Analysis

Category Package Started Completed Duration Options Log
FILE msi 2020-03-24 10:02:52 2020-03-24 10:03:53 61 seconds Show Options Show Log
route = internet
procdump = 1
2020-03-24 10:02:53,000 [root] INFO: Date set to: 03-24-20, time set to: 10:02:53, timeout set to: 200
2020-03-24 10:02:53,015 [root] DEBUG: Starting analyzer from: C:\mhtyrzkj
2020-03-24 10:02:53,015 [root] DEBUG: Storing results at: C:\hOJPXGtT
2020-03-24 10:02:53,015 [root] DEBUG: Pipe server name: \\.\PIPE\aygKWjb
2020-03-24 10:02:53,015 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2020-03-24 10:02:53,030 [root] INFO: Automatically selected analysis package "msi"
2020-03-24 10:02:53,390 [root] DEBUG: Started auxiliary module Browser
2020-03-24 10:02:53,390 [root] DEBUG: Started auxiliary module Curtain
2020-03-24 10:02:53,390 [modules.auxiliary.digisig] DEBUG: Checking for a digitial signature.
2020-03-24 10:03:00,706 [modules.auxiliary.digisig] DEBUG: File has an invalid signature.
2020-03-24 10:03:00,706 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2020-03-24 10:03:00,706 [root] DEBUG: Started auxiliary module DigiSig
2020-03-24 10:03:00,706 [root] DEBUG: Started auxiliary module Disguise
2020-03-24 10:03:00,706 [root] DEBUG: Started auxiliary module Human
2020-03-24 10:03:00,706 [root] DEBUG: Started auxiliary module Screenshots
2020-03-24 10:03:00,721 [root] DEBUG: Started auxiliary module Sysmon
2020-03-24 10:03:00,721 [root] DEBUG: Started auxiliary module Usage
2020-03-24 10:03:00,721 [root] INFO: Analyzer: Package modules.packages.msi does not specify a DLL option
2020-03-24 10:03:00,721 [root] INFO: Analyzer: Package modules.packages.msi does not specify a DLL_64 option
2020-03-24 10:03:00,783 [lib.api.process] INFO: Successfully executed process from path "C:\Windows\system32\msiexec.exe" with arguments "/I "C:\Users\user\AppData\Local\Temp\SkypeMeetingsApp.msi"" with pid 2744
2020-03-24 10:03:00,783 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-03-24 10:03:00,783 [lib.api.process] INFO: 32-bit DLL to inject is C:\mhtyrzkj\dll\NaVYht.dll, loader C:\mhtyrzkj\bin\VdXefoR.exe
2020-03-24 10:03:00,815 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\aygKWjb.
2020-03-24 10:03:00,815 [root] DEBUG: Loader: Injecting process 2744 (thread 2760) with C:\mhtyrzkj\dll\NaVYht.dll.
2020-03-24 10:03:00,815 [root] DEBUG: Process image base: 0x00FF0000
2020-03-24 10:03:00,815 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\mhtyrzkj\dll\NaVYht.dll.
2020-03-24 10:03:00,815 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-03-24 10:03:00,815 [root] DEBUG: Successfully injected DLL C:\mhtyrzkj\dll\NaVYht.dll.
2020-03-24 10:03:00,815 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2744
2020-03-24 10:03:02,828 [lib.api.process] INFO: Successfully resumed process with pid 2744
2020-03-24 10:03:02,828 [root] INFO: Added new process to list with pid: 2744
2020-03-24 10:03:03,233 [root] DEBUG: Terminate processes on terminate_event enabled.
2020-03-24 10:03:03,233 [root] DEBUG: Process dumps enabled.
2020-03-24 10:03:03,279 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-03-24 10:03:03,279 [root] INFO: Disabling sleep skipping.
2020-03-24 10:03:03,279 [root] INFO: Disabling sleep skipping.
2020-03-24 10:03:03,279 [root] INFO: Disabling sleep skipping.
2020-03-24 10:03:03,279 [root] INFO: Disabling sleep skipping.
2020-03-24 10:03:03,279 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 2744 at 0x747e0000, image base 0xff0000, stack from 0x186000-0x190000
2020-03-24 10:03:03,279 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\"C:\Windows\system32\msiexec.exe" \I "C:\Users\user\AppData\Local\Temp\SkypeMeetingsApp.msi".
2020-03-24 10:03:03,279 [root] INFO: Monitor successfully loaded in process with pid 2744.
2020-03-24 10:03:03,311 [root] DEBUG: DLL loaded at 0x73D70000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32 (0x19e000 bytes).
2020-03-24 10:03:03,311 [root] DEBUG: DLL unloaded from 0x75D60000.
2020-03-24 10:03:03,326 [root] DEBUG: DLL loaded at 0x74C70000: C:\Windows\SysWOW64\CRYPTSP (0x16000 bytes).
2020-03-24 10:03:03,326 [root] DEBUG: DLL loaded at 0x74C30000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2020-03-24 10:03:03,420 [root] DEBUG: DLL loaded at 0x73C60000: C:\Windows\SysWOW64\PROPSYS (0xf5000 bytes).
2020-03-24 10:03:03,451 [root] INFO: Announced 64-bit process name: explorer.exe pid: 1632
2020-03-24 10:03:03,451 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-03-24 10:03:03,451 [lib.api.process] INFO: 64-bit DLL to inject is C:\mhtyrzkj\dll\nAHtQCH.dll, loader C:\mhtyrzkj\bin\hEEavVGG.exe
2020-03-24 10:03:03,467 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\aygKWjb.
2020-03-24 10:03:03,467 [root] DEBUG: Loader: Injecting process 1632 (thread 0) with C:\mhtyrzkj\dll\nAHtQCH.dll.
2020-03-24 10:03:03,467 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-03-24 10:03:03,467 [root] DEBUG: Failed to inject DLL C:\mhtyrzkj\dll\nAHtQCH.dll.
2020-03-24 10:03:03,467 [lib.api.process] ERROR: Unable to inject into 64-bit process with pid 1632, error: -15
2020-03-24 10:03:03,529 [root] DEBUG: DLL loaded at 0x73C30000: C:\Windows\system32\WKSCLI (0xf000 bytes).
2020-03-24 10:03:03,529 [root] DEBUG: DLL loaded at 0x73C40000: C:\Windows\SysWOW64\NETAPI32 (0x11000 bytes).
2020-03-24 10:03:03,529 [root] DEBUG: DLL loaded at 0x73C20000: C:\Windows\SysWOW64\netutils (0x9000 bytes).
2020-03-24 10:03:03,529 [root] DEBUG: DLL loaded at 0x73C00000: C:\Windows\SysWOW64\srvcli (0x19000 bytes).
2020-03-24 10:03:03,575 [root] DEBUG: DLL loaded at 0x75470000: C:\Windows\syswow64\WINTRUST (0x2d000 bytes).
2020-03-24 10:03:03,575 [root] DEBUG: DLL loaded at 0x73BF0000: C:\Windows\SysWOW64\MSISIP (0x8000 bytes).
2020-03-24 10:03:03,575 [root] DEBUG: DLL unloaded from 0x751B0000.
2020-03-24 10:03:03,575 [root] DEBUG: DLL loaded at 0x73BB0000: C:\Windows\SysWOW64\ncrypt (0x38000 bytes).
2020-03-24 10:03:03,575 [root] DEBUG: DLL loaded at 0x73B90000: C:\Windows\SysWOW64\bcrypt (0x17000 bytes).
2020-03-24 10:03:03,575 [root] DEBUG: DLL loaded at 0x73B50000: C:\Windows\SysWOW64\bcryptprimitives (0x3d000 bytes).
2020-03-24 10:03:03,622 [root] DEBUG: DLL unloaded from 0x75790000.
2020-03-24 10:03:03,622 [root] DEBUG: DLL unloaded from 0x751B0000.
2020-03-24 10:03:03,622 [root] DEBUG: DLL unloaded from 0x76C00000.
2020-03-24 10:03:03,622 [root] DEBUG: DLL loaded at 0x73B30000: C:\Windows\SysWOW64\GPAPI (0x16000 bytes).
2020-03-24 10:03:03,622 [root] DEBUG: DLL loaded at 0x73B10000: C:\Windows\SysWOW64\cryptnet (0x1c000 bytes).
2020-03-24 10:03:03,622 [root] DEBUG: DLL loaded at 0x76EA0000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2020-03-24 10:03:03,638 [root] DEBUG: DLL loaded at 0x73AF0000: C:\Windows\SysWOW64\Cabinet (0x15000 bytes).
2020-03-24 10:03:03,638 [root] DEBUG: DLL loaded at 0x73AE0000: C:\Windows\SysWOW64\DEVRTL (0xe000 bytes).
2020-03-24 10:03:03,638 [root] DEBUG: DLL unloaded from 0x75A70000.
2020-03-24 10:03:03,638 [root] DEBUG: DLL loaded at 0x73AD0000: C:\Windows\SysWOW64\SensApi (0x6000 bytes).
2020-03-24 10:03:03,638 [root] DEBUG: DLL loaded at 0x73990000: C:\Windows\SysWOW64\WINHTTP (0x58000 bytes).
2020-03-24 10:03:03,638 [root] DEBUG: DLL loaded at 0x73940000: C:\Windows\SysWOW64\webio (0x4f000 bytes).
2020-03-24 10:03:03,654 [root] DEBUG: DLL loaded at 0x75D00000: C:\Windows\syswow64\WS2_32 (0x35000 bytes).
2020-03-24 10:03:03,654 [root] DEBUG: DLL loaded at 0x75130000: C:\Windows\syswow64\NSI (0x6000 bytes).
2020-03-24 10:03:03,654 [root] DEBUG: DLL unloaded from 0x75D60000.
2020-03-24 10:03:03,654 [root] DEBUG: DLL loaded at 0x73930000: C:\Windows\SysWOW64\credssp (0x8000 bytes).
2020-03-24 10:03:03,654 [root] DEBUG: DLL unloaded from 0x74C70000.
2020-03-24 10:03:03,654 [root] DEBUG: DLL loaded at 0x74BF0000: C:\Windows\system32\mswsock (0x3c000 bytes).
2020-03-24 10:03:03,654 [root] DEBUG: DLL loaded at 0x74BE0000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2020-03-24 10:03:03,654 [root] DEBUG: DLL loaded at 0x73920000: C:\Windows\System32\wship6 (0x6000 bytes).
2020-03-24 10:03:03,654 [root] DEBUG: DLL loaded at 0x73900000: C:\Windows\SysWOW64\IPHLPAPI (0x1c000 bytes).
2020-03-24 10:03:03,654 [root] DEBUG: DLL loaded at 0x738F0000: C:\Windows\SysWOW64\WINNSI (0x7000 bytes).
2020-03-24 10:03:03,654 [root] DEBUG: DLL loaded at 0x738E0000: C:\Windows\SysWOW64\dhcpcsvc6 (0xd000 bytes).
2020-03-24 10:03:03,654 [root] DEBUG: DLL loaded at 0x738C0000: C:\Windows\SysWOW64\dhcpcsvc (0x12000 bytes).
2020-03-24 10:03:03,654 [root] DEBUG: DLL unloaded from 0x772F0000.
2020-03-24 10:03:03,670 [root] DEBUG: DLL unloaded from 0x73990000.
2020-03-24 10:03:03,670 [root] DEBUG: DLL unloaded from 0x772F0000.
2020-03-24 10:03:03,670 [root] DEBUG: DLL unloaded from 0x73990000.
2020-03-24 10:03:03,670 [root] DEBUG: DLL loaded at 0x74B50000: C:\Windows\SysWOW64\DNSAPI (0x44000 bytes).
2020-03-24 10:03:03,670 [root] DEBUG: DLL loaded at 0x738B0000: C:\Windows\SysWOW64\rasadhlp (0x6000 bytes).
2020-03-24 10:03:03,670 [root] DEBUG: DLL loaded at 0x73870000: C:\Windows\System32\fwpuclnt (0x38000 bytes).
2020-03-24 10:03:04,809 [root] DEBUG: DLL unloaded from 0x73B10000.
2020-03-24 10:03:04,809 [root] DEBUG: DLL unloaded from 0x75A70000.
2020-03-24 10:03:04,823 [root] DEBUG: DLL unloaded from 0x772F0000.
2020-03-24 10:03:04,839 [root] DEBUG: DLL unloaded from 0x73990000.
2020-03-24 10:03:04,839 [root] DEBUG: DLL unloaded from 0x772F0000.
2020-03-24 10:03:04,839 [root] DEBUG: DLL unloaded from 0x73990000.
2020-03-24 10:03:05,105 [root] DEBUG: DLL unloaded from 0x73B10000.
2020-03-24 10:03:05,105 [root] DEBUG: DLL unloaded from 0x75A70000.
2020-03-24 10:03:05,121 [root] DEBUG: DLL unloaded from 0x772F0000.
2020-03-24 10:03:05,121 [root] DEBUG: DLL unloaded from 0x73990000.
2020-03-24 10:03:05,135 [root] DEBUG: DLL unloaded from 0x772F0000.
2020-03-24 10:03:05,135 [root] DEBUG: DLL unloaded from 0x73990000.
2020-03-24 10:03:05,401 [root] DEBUG: DLL unloaded from 0x73B10000.
2020-03-24 10:03:05,401 [root] DEBUG: DLL unloaded from 0x75A70000.
2020-03-24 10:03:05,433 [root] DEBUG: DLL loaded at 0x74EB0000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2020-03-24 10:03:05,433 [root] DEBUG: DLL loaded at 0x73860000: C:\Windows\SysWOW64\RpcRtRemote (0xe000 bytes).
2020-03-24 10:03:05,651 [root] DEBUG: DLL unloaded from 0x75D60000.
2020-03-24 10:03:05,822 [root] DEBUG: DLL loaded at 0x73810000: C:\Windows\SysWOW64\MSCOREE (0x4a000 bytes).
2020-03-24 10:03:05,822 [root] DEBUG: set_caller_info: Adding region at 0x00290000 to caller regions list (ntdll::LdrLoadDll).
2020-03-24 10:03:05,822 [root] DEBUG: set_caller_info: Adding region at 0x00F60000 to caller regions list (advapi32::RegQueryInfoKeyW).
2020-03-24 10:03:05,822 [root] DEBUG: set_caller_info: Adding region at 0x004C0000 to caller regions list (kernel32::FindFirstFileExW).
2020-03-24 10:03:05,822 [root] DEBUG: DLL loaded at 0x73790000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei (0x7b000 bytes).
2020-03-24 10:03:13,918 [root] INFO: Announced 64-bit process name: explorer.exe pid: 1632
2020-03-24 10:03:13,934 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-03-24 10:03:13,934 [lib.api.process] INFO: 64-bit DLL to inject is C:\mhtyrzkj\dll\nAHtQCH.dll, loader C:\mhtyrzkj\bin\hEEavVGG.exe
2020-03-24 10:03:13,934 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\aygKWjb.
2020-03-24 10:03:13,934 [root] DEBUG: Loader: Injecting process 1632 (thread 0) with C:\mhtyrzkj\dll\nAHtQCH.dll.
2020-03-24 10:03:13,934 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-03-24 10:03:13,934 [root] DEBUG: Failed to inject DLL C:\mhtyrzkj\dll\nAHtQCH.dll.
2020-03-24 10:03:13,934 [lib.api.process] ERROR: Unable to inject into 64-bit process with pid 1632, error: -15
2020-03-24 10:03:14,933 [root] DEBUG: DLL unloaded from 0x73F50000.
2020-03-24 10:03:14,933 [root] DEBUG: DLL unloaded from 0x73810000.
2020-03-24 10:03:14,933 [root] DEBUG: DLL unloaded from 0x75D60000.
2020-03-24 10:03:14,933 [root] DEBUG: DLL unloaded from 0x73790000.
2020-03-24 10:03:14,948 [root] DEBUG: DLL unloaded from 0x75E70000.
2020-03-24 10:03:14,948 [root] DEBUG: DLL unloaded from 0x75D60000.
2020-03-24 10:03:14,963 [root] INFO: Announced 64-bit process name: explorer.exe pid: 1632
2020-03-24 10:03:14,963 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-03-24 10:03:14,963 [lib.api.process] INFO: 64-bit DLL to inject is C:\mhtyrzkj\dll\nAHtQCH.dll, loader C:\mhtyrzkj\bin\hEEavVGG.exe
2020-03-24 10:03:14,963 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\aygKWjb.
2020-03-24 10:03:14,963 [root] DEBUG: Loader: Injecting process 1632 (thread 0) with C:\mhtyrzkj\dll\nAHtQCH.dll.
2020-03-24 10:03:14,963 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-03-24 10:03:14,963 [root] DEBUG: Failed to inject DLL C:\mhtyrzkj\dll\nAHtQCH.dll.
2020-03-24 10:03:14,963 [lib.api.process] ERROR: Unable to inject into 64-bit process with pid 1632, error: -15
2020-03-24 10:03:14,963 [root] DEBUG: DLL unloaded from 0x73D70000.
2020-03-24 10:03:14,963 [root] DEBUG: DLL unloaded from 0x74300000.
2020-03-24 10:03:14,963 [root] DEBUG: DLL unloaded from 0x73D70000.
2020-03-24 10:03:14,963 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 2744
2020-03-24 10:03:14,980 [root] DEBUG: GetHookCallerBase: thread 2760 (handle 0x0), return address 0x00FF1D6F, allocation base 0x00FF0000.
2020-03-24 10:03:14,980 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00FF0000.
2020-03-24 10:03:14,980 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2020-03-24 10:03:14,980 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00FF0000.
2020-03-24 10:03:14,980 [root] DEBUG: DumpProcess: Module entry point VA is 0x00003DB0.
2020-03-24 10:03:14,980 [root] INFO: Added new CAPE file to list with path: C:\hOJPXGtT\CAPE\2744_10607821644241924232020
2020-03-24 10:03:14,980 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x11200.
2020-03-24 10:03:14,980 [root] DEBUG: DLL unloaded from 0x73B50000.
2020-03-24 10:03:14,980 [root] DEBUG: DLL unloaded from 0x73C60000.
2020-03-24 10:03:14,980 [root] DEBUG: DLL unloaded from 0x75140000.
2020-03-24 10:03:14,980 [root] DEBUG: DLL unloaded from 0x73930000.
2020-03-24 10:03:14,980 [root] INFO: Notified of termination of process with pid 2744.
2020-03-24 10:03:35,276 [root] INFO: Process list is empty, terminating analysis.
2020-03-24 10:03:36,289 [root] INFO: Created shutdown mutex.
2020-03-24 10:03:37,303 [root] INFO: Shutting down package.
2020-03-24 10:03:37,303 [root] INFO: Stopping auxiliary modules.
2020-03-24 10:03:37,303 [root] INFO: Finishing auxiliary modules.
2020-03-24 10:03:37,303 [root] INFO: Shutting down pipe server and dumping dropped files.
2020-03-24 10:03:37,303 [root] WARNING: File at path "C:\hOJPXGtT\debugger" does not exist, skip.
2020-03-24 10:03:37,303 [root] WARNING: Monitor injection attempted but failed for process 1632.
2020-03-24 10:03:37,303 [root] INFO: Analysis completed.

MalScore

1.8

Benign

Machine

Name Label Manager Started On Shutdown On
target-01 target-01 ESX 2020-03-24 10:02:52 2020-03-24 10:03:52

File Details

File Name SkypeMeetingsApp.msi
File Size 14176256 bytes
File Type Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.3, Code page: 1252, Title: Installation Database, Subject: Skype Meetings App, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Skype Meetings App., Template: Intel;0, Revision Number: {C6C0F413-901C-42A8-A7F1-D03BD40F9B12}, Create Time/Date: Sat Aug 3 05:00:26 2019, Last Saved Time/Date: Sat Aug 3 05:00:26 2019, Number of Pages: 300, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2
MD5 2401c281f6798633b66b2a4a14937354
SHA1 632c80ea6699c5a6a4d6247182daa92a3bf60913
SHA256 73fdfb85b80b81c87e78580dc5b46a73c73f7907f8e6cff0886dcb6493365255
SHA512 408bb12c213e2b6fc96c890b74ba72294df95e35af2ea7a97c693c3b6a1dd0bfb3fd97d182a0d86b7852cf8506690fa611ed5f7e7919230520c82c3ff5df6dbd
CRC32 C33EBF37
Ssdeep 393216:dkRzrZlCLVu8BLhwd0fvt1u3LVazAOGR:dk3lCLVu8z5vvA5OAOw
TrID
  • 89.6% (.MSI) Microsoft Windows Installer (457000/1/171)
  • 8.7% (.MSP) Windows Installer Patch (44509/10/5)
  • 1.5% (.) Generic OLE2 / Multistream Compound File (8000/1)
ClamAV None matched
Yara
  • embedded_pe - Contains an embedded PE32 file
  • embedded_win_api - A non-Windows executable contains win32 API functions names
  • shellcode_patterns - Matched shellcode byte patterns
CAPE Yara None matched
Resubmit sample

Signatures

Attempts to connect to a dead IP:Port (1 unique times)
IP: 104.77.174.65:80 (United States)
Possible date expiration check, exits too soon after checking local time
process: msiexec.exe, PID 2744
Dynamic (imported) function loading detected
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: ole32.dll/CoGetMalloc
DynamicLoader: COMCTL32.DLL/InitCommonControlsEx
DynamicLoader: kernel32.dll/GetSystemWow64DirectoryW
DynamicLoader: kernel32.dll/GetThreadPreferredUILanguages
DynamicLoader: COMCTL32.DLL/RegisterClassNameW
DynamicLoader: UxTheme.dll/EnableThemeDialogTexture
DynamicLoader: COMCTL32.DLL/RegisterClassNameW
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: kernel32.dll/GetSystemWow64DirectoryW
DynamicLoader: SHELL32.dll/SHGetPropertyStoreForWindow
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: PROPSYS.dll/PSStringFromPropertyKey
DynamicLoader: PROPSYS.dll/PropVariantToString
DynamicLoader: OLEAUT32.dll/
DynamicLoader: GDI32.dll/GetLayout
DynamicLoader: GDI32.dll/GdiRealizationInfo
DynamicLoader: GDI32.dll/FontIsLinked
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: GDI32.dll/GetTextFaceAliasW
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: GDI32.dll/GetFontAssocStatus
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: GDI32.dll/GetTextFaceAliasW
DynamicLoader: GDI32.dll/GdiIsMetaPrintDC
DynamicLoader: ole32.dll/CoInitialize
DynamicLoader: kernel32.dll/GetSystemWow64DirectoryW
DynamicLoader: NETAPI32.DLL/NetGetJoinInformation
DynamicLoader: NETAPI32.DLL/NetApiBufferFree
DynamicLoader: kernel32.dll/GetFileAttributesExW
DynamicLoader: kernel32.dll/GetSystemWow64DirectoryW
DynamicLoader: ADVAPI32.dll/CreateWellKnownSid
DynamicLoader: ADVAPI32.dll/CheckTokenMembership
DynamicLoader: ADVAPI32.dll/SaferiChangeRegistryScope
DynamicLoader: ADVAPI32.dll/SaferIdentifyLevel
DynamicLoader: WINHTTP.dll/WinHttpOpen
DynamicLoader: WINHTTP.dll/WinHttpSetTimeouts
DynamicLoader: WINHTTP.dll/WinHttpSetOption
DynamicLoader: WINHTTP.dll/WinHttpCrackUrl
DynamicLoader: SHLWAPI.dll/StrCmpNW
DynamicLoader: WINHTTP.dll/WinHttpConnect
DynamicLoader: WINHTTP.dll/WinHttpOpenRequest
DynamicLoader: WINHTTP.dll/WinHttpGetDefaultProxyConfiguration
DynamicLoader: WINHTTP.dll/WinHttpGetIEProxyConfigForCurrentUser
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: NSI.dll/NsiAllocateAndGetTable
DynamicLoader: CFGMGR32.dll/CM_Open_Class_Key_ExW
DynamicLoader: IPHLPAPI.DLL/ConvertInterfaceGuidToLuid
DynamicLoader: IPHLPAPI.DLL/GetIfEntry2
DynamicLoader: IPHLPAPI.DLL/GetIpForwardTable2
DynamicLoader: IPHLPAPI.DLL/GetIpNetEntry2
DynamicLoader: IPHLPAPI.DLL/FreeMibTable
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: NSI.dll/NsiFreeTable
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: OLEAUT32.dll/
DynamicLoader: WINHTTP.dll/WinHttpGetProxyForUrl
DynamicLoader: WINHTTP.dll/WinHttpTimeFromSystemTime
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: WINHTTP.dll/WinHttpSendRequest
DynamicLoader: WS2_32.dll/GetAddrInfoW
DynamicLoader: WS2_32.dll/WSASocketW
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/WSAIoctl
DynamicLoader: WS2_32.dll/FreeAddrInfoW
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/WSARecv
DynamicLoader: WS2_32.dll/WSASend
DynamicLoader: WINHTTP.dll/WinHttpReceiveResponse
DynamicLoader: WINHTTP.dll/WinHttpQueryHeaders
DynamicLoader: SHLWAPI.dll/StrStrIW
DynamicLoader: WINHTTP.dll/WinHttpCloseHandle
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: ADVAPI32.dll/SaferGetLevelInformation
DynamicLoader: ADVAPI32.dll/SaferCloseLevel
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoQueryProxyBlanket
DynamicLoader: msi.dll/DllGetClassObject
DynamicLoader: msi.dll/DllCanUnloadNow
DynamicLoader: ole32.dll/CoSetProxyBlanket
DynamicLoader: kernel32.dll/GetSystemWow64DirectoryW
DynamicLoader: apphelp.dll/ApphelpGetMsiProperties
DynamicLoader: apphelp.dll/SdbInitDatabase
DynamicLoader: apphelp.dll/SdbFindFirstMsiPackage_Str
DynamicLoader: apphelp.dll/SdbReleaseDatabase
DynamicLoader: kernel32.dll/GetSystemWow64DirectoryW
DynamicLoader: kernel32.dll/GetSystemWow64DirectoryW
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: kernel32.dll/GetSystemWow64DirectoryW
DynamicLoader: MSCOREE.DLL/GetCORSystemDirectory
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: MSCOREE.DLL/
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: mscoreei.dll/RegisterShimImplCallback
DynamicLoader: mscoreei.dll/RegisterShimImplCleanupCallback
DynamicLoader: mscoreei.dll/SetShellShimInstance
DynamicLoader: mscoreei.dll/OnShimDllMainCalled
DynamicLoader: mscoreei.dll/GetCORSystemDirectory_RetAddr
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: SHLWAPI.dll/UrlIsW
DynamicLoader: kernel32.dll/GetCurrentPackageId
DynamicLoader: kernel32.dll/GetSystemWindowsDirectoryW
DynamicLoader: SHELL32.dll/SHGetFolderPathW
DynamicLoader: SHELL32.dll/DllGetVersion
DynamicLoader: kernel32.dll/GetNativeSystemInfo
DynamicLoader: kernel32.dll/GetSystemWow64DirectoryW
DynamicLoader: ntdll.dll/NtQuerySystemInformation
DynamicLoader: kernel32.dll/GlobalMemoryStatusEx
DynamicLoader: kernel32.dll/GetSystemWow64DirectoryW
DynamicLoader: kernel32.dll/CheckElevationEnabled
DynamicLoader: kernel32.dll/SetThreadExecutionState
DynamicLoader: kernel32.dll/GetSystemWow64DirectoryW
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: SHELL32.dll/SHChangeNotify
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: kernel32.dll/GetSystemWow64DirectoryW
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoFreeUnusedLibraries
DynamicLoader: Cabinet.dll/
DynamicLoader: kernel32.dll/GetSystemWow64DirectoryW
DynamicLoader: SHELL32.dll/SHGetPropertyStoreForWindow
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: ADVAPI32.dll/UnregisterTraceGuids
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
Performs some HTTP requests
url: http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt
url: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
url: http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
url: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAtqs7A%2Bsan2xGCSaqjN%2FrM%3D

Screenshots


Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
N 52.114.88.20 [VT] United Kingdom
N 52.114.14.16 [VT] Singapore
N 23.202.161.73 [VT] United States
N 117.18.237.29 [VT] Taiwan
N 104.77.174.65 [VT] United States

DNS

Name Response Post-Analysis Lookup
www.microsoft.com [VT] CNAME www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net [VT]
CNAME e13678.dspb.akamaiedge.net [VT]
CNAME www.microsoft.com-c-3.edgekey.net [VT]
A 23.202.161.73 [VT]
www.download.windowsupdate.com [VT] A 104.77.174.41 [VT]
CNAME 2-01-3cf7-0009.cdx.cedexis.net [VT]
CNAME download.windowsupdate.com.edgesuite.net [VT]
A 104.77.174.65 [VT]
CNAME a767.dspw65.akamai.net [VT]
meet.skype.com [VT] CNAME join.services-skype.akadns.net [VT]
CNAME join-apac.services-skype.akadns.net [VT]
A 52.114.14.16 [VT]
mobile.pipe.aria.microsoft.com [VT] CNAME skypedataprdcoluks01.cloudapp.net [VT]
CNAME mobile.events.data.trafficmanager.net [VT]
A 52.114.88.20 [VT]
ocsp.digicert.com [VT] CNAME cs9.wac.phicdn.net [VT]
A 117.18.237.29 [VT]

Summary

C:\Users\user\AppData\Local\Temp\SkypeMeetingsApp.msi
C:\Windows\SysWOW64\msimsg.dll
C:\Windows\SysWOW64\en-US\MSCTF.dll.mui
C:\Windows\Fonts\staticcache.dat
A:
B:
E:
F:
G:
H:
I:
J:
K:
L:
M:
N:
O:
P:
Q:
R:
S:
T:
U:
V:
W:
X:
Y:
Z:
C:\
C:\Windows\SysWOW64\en-US\WINHTTP.dll.mui
C:\Users\user\AppData\LocalLow
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
C:\Users
C:\Users\user
C:\Users\user\AppData
C:\Users\user\AppData\Local
C:\Users\user\AppData\Local\Temp
C:\Windows\AppPatch\sysmain.sdb
C:\Windows\AppPatch\msimain.sdb
C:\Windows\SysWOW64\sxs.dll
C:\Windows\SysWOW64\en-US\sxs.DLL.mui
C:\Windows\SysWOW64\*
C:\Windows\SysWOW64\ar-SA\sxs.DLL.mui
C:\Windows\SysWOW64\bg-BG\sxs.DLL.mui
C:\Windows\SysWOW64\cs-CZ\sxs.DLL.mui
C:\Windows\SysWOW64\da-DK\sxs.DLL.mui
C:\Windows\SysWOW64\de-DE\sxs.DLL.mui
C:\Windows\SysWOW64\el-GR\sxs.DLL.mui
C:\Windows\SysWOW64\en\sxs.DLL.mui
C:\Windows\SysWOW64\es-ES\sxs.DLL.mui
C:\Windows\SysWOW64\et-EE\sxs.DLL.mui
C:\Windows\SysWOW64\fi-FI\sxs.DLL.mui
C:\Windows\SysWOW64\fr-FR\sxs.DLL.mui
C:\Windows\SysWOW64\he-IL\sxs.DLL.mui
C:\Windows\SysWOW64\hr-HR\sxs.DLL.mui
C:\Windows\SysWOW64\hu-HU\sxs.DLL.mui
C:\Windows\SysWOW64\it-IT\sxs.DLL.mui
C:\Windows\SysWOW64\ja-JP\sxs.DLL.mui
C:\Windows\SysWOW64\ko-KR\sxs.DLL.mui
C:\Windows\SysWOW64\lt-LT\sxs.DLL.mui
C:\Windows\SysWOW64\lv-LV\sxs.DLL.mui
C:\Windows\SysWOW64\nb-NO\sxs.DLL.mui
C:\Windows\SysWOW64\nl-NL\sxs.DLL.mui
C:\Windows\SysWOW64\pl-PL\sxs.DLL.mui
C:\Windows\SysWOW64\pt-BR\sxs.DLL.mui
C:\Windows\SysWOW64\pt-PT\sxs.DLL.mui
C:\Windows\SysWOW64\ro-RO\sxs.DLL.mui
C:\Windows\SysWOW64\ru-RU\sxs.DLL.mui
C:\Windows\SysWOW64\sk-SK\sxs.DLL.mui
C:\Windows\SysWOW64\sl-SI\sxs.DLL.mui
C:\Windows\SysWOW64\sr-Latn-CS\sxs.DLL.mui
C:\Windows\SysWOW64\sv-SE\sxs.DLL.mui
C:\Windows\SysWOW64\th-TH\sxs.DLL.mui
C:\Windows\SysWOW64\tr-TR\sxs.DLL.mui
C:\Windows\SysWOW64\uk-UA\sxs.DLL.mui
C:\Windows\SysWOW64\zh-CN\sxs.DLL.mui
C:\Windows\SysWOW64\zh-HK\sxs.DLL.mui
C:\Windows\SysWOW64\zh-TW\sxs.DLL.mui
C:\Windows\SysWOW64\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Windows\SysWOW64\msiexec.exe.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll
C:\Windows\SysWOW64\en\MsiMsg.dll.mui
C:\Users\user\AppData\Local\Temp\SkypeMeetingsApp.msi
C:\Windows\SysWOW64\msimsg.dll
C:\Windows\SysWOW64\en-US\MSCTF.dll.mui
C:\Windows\Fonts\staticcache.dat
C:\Windows\SysWOW64\en-US\WINHTTP.dll.mui
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
C:\Windows\AppPatch\sysmain.sdb
C:\Windows\AppPatch\msimain.sdb
C:\Windows\SysWOW64\sxs.dll
C:\Windows\SysWOW64\en-US\sxs.DLL.mui
C:\Windows\SysWOW64\ar-SA\sxs.DLL.mui
C:\Windows\SysWOW64\bg-BG\sxs.DLL.mui
C:\Windows\SysWOW64\cs-CZ\sxs.DLL.mui
C:\Windows\SysWOW64\da-DK\sxs.DLL.mui
C:\Windows\SysWOW64\de-DE\sxs.DLL.mui
C:\Windows\SysWOW64\el-GR\sxs.DLL.mui
C:\Windows\SysWOW64\en\sxs.DLL.mui
C:\Windows\SysWOW64\es-ES\sxs.DLL.mui
C:\Windows\SysWOW64\et-EE\sxs.DLL.mui
C:\Windows\SysWOW64\fi-FI\sxs.DLL.mui
C:\Windows\SysWOW64\fr-FR\sxs.DLL.mui
C:\Windows\SysWOW64\he-IL\sxs.DLL.mui
C:\Windows\SysWOW64\hr-HR\sxs.DLL.mui
C:\Windows\SysWOW64\hu-HU\sxs.DLL.mui
C:\Windows\SysWOW64\it-IT\sxs.DLL.mui
C:\Windows\SysWOW64\ja-JP\sxs.DLL.mui
C:\Windows\SysWOW64\ko-KR\sxs.DLL.mui
C:\Windows\SysWOW64\lt-LT\sxs.DLL.mui
C:\Windows\SysWOW64\lv-LV\sxs.DLL.mui
C:\Windows\SysWOW64\nb-NO\sxs.DLL.mui
C:\Windows\SysWOW64\nl-NL\sxs.DLL.mui
C:\Windows\SysWOW64\pl-PL\sxs.DLL.mui
C:\Windows\SysWOW64\pt-BR\sxs.DLL.mui
C:\Windows\SysWOW64\pt-PT\sxs.DLL.mui
C:\Windows\SysWOW64\ro-RO\sxs.DLL.mui
C:\Windows\SysWOW64\ru-RU\sxs.DLL.mui
C:\Windows\SysWOW64\sk-SK\sxs.DLL.mui
C:\Windows\SysWOW64\sl-SI\sxs.DLL.mui
C:\Windows\SysWOW64\sr-Latn-CS\sxs.DLL.mui
C:\Windows\SysWOW64\sv-SE\sxs.DLL.mui
C:\Windows\SysWOW64\th-TH\sxs.DLL.mui
C:\Windows\SysWOW64\tr-TR\sxs.DLL.mui
C:\Windows\SysWOW64\uk-UA\sxs.DLL.mui
C:\Windows\SysWOW64\zh-CN\sxs.DLL.mui
C:\Windows\SysWOW64\zh-HK\sxs.DLL.mui
C:\Windows\SysWOW64\zh-TW\sxs.DLL.mui
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\SysWOW64\msiexec.exe.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll
C:\Windows\SysWOW64\en\MsiMsg.dll.mui
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Products\74E9D1CB72981AA48A197736CB42577B
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Installer\Products\74E9D1CB72981AA48A197736CB42577B
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\74E9D1CB72981AA48A197736CB42577B
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000809
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\msiexec.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{70FAF614-E0B1-11D3-8F5C-00C04F9CF4AC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
\xe7\x96\x90\xc2\xa4EY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\MS Shell Dlg
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Products
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Installer\Products
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Products\000041091A0090400000000000F01FEC
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Installer\Products\000041091A0090400000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000041091A0090400000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\000041091A0090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\000041091A0090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Products\00004109510090400000000000F01FEC
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Installer\Products\00004109510090400000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109510090400000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109510090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109510090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Products\00004109511090400000000000F01FEC
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Installer\Products\00004109511090400000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109511090400000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109511090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109511090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Products\00004109610090400000000000F01FEC
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Installer\Products\00004109610090400000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109610090400000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109610090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109610090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Products\00004109611090400100000000F01FEC
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Installer\Products\00004109611090400100000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109611090400100000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109611090400100000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109611090400100000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Products\00004109711090400000000000F01FEC
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Installer\Products\00004109711090400000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109711090400000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109711090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109711090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Products\00004109810090400000000000F01FEC
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Installer\Products\00004109810090400000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109810090400000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109810090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109810090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Products\00004109910090400000000000F01FEC
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Installer\Products\00004109910090400000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109910090400000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109910090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109910090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Products\00004109A10090400000000000F01FEC
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Installer\Products\00004109A10090400000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109A10090400000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109A10090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109A10090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Products\00004109A20000000100000000F01FEC
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Installer\Products\00004109A20000000100000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109A20000000100000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109A20000000100000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109A20000000100000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Products\00004109A20090400100000000F01FEC
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Installer\Products\00004109A20090400100000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109A20090400100000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109A20090400100000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109A20090400100000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Products\00004109B10090400000000000F01FEC
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Installer\Products\00004109B10090400000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109B10090400000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109B10090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109B10090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Products\00004109C20090400000000000F01FEC
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Installer\Products\00004109C20090400000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109C20090400000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109C20090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109C20090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Products\00004109D30000000000000000F01FEC
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Installer\Products\00004109D30000000000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109D30000000000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109D30000000000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109D30000000000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Products\00004109E60090400000000000F01FEC
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Installer\Products\00004109E60090400000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109E60090400000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109E60090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109E60090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Products\00004109F10090400000000000F01FEC
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Installer\Products\00004109F10090400000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F10090400000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109F10090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109F10090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Products\00004109F100A0C00000000000F01FEC
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Installer\Products\00004109F100A0C00000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F100A0C00000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109F100A0C00000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109F100A0C00000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Products\00004109F100C0400000000000F01FEC
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Installer\Products\00004109F100C0400000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00004109F100C0400000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109F100C0400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109F100C0400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Products\3ECDCD77DED23F261845507E5474D270
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Installer\Products\3ECDCD77DED23F261845507E5474D270
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\3ECDCD77DED23F261845507E5474D270
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3ECDCD77DED23F261845507E5474D270\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3ECDCD77DED23F261845507E5474D270\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Products\4EA42A62D9304AC4784BF238120700FF
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Installer\Products\4EA42A62D9304AC4784BF238120700FF
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4EA42A62D9304AC4784BF238120700FF
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF238120700FF\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF238120700FF\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Products\4F4A3A23297B6D117AA8000B0D710000
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Installer\Products\4F4A3A23297B6D117AA8000B0D710000
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4F4A3A23297B6D117AA8000B0D710000
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4F4A3A23297B6D117AA8000B0D710000\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4F4A3A23297B6D117AA8000B0D710000\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Products\5FD4CC3C5A9372041B63B2E3F1A56B2E
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Installer\Products\5FD4CC3C5A9372041B63B2E3F1A56B2E
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\5FD4CC3C5A9372041B63B2E3F1A56B2E
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5FD4CC3C5A9372041B63B2E3F1A56B2E\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5FD4CC3C5A9372041B63B2E3F1A56B2E\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Products\68AB67CA7DA73301B7449A0000000010
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Installer\Products\68AB67CA7DA73301B7449A0000000010
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\68AB67CA7DA73301B7449A0000000010
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\68AB67CA7DA73301B7449A0000000010\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\68AB67CA7DA73301B7449A0000000010\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Products\8663020007180A44EB446B23AFD487F0
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Installer\Products\8663020007180A44EB446B23AFD487F0
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\8663020007180A44EB446B23AFD487F0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8663020007180A44EB446B23AFD487F0\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8663020007180A44EB446B23AFD487F0\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Products\BE4EBED704B66673BB53C5BB3C58AD73
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Installer\Products\BE4EBED704B66673BB53C5BB3C58AD73
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\BE4EBED704B66673BB53C5BB3C58AD73
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BE4EBED704B66673BB53C5BB3C58AD73\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BE4EBED704B66673BB53C5BB3C58AD73\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Products\F60730A4A66673047777F5728467D401
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Installer\Products\F60730A4A66673047777F5728467D401
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\F60730A4A66673047777F5728467D401
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401\InstanceType
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
\xed\x96\x90\xc2\xa4EY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaximumAllowedAllocationSize
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-0c-29-dc-04-c0
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-120665959-548228820-2376508522-1001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-120665959-548228820-2376508522-1001\ProfileImagePath
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\ChainEngine\Config
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableInetUnknownAuth
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\Interface\{000C101C-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{000C101C-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{000C101C-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{000C103E-0000-0000-C000-000000000046}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\TreatAs
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\Progid
HKEY_CURRENT_USER\Software\Classes\CLSID\{000C103E-0000-0000-C000-000000000046}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000C103E-0000-0000-C000-000000000046}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\InProcServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\InprocHandler
HKEY_CLASSES_ROOT\CLSID\{000C101D-0000-0000-C000-000000000046}\DllVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000C101D-0000-0000-C000-000000000046}\DllVersion\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\74E9D1CB72981AA48A197736CB42577B\InstallProperties
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\{bc1d9e47-8927-4aa1-a891-7763bc2475b7}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\..
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\0409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\AdvancedInstallers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\catroot
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\catroot2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\com
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\config
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Dism
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\drivers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\DriverStore
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\FxsTmp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\GroupPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\GroupPolicyUsers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\icsxml
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\IME
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\inetsrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\InstallShield
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\LogFiles
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\manifeststore
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\migration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\migwiz
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Msdtc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\MUI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\NDF
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\NetworkList
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\oobe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Printing_Admin_Scripts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ras
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Recovery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\restore
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Setup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\slmgr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Speech
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\spp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sppui
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sysprep
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Tasks
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\wbem
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\WCN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\wdi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\WindowsPowerShell
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\winrm
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\msi.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\msi.dll\{462EF42B-ABA4-4eac-9843-9EED260F54D0}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\msi.dll\{462EF42B-ABA4-4eac-9843-9EED260F54D0}\Registry Keys
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\msi.dll\{462EF42B-ABA4-4eac-9843-9EED260F54D0}\Relative Files
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\msi.dll\{462EF42B-ABA4-4eac-9843-9EED260F54D0}\Target Version
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Policies\Microsoft\Windows\Installer
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\PendingFileRenameOperations
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RegisteredOwner
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RegisteredOrganization
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress
HKEY_CURRENT_USER\Control Panel\Desktop
HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaverIsSecure
HKEY_CURRENT_USER\Software\Classes\Interface\{000C101D-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{000C101D-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{000C101D-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\msiexec.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\msiexec.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000809
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
\xe7\x96\x90\xc2\xa4EY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\000041091A0090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\000041091A0090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109510090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109510090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109511090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109511090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109610090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109610090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109611090400100000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109611090400100000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109711090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109711090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109810090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109810090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109910090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109910090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109A10090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109A10090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109A20000000100000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109A20000000100000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109A20090400100000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109A20090400100000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109B10090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109B10090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109C20090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109C20090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109D30000000000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109D30000000000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109E60090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109E60090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109F10090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109F10090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109F100A0C00000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109F100A0C00000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109F100C0400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00004109F100C0400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3ECDCD77DED23F261845507E5474D270\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3ECDCD77DED23F261845507E5474D270\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF238120700FF\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF238120700FF\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4F4A3A23297B6D117AA8000B0D710000\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4F4A3A23297B6D117AA8000B0D710000\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5FD4CC3C5A9372041B63B2E3F1A56B2E\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5FD4CC3C5A9372041B63B2E3F1A56B2E\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\68AB67CA7DA73301B7449A0000000010\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\68AB67CA7DA73301B7449A0000000010\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8663020007180A44EB446B23AFD487F0\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8663020007180A44EB446B23AFD487F0\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BE4EBED704B66673BB53C5BB3C58AD73\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BE4EBED704B66673BB53C5BB3C58AD73\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
\xed\x96\x90\xc2\xa4EY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaximumAllowedAllocationSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-120665959-548228820-2376508522-1001\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableInetUnknownAuth
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{000C101C-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000C101D-0000-0000-C000-000000000046}\DllVersion\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\..
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\0409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\AdvancedInstallers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\catroot
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\catroot2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\com
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\config
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Dism
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\drivers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\DriverStore
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\FxsTmp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\GroupPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\GroupPolicyUsers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\icsxml
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\IME
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\inetsrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\InstallShield
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\LogFiles
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\manifeststore
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\migration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\migwiz
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Msdtc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\MUI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\NDF
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\NetworkList
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\oobe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Printing_Admin_Scripts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ras
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Recovery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\restore
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Setup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\slmgr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Speech
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\spp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sppui
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sysprep
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Tasks
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\wbem
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\WCN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\wdi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\WindowsPowerShell
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\winrm
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\msi.dll\{462EF42B-ABA4-4eac-9843-9EED260F54D0}\Target Version
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\PendingFileRenameOperations
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RegisteredOwner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RegisteredOrganization
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization
HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaverIsSecure
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{000C101D-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
ole32.dll.CoGetMalloc
comctl32.dll.InitCommonControlsEx
kernel32.dll.GetSystemWow64DirectoryW
kernel32.dll.GetThreadPreferredUILanguages
comctl32.dll.RegisterClassNameW
uxtheme.dll.EnableThemeDialogTexture
uxtheme.dll.OpenThemeData
ole32.dll.CoInitializeEx
ole32.dll.CoUninitialize
cryptbase.dll.SystemFunction036
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoRevokeInitializeSpy
shell32.dll.SHGetPropertyStoreForWindow
ole32.dll.CoTaskMemAlloc
propsys.dll.PSStringFromPropertyKey
propsys.dll.PropVariantToString
oleaut32.dll.#6
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
gdi32.dll.GetTextFaceAliasW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
gdi32.dll.GetFontAssocStatus
advapi32.dll.RegQueryValueExA
advapi32.dll.RegEnumKeyExW
gdi32.dll.GdiIsMetaPrintDC
ole32.dll.CoInitialize
netapi32.dll.NetGetJoinInformation
netapi32.dll.NetApiBufferFree
kernel32.dll.GetFileAttributesExW
advapi32.dll.CreateWellKnownSid
advapi32.dll.CheckTokenMembership
advapi32.dll.SaferiChangeRegistryScope
advapi32.dll.SaferIdentifyLevel
winhttp.dll.WinHttpOpen
winhttp.dll.WinHttpSetTimeouts
winhttp.dll.WinHttpSetOption
winhttp.dll.WinHttpCrackUrl
shlwapi.dll.StrCmpNW
winhttp.dll.WinHttpConnect
winhttp.dll.WinHttpOpenRequest
winhttp.dll.WinHttpGetDefaultProxyConfiguration
winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser
advapi32.dll.RegDeleteTreeA
advapi32.dll.RegDeleteTreeW
ole32.dll.StringFromIID
nsi.dll.NsiAllocateAndGetTable
cfgmgr32.dll.CM_Open_Class_Key_ExW
iphlpapi.dll.ConvertInterfaceGuidToLuid
iphlpapi.dll.GetIfEntry2
iphlpapi.dll.GetIpForwardTable2
iphlpapi.dll.GetIpNetEntry2
iphlpapi.dll.FreeMibTable
ole32.dll.CoTaskMemFree
nsi.dll.NsiFreeTable
oleaut32.dll.#500
winhttp.dll.WinHttpGetProxyForUrl
winhttp.dll.WinHttpTimeFromSystemTime
winhttp.dll.WinHttpSendRequest
ws2_32.dll.GetAddrInfoW
ws2_32.dll.WSASocketW
ws2_32.dll.#2
ws2_32.dll.#21
ws2_32.dll.#9
ws2_32.dll.WSAIoctl
ws2_32.dll.FreeAddrInfoW
ws2_32.dll.#6
ws2_32.dll.#5
ws2_32.dll.WSARecv
ws2_32.dll.WSASend
winhttp.dll.WinHttpReceiveResponse
winhttp.dll.WinHttpQueryHeaders
shlwapi.dll.StrStrIW
winhttp.dll.WinHttpCloseHandle
rpcrt4.dll.RpcBindingFree
advapi32.dll.SaferGetLevelInformation
advapi32.dll.SaferCloseLevel
ole32.dll.CoCreateInstance
ole32.dll.CoQueryProxyBlanket
msi.dll.DllGetClassObject
msi.dll.DllCanUnloadNow
ole32.dll.CoSetProxyBlanket
apphelp.dll.ApphelpGetMsiProperties
apphelp.dll.SdbInitDatabase
apphelp.dll.SdbFindFirstMsiPackage_Str
apphelp.dll.SdbReleaseDatabase
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
mscoree.dll.GetCORSystemDirectory
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll.GetCORSystemDirectory_RetAddr
shlwapi.dll.UrlIsW
kernel32.dll.GetSystemWindowsDirectoryW
shell32.dll.SHGetFolderPathW
shell32.dll.DllGetVersion
kernel32.dll.GetNativeSystemInfo
ntdll.dll.NtQuerySystemInformation
kernel32.dll.GlobalMemoryStatusEx
kernel32.dll.CheckElevationEnabled
kernel32.dll.SetThreadExecutionState
shell32.dll.SHChangeNotify
ole32.dll.CoFreeUnusedLibraries
cabinet.dll.#23
advapi32.dll.UnregisterTraceGuids
cryptsp.dll.CryptReleaseContext
Local\MSCTF.Asm.MutexDefault1
Global\_MSIExecute
No static analysis available.
B4FhD&B
C1A5G
DrDhD7H
A7CrD
ErE<H
ExE(H
B7F3H
B4FhD&B
B'C$H
DhE7G
?dA/B6H
9MSCF
api_ms_win_core_console_l1_1_0.dll
api_ms_win_core_datetime_l1_1_0.dll
api_ms_win_core_debug_l1_1_0.dll
api_ms_win_core_errorhandling_l1_1_0.dll
api_ms_win_core_file_l1_1_0.dll
api_ms_win_core_file_l1_2_0.dll
api_ms_win_core_file_l2_1_0.dll
api_ms_win_core_handle_l1_1_0.dll
api_ms_win_core_heap_l1_1_0.dll
api_ms_win_core_interlocked_l1_1_0.dll
api_ms_win_core_libraryloader_l1_1_0.dll
api_ms_win_core_localization_l1_2_0.dll
api_ms_win_core_memory_l1_1_0.dll
api_ms_win_core_namedpipe_l1_1_0.dll
api_ms_win_core_processenvironment_l1_1_0.dll
api_ms_win_core_processthreads_l1_1_0.dll
api_ms_win_core_processthreads_l1_1_1.dll
api_ms_win_core_profile_l1_1_0.dll
api_ms_win_core_rtlsupport_l1_1_0.dll
api_ms_win_core_string_l1_1_0.dll
api_ms_win_core_synch_l1_1_0.dll
api_ms_win_core_synch_l1_2_0.dll
api_ms_win_core_sysinfo_l1_1_0.dll
api_ms_win_core_timezone_l1_1_0.dll
api_ms_win_core_util_l1_1_0.dll
API_MS_Win_core_xstate_l2_1_0.dll
api_ms_win_crt_conio_l1_1_0.dll
api_ms_win_crt_convert_l1_1_0.dll
api_ms_win_crt_environment_l1_1_0.dll
api_ms_win_crt_filesystem_l1_1_0.dll
api_ms_win_crt_heap_l1_1_0.dll
api_ms_win_crt_locale_l1_1_0.dll
api_ms_win_crt_math_l1_1_0.dll
api_ms_win_crt_multibyte_l1_1_0.dll
api_ms_win_crt_private_l1_1_0.dll
api_ms_win_crt_process_l1_1_0.dll
api_ms_win_crt_runtime_l1_1_0.dll
api_ms_win_crt_stdio_l1_1_0.dll
api_ms_win_crt_string_l1_1_0.dll
api_ms_win_crt_time_l1_1_0.dll
api_ms_win_crt_utility_l1_1_0.dll
appshapi.dll
AppShareCore.dll
AppShareViewerUI.dll
appshcom.dll
appshvw.dll
AudioVideo.dll
ClientTelemetry.dll
concrt140.dll
cpprest140_2_9.dll
GatewayActiveX.dll
GatewayActiveX_x64.dll
GatewayVersion.exe
GatewayVersion_x64.exe
MediaPlatformConfig.dll
msvcp110.dll
msvcp120.dll
msvcp140.dll
msvcr110.dll
msvcr120.dll
npGatewayNpapi.dll
npGatewayNpapi_x64.dll
Packager.dll
PluginHost.exe
PluginLogging.dll
rdpqoemetrics.dll
roottools.dll
RtmCodecs.dll
RtmMediaManager.dll
RtmMvrCs.dll
RtmMvrHw.dll
RtmPal.dll
RtmpLtFm.dll
Skype_Meetings_App.exe
Skype_Meetings_App.json
Skype_Meetings_AppHook.dll
Skype_Meetings_AppHook_x64.dll
ssScreenVVS2.dll
ThirdPartyNotices.txt
TuningWizard.dll
ucrtbase.dll
vccorlib140.dll
vcruntime140.dll
VideoUI.dll
wastorage.dll
3EV-h
g:bUY
89NrZ
=Gt^
W&_*1.p
/:{b?3
tB,!x
J`j_6
q5fZm
\ 7Cw
.&,`M
<u8GJ
/kdaj
=qUj>_
"X,UPV
K}MsY
CvVNN
q7rO_
[1g#|
z}a~A
~t@$/
e'<9X.O
D2(0(2(
^Y<P]:
\NJ"0
EL37L
LYxhC
2xF:{
N2m!E5
eRL9,0T
A#+Eh
f3kA#
Ak,rC
?7E5$
btDF%^
rBTR1
\'8fa
#DWrTK
(Dm6(u
aIGN8
n pGN7
wev_44
WJo46W
vb&]A
O3;>Y<
,IhmiT
WUeBt
b*#'I
OP?@Z
=B$_\
PAkHTd
(DrneJ
2[tw"
=U7_LJ
8U`,.F
Ixn,,
"G,%xK
4w}:8Z
U!b ;
bho2r
Ti%+S&3
E$luD/
eUA!6
"I"F.
UCw+_/
-T\\&
Y6kf$
3(J*r
k)I>G
"YmQ1n^
[4`]o
Pjn0#
mnV%M
(].t6HG
OyvoX\
3CD/s-
lB7}4
KE{7l
S:D6?_
0{sqnrk
}tUkW
xzy(
U-V}
y7y.*
q3rTz
Ffu B
JJ["V
I=of^
(,?jb
3,ctPi
R |1=
7D\3b$>
QSR&L9
GYO8s'
Sf\0N
)mB(Mt
Z~sl#
UwQU`E
tAxMO*Y*
y/eYh
#Y/-<
K"'9x
K;kk:<>L
v$ewP$Tv`D
<+nZ%Z
:|a,pk
J-)).
M-/)J
*+S'QIFP
wDw#7
D.*t%
/+DnW
$TI)H
Le8xw
w5G#`
9T?!
#7'Lw
fLq3O
]H{*M
NJho6
c6>J'
> }X>
0H\w|
[|K^4$
#7Jh1/e8
i8JA#`
)(DpTa
~e o4
|W%Cp`CU
f/ym_L
UUDU"
VEwG+
jbxwR5
+.ry)z
|+}?6t!
}5P,o
{y&a:Va
hDU#VffWTU
~lj`f
UONUr
0/?ql
,3l"q
6=f &6
m4Ojl
\3xl#
)j6Da
j47hdi
D}:p!p
R!u$p
igL{1
`7ykXP!
JXWW:
om&8I
_A@'7(D{
Ax0knB~di
B3m9sc
8/rN&
05\C>"
ok\9>
DrUDf
3fHwl
f33}"
+`AQ&
i;s07
@/AXAW
NSB!P
n/wx8
S5D3P
:Pf<n
f$O\J+
eKm6B
5NL+x
e+(s2
@*/_kW
*4#4D
5gC"s
AJrV(c
3(p,jWw
a`|dF
:2&_[EB
\PA1m
6G<0OQ
ZvZt3
[gY"TPf
0%!jl
u3"VD
bB2`+!
k(A?3
qlnPB
<Rrad
App=q
@tI N
]43b`V
!:Gy"
v2$x ,
_Xpq(
DqM,$)3<
@E9!1M
DTlov
8@h:\
!S)ZT
eEZ&L
6q-DF
,S4A|
?,QZkJ{
L*[83}
[0jT-
$k SBq
@[xMM
5{N:S
]yTfY
V"'_
B?M^]
O_VCh
r#1#J
;Fd8?
B}FyZ
PL#j1
k/M4}
`70m*v=zM
sRdB!
4s5l`5
Ej!_/zUN/
K~QA{
*Be;1
@&*_6W
h+w`m6
8bm\n
7T\b~
\ k`'5
(+p_Q
SwS6'
t#u#y#{#2#
A3A!2
qc8|?
lFSg5XfO
J`,"C
M2Ep4
P.6H'
68\h0(
(.WqyK
\":KY
_F@ATg
X<PrM
:l~*>
ps[l?
hTn>yc
XkRFE&Y
"7MJ4
`PUTC
jvL#n
owr@\
=$BCR
"X8TNQ.
e1:TJ
:e-S5
*T9k3
mrCNB
=DNqp
rx`&o
-EY4-
W?-$&h
*+KW~
'X}?F
~qm|4
{9,)q
Cq4#f
d( u]@
eY2!M.Kd'
[B:!."`
/S/V/U-R/G
Qps[`
0gdu]<
,!3/5;
It=.Y
?/'tx
Bsx3r
KBc9C
V1xO2
!8+7\
#}hh8
e&/KMO
!^(W{
-<+d[
U4pUu
W%;W:
c !lB
=i'OY]
?t,i$]
?%MUJ
^OScZ
Ch"lx_
6]jf2
AuF-)
Gt.bw
&`M)S
*KX\B
LXzRrW1
QpZ#T
IH Z
KGigF
dK(\X
-j-8
z7jLY =l
up#*i`
`f9nL
N+s%i
Fg5+"\.
1?}1v
agmo4G
zLfMV0
$fJzo7
FKycu
D4QA5
j) T}m
qlNi9
8xi|t4
`vo-a:
#rJL?
[c4u7
LSB]@5
*H_'E
@#V=K
BuFS]
;st5w
L-}w+
j|_N`
f9a<4Y=
['8R.GO+
Fwg;Y
2]hMS
I_|f2
TJ@d3
U >!Cx]
1a|":
3U[>.+
T?j754
]{p.b
p"E:!
y@HLY*
i2~4K
+<L<y
]4<(C
TzC`R
*2{CB
&^H9S
4hS*[
~CFH*
RAb@`
`^)q-
PuvRpl
w@G0)
q2w-"^_
9%0rNq
]wu]0
V)*!8s8
'BqV"
Wyjy-
mv_u1oC
dy7S^
'pB:!
Y4<A=y
*x?{~x
1vUFC
=ZEP#
wnN|-
<0{z/
@r[jAO
+4404
rx;MT$
'R<SZ{
Im]g;o"
h% ne
p#9E6
sh,g+W
ljwPa
EW?Z"
lS6C&
E.76D!
eV1RB
:Xg[f{
]U^q}
b[0Mi6
-3E^7+
g6yG?
sE@1B%
~d5??
-\gM&f
wN6L`
TeUu"UX5
v!)^O
T'g=F4+
s<,c$
#f_xK
k:)2 ?Q^
Mc~9+?
,"%VH
EEGR0C
&)1b/
ePV@S
RSa4q
EUeEbT
D#E3pWvp
*i.=JE
nR$?L
Wz|^],
4gClwy
Uu#UpU
A)jWS;
x>P8)
*;x?@T
>pu?<
J_Rc;
_9x][}^i*
%&u$h
;kfdg
*ZxdH
&|21BYC
dpDCDCY
RH)L)
LW-#a
s*WLt
GCt1c
']hXk
"KvahMo\^
D"=s;
Installation Database
Skype Meetings App
Microsoft Corporation
Installer
This installer database contains the logic and data required to install Skype Meetings App.
Intel;0
{C6C0F413-901C-42A8-A7F1-D03BD40F9B12}
Windows Installer XML Toolset (3.11.1.2318)
.text
`.rdata
@.data
.gfids
@.rsrc
@.reloc
SVWUj
Failed to copy CustomAction log name: %s
Failed to set verbose logging global atom
wcautil.cpp
Failed to get module filename
Entering %s in %ls, version %u.%u.%u.%u
LOGVERBOSE
failed to get MsiLogging property
wcalog.cpp
Failed to create WcaVerboseLogging global atom.
Failed to delete WcaVerboseLogging global atom.
Failed to create WcaNotVerboseLogging global atom.
Failed to delete WcaNotVerboseLogging global atom.
%s: %s
Error 0x%x: %s
wcawrap.cpp
Failed to allocate string for Property '%ls'
Failed to get previous size of property data string.
Failed to get data for property '%ls'
Unknown exception
bad allocation
bad array new length
bad exception
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`RTTI
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
`h````
(null)
CorExitProcess
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
e+000
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
March
April
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
GetCurrentPackageId
LCMapStringEx
LocaleNameToLCID
1#INF
1#QNAN
1#SNAN
1#IND
log10
log10
BC .=
"B <1=
#.X'=
?tanh
atan2
floor
ldexp
_cabs
_hypot
frexp
_logb
_nextafter
fileutil.cpp
memutil.cpp
strutil.cpp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
IERefreshElevationPolicy
vector<T> too long
map/set<T> too long
property may not exist.
Failed to generate telemetry id
Failed to generate telemetry id string
Failed to set telemetry id
Failed to create http session.
Failed to WinHttpsetTimeout.
Failed to create http connection.
Failed to open http request.
Failed to send http request.
CaGetProductInfo
CaTestFilesLocked
Failed to get property "ProductCode"
Failed to get active installer database
File "%S" can be deleted
File "%S" cannot be deleted
File "%S" doesn't exist
CaSendTelemetryStart
CaSendTelemetryEnd
CaSendTelemetryCancel
CaSendTelemetryError
CaSendTelemetrySuccess
invalid string position
string too long
SetupActions.pdb
.text$di
.text$mn
.text$x
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.edata
.idata$2
.idata$3
.idata$4
.idata$6
.data
.data$r
.gfids$x
.gfids$y
.rsrc$01
.rsrc$02
SetupActions.dll
CaGetEnvironmentInfo
CaGetProductInfo
CaPreInstallCheck
CaSendTelemetryCancel
CaSendTelemetryEnd
CaSendTelemetryError
CaSendTelemetryStart
CaSendTelemetrySuccess
CaTestFilesLocked
RefreshIEElevationPolicy
TranslateSid
msi.dll
WinHttpConnect
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpOpen
WINHTTP.dll
PathFindFileNameW
SHLWAPI.dll
FormatMessageW
GetLastError
GetUserDefaultLCID
LoadLibraryW
GetProcAddress
LocalFree
VerSetConditionMask
FreeLibrary
VerifyVersionInfoW
CreateFileW
CloseHandle
GetModuleFileNameW
SetLastError
GlobalDeleteAtom
lstrlenW
GlobalAddAtomW
GlobalFindAtomW
KERNEL32.dll
GetForegroundWindow
MessageBoxW
USER32.dll
LookupAccountSidW
ConvertStringSidToSidW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
StringFromCLSID
CoCreateGuid
CoTaskMemFree
ole32.dll
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
VERSION.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
RaiseException
InterlockedFlushSList
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
GetACP
GetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
HeapReAlloc
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
DecodePointer
WriteConsoleW
GlobalAlloc
GlobalFree
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
.?AVbad_array_new_length@std@@
.?AVbad_exception@std@@
1YWe:
1YWe:
1YWe:
1YWe:
0k01YWeW0~0W0_0:
0k01YWeW0~0W0_0:
0k01YWeW0~0W0_0:
0k01YWeW0~0W0_0:
=Z?g?
8A9;:
99<.=6=m=t=
9 9$9(9,90949
.text
`.rdata
@.data
.rsrc
@.reloc
SVWUj
>`WixBroadcastSettingChange
failed to initialize WixBroadcastSettingChange
WixBroadcastEnvironmentChange
failed to initialize WixBroadcastEnvironmentChange
CommitCAScriptCleanup
Failed to initialize.
failed to get CustomActionData
failed to process CustomActionData
WixCheckRebootRequired
failed to initialize
Reboot required by deferred CustomAction.
Failed to schedule reboot.
Sending message to process id 0x%x
Result 0x%x
Failed to send message id: %u, error: 0x%x
CloseApps.cpp
Failed to create record for prompt.
Failed to set prompt record field string
Unexpected return value from prompt to continue.
Attempting to send process id 0x%x message id: %u
CloseApp enumeration error: 0x%x
Checking App: %ls
App: %ls found running, %d processes, attempting to send message.
App: %ls found running, %d processes, setting '%ls' property.
WixCloseApplications
failed to open view on WixCloseApplication table
failed to get id from WixCloseApplication table
failed to get condition from WixCloseApplication table
failed to process condition for WixCloseApplication '%ls'
failed to get target from WixCloseApplication table
failed to get description from WixCloseApplication table
failed to get attributes from WixCloseApplication table
failed to get property from WixCloseApplication table
failed to get timeout from WixCloseApplication table
Failure while prompting user to continue to close application.
failed to add target data to CustomActionData
failed to add attribute data to CustomActionData
failed to add timeout data to CustomActionData
failed while looping through all apps to close
failed to schedule WixCloseApplicationsDeferred action
WixCloseApplicationsDeferred
CustomActionData: %ls
failed to process target from CustomActionData
failed to process attributes from CustomActionData
failed to process timeout from CustomActionData
failed to process terminate exit code from CustomActionData
Checking for App: %ls Attributes: %d
App: %ls found running, requiring a reboot.
failed to send progress message
WixSchedInternetShortcuts
failed to initialize WixSchedInternetShortcuts.
WixInternetShortcut table doesn't exist, so there are no Internet shortcuts to process
failed to initialize COM
failed to create an instance of IUniformResourceLocatorW, skipping shortcut creation
failed to create an instance of IShellLinkW, skipping shortcut creation
failed to open view on WixInternetShortcut table
failed to get shortcut component
failed to get shortcut directory
failed to get shortcut filename
failed to get shortcut target
failed to get shortcut attributes
failed to get shortcut icon file
failed to get shortcut icon index
Skipping shortcut for null-action component '%ls'
Adding folder '%ls', component '%ls' to the CreateFolder table
Folder '%ls' already exists in the CreateFolder table; the above error is harmless
Couldn't add temporary CreateFolder row
failed to allocate string for shortcut directory
failed to allocate string for shortcut filename
failed to write shortcut path to custom action data
failed to write shortcut target to custom action data
failed to write shortcut attributes to custom action data
failed to write icon file to custom action data
failed to write icon index to custom action data
Failure occured while processing WixInternetShortcut table
failed to extend progress bar for InternetShortcuts
failed to set WixRollbackInternetShortcuts rollback custom action data
failed to set WixCreateInternetShortcuts custom action data
Creating IUniformResourceLocatorW shortcut '%ls' target '%ls'
failed to create an instance of IUniformResourceLocatorW
failed to set shortcut '%ls' target '%ls'
failed to get IPropertySetStorage for shortcut '%ls'
failed to open storage for shortcut '%ls'
failed to write icon storage for shortcut '%ls'
failed to commit icon storage for shortcut '%ls'
failed to get IPersistFile for shortcut '%ls'
failed to save shortcut '%ls'
Creating IShellLinkW shortcut '%ls' target '%ls'
failed to create an instance of IShellLinkW
failed to set icon for shortcut '%ls'
WixCreateInternetShortcuts
failed to initialize WixCreateInternetShortcuts
failed to read shortcut path from custom action data
failed to read shortcut target from custom action data
failed to read shortcut attributes from custom action data
failed to read shortcut icon path from custom action data
failed to read shortcut icon index from custom action data
failed to create Internet shortcut
failed to tick progress bar for shortcut: %ls
WixRemoveInternetShortcuts
failed to initialize WixRemoveInternetShortcuts
failed to read shortcut path from custom action data for rollback
failed to delete file '%ls'
failed to skip shortcut target from custom action data for rollback
WixQueryOsInfo
WixQueryOsInfo failed to initialize
WixQueryOsDirs
WixQueryOsDirs failed to initialize
Failed to get SID; skipping account %ls
osinfo.cpp
Failed to look up account for SID; skipping account %ls.
Failed to format property value
Failed write domain\name property
Failed write name-only property
WixQueryOsWellKnownSID
WixQueryOsWellKnownSID failed to initialize
Failed to the load the existing DirectX APIs.
Direct3DCreate9Ex
Unable to load Direct3DCreateEx function, so the driver is not a WDDM driver.
Failed write property
Failed to load the existing window manager APIs.
DwmIsCompositionEnabled
Unable to obtain function information, skipping Composition Enabled check.
Failed to retrieve Composition state
WixQueryOsDriverInfo
WixQueryOsDriverInfo failed to initialize
Failed to detect WIX_WDDM_DRIVER_PRESENT
Failed to detect WIX_DWM_COMPOSITION_ENABLED
CustomActionData
Failed to get CustomActionData
Failed to get %ls
Failed to set %ls
Failed to get command line data
Command string must begin with quoted application name.
invalid command line property value
Failed to get Command Line
QuietExec Failed
Failed to intialize WOW64.
Failed to enable filesystem redirection.
QuietExec64 Failed
CAQuietExec
Failed to initialize
Failed in ExecCommon method
CAQuietExec64
Failed in ExecCommon64 method
WixQuietExec
WixQuietExec64
WixSilentExec
WixSilentExec64
WixRegisterRestartResources
The RestartResource table does not exist; there are no resources to register with Restart Manager.
Failed to get the MsiRestartManagerSessionKey property.
Failed to get the MsiRestartManagerSessionKey string length.
The MsiRestartManagerSessionKey property is not available to join.
The Restart Manager is not supported on this platform. Skipping.
Failed to join the existing Restart Manager session %ls.
Failed to open a view on the RestartResource table.
Failed to get the RestartResource field value.
Failed to get the Component_ field value.
Failed to get the Resource formatted field value.
Failed to get the Attributes field value.
Skipping resource %ls.
Registering file name %ls with the Restart Manager.
Failed to register the file name with the Restart Manager session.
Registering process name %ls with the Restart Manager.
The process, %ls, could not be registered with the Restart Manager (probably because the setup is not elevated and the process is in another user context). A reboot may be requested later.
Failed to register the process name with the Restart Manager session.
Registering service name %ls with the Restart Manager.
Failed to register the service name with the Restart Manager session.
The resource type %d for %ls is not supported and will not be registered.
Failed while looping through all rows to register resources.
Failed to register the resources with the Restart Manager.
Failed to allocate file search string in path: %S
Search path not found: %ls
Failed to find all files in path: %S
Failed to concat filename '%S' to string: %S
Failed to recurse path: %S
Failed while looping through files in directory: %S
Failed to allocate Property for RemoveFile table with property: %S.
Failed to set Property: %S with path: %S
Failed to add row to remove all files for WixRemoveFolderEx row: %S under path:
Failed to add row to remove folder for WixRemoveFolderEx row: %S under path: %S
WixRemoveFoldersEx
Failed to initialize WixRemoveFoldersEx.
WixRemoveFolderEx table doesn't exist, so there are no folders to remove.
Failed to open view on WixRemoveFolderEx table
Failed to get remove folder identity.
Failed to get remove folder component.
Failed to get remove folder property.
Failed to get remove folder mode
Failed to resolve remove folder property: %S for row: %S
Missing folder property: %S for row: %S
Failed to expand path: %S for row: %S
Failed to backslash-terminate path: %S
Recursing path: %S for row: %S.
Failed while navigating path: %S for row: %S
Failure occured while processing WixRemoveFolderEx table
Unable to schedule rollback for object: %ls
secureobj.cpp
Unable to schedule rollback for object (failed to get security descriptor control): %ls
Unable to schedule rollback for object (failed to convert security descriptor to a valid security descriptor string): %ls
failed to add object data to rollback CustomActionData
failed to add table name to rollback CustomActionData
failed to add security info data to rollback CustomActionData
failed to add data to rollbackCustomActionData
failed to add data to rollback CustomActionData
failed to schedule ExecSecureObjectsRollback for item: %ls of type: %ls
unknown object type: %ls
failed to open ServiceInstall table to secure object
failed to open view on ServiceInstall table
failed to execute view on ServiceInstall table
failed to fetch ServiceInstall row for secure object
failed to get service name for secure object: %ls
failed to get target path for directory id: %ls
failed to create formatted string for securing file object: %ls
failed to get file path from formatted string: %ls for secure object: %ls
failed to open Registry table to secure object
failed to open view on Registry table
failed to execute view on Registry table
failed to fetch Registry row for secure object
Failed to get reg key root for secure object: %ls
Failed to get reg key for secure object: %ls
failed to get value of ALLUSERS property
failed to allocate target registry string with HKLM root
failed to allocate target registry string with HKCU root
failed to allocate target registry string with HKCR root
failed to allocate target registry string with HKU root
Unknown registry key root specified for secure object: '%ls' root: %d
Failed to concat key: %ls for secure object: %ls
Unknown secure object type: %d
SchedSecureObjects
SecureObjects table doesn't exist, so there are no objects to secure.
failed to open view on SecureObjects table
failed to get object table
unknown SecureObject.Table: %ls
failed to get Component attributes for secure object
failed to get name of object
failed to get target path of object '%ls'
failed to get Component name for secure object
failed to get install state for Component: %ls
failed to add data to CustomActionData
failed to get domain for user to configure object
failed to get user to configure object
failed to get permission to configure object
failed while looping through all objects to secure
failed to schedule ExecSecureObjects action
SchedSecureObjectsRollback
failed to get target path of object '%ls' in order to schedule rollback
Failed to store ACL rollback information with error 0x%x - continuing
failed while looping through all objects to schedule rollback for
ExecSecureObjects
failed to processCustomActionData
Securing Object: %ls Type: %ls User: %ls
failed to build domain user name
failed to get sid for account: %ls%ls%ls
failed to get security info for object: %ls
failed to get security descriptor control for object: %ls
failed to add ACLs for object: %ls
failed to set security info for object: %ls
ExecSecureObjectsRollback
failed to convert security descriptor string to a valid security descriptor
failed to get security descriptor's DACL - error code: %d
security descriptor does not contain a DACL
unrecognized value in CustomActionData
failed to set security info for object: %ls error code: %d
SchedServiceConfig
Failed to get encoding key.
Failed to add encoding key to CustomActionData.
Failed to open view on ServiceConfig table.
Failed to get component name
Failed to get install state for Component: %ls
Failed to get name of service.
Failed to add name to CustomActionData.
Failed to get ServiceConfig.NewService.
Failed to add NewService data to CustomActionData
failed to get first failure action type
failed to get second failure action type
failed to get third failure action type
failed to get reset period in days between service restart attempts.
failed to get server restart delay value.
failed to get command line to run on service failure.
failed to get message to send to users when server reboots due to service failure.
failed to schedule RollbackServiceConfig action
failed to schedule ExecServiceConfig action
ExecServiceConfig
Failed to get handle to SCM. Error: %ls
Failed due to unexpected CustomActionData passed.
Failed to read encoding key from CustomActionData.
Failed to open rollback CustomAction script.
Configuring Service: %ls
Failed to get service: %ls
serviceconfig.cpp
Failed to get current service config info.
failed to allocate memory for service failure actions.
failed to Query Service.
Failed to add service name to Rollback Log
failed to add data to Rollback CustomActionData
failed to query SFA object
Failed to configure service: %ls
RollbackServiceConfig
Failed to initialize 'RollbackServiceConfig'.
Getting handle to SCM reported success, but no handle was returned.
Failed to read rollback script into CustomAction data.
Reconfiguring Service: %ls
Failed to copy 'reboot' into action type.
Failed to copy 'restart' into action type.
Failed to copy 'runCommand' into action type.
Failed to copy 'none' into action type.
Service '%ls' does not exist on this system.
Failed to get handle to the service '%ls'. Error: %ls
Failed to get process token.
Failed to get shutdown privilege LUID.
Failed to allocate memory for empty previous privileges.
Failed to allocate memory for previous privileges.
WARNING: Service "%ls" is not configurable on this server and will not be set.
Cannot change service configuration. Error: %ls
failed to get directory for target: %ls
ShellExec failed with return code %llu.
WixShellExec
failed to get WixShellExecTarget
WixShellExecTarget is %ls
failed to launch target
There is no Binary table.
shellexecca.cpp
Binary ID cannot be null
Binary ID cannot be empty string
Failed to allocate Binary table query.
Failed to open view on Binary table
Failed to retrieve request from Binary table
Failed to read Binary.Data.
WixShellExecBinary
failed to get WixShellExecBinaryId
WixShellExecBinaryId is %ls
Failed to append filename.
failed to extract binary data
Failed to open new temp file: %ls
Failed to write data to new temp file: %ls
failed to launch target: %ls
WixWaitForEvent
Failed to create message window.
test.cpp
Failed to create the security descriptor for the events.
Failed to create the Global\WixWaitForEventFail event.
Failed to create the Global\WixWaitForEventSucceed event.
Unexpected failure.
Failed to create initialization event.
Failed to create the UI thread.
Failed to register window.
Failed to create window.
Unexpected return value from message pump.
Disallowed system request to shut down the custom action server.
XmlFile.cpp
failed to allocate memory for new xml file change list element
failed to open view on XmlFile table
failed to add xml file change to list
failed to get XmlFile record Id
failed to copy XmlFile record Id
failed to get component name for XmlFile: %ls
failed to get xml file for XmlFile: %ls
failed to copy xml file path
failed to get XmlFile flags for XmlFile: %ls
failed to get XPath for XmlFile: %ls
failed to get Name for XmlFile: %ls
failed to copy name of element
failed to get Value for XmlFile: %ls
failed to allocate buffer for value
failed to get component attributes for XmlFile: %ls
failed to write 64-bit file indicator to custom action data
failed to write file indicator to custom action data
failed to write XPath selectionlanguage indicator to custom action data
failed to write XSLPattern selectionlanguage indicator to custom action data
failed to write file to custom action data: %ls
failed to read file: %ls
failed to write component bitness to rollback custom action data
failed to write file name to rollback custom action data: %ls
failed to write file contents to rollback custom action data.
failed to schedule ExecXmlFileRollback for file: %ls
failed to write ElementPath to custom action data: %ls
failed to write Name to custom action data: %ls
failed to write Value to custom action data: %ls
SchedXmlFile
Skipping SchedXmlFile because XmlFile table not present
failed to read XmlFile table
failed to begin file change for file: %ls
failed to write delete element action indicator to custom action data
failed to write delete value action indicator to custom action data
failed to write Preserve Date indicator to custom action data
failed to write Don't Preserve Date indicator to custom action data
failed to write uninstall change data
failed to copy file name
failed to write create element action indicator to custom action data
failed to write builkwrite value action indicator to custom action data
failed to write change data
failed to schedule ExecXmlFile action
failed SysAllocString
ExecXmlFile
failed to initialize xml utilities
invalid custom action data
failed to read file name from custom action data
Custom action was told to act on a 64-bit component, but the custom action process is not running in WOW.
Custom action was told to act on a 64-bit component, but was unable to disable filesystem redirection through the Wow64 API.
Configuring Xml File: %ls
failed in querying IXMLDOMDocument2 interface
failed in setting SelectionLanguage
Error: current MSXML version does not support xpath query.
failed to load XML file: %ls
failed to find any nodes: %ls in XML file: %ls
failed to set attribute: %ls to value %ls
failed to set text to: %ls for element %ls. Make sure that XPath points to an element.
failed to find node: %ls in XML file: %ls
failed to create child element: %ls
failed to set text to: %ls for node: %ls
failed to remove attribute: %ls
failed to clear text value
failed to delete child node: %ls
Invalid modification specified in custom action data
failed to get modified time of file : %ls
Failed to save changes to XML file: %ls
Unable to save changes to XML file: %ls, retry attempt: %x
failed to set modified time of file : %ls
ExecXmlFileRollback
failed to read component bitness from custom action data
failed to read file contents from custom action data
failed to initialize Wow64 API
Custom action was told to rollback a 64-bit component, but the custom action process is not running in WOW.
Custom action was told to rollback a 64-bit component, but was unable to Disable Filesystem Redirection through the Wow64 API.
Failed to get modified date of file %ls.
failed to open file: %ls
failed to write to file: %ls
Failed to set modified date of file %ls.
failed to free xml file element path in change list item
failed to free xml file verify path in change list item
failed to free xml file value in change list item
failed to free xml file change list item
XmlConfig.cpp
failed to open view on XmlConfig table
failed to get XmlConfig record Id
failed to copy XmlConfig record Id
failed to get component name for XmlConfig: %ls
failed to copy component id
failed to get install state for component id
failed to get xml file for XmlConfig: %ls
failed to get XmlConfig flags for XmlConfig: %ls
failed to get Element Path for XmlConfig: %ls
failed to get Verify Path for XmlConfig: %ls
failed to get Name for XmlConfig: %ls
failed to get Value for XmlConfig: %ls
failed to get component attributes for XmlConfig: %ls
failed to schedule ExecXmlConfigRollback for file: %ls
failed to write VerifyPath to custom action data: %ls
failed to write additional changes value to custom action data
SchedXmlConfig
failed to read XmlConfig table
failed to process XmlConfig changes
Invalid flag configuration. Cannot delete a fragment node.
failed to write action indicator custom action data
failed to schedule ExecXmlConfig action
ExecXmlConfig
failed to query verify path: %ls
Failed to load value as document.
Failed to get document element.
Failed to append document element on to parent element.
failed to remove created child element
Failed to select path %ls for deleting. Skipping...
No VerifyPath specified for delete element of ID: %ls
ExecXmlConfigRollback
Custom action was told to rollback a 64-bit component, but the Wow64 API is unavailable.
strutil.cpp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
memutil.cpp
procutil.cpp
IsWow64Process
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
proc2utl.cpp
fileutil.cpp
aclutil.cpp
rmutil.cpp
RmJoinSession
RmRegisterResources
RmEndSession
pathutil.cpp
xmlutil.cpp
kernel32.dll
Wow64EnableWow64FsRedirection
Failed to copy CustomAction log name: %s
Failed to set verbose logging global atom
wcautil.cpp
Failed to get module filename
Entering %s in %ls, version %u.%u.%u.%u
LOGVERBOSE
failed to get MsiLogging property
wcalog.cpp
Failed to create WcaVerboseLogging global atom.
Failed to delete WcaVerboseLogging global atom.
Failed to create WcaNotVerboseLogging global atom.
Failed to delete WcaNotVerboseLogging global atom.
%s: %s
Error 0x%x: %s
failed to create record when sending error message
failed to set error code into error message
failed to set hresult code into error message
failed to set string string into error message
failed to tell Darwin to use explicit progress messages
wcawrap.cpp
failed to open view on database with SQL: %ls
failed to execute view
failed to open view on database
failed to fetch record from view
failed to fetch single record from view
Failed to allocate string for Property '%ls'
Failed to get previous size of property data string.
Failed to get data for property '%ls'
failed to get %ls
failed to get formatted value for property: '%ls' with value: '%ls'
Failed to set record field 0 with '%ls'
Failed to allocate string for formatted string: '%ls'
Failed to get previous size of property data string
Failed to get formatted string: '%ls'
Failed to allocate string for target path of folder: '%ls'
Failed to get previous size of string
Failed to get target path for folder '%ls'
failed to set property: %ls
failed to convert into string property value: %d
Failed to allocate memory for record string
Failed to get string from record
failed to get string from record
Failed to create record to format string
failed to set string to format record
failed to get max length of string
Failed to format string
Failed to allocate string
failed to get size of stream
failed to allocate data for stream
failed to read from stream
failed to set string in record
Failed to set CustomActionData for deferred action
Failed MsiDoAction on deferred action
failed to allocate memory for string
failed to decode string into stream
failed to get length of custom action data
Failed to allocate memory for CustomActionData string
Failed to concatenate CustomActionData string
failed to encode data into string
failed to allocate string for query
failed to openexecute temp view with query %ls
failed to columns for table: %ls
could not create temp record for table: %ls
failed to get the data type for %d
failed to allocate string for unique column: %d
failed to set string value at position %d
failed to set integer value at position %d
unsupported data type '%ls' in column: %d
failed to add temporary row, dberr: %d, err: %ls
Failed to create WcaDeferredActionRequiresReboot global atom.
Failed to create script key.
Failed to calculate script file name.
wcascript.cpp
Failed to open CaScript: %ls
Failed to seek to end of file.
Failed to allocate space for cascript handle.
Failed to get size of ca script file.
Invalid data read from ca script.
Failed to allocate memory to read in ca script.
Failed to reset to beginning of ca script.
Failed to read from ca script.
Failed to completely read ca script.
Failed to copy ca script.
Failed to move file pointer to end of file.
Failed to write data to ca script.
Failed to convert number into string.
Failed to write number to script.
Failed to get temp path.
Failed to get windows path.
Failed to concat Installer directory on windows path string.
Failed to allocate wildcard path to ca scripts.
Failed to find files with pattern: %ls
Failed to clean up CAScript file: %ls, er: %d
Failed to allocate path to clean up CAScript file: %ls, hr: 0x%x
Failed to get ProductCode.
Failed to allocate path to ca script.
qtexec.cpp
Failed to create output pipe
Failed to create input pipe
Failed to duplicate write handle
Failed to duplicate output pipe
Failed to duplicate input pipe
Failed to allocate buffer for output.
Failed to read from handle.
Failed to concatenate output strings
Failed to allocate output string
Failed to allocate copy of string
Failed to escape percent signs in string
Failed to convert output to ANSI
Failed to create output pipes
Command failed to execute.
Command line returned an error.
wcawow64.cpp
failed to get handle to kernel32.dll
Failed to disable WOW64.
Failed to revert WOW64.
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`RTTI
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
operator co_await
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
`h````
(null)
CorExitProcess
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
March
April
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
e+000
GetCurrentPackageId
LCMapStringEx
LocaleNameToLCID
1#INF
1#QNAN
1#SNAN
1#IND
log10
log10
BC .=
"B <1=
#.X'=
?tanh
atan2
floor
ldexp
_cabs
_hypot
frexp
_logb
_nextafter
C:\agent\_work\8\s\build\ship\x86\wixca.pdb
.text$di
.text$mn
.idata$5
.00cfg
.CRT$XCA
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.edata
.idata$2
.idata$3
.idata$4
.idata$6
.data
.rsrc$01
.rsrc$02
wixca.dll
CAQuietExec64
CAQuietExec
CommitCAScriptCleanup
ExecSecureObjects
ExecSecureObjectsRollback
ExecServiceConfig
ExecXmlConfig
ExecXmlConfigRollback
ExecXmlFile
ExecXmlFileRollback
RollbackServiceConfig
SchedSecureObjects
SchedSecureObjectsRollback
SchedServiceConfig
SchedXmlConfig
SchedXmlFile
WixBroadcastEnvironmentChange
WixBroadcastSettingChange
WixCheckRebootRequired
WixCloseApplications
WixCloseApplicationsDeferred
WixCreateInternetShortcuts
WixExitEarlyWithSuccess
WixFailWhenDeferred
WixQueryOsDirs
WixQueryOsDriverInfo
WixQueryOsInfo
WixQueryOsWellKnownSID
WixQuietExec64
WixQuietExec
WixRegisterRestartResources
WixRemoveFoldersEx
WixRollbackInternetShortcuts
WixSchedInternetShortcuts
WixShellExec
WixShellExecBinary
WixSilentExec64
WixSilentExec
WixWaitForEvent
msi.dll
LookupAccountSidW
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
BuildTrusteeWithSidW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
ChangeServiceConfig2W
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceConfig2W
RegCloseKey
RegOpenKeyExW
GetTokenInformation
CreateWellKnownSid
LookupAccountNameW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
ADVAPI32.dll
SendMessageTimeoutW
EnumWindows
GetWindowThreadProcessId
GetSystemMetrics
GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
DefWindowProcW
PostQuitMessage
RegisterClassW
UnregisterClassW
CreateWindowExW
IsWindow
IsDialogMessageW
USER32.dll
OLEAUT32.dll
SHGetFolderPathW
ShellExecuteW
SHELL32.dll
CoInitialize
CoUninitialize
CoCreateInstance
CLSIDFromProgID
ole32.dll
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
VERSION.dll
OpenProcess
TerminateProcess
GetLastError
SetLastError
CloseHandle
FreeLibrary
GetProcAddress
LocalFree
GetVersionExW
FindClose
FindFirstFileW
FindNextFileW
lstrcmpW
GetCurrentProcess
FormatMessageW
lstrcmpiW
WriteFile
GetTempPathW
CreateFileW
CreateThread
SetEvent
WaitForMultipleObjects
CreateEventW
Sleep
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
GetCurrentProcessId
SetFilePointer
LoadLibraryW
GetModuleFileNameA
GetSystemDirectoryW
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetExitCodeProcess
WaitForSingleObject
DuplicateHandle
CreatePipe
GetModuleHandleW
CreateProcessW
GetPriorityClass
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GlobalAlloc
GlobalFree
GetFileSizeEx
ReadFile
SetFilePointerEx
GetFileTime
SetFileTime
ExpandEnvironmentStringsW
GetFullPathNameW
SetFileAttributesW
DeleteFileW
InterlockedIncrement
InterlockedDecrement
GetProcessTimes
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetModuleFileNameW
GetFileAttributesW
ExitProcess
GetModuleHandleA
GlobalDeleteAtom
GlobalAddAtomW
GlobalFindAtomW
GetTickCount
FlushFileBuffers
GetWindowsDirectoryW
KERNEL32.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedFlushSList
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleHandleExW
GetStringTypeW
GetACP
GetStdHandle
GetFileType
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetConsoleCP
GetConsoleMode
DecodePointer
WriteConsoleW
RaiseException
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<5=h>`?w?
>!>8>
?$?.?y?
?+???E?
: :$:(:,:0:4:8:<:@:D:H:L:P:T:4?8?<?@?
I|=Qt
=DXD
is set. The default is "ALL".ActionPropertyThe property to set when a product in this set is found.CA_RefreshIEPolicy![CDATA[Refreshing IE Elevation Policies]]ExecSecureObjects_64![CDATA[Configuring Secure Objects]]ExecSecureObjectsCostInitializeFileCostCostFinalizeInstallValidateInstallInitializeInstallAdminPackageInstallFilesInstallFinalizeExecuteActionPublishFeaturesPublishProductBinary_LCCSetupWixCAComponent_ACLs{895CAD90-E332-47F9-BCDB-7726B02BEAD5}INSTALLDIR(VersionNT >= 602)Component_PluginHost_exe{E1AF292B-979E-490F-9474-F35EB04E6457}PluginHost.exeComponent_GatewayActiveX_dll{FF41CC9B-0441-4F22-82B3-35861613EC9E}GatewayActiveX.dllComponent_GatewayActiveX_x64_dll{D792D90D-55C2-4893-A93D-753A3E95D63F}VersionNT64GatewayActiveX_x64.dllComponent_GatewayNpapi_dll{6C51290F-7586-4141-9NameTableTypeColumnIdentifier_ValidationValueNPropertyId_SummaryInformationDescriptionSetCategoryKeyTableMaxValueNullableKeyColumnMinValueName of tableName of columnY;NWhether the column is nullableYMinimum value allowedMaximum value allowedFor foreign key, Name of table to which data must linkColumn to which foreign key connectsText;Formatted;Template;Condition;Guid;Path;Version;Language;Identifier;Binary;UpperCase;LowerCase;Filename;Paths;AnyPath;WildCardFilename;RegPath;CustomSource;Property;Cabinet;Shortcut;FormattedSDDLText;Integer;DoubleInteger;TimeDate;DefaultDirString categoryTextSet of values that are permittedDescription of columnActionTextActionName of action to be described.Localized description displayed in progress dialog and log when action is executing.TemplateOptional localized format template used to format action data records for display during action execution.AdminExecuteSequenceName of action to invoke, either in the engine or the handler DLL.ConditionOptional expression which skips the action if evaluates to expFalse.If the expression syntax is invalid, the engine will terminate, returning iesBadActionData.SequenceNumber that determines the sort order in which the actions are to be executed. Leave blank to suppress action.AdminUISequenceAdvtExecuteSequenceBinaryUnique key identifying the binary data.DataThe unformatted binary data.ComponentPrimary key used to identify a particular component record.ComponentIdGuidA string GUID unique to this component, version, and language.Directory_DirectoryRequired key of a Directory table record. This is actually a property name whose value contains the actual path, set either by the AppSearch action or with the default setting obtained from the Directory table.AttributesRemote execution option, one of irsEnumA conditional statement that will disable this component if the specified condition evaluates to the 'True' state. If a component is disabled, it will not be installed, regardless of the 'Action' state associated with the component.KeyPathFile;Registry;ODBCDataSourceEither the primary key into the File table, Registry table, or ODBCDataSource table. This extract path is stored when the component is installed, and is used to detect the presence of the component and to return the path to it.CreateFolderPrimary key, could be foreign key into the Directory table.Component_Foreign key into the Component table.CustomActionPrimary key, name of action, normally appears in sequence table unless private use.The numeric custom action type, consisting of source location, code type, entry, option flags.SourceCustomSourceThe table reference of the source of the code.TargetFormattedExcecution parameter, depends on the type of custom actionExtendedTypeA numeric custom action type that extends code type or option flags of the Type column.Unique identifier for directory entry, primary key. If a property by this name is defined, it contains the full path to the directory.Directory_ParentReference to the entry in this table specifying the default parent directory. A record parented to itself or with a Null parent represents a root of the install tree.DefaultDirThe default sub-path under parent's path.ErrorInteger error number, obtained from header file IError(...) macros.MessageError formatting template, obtained from user ed. or localizers.FeaturePrimary key used to identify a particular feature record.Feature_ParentOptional key of a parent record in the same table. If the parent is not selected, then the record will not be installed. Null indicates a root item.TitleShort text identifying a visible feature item.Longer descriptive text describing a visible feature item.DisplayNumeric sort order, used to force a specific display ordering.LevelThe install level at which record will be initially selected. An install level of 0 will disable an item and prevent its display.UpperCaseThe name of the Directory that can be configured by the UI. A non-null value will enable the browse button.0;1;2;4;5;6;8;9;10;16;17;18;20;21;22;24;25;26;32;33;34;36;37;38;48;49;50;52;53;54Feature attribeg22D303AB94A213A5D66286C4A5C51C08reg9127C271790F772AA631F0C3596D8B93reg2C428661C2138FDB3D9BFD3D25621158reg1C6697A98065964D01D32E85847DAF82reg7080028A1A09BC52A45643FABF9510FDSoftware\Classes\Interface\{98A06566-A85A-4928-9AD4-456C0FDFD3CB}IVersionQueryreg15FD354DC1F70985242A3AE6AA0B8A13Software\Classes\Interface\{98A06566-A85A-4928-9AD4-456C0FDFD3CB}\ProxyStubClsid32regBE6E892470AB43FCDBD2BB1708576D75Software\Classes\Interface\{98A06566-A85A-4928-9AD4-456C0FDFD3CB}\TypeLibregAB5C257B68D24A67D442C7DEC9EF7AA1Software\Classes\TypeLib\{7FEEA833-A3B2-4623-A077-F56E9F9688A8}\1.0VersionCheckerLibregE71A18D74B1AA7D843885F6736515835Software\Classes\TypeLib\{7FEEA833-A3B2-4623-A077-F56E9F9688A8}\1.0\0\win32reg7A56F1C83A1FB984B9FE67437B6AFE75Software\Classes\TypeLib\{7FEEA833-A3B2-4623-A077-F56E9F9688A8}\1.0\0\win64Software\Classes\MIME\Database\Content Type\application/x-skypeforbusiness-version-16.2Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB7F3505-43FF-4ECE-B60F-A164A832AE46}AppNameregF6E5FD566564368CE47D5E7DAA75F7F8AppPathreg7C4A82053AFEE8B1E118277ACA82DE9APolicy#3Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AEBC497A-8937-4C44-8B8F-FDF4EF81E631}GatewayVersion-x64.exereg1D8562BE57B903A3948B5F2CE3E264A8regF31BA3ED0B2E1A8B72912DED893D69A4Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C48E95B3-4931-4E6B-A600-CD53B16E3511}reg06C5DE18737C24E71DDE3EC38E2FA864reg3B46CCD03947558F222D81BF1B480BECSoftware\MozillaPlugins\SkypeForBusinessPlugin-16.2Path[INSTALLDIR]npGatewayNpapi.dllreg0968A810D1AD7E9239FBA3F74F7AF198reg7EE298E001A291A3FE864B5C8C55E199reg83BC35CA996A25105C4925BE3C761EC3VendorregB80ACD514A05D9D68656F8296B5739C8reg0A73CEAD2D85E7D55C64B118E953C397Software\MozillaPlugins\SkypeForBusinessPlugin-16.2\MimeTypes\application/x-skypeforbusiness-plugin-16.2Software\MozillaPlugins\SkypeForBusinessPlugin64-16.2[INSTALLDIR]npGatewayNpapi-x64.dllreg2DC9D50837490F4E41741617469E417Ereg716DDA00751EC8F66EC819D8E0C6302FregEB653DE09ACD88E75564ACCD6CD97AB6reg045CF90B3F16FF379E187014C9088270regE82446CB030D8ECC7673E374864CADFFSoftware\MozillaPlugins\SkypeForBusinessPlugin64-16.2\MimeTypes\application/x-skypeforbusiness-plugin-16.2Software\Classes\sfbURL:sfbreg7C3AD472345BCE323FFFCF9E834A5D3AURL ProtocolregE37A478F66922A37588A273942B915A7Software\Classes\sfb\shell\open\command[INSTALLDIR]Skype Meetings App.exe %1Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERINGSkype Meetings App.exe#1reg90A13C49F1EE7BBA8923F61F383C9F53Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER#10reg17EF06842640A25047B7B463659985BESoftware\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVERSoftware\Microsoft\Internet Explorer\ProtocolExecute\sfbWarnOnOpen#0regCEE6204D0EACF91B0D0FF0825EEDE4F4-regD1ADAB1064441CFE2789B4F38B7BAF40reg7C29FA94C4ECD9C8B2E8CD3F406FF12BSoftware\Microsoft\Windows\CurrentVersion\Ext\Settings\{3E3AD4BD-346A-460A-80E8-90699B75C00B}reg0DCE2A3CE0384790D7566D6E89D754C2regAAFE73FB28F9EAF9F2F0BAF3833B0281regFC8EC093FF332C45C3808F3E05B58018Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE2EC208-BECF-4E83-8BF4-E35DBA4EB6A1}regC67C7B70C002EAFA90E003E306FABFF3[LOCAL_MACHINE_NAME][ALL_APP_PKGS_NAME]WIX_UPGRADE_DETECTED
Root Entry
SummaryInformation
Software\Policies\Microsoft\Windows\Installer
Logging
MsiLogging
WcaVerboseLogging
.WcaNotVerboseLogging
advapi32
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-synch-l1-2-0
kernel32
(null)
mscoree.dll
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
March
April
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
en-US
api-ms-win-appmodel-runtime-l1-1-1
api-ms-win-core-datetime-l1-1-1
api-ms-win-core-file-l2-1-1
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-kernel32-package-current-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
user32
ja-JP
zh-CN
ko-KR
zh-TW
zh-CHS
ar-SA
bg-BG
ca-ES
cs-CZ
da-DK
de-DE
el-GR
fi-FI
fr-FR
he-IL
hu-HU
is-IS
it-IT
nl-NL
nb-NO
pl-PL
pt-BR
ro-RO
ru-RU
hr-HR
sk-SK
sq-AL
sv-SE
th-TH
tr-TR
ur-PK
id-ID
uk-UA
be-BY
sl-SI
et-EE
lv-LV
lt-LT
fa-IR
vi-VN
hy-AM
az-AZ-Latn
eu-ES
mk-MK
tn-ZA
xh-ZA
zu-ZA
af-ZA
ka-GE
fo-FO
hi-IN
mt-MT
se-NO
ms-MY
kk-KZ
ky-KG
sw-KE
uz-UZ-Latn
tt-RU
bn-IN
pa-IN
gu-IN
ta-IN
te-IN
kn-IN
ml-IN
mr-IN
sa-IN
mn-MN
cy-GB
gl-ES
kok-IN
syr-SY
div-MV
quz-BO
ns-ZA
mi-NZ
ar-IQ
de-CH
en-GB
es-MX
fr-BE
it-CH
nl-BE
nn-NO
pt-PT
sr-SP-Latn
sv-FI
az-AZ-Cyrl
se-SE
ms-BN
uz-UZ-Cyrl
quz-EC
ar-EG
zh-HK
de-AT
en-AU
es-ES
fr-CA
sr-SP-Cyrl
se-FI
quz-PE
ar-LY
zh-SG
de-LU
en-CA
es-GT
fr-CH
hr-BA
smj-NO
ar-DZ
zh-MO
de-LI
en-NZ
es-CR
fr-LU
bs-BA-Latn
smj-SE
ar-MA
en-IE
es-PA
fr-MC
sr-BA-Latn
sma-NO
ar-TN
en-ZA
es-DO
sr-BA-Cyrl
sma-SE
ar-OM
en-JM
es-VE
sms-FI
ar-YE
en-CB
es-CO
smn-FI
ar-SY
en-BZ
es-PE
ar-JO
en-TT
es-AR
ar-LB
en-ZW
es-EC
ar-KW
en-PH
es-CL
ar-AE
es-UY
ar-BH
es-PY
ar-QA
es-BO
es-SV
es-HN
es-NI
es-PR
zh-CHT
af-za
ar-ae
ar-bh
ar-dz
ar-eg
ar-iq
ar-jo
ar-kw
ar-lb
ar-ly
ar-ma
ar-om
ar-qa
ar-sa
ar-sy
ar-tn
ar-ye
az-az-cyrl
az-az-latn
be-by
bg-bg
bn-in
bs-ba-latn
ca-es
cs-cz
cy-gb
da-dk
de-at
de-ch
de-de
de-li
de-lu
div-mv
el-gr
en-au
en-bz
en-ca
en-cb
en-gb
en-ie
en-jm
en-nz
en-ph
en-tt
en-us
en-za
en-zw
es-ar
es-bo
es-cl
es-co
es-cr
es-do
es-ec
es-es
es-gt
es-hn
es-mx
es-ni
es-pa
es-pe
es-pr
es-py
es-sv
es-uy
es-ve
et-ee
eu-es
fa-ir
fi-fi
fo-fo
fr-be
fr-ca
fr-ch
fr-fr
fr-lu
fr-mc
gl-es
gu-in
he-il
hi-in
hr-ba
hr-hr
hu-hu
hy-am
id-id
is-is
it-ch
it-it
ja-jp
ka-ge
kk-kz
kn-in
kok-in
ko-kr
ky-kg
lt-lt
lv-lv
mi-nz
mk-mk
ml-in
mn-mn
mr-in
ms-bn
ms-my
mt-mt
nb-no
nl-be
nl-nl
nn-no
ns-za
pa-in
pl-pl
pt-br
pt-pt
quz-bo
quz-ec
quz-pe
ro-ro
ru-ru
sa-in
se-fi
se-no
se-se
sk-sk
sl-si
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sq-al
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
sv-fi
sv-se
sw-ke
syr-sy
ta-in
te-in
th-th
tn-za
tr-tr
tt-ru
uk-ua
ur-pk
uz-uz-cyrl
uz-uz-latn
vi-vn
xh-za
zh-chs
zh-cht
zh-cn
zh-hk
zh-mo
zh-sg
zh-tw
zu-za
CONOUT$
p!%'()*+,-./0123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_abcdefghijklmnopqrstuvwxyz{|}~
ieframe.dll
TRANSLATE_SID
TRANSLATE_SID_PROPERTY
UILevel
MsiUIProgressOnly
INSTALLER_TYPE
SFB_VISTA
SKYPE
ALLUSERS
IGNORE_ALLUSERS
.Server
Client
>=Win8.1
Win8.0
Win7SP1
Win7
VistaSP2
VistaSP1
Vista
XPSP3
XPSP2
XPSP1
TelemetryId
Unknown
OriginalDatabase
ProductVersion
"status":"
"newState":"",
"oldState":"",
"swaSubEvent":"",
"swaEvent":"ShellAppInstallation",
"swaStateChangeEventInfo":{
"meetingCategory":1,
"poolURL":"
"telemetryId":"
{"userUri":"ShellAppInstallation", "sip":"", "correlationId":"
Content-Type:application/json; charset=utf-8
meet.skype.com
/j/v1/swaAttendeeState
SkypeMeetingsApp MSI Telemetry
ProductCode
InstallLocation
ARPINSTALLLOCATION
eSELECT FileName, Directory_ FROM File, Component WHERE Component_ = Component
SOFTWARE\Microsoft\Windows NT\CurrentVersion
CurrentMajorVersionNumber
IS_WINDOWS10_OR_GREATER
start
Cancel
Error
Success
VS_VERSION_INFO
StringFileInfo
040904E4
CompanyName
Microsoft Corporation
FileDescription
SetupActions
FileVersion
16.2.0.511
LegalCopyright
2018 Microsoft Corporation. All rights reserved.
InternalName
SetupActions.dll
OriginalFilename
SetupActions.dll
ProductName
SetupActions
ProductVersion
16.2.0.511
VarFileInfo
Translation
Environment
CustomActionData
SELECT `WixCloseApplication`, `Target`, `Description`, `Condition`, `Attributes`, `Property`, `TerminateExitCode`, `Timeout` FROM `WixCloseApplication` ORDER BY `Sequence`
WixCloseApplicationsDeferred
eSELECT `Component_`, `Directory_`, `Name`, `Target`, `Attributes`, `IconFile`, `IconIndex` FROM `WixInternetShortcut`
.WixInternetShortcut
CreateFolder
sWixRollbackInternetShortcuts
WixCreateInternetShortcuts
eWIX_SUITE_SMALLBUSINESS
WIX_SUITE_ENTERPRISE
WIX_SUITE_BACKOFFICE
WIX_SUITE_COMMUNICATIONS
WIX_SUITE_TERMINAL
WIX_SUITE_SMALLBUSINESS_RESTRICTED
WIX_SUITE_EMBEDDEDNT
WIX_SUITE_DATACENTER
WIX_SUITE_SINGLEUSERTS
WIX_SUITE_PERSONAL
WIX_SUITE_BLADE
WIX_SUITE_EMBEDDED_RESTRICTED
WIX_SUITE_SECURITY_APPLIANCE
WIX_SUITE_STORAGE_SERVER
WIX_SUITE_COMPUTE_SERVER
WIX_SUITE_WH_SERVER
WIX_SUITE_SERVERR2
WIX_SUITE_MEDIACENTER
WIX_SUITE_STARTER
WIX_SUITE_TABLETPC
eWIX_DIR_ADMINTOOLS
WIX_DIR_ALTSTARTUP
WIX_DIR_CDBURN_AREA
WIX_DIR_COMMON_ADMINTOOLS
WIX_DIR_COMMON_ALTSTARTUP
WIX_DIR_COMMON_DOCUMENTS
WIX_DIR_COMMON_FAVORITES
WIX_DIR_COMMON_MUSIC
WIX_DIR_COMMON_PICTURES
WIX_DIR_COMMON_VIDEO
WIX_DIR_COOKIES
WIX_DIR_DESKTOP
WIX_DIR_HISTORY
WIX_DIR_INTERNET_CACHE
WIX_DIR_MYMUSIC
WIX_DIR_MYPICTURES
WIX_DIR_MYVIDEO
WIX_DIR_NETHOOD
WIX_DIR_PERSONAL
WIX_DIR_PRINTHOOD
WIX_DIR_PROFILE
WIX_DIR_RECENT
WIX_DIR_RESOURCES
%s\%s
eWIX_ACCOUNT_LOCALSYSTEM
WIX_ACCOUNT_LOCALSERVICE
WIX_ACCOUNT_NETWORKSERVICE
WIX_ACCOUNT_ADMINISTRATORS
WIX_ACCOUNT_USERS
WIX_ACCOUNT_GUESTS
WIX_ACCOUNT_PERFLOGUSERS
WIX_ACCOUNT_PERFLOGUSERS_NODOMAIN
d3d9.dll
WIX_WDDM_DRIVER_PRESENT
dwmapi.dll
WIX_DWM_COMPOSITION_ENABLED
QtExecCmdTimeout
QtExecCmdLine
QtExec64CmdLine
WixQuietExecCmdLine
WixQuietExec64CmdLine
WixQuietExecCmdTimeout
WixQuietExec64CmdTimeout
WixSilentExecCmdLine
WixSilentExec64CmdLine
WixSilentExecCmdTimeout
WixSilentExec64CmdTimeout
4SELECT `WixRestartResource`.`WixRestartResource`, `WixRestartResource`.`Component_`, `WixRestartResource`.`Resource`, `WixRestartResource`.`Attributes` FROM `WixRestartResource`
sWixRestartResource
MsiRestartManagerSessionKey
SELECT `WixRemoveFolderEx`, `Component_`, `Property`, `InstallMode` FROM `WixRemoveFolderEx`
%s%s\
S_%s_%u
RfxFiles
RemoveFile
:RfxFolder
WixRemoveFolderEx
SELECT `SecureObjects`.`SecureObject`, `SecureObjects`.`Table`, `SecureObjects`.`Domain`, `SecureObjects`.`User`, `SecureObjects`.`Permission`, `SecureObjects`.`Component_`, `Component`.`Attributes` FROM `SecureObjects`,`Component` WHERE `SecureObjects`.`Component_`=`Component`.`Component`
SELECT `Registry`.`Registry`, `Registry`.`Root`, `Registry`.`Key` FROM `Registry` WHERE `Registry`.`Registry`=?
SELECT `ServiceInstall`.`Name` FROM `ServiceInstall` WHERE `ServiceInstall`.`ServiceInstall`=?
ServiceInstall
Registry
aExecSecureObjectsRollback
s[#%s]
ALLUSERS
MACHINE\
CURRENT_USER\
CLASSES_ROOT\
USERS\
SecureObjects
ExecSecureObjects
Everyone
Administrators
LocalSystem
LocalService
NetworkService
AuthenticatedUser
Guests
CREATOR OWNER
INTERACTIVE
Users
%s%s%s
SELECT `ServiceName`, `Component_`, `NewService`, `FirstFailureActionType`, `SecondFailureActionType`, `ThirdFailureActionType`, `ResetPeriodInDays`, `RestartServiceDelayInSeconds`, `ProgramCommandLine`, `RebootMessage` FROM `ServiceConfig`
reboot
restart
runCommand
RollbackServiceConfig
nExecServiceConfig
SeShutdownPrivilege
WixShellExecTarget
tBinary
SELECT `Data` FROM `Binary` WHERE `Name`='%s'
WixShellExecBinaryId
D:(A;;GA;;;WD)
D:(A;;GA;;;WD)S:(ML;;NW;;;ME)
Global\WixWaitForEventFail
Global\WixWaitForEventSucceed
.WixCaMessageWindow
SELECT `XmlFile`.`XmlFile`, `XmlFile`.`File`, `XmlFile`.`ElementPath`, `XmlFile`.`Name`, `XmlFile`.`Value`, `XmlFile`.`Flags`, `XmlFile`.`Component_`, `Component`.`Attributes` FROM `XmlFile`,`Component` WHERE `XmlFile`.`Component_`=`Component`.`Component` ORDER BY `File`, `Sequence`
XmlFile
ExecXmlFileRollback
aExecXmlFile
SelectionLanguage
XPath
SELECT `XmlConfig`.`XmlConfig`, `XmlConfig`.`File`, `XmlConfig`.`ElementPath`, `XmlConfig`.`VerifyPath`, `XmlConfig`.`Name`, `XmlConfig`.`Value`, `XmlConfig`.`Flags`, `XmlConfig`.`Component_`, `Component`.`Attributes` FROM `XmlConfig`,`Component` WHERE `XmlConfig`.`Component_`=`Component`.`Component` ORDER BY `File`, `Sequence`
ExecXmlConfigRollback
aExecXmlConfig
p!%'()*+,-./0123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_abcdefghijklmnopqrstuvwxyz{|}~
kernel32
SeDebugPrivilege
rstrtmgr.dll
\\?\UNC
Msxml2.DOMDocument
MSXML.DOMDocument
uSoftware\Policies\Microsoft\Windows\Installer
Logging
MsiLogging
WcaVerboseLogging
.WcaNotVerboseLogging
SELECT * FROM `%s`
sWcaDeferredActionRequiresReboot
.\Installer\
%swix%s.*.???
ProductCode
%swix%s.%s.%c%c%c
.kernel32.dll
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-synch-l1-2-0
api-ms-
ext-ms-
(null)
mscoree.dll
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
March
April
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
en-US
api-ms-win-appmodel-runtime-l1-1-1
api-ms-win-core-datetime-l1-1-1
api-ms-win-core-file-l2-1-1
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-kernel32-package-current-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
advapi32
user32
ja-JP
zh-CN
ko-KR
zh-TW
zh-CHS
ar-SA
bg-BG
ca-ES
cs-CZ
da-DK
de-DE
el-GR
fi-FI
fr-FR
he-IL
hu-HU
is-IS
it-IT
nl-NL
nb-NO
pl-PL
pt-BR
ro-RO
ru-RU
hr-HR
sk-SK
sq-AL
sv-SE
th-TH
tr-TR
ur-PK
id-ID
uk-UA
be-BY
sl-SI
et-EE
lv-LV
lt-LT
fa-IR
vi-VN
hy-AM
az-AZ-Latn
eu-ES
mk-MK
tn-ZA
xh-ZA
zu-ZA
af-ZA
ka-GE
fo-FO
hi-IN
mt-MT
se-NO
ms-MY
kk-KZ
ky-KG
sw-KE
uz-UZ-Latn
tt-RU
bn-IN
pa-IN
gu-IN
ta-IN
te-IN
kn-IN
ml-IN
mr-IN
sa-IN
mn-MN
cy-GB
gl-ES
kok-IN
syr-SY
div-MV
quz-BO
ns-ZA
mi-NZ
ar-IQ
de-CH
en-GB
es-MX
fr-BE
it-CH
nl-BE
nn-NO
pt-PT
sr-SP-Latn
sv-FI
az-AZ-Cyrl
se-SE
ms-BN
uz-UZ-Cyrl
quz-EC
ar-EG
zh-HK
de-AT
en-AU
es-ES
fr-CA
sr-SP-Cyrl
se-FI
quz-PE
ar-LY
zh-SG
de-LU
en-CA
es-GT
fr-CH
hr-BA
smj-NO
ar-DZ
zh-MO
de-LI
en-NZ
es-CR
fr-LU
bs-BA-Latn
smj-SE
ar-MA
en-IE
es-PA
fr-MC
sr-BA-Latn
sma-NO
ar-TN
en-ZA
es-DO
sr-BA-Cyrl
sma-SE
ar-OM
en-JM
es-VE
sms-FI
ar-YE
en-CB
es-CO
smn-FI
ar-SY
en-BZ
es-PE
ar-JO
en-TT
es-AR
ar-LB
en-ZW
es-EC
ar-KW
en-PH
es-CL
ar-AE
es-UY
ar-BH
es-PY
ar-QA
es-BO
es-SV
es-HN
es-NI
es-PR
zh-CHT
af-za
ar-ae
ar-bh
ar-dz
ar-eg
ar-iq
ar-jo
ar-kw
ar-lb
ar-ly
ar-ma
ar-om
ar-qa
ar-sa
ar-sy
ar-tn
ar-ye
az-az-cyrl
az-az-latn
be-by
bg-bg
bn-in
bs-ba-latn
ca-es
cs-cz
cy-gb
da-dk
de-at
de-ch
de-de
de-li
de-lu
div-mv
el-gr
en-au
en-bz
en-ca
en-cb
en-gb
en-ie
en-jm
en-nz
en-ph
en-tt
en-us
en-za
en-zw
es-ar
es-bo
es-cl
es-co
es-cr
es-do
es-ec
es-es
es-gt
es-hn
es-mx
es-ni
es-pa
es-pe
es-pr
es-py
es-sv
es-uy
es-ve
et-ee
eu-es
fa-ir
fi-fi
fo-fo
fr-be
fr-ca
fr-ch
fr-fr
fr-lu
fr-mc
gl-es
gu-in
he-il
hi-in
hr-ba
hr-hr
hu-hu
hy-am
id-id
is-is
it-ch
it-it
ja-jp
ka-ge
kk-kz
kn-in
kok-in
ko-kr
ky-kg
lt-lt
lv-lv
mi-nz
mk-mk
ml-in
mn-mn
mr-in
ms-bn
ms-my
mt-mt
nb-no
nl-be
nl-nl
nn-no
ns-za
pa-in
pl-pl
pt-br
pt-pt
quz-bo
quz-ec
quz-pe
ro-ro
ru-ru
sa-in
se-fi
se-no
se-se
sk-sk
sl-si
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sq-al
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
sv-fi
sv-se
sw-ke
syr-sy
ta-in
te-in
th-th
tn-za
tr-tr
tt-ru
uk-ua
ur-pk
uz-uz-cyrl
uz-uz-latn
vi-vn
xh-za
zh-chs
zh-cht
zh-cn
zh-hk
zh-mo
zh-sg
zh-tw
zu-za
CONOUT$
VS_VERSION_INFO
StringFileInfo
000004E4
CompanyName
.NET Foundation
FileDescription
WiX Custom Actions
FileVersion
3.11.1.2318
InternalName
wixca
LegalCopyright
All rights reserved.
OriginalFilename
wixca.dll
ProductName
Windows Installer XML Toolset
ProductVersion
3.11.1.2318
VarFileInfo
Translation
MsiDigitalSignatureEx
DigitalSignature
This file is not on VirusTotal.

Process Tree

  • msiexec.exe 2744 "C:\Windows\system32\msiexec.exe" /I "C:\Users\user\AppData\Local\Temp\SkypeMeetingsApp.msi"

msiexec.exe, PID: 2744, Parent PID: 2480
Full Path: C:\Windows\SysWOW64\msiexec.exe
Command Line: "C:\Windows\system32\msiexec.exe" /I "C:\Users\user\AppData\Local\Temp\SkypeMeetingsApp.msi"

Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
N 52.114.88.20 [VT] United Kingdom
N 52.114.14.16 [VT] Singapore
N 23.202.161.73 [VT] United States
N 117.18.237.29 [VT] Taiwan
N 104.77.174.65 [VT] United States

TCP

Source Source Port Destination Destination Port
192.168.35.21 49161 104.77.174.65 www.download.windowsupdate.com 80
192.168.35.21 49168 104.77.174.65 www.download.windowsupdate.com 80
192.168.35.21 49175 104.77.174.65 www.download.windowsupdate.com 80
192.168.35.21 49184 117.18.237.29 ocsp.digicert.com 80
192.168.35.21 49160 23.202.161.73 www.microsoft.com 80
192.168.35.21 49162 23.202.161.73 www.microsoft.com 80
192.168.35.21 49178 52.114.14.16 meet.skype.com 443
192.168.35.21 49183 52.114.88.20 mobile.pipe.aria.microsoft.com 443

UDP

Source Source Port Destination Destination Port
192.168.35.21 53447 8.8.8.8 53
192.168.35.21 57255 8.8.8.8 53
192.168.35.21 58094 8.8.8.8 53
192.168.35.21 65365 8.8.8.8 53
192.168.35.21 65426 8.8.8.8 53

DNS

Name Response Post-Analysis Lookup
www.microsoft.com [VT] CNAME www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net [VT]
CNAME e13678.dspb.akamaiedge.net [VT]
CNAME www.microsoft.com-c-3.edgekey.net [VT]
A 23.202.161.73 [VT]
www.download.windowsupdate.com [VT] A 104.77.174.41 [VT]
CNAME 2-01-3cf7-0009.cdx.cedexis.net [VT]
CNAME download.windowsupdate.com.edgesuite.net [VT]
A 104.77.174.65 [VT]
CNAME a767.dspw65.akamai.net [VT]
meet.skype.com [VT] CNAME join.services-skype.akadns.net [VT]
CNAME join-apac.services-skype.akadns.net [VT]
A 52.114.14.16 [VT]
mobile.pipe.aria.microsoft.com [VT] CNAME skypedataprdcoluks01.cloudapp.net [VT]
CNAME mobile.events.data.trafficmanager.net [VT]
A 52.114.88.20 [VT]
ocsp.digicert.com [VT] CNAME cs9.wac.phicdn.net [VT]
A 117.18.237.29 [VT]

HTTP Requests

URI Data
http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt
GET /pki/certs/MicRooCerAut2011_2011_03_22.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.microsoft.com

http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 86401
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 19 Apr 2017 22:43:31 GMT
If-None-Match: "80ab755e5eb9d21:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com

http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
GET /pki/certs/MicRooCerAut_2010-06-23.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.microsoft.com

http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 3600
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 26 Feb 2020 21:39:14 GMT
If-None-Match: "06d5b30edecd51:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com

http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAtqs7A%2Bsan2xGCSaqjN%2FrM%3D
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAtqs7A%2Bsan2xGCSaqjN%2FrM%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

Source Source Port Destination Destination Port JA3 Hash JA3 Description
192.168.35.21 49178 52.114.14.16 meet.skype.com 443 1d095e68489d3c535297cd8dffb06cb9 Non-Specific Microsoft Socket, Malware Test FP: brazil-malspam-pushes-banload, dhl-malspam-traffic, post-infection-traffic-from-terror-ek-payload, contract-malspam-traffic, cryptowall-traffic, fake-font-update-for-chrome, phishing-malware-run-on-vm, fiesta-ek-post-infection-and-click-fraud-traffic, phishing-malware-sandbox-analysis, angler-ek-traffic, goon-ek-traffic, magnitude-ek-traffic, brazil-malspam-solicitacao-de-orcamento-traffic-example, cryptowall-infection-on-vm, nuclear-ek-traffic, zeus-panda-banker-malspam-traffic, traffic-analysis-pop-quiz, netflix-phishing-traffic, malspam-pushing-remcosrat, sweet-orange-ek-traffic, brazil-malspam-traffic, eitest-hoelflertext-popup-sends-netsupport-manager-rat, eitest-hoeflertext-popup-sends-netsupport-rat, th-run-seamless-rig-ek-sends-ramnit-with-post-infection-traffic, nuclear-ek-from-my-infected-vm, fake-nf-e-malspam-traffic, fake-netflix-login-page-traffic-1st-run, payment-slip-malspam-traffic, rig-ek-traffic, malspam-pushing-smoke-loader, brazil-malspam-traffic-example, smoke-loader-traffic, phishing-malware-run-in-a-vm, boleto-malspam-traffic, infinity-ek-traffic
192.168.35.21 49183 52.114.88.20 mobile.pipe.aria.microsoft.com 443 2201d8e006f8f005a6b415f61e677532 MSIE 10.0 Trident/6.0, Malware Test FP: blackhole-ek-traffic, sweet-orange-ek-post-infection-traffic, sweet-orange-ek-traffic, styx-ek-traffic
File name 94308059B57B3142E455B38A6EB92015
Associated Filenames
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
File Size 342 bytes
File Type data
MD5 c241a0d266cd1a8cd2a3648216fe7d1f
SHA1 38dac541d6dfb4b45b0e40d42c6e4b32914b6bd0
SHA256 2b523814a702bbbfb777f05a41af2111c85ebe130ec9cdf9d696db005a09a624
CRC32 F4140F27
Ssdeep 6:kKQlC81pxW4Y+SkQlPlEGYRMY9z+4KlDA3RUe5CAE:olC0pxWokPlE99SNxAhUe5Y
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name 94308059B57B3142E455B38A6EB92015
Associated Filenames
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
File Size 342 bytes
File Type data
MD5 1db77a536d721d70f9f9f47da00cb85c
SHA1 206556849ff8ddef587ffc473b33cdfe9e7aa0c6
SHA256 40453defff912c77ca06060658115daf3a50d17932602696338d781c33a6d7d5
CRC32 919DD7BF
Ssdeep 6:kK5C81pxW4Y+SkQlPlEGYRMY9z+4KlDA3RUe5CAE:xC0pxWokPlE99SNxAhUe5Y
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name 94308059B57B3142E455B38A6EB92015
Associated Filenames
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
File Size 342 bytes
File Type data
MD5 a764e38b45394ad76e92794fd2727055
SHA1 e75638caf8253dfa6f47f5571ef1283236e217f8
SHA256 c45eb2e77758e360e07abc88632f9c7e73c3fb7b82db3b5b2cf5e0f1431bf24f
CRC32 4BF769E0
Ssdeep 6:kKlC81pxW4Y+SkQlPlEGYRMY9z+4KlDA3RUe5CAE:tC0pxWokPlE99SNxAhUe5Y
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
Sorry! No CAPE files.
Process Name msiexec.exe
PID 2744
Dump Size 70144 bytes
Module Path C:\Windows\SysWOW64\msiexec.exe
Type PE image: 32-bit executable
MD5 fe4f5222aa9c34fd511a0b7e67cd6b26
SHA1 ad0cd514deaad2077889fc50fe7841f72f3a5de9
SHA256 f6e221d3b78cc602dafdd67c3c51b9a4f11ec578d0642abed4af060ace17126b
CRC32 FB805E07
Ssdeep 1536:6dsVJ8P4lxjKsOI2zN1KGv0+VxiQX2jrJ9s1:6dsC4lxjKsOI2zN1KGsUxidjN9s1
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename f6e221d3b78cc602dafdd67c3c51b9a4f11ec578d0642abed4af060ace17126b

Comments



No comments posted

Processing ( 17.834 seconds )

  • 5.858 CAPE
  • 5.697 TargetInfo
  • 3.646 Strings
  • 1.777 TrID
  • 0.387 BehaviorAnalysis
  • 0.269 Deduplicate
  • 0.098 ProcDump
  • 0.057 NetworkAnalysis
  • 0.039 Dropped
  • 0.005 AnalysisInfo
  • 0.001 Debug

Signatures ( 0.38 seconds )

  • 0.087 antidbg_windows
  • 0.074 office_code_page
  • 0.028 antiav_detectreg
  • 0.016 stealth_timeout
  • 0.013 decoy_document
  • 0.012 NewtWire Behavior
  • 0.012 api_spamming
  • 0.011 infostealer_ftp
  • 0.008 ransomware_files
  • 0.006 antivm_generic_disk
  • 0.006 antianalysis_detectreg
  • 0.006 infostealer_im
  • 0.005 mimics_filetime
  • 0.005 antivm_generic_scsi
  • 0.005 antiav_detectfile
  • 0.005 infostealer_mail
  • 0.004 bootkit
  • 0.004 antivm_vbox_window
  • 0.004 virus
  • 0.003 stealth_file
  • 0.003 antivm_generic_services
  • 0.003 reads_self
  • 0.003 persistence_autorun
  • 0.003 antisandbox_script_timer
  • 0.003 antivm_vbox_keys
  • 0.003 infostealer_bitcoin
  • 0.003 ransomware_extensions
  • 0.002 Doppelganging
  • 0.002 betabot_behavior
  • 0.002 PlugX
  • 0.002 hancitor_behavior
  • 0.002 antianalysis_detectfile
  • 0.002 antivm_vbox_files
  • 0.002 antivm_vmware_keys
  • 0.002 geodo_banking_trojan
  • 0.002 browser_security
  • 0.002 masquerade_process_name
  • 0.001 tinba_behavior
  • 0.001 malicious_dynamic_function_loading
  • 0.001 rat_nanocore
  • 0.001 injection_runpe
  • 0.001 recon_programs
  • 0.001 injection_createremotethread
  • 0.001 antiemu_wine_func
  • 0.001 InjectionCreateRemoteThread
  • 0.001 InjectionProcessHollowing
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 dynamic_function_loading
  • 0.001 InjectionSetWindowLong
  • 0.001 cerber_behavior
  • 0.001 kovter_behavior
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_vpc_keys
  • 0.001 antivm_xen_keys
  • 0.001 ketrican_regkeys
  • 0.001 darkcomet_regkeys
  • 0.001 disables_browser_warn
  • 0.001 network_torgateway
  • 0.001 recon_checkip
  • 0.001 recon_fingerprint

Reporting ( 0.002 seconds )

  • 0.002 CompressResults
Task ID 131472
Mongo ID 5e79db1f22fb4f13386d70b2
Cuckoo release 1.3-CAPE
Delete