi.dll 0x764b0000 0x7664cfff Memory Mapped File rwx False False False -
wininet.dll 0x76650000 0x76744fff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
urlmon.dll 0x76e70000 0x76fa5fff Memory Mapped File rwx False False False -
iertutil.dll 0x76fb0000 0x771aafff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Created Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe 9.50 MB MD5: 3c5850ef227bb206e507551c471ee8df
SHA1: 8943aab98043f28918a0c8d31d7a0076b5bffb1c
SHA256: a803bd4522ec8804adf5e548b2ffc9e3afa7eee179d96945de1a5980b5616445
SSDeep: 196608:6mzxqB4pQOdPLoDzS3lC7FCws+8w05anNfzY+ke8N:6mzxKxS5anNfceq 		False
...
C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi 9.25 MB MD5: d5e65d9a0bdbae81a53c7529d8d84ebe
SHA1: 0ded26345926faf919f9c8985e8b7b9f8e9c1b93
SHA256: a15c9de7714dda314144535bb4d3eb34ab240bfaeaae9a7b755a2211e2d96b68
SSDeep: 196608:7J5BzfEU0vFR51DupvqzsuvoYuFZnERejnTamopOYDmWM2:tHkvF3cpvMiVF9HoOYDw2 		False
...
Threads
Thread 0xf08
90 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\inst_fold\armstart.exe, base_address = 0x400000 True 2
Fn
Window Create class_name = Static, wndproc_parameter = 0 True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
System Get Info type = Operating System True 1
Fn
Environment Get Environment String name = 7zSfxString3 False 1
Fn
Environment Get Environment String name = 7zSfxString40 False 1
Fn
Environment Get Environment String name = 7zSfxString2 False 1
Fn
Environment Get Environment String name = 7zSfxString5 False 1
Fn
Environment Get Environment String name = 7zSfxString21 False 1
Fn
Environment Get Environment String name = 7zSfxString22 False 1
Fn
Environment Get Environment String name = 7zSfxString23 False 1
Fn
Environment Get Environment String name = 7zSfxString4 False 1
Fn
Environment Get Environment String name = 7zSfxString1 False 1
Fn
Environment Get Environment String name = 7zSfxString44 False 1
Fn
Environment Get Environment String name = 7zSfxString2 False 1
Fn
Environment Get Environment String name = 7zSfxString3 False 1
Fn
Environment Get Environment String name = 7zSfxString4 False 1
Fn
Environment Get Environment String name = 7zSfxString5 False 1
Fn
Environment Get Environment String name = 7zSfxString6 False 1
Fn
Environment Get Environment String name = 7zSfxString7 False 1
Fn
Environment Get Environment String name = 7zSfxString8 False 1
Fn
Environment Get Environment String name = 7zSfxString9 False 1
Fn
Environment Get Environment String name = 7zSfxString10 False 1
Fn
Environment Get Environment String name = 7zSfxString11 False 1
Fn
Environment Get Environment String name = 7zSfxString12 False 1
Fn
Environment Get Environment String name = 7zSfxString13 False 1
Fn
Environment Get Environment String name = 7zSfxString14 False 1
Fn
Environment Get Environment String name = 7zSfxString15 False 1
Fn
Environment Get Environment String name = 7zSfxString16 False 1
Fn
Environment Get Environment String name = 7zSfxString17 False 1
Fn
Environment Get Environment String name = 7zSfxString18 False 1
Fn
Environment Get Environment String name = 7zSfxString19 False 1
Fn
Environment Get Environment String name = 7zSfxString20 False 1
Fn
Environment Get Environment String name = 7zSfxString33 False 1
Fn
Environment Get Environment String name = 7zSfxString34 False 1
Fn
Environment Get Environment String name = 7zSfxString21 False 1
Fn
Environment Get Environment String name = 7zSfxString22 False 1
Fn
Environment Get Environment String name = 7zSfxString23 False 1
Fn
Environment Get Environment String name = 7zSfxString24 False 1
Fn
Environment Get Environment String name = 7zSfxString25 False 1
Fn
Environment Get Environment String name = 7zSfxString26 False 1
Fn
Environment Get Environment String name = 7zSfxString27 False 1
Fn
Environment Get Environment String name = 7zSfxString28 False 1
Fn
Environment Get Environment String name = 7zSfxString29 False 1
Fn
Environment Get Environment String name = 7zSfxString30 False 1
Fn
Environment Get Environment String name = 7zSfxString31 False 1
Fn
Environment Get Environment String name = 7zSfxString32 False 1
Fn
Environment Get Environment String name = 7zSfxString35 False 1
Fn
Environment Get Environment String name = 7zSfxString36 False 1
Fn
Environment Get Environment String name = 7zSfxString37 False 1
Fn
Environment Get Environment String name = 7zSfxString38 False 1
Fn
Environment Get Environment String name = 7zSfxString39 False 1
Fn
Environment Get Environment String name = 7zSfxString40 False 1
Fn
Environment Get Environment String name = 7zSfxString41 False 1
Fn
Environment Get Environment String name = 7zSfxString42 False 1
Fn
Environment Get Environment String name = 7zSfxString43 False 1
Fn
Environment Set Environment String name = 7zSfxFolder00, value = C:\Users\EEBsYm5\Desktop True 1
Fn
Environment Set Environment String name = 7zSfxFolder02, value = C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs True 1
Fn
Environment Set Environment String name = 7zSfxFolder05, value = C:\Users\EEBsYm5\Documents True 1
Fn
Environment Set Environment String name = MyDocuments, value = C:\Users\EEBsYm5\Documents True 1
Fn
Environment Set Environment String name = MyDocs, value = C:\Users\EEBsYm5\Documents True 1
Fn
Environment Set Environment String name = 7zSfxFolder06, value = C:\Users\EEBsYm5\Favorites True 1
Fn
Environment Set Environment String name = 7zSfxFolder07, value = C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup True 1
Fn
Environment Set Environment String name = 7zSfxFolder08, value = C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Windows\Recent True 1
Fn
Environment Set Environment String name = 7zSfxFolder09, value = C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Windows\SendTo True 1
Fn
Environment Set Environment String name = 7zSfxFolder11, value = C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Windows\Start Menu True 1
Fn
Environment Set Environment String name = 7zSfxFolder13, value = C:\Users\EEBsYm5\Music True 1
Fn
Environment Set Environment String name = 7zSfxFolder14, value = C:\Users\EEBsYm5\Videos True 1
Fn
Environment Set Environment String name = 7zSfxFolder16, value = C:\Users\EEBsYm5\Desktop True 1
Fn
Environment Set Environment String name = UserDesktop, value = C:\Users\EEBsYm5\Desktop True 1
Fn
Environment Set Environment String name = 7zSfxFolder19, value = C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Windows\Network Shortcuts True 1
Fn
Environment Set Environment String name = 7zSfxFolder20, value = C:\Windows\Fonts True 1
Fn
Environment Set Environment String name = 7zSfxFolder21, value = C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Windows\Templates True 1
Fn
Environment Set Environment String name = 7zSfxFolder22, value = C:\ProgramData\Microsoft\Windows\Start Menu True 1
Fn
Environment Set Environment String name = 7zSfxFolder23, value = C:\ProgramData\Microsoft\Windows\Start Menu\Programs True 1
Fn
Environment Set Environment String name = 7zSfxFolder24, value = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup True 1
Fn
Environment Set Environment String name = 7zSfxFolder25, value = C:\Users\Public\Desktop True 1
Fn
Environment Set Environment String name = CommonDesktop, value = C:\Users\Public\Desktop True 1
Fn
Environment Set Environment String name = 7zSfxFolder26, value = C:\Users\EEBsYm5\AppData\Roaming True 1
Fn
Environment Set Environment String name = 7zSfxFolder27, value = C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Windows\Printer Shortcuts True 1
Fn
Environment Set Environment String name = 7zSfxFolder28, value = C:\Users\EEBsYm5\AppData\Local True 1
Fn
Environment Set Environment String name = 7zSfxFolder29, value = C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup True 1
Fn
Environment Set Environment String name = 7zSfxFolder30, value = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup True 1
Fn
Environment Set Environment String name = 7zSfxFolder31, value = C:\Users\EEBsYm5\Favorites True 1
Fn
Environment Set Environment String name = 7zSfxFolder32, value = C:\Users\EEBsYm5\AppData\Local\Microsoft\Windows\Temporary Internet Files True 1
Fn
Environment Set Environment String name = 7zSfxFolder33, value = C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Windows\Cookies True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000, type = file_attributes False 1
Fn
File Read size = 32, size_out = 32 True 1
Fn
Data
Process Create process_name = installer.exe, show_window = SW_HIDE True 1
Fn
Thread 0xf0c
87 0
»
Category Operation Information Success Count Logfile
File Read size = 1048576, size_out = 1048576 True 2
Fn
Data
File Get Info filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, type = file_attributes False 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, size = 4194304 True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, type = file_attributes False 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 131068 True 2
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 131069 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 131068 True 20
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 131071 True 2
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 131068 True 15
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 131071 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 131068 True 6
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 131069 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 131068 True 4
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 131072 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 131068 True 22
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 126249 True 1
Fn
Data
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 4 True 1
Fn
Data
Thread 0xf10
1 0
»
Category Operation Information Success Count Logfile
File Read size = 1048576, size_out = 1048576 True 1
Fn
Data
Process #22: installer.exe
1501 0
»
Information Value
ID #22
File Name c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe
Command Line "C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe" /rsetup
Initial Working Directory C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\
Monitor Start Time: 00:03:17, Reason: Child Process
Unmonitor End Time: 00:03:53, Reason: Terminated by Timeout
Monitor Duration 00:00:36
OS Process Information
»
Information Value
PID 0xf20
Parent PID 0xf04 (c:\inst_fold\armstart.exe)
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x F24
0x F28
0x F2C
0x F30
0x F34
0x F38
0x F3C
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x00020fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x0012ffff Private Memory rw True False False -
pagefile_0x0000000000130000 0x00130000 0x00133fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000140000 0x00140000 0x00141fff Pagefile Backed Memory r True False False -
locale.nls 0x00150000 0x001b6fff Memory Mapped File r False False False -
pagefile_0x00000000001c0000 0x001c0000 0x00287fff Pagefile Backed Memory r True False False -
private_0x0000000000290000 0x00290000 0x00290fff Private Memory rw True False False -
pagefile_0x00000000002a0000 0x002a0000 0x002a0fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000002b0000 0x002b0000 0x002b1fff Pagefile Backed Memory r True False False -
private_0x00000000002c0000 0x002c0000 0x003bffff Private Memory rw True False False -
private_0x00000000003c0000 0x003c0000 0x003c0fff Private Memory rw True False False -
pagefile_0x00000000003d0000 0x003d0000 0x003d0fff Pagefile Backed Memory rw True False False -
private_0x00000000003e0000 0x003e0000 0x003e0fff Private Memory rwx True False False -
pagefile_0x00000000003f0000 0x003f0000 0x003f6fff Pagefile Backed Memory r True False False -
installer.exe 0x00400000 0x00e22fff Memory Mapped File rwx True True False
...
pagefile_0x0000000000e30000 0x00e30000 0x00f30fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000f40000 0x00f40000 0x00f41fff Pagefile Backed Memory rw True False False -
private_0x0000000000f50000 0x00f50000 0x00f5ffff Private Memory rw True False False -
pagefile_0x0000000000f60000 0x00f60000 0x01b5ffff Pagefile Backed Memory r True False False -
private_0x0000000001b60000 0x01b60000 0x01c5ffff Private Memory rw True False False -
private_0x0000000001c60000 0x01c60000 0x01cbffff Private Memory rw True False False -
private_0x0000000001c60000 0x01c60000 0x01c6ffff Private Memory rw True False False -
pagefile_0x0000000001c70000 0x01c70000 0x01c70fff Pagefile Backed Memory rw True False False -
private_0x0000000001c80000 0x01c80000 0x01cbffff Private Memory rw True False False -
comctl32.dll.mui 0x01cc0000 0x01cc2fff Memory Mapped File rw False False False -
private_0x0000000001cd0000 0x01cd0000 0x01cd0fff Private Memory rw True False False -
private_0x0000000001ce0000 0x01ce0000 0x01ceffff Private Memory rw True False False -
private_0x0000000001cf0000 0x01cf0000 0x01e2ffff Private Memory rw True False False -
pagefile_0x0000000001e30000 0x01e30000 0x027aefff Pagefile Backed Memory r True False False -
pagefile_0x0000000001e30000 0x01e30000 0x01f0efff Pagefile Backed Memory r True False False -
private_0x0000000001f10000 0x01f10000 0x0200ffff Private Memory rw True False False -
sortdefault.nls 0x02010000 0x022defff Memory Mapped File r False False False -
private_0x00000000022e0000 0x022e0000 0x026dffff Private Memory - True False False -
private_0x00000000026e0000 0x026e0000 0x0275ffff Private Memory - True False False -
private_0x0000000002760000 0x02760000 0x02b5ffff Private Memory - True False False -
private_0x0000000002b60000 0x02b60000 0x02bdffff Private Memory - True False False -
private_0x0000000002be0000 0x02be0000 0x02fdffff Private Memory - True False False -
private_0x0000000002fe0000 0x02fe0000 0x0305ffff Private Memory - True False False -
private_0x0000000003060000 0x03060000 0x0345ffff Private Memory - True False False -
private_0x0000000003460000 0x03460000 0x034dffff Private Memory - True False False -
pagefile_0x00000000034e0000 0x034e0000 0x038d2fff Pagefile Backed Memory r True False False -
rpcss.dll 0x038e0000 0x0393bfff Memory Mapped File r False False False -
private_0x00000000038e0000 0x038e0000 0x039dffff Private Memory rw True False False -
private_0x00000000039e0000 0x039e0000 0x03adffff Private Memory rw True False False -
private_0x0000000003ae0000 0x03ae0000 0x03c6ffff Private Memory rw True False False -
private_0x0000000003ae0000 0x03ae0000 0x03b0ffff Private Memory rw True False False -
private_0x0000000003ae0000 0x03ae0000 0x03ae0fff Private Memory rw True False False -
private_0x0000000003af0000 0x03af0000 0x03af0fff Private Memory rw True False False -
private_0x0000000003b00000 0x03b00000 0x03b0ffff Private Memory rw True False False -
private_0x0000000003b10000 0x03b10000 0x03b10fff Private Memory rw True False False -
private_0x0000000003b20000 0x03b20000 0x03c1ffff Private Memory rw True False False -
c_20127.nls 0x03b20000 0x03b30fff Memory Mapped File r False False False -
pagefile_0x0000000003c20000 0x03c20000 0x03c21fff Pagefile Backed Memory r True False False -
private_0x0000000003c30000 0x03c30000 0x03c6ffff Private Memory rw True False False -
staticcache.dat 0x03c70000 0x0459ffff Memory Mapped File r False False False -
private_0x00000000045a0000 0x045a0000 0x046dffff Private Memory rw True False False -
pagefile_0x00000000046e0000 0x046e0000 0x046e0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000046f0000 0x046f0000 0x046f0fff Pagefile Backed Memory r True False False -
oleaccrc.dll 0x04700000 0x04700fff Memory Mapped File r False False False -
pagefile_0x0000000004710000 0x04710000 0x04711fff Pagefile Backed Memory r True False False -
private_0x0000000004720000 0x04720000 0x0481ffff Private Memory rw True False False -
cversions.1.db 0x04820000 0x04823fff Memory Mapped File r True False False -
cversions.2.db 0x04820000 0x04823fff Memory Mapped File r True False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001a.db 0x04830000 0x0484efff Memory Mapped File r True False False -
pagefile_0x0000000004850000 0x04850000 0x04850fff Pagefile Backed Memory rw True False False -
private_0x0000000004860000 0x04860000 0x04960fff Private Memory rw True False False -
{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db 0x04860000 0x0488ffff Memory Mapped File r True False False -
cversions.2.db 0x04890000 0x04893fff Memory Mapped File r True False False -
{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db 0x048a0000 0x04905fff Memory Mapped File r True False False -
pagefile_0x0000000004910000 0x04910000 0x04910fff Pagefile Backed Memory rw True False False -
private_0x0000000004920000 0x04920000 0x04a1ffff Private Memory rw True False False -
ieframe.dll 0x6cff0000 0x6da6ffff Memory Mapped File rwx False False False -
security.dll 0x6de20000 0x6de22fff Memory Mapped File rwx False False False -
winmm.dll 0x6e9f0000 0x6ea21fff Memory Mapped File rwx False False False -
webio.dll 0x6fcf0000 0x6fd3efff Memory Mapped File rwx False False False -
winhttp.dll 0x6fd40000 0x6fd97fff Memory Mapped File rwx False False False -
winspool.drv 0x70200000 0x70250fff Memory Mapped File rwx False False False -
apphelp.dll 0x718b0000 0x718fbfff Memory Mapped File rwx False False False -
olepro32.dll 0x71de0000 0x71df8fff Memory Mapped File rwx False False False -
faultrep.dll 0x71e00000 0x71e51fff Memory Mapped File rwx False False False -
wsock32.dll 0x71e60000 0x71e66fff Memory Mapped File rwx False False False -
shfolder.dll 0x71f00000 0x71f04fff Memory Mapped File rwx False False False -
msimg32.dll 0x71f50000 0x71f54fff Memory Mapped File rwx False False False -
oleacc.dll 0x72360000 0x7239bfff Memory Mapped File rwx False False False -
ntmarta.dll 0x73c00000 0x73c20fff Memory Mapped File rwx False False False -
wkscli.dll 0x73c40000 0x73c4efff Memory Mapped File rwx False False False -
netutils.dll 0x73c50000 0x73c58fff Memory Mapped File rwx False False False -
netapi32.dll 0x73c60000 0x73c70fff Memory Mapped File rwx False False False -
wtsapi32.dll 0x73d60000 0x73d6cfff Memory Mapped File rwx False False False -
dwmapi.dll 0x73eb0000 0x73ec2fff Memory Mapped File rwx False False False -
gdiplus.dll 0x74050000 0x741dffff Memory Mapped File rwx False False False -
uxtheme.dll 0x741e0000 0x7421ffff Memory Mapped File rwx False False False -
propsys.dll 0x74220000 0x74314fff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
version.dll 0x748d0000 0x748d8fff Memory Mapped File rwx False False False -
srvcli.dll 0x75220000 0x75238fff Memory Mapped File rwx False False False -
secur32.dll 0x75290000 0x75297fff Memory Mapped File rwx False False False -
sspicli.dll 0x752b0000 0x752cafff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
winsta.dll 0x75340000 0x75368fff Memory Mapped File rwx False False False -
profapi.dll 0x75380000 0x7538afff Memory Mapped File rwx False False False -
msasn1.dll 0x753f0000 0x753fbfff Memory Mapped File rwx False False False -
devobj.dll 0x75400000 0x75411fff Memory Mapped File rwx False False False -
crypt32.dll 0x75420000 0x7553cfff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
cfgmgr32.dll 0x75590000 0x755b6fff Memory Mapped File rwx False False False -
wintrust.dll 0x75650000 0x7567cfff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
wldap32.dll 0x75730000 0x75774fff Memory Mapped File rwx False False False -
clbcatq.dll 0x75780000 0x75802fff Memory Mapped File rwx False False False -
nsi.dll 0x75810000 0x75815fff Memory Mapped File rwx False False False -
psapi.dll 0x75820000 0x75824fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
setupapi.dll 0x764b0000 0x7664cfff Memory Mapped File rwx False False False -
wininet.dll 0x76650000 0x76744fff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
urlmon.dll 0x76e70000 0x76fa5fff Memory Mapped File rwx False False False -
iertutil.dll 0x76fb0000 0x771aafff Memory Mapped File rwx False False False -
comdlg32.dll 0x771b0000 0x7722afff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
ws2_32.dll 0x77380000 0x773b4fff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffd8000 0x7ffd8000 0x7ffd8fff Private Memory rw True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory rw True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory rw True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Hook Information
»
Type Installer Target Size Information Actions
Code installer.exe:+0xb0db6 kernel32.dll:CreateThread+0x1c 4 bytes -
...
Code installer.exe:+0xb10f8 kernel32.dll:CreateThread+0x1c 4 bytes -
...
IAT installer.exe:+0x7549e 53. entry of shlwapi.dll 4 bytes kernel32.dll:QueueUserWorkItem+0x0 now points to installer.exe:__dbk_fcall_wrapper+0x9ed44
...
IAT installer.exe:+0x7549e 53. entry of shlwapi.dll 4 bytes installer.exe:__dbk_fcall_wrapper+0x9ed44 now points to kernel32.dll:QueueUserWorkItem+0x0
...
IAT installer.exe:+0x7549e 1140. entry of shell32.dll 4 bytes kernel32.dll:QueueUserWorkItem+0x0 now points to installer.exe:__dbk_fcall_wrapper+0x9ed44
...
IAT installer.exe:+0x7549e 1140. entry of shell32.dll 4 bytes installer.exe:__dbk_fcall_wrapper+0x9ed44 now points to kernel32.dll:QueueUserWorkItem+0x0
...
Threads
Thread 0xf24
1272 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, base_address = 0x400000 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetThreadPreferredUILanguages, address_out = 0x769522d7 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = SetThreadPreferredUILanguages, address_out = 0x7694e627 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetThreadUILanguage, address_out = 0x7694ae42 True 1
Fn
System Get Info type = Hardware Information True 1
Fn
System Get Info type = Operating System True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 522 True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 261 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Embarcadero\Locales False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\CodeGear\Locales False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\CodeGear\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Borland\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Borland\Delphi\Locales False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x7694be77 True 1
Fn
System Get Info type = Hardware Information True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetDiskFreeSpaceExW, address_out = 0x7694de40 True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 261 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Embarcadero\Locales False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\CodeGear\Locales False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\CodeGear\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Borland\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Borland\Delphi\Locales False 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetLogicalProcessorInformation, address_out = 0x76942004 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetLogicalProcessorInformation, address_out = 0x76942004 True 1
Fn
Module Get Handle module_name = c:\windows\system32\oleaut32.dll, base_address = 0x76c10000 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VariantChangeTypeEx, address_out = 0x76c14c28 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarNeg, address_out = 0x76c8c802 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarNot, address_out = 0x76c8ec66 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarAdd, address_out = 0x76c35934 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarSub, address_out = 0x76c8d332 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarMul, address_out = 0x76c8dbd4 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarDiv, address_out = 0x76c8e405 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarIdiv, address_out = 0x76c8f00a True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarMod, address_out = 0x76c8f15e True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarAnd, address_out = 0x76c35a98 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarOr, address_out = 0x76c8ecfa True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarXor, address_out = 0x76c8ee2e True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarCmp, address_out = 0x76c2b0dc True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarI4FromStr, address_out = 0x76c26fab True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarR4FromStr, address_out = 0x76c301a0 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarR8FromStr, address_out = 0x76c2699e True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarDateFromStr, address_out = 0x76c36ba7 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarCyFromStr, address_out = 0x76c56c12 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarBoolFromStr, address_out = 0x76c2dbd1 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromCy, address_out = 0x76c37fdc True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromDate, address_out = 0x76c27a2a True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromBool, address_out = 0x76c30355 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Address module_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, function = GetLeakReport, address_out = 0x0 False 1
Fn
File Open Mapping filename = madExceptRestart$f20, desired_access = FILE_MAP_READ False 1
Fn
System Get Info type = Operating System True 1
Fn
File Create Directory C:\Users\EEBsYm5\AppData\Local\Temp\ False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 260 True 1
Fn
File Create Directory C:\Users\EEBsYm5\AppData\Local\Temp\installer.madExcept True 1
Fn
System Get Info type = Operating System True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Local\Temp\installer.madExcept\, type = file_attributes True 1
Fn
File Delete filename = C:\Users\EEBsYm5\AppData\Local\Temp\installer.madExcept\. False 1
Fn
File Delete filename = C:\Users\EEBsYm5\AppData\Local\Temp\installer.madExcept\.. False 1
Fn
File Delete Directory directory = C:\Users\EEBsYm5\AppData\Local\Temp\installer.madExcept\ True 1
Fn
Module Get Address module_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, function = @Madexcept@initialization$qqrv, address_out = 0x0 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = FaultRep.dll, base_address = 0x71e00000 True 1
Fn
Module Get Address module_name = c:\windows\system32\faultrep.dll, function = ReportFault, address_out = 0x71e05457 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = OpenThread, address_out = 0x76966733 True 1
Fn
Module Get Handle module_name = c:\windows\system32\ntdll.dll, base_address = 0x77230000 True 1
Fn
Module Get Address module_name = c:\windows\system32\ntdll.dll, function = NtOpenThread, address_out = 0x77275e08 True 1
Fn
Module Get Handle module_name = c:\windows\system32\advapi32.dll, base_address = 0x769f0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = SetEntriesInAclA, address_out = 0x76a415e9 True 1
Fn
Mutex Create mutex_name = madExceptSettingsMtx$f20 True 1
Fn
Module Get Handle module_name = c:\windows\system32\advapi32.dll, base_address = 0x769f0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = SetEntriesInAclA, address_out = 0x76a415e9 True 1
Fn
File Open Mapping filename = madExceptSettingsBuf2$f20, desired_access = FILE_MAP_WRITE, FILE_MAP_READ False 1
Fn
Module Create Mapping filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 4 True 1
Fn
Module Map process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, desired_access = FILE_MAP_ALL_ACCESS True 1
Fn
Mutex Release mutex_name = madExceptSettingsMtx$f20 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 260 True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Module Create Mapping module_name = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, desired_access = FILE_MAP_READ True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, type = size True 1
Fn
Module Create Mapping filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 20 True 1
Fn
Module Map process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, desired_access = FILE_MAP_ALL_ACCESS True 1
Fn
Mutex Create - True 1
Fn
Mutex Create - True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\ntdll.dll, base_address = 0x77230000 True 1
Fn
Module Get Address module_name = c:\windows\system32\ntdll.dll, function = NtQuerySystemInformation, address_out = 0x772761f8 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\ntdll.dll, base_address = 0x77230000 True 1
Fn
Module Get Address module_name = c:\windows\system32\ntdll.dll, function = RtlGetVersion, address_out = 0x772965e3 True 1
Fn
System Get Info type = Operating System False 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x7694be77 True 1
Fn
System Get Info type = Hardware Information True 1
Fn
Mutex Release - True 1
Fn
Module Get Handle module_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, base_address = 0x400000 True 1
Fn
Module Get Address module_name = Unknown module name, address_out = 0x0 False 1
Fn
Module Get Handle module_name = vcl320.bpl, base_address = 0x0 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\winmm.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\webio.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\winhttp.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\winspool.drv, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\faultrep.dll, process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\FaultRep.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\wsock32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\SHFolder.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\ntmarta.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\wkscli.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\netutils.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\netapi32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\version.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\srvcli.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\MSASN1.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\CRYPT32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\KERNELBASE.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\wintrust.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\RPCRT4.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\WLDAP32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\NSI.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\SHELL32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\LPK.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\wininet.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\ole32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\kernel32.dll, process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\advapi32.dll, process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\ADVAPI32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\msvcrt.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\USER32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\oleaut32.dll, process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\OLEAUT32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\MSCTF.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\USP10.dll, size = 260 True 1
Fn
File Create Pipe pipe_name = Anonymous read pipe, size = 0 True 1
Fn
Thread Open os_tid = 0xf28 True 1
Fn
Mutex Release - True 1
Fn
Mutex Create - True 1
Fn
Mutex Release - True 1
Fn
Module Get Handle module_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, base_address = 0x400000 True 1
Fn
Window Create wndproc_parameter = 0 True 1
Fn
Mutex Release - True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = ChangeWindowMessageFilterEx, address_out = 0x76b524c8 True 1
Fn
Mutex Release - True 2
Fn
Module Get Handle module_name = c:\windows\system32\msvcrt.dll, base_address = 0x76a90000 True 1
Fn
Module Get Address module_name = c:\windows\system32\msvcrt.dll, function = _CxxThrowException, address_out = 0x76ab3557 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 260 True 1
Fn
System Get Info type = Operating System True 3
Fn
Module Get Filename module_name = c:\windows\system32\kernel32.dll, process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 2
Fn
Module Get Handle module_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, base_address = 0x400000 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernelbase.dll, base_address = 0x75540000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernelbase.dll, function = CreateRemoteThreadEx, address_out = 0x7554be34 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = CreateThread, address_out = 0x7696375d True 1
Fn
Module Get Handle module_name = c:\windows\system32\msvcrt.dll, base_address = 0x76a90000 True 1
Fn
Module Get Address module_name = c:\windows\system32\msvcrt.dll, function = _CxxThrowException, address_out = 0x76ab3557 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\kernel32.dll, process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 3
Fn
Module Get Filename module_name = c:\windows\system32\kernelbase.dll, process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\KERNELBASE.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 2
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Filename module_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 256 True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 4067311 True 1
Fn
Window Create window_name = installer, class_name = TApplication, wndproc_parameter = 0 True 1
Fn
Module Load module_name = wtsapi32.dll, base_address = 0x73d60000 True 1
Fn
Module Get Address module_name = c:\windows\system32\wtsapi32.dll, function = WTSRegisterSessionNotification, address_out = 0x73d61cbc True 1
Fn
Module Load module_name = uxtheme.dll, base_address = 0x741e0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BufferedPaintInit, address_out = 0x741e940e True 1
Fn
Window Set Attribute window_name = installer, class_name = TApplication, index = 18446744073709551612, new_long = 4067298 True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = AnimateWindow, address_out = 0x76b70620 True 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74360000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = InitializeFlatSB, address_out = 0x7443f803 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = UninitializeFlatSB, address_out = 0x7436d1ea True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollProp, address_out = 0x7443f81f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollProp, address_out = 0x743e07d0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_EnableScrollBar, address_out = 0x7443f84b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_ShowScrollBar, address_out = 0x7443f83a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollRange, address_out = 0x7443f829 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollInfo, address_out = 0x743e08b6 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollPos, address_out = 0x7443f80e True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollPos, address_out = 0x743e0894 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollInfo, address_out = 0x743e08c7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollRange, address_out = 0x743e08a5 True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = SetLayeredWindowAttributes, address_out = 0x76b4a6dc True 1
Fn
Module Get Filename module_name = vcl320.bpl, process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 261 True 1
Fn
System Get Info type = Hardware Information True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Filename module_name = c:\windows\system32\kernel32.dll, process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 261 True 1
Fn
System Get Info type = Operating System True 1
Fn
System Get Computer Name result_out = CRH2YWU7 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = InstallDate, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = InstallDate, data = 1496235695, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductName, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductName, data = Windows 7 Professional, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductId, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductId, data = 00371-223-0192682-86871, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography, value_name = MachineGuid, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography, value_name = MachineGuid, data = cdd36b99-6027-4bbf-bf10-e7f8b416e3fb, type = REG_SZ True 1
Fn
System Get Computer Name result_out = cRh2YWu7, type = ComputerNameDnsFullyQualified True 2
Fn
Module Load module_name = olepro32.dll, base_address = 0x71de0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\olepro32.dll, function = OleCreatePropertyFrame, address_out = 0x71de20ea True 1
Fn
Module Get Address module_name = c:\windows\system32\olepro32.dll, function = OleCreateFontIndirect, address_out = 0x71de20b7 True 1
Fn
Module Get Address module_name = c:\windows\system32\olepro32.dll, function = OleCreatePictureIndirect, address_out = 0x71de20c8 True 1
Fn
Module Get Address module_name = c:\windows\system32\olepro32.dll, function = OleLoadPicture, address_out = 0x71de20d9 True 1
Fn
Module Load module_name = security.dll, base_address = 0x6de20000 True 1
Fn
Module Get Address module_name = c:\windows\system32\security.dll, function = InitSecurityInterfaceW, address_out = 0x752b5b53 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = InitializeCriticalSection, address_out = 0x7728a149 True 1
Fn
Module Load module_name = uxtheme.dll, base_address = 0x741e0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = OpenThemeData, address_out = 0x741e73d2 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = CloseThemeData, address_out = 0x741e6a18 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeBackground, address_out = 0x741e3982 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeText, address_out = 0x741e4ea1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundContentRect, address_out = 0x741ecd2e True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundExtent, address_out = 0x741ef8bf True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePartSize, address_out = 0x741ecdb1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeTextExtent, address_out = 0x741e2d57 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeTextMetrics, address_out = 0x741ef992 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundRegion, address_out = 0x741f165d True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = HitTestThemeBackground, address_out = 0x741f3ce3 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeEdge, address_out = 0x74203b52 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeIcon, address_out = 0x742135e7 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemePartDefined, address_out = 0x741e85b4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeBackgroundPartiallyTransparent, address_out = 0x741e60ab True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeColor, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeMetric, address_out = 0x741f06e2 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeString, address_out = 0x742122e4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBool, address_out = 0x741e7c1f True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeInt, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeEnumValue, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePosition, address_out = 0x74212350 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeFont, address_out = 0x741eff21 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeRect, address_out = 0x741f3611 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeMargins, address_out = 0x741e86e9 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeIntList, address_out = 0x742123b1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePropertyOrigin, address_out = 0x74203fbb True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = SetWindowTheme, address_out = 0x741f0134 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeFilename, address_out = 0x74212412 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysColor, address_out = 0x74203274 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysColorBrush, address_out = 0x7421301e True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysBool, address_out = 0x74213172 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysSize, address_out = 0x7421320b True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysFont, address_out = 0x742129c4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysString, address_out = 0x74212b3f True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysInt, address_out = 0x74212bd3 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeActive, address_out = 0x741ef785 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsAppThemed, address_out = 0x741ef869 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetWindowTheme, address_out = 0x741edf46 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = EnableThemeDialogTexture, address_out = 0x741efcaf True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeDialogTextureEnabled, address_out = 0x7421312b True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeAppProperties, address_out = 0x741f0fb1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = SetThemeAppProperties, address_out = 0x74213296 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetCurrentThemeName, address_out = 0x741f05dd True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeDocumentationProperty, address_out = 0x74212932 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeParentBackground, address_out = 0x741e53e5 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = EnableTheming, address_out = 0x74212feb True 1
Fn
System Register Hook type = WH_CBT, hookproc_address = 0x65b278 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = IsWow64Process, address_out = 0x76954785 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueueUserWorkItem, address_out = 0x76953c22 True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 4067272 True 1
Fn
Module Load module_name = UxTheme.dll, base_address = 0x741e0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = CloseThemeData, address_out = 0x741e6a18 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeBackground, address_out = 0x741e3982 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeEdge, address_out = 0x74203b52 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeIcon, address_out = 0x742135e7 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeParentBackground, address_out = 0x741e53e5 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeText, address_out = 0x741e4ea1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeTextEx, address_out = 0x741e63e6 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = EnableThemeDialogTexture, address_out = 0x741efcaf True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetCurrentThemeName, address_out = 0x741f05dd True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeAppProperties, address_out = 0x741f0fb1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundContentRect, address_out = 0x741ecd2e True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundRegion, address_out = 0x741f165d True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundExtent, address_out = 0x741ef8bf True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBool, address_out = 0x741e7c1f True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeColor, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeDocumentationProperty, address_out = 0x74212932 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeEnumValue, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeFilename, address_out = 0x74212412 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeFont, address_out = 0x741eff21 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeInt, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeIntList, address_out = 0x742123b1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeMargins, address_out = 0x741e86e9 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeMetric, address_out = 0x741f06e2 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePartSize, address_out = 0x741ecdb1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePosition, address_out = 0x74212350 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePropertyOrigin, address_out = 0x74203fbb True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeRect, address_out = 0x741f3611 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeString, address_out = 0x742122e4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysBool, address_out = 0x74213172 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysColor, address_out = 0x74203274 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysColorBrush, address_out = 0x7421301e True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysFont, address_out = 0x742129c4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysInt, address_out = 0x74212bd3 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysSize, address_out = 0x7421320b True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysString, address_out = 0x74212b3f True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeTextExtent, address_out = 0x741e2d57 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeTextMetrics, address_out = 0x741ef992 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetWindowTheme, address_out = 0x741edf46 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = HitTestThemeBackground, address_out = 0x741f3ce3 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsAppThemed, address_out = 0x741ef869 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeActive, address_out = 0x741ef785 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemePartDefined, address_out = 0x741e85b4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeBackgroundPartiallyTransparent, address_out = 0x741e60ab True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeDialogTextureEnabled, address_out = 0x7421312b True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = OpenThemeData, address_out = 0x741e73d2 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = SetThemeAppProperties, address_out = 0x74213296 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = SetWindowTheme, address_out = 0x741f0134 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BeginBufferedPaint, address_out = 0x741e49a1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BufferedPaintClear, address_out = 0x741e6395 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BufferedPaintInit, address_out = 0x741e940e True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BufferedPaintSetAlpha, address_out = 0x741fe6b3 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BufferedPaintUnInit, address_out = 0x741e94ab True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = EndBufferedPaint, address_out = 0x741e3f9a True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BeginPanningFeedback, address_out = 0x74210731 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = UpdatePanningFeedback, address_out = 0x7421068d True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = EndPanningFeedback, address_out = 0x742106cc True 1
Fn
Module Load module_name = Shcore.dll, base_address = 0x0 False 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = GetSystemMetricsForDpi, address_out = 0x0 False 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = GetGestureInfo, address_out = 0x76b8b30d True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = CloseGestureInfoHandle, address_out = 0x76b8b38a True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = SetGestureConfig, address_out = 0x76b44715 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = LogicalToPhysicalPoint, address_out = 0x76b76e4f True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = PhysicalToLogicalPoint, address_out = 0x76b76e63 True 1
Fn
Module Load module_name = user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = IsProcessDPIAware, address_out = 0x76b5212e True 1
Fn
System Register Hook type = WH_CALLWNDPROC, hookproc_address = 0x9cdb7c True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 4067259 True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = WindowFromDC, address_out = 0x76b52116 True 1
Fn
Module Load module_name = gdiplus.dll, base_address = 0x74050000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipAlloc, address_out = 0x74092437 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipFree, address_out = 0x740924b2 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdiplusStartup, address_out = 0x74075600 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdiplusShutdown, address_out = 0x740756be True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCloneBrush, address_out = 0x7407d7e8 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDeleteBrush, address_out = 0x7407d8c2 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetBrushType, address_out = 0x7407d95f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateSolidFill, address_out = 0x7409701b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetSolidFillColor, address_out = 0x7407dfe0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetSolidFillColor, address_out = 0x7407e083 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreatePathGradient, address_out = 0x7409682f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreatePathGradientI, address_out = 0x740968f1 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreatePathGradientFromPath, address_out = 0x74096a43 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientCenterColor, address_out = 0x7407f0ce True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientCenterColor, address_out = 0x7407f196 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientSurroundColorsWithCount, address_out = 0x7407f23a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientSurroundColorsWithCount, address_out = 0x7407f368 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientPath, address_out = 0x7407f524 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientPath, address_out = 0x7407f524 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientCenterPoint, address_out = 0x7407f567 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientCenterPointI, address_out = 0x7407f621 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientCenterPoint, address_out = 0x7407f6b5 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientCenterPointI, address_out = 0x7407f76f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientRect, address_out = 0x7407f94a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientRectI, address_out = 0x7407f9ff True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientPointCount, address_out = 0x7407f7dd True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientSurroundColorCount, address_out = 0x7407f890 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientGammaCorrection, address_out = 0x7407fab7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientGammaCorrection, address_out = 0x7407fb54 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientBlendCount, address_out = 0x7407e7f0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientBlend, address_out = 0x7407fc07 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientBlend, address_out = 0x7407e97a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientPresetBlendCount, address_out = 0x7407fcdb True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientPresetBlend, address_out = 0x7407fd95 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientPresetBlend, address_out = 0x7407ff41 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientSigmaBlend, address_out = 0x74080184 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientLinearBlend, address_out = 0x7407eeb7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientWrapMode, address_out = 0x7407f01b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientWrapMode, address_out = 0x74080236 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientTransform, address_out = 0x740802da True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientTransform, address_out = 0x7407dc34 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipResetPathGradientTransform, address_out = 0x7407dd3d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipMultiplyPathGradientTransform, address_out = 0x740803e3 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipTranslatePathGradientTransform, address_out = 0x740804fc True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipScalePathGradientTransform, address_out = 0x740805d5 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipRotatePathGradientTransform, address_out = 0x7407dde0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientFocusScales, address_out = 0x740806ae True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientFocusScales, address_out = 0x74080793 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrush, address_out = 0x7407e139 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrushI, address_out = 0x7407e22f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrushFromRect, address_out = 0x7407e2fe True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrushFromRectI, address_out = 0x7407e3ee True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrushFromRectWithAngle, address_out = 0x7407e4b6 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrushFromRectWithAngleI, address_out = 0x7407e5ad True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineRect, address_out = 0x7407f94a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineRectI, address_out = 0x7407f9ff True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineColors, address_out = 0x7407e67c True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineColors, address_out = 0x7407e731 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineGammaCorrection, address_out = 0x74075765 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineGammaCorrection, address_out = 0x740757be True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineBlendCount, address_out = 0x7407e7f0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineBlend, address_out = 0x7407e8a6 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineBlend, address_out = 0x7407e97a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLinePresetBlendCount, address_out = 0x7407fcdb True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLinePresetBlend, address_out = 0x7407ea4e True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLinePresetBlend, address_out = 0x7407ec63 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineSigmaBlend, address_out = 0x74080184 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineLinearBlend, address_out = 0x7407eeb7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineWrapMode, address_out = 0x7407ef69 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineWrapMode, address_out = 0x7407f01b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineTransform, address_out = 0x740802da True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineTransform, address_out = 0x7407dc34 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipResetLineTransform, address_out = 0x7407dd3d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipMultiplyLineTransform, address_out = 0x740803e3 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipTranslateLineTransform, address_out = 0x740804fc True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipScaleLineTransform, address_out = 0x740805d5 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipRotateLineTransform, address_out = 0x7407dde0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateHatchBrush, address_out = 0x74096266 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetHatchStyle, address_out = 0x7407da12 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetHatchForegroundColor, address_out = 0x7407dac8 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetHatchBackgroundColor, address_out = 0x7407db7e True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreatePen1, address_out = 0x7408083a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreatePen2, address_out = 0x7408096b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipClonePen, address_out = 0x74080abe True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDeletePen, address_out = 0x74080b95 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenFillType, address_out = 0x74082491 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenBrushFill, address_out = 0x740822c1 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenBrushFill, address_out = 0x740823cc True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenColor, address_out = 0x74082157 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenColor, address_out = 0x74082201 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenMode, address_out = 0x740819cc True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenMode, address_out = 0x74081a6f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenUnit, address_out = 0x74080d9b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenUnit, address_out = 0x74080e5a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenWidth, address_out = 0x74080c4d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenWidth, address_out = 0x74080ceb True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenDashStyle, address_out = 0x7408254e True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenDashStyle, address_out = 0x740825fe True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenLineCap197819, address_out = 0x74080f0a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenStartCap, address_out = 0x74080fb1 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenEndCap, address_out = 0x74081052 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenDashCap197819, address_out = 0x740810f3 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenStartCap, address_out = 0x74081194 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenEndCap, address_out = 0x74081244 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenDashCap197819, address_out = 0x740812f4 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenLineJoin, address_out = 0x740813ab True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenLineJoin, address_out = 0x74081449 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenCustomStartCap, address_out = 0x740814f9 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenCustomStartCap, address_out = 0x74081601 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenCustomEndCap, address_out = 0x740816b8 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenCustomEndCap, address_out = 0x740817c0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenMiterLimit, address_out = 0x74081877 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenMiterLimit, address_out = 0x7408191c True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenTransform, address_out = 0x74081b1f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenTransform, address_out = 0x74081c25 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipResetPenTransform, address_out = 0x74081d2b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipMultiplyPenTransform, address_out = 0x74081dcb True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipTranslatePenTransform, address_out = 0x74081ee1 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipScalePenTransform, address_out = 0x74081fb7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipRotatePenTransform, address_out = 0x7408208d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenDashOffset, address_out = 0x7408269f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenDashOffset, address_out = 0x7408274f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenDashCount, address_out = 0x740827ed True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 4067246 True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 4067233 True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = EnableNonClientDpiScaling, address_out = 0x0 False 1
Fn
Module Load module_name = dwmapi.dll, base_address = 0x73eb0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmDefWindowProc, address_out = 0x73eb3df4 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmEnableBlurBehindWindow, address_out = 0x73eb2945 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmEnableComposition, address_out = 0x73eb720a True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmEnableMMCSS, address_out = 0x73eb37dd True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmExtendFrameIntoClientArea, address_out = 0x73eb3510 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmGetColorizationColor, address_out = 0x73eb6f9a True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmGetWindowAttribute, address_out = 0x73eb1c76 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmIsCompositionEnabled, address_out = 0x73eb1610 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmSetWindowAttribute, address_out = 0x73eb16c0 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmSetIconicThumbnail, address_out = 0x73eb85ea True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmSetIconicLivePreviewBitmap, address_out = 0x73eb88fd True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmInvalidateIconicBitmaps, address_out = 0x73eb3742 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetDynamicTimeZoneInformation, address_out = 0x76942565 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 2
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Display, data = (UTC+04:30) Kabul, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Std, data = Afghanistan Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Dlt, data = Afghanistan Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Display, data = (UTC-09:00) Alaska, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Std, data = Alaskan Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Dlt, data = Alaskan Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST, value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST, value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST, value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST, value_name = LastEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST, value_name = 2006, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST, value_name = 2007, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Display, data = (UTC+03:00) Kuwait, Riyadh, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Std, data = Arab Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Dlt, data = Arab Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Display, data = (UTC+04:00) Abu Dhabi, Muscat, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Std, data = Arabian Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Dlt, data = Arabian Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Display, data = (UTC+03:00) Baghdad, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Std, data = Arabic Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Dlt, data = Arabic Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = LastEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = 2006, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = 2007, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = 2008, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Display, data = (UTC-03:00) Buenos Aires, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Std, data = Argentina Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Dlt, data = Argentina Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = LastEntry, data = 2010, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = 2006, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = 2007, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = 2008, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = 2009, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = 2010, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = Display, data = (UTC-04:00) Atlantic Time (Canada), type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = Std, data = Atlantic Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = Dlt, data = Atlantic Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST, value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST, value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST, value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST, value_name = LastEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST, value_name = 2006, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST, value_name = 2007, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = Display, data = (UTC+09:30) Darwin, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = Std, data = AUS Central Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = Dlt, data = AUS Central Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = Display, data = (UTC+10:00) Canberra, Melbourne, Sydney, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = Std, data = AUS Eastern Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = Dlt, data = AUS Eastern Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST, value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST, value_name = FirstEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST, value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST, value_name = LastEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST, value_name = 2007, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST, value_name = 2008, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = Display, data = (UTC+04:00) Baku, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = Std, data = Azerbaijan Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = Dlt, data = Azerbaijan Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = Display, data = (UTC-01:00) Azores, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = Std, data = Azores Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = Dlt, data = Azores Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = Display, data = (UTC+06:00) Dhaka, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = Std, data = Bangladesh Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = Dlt, data = Bangladesh Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST, value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST, value_name = FirstEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST, value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST, value_name = LastEntry, data = 2010, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST, value_name = 2008, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST, value_name = 2009, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST, value_name = 2010, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = Display, data = (UTC-06:00) Saskatchewan, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = Std, data = Canada Central Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = Dlt, data = Canada Central Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time, value_name = Display, data = (UTC-01:00) Cape Verde Is., type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time, value_name = Std, data = Cape Verde Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time, value_name = Dlt, data = Cape Verde Daylight Time, type = REG_SZ True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = UpdateLayeredWindow, address_out = 0x76b4a420 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Process Create process_name = msiexec, show_window = SW_SHOWNORMAL True 1
Fn
Thread Create process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, proc_address = 0x4b050c, proc_parameter = 31331680, flags = THREAD_RUNS_IMMEDIATELY True 1
Fn
Mutex Release - True 1
Fn
Module Get Filename module_name = Shcore.dll, process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 261 True 3
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\killself.bat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\EEBsYm5\AppData\Local\Temp\killself.bat, size = 422 True 1
Fn
Data
Process Create process_name = C:\Users\EEBsYm5\AppData\Local\Temp\killself.bat, os_pid = 0x894, creation_flags = CREATE_NORMAL_PRIORITY_CLASS, show_window = SW_HIDE True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdiplusShutdown, address_out = 0x740756be True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BufferedPaintUnInit, address_out = 0x741e94ab True 1
Fn
Module Get Handle module_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, base_address = 0x400000 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe, size = 260 False 1
Fn
For performance reasons, the remaining 88 entries are omitted.
The remaining entries can be found in glog.xml.
Thread 0xf28
32 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = SetThreadDpiAwarenessContext, address_out = 0x0 False 1
Fn
File Read size = 144, size_out = 0 False 191
Fn
File Read size = 144, size_out = 144 True 1
Fn
Data
Process #23: msiexec.exe
13 0
»
Information Value
ID #23
File Name c:\windows\system32\msiexec.exe
Command Line "C:\Windows\System32\msiexec.exe" /i "C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi" /qn
Initial Working Directory C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\
Monitor Start Time: 00:03:22, Reason: Child Process
Unmonitor End Time: 00:03:44, Reason: Self Terminated
Monitor Duration 00:00:22
OS Process Information
»
Information Value
PID 0xf40
Parent PID 0xf20 (c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x F44
0x F48
0x F4C
0x F50
0x F54
0x F58
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x00026fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000040000 0x00040000 0x00041fff Pagefile Backed Memory r True False False -
locale.nls 0x00050000 0x000b6fff Memory Mapped File r False False False -
pagefile_0x00000000000c0000 0x000c0000 0x000c1fff Pagefile Backed Memory rw True False False -
private_0x00000000000d0000 0x000d0000 0x0010ffff Private Memory rw True False False -
pagefile_0x0000000000110000 0x00110000 0x001d7fff Pagefile Backed Memory r True False False -
msiexec.exe.mui 0x001e0000 0x001e0fff Memory Mapped File rw False False False -
private_0x00000000001f0000 0x001f0000 0x001f0fff Private Memory rw True False False -
private_0x0000000000200000 0x00200000 0x00200fff Private Memory rw True False False -
windowsshell.manifest 0x00210000 0x00210fff Memory Mapped File r False False False -
pagefile_0x0000000000210000 0x00210000 0x00210fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000220000 0x00220000 0x00221fff Pagefile Backed Memory r True False False -
rsaenh.dll 0x00230000 0x0026bfff Memory Mapped File r False False False -
private_0x0000000000230000 0x00230000 0x002affff Private Memory rw True False False -
msimsg.dll.mui 0x002b0000 0x002c3fff Memory Mapped File rw False False False -
pagefile_0x00000000002d0000 0x002d0000 0x002d0fff Pagefile Backed Memory r True False False -
private_0x00000000002e0000 0x002e0000 0x002effff Private Memory rw True False False -
pagefile_0x00000000002f0000 0x002f0000 0x002f2fff Pagefile Backed Memory rw True False False -
private_0x0000000000300000 0x00300000 0x003fffff Private Memory rw True False False -
pagefile_0x0000000000400000 0x00400000 0x00500fff Pagefile Backed Memory r True False False -
rpcss.dll 0x00510000 0x0056bfff Memory Mapped File r False False False -
private_0x0000000000510000 0x00510000 0x006bffff Private Memory rw True False False -
pagefile_0x0000000000510000 0x00510000 0x005eefff Pagefile Backed Memory r True False False -
private_0x00000000005f0000 0x005f0000 0x0062ffff Private Memory rw True False False -
pagefile_0x0000000000630000 0x00630000 0x00630fff Pagefile Backed Memory rw True False False -
private_0x0000000000680000 0x00680000 0x006bffff Private Memory rw True False False -
private_0x0000000000740000 0x00740000 0x0077ffff Private Memory rw True False False -
msiexec.exe 0x00780000 0x00793fff Memory Mapped File rwx True False False -
pagefile_0x00000000007a0000 0x007a0000 0x0139ffff Pagefile Backed Memory r True False False -
sortdefault.nls 0x013a0000 0x0166efff Memory Mapped File r False False False -
pagefile_0x0000000001670000 0x01670000 0x01a6ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000001a70000 0x01a70000 0x023aefff Pagefile Backed Memory r True False False -
private_0x0000000001aa0000 0x01aa0000 0x01adffff Private Memory rw True False False -
private_0x0000000001af0000 0x01af0000 0x01b2ffff Private Memory rw True False False -
private_0x0000000001b60000 0x01b60000 0x01b9ffff Private Memory rw True False False -
msi.dll 0x6f040000 0x6f27ffff Memory Mapped File rwx False False False -
msimsg.dll 0x71f40000 0x71f46fff Memory Mapped File rwx False False False -
wkscli.dll 0x73c40000 0x73c4efff Memory Mapped File rwx False False False -
netutils.dll 0x73c50000 0x73c58fff Memory Mapped File rwx False False False -
netapi32.dll 0x73c60000 0x73c70fff Memory Mapped File rwx False False False -
uxtheme.dll 0x741e0000 0x7421ffff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74bf0000 0x74c2afff Memory Mapped File rwx False False False -
cryptsp.dll 0x74e50000 0x74e65fff Memory Mapped File rwx False False False -
srvcli.dll 0x75220000 0x75238fff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x75370000 0x7537dfff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
clbcatq.dll 0x75780000 0x75802fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory rw True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory rw True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Threads
Thread 0xf44
13 0
»
Category Operation Information Success Count Logfile
System Get Time type = System Time, time = 1627-02-08 02:09:32 (UTC) True 1
Fn
System Get Time type = Ticks, time = 236232 True 1
Fn
Module Get Handle module_name = c:\windows\system32\msiexec.exe, base_address = 0x780000 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = COMCTL32, base_address = 0x74360000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = InitCommonControlsEx, address_out = 0x743809ce True 1
Fn
System Get Info type = Operating System True 1
Fn
Process Get Info type = PROCESS_WOW64_INFORMATION True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = HeapSetInformation, address_out = 0x76964157 True 1
Fn
Process #24: msiexec.exe
70 0
»
Information Value
ID #24
File Name c:\windows\system32\msiexec.exe
Command Line C:\Windows\system32\MsiExec.exe -Embedding A4D0C1CE16160E0F223C158924CA3115
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:23, Reason: Child Process
Unmonitor End Time: 00:03:43, Reason: Self Terminated
Monitor Duration 00:00:20
OS Process Information
»
Information Value
PID 0xf68
Parent PID 0xa44 (c:\windows\system32\msiexec.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x F6C
0x F70
0x F74
0x F78
0x F7C
0x F80
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x00026fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000040000 0x00040000 0x00041fff Pagefile Backed Memory r True False False -
locale.nls 0x00050000 0x000b6fff Memory Mapped File r False False False -
pagefile_0x00000000000c0000 0x000c0000 0x000c1fff Pagefile Backed Memory rw True False False -
msiexec.exe.mui 0x000d0000 0x000d0fff Memory Mapped File rw False False False -
private_0x00000000000e0000 0x000e0000 0x000effff Private Memory rw True False False -
private_0x00000000000f0000 0x000f0000 0x000f0fff Private Memory rw True False False -
private_0x0000000000100000 0x00100000 0x00100fff Private Memory rw True False False -
windowsshell.manifest 0x00110000 0x00110fff Memory Mapped File r False False False -
pagefile_0x0000000000110000 0x00110000 0x00110fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000120000 0x00120000 0x00121fff Pagefile Backed Memory r True False False -
rpcss.dll 0x00130000 0x0018bfff Memory Mapped File r False False False -
pagefile_0x0000000000130000 0x00130000 0x00130fff Pagefile Backed Memory r True False False -
rsaenh.dll 0x00140000 0x0017bfff Memory Mapped File r False False False -
pagefile_0x0000000000140000 0x00140000 0x00140fff Pagefile Backed Memory r True False False -
private_0x0000000000190000 0x00190000 0x001cffff Private Memory rw True False False -
private_0x0000000000240000 0x00240000 0x0027ffff Private Memory rw True False False -
private_0x0000000000280000 0x00280000 0x0037ffff Private Memory rw True False False -
pagefile_0x0000000000380000 0x00380000 0x00447fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000450000 0x00450000 0x00550fff Pagefile Backed Memory r True False False -
private_0x00000000005e0000 0x005e0000 0x0061ffff Private Memory rw True False False -
private_0x0000000000690000 0x00690000 0x006cffff Private Memory rw True False False -
private_0x00000000006d0000 0x006d0000 0x0070ffff Private Memory rw True False False -
private_0x0000000000730000 0x00730000 0x0076ffff Private Memory rw True False False -
msiexec.exe 0x00780000 0x00793fff Memory Mapped File rwx True False False -
pagefile_0x00000000007a0000 0x007a0000 0x0139ffff Pagefile Backed Memory r True False False -
sortdefault.nls 0x013a0000 0x0166efff Memory Mapped File r False False False -
msia089.tmp 0x10000000 0x10029fff Memory Mapped File rwx True True False
...
msi.dll 0x6f040000 0x6f27ffff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74bf0000 0x74c2afff Memory Mapped File rwx False False False -
cryptsp.dll 0x74e50000 0x74e65fff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x75370000 0x7537dfff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
clbcatq.dll 0x75780000 0x75802fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
comdlg32.dll 0x771b0000 0x7722afff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffd5000 0x7ffd5000 0x7ffd5fff Private Memory rw True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory rw True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Threads
Thread 0xf6c
25 0
»
Category Operation Information Success Count Logfile
System Get Time type = System Time, time = 1627-02-08 02:09:34 (UTC) True 1
Fn
System Get Time type = Ticks, time = 237776 True 1
Fn
Module Get Handle module_name = c:\windows\system32\msiexec.exe, base_address = 0x780000 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = COMCTL32, base_address = 0x74360000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = InitCommonControlsEx, address_out = 0x743809ce True 1
Fn
System Get Info type = Operating System True 1
Fn
Process Get Info type = PROCESS_WOW64_INFORMATION True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type False 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\OLE32.DLL, base_address = 0x76750000 True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoInitializeEx, address_out = 0x767909ad True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER False 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoInitializeSecurity, address_out = 0x76777259 True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoCreateInstance, address_out = 0x76799d0b True 1
Fn
COM Create interface = 00000000-0000-0000-C000-000000000046, cls_context = CLSCTX_LOCAL_SERVER True 1
Fn
Module Load module_name = Msi.dll, base_address = 0x6f040000 True 1
Fn
Module Get Address module_name = c:\windows\system32\msi.dll, function = DllGetClassObject, address_out = 0x6f06183e True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoIsHandlerConnected, address_out = 0x768139b5 True 1
Fn
System Sleep duration = -1 (infinite) True 1
Fn
Thread 0xf80
45 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, address_out = 0x7696418d True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsFree, address_out = 0x76961f61 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsGetValue, address_out = 0x76961e16 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsSetValue, address_out = 0x769676e6 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x76963879 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = CreateSemaphoreExW, address_out = 0x76942111 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = SetThreadStackGuarantee, address_out = 0x76952510 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = CreateThreadpoolTimer, address_out = 0x7694b009 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = SetThreadpoolTimer, address_out = 0x772589be True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = WaitForThreadpoolTimerCallbacks, address_out = 0x7724c02a True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = CloseThreadpoolTimer, address_out = 0x7724c0d2 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = CreateThreadpoolWait, address_out = 0x76943f78 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = SetThreadpoolWait, address_out = 0x77258bfb True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = CloseThreadpoolWait, address_out = 0x7724b567 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlushProcessWriteBuffers, address_out = 0x77275998 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FreeLibraryWhenCallbackReturns, address_out = 0x77242251 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetCurrentProcessorNumber, address_out = 0x772428f6 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetLogicalProcessorInformation, address_out = 0x76942004 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = CreateSymbolicLinkW, address_out = 0x76999aa9 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = SetDefaultDllDirectories, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = EnumSystemLocalesEx, address_out = 0x7699f3cf True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = CompareStringEx, address_out = 0x7696ebc6 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetDateFormatEx, address_out = 0x769af29f True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetLocaleInfoEx, address_out = 0x769453a5 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetTimeFormatEx, address_out = 0x769af21a True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetUserDefaultLocaleName, address_out = 0x7699f70b True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = IsValidLocaleName, address_out = 0x7699f71b True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = LCMapStringEx, address_out = 0x7699f72b True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetCurrentPackageId, address_out = 0x0 False 1
Fn
Environment Get Environment String - True 1
Fn
Data
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Module Get Filename process_name = c:\windows\system32\msiexec.exe, file_name_orig = C:\Windows\system32\MsiExec.exe, size = 260 True 1
Fn
System Get Info type = Windows Directory, result_out = C:\Windows True 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = IsWow64Process, address_out = 0x76954785 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x7694be77 True 1
Fn
System Get Info type = Hardware Information True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x7694be77 True 1
Fn
System Get Info type = Hardware Information True 1
Fn
Process #25: rfusclient.exe
738 0
»
Information Value
ID #25
File Name c:\program files\remote utilities - host\rfusclient.exe
Command Line "C:\Program Files\Remote Utilities - Host\rfusclient.exe" -msi_copy "C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi"
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:28, Reason: Child Process
Unmonitor End Time: 00:03:31, Reason: Self Terminated
Monitor Duration 00:00:03
OS Process Information
»
Information Value
PID 0xf90
Parent PID 0xa44 (c:\windows\system32\msiexec.exe)
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x F94
0x F98
0x F9C
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x00020fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x0012ffff Private Memory rw True False False -
pagefile_0x0000000000130000 0x00130000 0x00133fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000140000 0x00140000 0x00141fff Pagefile Backed Memory r True False False -
locale.nls 0x00150000 0x001b6fff Memory Mapped File r False False False -
private_0x00000000001c0000 0x001c0000 0x002bffff Private Memory rw True False False -
pagefile_0x00000000002c0000 0x002c0000 0x00387fff Pagefile Backed Memory r True False False -
private_0x0000000000390000 0x00390000 0x00390fff Private Memory rw True False False -
tzres.dll 0x003a0000 0x003a0fff Memory Mapped File r False False False -
private_0x00000000003a0000 0x003a0000 0x003a0fff Private Memory rwx True False False -
pagefile_0x00000000003b0000 0x003b0000 0x003b1fff Pagefile Backed Memory r True False False -
pagefile_0x00000000003c0000 0x003c0000 0x003c6fff Pagefile Backed Memory r True False False -
private_0x00000000003d0000 0x003d0000 0x003dffff Private Memory rw True False False -
pagefile_0x00000000003e0000 0x003e0000 0x003e1fff Pagefile Backed Memory rw True False False -
private_0x00000000003f0000 0x003f0000 0x003fffff Private Memory rw True False False -
rfusclient.exe 0x00400000 0x00a05fff Memory Mapped File rwx True True False
...
pagefile_0x0000000000a10000 0x00a10000 0x00b10fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000b20000 0x00b20000 0x0171ffff Pagefile Backed Memory r True False False -
private_0x0000000001720000 0x01720000 0x0185ffff Private Memory rw True False False -
pagefile_0x0000000001860000 0x01860000 0x01860fff Pagefile Backed Memory rw True False False -
private_0x0000000001870000 0x01870000 0x01870fff Private Memory rw True False False -
comctl32.dll.mui 0x01880000 0x01882fff Memory Mapped File rw False False False -
private_0x00000000018a0000 0x018a0000 0x018a1fff Private Memory rw True False False -
private_0x00000000018b0000 0x018b0000 0x018bffff Private Memory rw True False False -
pagefile_0x00000000018c0000 0x018c0000 0x01cb2fff Pagefile Backed Memory r True False False -
private_0x0000000001cc0000 0x01cc0000 0x01e7ffff Private Memory rw True False False -
pagefile_0x0000000001cc0000 0x01cc0000 0x01d9efff Pagefile Backed Memory r True False False -
rpcss.dll 0x01da0000 0x01dfbfff Memory Mapped File r False False False -
private_0x0000000001e40000 0x01e40000 0x01e7ffff Private Memory rw True False False -
private_0x0000000001e80000 0x01e80000 0x01f7ffff Private Memory rw True False False -
private_0x0000000001f80000 0x01f80000 0x0207ffff Private Memory rw True False False -
private_0x0000000002080000 0x02080000 0x0228ffff Private Memory rw True False False -
private_0x0000000002080000 0x02080000 0x0212ffff Private Memory rw True False False -
private_0x0000000002130000 0x02130000 0x021effff Private Memory rw True False False -
private_0x0000000002250000 0x02250000 0x0228ffff Private Memory rw True False False -
staticcache.dat 0x02290000 0x02bbffff Memory Mapped File r False False False -
sortdefault.nls 0x02bc0000 0x02e8efff Memory Mapped File r False False False -
private_0x0000000002e90000 0x02e90000 0x0302ffff Private Memory rw True False False -
private_0x0000000002e90000 0x02e90000 0x02f90fff Private Memory rw True False False -
private_0x0000000002ff0000 0x02ff0000 0x0302ffff Private Memory rw True False False -
security.dll 0x6de20000 0x6de22fff Memory Mapped File rwx False False False -
riched20.dll 0x6e1d0000 0x6e245fff Memory Mapped File rwx False False False -
winmm.dll 0x6e9f0000 0x6ea21fff Memory Mapped File rwx False False False -
idndl.dll 0x6f010000 0x6f01afff Memory Mapped File rwx False False False -
oledlg.dll 0x6f020000 0x6f03bfff Memory Mapped File rwx False False False -
winspool.drv 0x70200000 0x70250fff Memory Mapped File rwx False False False -
olepro32.dll 0x71de0000 0x71df8fff Memory Mapped File rwx False False False -
shfolder.dll 0x71f00000 0x71f04fff Memory Mapped File rwx False False False -
fwpuclnt.dll 0x736b0000 0x736e7fff Memory Mapped File rwx False False False -
winnsi.dll 0x737c0000 0x737c6fff Memory Mapped File rwx False False False -
iphlpapi.dll 0x737d0000 0x737ebfff Memory Mapped File rwx False False False -
wkscli.dll 0x73c40000 0x73c4efff Memory Mapped File rwx False False False -
netutils.dll 0x73c50000 0x73c58fff Memory Mapped File rwx False False False -
netapi32.dll 0x73c60000 0x73c70fff Memory Mapped File rwx False False False -
msacm32.dll 0x73c90000 0x73ca3fff Memory Mapped File rwx False False False -
wtsapi32.dll 0x73d60000 0x73d6cfff Memory Mapped File rwx False False False -
dwmapi.dll 0x73eb0000 0x73ec2fff Memory Mapped File rwx False False False -
gdiplus.dll 0x74050000 0x741dffff Memory Mapped File rwx False False False -
uxtheme.dll 0x741e0000 0x7421ffff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
version.dll 0x748d0000 0x748d8fff Memory Mapped File rwx False False False -
srvcli.dll 0x75220000 0x75238fff Memory Mapped File rwx False False False -
secur32.dll 0x75290000 0x75297fff Memory Mapped File rwx False False False -
sspicli.dll 0x752b0000 0x752cafff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
winsta.dll 0x75340000 0x75368fff Memory Mapped File rwx False False False -
profapi.dll 0x75380000 0x7538afff Memory Mapped File rwx False False False -
msasn1.dll 0x753f0000 0x753fbfff Memory Mapped File rwx False False False -
crypt32.dll 0x75420000 0x7553cfff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
nsi.dll 0x75810000 0x75815fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
wininet.dll 0x76650000 0x76744fff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
urlmon.dll 0x76e70000 0x76fa5fff Memory Mapped File rwx False False False -
iertutil.dll 0x76fb0000 0x771aafff Memory Mapped File rwx False False False -
comdlg32.dll 0x771b0000 0x7722afff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
normaliz.dll 0x77370000 0x77372fff Memory Mapped File rwx False False False -
ws2_32.dll 0x77380000 0x773b4fff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Threads
Thread 0xf94
685 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\program files\remote utilities - host\rfusclient.exe, base_address = 0x400000 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetThreadPreferredUILanguages, address_out = 0x769522d7 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = SetThreadPreferredUILanguages, address_out = 0x7694e627 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetThreadUILanguage, address_out = 0x7694ae42 True 1
Fn
System Get Info type = Hardware Information True 1
Fn
System Get Info type = Operating System True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\program files\remote utilities - host\rfusclient.exe, process_name = c:\program files\remote utilities - host\rfusclient.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rfusclient.exe, size = 522 True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rfusclient.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rfusclient.exe, size = 261 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Embarcadero\Locales False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\CodeGear\Locales False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\CodeGear\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Borland\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Borland\Delphi\Locales False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x7694be77 True 1
Fn
System Get Info type = Hardware Information True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetDiskFreeSpaceExW, address_out = 0x7694de40 True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rfusclient.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rfusclient.exe, size = 261 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Embarcadero\Locales False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\CodeGear\Locales False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\CodeGear\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Borland\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Borland\Delphi\Locales False 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetLogicalProcessorInformation, address_out = 0x76942004 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetLogicalProcessorInformation, address_out = 0x76942004 True 1
Fn
Module Get Handle module_name = c:\windows\system32\oleaut32.dll, base_address = 0x76c10000 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VariantChangeTypeEx, address_out = 0x76c14c28 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarNeg, address_out = 0x76c8c802 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarNot, address_out = 0x76c8ec66 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarAdd, address_out = 0x76c35934 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarSub, address_out = 0x76c8d332 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarMul, address_out = 0x76c8dbd4 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarDiv, address_out = 0x76c8e405 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarIdiv, address_out = 0x76c8f00a True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarMod, address_out = 0x76c8f15e True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarAnd, address_out = 0x76c35a98 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarOr, address_out = 0x76c8ecfa True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarXor, address_out = 0x76c8ee2e True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarCmp, address_out = 0x76c2b0dc True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarI4FromStr, address_out = 0x76c26fab True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarR4FromStr, address_out = 0x76c301a0 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarR8FromStr, address_out = 0x76c2699e True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarDateFromStr, address_out = 0x76c36ba7 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarCyFromStr, address_out = 0x76c56c12 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarBoolFromStr, address_out = 0x76c2dbd1 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromCy, address_out = 0x76c37fdc True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromDate, address_out = 0x76c27a2a True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromBool, address_out = 0x76c30355 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes, value_name = MS Shell Dlg 2, data = 0, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes, value_name = MS Shell Dlg 2, data = Tahoma, type = REG_SZ True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = InitializeConditionVariable, address_out = 0x77289981 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = WakeConditionVariable, address_out = 0x772d5a7b True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = WakeAllConditionVariable, address_out = 0x772545a5 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = SleepConditionVariableCS, address_out = 0x769418be True 1
Fn
Module Get Handle module_name = c:\windows\system32\ole32.dll, base_address = 0x76750000 True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoCreateInstanceEx, address_out = 0x76799d4e True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoInitializeEx, address_out = 0x767909ad True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoAddRefServerProcess, address_out = 0x767b3cf3 True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoReleaseServerProcess, address_out = 0x767b4314 True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoResumeClassObjects, address_out = 0x7675ea02 True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoSuspendClassObjects, address_out = 0x767bbb02 True 1
Fn
Module Load module_name = Msctf.dll, base_address = 0x76ca0000 True 1
Fn
System Get Info type = Operating System True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = imm32.dll, base_address = 0x76490000 True 1
Fn
Keyboard Get Info type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 True 1
Fn
Module Get Filename module_name = c:\program files\remote utilities - host\rfusclient.exe, process_name = c:\program files\remote utilities - host\rfusclient.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rfusclient.exe, size = 256 True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3805167 True 1
Fn
Window Create window_name = rfusclient, class_name = TApplication, wndproc_parameter = 0 True 1
Fn
Module Load module_name = wtsapi32.dll, base_address = 0x73d60000 True 1
Fn
Module Get Address module_name = c:\windows\system32\wtsapi32.dll, function = WTSRegisterSessionNotification, address_out = 0x73d61cbc True 1
Fn
Module Load module_name = uxtheme.dll, base_address = 0x741e0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BufferedPaintInit, address_out = 0x741e940e True 1
Fn
Window Set Attribute window_name = rfusclient, class_name = TApplication, index = 18446744073709551612, new_long = 3805154 True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = AnimateWindow, address_out = 0x76b70620 True 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74360000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = InitializeFlatSB, address_out = 0x7443f803 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = UninitializeFlatSB, address_out = 0x7436d1ea True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollProp, address_out = 0x7443f81f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollProp, address_out = 0x743e07d0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_EnableScrollBar, address_out = 0x7443f84b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_ShowScrollBar, address_out = 0x7443f83a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollRange, address_out = 0x7443f829 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollInfo, address_out = 0x743e08b6 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollPos, address_out = 0x7443f80e True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollPos, address_out = 0x743e0894 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollInfo, address_out = 0x743e08c7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollRange, address_out = 0x743e08a5 True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = SetLayeredWindowAttributes, address_out = 0x76b4a6dc True 1
Fn
System Get Info type = Hardware Information True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Filename module_name = c:\windows\system32\kernel32.dll, process_name = c:\program files\remote utilities - host\rfusclient.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 261 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetFileSizeEx, address_out = 0x769559ef True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rfusclient.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rfusclient.exe, size = 261 True 1
Fn
System Get Computer Name result_out = cRh2YWu7, type = ComputerNameDnsFullyQualified True 1
Fn
System Get Computer Name result_out = CRH2YWU7 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = InstallDate, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = InstallDate, data = 1496235695, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductName, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductName, data = Windows 7 Professional, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductId, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductId, data = 00371-223-0192682-86871, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography, value_name = MachineGuid, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography, value_name = MachineGuid, data = cdd36b99-6027-4bbf-bf10-e7f8b416e3fb, type = REG_SZ True 1
Fn
System Get Computer Name result_out = cRh2YWu7, type = ComputerNameDnsFullyQualified True 2
Fn
Module Load module_name = olepro32.dll, base_address = 0x71de0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\olepro32.dll, function = OleCreatePropertyFrame, address_out = 0x71de20ea True 1
Fn
Module Get Address module_name = c:\windows\system32\olepro32.dll, function = OleCreateFontIndirect, address_out = 0x71de20b7 True 1
Fn
Module Get Address module_name = c:\windows\system32\olepro32.dll, function = OleCreatePictureIndirect, address_out = 0x71de20c8 True 1
Fn
Module Get Address module_name = c:\windows\system32\olepro32.dll, function = OleLoadPicture, address_out = 0x71de20d9 True 1
Fn
Module Load module_name = security.dll, base_address = 0x6de20000 True 1
Fn
Module Get Address module_name = c:\windows\system32\security.dll, function = InitSecurityInterfaceW, address_out = 0x752b5b53 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = InitializeCriticalSection, address_out = 0x7728a149 True 1
Fn
Module Load module_name = RICHED20.DLL, base_address = 0x6e1d0000 True 1
Fn
Module Get Filename module_name = RICHED20.DLL, process_name = c:\program files\remote utilities - host\rfusclient.exe, file_name_orig = C:\Windows\system32\RICHED20.DLL, size = 261 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = IsWow64Process, address_out = 0x76954785 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueueUserWorkItem, address_out = 0x76953c22 True 1
Fn
Module Load module_name = Shcore.dll, base_address = 0x0 False 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = GetSystemMetricsForDpi, address_out = 0x0 False 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = WindowFromDC, address_out = 0x76b52116 True 1
Fn
Module Load module_name = gdiplus.dll, base_address = 0x74050000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipAlloc, address_out = 0x74092437 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipFree, address_out = 0x740924b2 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdiplusStartup, address_out = 0x74075600 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdiplusShutdown, address_out = 0x740756be True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCloneBrush, address_out = 0x7407d7e8 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDeleteBrush, address_out = 0x7407d8c2 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetBrushType, address_out = 0x7407d95f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateSolidFill, address_out = 0x7409701b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetSolidFillColor, address_out = 0x7407dfe0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetSolidFillColor, address_out = 0x7407e083 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreatePathGradient, address_out = 0x7409682f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreatePathGradientI, address_out = 0x740968f1 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreatePathGradientFromPath, address_out = 0x74096a43 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientCenterColor, address_out = 0x7407f0ce True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientCenterColor, address_out = 0x7407f196 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientSurroundColorsWithCount, address_out = 0x7407f23a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientSurroundColorsWithCount, address_out = 0x7407f368 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientPath, address_out = 0x7407f524 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientPath, address_out = 0x7407f524 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientCenterPoint, address_out = 0x7407f567 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientCenterPointI, address_out = 0x7407f621 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientCenterPoint, address_out = 0x7407f6b5 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientCenterPointI, address_out = 0x7407f76f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientRect, address_out = 0x7407f94a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientRectI, address_out = 0x7407f9ff True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientPointCount, address_out = 0x7407f7dd True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientSurroundColorCount, address_out = 0x7407f890 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientGammaCorrection, address_out = 0x7407fab7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientGammaCorrection, address_out = 0x7407fb54 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientBlendCount, address_out = 0x7407e7f0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientBlend, address_out = 0x7407fc07 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientBlend, address_out = 0x7407e97a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientPresetBlendCount, address_out = 0x7407fcdb True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientPresetBlend, address_out = 0x7407fd95 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientPresetBlend, address_out = 0x7407ff41 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientSigmaBlend, address_out = 0x74080184 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientLinearBlend, address_out = 0x7407eeb7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientWrapMode, address_out = 0x7407f01b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientWrapMode, address_out = 0x74080236 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientTransform, address_out = 0x740802da True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientTransform, address_out = 0x7407dc34 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipResetPathGradientTransform, address_out = 0x7407dd3d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipMultiplyPathGradientTransform, address_out = 0x740803e3 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipTranslatePathGradientTransform, address_out = 0x740804fc True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipScalePathGradientTransform, address_out = 0x740805d5 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipRotatePathGradientTransform, address_out = 0x7407dde0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientFocusScales, address_out = 0x740806ae True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientFocusScales, address_out = 0x74080793 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrush, address_out = 0x7407e139 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrushI, address_out = 0x7407e22f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrushFromRect, address_out = 0x7407e2fe True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrushFromRectI, address_out = 0x7407e3ee True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrushFromRectWithAngle, address_out = 0x7407e4b6 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrushFromRectWithAngleI, address_out = 0x7407e5ad True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineRect, address_out = 0x7407f94a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineRectI, address_out = 0x7407f9ff True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineColors, address_out = 0x7407e67c True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineColors, address_out = 0x7407e731 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineGammaCorrection, address_out = 0x74075765 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineGammaCorrection, address_out = 0x740757be True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineBlendCount, address_out = 0x7407e7f0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineBlend, address_out = 0x7407e8a6 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineBlend, address_out = 0x7407e97a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLinePresetBlendCount, address_out = 0x7407fcdb True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLinePresetBlend, address_out = 0x7407ea4e True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLinePresetBlend, address_out = 0x7407ec63 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineSigmaBlend, address_out = 0x74080184 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineLinearBlend, address_out = 0x7407eeb7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineWrapMode, address_out = 0x7407ef69 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineWrapMode, address_out = 0x7407f01b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineTransform, address_out = 0x740802da True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineTransform, address_out = 0x7407dc34 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipResetLineTransform, address_out = 0x7407dd3d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipMultiplyLineTransform, address_out = 0x740803e3 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipTranslateLineTransform, address_out = 0x740804fc True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipScaleLineTransform, address_out = 0x740805d5 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipRotateLineTransform, address_out = 0x7407dde0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateHatchBrush, address_out = 0x74096266 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetHatchStyle, address_out = 0x7407da12 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetHatchForegroundColor, address_out = 0x7407dac8 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetHatchBackgroundColor, address_out = 0x7407db7e True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreatePen1, address_out = 0x7408083a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreatePen2, address_out = 0x7408096b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipClonePen, address_out = 0x74080abe True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDeletePen, address_out = 0x74080b95 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenFillType, address_out = 0x74082491 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenBrushFill, address_out = 0x740822c1 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenBrushFill, address_out = 0x740823cc True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenColor, address_out = 0x74082157 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenColor, address_out = 0x74082201 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenMode, address_out = 0x740819cc True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenMode, address_out = 0x74081a6f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenUnit, address_out = 0x74080d9b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenUnit, address_out = 0x74080e5a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenWidth, address_out = 0x74080c4d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenWidth, address_out = 0x74080ceb True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenDashStyle, address_out = 0x7408254e True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenDashStyle, address_out = 0x740825fe True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenLineCap197819, address_out = 0x74080f0a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenStartCap, address_out = 0x74080fb1 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenEndCap, address_out = 0x74081052 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenDashCap197819, address_out = 0x740810f3 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenStartCap, address_out = 0x74081194 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenEndCap, address_out = 0x74081244 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenDashCap197819, address_out = 0x740812f4 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenLineJoin, address_out = 0x740813ab True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenLineJoin, address_out = 0x74081449 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenCustomStartCap, address_out = 0x740814f9 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenCustomStartCap, address_out = 0x74081601 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenCustomEndCap, address_out = 0x740816b8 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenCustomEndCap, address_out = 0x740817c0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenMiterLimit, address_out = 0x74081877 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenMiterLimit, address_out = 0x7408191c True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenTransform, address_out = 0x74081b1f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenTransform, address_out = 0x74081c25 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipResetPenTransform, address_out = 0x74081d2b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipMultiplyPenTransform, address_out = 0x74081dcb True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipTranslatePenTransform, address_out = 0x74081ee1 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipScalePenTransform, address_out = 0x74081fb7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipRotatePenTransform, address_out = 0x7408208d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenDashOffset, address_out = 0x7408269f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenDashOffset, address_out = 0x7408274f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenDashCount, address_out = 0x740827ed True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenDashArray, address_out = 0x7408289d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenDashArray, address_out = 0x74082957 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenCompoundCount, address_out = 0x74082a11 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenCompoundArray, address_out = 0x74082ac1 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenCompoundArray, address_out = 0x74082b7b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateCustomLineCap, address_out = 0x74082c35 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDeleteCustomLineCap, address_out = 0x74082fd3 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCloneCustomLineCap, address_out = 0x74082e1f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetCustomLineCapType, address_out = 0x74082f1c True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetCustomLineCapStrokeCaps, address_out = 0x7408306d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetCustomLineCapStrokeCaps, address_out = 0x74083113 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetCustomLineCapStrokeJoin, address_out = 0x740831f5 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetCustomLineCapStrokeJoin, address_out = 0x7408328f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetCustomLineCapBaseCap, address_out = 0x7408334c True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetCustomLineCapBaseCap, address_out = 0x740833ef True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetCustomLineCapBaseInset, address_out = 0x740834ac True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetCustomLineCapBaseInset, address_out = 0x74083546 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetCustomLineCapWidthScale, address_out = 0x74083603 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetCustomLineCapWidthScale, address_out = 0x7408369d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateAdjustableArrowCap, address_out = 0x74096b01 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetAdjustableArrowCapHeight, address_out = 0x7408375a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetAdjustableArrowCapHeight, address_out = 0x74083801 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetAdjustableArrowCapWidth, address_out = 0x740838b5 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetAdjustableArrowCapWidth, address_out = 0x7408395c True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetAdjustableArrowCapMiddleInset, address_out = 0x74083a10 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetAdjustableArrowCapMiddleInset, address_out = 0x74083ab7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetAdjustableArrowCapFillState, address_out = 0x74083b6b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetAdjustableArrowCapFillState, address_out = 0x74083c0e True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipFlush, address_out = 0x740885af True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateFromHDC, address_out = 0x7408826b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateFromHDC2, address_out = 0x74088315 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateFromHWND, address_out = 0x740883c0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateFromHWNDICM, address_out = 0x7408846a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDeleteGraphics, address_out = 0x74088514 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetDC, address_out = 0x740930e7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipReleaseDC, address_out = 0x740931ae True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGraphicsClear, address_out = 0x7408c077 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateHalftonePalette, address_out = 0x74094cf8 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawLine, address_out = 0x7408a03b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawLineI, address_out = 0x7408a15f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawLines, address_out = 0x7408a1ca True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawLinesI, address_out = 0x7408a2f6 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipFillRectangle, address_out = 0x7408c11f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipFillRectangleI, address_out = 0x7408c24a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipFillRectangles, address_out = 0x7408c2b5 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipFillRectanglesI, address_out = 0x7408c3e2 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipFillRegion, address_out = 0x7408d302 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawImage, address_out = 0x7408de88 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawImageI, address_out = 0x7408e003 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawArc, address_out = 0x7408a40f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawArcI, address_out = 0x7408a549 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawBezier, address_out = 0x7408a5c2 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawBezierI, address_out = 0x7408a70a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawBeziers, address_out = 0x7408a791 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawBeziersI, address_out = 0x7408a8bb True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawRectangle, address_out = 0x7408a9f7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawRectangleI, address_out = 0x7408ab1b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawRectangles, address_out = 0x7408ab86 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawRectanglesI, address_out = 0x7408acb0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawEllipse, address_out = 0x7408adec True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawEllipseI, address_out = 0x7408af10 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawPie, address_out = 0x7408af7b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawPieI, address_out = 0x7408b0b5 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawPolygon, address_out = 0x7408b12e True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawPolygonI, address_out = 0x7408b258 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawCurve, address_out = 0x7408b4eb True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawCurveI, address_out = 0x7408b615 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawCurve2, address_out = 0x7408b72e True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawCurve2I, address_out = 0x7408b866 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawCurve3, address_out = 0x7408b986 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawCurve3I, address_out = 0x7408babd True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawClosedCurve, address_out = 0x7408bbe3 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawClosedCurveI, address_out = 0x7408bd0d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawClosedCurve2, address_out = 0x7408be26 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDrawClosedCurve2I, address_out = 0x7408bf57 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipFillPolygon, address_out = 0x7408c4fb True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipFillPolygonI, address_out = 0x7408c62b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipFillPolygon2, address_out = 0x7408c747 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipFillPolygon2I, address_out = 0x7408c874 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipFillEllipse, address_out = 0x7408c98d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipFillEllipseI, address_out = 0x7408cab8 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipFillPie, address_out = 0x7408cb23 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipFillPieI, address_out = 0x7408cc60 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipFillClosedCurve, address_out = 0x7408ce56 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipFillClosedCurveI, address_out = 0x7408cf8f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipFillClosedCurve2, address_out = 0x7408d0a8 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipFillClosedCurve2I, address_out = 0x7408d1df True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetWorldTransform, address_out = 0x7408919c True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipResetWorldTransform, address_out = 0x740892a0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipMultiplyWorldTransform, address_out = 0x7408933e True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipTranslateWorldTransform, address_out = 0x7408947c True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipScaleWorldTransform, address_out = 0x74089550 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipRotateWorldTransform, address_out = 0x74089624 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetWorldTransform, address_out = 0x740896ec True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipResetPageTransform, address_out = 0x740897e2 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPageUnit, address_out = 0x74089888 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPageScale, address_out = 0x740899f7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPageUnit, address_out = 0x74089939 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPageScale, address_out = 0x74089aa8 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetDpiX, address_out = 0x74089b4d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetDpiY, address_out = 0x74089bfe True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipTransformPoints, address_out = 0x74089caf True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipTransformPointsI, address_out = 0x74089d70 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetNearestColor, address_out = 0x74089f84 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipLoadImageFromStream, address_out = 0x74083cc2 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipLoadImageFromStreamICM, address_out = 0x74083e68 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateBitmapFromFile, address_out = 0x74085e1f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateBitmapFromStream, address_out = 0x74085cd2 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateBitmapFromStreamICM, address_out = 0x74085f6d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateBitmapFromFileICM, address_out = 0x740860bb True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipImageGetFrameCount, address_out = 0x7408451f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipImageSelectActiveFrame, address_out = 0x740845ba True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipImageRotateFlip, address_out = 0x7408466f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetImagePalette, address_out = 0x74085646 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetImagePalette, address_out = 0x74085700 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetImagePaletteSize, address_out = 0x740857ce True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPropertyCount, address_out = 0x74084707 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPropertyIdList, address_out = 0x740847a2 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPropertyItemSize, address_out = 0x74084840 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPropertyItem, address_out = 0x740848de True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPropertySize, address_out = 0x7408497f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetAllPropertyItems, address_out = 0x74084a1d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipRemovePropertyItem, address_out = 0x74084abe True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPropertyItem, address_out = 0x74084b59 True 1
Fn
Module Load module_name = user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = SetProcessDPIAware, address_out = 0x76b5e95c True 1
Fn
System Open Desktop desktop_name = Default True 1
Fn
Window Set Attribute window_name = rfusclient, class_name = TApplication, index = 18446744073709551596, new_long = 384 True 1
Fn
Module Load module_name = uxtheme.dll, base_address = 0x741e0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = OpenThemeData, address_out = 0x741e73d2 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = CloseThemeData, address_out = 0x741e6a18 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeBackground, address_out = 0x741e3982 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeText, address_out = 0x741e4ea1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundContentRect, address_out = 0x741ecd2e True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundExtent, address_out = 0x741ef8bf True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePartSize, address_out = 0x741ecdb1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeTextExtent, address_out = 0x741e2d57 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeTextMetrics, address_out = 0x741ef992 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundRegion, address_out = 0x741f165d True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = HitTestThemeBackground, address_out = 0x741f3ce3 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeEdge, address_out = 0x74203b52 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeIcon, address_out = 0x742135e7 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemePartDefined, address_out = 0x741e85b4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeBackgroundPartiallyTransparent, address_out = 0x741e60ab True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeColor, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeMetric, address_out = 0x741f06e2 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeString, address_out = 0x742122e4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBool, address_out = 0x741e7c1f True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeInt, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeEnumValue, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePosition, address_out = 0x74212350 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeFont, address_out = 0x741eff21 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeRect, address_out = 0x741f3611 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeMargins, address_out = 0x741e86e9 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeIntList, address_out = 0x742123b1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePropertyOrigin, address_out = 0x74203fbb True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = SetWindowTheme, address_out = 0x741f0134 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeFilename, address_out = 0x74212412 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysColor, address_out = 0x74203274 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysColorBrush, address_out = 0x7421301e True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysBool, address_out = 0x74213172 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysSize, address_out = 0x7421320b True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysFont, address_out = 0x742129c4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysString, address_out = 0x74212b3f True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysInt, address_out = 0x74212bd3 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeActive, address_out = 0x741ef785 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsAppThemed, address_out = 0x741ef869 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetWindowTheme, address_out = 0x741edf46 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = EnableThemeDialogTexture, address_out = 0x741efcaf True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeDialogTextureEnabled, address_out = 0x7421312b True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeAppProperties, address_out = 0x741f0fb1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = SetThemeAppProperties, address_out = 0x74213296 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetCurrentThemeName, address_out = 0x741f05dd True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeDocumentationProperty, address_out = 0x74212932 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeParentBackground, address_out = 0x741e53e5 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = EnableTheming, address_out = 0x74212feb True 1
Fn
Window Create class_name = TPUtilWindowEx, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindowEx, index = 0, new_long = 6682512 False 1
Fn
Window Set Attribute class_name = TPUtilWindowEx, index = 4, new_long = 24461184 False 1
Fn
Window Set Attribute class_name = TPUtilWindowEx, index = 18446744073709551612, new_long = 6671332 True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3805115 True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3805102 True 1
Fn
Module Load module_name = WS2_32.DLL, base_address = 0x77380000 True 1
Fn
Module Get Address module_name = c:\windows\system32\ws2_32.dll, function = WSAStartup, address_out = 0x77383ab2 True 1
Fn
Module Get Address module_name = c:\windows\system32\ws2_32.dll, function = GetAddrInfoW, address_out = 0x77384889 True 1
Fn
Module Get Address module_name = c:\windows\system32\ws2_32.dll, function = GetNameInfoW, address_out = 0x773866af True 1
Fn
Module Get Address module_name = c:\windows\system32\ws2_32.dll, function = FreeAddrInfoW, address_out = 0x77384b1b True 1
Fn
Module Get Address module_name = c:\windows\system32\ws2_32.dll, function = InetPtonW, address_out = 0x773939dc True 1
Fn
Module Get Address module_name = c:\windows\system32\ws2_32.dll, function = InetNtopW, address_out = 0x77393abf True 1
Fn
Module Get Address module_name = c:\windows\system32\ws2_32.dll, function = GetAddrInfoExW, address_out = 0x7738d1ea True 1
Fn
Module Get Address module_name = c:\windows\system32\ws2_32.dll, function = SetAddrInfoExW, address_out = 0x7738f4f6 True 1
Fn
Module Get Address module_name = c:\windows\system32\ws2_32.dll, function = FreeAddrInfoExW, address_out = 0x7738e14d True 1
Fn
Module Load module_name = Fwpuclnt.dll, base_address = 0x736b0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\fwpuclnt.dll, function = WSASetSocketSecurity, address_out = 0x736cba9a True 1
Fn
Module Get Address module_name = c:\windows\system32\fwpuclnt.dll, function = WSAQuerySocketSecurity, address_out = 0x736cbaed True 1
Fn
Module Get Address module_name = c:\windows\system32\fwpuclnt.dll, function = WSASetSocketPeerTargetName, address_out = 0x736cbb1e True 1
Fn
Module Get Address module_name = c:\windows\system32\fwpuclnt.dll, function = WSADeleteSocketPeerTargetName, address_out = 0x736cbb4e True 1
Fn
Module Get Address module_name = c:\windows\system32\fwpuclnt.dll, function = WSAImpersonateSocketPeer, address_out = 0x736cbb7e True 1
Fn
Module Get Address module_name = c:\windows\system32\fwpuclnt.dll, function = WSARevertImpersonation, address_out = 0x736cbcfd True 1
Fn
Module Load module_name = IdnDL.dll, base_address = 0x6f010000 True 1
Fn
Module Get Address module_name = c:\windows\system32\idndl.dll, function = DownlevelGetLocaleScripts, address_out = 0x6f012a5b True 1
Fn
Module Get Address module_name = c:\windows\system32\idndl.dll, function = DownlevelGetStringScripts, address_out = 0x6f012b2f True 1
Fn
Module Get Address module_name = c:\windows\system32\idndl.dll, function = DownlevelVerifyScripts, address_out = 0x6f012dad True 1
Fn
Module Load module_name = Normaliz.dll, base_address = 0x77370000 True 1
Fn
Module Get Address module_name = c:\windows\system32\normaliz.dll, function = IdnToUnicode, address_out = 0x769af707 True 1
Fn
Module Get Address module_name = c:\windows\system32\normaliz.dll, function = IdnToNameprepUnicode, address_out = 0x769af6b4 True 1
Fn
Module Get Address module_name = c:\windows\system32\normaliz.dll, function = IdnToAscii, address_out = 0x76948bb8 True 1
Fn
Module Get Address module_name = c:\windows\system32\normaliz.dll, function = IsNormalizedString, address_out = 0x769af662 True 1
Fn
Module Get Address module_name = c:\windows\system32\normaliz.dll, function = NormalizeString, address_out = 0x769af5ea True 1
Fn
Module Load module_name = iphlpapi.dll, base_address = 0x737d0000 True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3805089 True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3805076 True 1
Fn
Window Create class_name = TPUtilWindowEx, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindowEx, index = 0, new_long = 7698532 False 1
Fn
Window Set Attribute class_name = TPUtilWindowEx, index = 4, new_long = 25470800 False 1
Fn
Window Set Attribute class_name = TPUtilWindowEx, index = 18446744073709551612, new_long = 6671332 True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3805063 True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3805050 True 1
Fn
Window Create window_name = Remote Manipulator System Helper, class_name = TfmMain, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = Remote Manipulator System Helper, class_name = TfmMain, index = 18446744073709551612, new_long = 3805128 True 1
Fn
Window Set Attribute window_name = Remote Manipulator System Helper, class_name = TfmMain, index = 18446744073709551596, new_long = 327936 True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, type = file_attributes True 1
Fn
File Get Info filename = C:\ProgramData\Remote Utilities\msi\68001_{E945283B-758C-4A40-B851-1066D0E49EA8}, type = file_attributes False 2
Fn
File Get Info filename = C:\ProgramData\Remote Utilities\msi, type = file_attributes False 1
Fn
File Get Info filename = C:\ProgramData\Remote Utilities, type = file_attributes False 1
Fn
File Get Info filename = C:\ProgramData, type = file_attributes True 1
Fn
File Create Directory C:\ProgramData\Remote Utilities True 1
Fn
File Create Directory C:\ProgramData\Remote Utilities\msi True 1
Fn
File Create Directory C:\ProgramData\Remote Utilities\msi\68001_{E945283B-758C-4A40-B851-1066D0E49EA8} True 1
Fn
File Get Info filename = C:\ProgramData\Remote Utilities\msi\68001_{E945283B-758C-4A40-B851-1066D0E49EA8}\host6.8_unsigned.msi, type = file_attributes False 1
Fn
File Copy source_filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi, destination_filename = C:\ProgramData\Remote Utilities\msi\68001_{E945283B-758C-4A40-B851-1066D0E49EA8}\host6.8_unsigned.msi True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = DeleteCriticalSection, address_out = 0x77289ac5 True 1
Fn
Module Get Address module_name = c:\windows\system32\ws2_32.dll, function = WSACleanup, address_out = 0x77383c5f True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BufferedPaintUnInit, address_out = 0x741e94ab True 1
Fn
System Get Time type = Local Time, time = 2018-08-28 08:29:47 (Local Time) True 64
Fn
Process #26: rutserv.exe
1738 0
»
Information Value
ID #26
File Name c:\program files\remote utilities - host\rutserv.exe
Command Line "C:\Program Files\Remote Utilities - Host\rutserv.exe" /silentinstall
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:31, Reason: Child Process
Unmonitor End Time: 00:03:40, Reason: Self Terminated
Monitor Duration 00:00:09
OS Process Information
»
Information Value
PID 0xfa8
Parent PID 0xa44 (c:\windows\system32\msiexec.exe)
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x FAC
0x FB0
0x FB4
0x FB8
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x00020fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x0012ffff Private Memory rw True False False -
pagefile_0x0000000000130000 0x00130000 0x00133fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000140000 0x00140000 0x00141fff Pagefile Backed Memory r True False False -
private_0x0000000000150000 0x00150000 0x0024ffff Private Memory rw True False False -
locale.nls 0x00250000 0x002b6fff Memory Mapped File r False False False -
private_0x00000000002c0000 0x002c0000 0x002c0fff Private Memory rw True False False -
private_0x00000000002d0000 0x002d0000 0x002dffff Private Memory rw True False False -
pagefile_0x00000000002e0000 0x002e0000 0x003a7fff Pagefile Backed Memory r True False False -
pagefile_0x00000000003b0000 0x003b0000 0x003b0fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000003c0000 0x003c0000 0x003c1fff Pagefile Backed Memory r True False False -
private_0x00000000003d0000 0x003d0000 0x003d0fff Private Memory rw True False False -
pagefile_0x00000000003e0000 0x003e0000 0x003e0fff Pagefile Backed Memory rw True False False -
private_0x00000000003f0000 0x003f0000 0x003f0fff Private Memory rwx True False False -
rutserv.exe 0x00400000 0x00e22fff Memory Mapped File rwx True True False
...
pagefile_0x0000000000e30000 0x00e30000 0x00f30fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000f40000 0x00f40000 0x01b3ffff Pagefile Backed Memory r True False False -
private_0x0000000001b40000 0x01b40000 0x01c7ffff Private Memory rw True False False -
pagefile_0x0000000001c80000 0x01c80000 0x01c86fff Pagefile Backed Memory r True False False -
private_0x0000000001c90000 0x01c90000 0x01c9ffff Private Memory rw True False False -
rutserv.exe 0x01ca0000 0x0261efff Memory Mapped File r True False False -
private_0x0000000001ca0000 0x01ca0000 0x01e4ffff Private Memory rw True False False -
pagefile_0x0000000001ca0000 0x01ca0000 0x01d7efff Pagefile Backed Memory r True False False -
private_0x0000000001d80000 0x01d80000 0x01dfffff Private Memory - True False False -
pagefile_0x0000000001e00000 0x01e00000 0x01e01fff Pagefile Backed Memory rw True False False -
private_0x0000000001e10000 0x01e10000 0x01e4ffff Private Memory rw True False False -
private_0x0000000001e50000 0x01e50000 0x01f4ffff Private Memory rw True False False -
sortdefault.nls 0x01f50000 0x0221efff Memory Mapped File r False False False -
private_0x0000000002220000 0x02220000 0x0261ffff Private Memory - True False False -
private_0x0000000002620000 0x02620000 0x02a1ffff Private Memory - True False False -
private_0x0000000002a20000 0x02a20000 0x02a9ffff Private Memory - True False False -
private_0x0000000002aa0000 0x02aa0000 0x02e9ffff Private Memory - True False False -
private_0x0000000002ea0000 0x02ea0000 0x02f1ffff Private Memory - True False False -
private_0x0000000002f20000 0x02f20000 0x0331ffff Private Memory - True False False -
private_0x0000000003320000 0x03320000 0x0339ffff Private Memory - True False False -
pagefile_0x00000000033a0000 0x033a0000 0x03792fff Pagefile Backed Memory r True False False -
rpcss.dll 0x037a0000 0x037fbfff Memory Mapped File r False False False -
private_0x00000000037a0000 0x037a0000 0x0389ffff Private Memory rw True False False -
private_0x00000000038a0000 0x038a0000 0x0399ffff Private Memory rw True False False -
private_0x00000000039a0000 0x039a0000 0x03a0ffff Private Memory rw True False False -
private_0x00000000039a0000 0x039a0000 0x039affff Private Memory rw True False False -
pagefile_0x00000000039b0000 0x039b0000 0x039b0fff Pagefile Backed Memory rw True False False -
comctl32.dll.mui 0x039c0000 0x039c2fff Memory Mapped File rw False False False -
private_0x00000000039d0000 0x039d0000 0x03a0ffff Private Memory rw True False False -
staticcache.dat 0x03a10000 0x0433ffff Memory Mapped File r False False False -
private_0x0000000004340000 0x04340000 0x0453ffff Private Memory rw True False False -
private_0x0000000004340000 0x04340000 0x04340fff Private Memory rw True False False -
private_0x0000000004350000 0x04350000 0x04350fff Private Memory rw True False False -
private_0x0000000004360000 0x04360000 0x04360fff Private Memory rw True False False -
private_0x0000000004370000 0x04370000 0x04370fff Private Memory rw True False False -
private_0x0000000004380000 0x04380000 0x044bffff Private Memory rw True False False -
private_0x00000000044c0000 0x044c0000 0x044cffff Private Memory rw True False False -
pagefile_0x00000000044c0000 0x044c0000 0x044d9fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000044d0000 0x044d0000 0x044e9fff Pagefile Backed Memory rw True False False -
private_0x0000000004530000 0x04530000 0x0453ffff Private Memory rw True False False -
pagefile_0x0000000004540000 0x04540000 0x0494ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000004950000 0x04950000 0x04d5ffff Pagefile Backed Memory rw True False False -
security.dll 0x6de20000 0x6de22fff Memory Mapped File rwx False False False -
winmm.dll 0x6e9f0000 0x6ea21fff Memory Mapped File rwx False False False -
webio.dll 0x6fcf0000 0x6fd3efff Memory Mapped File rwx False False False -
winhttp.dll 0x6fd40000 0x6fd97fff Memory Mapped File rwx False False False -
winspool.drv 0x70200000 0x70250fff Memory Mapped File rwx False False False -
olepro32.dll 0x71de0000 0x71df8fff Memory Mapped File rwx False False False -
faultrep.dll 0x71e00000 0x71e51fff Memory Mapped File rwx False False False -
wsock32.dll 0x71e60000 0x71e66fff Memory Mapped File rwx False False False -
shfolder.dll 0x71f00000 0x71f04fff Memory Mapped File rwx False False False -
msimg32.dll 0x71f50000 0x71f54fff Memory Mapped File rwx False False False -
ntmarta.dll 0x73c00000 0x73c20fff Memory Mapped File rwx False False False -
wkscli.dll 0x73c40000 0x73c4efff Memory Mapped File rwx False False False -
netutils.dll 0x73c50000 0x73c58fff Memory Mapped File rwx False False False -
netapi32.dll 0x73c60000 0x73c70fff Memory Mapped File rwx False False False -
wtsapi32.dll 0x73d60000 0x73d6cfff Memory Mapped File rwx False False False -
dwmapi.dll 0x73eb0000 0x73ec2fff Memory Mapped File rwx False False False -
gdiplus.dll 0x74050000 0x741dffff Memory Mapped File rwx False False False -
uxtheme.dll 0x741e0000 0x7421ffff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
version.dll 0x748d0000 0x748d8fff Memory Mapped File rwx False False False -
srvcli.dll 0x75220000 0x75238fff Memory Mapped File rwx False False False -
secur32.dll 0x75290000 0x75297fff Memory Mapped File rwx False False False -
sspicli.dll 0x752b0000 0x752cafff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
winsta.dll 0x75340000 0x75368fff Memory Mapped File rwx False False False -
msasn1.dll 0x753f0000 0x753fbfff Memory Mapped File rwx False False False -
crypt32.dll 0x75420000 0x7553cfff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
wintrust.dll 0x75650000 0x7567cfff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
wldap32.dll 0x75730000 0x75774fff Memory Mapped File rwx False False False -
nsi.dll 0x75810000 0x75815fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
wininet.dll 0x76650000 0x76744fff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
urlmon.dll 0x76e70000 0x76fa5fff Memory Mapped File rwx False False False -
iertutil.dll 0x76fb0000 0x771aafff Memory Mapped File rwx False False False -
comdlg32.dll 0x771b0000 0x7722afff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
ws2_32.dll 0x77380000 0x773b4fff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffd8000 0x7ffd8000 0x7ffd8fff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Hook Information
»
Type Installer Target Size Information Actions
Code rutserv.exe:+0xb0db6 kernel32.dll:CreateThread+0x1c 4 bytes -
...
Code rutserv.exe:+0xb10f8 kernel32.dll:CreateThread+0x1c 4 bytes -
...
IAT rutserv.exe:+0x7549e 1140. entry of shell32.dll 4 bytes kernel32.dll:QueueUserWorkItem+0x0 now points to rutserv.exe:__dbk_fcall_wrapper+0x9ed44
...
IAT rutserv.exe:+0x7549e 1140. entry of shell32.dll 4 bytes rutserv.exe:__dbk_fcall_wrapper+0x9ed44 now points to kernel32.dll:QueueUserWorkItem+0x0
...
IAT rutserv.exe:+0x7549e 53. entry of shlwapi.dll 4 bytes kernel32.dll:QueueUserWorkItem+0x0 now points to rutserv.exe:__dbk_fcall_wrapper+0x9ed44
...
IAT rutserv.exe:+0x7549e 53. entry of shlwapi.dll 4 bytes rutserv.exe:__dbk_fcall_wrapper+0x9ed44 now points to kernel32.dll:QueueUserWorkItem+0x0
...
Threads
Thread 0xfac
1644 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\program files\remote utilities - host\rutserv.exe, base_address = 0x400000 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetThreadPreferredUILanguages, address_out = 0x769522d7 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = SetThreadPreferredUILanguages, address_out = 0x7694e627 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetThreadUILanguage, address_out = 0x7694ae42 True 1
Fn
System Get Info type = Hardware Information True 1
Fn
System Get Info type = Operating System True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\program files\remote utilities - host\rutserv.exe, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 522 True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 261 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Embarcadero\Locales False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\CodeGear\Locales False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\CodeGear\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Borland\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Borland\Delphi\Locales False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x7694be77 True 1
Fn
System Get Info type = Hardware Information True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetDiskFreeSpaceExW, address_out = 0x7694de40 True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 261 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Embarcadero\Locales False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\CodeGear\Locales False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\CodeGear\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Borland\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Borland\Delphi\Locales False 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetLogicalProcessorInformation, address_out = 0x76942004 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetLogicalProcessorInformation, address_out = 0x76942004 True 1
Fn
Module Get Handle module_name = c:\windows\system32\oleaut32.dll, base_address = 0x76c10000 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VariantChangeTypeEx, address_out = 0x76c14c28 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarNeg, address_out = 0x76c8c802 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarNot, address_out = 0x76c8ec66 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarAdd, address_out = 0x76c35934 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarSub, address_out = 0x76c8d332 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarMul, address_out = 0x76c8dbd4 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarDiv, address_out = 0x76c8e405 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarIdiv, address_out = 0x76c8f00a True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarMod, address_out = 0x76c8f15e True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarAnd, address_out = 0x76c35a98 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarOr, address_out = 0x76c8ecfa True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarXor, address_out = 0x76c8ee2e True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarCmp, address_out = 0x76c2b0dc True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarI4FromStr, address_out = 0x76c26fab True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarR4FromStr, address_out = 0x76c301a0 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarR8FromStr, address_out = 0x76c2699e True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarDateFromStr, address_out = 0x76c36ba7 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarCyFromStr, address_out = 0x76c56c12 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarBoolFromStr, address_out = 0x76c2dbd1 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromCy, address_out = 0x76c37fdc True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromDate, address_out = 0x76c27a2a True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromBool, address_out = 0x76c30355 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Address module_name = c:\program files\remote utilities - host\rutserv.exe, function = GetLeakReport, address_out = 0x0 False 1
Fn
File Open Mapping filename = madExceptRestart$fa8, desired_access = FILE_MAP_READ False 1
Fn
System Get Info type = Operating System True 1
Fn
File Create Directory C:\Users\EEBsYm5\AppData\Local\Temp\ False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 True 1
Fn
File Create Directory C:\Users\EEBsYm5\AppData\Local\Temp\rutserv.madExcept True 1
Fn
System Get Info type = Operating System True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Local\Temp\rutserv.madExcept\, type = file_attributes True 1
Fn
File Delete filename = C:\Users\EEBsYm5\AppData\Local\Temp\rutserv.madExcept\. False 1
Fn
File Delete filename = C:\Users\EEBsYm5\AppData\Local\Temp\rutserv.madExcept\.. False 1
Fn
File Delete Directory directory = C:\Users\EEBsYm5\AppData\Local\Temp\rutserv.madExcept\ True 1
Fn
Module Get Address module_name = c:\program files\remote utilities - host\rutserv.exe, function = @Madexcept@initialization$qqrv, address_out = 0x0 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = FaultRep.dll, base_address = 0x71e00000 True 1
Fn
Module Get Address module_name = c:\windows\system32\faultrep.dll, function = ReportFault, address_out = 0x71e05457 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = OpenThread, address_out = 0x76966733 True 1
Fn
Module Get Handle module_name = c:\windows\system32\ntdll.dll, base_address = 0x77230000 True 1
Fn
Module Get Address module_name = c:\windows\system32\ntdll.dll, function = NtOpenThread, address_out = 0x77275e08 True 1
Fn
Module Get Handle module_name = c:\windows\system32\advapi32.dll, base_address = 0x769f0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = SetEntriesInAclA, address_out = 0x76a415e9 True 1
Fn
Mutex Create mutex_name = madExceptSettingsMtx$fa8 True 1
Fn
Module Get Handle module_name = c:\windows\system32\advapi32.dll, base_address = 0x769f0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = SetEntriesInAclA, address_out = 0x76a415e9 True 1
Fn
File Open Mapping filename = madExceptSettingsBuf2$fa8, desired_access = FILE_MAP_WRITE, FILE_MAP_READ False 1
Fn
Module Create Mapping filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 4 True 1
Fn
Module Map process_name = c:\program files\remote utilities - host\rutserv.exe, desired_access = FILE_MAP_ALL_ACCESS True 1
Fn
Mutex Release mutex_name = madExceptSettingsMtx$fa8 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\program files\remote utilities - host\rutserv.exe, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\rutserv.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Module Create Mapping module_name = C:\Program Files\Remote Utilities - Host\rutserv.exe, filename = C:\Program Files\Remote Utilities - Host\rutserv.exe, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Program Files\Remote Utilities - Host\rutserv.exe, process_name = c:\program files\remote utilities - host\rutserv.exe, desired_access = FILE_MAP_READ True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\rutserv.exe, type = size True 1
Fn
Module Get Handle module_name = c:\program files\remote utilities - host\rutserv.exe, base_address = 0x400000 True 1
Fn
System Get Info type = Operating System True 2
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\program files\remote utilities - host\rutserv.exe, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winmm.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\webio.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winhttp.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winspool.drv, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\faultrep.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\FaultRep.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wsock32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHFolder.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ntmarta.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wkscli.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\netutils.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\netapi32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\version.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\srvcli.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\MSASN1.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\CRYPT32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\KERNELBASE.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wintrust.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\RPCRT4.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\WLDAP32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\NSI.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHELL32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\LPK.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wininet.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ole32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\kernel32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\advapi32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ADVAPI32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\msvcrt.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\USER32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\oleaut32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\OLEAUT32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\MSCTF.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\USP10.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHLWAPI.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\urlmon.dll, size = 260 True 1
Fn
Module Get Handle module_name = c:\windows\system32\advapi32.dll, base_address = 0x769f0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = SetEntriesInAclA, address_out = 0x76a415e9 True 1
Fn
Module Create Mapping filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 20 True 1
Fn
Module Map process_name = c:\program files\remote utilities - host\rutserv.exe, desired_access = FILE_MAP_ALL_ACCESS True 1
Fn
Mutex Create - True 1
Fn
Mutex Create - True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\ntdll.dll, base_address = 0x77230000 True 1
Fn
Module Get Address module_name = c:\windows\system32\ntdll.dll, function = NtQuerySystemInformation, address_out = 0x772761f8 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\ntdll.dll, base_address = 0x77230000 True 1
Fn
Module Get Address module_name = c:\windows\system32\ntdll.dll, function = RtlGetVersion, address_out = 0x772965e3 True 1
Fn
System Get Info type = Operating System False 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x7694be77 True 1
Fn
System Get Info type = Hardware Information True 1
Fn
Mutex Release - True 1
Fn
Module Get Handle module_name = c:\program files\remote utilities - host\rutserv.exe, base_address = 0x400000 True 1
Fn
Module Get Address module_name = Unknown module name, address_out = 0x0 False 1
Fn
Module Get Handle module_name = vcl320.bpl, base_address = 0x0 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\program files\remote utilities - host\rutserv.exe, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winmm.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\webio.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winhttp.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winspool.drv, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\faultrep.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\FaultRep.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wsock32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHFolder.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ntmarta.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wkscli.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\netutils.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\netapi32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\version.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\srvcli.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\MSASN1.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\CRYPT32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\KERNELBASE.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wintrust.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\RPCRT4.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\WLDAP32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\NSI.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHELL32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\LPK.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wininet.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ole32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\kernel32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\advapi32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ADVAPI32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\msvcrt.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\USER32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\oleaut32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\OLEAUT32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\MSCTF.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\USP10.dll, size = 260 True 1
Fn
Module Get Handle module_name = vclx320.bpl, base_address = 0x0 False 1
Fn
Module Get Handle module_name = fmx320.bpl, base_address = 0x0 False 1
Fn
File Create Pipe pipe_name = Anonymous read pipe, size = 0 True 1
Fn
Thread Open os_tid = 0xfb0 True 1
Fn
Mutex Release - True 1
Fn
Mutex Create - True 1
Fn
Mutex Release - True 1
Fn
Module Get Handle module_name = c:\program files\remote utilities - host\rutserv.exe, base_address = 0x400000 True 1
Fn
Window Create wndproc_parameter = 0 True 1
Fn
Mutex Release - True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = ChangeWindowMessageFilterEx, address_out = 0x76b524c8 True 1
Fn
Mutex Release - True 2
Fn
Module Get Handle module_name = c:\windows\system32\msvcrt.dll, base_address = 0x76a90000 True 1
Fn
Module Get Address module_name = c:\windows\system32\msvcrt.dll, function = _CxxThrowException, address_out = 0x76ab3557 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\program files\remote utilities - host\rutserv.exe, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 True 1
Fn
System Get Info type = Operating System True 3
Fn
Module Get Filename module_name = c:\windows\system32\kernel32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 2
Fn
Module Get Handle module_name = c:\program files\remote utilities - host\rutserv.exe, base_address = 0x400000 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernelbase.dll, base_address = 0x75540000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernelbase.dll, function = CreateRemoteThreadEx, address_out = 0x7554be34 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = CreateThread, address_out = 0x7696375d True 1
Fn
Module Get Handle module_name = c:\windows\system32\msvcrt.dll, base_address = 0x76a90000 True 1
Fn
Module Get Address module_name = c:\windows\system32\msvcrt.dll, function = _CxxThrowException, address_out = 0x76ab3557 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\kernel32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 3
Fn
Module Get Filename module_name = c:\windows\system32\kernelbase.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\KERNELBASE.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 2
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\program files\remote utilities - host\rutserv.exe, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winmm.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\webio.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winhttp.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winspool.drv, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\faultrep.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\FaultRep.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wsock32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHFolder.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ntmarta.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wkscli.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\netutils.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\netapi32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\version.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\srvcli.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\MSASN1.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\CRYPT32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\kernelbase.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\KERNELBASE.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wintrust.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\RPCRT4.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\WLDAP32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\NSI.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHELL32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\LPK.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wininet.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ole32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\kernel32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\advapi32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ADVAPI32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\msvcrt.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\msvcrt.dll, size = 260 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes, value_name = MS Shell Dlg 2, data = 0, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes, value_name = MS Shell Dlg 2, data = Tahoma, type = REG_SZ True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = InitializeConditionVariable, address_out = 0x77289981 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = WakeConditionVariable, address_out = 0x772d5a7b True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = WakeAllConditionVariable, address_out = 0x772545a5 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = SleepConditionVariableCS, address_out = 0x769418be True 1
Fn
Module Get Handle module_name = c:\windows\system32\ole32.dll, base_address = 0x76750000 True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoCreateInstanceEx, address_out = 0x76799d4e True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoInitializeEx, address_out = 0x767909ad True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoAddRefServerProcess, address_out = 0x767b3cf3 True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoReleaseServerProcess, address_out = 0x767b4314 True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoResumeClassObjects, address_out = 0x7675ea02 True 1
Fn
Module Get Address module_name = c:\windows\system32\ole32.dll, function = CoSuspendClassObjects, address_out = 0x767bbb02 True 1
Fn
Module Load module_name = Msctf.dll, base_address = 0x76ca0000 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = imm32.dll, base_address = 0x76490000 True 1
Fn
Keyboard Get Info type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 True 1
Fn
Module Get Filename module_name = c:\program files\remote utilities - host\rutserv.exe, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 256 True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 4132847 True 1
Fn
Window Create window_name = rutserv, class_name = TApplication, wndproc_parameter = 0 True 1
Fn
Module Load module_name = wtsapi32.dll, base_address = 0x73d60000 True 1
Fn
Module Get Address module_name = c:\windows\system32\wtsapi32.dll, function = WTSRegisterSessionNotification, address_out = 0x73d61cbc True 1
Fn
Module Load module_name = uxtheme.dll, base_address = 0x741e0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BufferedPaintInit, address_out = 0x741e940e True 1
Fn
Window Set Attribute window_name = rutserv, class_name = TApplication, index = 18446744073709551612, new_long = 4132834 True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = AnimateWindow, address_out = 0x76b70620 True 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74360000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = InitializeFlatSB, address_out = 0x7443f803 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = UninitializeFlatSB, address_out = 0x7436d1ea True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollProp, address_out = 0x7443f81f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollProp, address_out = 0x743e07d0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_EnableScrollBar, address_out = 0x7443f84b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_ShowScrollBar, address_out = 0x7443f83a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollRange, address_out = 0x7443f829 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollInfo, address_out = 0x743e08b6 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollPos, address_out = 0x7443f80e True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollPos, address_out = 0x743e0894 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollInfo, address_out = 0x743e08c7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollRange, address_out = 0x743e08a5 True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = SetLayeredWindowAttributes, address_out = 0x76b4a6dc True 1
Fn
Module Get Filename module_name = fmx320.bpl, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 261 True 1
Fn
System Get Info type = Hardware Information True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Filename module_name = c:\windows\system32\kernel32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 261 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetFileSizeEx, address_out = 0x769559ef True 1
Fn
Module Get Filename module_name = fmx320.bpl, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 261 True 1
Fn
System Get Computer Name result_out = cRh2YWu7, type = ComputerNameDnsFullyQualified True 1
Fn
System Get Computer Name result_out = CRH2YWU7 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = InstallDate, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = InstallDate, data = 1496235695, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductName, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductName, data = Windows 7 Professional, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductId, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductId, data = 00371-223-0192682-86871, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography, value_name = MachineGuid, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography, value_name = MachineGuid, data = cdd36b99-6027-4bbf-bf10-e7f8b416e3fb, type = REG_SZ True 1
Fn
System Get Computer Name result_out = cRh2YWu7, type = ComputerNameDnsFullyQualified True 2
Fn
Module Load module_name = olepro32.dll, base_address = 0x71de0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\olepro32.dll, function = OleCreatePropertyFrame, address_out = 0x71de20ea True 1
Fn
Module Get Address module_name = c:\windows\system32\olepro32.dll, function = OleCreateFontIndirect, address_out = 0x71de20b7 True 1
Fn
Module Get Address module_name = c:\windows\system32\olepro32.dll, function = OleCreatePictureIndirect, address_out = 0x71de20c8 True 1
Fn
Module Get Address module_name = c:\windows\system32\olepro32.dll, function = OleLoadPicture, address_out = 0x71de20d9 True 1
Fn
Module Load module_name = security.dll, base_address = 0x6de20000 True 1
Fn
Module Get Address module_name = c:\windows\system32\security.dll, function = InitSecurityInterfaceW, address_out = 0x752b5b53 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = InitializeCriticalSection, address_out = 0x7728a149 True 1
Fn
Module Load module_name = uxtheme.dll, base_address = 0x741e0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = OpenThemeData, address_out = 0x741e73d2 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = CloseThemeData, address_out = 0x741e6a18 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeBackground, address_out = 0x741e3982 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeText, address_out = 0x741e4ea1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundContentRect, address_out = 0x741ecd2e True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundExtent, address_out = 0x741ef8bf True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePartSize, address_out = 0x741ecdb1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeTextExtent, address_out = 0x741e2d57 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeTextMetrics, address_out = 0x741ef992 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundRegion, address_out = 0x741f165d True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = HitTestThemeBackground, address_out = 0x741f3ce3 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeEdge, address_out = 0x74203b52 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeIcon, address_out = 0x742135e7 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemePartDefined, address_out = 0x741e85b4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeBackgroundPartiallyTransparent, address_out = 0x741e60ab True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeColor, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeMetric, address_out = 0x741f06e2 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeString, address_out = 0x742122e4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBool, address_out = 0x741e7c1f True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeInt, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeEnumValue, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePosition, address_out = 0x74212350 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeFont, address_out = 0x741eff21 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeRect, address_out = 0x741f3611 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeMargins, address_out = 0x741e86e9 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeIntList, address_out = 0x742123b1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePropertyOrigin, address_out = 0x74203fbb True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = SetWindowTheme, address_out = 0x741f0134 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeFilename, address_out = 0x74212412 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysColor, address_out = 0x74203274 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysColorBrush, address_out = 0x7421301e True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysBool, address_out = 0x74213172 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysSize, address_out = 0x7421320b True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysFont, address_out = 0x742129c4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysString, address_out = 0x74212b3f True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysInt, address_out = 0x74212bd3 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeActive, address_out = 0x741ef785 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsAppThemed, address_out = 0x741ef869 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetWindowTheme, address_out = 0x741edf46 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = EnableThemeDialogTexture, address_out = 0x741efcaf True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeDialogTextureEnabled, address_out = 0x7421312b True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeAppProperties, address_out = 0x741f0fb1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = SetThemeAppProperties, address_out = 0x74213296 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetCurrentThemeName, address_out = 0x741f05dd True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeDocumentationProperty, address_out = 0x74212932 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeParentBackground, address_out = 0x741e53e5 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = EnableTheming, address_out = 0x74212feb True 1
Fn
System Register Hook type = WH_CBT, hookproc_address = 0x65b278 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = IsWow64Process, address_out = 0x76954785 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueueUserWorkItem, address_out = 0x76953c22 True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 4132808 True 1
Fn
Module Load module_name = UxTheme.dll, base_address = 0x741e0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = CloseThemeData, address_out = 0x741e6a18 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeBackground, address_out = 0x741e3982 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeEdge, address_out = 0x74203b52 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeIcon, address_out = 0x742135e7 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeParentBackground, address_out = 0x741e53e5 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeText, address_out = 0x741e4ea1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeTextEx, address_out = 0x741e63e6 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = EnableThemeDialogTexture, address_out = 0x741efcaf True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetCurrentThemeName, address_out = 0x741f05dd True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeAppProperties, address_out = 0x741f0fb1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundContentRect, address_out = 0x741ecd2e True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundRegion, address_out = 0x741f165d True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundExtent, address_out = 0x741ef8bf True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBool, address_out = 0x741e7c1f True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeColor, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeDocumentationProperty, address_out = 0x74212932 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeEnumValue, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeFilename, address_out = 0x74212412 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeFont, address_out = 0x741eff21 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeInt, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeIntList, address_out = 0x742123b1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeMargins, address_out = 0x741e86e9 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeMetric, address_out = 0x741f06e2 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePartSize, address_out = 0x741ecdb1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePosition, address_out = 0x74212350 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePropertyOrigin, address_out = 0x74203fbb True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeRect, address_out = 0x741f3611 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeString, address_out = 0x742122e4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysBool, address_out = 0x74213172 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysColor, address_out = 0x74203274 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysColorBrush, address_out = 0x7421301e True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysFont, address_out = 0x742129c4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysInt, address_out = 0x74212bd3 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysSize, address_out = 0x7421320b True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysString, address_out = 0x74212b3f True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeTextExtent, address_out = 0x741e2d57 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeTextMetrics, address_out = 0x741ef992 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetWindowTheme, address_out = 0x741edf46 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = HitTestThemeBackground, address_out = 0x741f3ce3 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsAppThemed, address_out = 0x741ef869 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeActive, address_out = 0x741ef785 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemePartDefined, address_out = 0x741e85b4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeBackgroundPartiallyTransparent, address_out = 0x741e60ab True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeDialogTextureEnabled, address_out = 0x7421312b True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = OpenThemeData, address_out = 0x741e73d2 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = SetThemeAppProperties, address_out = 0x74213296 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = SetWindowTheme, address_out = 0x741f0134 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BeginBufferedPaint, address_out = 0x741e49a1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BufferedPaintClear, address_out = 0x741e6395 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BufferedPaintInit, address_out = 0x741e940e True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BufferedPaintSetAlpha, address_out = 0x741fe6b3 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BufferedPaintUnInit, address_out = 0x741e94ab True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = EndBufferedPaint, address_out = 0x741e3f9a True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BeginPanningFeedback, address_out = 0x74210731 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = UpdatePanningFeedback, address_out = 0x7421068d True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = EndPanningFeedback, address_out = 0x742106cc True 1
Fn
Module Load module_name = Shcore.dll, base_address = 0x0 False 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = GetSystemMetricsForDpi, address_out = 0x0 False 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = GetGestureInfo, address_out = 0x76b8b30d True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = CloseGestureInfoHandle, address_out = 0x76b8b38a True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = SetGestureConfig, address_out = 0x76b44715 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = LogicalToPhysicalPoint, address_out = 0x76b76e4f True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = PhysicalToLogicalPoint, address_out = 0x76b76e63 True 1
Fn
Module Load module_name = user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = IsProcessDPIAware, address_out = 0x76b5212e True 1
Fn
System Register Hook type = WH_CALLWNDPROC, hookproc_address = 0x9cdb7c True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 4132795 True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = WindowFromDC, address_out = 0x76b52116 True 1
Fn
Module Load module_name = gdiplus.dll, base_address = 0x74050000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipAlloc, address_out = 0x74092437 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipFree, address_out = 0x740924b2 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdiplusStartup, address_out = 0x74075600 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdiplusShutdown, address_out = 0x740756be True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCloneBrush, address_out = 0x7407d7e8 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDeleteBrush, address_out = 0x7407d8c2 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetBrushType, address_out = 0x7407d95f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateSolidFill, address_out = 0x7409701b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetSolidFillColor, address_out = 0x7407dfe0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetSolidFillColor, address_out = 0x7407e083 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreatePathGradient, address_out = 0x7409682f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreatePathGradientI, address_out = 0x740968f1 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreatePathGradientFromPath, address_out = 0x74096a43 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientCenterColor, address_out = 0x7407f0ce True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientCenterColor, address_out = 0x7407f196 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientSurroundColorsWithCount, address_out = 0x7407f23a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientSurroundColorsWithCount, address_out = 0x7407f368 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientPath, address_out = 0x7407f524 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientPath, address_out = 0x7407f524 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientCenterPoint, address_out = 0x7407f567 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientCenterPointI, address_out = 0x7407f621 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientCenterPoint, address_out = 0x7407f6b5 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientCenterPointI, address_out = 0x7407f76f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientRect, address_out = 0x7407f94a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientRectI, address_out = 0x7407f9ff True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientPointCount, address_out = 0x7407f7dd True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientSurroundColorCount, address_out = 0x7407f890 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientGammaCorrection, address_out = 0x7407fab7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientGammaCorrection, address_out = 0x7407fb54 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientBlendCount, address_out = 0x7407e7f0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientBlend, address_out = 0x7407fc07 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientBlend, address_out = 0x7407e97a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientPresetBlendCount, address_out = 0x7407fcdb True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientPresetBlend, address_out = 0x7407fd95 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientPresetBlend, address_out = 0x7407ff41 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientSigmaBlend, address_out = 0x74080184 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientLinearBlend, address_out = 0x7407eeb7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientWrapMode, address_out = 0x7407f01b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientWrapMode, address_out = 0x74080236 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientTransform, address_out = 0x740802da True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientTransform, address_out = 0x7407dc34 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipResetPathGradientTransform, address_out = 0x7407dd3d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipMultiplyPathGradientTransform, address_out = 0x740803e3 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipTranslatePathGradientTransform, address_out = 0x740804fc True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipScalePathGradientTransform, address_out = 0x740805d5 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipRotatePathGradientTransform, address_out = 0x7407dde0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientFocusScales, address_out = 0x740806ae True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientFocusScales, address_out = 0x74080793 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrush, address_out = 0x7407e139 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrushI, address_out = 0x7407e22f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrushFromRect, address_out = 0x7407e2fe True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrushFromRectI, address_out = 0x7407e3ee True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrushFromRectWithAngle, address_out = 0x7407e4b6 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrushFromRectWithAngleI, address_out = 0x7407e5ad True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineRect, address_out = 0x7407f94a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineRectI, address_out = 0x7407f9ff True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineColors, address_out = 0x7407e67c True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineColors, address_out = 0x7407e731 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineGammaCorrection, address_out = 0x74075765 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineGammaCorrection, address_out = 0x740757be True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineBlendCount, address_out = 0x7407e7f0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineBlend, address_out = 0x7407e8a6 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineBlend, address_out = 0x7407e97a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLinePresetBlendCount, address_out = 0x7407fcdb True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLinePresetBlend, address_out = 0x7407ea4e True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLinePresetBlend, address_out = 0x7407ec63 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineSigmaBlend, address_out = 0x74080184 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineLinearBlend, address_out = 0x7407eeb7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineWrapMode, address_out = 0x7407ef69 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineWrapMode, address_out = 0x7407f01b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineTransform, address_out = 0x740802da True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineTransform, address_out = 0x7407dc34 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipResetLineTransform, address_out = 0x7407dd3d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipMultiplyLineTransform, address_out = 0x740803e3 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipTranslateLineTransform, address_out = 0x740804fc True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipScaleLineTransform, address_out = 0x740805d5 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipRotateLineTransform, address_out = 0x7407dde0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateHatchBrush, address_out = 0x74096266 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetHatchStyle, address_out = 0x7407da12 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetHatchForegroundColor, address_out = 0x7407dac8 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetHatchBackgroundColor, address_out = 0x7407db7e True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreatePen1, address_out = 0x7408083a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreatePen2, address_out = 0x7408096b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipClonePen, address_out = 0x74080abe True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDeletePen, address_out = 0x74080b95 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenFillType, address_out = 0x74082491 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenBrushFill, address_out = 0x740822c1 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenBrushFill, address_out = 0x740823cc True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenColor, address_out = 0x74082157 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenColor, address_out = 0x74082201 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenMode, address_out = 0x740819cc True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenMode, address_out = 0x74081a6f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenUnit, address_out = 0x74080d9b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenUnit, address_out = 0x74080e5a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenWidth, address_out = 0x74080c4d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenWidth, address_out = 0x74080ceb True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenDashStyle, address_out = 0x7408254e True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenDashStyle, address_out = 0x740825fe True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenLineCap197819, address_out = 0x74080f0a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenStartCap, address_out = 0x74080fb1 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenEndCap, address_out = 0x74081052 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenDashCap197819, address_out = 0x740810f3 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenStartCap, address_out = 0x74081194 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenEndCap, address_out = 0x74081244 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenDashCap197819, address_out = 0x740812f4 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenLineJoin, address_out = 0x740813ab True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenLineJoin, address_out = 0x74081449 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenCustomStartCap, address_out = 0x740814f9 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenCustomStartCap, address_out = 0x74081601 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenCustomEndCap, address_out = 0x740816b8 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenCustomEndCap, address_out = 0x740817c0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenMiterLimit, address_out = 0x74081877 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenMiterLimit, address_out = 0x7408191c True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenTransform, address_out = 0x74081b1f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenTransform, address_out = 0x74081c25 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipResetPenTransform, address_out = 0x74081d2b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipMultiplyPenTransform, address_out = 0x74081dcb True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipTranslatePenTransform, address_out = 0x74081ee1 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipScalePenTransform, address_out = 0x74081fb7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipRotatePenTransform, address_out = 0x7408208d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenDashOffset, address_out = 0x7408269f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenDashOffset, address_out = 0x7408274f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenDashCount, address_out = 0x740827ed True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 4132782 True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 4132769 True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = EnableNonClientDpiScaling, address_out = 0x0 False 1
Fn
Module Load module_name = dwmapi.dll, base_address = 0x73eb0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmDefWindowProc, address_out = 0x73eb3df4 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmEnableBlurBehindWindow, address_out = 0x73eb2945 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmEnableComposition, address_out = 0x73eb720a True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmEnableMMCSS, address_out = 0x73eb37dd True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmExtendFrameIntoClientArea, address_out = 0x73eb3510 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmGetColorizationColor, address_out = 0x73eb6f9a True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmGetWindowAttribute, address_out = 0x73eb1c76 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmIsCompositionEnabled, address_out = 0x73eb1610 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmSetWindowAttribute, address_out = 0x73eb16c0 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmSetIconicThumbnail, address_out = 0x73eb85ea True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmSetIconicLivePreviewBitmap, address_out = 0x73eb88fd True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmInvalidateIconicBitmaps, address_out = 0x73eb3742 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetDynamicTimeZoneInformation, address_out = 0x76942565 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 2
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Display, data = (UTC+04:30) Kabul, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Std, data = Afghanistan Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Dlt, data = Afghanistan Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Display, data = (UTC-09:00) Alaska, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Std, data = Alaskan Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Dlt, data = Alaskan Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST, value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST, value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST, value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST, value_name = LastEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST, value_name = 2006, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST, value_name = 2007, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Display, data = (UTC+03:00) Kuwait, Riyadh, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Std, data = Arab Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Dlt, data = Arab Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Display, data = (UTC+04:00) Abu Dhabi, Muscat, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Std, data = Arabian Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Dlt, data = Arabian Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Display, data = (UTC+03:00) Baghdad, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Std, data = Arabic Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Dlt, data = Arabic Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = LastEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = 2006, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = 2007, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = 2008, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Display, data = (UTC-03:00) Buenos Aires, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Std, data = Argentina Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Dlt, data = Argentina Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
For performance reasons, the remaining 402 entries are omitted.
The remaining entries can be found in glog.xml.
Thread 0xfb0
32 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = SetThreadDpiAwarenessContext, address_out = 0x0 False 1
Fn
File Read size = 144, size_out = 0 False 55
Fn
File Read size = 144, size_out = 144 True 1
Fn
Data
Process #27: rutserv.exe
1585 0
»
Information Value
ID #27
File Name c:\program files\remote utilities - host\rutserv.exe
Command Line "C:\Program Files\Remote Utilities - Host\rutserv.exe" /firewall
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:38, Reason: Child Process
Unmonitor End Time: 00:03:43, Reason: Self Terminated
Monitor Duration 00:00:05
OS Process Information
»
Information Value
PID 0xfc4
Parent PID 0xa44 (c:\windows\system32\msiexec.exe)
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x FC8
0x FD0
0x FD4
0x FD8
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x00020fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x0012ffff Private Memory rw True False False -
pagefile_0x0000000000130000 0x00130000 0x00133fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000140000 0x00140000 0x00141fff Pagefile Backed Memory r True False False -
locale.nls 0x00150000 0x001b6fff Memory Mapped File r False False False -
private_0x00000000001c0000 0x001c0000 0x001c0fff Private Memory rw True False False -
pagefile_0x00000000001d0000 0x001d0000 0x001d0fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000001e0000 0x001e0000 0x001e1fff Pagefile Backed Memory r True False False -
private_0x00000000001f0000 0x001f0000 0x001f0fff Private Memory rw True False False -
pagefile_0x0000000000200000 0x00200000 0x00200fff Pagefile Backed Memory rw True False False -
private_0x0000000000210000 0x00210000 0x00210fff Private Memory rwx True False False -
private_0x0000000000220000 0x00220000 0x0031ffff Private Memory rw True False False -
pagefile_0x0000000000320000 0x00320000 0x003e7fff Pagefile Backed Memory r True False False -
pagefile_0x00000000003f0000 0x003f0000 0x003f6fff Pagefile Backed Memory r True False False -
rutserv.exe 0x00400000 0x00e22fff Memory Mapped File rwx True True False
...
pagefile_0x0000000000e30000 0x00e30000 0x00f30fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000f40000 0x00f40000 0x00f41fff Pagefile Backed Memory rw True False False -
rpcss.dll 0x00f50000 0x00fabfff Memory Mapped File r False False False -
private_0x0000000000f50000 0x00f50000 0x00f5ffff Private Memory rw True False False -
pagefile_0x0000000000f60000 0x00f60000 0x00f60fff Pagefile Backed Memory rw True False False -
comctl32.dll.mui 0x00f70000 0x00f72fff Memory Mapped File rw False False False -
private_0x0000000000f80000 0x00f80000 0x00f80fff Private Memory rw True False False -
private_0x0000000000f90000 0x00f90000 0x00f90fff Private Memory rw True False False -
private_0x0000000000fa0000 0x00fa0000 0x00fa0fff Private Memory rw True False False -
private_0x0000000000fb0000 0x00fb0000 0x00fbffff Private Memory rw True False False -
private_0x0000000000fc0000 0x00fc0000 0x00fc0fff Private Memory rw True False False -
private_0x0000000000fd0000 0x00fd0000 0x00fdffff Private Memory rw True False False -
pagefile_0x0000000000fe0000 0x00fe0000 0x01bdffff Pagefile Backed Memory r True False False -
private_0x0000000001be0000 0x01be0000 0x01d1ffff Private Memory rw True False False -
rutserv.exe 0x01d20000 0x0269efff Memory Mapped File r True False False -
private_0x0000000001d20000 0x01d20000 0x01f0ffff Private Memory rw True False False -
pagefile_0x0000000001d20000 0x01d20000 0x01dfefff Pagefile Backed Memory r True False False -
private_0x0000000001e00000 0x01e00000 0x01e7ffff Private Memory - True False False -
pagefile_0x0000000001e80000 0x01e80000 0x01e80fff Pagefile Backed Memory r True False False -
pagefile_0x0000000001e90000 0x01e90000 0x01e90fff Pagefile Backed Memory r True False False -
firewallapi.dll 0x01ea0000 0x01eaafff Memory Mapped File r False False False -
stdole2.tlb 0x01eb0000 0x01eb3fff Memory Mapped File r False False False -
private_0x0000000001ed0000 0x01ed0000 0x01f0ffff Private Memory rw True False False -
private_0x0000000001f10000 0x01f10000 0x0200ffff Private Memory rw True False False -
sortdefault.nls 0x02010000 0x022defff Memory Mapped File r False False False -
private_0x00000000022e0000 0x022e0000 0x026dffff Private Memory - True False False -
private_0x00000000026e0000 0x026e0000 0x02adffff Private Memory - True False False -
private_0x0000000002ae0000 0x02ae0000 0x02b5ffff Private Memory - True False False -
private_0x0000000002b60000 0x02b60000 0x02f5ffff Private Memory - True False False -
private_0x0000000002f60000 0x02f60000 0x02fdffff Private Memory - True False False -
private_0x0000000002fe0000 0x02fe0000 0x033dffff Private Memory - True False False -
private_0x00000000033e0000 0x033e0000 0x0345ffff Private Memory - True False False -
pagefile_0x0000000003460000 0x03460000 0x03852fff Pagefile Backed Memory r True False False -
private_0x0000000003860000 0x03860000 0x0395ffff Private Memory rw True False False -
private_0x0000000003960000 0x03960000 0x03a5ffff Private Memory rw True False False -
private_0x0000000003a60000 0x03a60000 0x03b0ffff Private Memory rw True False False -
pagefile_0x0000000003a60000 0x03a60000 0x03a95fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000003a60000 0x03a60000 0x03a83fff Pagefile Backed Memory rw True False False -
private_0x0000000003ad0000 0x03ad0000 0x03b0ffff Private Memory rw True False False -
staticcache.dat 0x03b10000 0x0443ffff Memory Mapped File r False False False -
private_0x0000000004440000 0x04440000 0x0463ffff Private Memory rw True False False -
private_0x0000000004440000 0x04440000 0x0457ffff Private Memory rw True False False -
private_0x0000000004630000 0x04630000 0x0463ffff Private Memory rw True False False -
private_0x0000000004640000 0x04640000 0x0473ffff Private Memory rw True False False -
security.dll 0x6de20000 0x6de22fff Memory Mapped File rwx False False False -
winmm.dll 0x6e9f0000 0x6ea21fff Memory Mapped File rwx False False False -
webio.dll 0x6fcf0000 0x6fd3efff Memory Mapped File rwx False False False -
winhttp.dll 0x6fd40000 0x6fd97fff Memory Mapped File rwx False False False -
winspool.drv 0x70200000 0x70250fff Memory Mapped File rwx False False False -
olepro32.dll 0x71de0000 0x71df8fff Memory Mapped File rwx False False False -
faultrep.dll 0x71e00000 0x71e51fff Memory Mapped File rwx False False False -
wsock32.dll 0x71e60000 0x71e66fff Memory Mapped File rwx False False False -
shfolder.dll 0x71f00000 0x71f04fff Memory Mapped File rwx False False False -
msimg32.dll 0x71f50000 0x71f54fff Memory Mapped File rwx False False False -
ntmarta.dll 0x73c00000 0x73c20fff Memory Mapped File rwx False False False -
wkscli.dll 0x73c40000 0x73c4efff Memory Mapped File rwx False False False -
netutils.dll 0x73c50000 0x73c58fff Memory Mapped File rwx False False False -
netapi32.dll 0x73c60000 0x73c70fff Memory Mapped File rwx False False False -
wtsapi32.dll 0x73d60000 0x73d6cfff Memory Mapped File rwx False False False -
dwmapi.dll 0x73eb0000 0x73ec2fff Memory Mapped File rwx False False False -
gdiplus.dll 0x74050000 0x741dffff Memory Mapped File rwx False False False -
uxtheme.dll 0x741e0000 0x7421ffff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
version.dll 0x748d0000 0x748d8fff Memory Mapped File rwx False False False -
firewallapi.dll 0x748e0000 0x74955fff Memory Mapped File rwx False False False -
srvcli.dll 0x75220000 0x75238fff Memory Mapped File rwx False False False -
secur32.dll 0x75290000 0x75297fff Memory Mapped File rwx False False False -
sspicli.dll 0x752b0000 0x752cafff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
sxs.dll 0x752e0000 0x7533efff Memory Mapped File rwx False False False -
winsta.dll 0x75340000 0x75368fff Memory Mapped File rwx False False False -
msasn1.dll 0x753f0000 0x753fbfff Memory Mapped File rwx False False False -
crypt32.dll 0x75420000 0x7553cfff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
wintrust.dll 0x75650000 0x7567cfff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
wldap32.dll 0x75730000 0x75774fff Memory Mapped File rwx False False False -
clbcatq.dll 0x75780000 0x75802fff Memory Mapped File rwx False False False -
nsi.dll 0x75810000 0x75815fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
wininet.dll 0x76650000 0x76744fff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
urlmon.dll 0x76e70000 0x76fa5fff Memory Mapped File rwx False False False -
iertutil.dll 0x76fb0000 0x771aafff Memory Mapped File rwx False False False -
comdlg32.dll 0x771b0000 0x7722afff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
ws2_32.dll 0x77380000 0x773b4fff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Hook Information
»
Type Installer Target Size Information Actions
Code rutserv.exe:+0xb0db6 kernel32.dll:CreateThread+0x1c 4 bytes -
...
Code rutserv.exe:+0xb10f8 kernel32.dll:CreateThread+0x1c 4 bytes -
...
IAT rutserv.exe:+0x7549e 1140. entry of shell32.dll 4 bytes kernel32.dll:QueueUserWorkItem+0x0 now points to rutserv.exe:__dbk_fcall_wrapper+0x9ed44
...
IAT rutserv.exe:+0x7549e 1140. entry of shell32.dll 4 bytes rutserv.exe:__dbk_fcall_wrapper+0x9ed44 now points to kernel32.dll:QueueUserWorkItem+0x0
...
IAT rutserv.exe:+0x7549e 53. entry of shlwapi.dll 4 bytes kernel32.dll:QueueUserWorkItem+0x0 now points to rutserv.exe:__dbk_fcall_wrapper+0x9ed44
...
IAT rutserv.exe:+0x7549e 53. entry of shlwapi.dll 4 bytes rutserv.exe:__dbk_fcall_wrapper+0x9ed44 now points to kernel32.dll:QueueUserWorkItem+0x0
...
Threads
Thread 0xfc8
1537 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\program files\remote utilities - host\rutserv.exe, base_address = 0x400000 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetThreadPreferredUILanguages, address_out = 0x769522d7 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = SetThreadPreferredUILanguages, address_out = 0x7694e627 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetThreadUILanguage, address_out = 0x7694ae42 True 1
Fn
System Get Info type = Hardware Information True 1
Fn
System Get Info type = Operating System True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\program files\remote utilities - host\rutserv.exe, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 522 True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 261 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Embarcadero\Locales False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\CodeGear\Locales False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\CodeGear\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Borland\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Borland\Delphi\Locales False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x7694be77 True 1
Fn
System Get Info type = Hardware Information True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetDiskFreeSpaceExW, address_out = 0x7694de40 True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 261 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Embarcadero\Locales False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\CodeGear\Locales False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\CodeGear\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Borland\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Borland\Delphi\Locales False 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetLogicalProcessorInformation, address_out = 0x76942004 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetLogicalProcessorInformation, address_out = 0x76942004 True 1
Fn
Module Get Handle module_name = c:\windows\system32\oleaut32.dll, base_address = 0x76c10000 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VariantChangeTypeEx, address_out = 0x76c14c28 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarNeg, address_out = 0x76c8c802 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarNot, address_out = 0x76c8ec66 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarAdd, address_out = 0x76c35934 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarSub, address_out = 0x76c8d332 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarMul, address_out = 0x76c8dbd4 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarDiv, address_out = 0x76c8e405 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarIdiv, address_out = 0x76c8f00a True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarMod, address_out = 0x76c8f15e True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarAnd, address_out = 0x76c35a98 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarOr, address_out = 0x76c8ecfa True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarXor, address_out = 0x76c8ee2e True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarCmp, address_out = 0x76c2b0dc True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarI4FromStr, address_out = 0x76c26fab True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarR4FromStr, address_out = 0x76c301a0 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarR8FromStr, address_out = 0x76c2699e True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarDateFromStr, address_out = 0x76c36ba7 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarCyFromStr, address_out = 0x76c56c12 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarBoolFromStr, address_out = 0x76c2dbd1 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromCy, address_out = 0x76c37fdc True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromDate, address_out = 0x76c27a2a True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromBool, address_out = 0x76c30355 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Address module_name = c:\program files\remote utilities - host\rutserv.exe, function = GetLeakReport, address_out = 0x0 False 1
Fn
File Open Mapping filename = madExceptRestart$fc4, desired_access = FILE_MAP_READ False 1
Fn
System Get Info type = Operating System True 1
Fn
File Create Directory C:\Users\EEBsYm5\AppData\Local\Temp\ False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 True 1
Fn
File Create Directory C:\Users\EEBsYm5\AppData\Local\Temp\rutserv.madExcept True 1
Fn
System Get Info type = Operating System True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Local\Temp\rutserv.madExcept\, type = file_attributes True 1
Fn
File Delete filename = C:\Users\EEBsYm5\AppData\Local\Temp\rutserv.madExcept\. False 1
Fn
File Delete filename = C:\Users\EEBsYm5\AppData\Local\Temp\rutserv.madExcept\.. False 1
Fn
File Delete Directory directory = C:\Users\EEBsYm5\AppData\Local\Temp\rutserv.madExcept\ True 1
Fn
Module Get Address module_name = c:\program files\remote utilities - host\rutserv.exe, function = @Madexcept@initialization$qqrv, address_out = 0x0 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = FaultRep.dll, base_address = 0x71e00000 True 1
Fn
Module Get Address module_name = c:\windows\system32\faultrep.dll, function = ReportFault, address_out = 0x71e05457 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = OpenThread, address_out = 0x76966733 True 1
Fn
Module Get Handle module_name = c:\windows\system32\ntdll.dll, base_address = 0x77230000 True 1
Fn
Module Get Address module_name = c:\windows\system32\ntdll.dll, function = NtOpenThread, address_out = 0x77275e08 True 1
Fn
Module Get Handle module_name = c:\windows\system32\advapi32.dll, base_address = 0x769f0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = SetEntriesInAclA, address_out = 0x76a415e9 True 1
Fn
Mutex Create mutex_name = madExceptSettingsMtx$fc4 True 1
Fn
Module Get Handle module_name = c:\windows\system32\advapi32.dll, base_address = 0x769f0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = SetEntriesInAclA, address_out = 0x76a415e9 True 1
Fn
File Open Mapping filename = madExceptSettingsBuf2$fc4, desired_access = FILE_MAP_WRITE, FILE_MAP_READ False 1
Fn
Module Create Mapping filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 4 True 1
Fn
Module Map process_name = c:\program files\remote utilities - host\rutserv.exe, desired_access = FILE_MAP_ALL_ACCESS True 1
Fn
Mutex Release mutex_name = madExceptSettingsMtx$fc4 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\program files\remote utilities - host\rutserv.exe, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\rutserv.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Module Create Mapping module_name = C:\Program Files\Remote Utilities - Host\rutserv.exe, filename = C:\Program Files\Remote Utilities - Host\rutserv.exe, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Program Files\Remote Utilities - Host\rutserv.exe, process_name = c:\program files\remote utilities - host\rutserv.exe, desired_access = FILE_MAP_READ True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\rutserv.exe, type = size True 1
Fn
Module Get Handle module_name = c:\program files\remote utilities - host\rutserv.exe, base_address = 0x400000 True 1
Fn
System Get Info type = Operating System True 2
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\program files\remote utilities - host\rutserv.exe, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winmm.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\webio.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winhttp.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winspool.drv, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\faultrep.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\FaultRep.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wsock32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHFolder.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ntmarta.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wkscli.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\netutils.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\netapi32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\version.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\srvcli.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\MSASN1.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\CRYPT32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\KERNELBASE.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wintrust.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\RPCRT4.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\WLDAP32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\NSI.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHELL32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\LPK.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wininet.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ole32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\kernel32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\advapi32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ADVAPI32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\msvcrt.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\USER32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\oleaut32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\OLEAUT32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\MSCTF.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\USP10.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHLWAPI.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\urlmon.dll, size = 260 True 1
Fn
Module Create Mapping filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 20 True 1
Fn
Module Map process_name = c:\program files\remote utilities - host\rutserv.exe, desired_access = FILE_MAP_ALL_ACCESS True 1
Fn
Mutex Create - True 1
Fn
Mutex Create - True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\ntdll.dll, base_address = 0x77230000 True 1
Fn
Module Get Address module_name = c:\windows\system32\ntdll.dll, function = NtQuerySystemInformation, address_out = 0x772761f8 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\ntdll.dll, base_address = 0x77230000 True 1
Fn
Module Get Address module_name = c:\windows\system32\ntdll.dll, function = RtlGetVersion, address_out = 0x772965e3 True 1
Fn
System Get Info type = Operating System False 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x7694be77 True 1
Fn
System Get Info type = Hardware Information True 1
Fn
Mutex Release - True 1
Fn
Module Get Handle module_name = c:\program files\remote utilities - host\rutserv.exe, base_address = 0x400000 True 1
Fn
Module Get Address module_name = Unknown module name, address_out = 0x0 False 1
Fn
Module Get Handle module_name = vcl320.bpl, base_address = 0x0 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\program files\remote utilities - host\rutserv.exe, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winmm.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\webio.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winhttp.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winspool.drv, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\faultrep.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\FaultRep.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wsock32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHFolder.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ntmarta.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wkscli.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\netutils.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\netapi32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\version.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\srvcli.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\MSASN1.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\CRYPT32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\KERNELBASE.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wintrust.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\RPCRT4.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\WLDAP32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\NSI.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHELL32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\LPK.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wininet.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ole32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\kernel32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\advapi32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ADVAPI32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\msvcrt.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\USER32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\oleaut32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\OLEAUT32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\MSCTF.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\USP10.dll, size = 260 True 1
Fn
File Create Pipe pipe_name = Anonymous read pipe, size = 0 True 1
Fn
Thread Open os_tid = 0xfd0 True 1
Fn
Mutex Release - True 1
Fn
Mutex Create - True 1
Fn
Mutex Release - True 1
Fn
Module Get Handle module_name = c:\program files\remote utilities - host\rutserv.exe, base_address = 0x400000 True 1
Fn
Window Create wndproc_parameter = 0 True 1
Fn
Mutex Release - True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = ChangeWindowMessageFilterEx, address_out = 0x76b524c8 True 1
Fn
Mutex Release - True 2
Fn
Module Get Handle module_name = c:\windows\system32\msvcrt.dll, base_address = 0x76a90000 True 1
Fn
Module Get Address module_name = c:\windows\system32\msvcrt.dll, function = _CxxThrowException, address_out = 0x76ab3557 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\program files\remote utilities - host\rutserv.exe, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 True 1
Fn
System Get Info type = Operating System True 3
Fn
Module Get Filename module_name = c:\windows\system32\kernel32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 2
Fn
Module Get Handle module_name = c:\program files\remote utilities - host\rutserv.exe, base_address = 0x400000 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernelbase.dll, base_address = 0x75540000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernelbase.dll, function = CreateRemoteThreadEx, address_out = 0x7554be34 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = CreateThread, address_out = 0x7696375d True 1
Fn
Module Get Handle module_name = c:\windows\system32\msvcrt.dll, base_address = 0x76a90000 True 1
Fn
Module Get Address module_name = c:\windows\system32\msvcrt.dll, function = _CxxThrowException, address_out = 0x76ab3557 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\kernel32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 3
Fn
Module Get Filename module_name = c:\windows\system32\kernelbase.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\KERNELBASE.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 2
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Filename module_name = c:\program files\remote utilities - host\rutserv.exe, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 256 True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 2166767 True 1
Fn
Window Create window_name = rutserv, class_name = TApplication, wndproc_parameter = 0 True 1
Fn
Module Load module_name = wtsapi32.dll, base_address = 0x73d60000 True 1
Fn
Module Get Address module_name = c:\windows\system32\wtsapi32.dll, function = WTSRegisterSessionNotification, address_out = 0x73d61cbc True 1
Fn
Module Load module_name = uxtheme.dll, base_address = 0x741e0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BufferedPaintInit, address_out = 0x741e940e True 1
Fn
Window Set Attribute window_name = rutserv, class_name = TApplication, index = 18446744073709551612, new_long = 2166754 True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = AnimateWindow, address_out = 0x76b70620 True 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74360000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = InitializeFlatSB, address_out = 0x7443f803 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = UninitializeFlatSB, address_out = 0x7436d1ea True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollProp, address_out = 0x7443f81f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollProp, address_out = 0x743e07d0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_EnableScrollBar, address_out = 0x7443f84b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_ShowScrollBar, address_out = 0x7443f83a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollRange, address_out = 0x7443f829 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollInfo, address_out = 0x743e08b6 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollPos, address_out = 0x7443f80e True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollPos, address_out = 0x743e0894 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollInfo, address_out = 0x743e08c7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollRange, address_out = 0x743e08a5 True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = SetLayeredWindowAttributes, address_out = 0x76b4a6dc True 1
Fn
Module Get Filename module_name = vcl320.bpl, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 261 True 1
Fn
System Get Info type = Hardware Information True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Filename module_name = c:\windows\system32\kernel32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 261 True 1
Fn
System Get Info type = Operating System True 1
Fn
System Get Computer Name result_out = CRH2YWU7 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = InstallDate, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = InstallDate, data = 1496235695, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductName, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductName, data = Windows 7 Professional, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductId, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductId, data = 00371-223-0192682-86871, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography, value_name = MachineGuid, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography, value_name = MachineGuid, data = cdd36b99-6027-4bbf-bf10-e7f8b416e3fb, type = REG_SZ True 1
Fn
System Get Computer Name result_out = cRh2YWu7, type = ComputerNameDnsFullyQualified True 2
Fn
Module Load module_name = olepro32.dll, base_address = 0x71de0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\olepro32.dll, function = OleCreatePropertyFrame, address_out = 0x71de20ea True 1
Fn
Module Get Address module_name = c:\windows\system32\olepro32.dll, function = OleCreateFontIndirect, address_out = 0x71de20b7 True 1
Fn
Module Get Address module_name = c:\windows\system32\olepro32.dll, function = OleCreatePictureIndirect, address_out = 0x71de20c8 True 1
Fn
Module Get Address module_name = c:\windows\system32\olepro32.dll, function = OleLoadPicture, address_out = 0x71de20d9 True 1
Fn
Module Load module_name = security.dll, base_address = 0x6de20000 True 1
Fn
Module Get Address module_name = c:\windows\system32\security.dll, function = InitSecurityInterfaceW, address_out = 0x752b5b53 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = InitializeCriticalSection, address_out = 0x7728a149 True 1
Fn
Module Load module_name = uxtheme.dll, base_address = 0x741e0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = OpenThemeData, address_out = 0x741e73d2 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = CloseThemeData, address_out = 0x741e6a18 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeBackground, address_out = 0x741e3982 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeText, address_out = 0x741e4ea1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundContentRect, address_out = 0x741ecd2e True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundExtent, address_out = 0x741ef8bf True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePartSize, address_out = 0x741ecdb1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeTextExtent, address_out = 0x741e2d57 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeTextMetrics, address_out = 0x741ef992 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundRegion, address_out = 0x741f165d True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = HitTestThemeBackground, address_out = 0x741f3ce3 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeEdge, address_out = 0x74203b52 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeIcon, address_out = 0x742135e7 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemePartDefined, address_out = 0x741e85b4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeBackgroundPartiallyTransparent, address_out = 0x741e60ab True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeColor, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeMetric, address_out = 0x741f06e2 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeString, address_out = 0x742122e4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBool, address_out = 0x741e7c1f True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeInt, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeEnumValue, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePosition, address_out = 0x74212350 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeFont, address_out = 0x741eff21 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeRect, address_out = 0x741f3611 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeMargins, address_out = 0x741e86e9 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeIntList, address_out = 0x742123b1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePropertyOrigin, address_out = 0x74203fbb True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = SetWindowTheme, address_out = 0x741f0134 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeFilename, address_out = 0x74212412 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysColor, address_out = 0x74203274 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysColorBrush, address_out = 0x7421301e True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysBool, address_out = 0x74213172 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysSize, address_out = 0x7421320b True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysFont, address_out = 0x742129c4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysString, address_out = 0x74212b3f True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysInt, address_out = 0x74212bd3 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeActive, address_out = 0x741ef785 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsAppThemed, address_out = 0x741ef869 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetWindowTheme, address_out = 0x741edf46 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = EnableThemeDialogTexture, address_out = 0x741efcaf True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeDialogTextureEnabled, address_out = 0x7421312b True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeAppProperties, address_out = 0x741f0fb1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = SetThemeAppProperties, address_out = 0x74213296 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetCurrentThemeName, address_out = 0x741f05dd True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeDocumentationProperty, address_out = 0x74212932 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeParentBackground, address_out = 0x741e53e5 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = EnableTheming, address_out = 0x74212feb True 1
Fn
System Register Hook type = WH_CBT, hookproc_address = 0x65b278 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = IsWow64Process, address_out = 0x76954785 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueueUserWorkItem, address_out = 0x76953c22 True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 2166728 True 1
Fn
Module Load module_name = UxTheme.dll, base_address = 0x741e0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = CloseThemeData, address_out = 0x741e6a18 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeBackground, address_out = 0x741e3982 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeEdge, address_out = 0x74203b52 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeIcon, address_out = 0x742135e7 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeParentBackground, address_out = 0x741e53e5 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeText, address_out = 0x741e4ea1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeTextEx, address_out = 0x741e63e6 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = EnableThemeDialogTexture, address_out = 0x741efcaf True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetCurrentThemeName, address_out = 0x741f05dd True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeAppProperties, address_out = 0x741f0fb1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundContentRect, address_out = 0x741ecd2e True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundRegion, address_out = 0x741f165d True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundExtent, address_out = 0x741ef8bf True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBool, address_out = 0x741e7c1f True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeColor, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeDocumentationProperty, address_out = 0x74212932 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeEnumValue, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeFilename, address_out = 0x74212412 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeFont, address_out = 0x741eff21 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeInt, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeIntList, address_out = 0x742123b1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeMargins, address_out = 0x741e86e9 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeMetric, address_out = 0x741f06e2 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePartSize, address_out = 0x741ecdb1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePosition, address_out = 0x74212350 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePropertyOrigin, address_out = 0x74203fbb True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeRect, address_out = 0x741f3611 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeString, address_out = 0x742122e4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysBool, address_out = 0x74213172 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysColor, address_out = 0x74203274 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysColorBrush, address_out = 0x7421301e True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysFont, address_out = 0x742129c4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysInt, address_out = 0x74212bd3 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysSize, address_out = 0x7421320b True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysString, address_out = 0x74212b3f True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeTextExtent, address_out = 0x741e2d57 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeTextMetrics, address_out = 0x741ef992 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetWindowTheme, address_out = 0x741edf46 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = HitTestThemeBackground, address_out = 0x741f3ce3 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsAppThemed, address_out = 0x741ef869 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeActive, address_out = 0x741ef785 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemePartDefined, address_out = 0x741e85b4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeBackgroundPartiallyTransparent, address_out = 0x741e60ab True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeDialogTextureEnabled, address_out = 0x7421312b True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = OpenThemeData, address_out = 0x741e73d2 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = SetThemeAppProperties, address_out = 0x74213296 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = SetWindowTheme, address_out = 0x741f0134 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BeginBufferedPaint, address_out = 0x741e49a1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BufferedPaintClear, address_out = 0x741e6395 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BufferedPaintInit, address_out = 0x741e940e True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BufferedPaintSetAlpha, address_out = 0x741fe6b3 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BufferedPaintUnInit, address_out = 0x741e94ab True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = EndBufferedPaint, address_out = 0x741e3f9a True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BeginPanningFeedback, address_out = 0x74210731 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = UpdatePanningFeedback, address_out = 0x7421068d True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = EndPanningFeedback, address_out = 0x742106cc True 1
Fn
Module Load module_name = Shcore.dll, base_address = 0x0 False 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = GetSystemMetricsForDpi, address_out = 0x0 False 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = GetGestureInfo, address_out = 0x76b8b30d True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = CloseGestureInfoHandle, address_out = 0x76b8b38a True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = SetGestureConfig, address_out = 0x76b44715 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = LogicalToPhysicalPoint, address_out = 0x76b76e4f True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = PhysicalToLogicalPoint, address_out = 0x76b76e63 True 1
Fn
Module Load module_name = user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = IsProcessDPIAware, address_out = 0x76b5212e True 1
Fn
System Register Hook type = WH_CALLWNDPROC, hookproc_address = 0x9cdb7c True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 2166715 True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = WindowFromDC, address_out = 0x76b52116 True 1
Fn
Module Load module_name = gdiplus.dll, base_address = 0x74050000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipAlloc, address_out = 0x74092437 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipFree, address_out = 0x740924b2 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdiplusStartup, address_out = 0x74075600 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdiplusShutdown, address_out = 0x740756be True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCloneBrush, address_out = 0x7407d7e8 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDeleteBrush, address_out = 0x7407d8c2 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetBrushType, address_out = 0x7407d95f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateSolidFill, address_out = 0x7409701b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetSolidFillColor, address_out = 0x7407dfe0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetSolidFillColor, address_out = 0x7407e083 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreatePathGradient, address_out = 0x7409682f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreatePathGradientI, address_out = 0x740968f1 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreatePathGradientFromPath, address_out = 0x74096a43 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientCenterColor, address_out = 0x7407f0ce True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientCenterColor, address_out = 0x7407f196 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientSurroundColorsWithCount, address_out = 0x7407f23a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientSurroundColorsWithCount, address_out = 0x7407f368 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientPath, address_out = 0x7407f524 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientPath, address_out = 0x7407f524 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientCenterPoint, address_out = 0x7407f567 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientCenterPointI, address_out = 0x7407f621 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientCenterPoint, address_out = 0x7407f6b5 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientCenterPointI, address_out = 0x7407f76f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientRect, address_out = 0x7407f94a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientRectI, address_out = 0x7407f9ff True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientPointCount, address_out = 0x7407f7dd True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientSurroundColorCount, address_out = 0x7407f890 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientGammaCorrection, address_out = 0x7407fab7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientGammaCorrection, address_out = 0x7407fb54 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientBlendCount, address_out = 0x7407e7f0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientBlend, address_out = 0x7407fc07 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientBlend, address_out = 0x7407e97a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientPresetBlendCount, address_out = 0x7407fcdb True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientPresetBlend, address_out = 0x7407fd95 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientPresetBlend, address_out = 0x7407ff41 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientSigmaBlend, address_out = 0x74080184 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientLinearBlend, address_out = 0x7407eeb7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientWrapMode, address_out = 0x7407f01b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientWrapMode, address_out = 0x74080236 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientTransform, address_out = 0x740802da True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientTransform, address_out = 0x7407dc34 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipResetPathGradientTransform, address_out = 0x7407dd3d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipMultiplyPathGradientTransform, address_out = 0x740803e3 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipTranslatePathGradientTransform, address_out = 0x740804fc True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipScalePathGradientTransform, address_out = 0x740805d5 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipRotatePathGradientTransform, address_out = 0x7407dde0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientFocusScales, address_out = 0x740806ae True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientFocusScales, address_out = 0x74080793 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrush, address_out = 0x7407e139 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrushI, address_out = 0x7407e22f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrushFromRect, address_out = 0x7407e2fe True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrushFromRectI, address_out = 0x7407e3ee True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrushFromRectWithAngle, address_out = 0x7407e4b6 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrushFromRectWithAngleI, address_out = 0x7407e5ad True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineRect, address_out = 0x7407f94a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineRectI, address_out = 0x7407f9ff True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineColors, address_out = 0x7407e67c True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineColors, address_out = 0x7407e731 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineGammaCorrection, address_out = 0x74075765 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineGammaCorrection, address_out = 0x740757be True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineBlendCount, address_out = 0x7407e7f0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineBlend, address_out = 0x7407e8a6 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineBlend, address_out = 0x7407e97a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLinePresetBlendCount, address_out = 0x7407fcdb True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLinePresetBlend, address_out = 0x7407ea4e True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLinePresetBlend, address_out = 0x7407ec63 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineSigmaBlend, address_out = 0x74080184 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineLinearBlend, address_out = 0x7407eeb7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineWrapMode, address_out = 0x7407ef69 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineWrapMode, address_out = 0x7407f01b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineTransform, address_out = 0x740802da True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineTransform, address_out = 0x7407dc34 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipResetLineTransform, address_out = 0x7407dd3d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipMultiplyLineTransform, address_out = 0x740803e3 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipTranslateLineTransform, address_out = 0x740804fc True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipScaleLineTransform, address_out = 0x740805d5 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipRotateLineTransform, address_out = 0x7407dde0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateHatchBrush, address_out = 0x74096266 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetHatchStyle, address_out = 0x7407da12 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetHatchForegroundColor, address_out = 0x7407dac8 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetHatchBackgroundColor, address_out = 0x7407db7e True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreatePen1, address_out = 0x7408083a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreatePen2, address_out = 0x7408096b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipClonePen, address_out = 0x74080abe True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDeletePen, address_out = 0x74080b95 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenFillType, address_out = 0x74082491 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenBrushFill, address_out = 0x740822c1 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenBrushFill, address_out = 0x740823cc True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenColor, address_out = 0x74082157 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenColor, address_out = 0x74082201 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenMode, address_out = 0x740819cc True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenMode, address_out = 0x74081a6f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenUnit, address_out = 0x74080d9b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenUnit, address_out = 0x74080e5a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenWidth, address_out = 0x74080c4d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenWidth, address_out = 0x74080ceb True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenDashStyle, address_out = 0x7408254e True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenDashStyle, address_out = 0x740825fe True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenLineCap197819, address_out = 0x74080f0a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenStartCap, address_out = 0x74080fb1 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenEndCap, address_out = 0x74081052 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenDashCap197819, address_out = 0x740810f3 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenStartCap, address_out = 0x74081194 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenEndCap, address_out = 0x74081244 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenDashCap197819, address_out = 0x740812f4 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenLineJoin, address_out = 0x740813ab True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenLineJoin, address_out = 0x74081449 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenCustomStartCap, address_out = 0x740814f9 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenCustomStartCap, address_out = 0x74081601 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenCustomEndCap, address_out = 0x740816b8 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenCustomEndCap, address_out = 0x740817c0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenMiterLimit, address_out = 0x74081877 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenMiterLimit, address_out = 0x7408191c True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenTransform, address_out = 0x74081b1f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenTransform, address_out = 0x74081c25 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipResetPenTransform, address_out = 0x74081d2b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipMultiplyPenTransform, address_out = 0x74081dcb True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipTranslatePenTransform, address_out = 0x74081ee1 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipScalePenTransform, address_out = 0x74081fb7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipRotatePenTransform, address_out = 0x7408208d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenDashOffset, address_out = 0x7408269f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenDashOffset, address_out = 0x7408274f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenDashCount, address_out = 0x740827ed True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 2166702 True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 2166689 True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = EnableNonClientDpiScaling, address_out = 0x0 False 1
Fn
Module Load module_name = dwmapi.dll, base_address = 0x73eb0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmDefWindowProc, address_out = 0x73eb3df4 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmEnableBlurBehindWindow, address_out = 0x73eb2945 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmEnableComposition, address_out = 0x73eb720a True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmEnableMMCSS, address_out = 0x73eb37dd True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmExtendFrameIntoClientArea, address_out = 0x73eb3510 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmGetColorizationColor, address_out = 0x73eb6f9a True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmGetWindowAttribute, address_out = 0x73eb1c76 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmIsCompositionEnabled, address_out = 0x73eb1610 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmSetWindowAttribute, address_out = 0x73eb16c0 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmSetIconicThumbnail, address_out = 0x73eb85ea True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmSetIconicLivePreviewBitmap, address_out = 0x73eb88fd True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmInvalidateIconicBitmaps, address_out = 0x73eb3742 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetDynamicTimeZoneInformation, address_out = 0x76942565 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 2
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Display, data = (UTC+04:30) Kabul, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Std, data = Afghanistan Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Dlt, data = Afghanistan Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Display, data = (UTC-09:00) Alaska, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Std, data = Alaskan Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Dlt, data = Alaskan Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST, value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST, value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST, value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST, value_name = LastEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST, value_name = 2006, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST, value_name = 2007, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Display, data = (UTC+03:00) Kuwait, Riyadh, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Std, data = Arab Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Dlt, data = Arab Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Display, data = (UTC+04:00) Abu Dhabi, Muscat, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Std, data = Arabian Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Dlt, data = Arabian Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Display, data = (UTC+03:00) Baghdad, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Std, data = Arabic Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Dlt, data = Arabic Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = LastEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = 2006, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = 2007, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = 2008, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Display, data = (UTC-03:00) Buenos Aires, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Std, data = Argentina Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Dlt, data = Argentina Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = LastEntry, data = 2010, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = 2006, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = 2007, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = 2008, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = 2009, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = 2010, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = Display, data = (UTC-04:00) Atlantic Time (Canada), type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = Std, data = Atlantic Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = Dlt, data = Atlantic Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST, value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST, value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST, value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST, value_name = LastEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST, value_name = 2006, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST, value_name = 2007, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = Display, data = (UTC+09:30) Darwin, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = Std, data = AUS Central Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = Dlt, data = AUS Central Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = Display, data = (UTC+10:00) Canberra, Melbourne, Sydney, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = Std, data = AUS Eastern Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = Dlt, data = AUS Eastern Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST, value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST, value_name = FirstEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST, value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST, value_name = LastEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST, value_name = 2007, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST, value_name = 2008, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = Display, data = (UTC+04:00) Baku, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = Std, data = Azerbaijan Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = Dlt, data = Azerbaijan Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = Display, data = (UTC-01:00) Azores, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = Std, data = Azores Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = Dlt, data = Azores Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = Display, data = (UTC+06:00) Dhaka, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = Std, data = Bangladesh Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = Dlt, data = Bangladesh Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST, value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST, value_name = FirstEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST, value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST, value_name = LastEntry, data = 2010, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST, value_name = 2008, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST, value_name = 2009, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST, value_name = 2010, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = Display, data = (UTC-06:00) Saskatchewan, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = Std, data = Canada Central Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = Dlt, data = Canada Central Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time, value_name = Display, data = (UTC-01:00) Cape Verde Is., type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time, value_name = Std, data = Cape Verde Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time, value_name = Dlt, data = Cape Verde Daylight Time, type = REG_SZ True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = DrawTextW, address_out = 0x76b55b6a True 1
Fn
Module Load module_name = ntdll.dll, base_address = 0x77230000 True 1
Fn
Module Get Address module_name = c:\windows\system32\ntdll.dll, function = NtQuerySystemInformation, address_out = 0x772761f8 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
System Get Time type = Ticks, time = 252394 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
System Get Time type = Ticks, time = 252394 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Process Get filename file_name = C:\Windows\System32\smss.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
System Get Time type = Ticks, time = 252394 True 1
Fn
For performance reasons, the remaining 329 entries are omitted.
The remaining entries can be found in glog.xml.
Thread 0xfd0
13 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = SetThreadDpiAwarenessContext, address_out = 0x0 False 1
Fn
File Read size = 144, size_out = 0 False 10
Fn
File Read size = 144, size_out = 144 True 1
Fn
Data
Process #31: rutserv.exe
1431 0
»
Information Value
ID #31
File Name c:\program files\remote utilities - host\rutserv.exe
Command Line "C:\Program Files\Remote Utilities - Host\rutserv.exe" /start
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:42, Reason: Child Process
Unmonitor End Time: 00:03:53, Reason: Terminated by Timeout
Monitor Duration 00:00:11
OS Process Information
»
Information Value
PID 0x504
Parent PID 0xa44 (c:\windows\system32\msiexec.exe)
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x 89C
0x 6C4
0x 670
0x 8A4
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x00020fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x0012ffff Private Memory rw True False False -
pagefile_0x0000000000130000 0x00130000 0x00133fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000140000 0x00140000 0x00141fff Pagefile Backed Memory r True False False -
locale.nls 0x00150000 0x001b6fff Memory Mapped File r False False False -
private_0x00000000001c0000 0x001c0000 0x001c0fff Private Memory rw True False False -
pagefile_0x00000000001d0000 0x001d0000 0x001d0fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000001e0000 0x001e0000 0x001e1fff Pagefile Backed Memory r True False False -
private_0x00000000001f0000 0x001f0000 0x002effff Private Memory rw True False False -
private_0x00000000002f0000 0x002f0000 0x002f0fff Private Memory rw True False False -
pagefile_0x0000000000300000 0x00300000 0x00300fff Pagefile Backed Memory rw True False False -
private_0x0000000000310000 0x00310000 0x00310fff Private Memory rwx True False False -
pagefile_0x0000000000320000 0x00320000 0x00326fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000330000 0x00330000 0x00331fff Pagefile Backed Memory rw True False False -
private_0x0000000000340000 0x00340000 0x0034ffff Private Memory rw True False False -
pagefile_0x0000000000350000 0x00350000 0x00350fff Pagefile Backed Memory rw True False False -
comctl32.dll.mui 0x00360000 0x00362fff Memory Mapped File rw False False False -
private_0x0000000000370000 0x00370000 0x00370fff Private Memory rw True False False -
private_0x0000000000380000 0x00380000 0x0038ffff Private Memory rw True False False -
rpcss.dll 0x00390000 0x003ebfff Memory Mapped File r False False False -
private_0x0000000000390000 0x00390000 0x00390fff Private Memory rw True False False -
private_0x00000000003a0000 0x003a0000 0x003a0fff Private Memory rw True False False -
private_0x00000000003b0000 0x003b0000 0x003b0fff Private Memory rw True False False -
rutserv.exe 0x00400000 0x00e22fff Memory Mapped File rwx True True False
...
pagefile_0x0000000000e30000 0x00e30000 0x00ef7fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000f00000 0x00f00000 0x01000fff Pagefile Backed Memory r True False False -
pagefile_0x0000000001010000 0x01010000 0x01c0ffff Pagefile Backed Memory r True False False -
private_0x0000000001c10000 0x01c10000 0x01d4ffff Private Memory rw True False False -
private_0x0000000001d50000 0x01d50000 0x01d5ffff Private Memory rw True False False -
rutserv.exe 0x01d60000 0x026defff Memory Mapped File r True False False -
private_0x0000000001d60000 0x01d60000 0x01f0ffff Private Memory rw True False False -
pagefile_0x0000000001d60000 0x01d60000 0x01e3efff Pagefile Backed Memory r True False False -
private_0x0000000001e40000 0x01e40000 0x01ebffff Private Memory - True False False -
private_0x0000000001ed0000 0x01ed0000 0x01f0ffff Private Memory rw True False False -
private_0x0000000001f10000 0x01f10000 0x0200ffff Private Memory rw True False False -
sortdefault.nls 0x02010000 0x022defff Memory Mapped File r False False False -
private_0x00000000022e0000 0x022e0000 0x026dffff Private Memory - True False False -
private_0x00000000026e0000 0x026e0000 0x02adffff Private Memory - True False False -
private_0x0000000002ae0000 0x02ae0000 0x02b5ffff Private Memory - True False False -
private_0x0000000002b60000 0x02b60000 0x02f5ffff Private Memory - True False False -
private_0x0000000002f60000 0x02f60000 0x02fdffff Private Memory - True False False -
private_0x0000000002fe0000 0x02fe0000 0x033dffff Private Memory - True False False -
private_0x00000000033e0000 0x033e0000 0x0345ffff Private Memory - True False False -
pagefile_0x0000000003460000 0x03460000 0x03852fff Pagefile Backed Memory r True False False -
private_0x0000000003860000 0x03860000 0x0395ffff Private Memory rw True False False -
private_0x0000000003960000 0x03960000 0x03a5ffff Private Memory rw True False False -
private_0x0000000003a60000 0x03a60000 0x03b5ffff Private Memory rw True False False -
private_0x0000000003a60000 0x03a60000 0x03aeffff Private Memory rw True False False -
private_0x0000000003b20000 0x03b20000 0x03b5ffff Private Memory rw True False False -
staticcache.dat 0x03b60000 0x0448ffff Memory Mapped File r False False False -
private_0x0000000004490000 0x04490000 0x045cffff Private Memory rw True False False -
security.dll 0x6de20000 0x6de22fff Memory Mapped File rwx False False False -
winmm.dll 0x6e9f0000 0x6ea21fff Memory Mapped File rwx False False False -
webio.dll 0x6fcf0000 0x6fd3efff Memory Mapped File rwx False False False -
winhttp.dll 0x6fd40000 0x6fd97fff Memory Mapped File rwx False False False -
winspool.drv 0x70200000 0x70250fff Memory Mapped File rwx False False False -
olepro32.dll 0x71de0000 0x71df8fff Memory Mapped File rwx False False False -
faultrep.dll 0x71e00000 0x71e51fff Memory Mapped File rwx False False False -
wsock32.dll 0x71e60000 0x71e66fff Memory Mapped File rwx False False False -
shfolder.dll 0x71f00000 0x71f04fff Memory Mapped File rwx False False False -
msimg32.dll 0x71f50000 0x71f54fff Memory Mapped File rwx False False False -
ntmarta.dll 0x73c00000 0x73c20fff Memory Mapped File rwx False False False -
wkscli.dll 0x73c40000 0x73c4efff Memory Mapped File rwx False False False -
netutils.dll 0x73c50000 0x73c58fff Memory Mapped File rwx False False False -
netapi32.dll 0x73c60000 0x73c70fff Memory Mapped File rwx False False False -
wtsapi32.dll 0x73d60000 0x73d6cfff Memory Mapped File rwx False False False -
dwmapi.dll 0x73eb0000 0x73ec2fff Memory Mapped File rwx False False False -
gdiplus.dll 0x74050000 0x741dffff Memory Mapped File rwx False False False -
uxtheme.dll 0x741e0000 0x7421ffff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
version.dll 0x748d0000 0x748d8fff Memory Mapped File rwx False False False -
srvcli.dll 0x75220000 0x75238fff Memory Mapped File rwx False False False -
secur32.dll 0x75290000 0x75297fff Memory Mapped File rwx False False False -
sspicli.dll 0x752b0000 0x752cafff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
winsta.dll 0x75340000 0x75368fff Memory Mapped File rwx False False False -
msasn1.dll 0x753f0000 0x753fbfff Memory Mapped File rwx False False False -
crypt32.dll 0x75420000 0x7553cfff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
wintrust.dll 0x75650000 0x7567cfff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
wldap32.dll 0x75730000 0x75774fff Memory Mapped File rwx False False False -
nsi.dll 0x75810000 0x75815fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
wininet.dll 0x76650000 0x76744fff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
urlmon.dll 0x76e70000 0x76fa5fff Memory Mapped File rwx False False False -
iertutil.dll 0x76fb0000 0x771aafff Memory Mapped File rwx False False False -
comdlg32.dll 0x771b0000 0x7722afff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
ws2_32.dll 0x77380000 0x773b4fff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Hook Information
»
Type Installer Target Size Information Actions
Code rutserv.exe:+0xb0db6 kernel32.dll:CreateThread+0x1c 4 bytes -
...
IAT rutserv.exe:+0x7549e 1140. entry of shell32.dll 4 bytes kernel32.dll:QueueUserWorkItem+0x0 now points to rutserv.exe:__dbk_fcall_wrapper+0x9ed44
...
IAT rutserv.exe:+0x7549e 53. entry of shlwapi.dll 4 bytes kernel32.dll:QueueUserWorkItem+0x0 now points to rutserv.exe:__dbk_fcall_wrapper+0x9ed44
...
Threads
Thread 0x89c
1377 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\program files\remote utilities - host\rutserv.exe, base_address = 0x400000 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetThreadPreferredUILanguages, address_out = 0x769522d7 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = SetThreadPreferredUILanguages, address_out = 0x7694e627 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetThreadUILanguage, address_out = 0x7694ae42 True 1
Fn
System Get Info type = Hardware Information True 1
Fn
System Get Info type = Operating System True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\program files\remote utilities - host\rutserv.exe, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 522 True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 261 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Embarcadero\Locales False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\CodeGear\Locales False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\CodeGear\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Borland\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Borland\Delphi\Locales False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x7694be77 True 1
Fn
System Get Info type = Hardware Information True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetDiskFreeSpaceExW, address_out = 0x7694de40 True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 261 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Embarcadero\Locales False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\CodeGear\Locales False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\CodeGear\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Borland\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Borland\Delphi\Locales False 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetLogicalProcessorInformation, address_out = 0x76942004 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetLogicalProcessorInformation, address_out = 0x76942004 True 1
Fn
Module Get Handle module_name = c:\windows\system32\oleaut32.dll, base_address = 0x76c10000 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VariantChangeTypeEx, address_out = 0x76c14c28 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarNeg, address_out = 0x76c8c802 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarNot, address_out = 0x76c8ec66 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarAdd, address_out = 0x76c35934 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarSub, address_out = 0x76c8d332 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarMul, address_out = 0x76c8dbd4 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarDiv, address_out = 0x76c8e405 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarIdiv, address_out = 0x76c8f00a True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarMod, address_out = 0x76c8f15e True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarAnd, address_out = 0x76c35a98 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarOr, address_out = 0x76c8ecfa True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarXor, address_out = 0x76c8ee2e True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarCmp, address_out = 0x76c2b0dc True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarI4FromStr, address_out = 0x76c26fab True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarR4FromStr, address_out = 0x76c301a0 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarR8FromStr, address_out = 0x76c2699e True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarDateFromStr, address_out = 0x76c36ba7 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarCyFromStr, address_out = 0x76c56c12 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarBoolFromStr, address_out = 0x76c2dbd1 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromCy, address_out = 0x76c37fdc True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromDate, address_out = 0x76c27a2a True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromBool, address_out = 0x76c30355 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Address module_name = c:\program files\remote utilities - host\rutserv.exe, function = GetLeakReport, address_out = 0x0 False 1
Fn
File Open Mapping filename = madExceptRestart$504, desired_access = FILE_MAP_READ False 1
Fn
System Get Info type = Operating System True 1
Fn
File Create Directory C:\Users\EEBsYm5\AppData\Local\Temp\ False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 True 1
Fn
File Create Directory C:\Users\EEBsYm5\AppData\Local\Temp\rutserv.madExcept True 1
Fn
System Get Info type = Operating System True 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Local\Temp\rutserv.madExcept\, type = file_attributes True 1
Fn
File Delete filename = C:\Users\EEBsYm5\AppData\Local\Temp\rutserv.madExcept\. False 1
Fn
File Delete filename = C:\Users\EEBsYm5\AppData\Local\Temp\rutserv.madExcept\.. False 1
Fn
File Delete Directory directory = C:\Users\EEBsYm5\AppData\Local\Temp\rutserv.madExcept\ True 1
Fn
Module Get Address module_name = c:\program files\remote utilities - host\rutserv.exe, function = @Madexcept@initialization$qqrv, address_out = 0x0 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = FaultRep.dll, base_address = 0x71e00000 True 1
Fn
Module Get Address module_name = c:\windows\system32\faultrep.dll, function = ReportFault, address_out = 0x71e05457 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = OpenThread, address_out = 0x76966733 True 1
Fn
Module Get Handle module_name = c:\windows\system32\ntdll.dll, base_address = 0x77230000 True 1
Fn
Module Get Address module_name = c:\windows\system32\ntdll.dll, function = NtOpenThread, address_out = 0x77275e08 True 1
Fn
Module Get Handle module_name = c:\windows\system32\advapi32.dll, base_address = 0x769f0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = SetEntriesInAclA, address_out = 0x76a415e9 True 1
Fn
Mutex Create mutex_name = madExceptSettingsMtx$504 True 1
Fn
Module Get Handle module_name = c:\windows\system32\advapi32.dll, base_address = 0x769f0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = SetEntriesInAclA, address_out = 0x76a415e9 True 1
Fn
File Open Mapping filename = madExceptSettingsBuf2$504, desired_access = FILE_MAP_WRITE, FILE_MAP_READ False 1
Fn
Module Create Mapping filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 4 True 1
Fn
Module Map process_name = c:\program files\remote utilities - host\rutserv.exe, desired_access = FILE_MAP_ALL_ACCESS True 1
Fn
Mutex Release mutex_name = madExceptSettingsMtx$504 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\program files\remote utilities - host\rutserv.exe, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\rutserv.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Module Create Mapping module_name = C:\Program Files\Remote Utilities - Host\rutserv.exe, filename = C:\Program Files\Remote Utilities - Host\rutserv.exe, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Program Files\Remote Utilities - Host\rutserv.exe, process_name = c:\program files\remote utilities - host\rutserv.exe, desired_access = FILE_MAP_READ True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\rutserv.exe, type = size True 1
Fn
Module Get Handle module_name = c:\program files\remote utilities - host\rutserv.exe, base_address = 0x400000 True 1
Fn
System Get Info type = Operating System True 2
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 眰, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\program files\remote utilities - host\rutserv.exe, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winmm.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\webio.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winhttp.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winspool.drv, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\faultrep.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\FaultRep.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wsock32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHFolder.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ntmarta.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wkscli.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\netutils.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\netapi32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\version.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\srvcli.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\MSASN1.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\CRYPT32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\KERNELBASE.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wintrust.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\RPCRT4.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\WLDAP32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\NSI.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHELL32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\LPK.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wininet.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ole32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\kernel32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\advapi32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ADVAPI32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\msvcrt.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\USER32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\oleaut32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\OLEAUT32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\MSCTF.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\USP10.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHLWAPI.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\urlmon.dll, size = 260 True 1
Fn
Module Create Mapping filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 20 True 1
Fn
Module Map process_name = c:\program files\remote utilities - host\rutserv.exe, desired_access = FILE_MAP_ALL_ACCESS True 1
Fn
Mutex Create - True 1
Fn
Mutex Create - True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\ntdll.dll, base_address = 0x77230000 True 1
Fn
Module Get Address module_name = c:\windows\system32\ntdll.dll, function = NtQuerySystemInformation, address_out = 0x772761f8 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\ntdll.dll, base_address = 0x77230000 True 1
Fn
Module Get Address module_name = c:\windows\system32\ntdll.dll, function = RtlGetVersion, address_out = 0x772965e3 True 1
Fn
System Get Info type = Operating System False 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x7694be77 True 1
Fn
System Get Info type = Hardware Information True 1
Fn
Mutex Release - True 1
Fn
Module Get Handle module_name = c:\program files\remote utilities - host\rutserv.exe, base_address = 0x400000 True 1
Fn
Module Get Address module_name = Unknown module name, address_out = 0x0 False 1
Fn
Module Get Handle module_name = vcl320.bpl, base_address = 0x0 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\program files\remote utilities - host\rutserv.exe, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winmm.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\webio.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winhttp.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winspool.drv, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\faultrep.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\FaultRep.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wsock32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHFolder.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ntmarta.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wkscli.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\netutils.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\netapi32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\version.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\srvcli.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\MSASN1.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\CRYPT32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\KERNELBASE.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wintrust.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\RPCRT4.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\WLDAP32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\NSI.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHELL32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\LPK.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wininet.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ole32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\kernel32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\advapi32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ADVAPI32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\msvcrt.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\USER32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\oleaut32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\OLEAUT32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\MSCTF.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\USP10.dll, size = 260 True 1
Fn
File Create Pipe pipe_name = Anonymous read pipe, size = 0 True 1
Fn
Thread Open os_tid = 0x6c4 True 1
Fn
Mutex Release - True 1
Fn
Mutex Create - True 1
Fn
Mutex Release - True 1
Fn
Module Get Handle module_name = c:\program files\remote utilities - host\rutserv.exe, base_address = 0x400000 True 1
Fn
Window Create wndproc_parameter = 0 True 1
Fn
Mutex Release - True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = ChangeWindowMessageFilterEx, address_out = 0x76b524c8 True 1
Fn
Mutex Release - True 2
Fn
Module Get Handle module_name = c:\windows\system32\msvcrt.dll, base_address = 0x76a90000 True 1
Fn
Module Get Address module_name = c:\windows\system32\msvcrt.dll, function = _CxxThrowException, address_out = 0x76ab3557 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\program files\remote utilities - host\rutserv.exe, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 True 1
Fn
System Get Info type = Operating System True 3
Fn
Module Get Filename module_name = c:\windows\system32\kernel32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 2
Fn
Module Get Handle module_name = c:\program files\remote utilities - host\rutserv.exe, base_address = 0x400000 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernelbase.dll, base_address = 0x75540000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernelbase.dll, function = CreateRemoteThreadEx, address_out = 0x7554be34 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = CreateThread, address_out = 0x7696375d True 1
Fn
Module Get Handle module_name = c:\windows\system32\msvcrt.dll, base_address = 0x76a90000 True 1
Fn
Module Get Address module_name = c:\windows\system32\msvcrt.dll, function = _CxxThrowException, address_out = 0x76ab3557 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\kernel32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 3
Fn
Module Get Filename module_name = c:\windows\system32\kernelbase.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\KERNELBASE.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 2
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Filename module_name = c:\program files\remote utilities - host\rutserv.exe, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 256 True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3215343 True 1
Fn
Window Create window_name = rutserv, class_name = TApplication, wndproc_parameter = 0 True 1
Fn
Module Load module_name = wtsapi32.dll, base_address = 0x73d60000 True 1
Fn
Module Get Address module_name = c:\windows\system32\wtsapi32.dll, function = WTSRegisterSessionNotification, address_out = 0x73d61cbc True 1
Fn
Module Load module_name = uxtheme.dll, base_address = 0x741e0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BufferedPaintInit, address_out = 0x741e940e True 1
Fn
Window Set Attribute window_name = rutserv, class_name = TApplication, index = 18446744073709551612, new_long = 3215330 True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = AnimateWindow, address_out = 0x76b70620 True 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74360000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = InitializeFlatSB, address_out = 0x7443f803 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = UninitializeFlatSB, address_out = 0x7436d1ea True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollProp, address_out = 0x7443f81f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollProp, address_out = 0x743e07d0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_EnableScrollBar, address_out = 0x7443f84b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_ShowScrollBar, address_out = 0x7443f83a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollRange, address_out = 0x7443f829 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollInfo, address_out = 0x743e08b6 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollPos, address_out = 0x7443f80e True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollPos, address_out = 0x743e0894 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollInfo, address_out = 0x743e08c7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollRange, address_out = 0x743e08a5 True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = SetLayeredWindowAttributes, address_out = 0x76b4a6dc True 1
Fn
Module Get Filename module_name = vcl320.bpl, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 261 True 1
Fn
System Get Info type = Hardware Information True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Filename module_name = c:\windows\system32\kernel32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 261 True 1
Fn
System Get Info type = Operating System True 1
Fn
System Get Computer Name result_out = CRH2YWU7 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = InstallDate, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = InstallDate, data = 1496235695, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductName, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductName, data = Windows 7 Professional, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductId, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductId, data = 00371-223-0192682-86871, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography, value_name = MachineGuid, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography, value_name = MachineGuid, data = cdd36b99-6027-4bbf-bf10-e7f8b416e3fb, type = REG_SZ True 1
Fn
System Get Computer Name result_out = cRh2YWu7, type = ComputerNameDnsFullyQualified True 2
Fn
Module Load module_name = olepro32.dll, base_address = 0x71de0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\olepro32.dll, function = OleCreatePropertyFrame, address_out = 0x71de20ea True 1
Fn
Module Get Address module_name = c:\windows\system32\olepro32.dll, function = OleCreateFontIndirect, address_out = 0x71de20b7 True 1
Fn
Module Get Address module_name = c:\windows\system32\olepro32.dll, function = OleCreatePictureIndirect, address_out = 0x71de20c8 True 1
Fn
Module Get Address module_name = c:\windows\system32\olepro32.dll, function = OleLoadPicture, address_out = 0x71de20d9 True 1
Fn
Module Load module_name = security.dll, base_address = 0x6de20000 True 1
Fn
Module Get Address module_name = c:\windows\system32\security.dll, function = InitSecurityInterfaceW, address_out = 0x752b5b53 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = InitializeCriticalSection, address_out = 0x7728a149 True 1
Fn
Module Load module_name = uxtheme.dll, base_address = 0x741e0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = OpenThemeData, address_out = 0x741e73d2 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = CloseThemeData, address_out = 0x741e6a18 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeBackground, address_out = 0x741e3982 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeText, address_out = 0x741e4ea1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundContentRect, address_out = 0x741ecd2e True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundExtent, address_out = 0x741ef8bf True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePartSize, address_out = 0x741ecdb1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeTextExtent, address_out = 0x741e2d57 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeTextMetrics, address_out = 0x741ef992 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundRegion, address_out = 0x741f165d True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = HitTestThemeBackground, address_out = 0x741f3ce3 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeEdge, address_out = 0x74203b52 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeIcon, address_out = 0x742135e7 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemePartDefined, address_out = 0x741e85b4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeBackgroundPartiallyTransparent, address_out = 0x741e60ab True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeColor, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeMetric, address_out = 0x741f06e2 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeString, address_out = 0x742122e4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBool, address_out = 0x741e7c1f True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeInt, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeEnumValue, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePosition, address_out = 0x74212350 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeFont, address_out = 0x741eff21 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeRect, address_out = 0x741f3611 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeMargins, address_out = 0x741e86e9 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeIntList, address_out = 0x742123b1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePropertyOrigin, address_out = 0x74203fbb True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = SetWindowTheme, address_out = 0x741f0134 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeFilename, address_out = 0x74212412 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysColor, address_out = 0x74203274 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysColorBrush, address_out = 0x7421301e True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysBool, address_out = 0x74213172 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysSize, address_out = 0x7421320b True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysFont, address_out = 0x742129c4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysString, address_out = 0x74212b3f True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysInt, address_out = 0x74212bd3 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeActive, address_out = 0x741ef785 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsAppThemed, address_out = 0x741ef869 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetWindowTheme, address_out = 0x741edf46 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = EnableThemeDialogTexture, address_out = 0x741efcaf True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeDialogTextureEnabled, address_out = 0x7421312b True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeAppProperties, address_out = 0x741f0fb1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = SetThemeAppProperties, address_out = 0x74213296 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetCurrentThemeName, address_out = 0x741f05dd True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeDocumentationProperty, address_out = 0x74212932 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeParentBackground, address_out = 0x741e53e5 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = EnableTheming, address_out = 0x74212feb True 1
Fn
System Register Hook type = WH_CBT, hookproc_address = 0x65b278 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = IsWow64Process, address_out = 0x76954785 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueueUserWorkItem, address_out = 0x76953c22 True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3215304 True 1
Fn
Module Load module_name = UxTheme.dll, base_address = 0x741e0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = CloseThemeData, address_out = 0x741e6a18 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeBackground, address_out = 0x741e3982 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeEdge, address_out = 0x74203b52 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeIcon, address_out = 0x742135e7 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeParentBackground, address_out = 0x741e53e5 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeText, address_out = 0x741e4ea1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeTextEx, address_out = 0x741e63e6 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = EnableThemeDialogTexture, address_out = 0x741efcaf True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetCurrentThemeName, address_out = 0x741f05dd True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeAppProperties, address_out = 0x741f0fb1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundContentRect, address_out = 0x741ecd2e True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundRegion, address_out = 0x741f165d True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundExtent, address_out = 0x741ef8bf True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBool, address_out = 0x741e7c1f True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeColor, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeDocumentationProperty, address_out = 0x74212932 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeEnumValue, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeFilename, address_out = 0x74212412 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeFont, address_out = 0x741eff21 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeInt, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeIntList, address_out = 0x742123b1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeMargins, address_out = 0x741e86e9 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeMetric, address_out = 0x741f06e2 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePartSize, address_out = 0x741ecdb1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePosition, address_out = 0x74212350 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePropertyOrigin, address_out = 0x74203fbb True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeRect, address_out = 0x741f3611 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeString, address_out = 0x742122e4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysBool, address_out = 0x74213172 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysColor, address_out = 0x74203274 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysColorBrush, address_out = 0x7421301e True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysFont, address_out = 0x742129c4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysInt, address_out = 0x74212bd3 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysSize, address_out = 0x7421320b True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysString, address_out = 0x74212b3f True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeTextExtent, address_out = 0x741e2d57 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeTextMetrics, address_out = 0x741ef992 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetWindowTheme, address_out = 0x741edf46 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = HitTestThemeBackground, address_out = 0x741f3ce3 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsAppThemed, address_out = 0x741ef869 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeActive, address_out = 0x741ef785 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemePartDefined, address_out = 0x741e85b4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeBackgroundPartiallyTransparent, address_out = 0x741e60ab True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeDialogTextureEnabled, address_out = 0x7421312b True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = OpenThemeData, address_out = 0x741e73d2 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = SetThemeAppProperties, address_out = 0x74213296 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = SetWindowTheme, address_out = 0x741f0134 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BeginBufferedPaint, address_out = 0x741e49a1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BufferedPaintClear, address_out = 0x741e6395 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BufferedPaintInit, address_out = 0x741e940e True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BufferedPaintSetAlpha, address_out = 0x741fe6b3 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BufferedPaintUnInit, address_out = 0x741e94ab True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = EndBufferedPaint, address_out = 0x741e3f9a True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BeginPanningFeedback, address_out = 0x74210731 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = UpdatePanningFeedback, address_out = 0x7421068d True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = EndPanningFeedback, address_out = 0x742106cc True 1
Fn
Module Load module_name = Shcore.dll, base_address = 0x0 False 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = GetSystemMetricsForDpi, address_out = 0x0 False 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = GetGestureInfo, address_out = 0x76b8b30d True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = CloseGestureInfoHandle, address_out = 0x76b8b38a True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = SetGestureConfig, address_out = 0x76b44715 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = LogicalToPhysicalPoint, address_out = 0x76b76e4f True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = PhysicalToLogicalPoint, address_out = 0x76b76e63 True 1
Fn
Module Load module_name = user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = IsProcessDPIAware, address_out = 0x76b5212e True 1
Fn
System Register Hook type = WH_CALLWNDPROC, hookproc_address = 0x9cdb7c True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3215291 True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = WindowFromDC, address_out = 0x76b52116 True 1
Fn
Module Load module_name = gdiplus.dll, base_address = 0x74050000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipAlloc, address_out = 0x74092437 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipFree, address_out = 0x740924b2 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdiplusStartup, address_out = 0x74075600 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdiplusShutdown, address_out = 0x740756be True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCloneBrush, address_out = 0x7407d7e8 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDeleteBrush, address_out = 0x7407d8c2 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetBrushType, address_out = 0x7407d95f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateSolidFill, address_out = 0x7409701b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetSolidFillColor, address_out = 0x7407dfe0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetSolidFillColor, address_out = 0x7407e083 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreatePathGradient, address_out = 0x7409682f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreatePathGradientI, address_out = 0x740968f1 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreatePathGradientFromPath, address_out = 0x74096a43 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientCenterColor, address_out = 0x7407f0ce True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientCenterColor, address_out = 0x7407f196 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientSurroundColorsWithCount, address_out = 0x7407f23a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientSurroundColorsWithCount, address_out = 0x7407f368 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientPath, address_out = 0x7407f524 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientPath, address_out = 0x7407f524 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientCenterPoint, address_out = 0x7407f567 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientCenterPointI, address_out = 0x7407f621 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientCenterPoint, address_out = 0x7407f6b5 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientCenterPointI, address_out = 0x7407f76f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientRect, address_out = 0x7407f94a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientRectI, address_out = 0x7407f9ff True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientPointCount, address_out = 0x7407f7dd True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientSurroundColorCount, address_out = 0x7407f890 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientGammaCorrection, address_out = 0x7407fab7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientGammaCorrection, address_out = 0x7407fb54 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientBlendCount, address_out = 0x7407e7f0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientBlend, address_out = 0x7407fc07 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientBlend, address_out = 0x7407e97a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientPresetBlendCount, address_out = 0x7407fcdb True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientPresetBlend, address_out = 0x7407fd95 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientPresetBlend, address_out = 0x7407ff41 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientSigmaBlend, address_out = 0x74080184 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientLinearBlend, address_out = 0x7407eeb7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientWrapMode, address_out = 0x7407f01b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientWrapMode, address_out = 0x74080236 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientTransform, address_out = 0x740802da True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientTransform, address_out = 0x7407dc34 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipResetPathGradientTransform, address_out = 0x7407dd3d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipMultiplyPathGradientTransform, address_out = 0x740803e3 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipTranslatePathGradientTransform, address_out = 0x740804fc True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipScalePathGradientTransform, address_out = 0x740805d5 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipRotatePathGradientTransform, address_out = 0x7407dde0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientFocusScales, address_out = 0x740806ae True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientFocusScales, address_out = 0x74080793 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrush, address_out = 0x7407e139 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrushI, address_out = 0x7407e22f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrushFromRect, address_out = 0x7407e2fe True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrushFromRectI, address_out = 0x7407e3ee True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrushFromRectWithAngle, address_out = 0x7407e4b6 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrushFromRectWithAngleI, address_out = 0x7407e5ad True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineRect, address_out = 0x7407f94a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineRectI, address_out = 0x7407f9ff True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineColors, address_out = 0x7407e67c True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineColors, address_out = 0x7407e731 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineGammaCorrection, address_out = 0x74075765 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineGammaCorrection, address_out = 0x740757be True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineBlendCount, address_out = 0x7407e7f0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineBlend, address_out = 0x7407e8a6 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineBlend, address_out = 0x7407e97a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLinePresetBlendCount, address_out = 0x7407fcdb True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLinePresetBlend, address_out = 0x7407ea4e True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLinePresetBlend, address_out = 0x7407ec63 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineSigmaBlend, address_out = 0x74080184 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineLinearBlend, address_out = 0x7407eeb7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineWrapMode, address_out = 0x7407ef69 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineWrapMode, address_out = 0x7407f01b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineTransform, address_out = 0x740802da True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineTransform, address_out = 0x7407dc34 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipResetLineTransform, address_out = 0x7407dd3d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipMultiplyLineTransform, address_out = 0x740803e3 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipTranslateLineTransform, address_out = 0x740804fc True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipScaleLineTransform, address_out = 0x740805d5 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipRotateLineTransform, address_out = 0x7407dde0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateHatchBrush, address_out = 0x74096266 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetHatchStyle, address_out = 0x7407da12 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetHatchForegroundColor, address_out = 0x7407dac8 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetHatchBackgroundColor, address_out = 0x7407db7e True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreatePen1, address_out = 0x7408083a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreatePen2, address_out = 0x7408096b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipClonePen, address_out = 0x74080abe True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDeletePen, address_out = 0x74080b95 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenFillType, address_out = 0x74082491 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenBrushFill, address_out = 0x740822c1 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenBrushFill, address_out = 0x740823cc True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenColor, address_out = 0x74082157 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenColor, address_out = 0x74082201 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenMode, address_out = 0x740819cc True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenMode, address_out = 0x74081a6f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenUnit, address_out = 0x74080d9b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenUnit, address_out = 0x74080e5a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenWidth, address_out = 0x74080c4d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenWidth, address_out = 0x74080ceb True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenDashStyle, address_out = 0x7408254e True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenDashStyle, address_out = 0x740825fe True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenLineCap197819, address_out = 0x74080f0a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenStartCap, address_out = 0x74080fb1 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenEndCap, address_out = 0x74081052 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenDashCap197819, address_out = 0x740810f3 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenStartCap, address_out = 0x74081194 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenEndCap, address_out = 0x74081244 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenDashCap197819, address_out = 0x740812f4 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenLineJoin, address_out = 0x740813ab True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenLineJoin, address_out = 0x74081449 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenCustomStartCap, address_out = 0x740814f9 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenCustomStartCap, address_out = 0x74081601 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenCustomEndCap, address_out = 0x740816b8 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenCustomEndCap, address_out = 0x740817c0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenMiterLimit, address_out = 0x74081877 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenMiterLimit, address_out = 0x7408191c True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenTransform, address_out = 0x74081b1f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenTransform, address_out = 0x74081c25 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipResetPenTransform, address_out = 0x74081d2b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipMultiplyPenTransform, address_out = 0x74081dcb True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipTranslatePenTransform, address_out = 0x74081ee1 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipScalePenTransform, address_out = 0x74081fb7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipRotatePenTransform, address_out = 0x7408208d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenDashOffset, address_out = 0x7408269f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenDashOffset, address_out = 0x7408274f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenDashCount, address_out = 0x740827ed True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3215278 True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3215265 True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = EnableNonClientDpiScaling, address_out = 0x0 False 1
Fn
Module Load module_name = dwmapi.dll, base_address = 0x73eb0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmDefWindowProc, address_out = 0x73eb3df4 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmEnableBlurBehindWindow, address_out = 0x73eb2945 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmEnableComposition, address_out = 0x73eb720a True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmEnableMMCSS, address_out = 0x73eb37dd True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmExtendFrameIntoClientArea, address_out = 0x73eb3510 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmGetColorizationColor, address_out = 0x73eb6f9a True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmGetWindowAttribute, address_out = 0x73eb1c76 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmIsCompositionEnabled, address_out = 0x73eb1610 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmSetWindowAttribute, address_out = 0x73eb16c0 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmSetIconicThumbnail, address_out = 0x73eb85ea True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmSetIconicLivePreviewBitmap, address_out = 0x73eb88fd True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmInvalidateIconicBitmaps, address_out = 0x73eb3742 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetDynamicTimeZoneInformation, address_out = 0x76942565 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 2
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Display, data = (UTC+04:30) Kabul, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Std, data = Afghanistan Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Dlt, data = Afghanistan Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Display, data = (UTC-09:00) Alaska, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Std, data = Alaskan Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Dlt, data = Alaskan Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST, value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST, value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST, value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST, value_name = LastEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST, value_name = 2006, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST, value_name = 2007, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Display, data = (UTC+03:00) Kuwait, Riyadh, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Std, data = Arab Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Dlt, data = Arab Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Display, data = (UTC+04:00) Abu Dhabi, Muscat, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Std, data = Arabian Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Dlt, data = Arabian Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Display, data = (UTC+03:00) Baghdad, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Std, data = Arabic Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Dlt, data = Arabic Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = LastEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = 2006, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = 2007, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = 2008, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Display, data = (UTC-03:00) Buenos Aires, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Std, data = Argentina Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Dlt, data = Argentina Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = LastEntry, data = 2010, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = 2006, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = 2007, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = 2008, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = 2009, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = 2010, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = Display, data = (UTC-04:00) Atlantic Time (Canada), type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = Std, data = Atlantic Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = Dlt, data = Atlantic Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST, value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST, value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST, value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST, value_name = LastEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST, value_name = 2006, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST, value_name = 2007, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = Display, data = (UTC+09:30) Darwin, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = Std, data = AUS Central Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = Dlt, data = AUS Central Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = Display, data = (UTC+10:00) Canberra, Melbourne, Sydney, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = Std, data = AUS Eastern Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = Dlt, data = AUS Eastern Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST, value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST, value_name = FirstEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST, value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST, value_name = LastEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST, value_name = 2007, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST, value_name = 2008, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = Display, data = (UTC+04:00) Baku, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = Std, data = Azerbaijan Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = Dlt, data = Azerbaijan Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = Display, data = (UTC-01:00) Azores, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = Std, data = Azores Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = Dlt, data = Azores Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = Display, data = (UTC+06:00) Dhaka, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = Std, data = Bangladesh Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = Dlt, data = Bangladesh Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST, value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST, value_name = FirstEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST, value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST, value_name = LastEntry, data = 2010, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST, value_name = 2008, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST, value_name = 2009, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST, value_name = 2010, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = Display, data = (UTC-06:00) Saskatchewan, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = Std, data = Canada Central Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = Dlt, data = Canada Central Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time, value_name = Display, data = (UTC-01:00) Cape Verde Is., type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time, value_name = Std, data = Cape Verde Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time, value_name = Dlt, data = Cape Verde Daylight Time, type = REG_SZ True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = DrawTextW, address_out = 0x76b55b6a True 1
Fn
Module Load module_name = ntdll.dll, base_address = 0x77230000 True 1
Fn
Module Get Address module_name = c:\windows\system32\ntdll.dll, function = NtQuerySystemInformation, address_out = 0x772761f8 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
System Get Time type = Ticks, time = 255092 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
System Get Time type = Ticks, time = 255092 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Process Get filename file_name = C:\Windows\System32\smss.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
System Get Time type = Ticks, time = 255186 True 1
Fn
For performance reasons, the remaining 197 entries are omitted.
The remaining entries can be found in glog.xml.
Thread 0x6c4
31 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = SetThreadDpiAwarenessContext, address_out = 0x0 False 1
Fn
File Read size = 144, size_out = 0 False 52
Fn
Process #32: cmd.exe
81 0
»
Information Value
ID #32
File Name c:\windows\system32\cmd.exe
Command Line cmd /c C:\Users\EEBsYm5\AppData\Local\Temp\killself.bat
Initial Working Directory C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\
Monitor Start Time: 00:03:43, Reason: Child Process
Unmonitor End Time: 00:03:53, Reason: Terminated by Timeout
Monitor Duration 00:00:10
OS Process Information
»
Information Value
PID 0x894
Parent PID 0xf20 (c:\users\eebsym5\appdata\local\temp\7zipsfx.000\installer.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 890
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000040000 0x00040000 0x00040fff Pagefile Backed Memory r True False False -
locale.nls 0x00050000 0x000b6fff Memory Mapped File r False False False -
private_0x00000000000c0000 0x000c0000 0x001bffff Private Memory rw True False False -
pagefile_0x00000000001c0000 0x001c0000 0x001c6fff Pagefile Backed Memory r True False False -
pagefile_0x00000000001d0000 0x001d0000 0x001d1fff Pagefile Backed Memory rw True False False -
private_0x00000000001e0000 0x001e0000 0x001e0fff Private Memory rw True False False -
private_0x00000000001f0000 0x001f0000 0x002effff Private Memory rw True False False -
private_0x00000000002f0000 0x002f0000 0x002f0fff Private Memory rw True False False -
private_0x0000000000300000 0x00300000 0x0030ffff Private Memory rw True False False -
private_0x0000000000330000 0x00330000 0x0033ffff Private Memory rw True False False -
pagefile_0x0000000000340000 0x00340000 0x00407fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000410000 0x00410000 0x00510fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000520000 0x00520000 0x0111ffff Pagefile Backed Memory r True False False -
pagefile_0x0000000001120000 0x01120000 0x01282fff Pagefile Backed Memory r True False False -
cmd.exe 0x49e70000 0x49ebbfff Memory Mapped File rwx True False False -
winbrand.dll 0x6de30000 0x6de36fff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Threads
Thread 0x890
81 0
»
Category Operation Information Success Count Logfile
System Get Time type = System Time, time = 2018-08-28 10:30:00 (UTC) True 1
Fn
System Get Time type = Ticks, time = 256496 True 1
Fn
Module Get Handle module_name = c:\windows\system32\cmd.exe, base_address = 0x49e70000 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = SetThreadUILanguage, address_out = 0x769624c2 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 3
Fn
File Open filename = STD_INPUT_HANDLE True 2
Fn
Environment Get Environment String - True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 56, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Module Get Filename process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 True 1
Fn
Environment Get Environment String name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ True 1
Fn
Environment Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 1
Fn
Environment Get Environment String name = PROMPT False 1
Fn
Environment Set Environment String name = PROMPT, value = $P$G True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Environment Get Environment String name = COMSPEC, result_out = C:\Windows\system32\cmd.exe True 1
Fn
Environment Get Environment String name = KEYS False 1
Fn
File Get Info filename = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000, type = file_attributes True 2
Fn
Environment Set Environment String name = =C:, value = C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000 True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = CopyFileExW, address_out = 0x7694ac6c True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76953ea8 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x76962732 True 1
Fn
Environment Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 1
Fn
Module Load module_name = ADVAPI32.dll, base_address = 0x769f0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = SaferIdentifyLevel, address_out = 0x76a12102 True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = SaferComputeTokenFromLevel, address_out = 0x76a13352 True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = SaferCloseLevel, address_out = 0x76a13825 True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\killself.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open filename = STD_INPUT_HANDLE True 2
Fn
File Read filename = STD_INPUT_HANDLE, size = 8191, size_out = 422 True 1
Fn
Data
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Get Info filename = STD_INPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\EEBsYm5\AppData\Local\Temp\killself.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open filename = STD_INPUT_HANDLE True 2
Fn
File Read filename = STD_INPUT_HANDLE, size = 8191, size_out = 412 True 1
Fn
Data
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Read filename = STD_INPUT_HANDLE, size = 8191, size_out = 343 True 1
Fn
Data
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Read filename = STD_INPUT_HANDLE, size = 8191, size_out = 412 True 1
Fn
Data
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Read filename = STD_INPUT_HANDLE, size = 8191, size_out = 343 True 1
Fn
Data
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Read filename = STD_INPUT_HANDLE, size = 8191, size_out = 412 True 1
Fn
Data
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Read filename = STD_INPUT_HANDLE, size = 8191, size_out = 343 True 1
Fn
Data
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Read filename = STD_INPUT_HANDLE, size = 8191, size_out = 412 True 1
Fn
Data
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Read filename = STD_INPUT_HANDLE, size = 8191, size_out = 343 True 1
Fn
Data
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Read filename = STD_INPUT_HANDLE, size = 8191, size_out = 412 True 1
Fn
Data
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Read filename = STD_INPUT_HANDLE, size = 8191, size_out = 343 True 1
Fn
Data
Process #35: services.exe
0 0
»
Information Value
ID #35
File Name c:\windows\system32\services.exe
Command Line C:\Windows\system32\services.exe
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:44, Reason: Created Daemon
Unmonitor End Time: 00:03:53, Reason: Terminated by Timeout
Monitor Duration 00:00:09
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x1d8
Parent PID 0x178 (c:\windows\system32\wininit.exe)
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x CDC
0x 110
0x 550
0x 4A0
0x 288
0x 250
0x 22C
0x 220
0x 474
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x00026fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000040000 0x00040000 0x00040fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000050000 0x00050000 0x00051fff Pagefile Backed Memory rw True False False -
private_0x0000000000060000 0x00060000 0x00060fff Private Memory rw True False False -
private_0x0000000000070000 0x00070000 0x00070fff Private Memory rw True False False -
locale.nls 0x000d0000 0x00136fff Memory Mapped File r False False False -
pagefile_0x0000000000140000 0x00140000 0x00207fff Pagefile Backed Memory r True False False -
private_0x0000000000250000 0x00250000 0x0034ffff Private Memory rw True False False -
pagefile_0x0000000000350000 0x00350000 0x00450fff Pagefile Backed Memory r True False False -
private_0x00000000004a0000 0x004a0000 0x004a0fff Private Memory rw True False False -
private_0x00000000004b0000 0x004b0000 0x004bffff Private Memory rw True False False -
private_0x0000000000500000 0x00500000 0x00500fff Private Memory rw True False False -
services.exe 0x00520000 0x00560fff Memory Mapped File rwx False False False -
pagefile_0x0000000000570000 0x00570000 0x005effff Pagefile Backed Memory r True False False -
pagefile_0x00000000005f0000 0x005f0000 0x009e2fff Pagefile Backed Memory r True False False -
private_0x0000000000a00000 0x00a00000 0x00a3ffff Private Memory rw True False False -
private_0x0000000000a50000 0x00a50000 0x00a8ffff Private Memory rw True False False -
private_0x0000000000b30000 0x00b30000 0x00b6ffff Private Memory rw True False False -
private_0x0000000000b90000 0x00b90000 0x00bcffff Private Memory rw True False False -
private_0x0000000000c30000 0x00c30000 0x00c6ffff Private Memory rw True False False -
private_0x0000000000cb0000 0x00cb0000 0x00ceffff Private Memory rw True False False -
private_0x0000000000cf0000 0x00cf0000 0x00d2ffff Private Memory rw True False False -
private_0x0000000000d40000 0x00d40000 0x00d7ffff Private Memory rw True False False -
private_0x0000000000e30000 0x00e30000 0x00e6ffff Private Memory rw True False False -
private_0x0000000000fa0000 0x00fa0000 0x00fdffff Private Memory rw True False False -
private_0x0000000001050000 0x01050000 0x0114ffff Private Memory rw True False False -
sortdefault.nls 0x01150000 0x0141efff Memory Mapped File r False False False -
private_0x0000000001420000 0x01420000 0x0151ffff Private Memory rw True False False -
private_0x0000000001520000 0x01520000 0x0161ffff Private Memory rw True False False -
private_0x0000000001620000 0x01620000 0x0181ffff Private Memory rw True False False -
private_0x0000000001820000 0x01820000 0x01c1ffff Private Memory rw True False False -
wtsapi32.dll 0x73d60000 0x73d6cfff Memory Mapped File rwx False False False -
wshtcpip.dll 0x74960000 0x74964fff Memory Mapped File rwx False False False -
ubpm.dll 0x74af0000 0x74b1bfff Memory Mapped File rwx False False False -
credssp.dll 0x74b20000 0x74b27fff Memory Mapped File rwx False False False -
wship6.dll 0x74e00000 0x74e05fff Memory Mapped File rwx False False False -
mswsock.dll 0x74e10000 0x74e4bfff Memory Mapped File rwx False False False -
authz.dll 0x74fe0000 0x74ffafff Memory Mapped File rwx False False False -
srvcli.dll 0x75220000 0x75238fff Memory Mapped File rwx False False False -
scesrv.dll 0x75240000 0x7528dfff Memory Mapped File rwx False False False -
secur32.dll 0x75290000 0x75297fff Memory Mapped File rwx False False False -
scext.dll 0x752a0000 0x752aefff Memory Mapped File rwx False False False -
sspicli.dll 0x752b0000 0x752cafff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
winsta.dll 0x75340000 0x75368fff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x75370000 0x7537dfff Memory Mapped File rwx False False False -
profapi.dll 0x75380000 0x7538afff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
nsi.dll 0x75810000 0x75815fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
ws2_32.dll 0x77380000 0x773b4fff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
private_0x000000007ffac000 0x7ffac000 0x7ffacfff Private Memory rw True False False -
private_0x000000007ffae000 0x7ffae000 0x7ffaefff Private Memory rw True False False -
private_0x000000007ffaf000 0x7ffaf000 0x7ffaffff Private Memory rw True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffd3000 0x7ffd3000 0x7ffd3fff Private Memory rw True False False -
private_0x000000007ffd8000 0x7ffd8000 0x7ffd8fff Private Memory rw True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory rw True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Process #45: rutserv.exe
1407 0
»
Information Value
ID #45
File Name c:\program files\remote utilities - host\rutserv.exe
Command Line "C:\Program Files\Remote Utilities - Host\rutserv.exe"
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:44, Reason: Child Process
Unmonitor End Time: 00:03:53, Reason: Terminated by Timeout
Monitor Duration 00:00:09
OS Process Information
»
Information Value
PID 0x7ec
Parent PID 0x1d8 (c:\windows\system32\services.exe)
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x 8B8
0x 174
0x 508
0x 63C
0x 7AC
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x00020fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x0012ffff Private Memory rw True False False -
pagefile_0x0000000000130000 0x00130000 0x00133fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000140000 0x00140000 0x00141fff Pagefile Backed Memory r True False False -
locale.nls 0x00150000 0x001b6fff Memory Mapped File r False False False -
pagefile_0x00000000001c0000 0x001c0000 0x00287fff Pagefile Backed Memory r True False False -
private_0x0000000000290000 0x00290000 0x00290fff Private Memory rw True False False -
pagefile_0x00000000002a0000 0x002a0000 0x002a0fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000002b0000 0x002b0000 0x002b1fff Pagefile Backed Memory r True False False -
private_0x00000000002c0000 0x002c0000 0x002c0fff Private Memory rw True False False -
pagefile_0x00000000002d0000 0x002d0000 0x002d0fff Pagefile Backed Memory rw True False False -
private_0x00000000002e0000 0x002e0000 0x002e0fff Private Memory rwx True False False -
private_0x00000000002f0000 0x002f0000 0x003effff Private Memory rw True False False -
pagefile_0x00000000003f0000 0x003f0000 0x003f6fff Pagefile Backed Memory r True False False -
rutserv.exe 0x00400000 0x00e22fff Memory Mapped File rwx True True False
...
pagefile_0x0000000000e30000 0x00e30000 0x00f30fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000f40000 0x00f40000 0x00f41fff Pagefile Backed Memory rw True False False -
private_0x0000000000f50000 0x00f50000 0x00f5ffff Private Memory rw True False False -
private_0x0000000000f60000 0x00f60000 0x00f6ffff Private Memory rw True False False -
pagefile_0x0000000000f70000 0x00f70000 0x00feffff Pagefile Backed Memory r True False False -
private_0x0000000000ff0000 0x00ff0000 0x0106ffff Private Memory - True False False -
rpcss.dll 0x01070000 0x010cbfff Memory Mapped File r False False False -
pagefile_0x0000000001070000 0x01070000 0x01070fff Pagefile Backed Memory rw True False False -
comctl32.dll.mui 0x01080000 0x01082fff Memory Mapped File rw False False False -
private_0x0000000001090000 0x01090000 0x01090fff Private Memory rw True False False -
private_0x00000000010a0000 0x010a0000 0x010a0fff Private Memory rw True False False -
private_0x00000000010b0000 0x010b0000 0x010b0fff Private Memory rw True False False -
private_0x00000000010c0000 0x010c0000 0x010cffff Private Memory rw True False False -
pagefile_0x00000000010c0000 0x010c0000 0x010c8fff Pagefile Backed Memory rw True False False -
private_0x00000000010c0000 0x010c0000 0x010c0fff Private Memory rwx True False False -
pagefile_0x00000000010d0000 0x010d0000 0x010d8fff Pagefile Backed Memory rw True False False -
private_0x00000000010d0000 0x010d0000 0x010d0fff Private Memory rwx True False False -
private_0x00000000010e0000 0x010e0000 0x010effff Private Memory rw True False False -
private_0x00000000010f0000 0x010f0000 0x0122ffff Private Memory rw True False False -
rutserv.exe 0x01230000 0x01baefff Memory Mapped File r True True False
...
private_0x0000000001230000 0x01230000 0x0132ffff Private Memory rw True False False -
sortdefault.nls 0x01330000 0x015fefff Memory Mapped File r False False False -
private_0x0000000001600000 0x01600000 0x019fffff Private Memory - True False False -
private_0x0000000001a00000 0x01a00000 0x01dfffff Private Memory - True False False -
private_0x0000000001e00000 0x01e00000 0x01e7ffff Private Memory - True False False -
private_0x0000000001e80000 0x01e80000 0x0227ffff Private Memory - True False False -
private_0x0000000002280000 0x02280000 0x022fffff Private Memory - True False False -
private_0x0000000002300000 0x02300000 0x026fffff Private Memory - True False False -
private_0x0000000002700000 0x02700000 0x0277ffff Private Memory - True False False -
pagefile_0x0000000002780000 0x02780000 0x02b72fff Pagefile Backed Memory r True False False -
private_0x0000000002b80000 0x02b80000 0x02c7ffff Private Memory rw True False False -
private_0x0000000002c80000 0x02c80000 0x02d7ffff Private Memory rw True False False -
private_0x0000000002d80000 0x02d80000 0x02ebffff Private Memory rw True False False -
private_0x0000000002d80000 0x02d80000 0x02e1ffff Private Memory rw True False False -
private_0x0000000002e80000 0x02e80000 0x02ebffff Private Memory rw True False False -
private_0x0000000002ec0000 0x02ec0000 0x02ffffff Private Memory rw True False False -
private_0x0000000002ec0000 0x02ec0000 0x02fbffff Private Memory rw True False False -
private_0x0000000002ff0000 0x02ff0000 0x02ffffff Private Memory rw True False False -
private_0x0000000003000000 0x03000000 0x0313ffff Private Memory rw True False False -
private_0x0000000003140000 0x03140000 0x0323ffff Private Memory rw True False False -
private_0x0000000003240000 0x03240000 0x0333ffff Private Memory rw True False False -
security.dll 0x6de20000 0x6de22fff Memory Mapped File rwx False False False -
winmm.dll 0x6e9f0000 0x6ea21fff Memory Mapped File rwx False False False -
idndl.dll 0x6f030000 0x6f03afff Memory Mapped File rwx False False False -
webio.dll 0x6fcf0000 0x6fd3efff Memory Mapped File rwx False False False -
winhttp.dll 0x6fd40000 0x6fd97fff Memory Mapped File rwx False False False -
winspool.drv 0x70200000 0x70250fff Memory Mapped File rwx False False False -
olepro32.dll 0x71de0000 0x71df8fff Memory Mapped File rwx False False False -
faultrep.dll 0x71e00000 0x71e51fff Memory Mapped File rwx False False False -
wsock32.dll 0x71e60000 0x71e66fff Memory Mapped File rwx False False False -
shfolder.dll 0x71f00000 0x71f04fff Memory Mapped File rwx False False False -
msimg32.dll 0x71f50000 0x71f54fff Memory Mapped File rwx False False False -
fwpuclnt.dll 0x736b0000 0x736e7fff Memory Mapped File rwx False False False -
winnsi.dll 0x737c0000 0x737c6fff Memory Mapped File rwx False False False -
iphlpapi.dll 0x737d0000 0x737ebfff Memory Mapped File rwx False False False -
ntmarta.dll 0x73c00000 0x73c20fff Memory Mapped File rwx False False False -
wkscli.dll 0x73c40000 0x73c4efff Memory Mapped File rwx False False False -
netutils.dll 0x73c50000 0x73c58fff Memory Mapped File rwx False False False -
netapi32.dll 0x73c60000 0x73c70fff Memory Mapped File rwx False False False -
wtsapi32.dll 0x73d60000 0x73d6cfff Memory Mapped File rwx False False False -
dwmapi.dll 0x73eb0000 0x73ec2fff Memory Mapped File rwx False False False -
gdiplus.dll 0x74050000 0x741dffff Memory Mapped File rwx False False False -
uxtheme.dll 0x741e0000 0x7421ffff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
version.dll 0x748d0000 0x748d8fff Memory Mapped File rwx False False False -
srvcli.dll 0x75220000 0x75238fff Memory Mapped File rwx False False False -
secur32.dll 0x75290000 0x75297fff Memory Mapped File rwx False False False -
sspicli.dll 0x752b0000 0x752cafff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
winsta.dll 0x75340000 0x75368fff Memory Mapped File rwx False False False -
msasn1.dll 0x753f0000 0x753fbfff Memory Mapped File rwx False False False -
crypt32.dll 0x75420000 0x7553cfff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
wintrust.dll 0x75650000 0x7567cfff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
wldap32.dll 0x75730000 0x75774fff Memory Mapped File rwx False False False -
nsi.dll 0x75810000 0x75815fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
wininet.dll 0x76650000 0x76744fff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
urlmon.dll 0x76e70000 0x76fa5fff Memory Mapped File rwx False False False -
iertutil.dll 0x76fb0000 0x771aafff Memory Mapped File rwx False False False -
comdlg32.dll 0x771b0000 0x7722afff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
normaliz.dll 0x77370000 0x77372fff Memory Mapped File rwx False False False -
ws2_32.dll 0x77380000 0x773b4fff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
private_0x000000007ed60000 0x7ed60000 0x7f6effff Private Memory rw True False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory rw True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory rw True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Hook Information
»
Type Installer Target Size Information Actions
Code rutserv.exe:+0xb0db6 kernel32.dll:CreateThread+0x1c 4 bytes -
...
IAT rutserv.exe:+0x7549e 1140. entry of shell32.dll 4 bytes kernel32.dll:QueueUserWorkItem+0x0 now points to rutserv.exe:__dbk_fcall_wrapper+0x9ed44
...
IAT rutserv.exe:+0x7549e 53. entry of shlwapi.dll 4 bytes kernel32.dll:QueueUserWorkItem+0x0 now points to rutserv.exe:__dbk_fcall_wrapper+0x9ed44
...
Threads
Thread 0x8b8
1378 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\program files\remote utilities - host\rutserv.exe, base_address = 0x400000 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetThreadPreferredUILanguages, address_out = 0x769522d7 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = SetThreadPreferredUILanguages, address_out = 0x7694e627 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetThreadUILanguage, address_out = 0x7694ae42 True 1
Fn
System Get Info type = Hardware Information True 1
Fn
System Get Info type = Operating System True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\program files\remote utilities - host\rutserv.exe, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 522 True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 261 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Embarcadero\Locales False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\CodeGear\Locales False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\CodeGear\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Borland\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Borland\Delphi\Locales False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x7694be77 True 1
Fn
System Get Info type = Hardware Information True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetDiskFreeSpaceExW, address_out = 0x7694de40 True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 261 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Embarcadero\Locales False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\CodeGear\Locales False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\CodeGear\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Borland\Locales False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Borland\Delphi\Locales False 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetLogicalProcessorInformation, address_out = 0x76942004 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetLogicalProcessorInformation, address_out = 0x76942004 True 1
Fn
Module Get Handle module_name = c:\windows\system32\oleaut32.dll, base_address = 0x76c10000 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VariantChangeTypeEx, address_out = 0x76c14c28 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarNeg, address_out = 0x76c8c802 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarNot, address_out = 0x76c8ec66 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarAdd, address_out = 0x76c35934 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarSub, address_out = 0x76c8d332 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarMul, address_out = 0x76c8dbd4 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarDiv, address_out = 0x76c8e405 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarIdiv, address_out = 0x76c8f00a True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarMod, address_out = 0x76c8f15e True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarAnd, address_out = 0x76c35a98 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarOr, address_out = 0x76c8ecfa True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarXor, address_out = 0x76c8ee2e True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarCmp, address_out = 0x76c2b0dc True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarI4FromStr, address_out = 0x76c26fab True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarR4FromStr, address_out = 0x76c301a0 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarR8FromStr, address_out = 0x76c2699e True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarDateFromStr, address_out = 0x76c36ba7 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarCyFromStr, address_out = 0x76c56c12 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarBoolFromStr, address_out = 0x76c2dbd1 True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromCy, address_out = 0x76c37fdc True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromDate, address_out = 0x76c27a2a True 1
Fn
Module Get Address module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromBool, address_out = 0x76c30355 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Address module_name = c:\program files\remote utilities - host\rutserv.exe, function = GetLeakReport, address_out = 0x0 False 1
Fn
File Open Mapping filename = madExceptRestart$7ec, desired_access = FILE_MAP_READ False 1
Fn
System Get Info type = Operating System True 1
Fn
File Create Directory C:\Windows\TEMP\ False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 True 1
Fn
File Create Directory C:\Windows\TEMP\rutserv.madExcept True 1
Fn
System Get Info type = Operating System True 1
Fn
File Get Info filename = C:\Windows\TEMP\rutserv.madExcept\, type = file_attributes True 1
Fn
File Delete filename = C:\Windows\TEMP\rutserv.madExcept\. False 1
Fn
File Delete filename = C:\Windows\TEMP\rutserv.madExcept\.. False 1
Fn
File Delete Directory directory = C:\Windows\TEMP\rutserv.madExcept\ True 1
Fn
Module Get Address module_name = c:\program files\remote utilities - host\rutserv.exe, function = @Madexcept@initialization$qqrv, address_out = 0x0 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = FaultRep.dll, base_address = 0x71e00000 True 1
Fn
Module Get Address module_name = c:\windows\system32\faultrep.dll, function = ReportFault, address_out = 0x71e05457 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = OpenThread, address_out = 0x76966733 True 1
Fn
Module Get Handle module_name = c:\windows\system32\ntdll.dll, base_address = 0x77230000 True 1
Fn
Module Get Address module_name = c:\windows\system32\ntdll.dll, function = NtOpenThread, address_out = 0x77275e08 True 1
Fn
Module Get Handle module_name = c:\windows\system32\advapi32.dll, base_address = 0x769f0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = SetEntriesInAclA, address_out = 0x76a415e9 True 1
Fn
Mutex Create mutex_name = madExceptSettingsMtx$7ec True 1
Fn
Module Get Handle module_name = c:\windows\system32\advapi32.dll, base_address = 0x769f0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = SetEntriesInAclA, address_out = 0x76a415e9 True 1
Fn
File Open Mapping filename = madExceptSettingsBuf2$7ec, desired_access = FILE_MAP_WRITE, FILE_MAP_READ False 1
Fn
Module Create Mapping filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 4 True 1
Fn
Module Map process_name = c:\program files\remote utilities - host\rutserv.exe, desired_access = FILE_MAP_ALL_ACCESS True 1
Fn
Mutex Release mutex_name = madExceptSettingsMtx$7ec True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\program files\remote utilities - host\rutserv.exe, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\rutserv.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Module Create Mapping module_name = C:\Program Files\Remote Utilities - Host\rutserv.exe, filename = C:\Program Files\Remote Utilities - Host\rutserv.exe, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Program Files\Remote Utilities - Host\rutserv.exe, process_name = c:\program files\remote utilities - host\rutserv.exe, desired_access = FILE_MAP_READ True 1
Fn
File Get Info filename = C:\Program Files\Remote Utilities - Host\rutserv.exe, type = size True 1
Fn
Module Create Mapping filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 20 True 1
Fn
Module Map process_name = c:\program files\remote utilities - host\rutserv.exe, desired_access = FILE_MAP_ALL_ACCESS True 1
Fn
Mutex Create - True 1
Fn
Mutex Create - True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\ntdll.dll, base_address = 0x77230000 True 1
Fn
Module Get Address module_name = c:\windows\system32\ntdll.dll, function = NtQuerySystemInformation, address_out = 0x772761f8 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\ntdll.dll, base_address = 0x77230000 True 1
Fn
Module Get Address module_name = c:\windows\system32\ntdll.dll, function = RtlGetVersion, address_out = 0x772965e3 True 1
Fn
System Get Info type = Operating System False 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x7694be77 True 1
Fn
System Get Info type = Hardware Information True 1
Fn
Mutex Release - True 1
Fn
Module Get Handle module_name = c:\program files\remote utilities - host\rutserv.exe, base_address = 0x400000 True 1
Fn
Module Get Address module_name = Unknown module name, address_out = 0x0 False 1
Fn
Module Get Handle module_name = vcl320.bpl, base_address = 0x0 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = 皔潲@ꪭ@﮴ᯈBᯐBH, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\program files\remote utilities - host\rutserv.exe, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winmm.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\webio.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winhttp.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\winspool.drv, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\faultrep.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\FaultRep.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wsock32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHFolder.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ntmarta.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wkscli.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\netutils.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\netapi32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\version.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\srvcli.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\MSASN1.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\CRYPT32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\KERNELBASE.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wintrust.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\RPCRT4.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\WLDAP32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\NSI.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHELL32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\LPK.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\wininet.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ole32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\kernel32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\advapi32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\ADVAPI32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\msvcrt.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\USER32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\oleaut32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\OLEAUT32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\MSCTF.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\USP10.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\SHLWAPI.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\urlmon.dll, size = 260 True 1
Fn
File Create Pipe pipe_name = Anonymous read pipe, size = 0 True 1
Fn
Thread Open os_tid = 0x174 True 1
Fn
Mutex Release - True 1
Fn
Mutex Create - True 1
Fn
Mutex Release - True 1
Fn
Module Get Handle module_name = c:\program files\remote utilities - host\rutserv.exe, base_address = 0x400000 True 1
Fn
Window Create wndproc_parameter = 0 True 1
Fn
Mutex Release - True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = ChangeWindowMessageFilterEx, address_out = 0x76b524c8 True 1
Fn
Mutex Release - True 2
Fn
Module Get Handle module_name = c:\windows\system32\msvcrt.dll, base_address = 0x76a90000 True 1
Fn
Module Get Address module_name = c:\windows\system32\msvcrt.dll, function = _CxxThrowException, address_out = 0x76ab3557 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\program files\remote utilities - host\rutserv.exe, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 260 True 1
Fn
System Get Info type = Operating System True 3
Fn
Module Get Filename module_name = c:\windows\system32\kernel32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 2
Fn
Module Get Handle module_name = c:\program files\remote utilities - host\rutserv.exe, base_address = 0x400000 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernelbase.dll, base_address = 0x75540000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernelbase.dll, function = CreateRemoteThreadEx, address_out = 0x7554be34 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = CreateThread, address_out = 0x7696375d True 1
Fn
Module Get Handle module_name = c:\windows\system32\msvcrt.dll, base_address = 0x76a90000 True 1
Fn
Module Get Address module_name = c:\windows\system32\msvcrt.dll, function = _CxxThrowException, address_out = 0x76ab3557 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename module_name = c:\windows\system32\kernel32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 3
Fn
Module Get Filename module_name = c:\windows\system32\kernelbase.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\KERNELBASE.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 2
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Filename module_name = c:\program files\remote utilities - host\rutserv.exe, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 256 True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3018735 True 1
Fn
Window Create window_name = rutserv, class_name = TApplication, wndproc_parameter = 0 True 1
Fn
Module Load module_name = wtsapi32.dll, base_address = 0x73d60000 True 1
Fn
Module Get Address module_name = c:\windows\system32\wtsapi32.dll, function = WTSRegisterSessionNotification, address_out = 0x73d61cbc True 1
Fn
Module Load module_name = uxtheme.dll, base_address = 0x741e0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BufferedPaintInit, address_out = 0x741e940e True 1
Fn
Window Set Attribute window_name = rutserv, class_name = TApplication, index = 18446744073709551612, new_long = 3018722 True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = AnimateWindow, address_out = 0x76b70620 True 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74360000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = InitializeFlatSB, address_out = 0x7443f803 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = UninitializeFlatSB, address_out = 0x7436d1ea True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollProp, address_out = 0x7443f81f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollProp, address_out = 0x743e07d0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_EnableScrollBar, address_out = 0x7443f84b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_ShowScrollBar, address_out = 0x7443f83a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollRange, address_out = 0x7443f829 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollInfo, address_out = 0x743e08b6 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollPos, address_out = 0x7443f80e True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollPos, address_out = 0x743e0894 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollInfo, address_out = 0x743e08c7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollRange, address_out = 0x743e08a5 True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = SetLayeredWindowAttributes, address_out = 0x76b4a6dc True 1
Fn
Module Get Filename module_name = vcl320.bpl, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 261 True 1
Fn
System Get Info type = Hardware Information True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Filename module_name = c:\windows\system32\kernel32.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 261 True 1
Fn
System Get Info type = Operating System True 1
Fn
System Get Computer Name result_out = CRH2YWU7 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = InstallDate, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = InstallDate, data = 1496235695, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductName, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductName, data = Windows 7 Professional, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductId, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductId, data = 00371-223-0192682-86871, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography, value_name = MachineGuid, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography, value_name = MachineGuid, data = cdd36b99-6027-4bbf-bf10-e7f8b416e3fb, type = REG_SZ True 1
Fn
System Get Computer Name result_out = cRh2YWu7, type = ComputerNameDnsFullyQualified True 2
Fn
Module Load module_name = olepro32.dll, base_address = 0x71de0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\olepro32.dll, function = OleCreatePropertyFrame, address_out = 0x71de20ea True 1
Fn
Module Get Address module_name = c:\windows\system32\olepro32.dll, function = OleCreateFontIndirect, address_out = 0x71de20b7 True 1
Fn
Module Get Address module_name = c:\windows\system32\olepro32.dll, function = OleCreatePictureIndirect, address_out = 0x71de20c8 True 1
Fn
Module Get Address module_name = c:\windows\system32\olepro32.dll, function = OleLoadPicture, address_out = 0x71de20d9 True 1
Fn
Module Load module_name = security.dll, base_address = 0x6de20000 True 1
Fn
Module Get Address module_name = c:\windows\system32\security.dll, function = InitSecurityInterfaceW, address_out = 0x752b5b53 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = InitializeCriticalSection, address_out = 0x7728a149 True 1
Fn
Module Load module_name = uxtheme.dll, base_address = 0x741e0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = OpenThemeData, address_out = 0x741e73d2 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = CloseThemeData, address_out = 0x741e6a18 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeBackground, address_out = 0x741e3982 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeText, address_out = 0x741e4ea1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundContentRect, address_out = 0x741ecd2e True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundExtent, address_out = 0x741ef8bf True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePartSize, address_out = 0x741ecdb1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeTextExtent, address_out = 0x741e2d57 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeTextMetrics, address_out = 0x741ef992 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundRegion, address_out = 0x741f165d True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = HitTestThemeBackground, address_out = 0x741f3ce3 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeEdge, address_out = 0x74203b52 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeIcon, address_out = 0x742135e7 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemePartDefined, address_out = 0x741e85b4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeBackgroundPartiallyTransparent, address_out = 0x741e60ab True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeColor, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeMetric, address_out = 0x741f06e2 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeString, address_out = 0x742122e4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBool, address_out = 0x741e7c1f True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeInt, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeEnumValue, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePosition, address_out = 0x74212350 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeFont, address_out = 0x741eff21 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeRect, address_out = 0x741f3611 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeMargins, address_out = 0x741e86e9 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeIntList, address_out = 0x742123b1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePropertyOrigin, address_out = 0x74203fbb True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = SetWindowTheme, address_out = 0x741f0134 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeFilename, address_out = 0x74212412 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysColor, address_out = 0x74203274 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysColorBrush, address_out = 0x7421301e True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysBool, address_out = 0x74213172 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysSize, address_out = 0x7421320b True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysFont, address_out = 0x742129c4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysString, address_out = 0x74212b3f True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysInt, address_out = 0x74212bd3 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeActive, address_out = 0x741ef785 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsAppThemed, address_out = 0x741ef869 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetWindowTheme, address_out = 0x741edf46 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = EnableThemeDialogTexture, address_out = 0x741efcaf True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeDialogTextureEnabled, address_out = 0x7421312b True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeAppProperties, address_out = 0x741f0fb1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = SetThemeAppProperties, address_out = 0x74213296 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetCurrentThemeName, address_out = 0x741f05dd True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeDocumentationProperty, address_out = 0x74212932 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeParentBackground, address_out = 0x741e53e5 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = EnableTheming, address_out = 0x74212feb True 1
Fn
System Register Hook type = WH_CBT, hookproc_address = 0x65b278 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = IsWow64Process, address_out = 0x76954785 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueueUserWorkItem, address_out = 0x76953c22 True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3018696 True 1
Fn
Module Load module_name = UxTheme.dll, base_address = 0x741e0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = CloseThemeData, address_out = 0x741e6a18 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeBackground, address_out = 0x741e3982 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeEdge, address_out = 0x74203b52 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeIcon, address_out = 0x742135e7 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeParentBackground, address_out = 0x741e53e5 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeText, address_out = 0x741e4ea1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeTextEx, address_out = 0x741e63e6 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = EnableThemeDialogTexture, address_out = 0x741efcaf True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetCurrentThemeName, address_out = 0x741f05dd True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeAppProperties, address_out = 0x741f0fb1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundContentRect, address_out = 0x741ecd2e True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundRegion, address_out = 0x741f165d True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundExtent, address_out = 0x741ef8bf True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBool, address_out = 0x741e7c1f True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeColor, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeDocumentationProperty, address_out = 0x74212932 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeEnumValue, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeFilename, address_out = 0x74212412 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeFont, address_out = 0x741eff21 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeInt, address_out = 0x741e616c True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeIntList, address_out = 0x742123b1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeMargins, address_out = 0x741e86e9 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeMetric, address_out = 0x741f06e2 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePartSize, address_out = 0x741ecdb1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePosition, address_out = 0x74212350 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemePropertyOrigin, address_out = 0x74203fbb True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeRect, address_out = 0x741f3611 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeString, address_out = 0x742122e4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysBool, address_out = 0x74213172 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysColor, address_out = 0x74203274 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysColorBrush, address_out = 0x7421301e True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysFont, address_out = 0x742129c4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysInt, address_out = 0x74212bd3 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysSize, address_out = 0x7421320b True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysString, address_out = 0x74212b3f True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeTextExtent, address_out = 0x741e2d57 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetThemeTextMetrics, address_out = 0x741ef992 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = GetWindowTheme, address_out = 0x741edf46 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = HitTestThemeBackground, address_out = 0x741f3ce3 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsAppThemed, address_out = 0x741ef869 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeActive, address_out = 0x741ef785 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemePartDefined, address_out = 0x741e85b4 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeBackgroundPartiallyTransparent, address_out = 0x741e60ab True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = IsThemeDialogTextureEnabled, address_out = 0x7421312b True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = OpenThemeData, address_out = 0x741e73d2 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = SetThemeAppProperties, address_out = 0x74213296 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = SetWindowTheme, address_out = 0x741f0134 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BeginBufferedPaint, address_out = 0x741e49a1 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BufferedPaintClear, address_out = 0x741e6395 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BufferedPaintInit, address_out = 0x741e940e True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BufferedPaintSetAlpha, address_out = 0x741fe6b3 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BufferedPaintUnInit, address_out = 0x741e94ab True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = EndBufferedPaint, address_out = 0x741e3f9a True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = BeginPanningFeedback, address_out = 0x74210731 True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = UpdatePanningFeedback, address_out = 0x7421068d True 1
Fn
Module Get Address module_name = c:\windows\system32\uxtheme.dll, function = EndPanningFeedback, address_out = 0x742106cc True 1
Fn
Module Load module_name = Shcore.dll, base_address = 0x0 False 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = GetSystemMetricsForDpi, address_out = 0x0 False 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = GetGestureInfo, address_out = 0x76b8b30d True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = CloseGestureInfoHandle, address_out = 0x76b8b38a True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = SetGestureConfig, address_out = 0x76b44715 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = LogicalToPhysicalPoint, address_out = 0x76b76e4f True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = PhysicalToLogicalPoint, address_out = 0x76b76e63 True 1
Fn
Module Load module_name = user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = IsProcessDPIAware, address_out = 0x76b5212e True 1
Fn
System Register Hook type = WH_CALLWNDPROC, hookproc_address = 0x9cdb7c True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3018683 True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = WindowFromDC, address_out = 0x76b52116 True 1
Fn
Module Load module_name = gdiplus.dll, base_address = 0x74050000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipAlloc, address_out = 0x74092437 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipFree, address_out = 0x740924b2 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdiplusStartup, address_out = 0x74075600 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdiplusShutdown, address_out = 0x740756be True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCloneBrush, address_out = 0x7407d7e8 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDeleteBrush, address_out = 0x7407d8c2 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetBrushType, address_out = 0x7407d95f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateSolidFill, address_out = 0x7409701b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetSolidFillColor, address_out = 0x7407dfe0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetSolidFillColor, address_out = 0x7407e083 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreatePathGradient, address_out = 0x7409682f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreatePathGradientI, address_out = 0x740968f1 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreatePathGradientFromPath, address_out = 0x74096a43 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientCenterColor, address_out = 0x7407f0ce True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientCenterColor, address_out = 0x7407f196 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientSurroundColorsWithCount, address_out = 0x7407f23a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientSurroundColorsWithCount, address_out = 0x7407f368 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientPath, address_out = 0x7407f524 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientPath, address_out = 0x7407f524 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientCenterPoint, address_out = 0x7407f567 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientCenterPointI, address_out = 0x7407f621 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientCenterPoint, address_out = 0x7407f6b5 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientCenterPointI, address_out = 0x7407f76f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientRect, address_out = 0x7407f94a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientRectI, address_out = 0x7407f9ff True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientPointCount, address_out = 0x7407f7dd True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientSurroundColorCount, address_out = 0x7407f890 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientGammaCorrection, address_out = 0x7407fab7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientGammaCorrection, address_out = 0x7407fb54 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientBlendCount, address_out = 0x7407e7f0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientBlend, address_out = 0x7407fc07 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientBlend, address_out = 0x7407e97a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientPresetBlendCount, address_out = 0x7407fcdb True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientPresetBlend, address_out = 0x7407fd95 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientPresetBlend, address_out = 0x7407ff41 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientSigmaBlend, address_out = 0x74080184 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientLinearBlend, address_out = 0x7407eeb7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientWrapMode, address_out = 0x7407f01b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientWrapMode, address_out = 0x74080236 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientTransform, address_out = 0x740802da True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientTransform, address_out = 0x7407dc34 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipResetPathGradientTransform, address_out = 0x7407dd3d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipMultiplyPathGradientTransform, address_out = 0x740803e3 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipTranslatePathGradientTransform, address_out = 0x740804fc True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipScalePathGradientTransform, address_out = 0x740805d5 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipRotatePathGradientTransform, address_out = 0x7407dde0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPathGradientFocusScales, address_out = 0x740806ae True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPathGradientFocusScales, address_out = 0x74080793 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrush, address_out = 0x7407e139 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrushI, address_out = 0x7407e22f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrushFromRect, address_out = 0x7407e2fe True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrushFromRectI, address_out = 0x7407e3ee True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrushFromRectWithAngle, address_out = 0x7407e4b6 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateLineBrushFromRectWithAngleI, address_out = 0x7407e5ad True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineRect, address_out = 0x7407f94a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineRectI, address_out = 0x7407f9ff True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineColors, address_out = 0x7407e67c True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineColors, address_out = 0x7407e731 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineGammaCorrection, address_out = 0x74075765 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineGammaCorrection, address_out = 0x740757be True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineBlendCount, address_out = 0x7407e7f0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineBlend, address_out = 0x7407e8a6 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineBlend, address_out = 0x7407e97a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLinePresetBlendCount, address_out = 0x7407fcdb True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLinePresetBlend, address_out = 0x7407ea4e True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLinePresetBlend, address_out = 0x7407ec63 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineSigmaBlend, address_out = 0x74080184 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineLinearBlend, address_out = 0x7407eeb7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineWrapMode, address_out = 0x7407ef69 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineWrapMode, address_out = 0x7407f01b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetLineTransform, address_out = 0x740802da True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetLineTransform, address_out = 0x7407dc34 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipResetLineTransform, address_out = 0x7407dd3d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipMultiplyLineTransform, address_out = 0x740803e3 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipTranslateLineTransform, address_out = 0x740804fc True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipScaleLineTransform, address_out = 0x740805d5 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipRotateLineTransform, address_out = 0x7407dde0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateHatchBrush, address_out = 0x74096266 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetHatchStyle, address_out = 0x7407da12 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetHatchForegroundColor, address_out = 0x7407dac8 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetHatchBackgroundColor, address_out = 0x7407db7e True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreatePen1, address_out = 0x7408083a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreatePen2, address_out = 0x7408096b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipClonePen, address_out = 0x74080abe True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDeletePen, address_out = 0x74080b95 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenFillType, address_out = 0x74082491 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenBrushFill, address_out = 0x740822c1 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenBrushFill, address_out = 0x740823cc True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenColor, address_out = 0x74082157 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenColor, address_out = 0x74082201 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenMode, address_out = 0x740819cc True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenMode, address_out = 0x74081a6f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenUnit, address_out = 0x74080d9b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenUnit, address_out = 0x74080e5a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenWidth, address_out = 0x74080c4d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenWidth, address_out = 0x74080ceb True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenDashStyle, address_out = 0x7408254e True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenDashStyle, address_out = 0x740825fe True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenLineCap197819, address_out = 0x74080f0a True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenStartCap, address_out = 0x74080fb1 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenEndCap, address_out = 0x74081052 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenDashCap197819, address_out = 0x740810f3 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenStartCap, address_out = 0x74081194 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenEndCap, address_out = 0x74081244 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenDashCap197819, address_out = 0x740812f4 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenLineJoin, address_out = 0x740813ab True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenLineJoin, address_out = 0x74081449 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenCustomStartCap, address_out = 0x740814f9 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenCustomStartCap, address_out = 0x74081601 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenCustomEndCap, address_out = 0x740816b8 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenCustomEndCap, address_out = 0x740817c0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenMiterLimit, address_out = 0x74081877 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenMiterLimit, address_out = 0x7408191c True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenTransform, address_out = 0x74081b1f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenTransform, address_out = 0x74081c25 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipResetPenTransform, address_out = 0x74081d2b True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipMultiplyPenTransform, address_out = 0x74081dcb True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipTranslatePenTransform, address_out = 0x74081ee1 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipScalePenTransform, address_out = 0x74081fb7 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipRotatePenTransform, address_out = 0x7408208d True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenDashOffset, address_out = 0x7408269f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSetPenDashOffset, address_out = 0x7408274f True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetPenDashCount, address_out = 0x740827ed True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3018670 True 1
Fn
Window Create class_name = TPUtilWindow, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = TPUtilWindow, index = 18446744073709551612, new_long = 3018657 True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = EnableNonClientDpiScaling, address_out = 0x0 False 1
Fn
Module Load module_name = dwmapi.dll, base_address = 0x73eb0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmDefWindowProc, address_out = 0x73eb3df4 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmEnableBlurBehindWindow, address_out = 0x73eb2945 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmEnableComposition, address_out = 0x73eb720a True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmEnableMMCSS, address_out = 0x73eb37dd True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmExtendFrameIntoClientArea, address_out = 0x73eb3510 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmGetColorizationColor, address_out = 0x73eb6f9a True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmGetWindowAttribute, address_out = 0x73eb1c76 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmIsCompositionEnabled, address_out = 0x73eb1610 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmSetWindowAttribute, address_out = 0x73eb16c0 True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmSetIconicThumbnail, address_out = 0x73eb85ea True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmSetIconicLivePreviewBitmap, address_out = 0x73eb88fd True 1
Fn
Module Get Address module_name = c:\windows\system32\dwmapi.dll, function = DwmInvalidateIconicBitmaps, address_out = 0x73eb3742 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = GetDynamicTimeZoneInformation, address_out = 0x76942565 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 2
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Display, data = (UTC+04:30) Kabul, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Std, data = Afghanistan Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Dlt, data = Afghanistan Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Display, data = (UTC-09:00) Alaska, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Std, data = Alaskan Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Dlt, data = Alaskan Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST, value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST, value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST, value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST, value_name = LastEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST, value_name = 2006, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\Dynamic DST, value_name = 2007, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Display, data = (UTC+03:00) Kuwait, Riyadh, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Std, data = Arab Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Dlt, data = Arab Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Display, data = (UTC+04:00) Abu Dhabi, Muscat, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Std, data = Arabian Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Dlt, data = Arabian Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Display, data = (UTC+03:00) Baghdad, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Std, data = Arabic Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Dlt, data = Arabic Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = LastEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = 2006, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = 2007, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\Dynamic DST, value_name = 2008, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Display, data = (UTC-03:00) Buenos Aires, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Std, data = Argentina Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Dlt, data = Argentina Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = LastEntry, data = 2010, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = 2006, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = 2007, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = 2008, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = 2009, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\Dynamic DST, value_name = 2010, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = Display, data = (UTC-04:00) Atlantic Time (Canada), type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = Std, data = Atlantic Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = Dlt, data = Atlantic Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST, value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST, value_name = FirstEntry, data = 2006, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST, value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST, value_name = LastEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST, value_name = 2006, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\Dynamic DST, value_name = 2007, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = Display, data = (UTC+09:30) Darwin, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = Std, data = AUS Central Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = Dlt, data = AUS Central Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = Display, data = (UTC+10:00) Canberra, Melbourne, Sydney, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = Std, data = AUS Eastern Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = Dlt, data = AUS Eastern Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST, value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST, value_name = FirstEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST, value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST, value_name = LastEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST, value_name = 2007, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST, value_name = 2008, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = Display, data = (UTC+04:00) Baku, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = Std, data = Azerbaijan Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = Dlt, data = Azerbaijan Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = Display, data = (UTC-01:00) Azores, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = Std, data = Azores Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = Dlt, data = Azores Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = Display, data = (UTC+06:00) Dhaka, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = Std, data = Bangladesh Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = Dlt, data = Bangladesh Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST, value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST, value_name = FirstEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST, value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST, value_name = LastEntry, data = 2010, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST, value_name = 2008, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST, value_name = 2009, type = REG_BINARY True 2
Fn
Data
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\Dynamic DST, value_name = 2010, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = Display, data = (UTC-06:00) Saskatchewan, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = Std, data = Canada Central Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = Dlt, data = Canada Central Daylight Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = MapID, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = Index, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time, value_name = TZI, type = REG_BINARY True 3
Fn
Data
Registry Get Key Info reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time, value_name = Display, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time, value_name = Display, data = (UTC-01:00) Cape Verde Is., type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time, value_name = Std, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time, value_name = Std, data = Cape Verde Standard Time, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time, value_name = Dlt, data = 0, type = REG_SZ True 2
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time, value_name = Dlt, data = Cape Verde Daylight Time, type = REG_SZ True 1
Fn
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = DrawTextW, address_out = 0x76b55b6a True 1
Fn
Module Load module_name = ntdll.dll, base_address = 0x77230000 True 1
Fn
Module Get Address module_name = c:\windows\system32\ntdll.dll, function = NtQuerySystemInformation, address_out = 0x772761f8 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
System Get Time type = Ticks, time = 260428 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
System Get Time type = Ticks, time = 260428 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Process Get filename file_name = C:\Windows\System32\smss.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
System Get Time type = Ticks, time = 260428 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Process Get filename file_name = C:\Windows\System32\csrss.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
System Get Time type = Ticks, time = 260786 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Process Get filename file_name = C:\Windows\System32\wininit.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
System Get Time type = Ticks, time = 260786 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Process Get filename file_name = C:\Windows\System32\csrss.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
System Get Time type = Ticks, time = 260786 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Process Get filename file_name = C:\Windows\System32\winlogon.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
System Get Time type = Ticks, time = 260786 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Process Get filename file_name = C:\Windows\System32\services.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
System Get Time type = Ticks, time = 260786 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Process Get filename file_name = C:\Windows\System32\lsass.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
System Get Time type = Ticks, time = 260786 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Process Get filename file_name = C:\Windows\System32\lsm.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
System Get Time type = Ticks, time = 260802 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Process Get filename file_name = C:\Windows\System32\svchost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
System Get Time type = Ticks, time = 260802 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Process Get filename file_name = C:\Windows\System32\svchost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
System Get Time type = Ticks, time = 260802 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Process Get filename file_name = C:\Windows\System32\svchost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
System Get Time type = Ticks, time = 260802 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Process Get filename file_name = C:\Windows\System32\svchost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
System Get Time type = Ticks, time = 260802 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Process Get filename file_name = C:\Windows\System32\svchost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
System Get Time type = Ticks, time = 260802 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
System Get Time type = Ticks, time = 260802 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Process Get filename file_name = C:\Windows\System32\svchost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
System Get Time type = Ticks, time = 260802 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Process Get filename file_name = C:\Windows\System32\svchost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
System Get Time type = Ticks, time = 260802 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Process Get filename file_name = C:\Windows\System32\spoolsv.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
System Get Time type = Ticks, time = 260802 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Process Get filename file_name = C:\Windows\System32\svchost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Process Get filename file_name = C:\Windows\System32\taskhost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Process Get filename file_name = C:\Windows\System32\taskeng.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Process Get filename file_name = C:\Windows\System32\dwm.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Process Get filename file_name = C:\Windows\explorer.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Process Get filename file_name = C:\Windows\System32\svchost.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Process Get filename file_name = C:\Program Files\Microsoft Visual Studio 8\helped.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Process Get filename file_name = C:\Program Files\Windows Portable Devices\guestbook-jam-stages.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Process Get filename file_name = C:\Program Files\Microsoft Synchronization Services\watts_flights.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryFullProcessImageNameW, address_out = 0x76955c28 True 1
Fn
Process Get filename file_name = C:\Program Files\Windows Sidebar\question increasingly.exe, flags = PROCESS_NAME_WIN32 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76910000 True 1
Fn
For performance reasons, the remaining 192 entries are omitted.
The remaining entries can be found in glog.xml.
Thread 0x174
26 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\user32.dll, base_address = 0x76b40000 True 1
Fn
Module Get Address module_name = c:\windows\system32\user32.dll, function = SetThreadDpiAwarenessContext, address_out = 0x0 False 1
Fn
File Read size = 144, size_out = 0 False 24
Fn
Thread 0x7ac
3 0
»
Category Operation Information Success Count Logfile
Module Get Filename module_name = Shcore.dll, process_name = c:\program files\remote utilities - host\rutserv.exe, file_name_orig = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 261 True 1
Fn
File Create filename = C:\Program Files\Remote Utilities - Host\rutserv.exe, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Program Files\Remote Utilities - Host\rutserv.exe, size = 9956368 False 1
Fn
Process #46: explorer.exe
0 0
»
Information Value
ID #46
File Name c:\windows\explorer.exe
Command Line C:\Windows\Explorer.EXE
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:49, Reason: Injection
Unmonitor End Time: 00:03:53, Reason: Terminated by Timeout
Monitor Duration 00:00:04
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x5ac
Parent PID 0xffffffffffffffff (Unknown)
Is Created or Modified Executable False
Integrity Level Medium
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x 170
0x 8C8
0x 51C
0x 7A0
0x 71C
0x 734
0x 6F8
0x 6B8
0x 6B0
0x 6A8
0x 674
0x 418
0x 72C
0x 6F8
0x 6CC
0x 6C8
0x 6C0
0x 6AC
0x 6A4
0x 67C
0x 604
0x 5F8
0x 5E8
0x 5BC
0x 5B0
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x00021fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000040000 0x00040000 0x00041fff Pagefile Backed Memory r True False False -
locale.nls 0x00050000 0x000b6fff Memory Mapped File r False False False -
pagefile_0x00000000000c0000 0x000c0000 0x000c6fff Pagefile Backed Memory r True False False -
pagefile_0x00000000000d0000 0x000d0000 0x000d1fff Pagefile Backed Memory rw True False False -
private_0x00000000000e0000 0x000e0000 0x000e0fff Private Memory rw True False False -
private_0x00000000000f0000 0x000f0000 0x000f0fff Private Memory rw True False False -
private_0x0000000000100000 0x00100000 0x0011ffff Private Memory rw True False False -
private_0x0000000000120000 0x00120000 0x0015ffff Private Memory rw True False False -
pagefile_0x0000000000160000 0x00160000 0x00160fff Pagefile Backed Memory rw True False False -
private_0x0000000000170000 0x00170000 0x001affff Private Memory rw True False False -
pagefile_0x00000000001b0000 0x001b0000 0x00277fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000280000 0x00280000 0x00281fff Pagefile Backed Memory r True False False -
private_0x0000000000290000 0x00290000 0x00290fff Private Memory rw True False False -
pagefile_0x00000000002a0000 0x002a0000 0x002a1fff Pagefile Backed Memory r True False False -
private_0x00000000002b0000 0x002b0000 0x002d6fff Private Memory rw True False False -
private_0x00000000002e0000 0x002e0000 0x003dffff Private Memory rw True False False -
pagefile_0x00000000003e0000 0x003e0000 0x004e0fff Pagefile Backed Memory r True False False -
private_0x00000000004f0000 0x004f0000 0x00529fff Private Memory rw True False False -
pagefile_0x0000000000530000 0x00530000 0x00530fff Pagefile Backed Memory r True False False -
private_0x0000000000540000 0x00540000 0x00599fff Private Memory rw True False False -
private_0x00000000005a0000 0x005a0000 0x005affff Private Memory rw True False False -
pagefile_0x00000000005b0000 0x005b0000 0x009a2fff Pagefile Backed Memory r True False False -
pagefile_0x00000000009b0000 0x009b0000 0x009b0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000009c0000 0x009c0000 0x009c2fff Pagefile Backed Memory r True False False -
private_0x00000000009d0000 0x009d0000 0x009d3fff Private Memory rw True False False -
private_0x00000000009e0000 0x009e0000 0x009f7fff Private Memory rw True False False -
explorer.exe 0x00a00000 0x00c80fff Memory Mapped File rwx False False False -
pagefile_0x0000000000c90000 0x00c90000 0x0188ffff Pagefile Backed Memory r True False False -
private_0x0000000001890000 0x01890000 0x0198ffff Private Memory rw True False False -
private_0x0000000001990000 0x01990000 0x01a1ffff Private Memory rw True False False -
private_0x0000000001a20000 0x01a20000 0x01a2ffff Private Memory rw True False False -
private_0x0000000001a30000 0x01a30000 0x01a30fff Private Memory rw True False False -
private_0x0000000001a40000 0x01a40000 0x01a4ffff Private Memory - True False False -
private_0x0000000001a50000 0x01a50000 0x01a5ffff Private Memory rw True False False -
private_0x0000000001a60000 0x01a60000 0x01a9ffff Private Memory rw True False False -
pagefile_0x0000000001aa0000 0x01aa0000 0x01b7efff Pagefile Backed Memory r True False False -
sortdefault.nls 0x01b80000 0x01e4efff Memory Mapped File r False False False -
pagefile_0x0000000001e50000 0x01e50000 0x01e51fff Pagefile Backed Memory r True False False -
pagefile_0x0000000001e60000 0x01e60000 0x01e61fff Pagefile Backed Memory r True False False -
private_0x0000000001e70000 0x01e70000 0x01e70fff Private Memory rw True False False -
private_0x0000000001e80000 0x01e80000 0x01eaffff Private Memory rw True False False -
private_0x0000000001eb0000 0x01eb0000 0x01eb2fff Private Memory rw True False False -
private_0x0000000001ec0000 0x01ec0000 0x01efffff Private Memory rw True False False -
comctl32.dll.mui 0x01f40000 0x01f42fff Memory Mapped File rw False False False -
private_0x0000000001f50000 0x01f50000 0x01f5ffff Private Memory rw True False False -
private_0x0000000001f60000 0x01f60000 0x01f6ffff Private Memory rw True False False -
private_0x0000000001f70000 0x01f70000 0x01f7ffff Private Memory rw True False False -
private_0x0000000001f80000 0x01f80000 0x01f8ffff Private Memory rw True False False -
private_0x0000000001f90000 0x01f90000 0x01f9ffff Private Memory rw True False False -
private_0x0000000001fa0000 0x01fa0000 0x01faffff Private Memory rw True False False -
private_0x0000000001fb0000 0x01fb0000 0x01fbffff Private Memory rw True False False -
private_0x0000000001fc0000 0x01fc0000 0x01fcffff Private Memory rw True False False -
private_0x0000000001fd0000 0x01fd0000 0x01fdffff Private Memory rw True False False -
private_0x0000000001fe0000 0x01fe0000 0x01feffff Private Memory rw True False False -
pagefile_0x0000000001ff0000 0x01ff0000 0x01ff1fff Pagefile Backed Memory r True False False -
private_0x0000000002000000 0x02000000 0x0207ffff Private Memory rw True False False -
private_0x0000000002080000 0x02080000 0x0208ffff Private Memory rw True False False -
private_0x0000000002090000 0x02090000 0x02090fff Private Memory rw True False False -
private_0x00000000020a0000 0x020a0000 0x020a0fff Private Memory rw True False False -
private_0x00000000020b0000 0x020b0000 0x020b0fff Private Memory rw True False False -
private_0x00000000020c0000 0x020c0000 0x020c3fff Private Memory rw True False False -
private_0x00000000020d0000 0x020d0000 0x020d7fff Private Memory rw True False False -
private_0x0000000002100000 0x02100000 0x02108fff Private Memory rw True False False -
private_0x0000000002110000 0x02110000 0x02110fff Private Memory rw True False False -
private_0x0000000002120000 0x02120000 0x0212ffff Private Memory rw True False False -
private_0x0000000002140000 0x02140000 0x0217ffff Private Memory rw True False False -
netshell.dll.mui 0x02240000 0x02250fff Memory Mapped File rw False False False -
pagefile_0x0000000002290000 0x02290000 0x02291fff Pagefile Backed Memory r True False False -
pagefile_0x00000000022a0000 0x022a0000 0x022a0fff Pagefile Backed Memory rw True False False -
index.dat 0x022c0000 0x022ebfff Memory Mapped File rw True False False -
index.dat 0x022f0000 0x022f7fff Memory Mapped File rw True False False -
index.dat 0x02300000 0x0230ffff Memory Mapped File rw True False False -
urlmon.dll.mui 0x02310000 0x02317fff Memory Mapped File rw False False False -
pagefile_0x0000000002320000 0x02320000 0x02320fff Pagefile Backed Memory rw True False False -
private_0x0000000002330000 0x02330000 0x02355fff Private Memory rw True False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001a.db 0x02360000 0x0237efff Memory Mapped File r True False False -
pagefile_0x0000000002380000 0x02380000 0x02380fff Pagefile Backed Memory rw True False False -
cversions.2.db 0x02390000 0x02393fff Memory Mapped File r True False False -
{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db 0x023a0000 0x023cffff Memory Mapped File r True False False -
cversions.2.db 0x023d0000 0x023d3fff Memory Mapped File r True False False -
pagefile_0x00000000023e0000 0x023e0000 0x023e1fff Pagefile Backed Memory r True False False -
pagefile_0x00000000023f0000 0x023f0000 0x023f1fff Pagefile Backed Memory r True False False -
private_0x0000000002400000 0x02400000 0x02400fff Private Memory rw True False False -
private_0x0000000002410000 0x02410000 0x02413fff Private Memory rw True False False -
private_0x0000000002420000 0x02420000 0x0245ffff Private Memory rw True False False -
private_0x0000000002460000 0x02460000 0x0249ffff Private Memory rw True False False -
private_0x00000000024a0000 0x024a0000 0x024a3fff Private Memory rw True False False -
pagefile_0x00000000024b0000 0x024b0000 0x024b1fff Pagefile Backed Memory r True False False -
private_0x00000000024c0000 0x024c0000 0x024fffff Private Memory rw True False False -
private_0x0000000002500000 0x02500000 0x02500fff Private Memory rw True False False -
private_0x0000000002510000 0x02510000 0x02510fff Private Memory rw True False False -
private_0x0000000002520000 0x02520000 0x02520fff Private Memory rw True False False -
private_0x0000000002530000 0x02530000 0x02530fff Private Memory rw True False False -
private_0x0000000002540000 0x02540000 0x0257ffff Private Memory rw True False False -
staticcache.dat 0x02580000 0x02eaffff Memory Mapped File r False False False -
pagefile_0x0000000002eb0000 0x02eb0000 0x02eb0fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000002ec0000 0x02ec0000 0x02ec1fff Pagefile Backed Memory r True False False -
cversions.2.db 0x02ed0000 0x02ed3fff Memory Mapped File r True False False -
pagefile_0x0000000002ee0000 0x02ee0000 0x02ee1fff Pagefile Backed Memory r True False False -
{0b09c990-dfff-4f54-a0f7-84dceb6a5b2b}.2.ver0x0000000000000001.db 0x02ef0000 0x02ef0fff Memory Mapped File r True False False -
cversions.2.db 0x02f00000 0x02f03fff Memory Mapped File r True False False -
private_0x0000000002f10000 0x02f10000 0x02f10fff Private Memory rw True False False -
{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db 0x02f20000 0x02f85fff Memory Mapped File r True False False -
private_0x0000000002f90000 0x02f90000 0x0308ffff Private Memory rw True False False -
pagefile_0x0000000003090000 0x03090000 0x03091fff Pagefile Backed Memory r True False False -
cversions.2.db 0x030a0000 0x030a3fff Memory Mapped File r True False False -
private_0x00000000030b0000 0x030b0000 0x030b0fff Private Memory rwx True False False -
pagefile_0x00000000030c0000 0x030c0000 0x030c1fff Pagefile Backed Memory r True False False -
pagefile_0x00000000030d0000 0x030d0000 0x030d1fff Pagefile Backed Memory r True False False -
pagefile_0x00000000030e0000 0x030e0000 0x030e1fff Pagefile Backed Memory r True False False -
private_0x00000000030f0000 0x030f0000 0x030f0fff Private Memory rw True False False -
private_0x0000000003100000 0x03100000 0x03100fff Private Memory rw True False False -
private_0x0000000003110000 0x03110000 0x0314ffff Private Memory rw True False False -
private_0x0000000003150000 0x03150000 0x03150fff Private Memory rw True False False -
{e09a7d78-232a-4473-ac51-d6dfbb0b032a}.2.ver0x0000000000000002.db 0x03190000 0x03190fff Memory Mapped File r True False False -
index.dat 0x031a0000 0x031affff Memory Mapped File rw True False False -
pagefile_0x00000000031b0000 0x031b0000 0x031b1fff Pagefile Backed Memory r True False False -
actioncenter.dll.mui 0x031c0000 0x031c4fff Memory Mapped File rw False False False -
private_0x00000000031d0000 0x031d0000 0x031d1fff Private Memory rwx True False False -
cversions.2.db 0x031e0000 0x031e3fff Memory Mapped File r True False False -
{7a77eb19-3f1f-481b-a465-50389a60f663}.2.ver0x0000000000000001.db 0x031f0000 0x031f0fff Memory Mapped File r True False False -
private_0x0000000003230000 0x03230000 0x0326ffff Private Memory rw True False False -
private_0x0000000003270000 0x03270000 0x032affff Private Memory rw True False False -
private_0x00000000032b0000 0x032b0000 0x032b0fff Private Memory rw True False False -
private_0x00000000032c0000 0x032c0000 0x032c0fff Private Memory rw True False False -
private_0x00000000032d0000 0x032d0000 0x032d0fff Private Memory rw True False False -
private_0x00000000032e0000 0x032e0000 0x032e0fff Private Memory rw True False False -
private_0x00000000032f0000 0x032f0000 0x032f0fff Private Memory rw True False False -
pagefile_0x0000000003310000 0x03310000 0x03310fff Pagefile Backed Memory r True False False -
wdmaud.drv.mui 0x03320000 0x03320fff Memory Mapped File rw False False False -
private_0x0000000003390000 0x03390000 0x03390fff Private Memory rw True False False -
private_0x00000000033a0000 0x033a0000 0x033a0fff Private Memory rw True False False -
pagefile_0x00000000033b0000 0x033b0000 0x033b1fff Pagefile Backed Memory r True False False -
oleaccrc.dll 0x033c0000 0x033c0fff Memory Mapped File r False False False -
private_0x00000000033d0000 0x033d0000 0x034cffff Private Memory rw True False False -
private_0x00000000034d0000 0x034d0000 0x0350ffff Private Memory rw True False False -
private_0x0000000003510000 0x03510000 0x0354ffff Private Memory rw True False False -
pagefile_0x00000000035a0000 0x035a0000 0x035a1fff Pagefile Backed Memory r True False False -
private_0x00000000035c0000 0x035c0000 0x035fffff Private Memory rwx True False False -
private_0x0000000003600000 0x03600000 0x03647fff Private Memory rw True False False -
pagefile_0x0000000003650000 0x03650000 0x03651fff Pagefile Backed Memory r True False False -
private_0x0000000003680000 0x03680000 0x03680fff Private Memory rw True False False -
mmdevapi.dll.mui 0x03690000 0x03690fff Memory Mapped File rw False False False -
private_0x00000000036a0000 0x036a0000 0x036a1fff Private Memory rw True False False -
pagefile_0x00000000036b0000 0x036b0000 0x036b0fff Pagefile Backed Memory r True False False -
private_0x00000000036c0000 0x036c0000 0x036fffff Private Memory rw True False False -
pagefile_0x0000000003710000 0x03710000 0x03710fff Pagefile Backed Memory rw True False False -
For performance reasons, the remaining 218 entries are omitted.
The remaining entries can be found in flog.txt.
Injection Information
»
Injection Type Source Process Source Os Thread ID Information Success Count Logfile
Modify Control Flow #45: c:\program files\remote utilities - host\rutserv.exe 0x8b8 os_tid = 0x5f8 True 1
Fn
Modify Control Flow #45: c:\program files\remote utilities - host\rutserv.exe 0x8b8 os_tid = 0x5f8 True 1
Fn
Modify Control Flow #45: c:\program files\remote utilities - host\rutserv.exe 0x8b8 os_tid = 0x5f8 True 1
Fn
Process #47: taskeng.exe
0 0
»
Information Value
ID #47
File Name c:\windows\system32\taskeng.exe
Command Line taskeng.exe {7737867F-ACDD-43AC-B745-B8B549957EED} S-1-5-21-3785418085-2572485238-895829336-1000:CRH2YWU7\EEBsYm5:Interactive:Highest[1]
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:49, Reason: Injection
Unmonitor End Time: 00:03:53, Reason: Terminated by Timeout
Monitor Duration 00:00:04
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x58c
Parent PID 0x358 (Unknown)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 944
0x 6D0
0x 5A0
0x 594
0x 590
Injection Information
»
Injection Type Source Process Source Os Thread ID Information Success Count Logfile
Modify Control Flow #45: c:\program files\remote utilities - host\rutserv.exe 0x8b8 os_tid = 0x590 True 1
Fn
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image