(cache)Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'HWiNFO_Monitor

malicious

Threat Score: 100/100 AV Detection: 34% Labeled as: Trojan_Win32_Wacatac_C_ml #urlscanio

HWiNFO_Monitor_Setup.exe

This report is generated from a file or URL submitted to this webservice on April 10th 2026 22:34:39 (UTC) and action script Heavy Anti-Evasion
Guest System: Windows 11 64 bit, Professional, 10.0 (build 22621),
Report generated by Falcon Sandbox © Hybrid Analysis

Overview Sample unavailable Re-analyze Hash Seen Before

No similar samples

Report False-Positive Request Report Deletion

Incident Response

Risk Assessment

Remote Access: Reads terminal service related keys (often RDP related)
Spyware: Found a string that may be used as part of an injection method
Persistence: Writes data to a remote process

MITRE ATT&CK™ Techniques Detection

This report has 155 indicators that were mapped to 85 attack techniques and 11 tactics. View all details

Execution
ATT&CK ID	Name	Tactics	Description	Malicious Indicators	Suspicious Indicators	Informative Indicators
T1106	Native API	Execution	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Learn more			Contains ability to execute Windows APIs Input file contains API references not part of its Import Address Table (IAT) Contains ability to load modules (API string) Contains ability to execute an application (API string) Contains ability to set/get the last-error code for a calling thread (API string) Calls an API typically used to find a resource in a module Calls an API typically used to load a resource in memory Calls an API typically used to retrieve function addresses Calls an API typically used to create a process
T1059.003	Windows Command Shell	Execution	Adversaries may abuse the Windows command shell for execution. Learn more			Able to retrieve command line parameters of the running process Contains ability to retrieve the command-line string for the current process (API string)
T1129	Shared Modules	Execution	Adversaries may execute malicious payloads via loading shared modules. Learn more			Loads modules at runtime Calls an API typically used to load libraries Loads the RPC (Remote Procedure Call) module DLL
T1569.002	Service Execution	Execution	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. Learn more		Opened the service control manager
Persistence
ATT&CK ID	Name	Tactics	Description	Malicious Indicators	Suspicious Indicators	Informative Indicators
T1543.003	Windows Service	Persistence Privilege Escalation	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. Learn more			Contains ability to access device drivers
T1098	Account Manipulation	Persistence Privilege Escalation	Adversaries may manipulate accounts to maintain and/or elevate access to victim systems. Learn more			Contains ability to modify the user configuration/privilege (API string)
T1112	Modify Registry	Defense Evasion Persistence	Adversaries may interact with the Windows Registry as part of a variety of other techniques to aid in defense evasion, persistence, and execution. Learn more			Able to delete registry key/value (API string) Writes registry keys
T1547.001	Registry Run Keys / Startup Folder	Persistence Privilege Escalation	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Learn more		1 confidential indicators
T1547.009	Shortcut Modification	Persistence Privilege Escalation	Adversaries may create or modify shortcuts that can execute a program during system boot or user login. Learn more		1 confidential indicators
T1546.015	Component Object Model Hijacking	Persistence Privilege Escalation	Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects. Learn more			Overview of unique CLSIDs touched in registry
T1547	Boot or Logon Autostart Execution	Persistence Privilege Escalation	Adversaries may configure system settings to automatically execute a program during system boot or logon to maintain persistence or gain higher-level privileges on compromised systems. Learn more		Tries to save executable or command in registry
T1546.016	Installer Packages	Persistence Privilege Escalation	Adversaries may establish persistence and elevate privileges by using an installer to trigger the execution of malicious content. Learn more			Attempts to launch the Installer package binary
Privilege Escalation
ATT&CK ID	Name	Tactics	Description	Malicious Indicators	Suspicious Indicators	Informative Indicators
T1134	Access Token Manipulation	Defense Evasion Privilege Escalation	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Learn more			Contains ability to retrieve token privileges information (API string) Contains ability to modify access token privileges (API string)
T1055.001	Dynamic-link Library Injection	Defense Evasion Privilege Escalation	Adversaries may inject dynamic-link libraries (DLLs) into processes in order to evade process-based defenses as well as possibly elevate privileges. Learn more			Contains ability to load/free library (API string)
T1543.003	Windows Service	Persistence Privilege Escalation	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. Learn more			Contains ability to access device drivers
T1055.011	Extra Window Memory Injection	Defense Evasion Privilege Escalation	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. Learn more		2 confidential indicators
T1055	Process Injection	Defense Evasion Privilege Escalation	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Learn more	Writes data to a remote process		Found PE header in memory
T1055.015	ListPlanting	Defense Evasion Privilege Escalation	Adversaries may abuse list-view controls to inject malicious code into hijacked processes in order to evade process-based defenses as well as possibly elevate privileges. Learn more			Able to visualize and control listed components (API string)
T1098	Account Manipulation	Persistence Privilege Escalation	Adversaries may manipulate accounts to maintain and/or elevate access to victim systems. Learn more			Contains ability to modify the user configuration/privilege (API string)
T1134.001	Token Impersonation/Theft	Defense Evasion Privilege Escalation	Adversaries may duplicate then impersonate another user's existing token to escalate privileges and bypass access controls. Learn more			Contains ability to obtains specified information about the security of a file or directory (API string)
T1068	Exploitation for Privilege Escalation	Privilege Escalation	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Learn more			Opens the Kernel Security Device Driver (KsecDD) of Windows
T1547.001	Registry Run Keys / Startup Folder	Persistence Privilege Escalation	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Learn more		1 confidential indicators
T1547.009	Shortcut Modification	Persistence Privilege Escalation	Adversaries may create or modify shortcuts that can execute a program during system boot or user login. Learn more		1 confidential indicators
T1546.015	Component Object Model Hijacking	Persistence Privilege Escalation	Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects. Learn more			Overview of unique CLSIDs touched in registry
T1547	Boot or Logon Autostart Execution	Persistence Privilege Escalation	Adversaries may configure system settings to automatically execute a program during system boot or logon to maintain persistence or gain higher-level privileges on compromised systems. Learn more		Tries to save executable or command in registry
T1546.016	Installer Packages	Persistence Privilege Escalation	Adversaries may establish persistence and elevate privileges by using an installer to trigger the execution of malicious content. Learn more			Attempts to launch the Installer package binary
Defense Evasion
ATT&CK ID	Name	Tactics	Description	Malicious Indicators	Suspicious Indicators	Informative Indicators
T1497.001	System Checks	Defense Evasion Discovery	Adversaries may employ various system checks to detect and avoid virtualization and analysis environments. Learn more		1 confidential indicators	Contains a Wine emulator-related string
T1027	Obfuscated Files or Information	Defense Evasion	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. Learn more			Contains CRYPTO related strings Loads the Bcrypt module DLL Matched Compiler/Packer signature (DIE) Sample file has high entropy (likely encrypted/compressed content) Shows ability to obfuscate file or information
T1622	Debugger Evasion	Defense Evasion Discovery	Adversaries may employ various means to detect and avoid debuggers. Learn more		YARA signature match - Anti-Debugging (PEB)	Contains ability to check debugger is running (API string) YARA signature match - Anti Debugging Used
T1497.003	Time Based Evasion	Defense Evasion Discovery	Adversaries may employ various time-based methods to detect and avoid virtualization and analysis environments. Learn more			Contains ability to delay execution by waiting for signal/timeout (API string) Contains ability to retrieve the time elapsed since the system was started (API string)
T1134	Access Token Manipulation	Defense Evasion Privilege Escalation	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Learn more			Contains ability to retrieve token privileges information (API string) Contains ability to modify access token privileges (API string)
T1055.001	Dynamic-link Library Injection	Defense Evasion Privilege Escalation	Adversaries may inject dynamic-link libraries (DLLs) into processes in order to evade process-based defenses as well as possibly elevate privileges. Learn more			Contains ability to load/free library (API string)
T1497.002	User Activity Based Checks	Defense Evasion Discovery	Adversaries may employ various user activity checks to detect and avoid virtualization and analysis environments. Learn more			Able to identify virtual environment by using user activity (API string)
T1055.011	Extra Window Memory Injection	Defense Evasion Privilege Escalation	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. Learn more		2 confidential indicators
T1055	Process Injection	Defense Evasion Privilege Escalation	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Learn more	Writes data to a remote process		Found PE header in memory
T1055.015	ListPlanting	Defense Evasion Privilege Escalation	Adversaries may abuse list-view controls to inject malicious code into hijacked processes in order to evade process-based defenses as well as possibly elevate privileges. Learn more			Able to visualize and control listed components (API string)
T1564.003	Hidden Window	Defense Evasion	Adversaries may use hidden windows to conceal malicious activity from the plain sight of users. Learn more			Contains ability to show a graphical window (API string)
T1112	Modify Registry	Defense Evasion Persistence	Adversaries may interact with the Windows Registry as part of a variety of other techniques to aid in defense evasion, persistence, and execution. Learn more			Able to delete registry key/value (API string) Writes registry keys
T1134.001	Token Impersonation/Theft	Defense Evasion Privilege Escalation	Adversaries may duplicate then impersonate another user's existing token to escalate privileges and bypass access controls. Learn more			Contains ability to obtains specified information about the security of a file or directory (API string)
T1497	Virtualization/Sandbox Evasion	Defense Evasion Discovery	Adversaries may employ various means to detect and avoid virtualization and analysis environments. Learn more			Able to detect virtual machine (string) Able to identify sandbox environment running process Attempts to call APIs commonly associated with anti-analysis and evasion techniques Observed a high volume of repeated registry API calls (API Hammering)
T1014	Rootkit	Defense Evasion	Adversaries may use rootkits to hide the presence of programs, files, network connections, services, drivers, and other system components. Learn more			References device drivers used by rootkit malware
T1070.004	File Deletion	Defense Evasion	Adversaries may delete files left behind by the actions of their intrusion activity. Learn more		Opens file with deletion access rights	Calls an API typically used to remove a directory
T1070.006	Timestomp	Defense Evasion	Adversaries may modify file time attributes to hide new files or changes to existing files. Learn more		2 confidential indicators
T1036	Masquerading	Defense Evasion	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Learn more		Drops PE files with different extensions	Renames files
T1006	Direct Volume Access	Defense Evasion	Adversaries may directly access a volume to bypass file access controls and file system monitoring. Learn more			Attempts to read volume data via DOS device path
T1480	Execution Guardrails	Defense Evasion	Adversaries may use execution guardrails to constrain execution or actions based on adversary supplied and environment specific conditions that are expected to be present on the target. Learn more			Creates mutants Shows ability to use execution guardrails
T1070	Indicator Removal	Defense Evasion	Adversaries may delete or modify artifacts generated within systems to remove evidence of their presence or hinder defenses. Learn more		Deletes registry keys
T1027.005	Indicator Removal from Tools	Defense Evasion	Adversaries may remove indicators from tools if they believe their malicious tool was detected, quarantined, or otherwise curtailed. Learn more			XOR operations in executable file detected
T1027.009	Embedded Payloads	Defense Evasion	Adversaries may embed payloads within other files to conceal malicious content from defenses. Learn more		Sample/File contains another embedded binary	YARA signature match – Embedded PE executable YARA signature match - PE executable embedded in .rsrc section
Credential Access
ATT&CK ID	Name	Tactics	Description	Malicious Indicators	Suspicious Indicators	Informative Indicators
T1555	Credentials from Password Stores	Credential Access	Adversaries may search for common password storage locations to obtain user credentials. Learn more			Contains string like password/secret
T1056.001	Keylogging	Collection Credential Access	Adversaries may log user keystrokes to intercept credentials as the user types them. Learn more			Contains ability to hook/unhook windows functions (API string)
T1003	OS Credential Dumping	Credential Access	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password. Learn more			Attempts to invoke APIs commonly associated with credential theft and data exfiltration functionality
Discovery
ATT&CK ID	Name	Tactics	Description	Malicious Indicators	Suspicious Indicators	Informative Indicators
T1497.001	System Checks	Defense Evasion Discovery	Adversaries may employ various system checks to detect and avoid virtualization and analysis environments. Learn more		1 confidential indicators	Contains a Wine emulator-related string
T1012	Query Registry	Discovery	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software. Learn more		1 confidential indicators	Contains registry location strings Contains reference to Borland Delphi related registry entry Opens registry keys Queries registry keys Queries for Borland Delphi related registry entry
T1082	System Information Discovery	Discovery	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Learn more		Calls an API typically used to find and list the Windows drive types	Able to query volume/memory size (API string) Contains ability to retrieve the specified system metric or system configuration setting (API string) Able to retrieve information about the current system (API string) Contains ability to retrieve the OS information (API string) Able to discover operating system information (API string) Calls an API typically used to get system version information Calls an API typically used to get product type Calls an API typically used to retrieve information about the current system Attempts to call APIs to gather system and hardware detail Contains ability to read software policies Reads information about supported languages Reads the active computer name Queries volume information Calls an API typically used to retrieve computer name
T1622	Debugger Evasion	Defense Evasion Discovery	Adversaries may employ various means to detect and avoid debuggers. Learn more		YARA signature match - Anti-Debugging (PEB)	Contains ability to check debugger is running (API string) YARA signature match - Anti Debugging Used
T1497.003	Time Based Evasion	Defense Evasion Discovery	Adversaries may employ various time-based methods to detect and avoid virtualization and analysis environments. Learn more			Contains ability to delay execution by waiting for signal/timeout (API string) Contains ability to retrieve the time elapsed since the system was started (API string)
T1083	File and Directory Discovery	Discovery	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Learn more		Reads configuration files (.ini files)	Contains ability to retrieve file and directory information (API string) References Windows file paths for DLLs (possible dropped files) Contains ability to read files (API string) Contains ability to retrieve files based on search patterns Calls an API typically used for searching a directory for files Touches files Reads files Tries to access non-existent files (non-executable) Tries to access non-existent files (executable) Touches files in the Windows directory Touches files in program files directory Tries to access LNK files (Windows shortcut)
T1033	System Owner/User Discovery	Discovery	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. Learn more			Able to query security token membership for user discovery (API string) Calls an API typically used to retrieve user name
T1614.001	System Language Discovery	Discovery	Adversaries may attempt to gather information about the system language of a victim in order to infer the geographical location of that host. Learn more			Able to retrieve system language (API string) Reads the windows installation language
T1497.002	User Activity Based Checks	Defense Evasion Discovery	Adversaries may employ various user activity checks to detect and avoid virtualization and analysis environments. Learn more			Able to identify virtual environment by using user activity (API string)
T1057	Process Discovery	Discovery	Adversaries may attempt to get information about running processes on a system. Learn more		1 confidential indicators	Able to list processes on remote desktop session host Contains ability to determine if process is running under WOW64 (API string) Calls an API typically used for taking snapshot of the specified processes Queries basic information of the specified process Queries process information Spawns new processes that are not known child processes Process launched with changed environment Spawns new processes
T1049	System Network Connections Discovery	Discovery	Adversaries may attempt to get a listing of network connections to or from the compromised system they are currently accessing or from remote systems by querying for information over the network. Learn more			Contains ability to enumerate network resources (API string)
T1135	Network Share Discovery	Discovery	Adversaries may look for folders and drives shared on remote systems as a means of identifying sources of information to gather as a precursor for Collection and to identify potential systems of interest for Lateral Movement. Learn more			Able to access Windows networking-related API (String) Contains ability to enumerate system network resources (API string) Contains ability to query information about shared network resources (API string)
T1016	System Network Configuration Discovery	Discovery	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Learn more			Contains ability to retrieve network parameters of a computer (API string)
T1010	Application Window Discovery	Discovery	Adversaries may attempt to get a listing of open application windows. Learn more			Contains ability to retrieve open application windows (API string) Calls an API typically used to get active windows title Calls an API typically used to enumerate active windows Scanning for window names Calls an API typically used to get handle of currently active window Calls an API possibly used to retrieve a handle to the foreground window
T1124	System Time Discovery	Discovery	An adversary may gather the system time and/or time zone settings from a local or remote system. Learn more			Contains ability to retrieve machine timezone (API string) Contains ability to retrieve machine time (API string)
T1497	Virtualization/Sandbox Evasion	Defense Evasion Discovery	Adversaries may employ various means to detect and avoid virtualization and analysis environments. Learn more			Able to detect virtual machine (string) Able to identify sandbox environment running process Attempts to call APIs commonly associated with anti-analysis and evasion techniques Observed a high volume of repeated registry API calls (API Hammering)
T1614	System Location Discovery	Discovery	Adversaries may gather information in an attempt to calculate the geographical location of a victim host. Learn more			Calls an API typically used to retrieve local language
T1007	System Service Discovery	Discovery	Adversaries may try to gather information about registered local system services. Learn more		Calls an API typically used to enumerate services	Queries services related registry keys
T1518	Software Discovery	Discovery	Adversaries may attempt to get a listing of software and software versions that are installed on a system or in a cloud environment. Learn more			Reads the registry for installed applications
Lateral Movement
ATT&CK ID	Name	Tactics	Description	Malicious Indicators	Suspicious Indicators	Informative Indicators
T1570	Lateral Tool Transfer	Lateral Movement	Adversaries may transfer tools or other files between systems in a compromised environment. Learn more			Calls an API typically used to move file or directory
T1021.001	Remote Desktop Protocol	Lateral Movement	Adversaries may use Valid Accounts to log into a computer using the Remote Desktop Protocol (RDP). Learn more		Reads terminal service related keys (often RDP related)
Collection
ATT&CK ID	Name	Tactics	Description	Malicious Indicators	Suspicious Indicators	Informative Indicators
T1056.001	Keylogging	Collection Credential Access	Adversaries may log user keystrokes to intercept credentials as the user types them. Learn more			Contains ability to hook/unhook windows functions (API string)
T1113	Screen Capture	Collection	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Learn more		Calls an API possibly used to take screenshots	Able to capture screen (API string)
T1114	Email Collection	Collection	Adversaries may target user email to collect sensitive information. Learn more			Found E-Mail address in binary/memory
T1074.001	Local Data Staging	Collection	Adversaries may stage collected data in a central location or directory on the local system prior to Exfiltration. Learn more			Calls an API typically used to create a directory Writes log files
T1005	Data from Local System	Collection	Adversaries may search local system sources, such as file systems, configuration files, local databases, or virtual machine files, to find files of interest and sensitive data prior to Exfiltration. Learn more			Writes files in a temp directory
Command and Control
ATT&CK ID	Name	Tactics	Description	Malicious Indicators	Suspicious Indicators	Informative Indicators
T1573	Encrypted Channel	Command and Control	Adversaries may employ an encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Learn more			Able to use Microsoft's Enhanced Cryptographic Provider Possibly tries to communicate over SSL connection (HTTPS)
T1071	Application Layer Protocol	Command and Control	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Learn more			Found potential URL in binary/memory
T1071.003	Mail Protocols	Command and Control	Adversaries may communicate using application layer protocols associated with electronic mail delivery to avoid detection/network filtering by blending in with existing traffic. Learn more			Found mail related domain names
T1105	Ingress Tool Transfer	Command and Control	Adversaries may transfer tools or other files from an external system into a compromised environment. Learn more		Writes a PE file header to disc Drops executable files	Contains ability to write files (API string) Dropped files Drops temp files Drops executable files inside temp directory
Exfiltration
ATT&CK ID	Name	Tactics	Description	Malicious Indicators	Suspicious Indicators	Informative Indicators
T1029	Scheduled Transfer	Exfiltration	Adversaries may schedule data exfiltration to be performed only at certain times of day or at certain intervals. Learn more			Contains ability to perform scheduled transfer (API string)
Impact
ATT&CK ID	Name	Tactics	Description	Malicious Indicators	Suspicious Indicators	Informative Indicators
T1529	System Shutdown/Reboot	Impact	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Learn more			Contains ability to reboot/shutdown the operating system (API string)
T1489	Service Stop	Impact	Adversaries may stop or disable services on a system to render those services unavailable to legitimate users. Learn more			Contains ability to terminate a process (API string)

Indicators

Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.

Malicious Indicators 1
Installation/Persistence
- Writes data to a remote process
  
  details
  
  "HWiNFO_Monitor_Setup.exe" wrote 00000004 bytes to a remote process "%TEMP%\is-V1X3KIG9SZ.tmp\HWiNFO_Monitor_Setup.tmp" (Handle: 580)
  
  source
  
  API Call
  
  relevance
  
  6/10
  
  ATT&CK ID
  
  T1055 (Show technique in the MITRE ATT&CK™ matrix)

Suspicious Indicators 24
Anti-Detection/Stealthiness
- Tries to save executable or command in registry
  
  details
  
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1"; Key: "DISPLAYICON"; Value: "%PROGRAMFILES%\CPUID\HWiNFO\HWiNFO.exe")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1"; Key: "UNINSTALLSTRING"; Value: ""%PROGRAMFILES%\CPUID\HWiNFO\unins000.exe"")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1"; Key: "QUIETUNINSTALLSTRING"; Value: ""%PROGRAMFILES%\CPUID\HWiNFO\unins000.exe" /SILENT")
  
  source
  
  Registry Access
  
  relevance
  
  7/10
  
  ATT&CK ID
  
  T1547 (Show technique in the MITRE ATT&CK™ matrix)
External Systems
- Sample was identified as malicious by at least one Antivirus engine
  
  details
  
  9/26 Antivirus vendors marked sample as malicious (34% detection rate)
  
  source
  
  External System
General
- Opened the service control manager
  
  details
  
  "HWiNFO_Monitor_Setup.tmp" called "OpenSCManagerW" requesting access rights "0X80000000"
  
  source
  
  API Call
  
  relevance
  
  10/10
  
  ATT&CK ID
  
  T1569.002 (Show technique in the MITRE ATT&CK™ matrix)
- Reads configuration files (.ini files)
  
  details
  
  "HWiNFO_Monitor_Setup.tmp" reads file "%PROGRAMFILES%\desktop.ini"
  "HWiNFO_Monitor_Setup.tmp" reads file "C:\Users\%USERNAME%\Desktop\desktop.ini"
  "HWiNFO_Monitor_Setup.tmp" reads file "C:\Users\%USERNAME%\Documents\desktop.ini"
  "HWiNFO_Monitor_Setup.tmp" reads file "C:\Users\%USERNAME%\Music\desktop.ini"
  "HWiNFO_Monitor_Setup.tmp" reads file "C:\Users\%USERNAME%\Pictures\desktop.ini"
  "HWiNFO_Monitor_Setup.tmp" reads file "C:\Users\%USERNAME%\Videos\desktop.ini"
  "HWiNFO_Monitor_Setup.tmp" reads file "C:\Users\%USERNAME%\Downloads\desktop.ini"
  "HWiNFO_Monitor_Setup.tmp" reads file "C:\Users\%USERNAME%\OneDrive\desktop.ini"
  
  source
  
  API Call
  
  relevance
  
  4/10
  
  ATT&CK ID
  
  T1083 (Show technique in the MITRE ATT&CK™ matrix)
Installation/Persistence
- Drops executable files
  
  details
  
  "is-96Q5IE2WSZ.tmp" has type "PE32 executable for MS Windows 6.01 (GUI) Intel i386 11 sections"- Location: [%PROGRAMFILES%\CPUID\HWiNFO\is-96Q5IE2WSZ.tmp]- [targetUID: 00000000-00004792]
  "HWiNFO_Monitor_Setup.tmp" has type "PE32 executable for MS Windows 6.01 (GUI) Intel i386 11 sections"- Location: [%TEMP%\is-V1X3KIG9SZ.tmp\HWiNFO_Monitor_Setup.tmp]- [targetUID: 00000000-00001392]
  "is-DZZ74NCPUI.tmp" has type "PE32+ executable for MS Windows 5.02 (GUI) x86-64 5 sections"- Location: [%PROGRAMFILES%\CPUID\HWiNFO\is-DZZ74NCPUI.tmp]- [targetUID: 00000000-00004792]
  "is-FNEYTLL0RX.tmp" has type "PE32 executable for MS Windows 6.01 (GUI) Intel i386 10 sections"- Location: [%PROGRAMFILES%\CPUID\HWiNFO\is-FNEYTLL0RX.tmp]- [targetUID: 00000000-00004792]
  "is-6A6AUP6767.tmp" has type "PE32+ executable for MS Windows 6.00 (DLL) x86-64 7 sections"- Location: [%PROGRAMFILES%\CPUID\HWiNFO\is-6A6AUP6767.tmp]- [targetUID: 00000000-00004792]
  "_setup64.tmp" has type "PE32+ executable for MS Windows 5.02 (console) x86-64 5 sections"- Location: [%TEMP%\is-1JFN0P1ZCP.tmp\_isetup\_setup64.tmp]- [targetUID: 00000000-00004792]
  
  source
  
  Binary File
  
  relevance
  
  10/10
  
  ATT&CK ID
  
  T1105 (Show technique in the MITRE ATT&CK™ matrix)
- Writes a PE file header to disc
  
  details
  
  "HWiNFO_Monitor_Setup.exe" wrote 15360 bytes starting with PE header signature to file "%TEMP%\is-V1X3KIG9SZ.tmp\HWiNFO_Monitor_Setup.tmp": 4d5a50000200000004000f00ffff0000ff0000000000000040001a00000000000000000000000000000000000000000000000000000000000000000000010000ff10000e1fff09ff21ff014cff21ffff546869732070726f6772616d206d7573742062652072756e20756e6465722057696e33320d0a24370000000000000000 ...
  "HWiNFO_Monitor_Setup.tmp" wrote 6144 bytes starting with PE header signature to file "C:\Users\%USERNAME%\AppData\Local\Temp\is-1JFN0P1ZCP.tmp\_isetup\_setup64.tmp": 4d5aff000300000004000000ffff0000ff00000000000000400000000000000000000000000000000000000000000000000000000000000000000000ff0000000e1fff0e00ff09ff21ff014cff21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e0d0d0a2400000000000000 ...
  "HWiNFO_Monitor_Setup.tmp" wrote 16384 bytes starting with PE header signature to file "C:\Program Files\CPUID\HWiNFO\is-96Q5IE2WSZ.tmp": 4d5a50000200000004000f00ffff0000ff0000000000000040001a00000000000000000000000000000000000000000000000000000000000000000000010000ff10000e1fff09ff21ff014cff21ffff546869732070726f6772616d206d7573742062652072756e20756e6465722057696e33320d0a24370000000000000000 ...
  
  source
  
  API Call
  
  relevance
  
  10/10
  
  ATT&CK ID
  
  T1105 (Show technique in the MITRE ATT&CK™ matrix)
Pattern Matching
- YARA signature match - Anti-Debugging (PEB)
  
  details
  
  YARA signature for anti-debugging matched on file "is-DZZ74NCPUI.tmp"
  
  source
  
  YARA Signature
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1622 (Show technique in the MITRE ATT&CK™ matrix)
Remote Access Related
- Reads terminal service related keys (often RDP related)
  
  details
  
  "HWiNFO_Monitor_Setup.tmp" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER"; Key: "GLASSSESSIONID")
  
  source
  
  Registry Access
  
  relevance
  
  10/10
  
  ATT&CK ID
  
  T1021.001 (Show technique in the MITRE ATT&CK™ matrix)
Spyware/Information Retrieval
- Calls an API possibly used to take screenshots
  
  details
  
  "HWiNFO_Monitor_Setup.tmp" called "CreateCompatibleBitmap" with parameters {"hdc": "101093d"
  "cx": "52"
  "cy": "39"}
  "HWiNFO_Monitor_Setup.tmp" called "CreateCompatibleBitmap" with parameters {"hdc": "3010998"
  "cx": "52"
  "cy": "39"}
  "HWiNFO_Monitor_Setup.tmp" called "CreateCompatibleBitmap" with parameters {"hdc": "101093d"
  "cx": "240"
  "cy": "459"}
  "HWiNFO_Monitor_Setup.tmp" called "CreateCompatibleBitmap" with parameters {"hdc": "101093d"
  "cx": "147"
  "cy": "147"}
  "HWiNFO_Monitor_Setup.tmp" called "CreateCompatibleBitmap" with parameters {"hdc": "101093d"
  "cx": "256"
  "cy": "256"}
  "HWiNFO_Monitor_Setup.tmp" called "CreateCompatibleBitmap" with parameters {"hdc": "101093d"
  "cx": "32"
  "cy": "32"}
  "HWiNFO_Monitor_Setup.tmp" called "CreateCompatibleBitmap" with parameters {"hdc": "101093d"
  "cx": "48"
  "cy": "48"}
  "HWiNFO_Monitor_Setup.tmp" called "CreateCompatibleBitmap" with parameters {"hdc": "108c0"
  "cx": "495"
  "cy": "17"}
  "HWiNFO_Monitor_Setup.tmp" called "CreateCompatibleBitmap" with parameters {"hdc": "101093d"
  "cx": "16"
  "cy": "16"}
  "HWiNFO_Monitor_Setup.tmp" called "CreateCompatibleBitmap" with parameters {"hdc": "2501071a"
  "cx": "82"
  "cy": "23"}
  "HWiNFO_Monitor_Setup.tmp" called "CreateCompatibleBitmap" with parameters {"hdc": "22010a58"
  "cx": "516"
  "cy": "21"}
  "HWiNFO_Monitor_Setup.tmp" called "CreateCompatibleBitmap" with parameters {"hdc": "2501071a"
  "cx": "516"
  "cy": "21"}
  
  source
  
  API Call
  
  relevance
  
  5/10
  
  ATT&CK ID
  
  T1113 (Show technique in the MITRE ATT&CK™ matrix)
- Calls an API typically used to enumerate services
  
  details
  
  "HWiNFO_Monitor_Setup.tmp" called "EnumServicesStatusExW" with parameters {"hSCManager": "13a3808"
  "dwServiceType": "48"
  "dwServiceState": "1"}
  
  source
  
  API Call
  
  relevance
  
  5/10
  
  ATT&CK ID
  
  T1007 (Show technique in the MITRE ATT&CK™ matrix)
- Calls an API typically used to find and list the Windows drive types
  
  details
  
  "HWiNFO_Monitor_Setup.exe" called "GetDriveTypeW" with parameter C:\ (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.tmp" called "GetDriveTypeW" with parameter C:\ (UID: 00000000-00004792)
  
  source
  
  API Call
  
  relevance
  
  10/10
  
  ATT&CK ID
  
  T1082 (Show technique in the MITRE ATT&CK™ matrix)
System Destruction
- Opens file with deletion access rights
  
  details
  
  "HWiNFO_Monitor_Setup.exe" opened "C:\Users\%USERNAME%\AppData\Local\Temp\is-V1X3KIG9SZ.tmp\HWiNFO_Monitor_Setup.tmp" with delete access
  "HWiNFO_Monitor_Setup.tmp" opened "C:\Program Files\CPUID\HWiNFO\is-96Q5IE2WSZ.tmp" with delete access
  "HWiNFO_Monitor_Setup.tmp" opened "C:\Program Files\CPUID\HWiNFO\is-6A6AUP6767.tmp" with delete access
  "HWiNFO_Monitor_Setup.tmp" opened "C:\Program Files\CPUID\HWiNFO\is-DZZ74NCPUI.tmp" with delete access
  "HWiNFO_Monitor_Setup.tmp" opened "C:\Program Files\CPUID\HWiNFO\is-BJKFJATABB.tmp" with delete access
  "HWiNFO_Monitor_Setup.tmp" opened "C:\Program Files\CPUID\HWiNFO\unins000.dat" with delete access
  "HWiNFO_Monitor_Setup.tmp" opened "C:\Program Files\CPUID\HWiNFO\is-TI156WG2Y2.tmp" with delete access
  "HWiNFO_Monitor_Setup.tmp" opened "C:\Program Files\CPUID\HWiNFO\unins000.exe" with delete access
  "HWiNFO_Monitor_Setup.tmp" opened "C:\Program Files\CPUID\HWiNFO\is-FNEYTLL0RX.tmp" with delete access
  "HWiNFO_Monitor_Setup.tmp" opened "C:\Program Files\CPUID\HWiNFO\is-F54G98LCMX.tmp" with delete access
  "HWiNFO_Monitor_Setup.tmp" opened "%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\CPUID\HWiNFO\HWiNFO Monitor.lnk" with delete access
  "HWiNFO_Monitor_Setup.tmp" opened "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWiNFO\HWiNFO Monitor.pif" with delete access
  "HWiNFO_Monitor_Setup.tmp" opened "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWiNFO\HWiNFO Monitor.url" with delete access
  "HWiNFO_Monitor_Setup.tmp" opened "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWiNFO\Удалить HWiNFO Monitor.lnk" with delete access
  "HWiNFO_Monitor_Setup.tmp" opened "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWiNFO\Удалить HWiNFO Monitor.pif" with delete access
  "HWiNFO_Monitor_Setup.tmp" opened "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWiNFO\Удалить HWiNFO Monitor.url" with delete access
  "HWiNFO_Monitor_Setup.tmp" opened "C:\Users\%USERNAME%\AppData\Local\Temp\is-1JFN0P1ZCP.tmp\_isetup\_setup64.tmp" with delete access
  
  source
  
  API Call
  
  relevance
  
  7/10
  
  ATT&CK ID
  
  T1070.004 (Show technique in the MITRE ATT&CK™ matrix)
System Security
- Deletes registry keys
  
  details
  
  "HWiNFO_Monitor_Setup.tmp" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\RESTARTMANAGER\SESSION0000"; Key: "REGFILESHASH"; Value: "")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\RESTARTMANAGER\SESSION0000"; Key: "REGFILES0000"; Value: "")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\RESTARTMANAGER\SESSION0000"; Key: "SEQUENCE"; Value: "")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\RESTARTMANAGER\SESSION0000"; Key: "SESSIONHASH"; Value: "")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\RESTARTMANAGER\SESSION0000"; Key: "OWNER"; Value: "")
  
  source
  
  Registry Access
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1070 (Show technique in the MITRE ATT&CK™ matrix)
Unusual Characteristics
- Drops PE files with different extensions
  
  details
  
  "is-96Q5IE2WSZ.tmp" has type "PE32 executable for MS Windows 6.01 (GUI) Intel i386 11 sections"- Location: [%PROGRAMFILES%\CPUID\HWiNFO\is-96Q5IE2WSZ.tmp]- [targetUID: 00000000-00004792]
  "HWiNFO_Monitor_Setup.tmp" has type "PE32 executable for MS Windows 6.01 (GUI) Intel i386 11 sections"- Location: [%TEMP%\is-V1X3KIG9SZ.tmp\HWiNFO_Monitor_Setup.tmp]- [targetUID: 00000000-00001392]
  "is-DZZ74NCPUI.tmp" has type "PE32+ executable for MS Windows 5.02 (GUI) x86-64 5 sections"- Location: [%PROGRAMFILES%\CPUID\HWiNFO\is-DZZ74NCPUI.tmp]- [targetUID: 00000000-00004792]
  "is-FNEYTLL0RX.tmp" has type "PE32 executable for MS Windows 6.01 (GUI) Intel i386 10 sections"- Location: [%PROGRAMFILES%\CPUID\HWiNFO\is-FNEYTLL0RX.tmp]- [targetUID: 00000000-00004792]
  "is-6A6AUP6767.tmp" has type "PE32+ executable for MS Windows 6.00 (DLL) x86-64 7 sections"- Location: [%PROGRAMFILES%\CPUID\HWiNFO\is-6A6AUP6767.tmp]- [targetUID: 00000000-00004792]
  "_setup64.tmp" has type "PE32+ executable for MS Windows 5.02 (console) x86-64 5 sections"- Location: [%TEMP%\is-1JFN0P1ZCP.tmp\_isetup\_setup64.tmp]- [targetUID: 00000000-00004792]
  
  source
  
  Binary File
  
  relevance
  
  5/10
  
  ATT&CK ID
  
  T1036 (Show technique in the MITRE ATT&CK™ matrix)
- Sample/File contains another embedded binary
  
  details
  
  Found multiple string (Indicator: This program cannot be run in DOS mode) in file %PROGRAMFILES%\CPUID\HWiNFO\is-DZZ74NCPUI.tmp at offset 3566010
  
  source
  
  Binary File
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1027.009 (Show technique in the MITRE ATT&CK™ matrix)
Hiding 9 Suspicious Indicators
- All indicators are available only in the private webservice or standalone version

Informative 134
Anti-Detection/Stealthiness
- Calls an API typically used to find a resource in a module
  
  details
  
  "HWiNFO_Monitor_Setup.exe" called "FindResourceW" with parameter "11111" - (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.tmp" called "FindResourceW" with parameter "57632124" - (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "FindResourceW" with parameter "57542860" - (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "FindResourceW" with parameter "57511300" - (UID: 00000000-00004792)
  
  source
  
  API Call
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1106 (Show technique in the MITRE ATT&CK™ matrix)
- Calls an API typically used to load a resource in memory
  
  details
  
  "HWiNFO_Monitor_Setup.exe" called "LoadResource with parameter {'hModule': '0', 'hResInfo': '15692784'}" (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.tmp" called "LoadResource with parameter {'hModule': '11272192', 'hResInfo': '15575968'}" (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "LoadResource with parameter {'hModule': '11272192', 'hResInfo': '15576128'}" (UID: 00000000-00004792)
  
  source
  
  API Call
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1106 (Show technique in the MITRE ATT&CK™ matrix)
- Calls an API typically used to remove a directory
  
  details
  
  "HWiNFO_Monitor_Setup.exe" called "RemoveDirectoryW" with parameter %TEMP%\is-V1X3KIG9SZ.tmp (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.tmp" called "RemoveDirectoryW" with parameter %TEMP%\is-1JFN0P1ZCP.tmp\_isetup (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "RemoveDirectoryW" with parameter %TEMP%\is-1JFN0P1ZCP.tmp (UID: 00000000-00004792)
  
  source
  
  API Call
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1070.004 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to delay execution by waiting for signal/timeout (API string)
  
  details
  
  Found reference to API "GetTickCount64" (Indicator: "GetTickCount64"; File: "HWiNFO_Monitor_Setup.exe")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1497.003 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to load/free library (API string)
  
  details
  
  Found reference to API "LoadLibraryEx failed" (Indicator: "LoadLibrary"; File: "HWiNFO_Monitor_Setup.exe")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1055.001 (Show technique in the MITRE ATT&CK™ matrix)
- Found PE header in memory
  
  details
  
  Found PE header "MZ" - Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  
  source
  
  Memory Dumps
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1055 (Show technique in the MITRE ATT&CK™ matrix)
- Observed a high volume of repeated registry API calls (API Hammering)
  
  details
  
  "HWiNFO_Monitor_Setup.tmp" (Access type: "OPEN"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\PROFILELIST")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "QUERYVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\PROFILELIST")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "OPEN"; Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FOLDERDESCRIPTIONS\{B97D20BB-F46A-4C97-BA10-5E3608430854}\PROPERTYBAG")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "QUERYVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USER SHELL FOLDERS")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "OPEN"; Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FOLDERDESCRIPTIONS\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\PROPERTYBAG")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "QUERYVAL"; Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USER SHELL FOLDERS")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "OPEN"; Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FOLDERDESCRIPTIONS\{DFDF76A2-C82A-4D63-906A-5644AC457385}\PROPERTYBAG")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "OPEN"; Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FOLDERDESCRIPTIONS\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PROPERTYBAG")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "OPEN"; Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FOLDERDESCRIPTIONS\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\PROPERTYBAG")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "OPEN"; Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FOLDERDESCRIPTIONS\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PROPERTYBAG")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "OPEN"; Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FOLDERDESCRIPTIONS\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\PROPERTYBAG")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "OPEN"; Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FOLDERDESCRIPTIONS\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PROPERTYBAG")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "OPEN"; Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "QUERYVAL"; Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION")
  
  source
  
  Registry Access
  
  relevance
  
  7/10
  
  ATT&CK ID
  
  T1497 (Show technique in the MITRE ATT&CK™ matrix)
- Queries process information
  
  details
  
  "HWiNFO_Monitor_Setup.exe" queried SystemProcessInformation at 00000000-00001392-00000C15-2957313856 [PID: 1392]
  "HWiNFO_Monitor_Setup.exe" queried SystemProcessInformation at 00000000-00001392-00000C15-2957320105 [PID: 1392]
  "HWiNFO_Monitor_Setup.exe" queried SystemProcessInformation at 00000000-00001392-00000C15-2957571804 [PID: 1392]
  "HWiNFO_Monitor_Setup.exe" queried SystemProcessInformation at 00000000-00001392-00000C15-2957578034 [PID: 1392]
  "HWiNFO_Monitor_Setup.exe" queried SystemProcessInformation at 00000000-00001392-00000C15-2957773913 [PID: 1392]
  "HWiNFO_Monitor_Setup.exe" queried SystemProcessInformation at 00000000-00001392-00000C15-2957780448 [PID: 1392]
  "HWiNFO_Monitor_Setup.tmp" queried SystemProcessInformation at 00000000-00004792-00000C15-2959181542 [PID: 4792]
  "HWiNFO_Monitor_Setup.tmp" queried SystemProcessInformation at 00000000-00004792-00000C15-2959188300 [PID: 4792]
  "HWiNFO_Monitor_Setup.tmp" queried SystemProcessInformation at 00000000-00004792-00000C15-2959529836 [PID: 4792]
  "HWiNFO_Monitor_Setup.tmp" queried SystemProcessInformation at 00000000-00004792-00000C15-2959536449 [PID: 4792]
  "HWiNFO_Monitor_Setup.tmp" queried SystemProcessInformation at 00000000-00004792-00000C15-2959869442 [PID: 4792]
  "HWiNFO_Monitor_Setup.tmp" queried SystemProcessInformation at 00000000-00004792-00000C15-2959876379 [PID: 4792]
  "HWiNFO_Monitor_Setup.tmp" queried SystemProcessInformation at 00000000-00004792-00000C15-2961219908 [PID: 4792]
  "HWiNFO_Monitor_Setup.tmp" queried SystemProcessInformation at 00000000-00004792-00000C15-2961226740 [PID: 4792]
  
  source
  
  API Call
  
  relevance
  
  4/10
  
  ATT&CK ID
  
  T1057 (Show technique in the MITRE ATT&CK™ matrix)
- Renames files
  
  details
  
  "HWiNFO_Monitor_Setup.tmp" renamed original file"%PROGRAMFILES%\CPUID\HWiNFO\is-96Q5IE2WSZ.tmp" to "%PROGRAMFILES%\CPUID\HWiNFO\unins000.exe"
  "HWiNFO_Monitor_Setup.tmp" renamed original file"C:\Program Files\CPUID\HWiNFO\is-6A6AUP6767.tmp" to "%PROGRAMFILES%\CPUID\HWiNFO\CRYPTBASE.dll"
  "HWiNFO_Monitor_Setup.tmp" renamed original file"C:\Program Files\CPUID\HWiNFO\is-DZZ74NCPUI.tmp" to "%PROGRAMFILES%\CPUID\HWiNFO\HWMonitor.exe"
  "HWiNFO_Monitor_Setup.tmp" renamed original file"C:\Program Files\CPUID\HWiNFO\is-BJKFJATABB.tmp" to "%PROGRAMFILES%\CPUID\HWiNFO\hwm_readme.txt"
  "HWiNFO_Monitor_Setup.tmp" renamed original file"C:\Program Files\CPUID\HWiNFO\is-TI156WG2Y2.tmp" to "%PROGRAMFILES%\CPUID\HWiNFO\unins000.dat"
  "HWiNFO_Monitor_Setup.tmp" renamed original file"C:\Program Files\CPUID\HWiNFO\is-FNEYTLL0RX.tmp" to "%PROGRAMFILES%\CPUID\HWiNFO\unins000.exe"
  "HWiNFO_Monitor_Setup.tmp" renamed original file"C:\Program Files\CPUID\HWiNFO\is-F54G98LCMX.tmp" to "%PROGRAMFILES%\CPUID\HWiNFO\unins000.msg"
  
  source
  
  API Call
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1036 (Show technique in the MITRE ATT&CK™ matrix)
Anti-Reverse Engineering
- Contains ability to check debugger is running (API string)
  
  details
  
  Found reference to API "GetTickCount64" (Indicator: "GetTickCount"; File: "HWiNFO_Monitor_Setup.exe")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1622 (Show technique in the MITRE ATT&CK™ matrix)
Cryptographic Related
- Able to use Microsoft's Enhanced Cryptographic Provider
  
  details
  
  Found api reference "TStrongRandom: BCryptGenRandom failed (0x%x)" (Indicator: "BCryptGenRandom"; File: "HWiNFO_Monitor_Setup.exe")
  Found api reference "TStrongRandom: BCryptGenRandom failed (0x%x)" (Indicator: "CryptGenRandom"; File: "HWiNFO_Monitor_Setup.exe")
  Found api reference "TStrongRandom: Failed to get address of BCryptGenRandom" (Indicator: "BCryptGenRandom"; File: "HWiNFO_Monitor_Setup.exe")
  Found api reference "TStrongRandom: Failed to get address of BCryptGenRandom" (Indicator: "CryptGenRandom"; File: "HWiNFO_Monitor_Setup.exe")
  Found api reference "CryptDecodeObject" (Indicator: "CryptDecodeObject"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found api reference "PFXImportCertStore" (Indicator: "PFXImportCertStore"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found api reference "CertGetNameStringW" (Indicator: "CertGetNameStringW"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found api reference "CertNameToStrW" (Indicator: "CertNameToStrW"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found api reference "CertFreeCertificateContext" (Indicator: "CertFreeCertificateContext"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found api reference "CertDuplicateCertificateContext" (Indicator: "CertDuplicateCertificateContext"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found api reference "CertCloseStore" (Indicator: "CertCloseStore"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found api reference "CertOpenSystemStoreW" (Indicator: "CertOpenSystemStoreW"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found api reference "CertOpenStore" (Indicator: "CertOpenStore"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found api reference "CertFindChainInStore" (Indicator: "CertFindChainInStore"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found api reference "CertFindCertificateInStore" (Indicator: "CertFindCertificateInStore"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1573 (Show technique in the MITRE ATT&CK™ matrix)
- Sample file has high entropy (likely encrypted/compressed content)
  
  details
  
  Sample file "sample.bin" has high entropy 7.86731
  
  source
  
  Binary File
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1027 (Show technique in the MITRE ATT&CK™ matrix)
- Shows ability to obfuscate file or information
  
  details
  
  The analysis contains indicators for crypto or data obfuscation(base64/decrypt) which can hide information. Matched sigs: Contains CRYPTO related strings
  Matched sigs: Able to use Microsoft's Enhanced Cryptographic Provider
  Matched sigs: Sample file has high entropy (likely encrypted/compressed content)
  
  source
  
  Indicator Combinations
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1027 (Show technique in the MITRE ATT&CK™ matrix)
- XOR operations in executable file detected
  
  details
  
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 699259; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 741476; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 1164332; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3921379; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3922831; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3923787; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3930005; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3931343; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3931509; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3938099; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3938793; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3941323; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3950851; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3958243; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3959501; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3970853; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3974261; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3982081; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3985535; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3989401; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4000657; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4005253; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4010237; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4016491; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4020631; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4024097; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4024835; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4033807; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4034531; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4042663; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4047577; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4057123; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4060791; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4062015; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4063019; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4064123; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4064641; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4065731; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4076463; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4082095; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4092555; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4103499; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4106209; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4108093; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4112171; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4112299; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4117563; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4120575; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4127193; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4131411; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4135873; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4136213; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4143545; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4148227; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4154487; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4159627; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4166591; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4174763; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4184705; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4188345; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4189789; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4191577; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4199813; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4202691; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4206047; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4208091; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4210129; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4212147; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4214167; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4216191; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4218207; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4220079; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4223283; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4224603; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4226695; code bytes = 30d0
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 221902; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 504937; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 1323166; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 1323269; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 1815724; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 2996636; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3122403; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3122436; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3122469; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3122502; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3122665; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3122907; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3924703; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3937469; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3954563; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3960289; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3961019; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3986731; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4000767; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4012193; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4015495; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4015993; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4023663; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4024187; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4057287; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4062101; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4086419; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4120601; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4129839; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4134513; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4142369; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4149963; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4184401; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4187347; code bytes = 33c1
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 176401; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 176428; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 176863; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 176890; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 177139; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 177163; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 177390; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 177471; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 177494; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 177518; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 177546; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 177570; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 1194089; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 1492777; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 1520252; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 1524686; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 1527682; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 1537986; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 1562124; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 1638199; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 1694952; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 1706985; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 1972684; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 2867236; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 2947205; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 2969461; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 2982645; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3016454; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3026828; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3050607; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3282001; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3282019; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3338794; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3339159; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3401794; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3403392; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3403422; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3403442; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3462663; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3462726; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3462763; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3462781; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3463112; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3463130; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3470413; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3888832; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3914770; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3915310; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3917400; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3921360; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3922174; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3923774; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3926446; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3930642; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3934072; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3936760; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3938064; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3940238; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3941286; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3943476; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3949534; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3949870; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3958216; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3960846; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3965672; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3967774; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3970290; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3987908; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3988482; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3993468; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3994844; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3997046; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3998088; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 3999064; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4008996; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4009608; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4019656; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4021846; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4024796; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4026504; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4033768; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4034492; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4042632; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4051668; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4055224; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4057084; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4063008; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4063520; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4070788; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4078032; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4082084; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4084354; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4085020; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4090258; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4099724; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4105706; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4108630; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4108902; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4111010; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4112168; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4112472; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4113090; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4114844; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4118082; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4121582; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4125744; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4131102; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4142196; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4144196; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4148188; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4152120; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4154448; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4158144; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4159588; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4163992; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4164757; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4170246; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4176882; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4184036; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4184666; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4191548; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4199318; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4202682; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4206008; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4208052; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4210094; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4212108; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4214128; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4216152; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4218168; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4220040; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4222464; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4223244; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4224584; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4226656; code bytes = 8030
  Found XOR loop in file "is-96Q5IE2WSZ.tmp" at offset 4228591; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 699259; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 741476; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 1164332; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3921379; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3922831; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3923787; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3930005; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3931343; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3931509; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3938099; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3938793; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3941323; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3950851; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3958243; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3959501; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3970853; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3974261; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3982081; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3985535; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3989401; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4000657; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4005253; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4010237; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4016491; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4020631; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4024097; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4024835; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4033807; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4034531; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4042663; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4047577; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4057123; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4060791; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4062015; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4063019; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4064123; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4064641; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4065731; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4076463; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4082095; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4092555; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4103499; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4106209; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4108093; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4112171; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4112299; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4117563; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4120575; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4127193; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4131411; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4135873; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4136213; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4143545; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4148227; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4154487; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4159627; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4166591; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4174763; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4184705; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4188345; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4189789; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4191577; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4199813; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4202691; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4206047; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4208091; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4210129; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4212147; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4214167; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4216191; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4218207; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4220079; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4223283; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4224603; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4226695; code bytes = 30d0
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 221902; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 504937; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 1323166; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 1323269; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 1815724; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 2996636; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3122403; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3122436; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3122469; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3122502; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3122665; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3122907; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3924703; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3937469; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3954563; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3960289; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3961019; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3986731; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4000767; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4012193; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4015495; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4015993; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4023663; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4024187; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4057287; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4062101; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4086419; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4120601; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4129839; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4134513; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4142369; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4149963; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4184401; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4187347; code bytes = 33c1
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 176401; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 176428; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 176863; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 176890; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 177139; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 177163; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 177390; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 177471; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 177494; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 177518; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 177546; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 177570; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 1194089; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 1492777; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 1520252; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 1524686; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 1527682; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 1537986; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 1562124; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 1638199; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 1694952; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 1706985; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 1972684; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 2867236; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 2947205; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 2969461; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 2982645; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3016454; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3026828; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3050607; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3282001; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3282019; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3338794; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3339159; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3401794; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3403392; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3403422; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3403442; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3462663; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3462726; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3462763; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3462781; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3463112; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3463130; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3470413; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3888832; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3914770; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3915310; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3917400; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3921360; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3922174; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3923774; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3926446; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3930642; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3934072; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3936760; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3938064; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3940238; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3941286; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3943476; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3949534; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3949870; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3958216; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3960846; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3965672; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3967774; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3970290; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3987908; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3988482; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3993468; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3994844; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3997046; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3998088; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 3999064; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4008996; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4009608; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4019656; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4021846; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4024796; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4026504; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4033768; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4034492; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4042632; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4051668; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4055224; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4057084; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4063008; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4063520; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4070788; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4078032; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4082084; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4084354; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4085020; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4090258; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4099724; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4105706; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4108630; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4108902; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4111010; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4112168; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4112472; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4113090; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4114844; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4118082; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4121582; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4125744; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4131102; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4142196; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4144196; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4148188; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4152120; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4154448; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4158144; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4159588; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4163992; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4164757; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4170246; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4176882; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4184036; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4184666; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4191548; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4199318; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4202682; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4206008; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4208052; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4210094; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4212108; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4214128; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4216152; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4218168; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4220040; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4222464; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4223244; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4224584; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4226656; code bytes = 8030
  Found XOR loop in file "HWiNFO_Monitor_Setup.tmp" at offset 4228591; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 479802; code bytes = 30d0
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 480469; code bytes = 30d0
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 810207; code bytes = 30d0
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 810303; code bytes = 30d0
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 810391; code bytes = 30d0
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 810553; code bytes = 30d0
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 2449796; code bytes = 30d0
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3414123; code bytes = 30d0
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 1774801; code bytes = 33c1
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3377314; code bytes = 33c1
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3452484; code bytes = 33c1
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3590052; code bytes = 33c1
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 664180; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 1852183; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 2433128; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 2433232; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3413624; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3414098; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3418760; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3420445; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3458832; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3460517; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3469992; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3481735; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3488876; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3490556; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3491320; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3491512; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3491736; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3492376; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3492824; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3495239; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3498936; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3499320; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3508984; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3522672; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3542372; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3558342; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3562484; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3565656; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3593270; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3597412; code bytes = 8030
  Found XOR loop in file "is-DZZ74NCPUI.tmp" at offset 3609052; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 188696; code bytes = 30d0
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 949264; code bytes = 30d0
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 2717408; code bytes = 30d0
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 192662; code bytes = 33c1
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 1027898; code bytes = 33c1
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 1028001; code bytes = 33c1
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 1364301; code bytes = 33c1
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 2680657; code bytes = 33c1
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 160972; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 160999; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 161409; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 161436; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 161675; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 161699; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 161924; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 162005; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 162028; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 162052; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 162080; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 162104; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 326436; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 500151; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 1174481; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 1184416; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 1205711; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 1208630; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 1218745; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 1378561; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 1667551; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 2032472; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 2048205; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 2053319; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 2162890; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 2162923; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 2167890; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 2168509; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 2168525; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 2168558; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 2168572; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 2170327; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 2170343; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 2170376; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 2170390; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 2174721; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 2175051; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 2176100; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 2217203; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 2550014; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 2735204; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 2736596; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 2865355; code bytes = 8030
  Found XOR loop in file "is-FNEYTLL0RX.tmp" at offset 3122140; code bytes = 8030
  Found XOR loop in file "is-6A6AUP6767.tmp" at offset 533952; code bytes = 30d0
  Found XOR loop in file "is-6A6AUP6767.tmp" at offset 439360; code bytes = 8030
  Found XOR loop in file "is-6A6AUP6767.tmp" at offset 963648; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 755909; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 762999; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 764865; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 766895; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 768399; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 771607; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 776639; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 781525; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 786599; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 787259; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 792173; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 793887; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 802709; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 803705; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 811263; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 813307; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 815335; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 817359; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 819391; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 961037; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 1045993; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 1325404; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 1403388; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 1418151; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 1487697; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 1511480; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 1574770; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 1591128; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 1633318; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 1686028; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 1771895; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 2007940; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 2143218; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 2151934; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 2360084; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 2367520; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 2375505; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 2438463; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 2465472; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 2486740; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 2552417; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 2643710; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 2805967; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 2860459; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 2874403; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 2923823; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 2964166; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 3062858; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 3105285; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 3115064; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 3216630; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 3238879; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 3280973; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 3285102; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 3315692; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 3352144; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 3437273; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 3544107; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 3613543; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 3622519; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 3634285; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 3847872; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 3905151; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 3906223; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 4005872; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 4024789; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 4034878; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 4094751; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 4119218; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 4162752; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 4164346; code bytes = 30d0
  Found XOR loop in file "sample.bin" at offset 148958; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 752899; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 761217; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 771727; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 778499; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 806769; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 808217; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 808455; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 932346; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 954599; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 989074; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 1009913; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 1097428; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 1235911; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 1285610; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 1348182; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 1429592; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 1468469; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 1488468; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 1507806; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 1508961; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 1529936; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 1532606; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 1540949; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 1554256; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 1656166; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 1861757; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 1921171; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 2097203; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 2122837; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 2144492; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 2181384; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 2367207; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 2422789; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 2538554; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 2926432; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 3321737; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 3399519; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 3411674; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 3485299; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 3525605; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 3535711; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 3651258; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 3744576; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 3801689; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 3809967; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 3920664; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 3924715; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 3959792; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 3975787; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 4078106; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 4083312; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 4087038; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 4212696; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 4213127; code bytes = 33c1
  Found XOR loop in file "sample.bin" at offset 2269815; code bytes = 30040e
  Found XOR loop in file "sample.bin" at offset 123033; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 123060; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 123495; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 123522; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 123771; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 123795; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 124022; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 124103; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 124126; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 124150; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 124178; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 124202; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 749586; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 750128; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 751558; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 754110; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 755078; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 759888; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 764524; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 766186; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 768360; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 771062; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 782546; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 785202; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 786580; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 790972; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 794464; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 795584; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 799486; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 799892; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 801602; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 806088; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 808780; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 811224; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 813268; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 815302; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 817320; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 819352; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 955778; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 1089588; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 1119448; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 1132158; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 1192661; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 1262545; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 1266912; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 1300370; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 1324613; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 1840597; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 1902685; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 1955585; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 2039429; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 2055364; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 2077582; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 2162749; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 2168316; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 2186934; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 2224371; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 2247421; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 2276010; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 2279940; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 2311778; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 2607108; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 2655184; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 2696907; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 2918579; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 3053243; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 3057320; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 3121208; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 3225369; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 3256519; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 3261868; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 3276049; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 3305939; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 3359380; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 3359475; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 3381364; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 3440723; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 3444596; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 3451053; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 3462306; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 3480562; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 3636730; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 3637823; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 3689867; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 3887261; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 3888312; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 3941039; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 3996554; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 4055476; code bytes = 8030
  Found XOR loop in file "sample.bin" at offset 4203864; code bytes = 8030
  
  source
  
  Binary File
  
  ATT&CK ID
  
  T1027.005 (Show technique in the MITRE ATT&CK™ matrix)
Environment Awareness
- Able to detect virtual machine (string)
  
  details
  
  Found string "1%PROGRAMFILES%\vmware\vmware tools\vmtoolsd.exe" (Source: "00000000-00004792.00000000.253882.013BC000.00000004.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1497 (Show technique in the MITRE ATT&CK™ matrix)
- Able to identify sandbox environment running process
  
  details
  
  Found string "1%PROGRAMFILES%\vmware\vmware tools\vmtoolsd.exe" (Indicator: "vmtoolsd.exe"; Source: "00000000-00004792.00000000.253882.013BC000.00000004.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1497 (Show technique in the MITRE ATT&CK™ matrix)
- Able to identify virtual environment by using user activity (API string)
  
  details
  
  file/memory contains long string with (Indicator: "GetCommandLine"; File: "_setup64.tmp")
  Found string "GetCommandLineW" (Indicator: "GetCommandLine"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1497.002 (Show technique in the MITRE ATT&CK™ matrix)
- Able to list processes on remote desktop session host
  
  details
  
  Found reference to API "ProcessIdToSessionId" (Indicator: "ProcessIdToSessionId"; Source: "00000000-00004792-00000C2C-2963067208")
  Found reference to API "ProcessIdToSessionId" (Indicator: "ProcessIdToSessionId"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1057 (Show technique in the MITRE ATT&CK™ matrix)
- Able to query security token membership for user discovery (API string)
  
  details
  
  Found reference to API "CheckTokenMembership" (Indicator: "CheckTokenMembership"; File: "HWiNFO_Monitor_Setup.exe")
  file/memory contains long string with (Indicator: "AllocateAndInitializeSid"; File: "_setup64.tmp")
  Found reference to API "FreeSid" (Indicator: "FreeSid"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  Found reference to API "AllocateAndInitializeSid" (Indicator: "AllocateAndInitializeSid"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1033 (Show technique in the MITRE ATT&CK™ matrix)
- Able to query volume/memory size (API string)
  
  details
  
  Found reference to API "GetDiskFreeSpaceExW" (Indicator: "GetDiskFreeSpace"; File: "HWiNFO_Monitor_Setup.exe")
  Found reference to API "GetDiskFreeSpaceExW" (Indicator: "GetDiskFreeSpaceEx"; File: "HWiNFO_Monitor_Setup.exe")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1082 (Show technique in the MITRE ATT&CK™ matrix)
- Able to retrieve information about the current system (API string)
  
  details
  
  Found system information discovery API: "GetNativeSystemInfo" in "00000000-00004792.00000000.253882.00E89000.00000004.mdmp"
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1082 (Show technique in the MITRE ATT&CK™ matrix)
- Able to retrieve system language (API string)
  
  details
  
  Found reference to API "GetUserDefaultUILanguage" (Indicator: "GetUserDefaultUILanguage"; File: "HWiNFO_Monitor_Setup.exe")
  Found reference to API "GetKeyboardLayoutList" (Indicator: "GetKeyboardLayoutList"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1614.001 (Show technique in the MITRE ATT&CK™ matrix)
- Able to visualize and control listed components (API string)
  
  details
  
  Found reference to API "SendMessageA" (Indicator: "sendmessage"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API "EnumWindows" (Indicator: "enumwindows"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API "EnumChildWindows" (Indicator: "enumchildwindows"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API "PostMessageW" (Indicator: "postmessage"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API "SendMessageW" (Indicator: "sendmessage"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API "SendMessageTimeoutW" (Indicator: "sendmessage"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1055.015 (Show technique in the MITRE ATT&CK™ matrix)
- Attempts to call APIs commonly associated with anti-analysis and evasion techniques
  
  details
  
  "HWiNFO_Monitor_Setup.tmp" called "GetTickCount" with parameters (UID: 00000000-00004792)
  
  source
  
  API Call
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1497 (Show technique in the MITRE ATT&CK™ matrix)
- Attempts to call APIs to gather system and hardware detail
  
  details
  
  "HWiNFO_Monitor_Setup.exe" called "GetSystemInfo" with parameters (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "QueryPerformanceCounter" (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.tmp" called "GetSystemMetrics" with parameters (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "EnumDisplayMonitors" with parameters (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetSystemInfo" with parameters (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "QueryPerformanceCounter" (UID: 00000000-00004792)
  
  source
  
  API Call
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1082 (Show technique in the MITRE ATT&CK™ matrix)
- Attempts to invoke APIs commonly associated with credential theft and data exfiltration functionality
  
  details
  
  "HWiNFO_Monitor_Setup.exe" called "NtQueryInformationToken" with parameters (UID: 00000000-00001392)
  
  source
  
  API Call
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1003 (Show technique in the MITRE ATT&CK™ matrix)
- Calls an API possibly used to retrieve a handle to the foreground window
  
  details
  
  "HWiNFO_Monitor_Setup.tmp" called "GetForegroundWindow" (UID: 00000000-00004792)
  
  source
  
  API Call
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1010 (Show technique in the MITRE ATT&CK™ matrix)
- Calls an API typically used to enumerate active windows
  
  details
  
  "HWiNFO_Monitor_Setup.tmp" called "EnumWindows" with parameter "19920692" - (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "EnumWindows" with parameter "263004" - (UID: 00000000-00004792)
  
  source
  
  API Call
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1010 (Show technique in the MITRE ATT&CK™ matrix)
- Calls an API typically used to get active windows title
  
  details
  
  "HWiNFO_Monitor_Setup.tmp" called "GetWindowTextW" with parameter "1f043e04340433043e0442043e0432043a04300420003a04200043044104420430043d043e0432043a043504" - (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetWindowTextW" with parameter "1f0440043e043304400430043c043c043004200043044104420430043d043e0432043a04380420003f043e04340433043e044204300432043b043804320430043504420441044f0420003a04200043044104420430043d043e0432043a04350420004800570069004e0046004f0020004d006f006e00690074006f00720020003d043004200032043004480420003a043e043c043f044c044e044204350440042e00" - (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetWindowTextW" with parameter "1e0442043c0435043d043004" - (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetWindowTextW" with parameter "23044104420430043d043e0432043a043004" - (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetWindowTextW" with parameter "1f043e04360430043b04430439044104420430042c0020003f043e0434043e04360434043804420435042c0020003f043e043a04300420004800570069004e0046004f0020004d006f006e00690074006f007200200043044104420430043d043e0432043804420441044f0420003d043004200032043004480420003a043e043c043f044c044e044204350440042e00" - (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetWindowTextW" with parameter "21043e043704340430043d043804350420003f0430043f043e043a042e002e002e00" - (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetWindowTextW" with parameter "21043e044504400430043d0435043d0438043504200038043d0444043e0440043c043004460438043804200034043b044f0420003404350438043d044104420430043b043b044f044604380438042e002e002e00" - (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetWindowTextW" with parameter "2004300441043f0430043a043e0432043a04300420004404300439043b043e0432042e002e002e00" - (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetWindowTextW" with parameter "%PROGRAMFILES%\CPUID\HWiNFO\unins000.exe" - (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetWindowTextW" with parameter "%PROGRAMFILES%\CPUID\HWiNFO\CRYPTBASE.dll" - (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetWindowTextW" with parameter "%PROGRAMFILES%\CPUID\HWiNFO\HWMonitor.exe" - (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetWindowTextW" with parameter "%PROGRAMFILES%\CPUID\HWiNFO\hwm_readme.txt" - (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetWindowTextW" with parameter "%PROGRAMFILES%\CPUID\HWiNFO\unins000.dat" - (UID: 00000000-00004792)
  
  source
  
  API Call
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1010 (Show technique in the MITRE ATT&CK™ matrix)
- Calls an API typically used to get handle of currently active window
  
  details
  
  "HWiNFO_Monitor_Setup.tmp" called "GetActiveWindow" (UID: 00000000-00004792)
  
  source
  
  API Call
  
  relevance
  
  5/10
  
  ATT&CK ID
  
  T1010 (Show technique in the MITRE ATT&CK™ matrix)
- Calls an API typically used to get product type
  
  details
  
  "HWiNFO_Monitor_Setup.exe" called "RtlGetNtProductType" with parameter 01000000 (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.tmp" called "RtlGetNtProductType" with parameter 01000000 (UID: 00000000-00004792)
  
  source
  
  API Call
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1082 (Show technique in the MITRE ATT&CK™ matrix)
- Calls an API typically used to get system version information
  
  details
  
  "HWiNFO_Monitor_Setup.exe" called "RtlGetVersion" with parameter 140100000a000000000000005d5800000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "RtlGetVersion" with parameter 1c0100000a000000000000005d5800000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "RtlGetVersion" with parameter 000000000a000000000000005d5800000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.tmp" called "RtlGetVersion" with parameter 140100000a000000000000005d5800000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "RtlGetVersion" with parameter 1c0100000a000000000000005d5800000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "RtlGetVersion" with parameter 140100000a000000000000005d580000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018000000a00cd5d7c3487173f0f32f01a018737360fb2f01a01873738c0f8ea5feffffff14fb2f015c7f7173c0fa2f013c01000000800000757f717330fb2f01ffffffffffffffff0c0000000000000030fb2f01000000000000000000000000000000000000000000000000000000000100000000000000ffffffffffffffff0c0000000000000030fb2f010000000004000000819eac00200d6d03a999ac0001000000f862ac00000000006698ac0038fb2f01 (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "RtlGetVersion" with parameter 140100000a000000000000005d5800000200000000006d0310f56d03905b6a03e05a6a0300f66d0310f56d0308f82f0108f82f01a854be0018f56d03b254be003c010000510a0a8b2cf82f0110f56d0310f56d032cf82f0110f56d0324f82f012b5ebe00c8f82f01405ebe004a5ebe0000f66d0300f66d0334fb2f01da60be00510a0a8bf4ffffff00000000000001085365676f65205549000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0f66d03 (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "RtlGetVersion" with parameter 140100000a000000000000005d5800000200000000000000f4866d0308000000000000000000000000000000ecfa2f01aa4131770004000000010000f4866d0308000000f4866d03080000003c0100001cfb2f01080000001000000020fb2f014278ae00f4866d03080000005ef141ff7a6fac00b9adac0044fb2f019c07ad00f8ffe60044fb2f018b07ad00f8ffe60040fb2f0113cab9001dcab900f0aeb500a8506f03a0286c0301000000f0aeb50000000000a0bd6c033bd5b6000200000000000000584f6f038bdeb600f0aeb5001198ac00a0bd6c03379bac00f0aeb500a0bd6c03939bac00f0aeb50006e4b60010e4b60001000000a0fb2f01a4fb2f0126e4b600b831e600ee000000d731e600f887d900 (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "RtlGetVersion" with parameter 1c0100000a000000000000005d580000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc77b277b4f3b677e600000020fb2f010400000000fb2f010c00000024fb2f01648607004c011200000000009ef3b6773c010000709f377712f4b677c4010000000000000c00000010c7d68e40fb2f01839f3777c40100003ffb2f0100000000a4fb2f015eabe400c401000058fb2f014c0164860000000000000000000000000000000000000000f8b3e6000001d5d798fb2f01f0555a757a6fac00ddadac0094fb2f01 (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "RtlGetVersion" with parameter 140100000a000000000000005d580000020000000000000000000000e20f45030000000048139a0100000000010000000100000030002b00000000000000000000000000ccf92f01804e9277beacf8b3feffffff50f92f01d2249177e20f4503000000000c000000000000000000000000e018010100000000000000c099d9010c000000fc31ae7768540000000000000000000030002b00000000002099d90100000000b591927700000000e20f450300000000080000007cf92f01580fd5d7c099d90108f52f0100000000ccf92f01a01873732c0e8ea5feffffff98f92f012d1792774c03100096040000112700000000000000000000b702000000000000b4fb2f019442e4004c0310009604000011270000 (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "RtlGetVersion" with parameter 140100000a000000000000005d5800000200000000000000040000007002380107303d017002380100000000f0333e0150173d73b0e8b27700000000b0e12f0160173d730c343e0196f13c73b7ffa457f0313a01f0333e01000000001300000030173d7350173d73f0333e01000000000000000034e22f0134e22f0160173d730c343e0177ce3c73e8333e01f0313a0187ce3c730000000000000000e8333e010000000030173d7398000000f0313a0114e22f01201b7d77ffffffff24e22f01101e7877f8ddd68e5f3d4ec410e22f016810b1770c343e012000000050303d01e8333e010ec0637697793dc500000000f0313a016d303d011000000000b73c7318e22f0170cd3c7354e32f01b0ba6a76bf8568b2 (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "RtlGetVersion" with parameter 1c0100000a000000000000005d580000020000000000370035003800340037003100370037002d0046003000370037002d0034003100370031002d0042004400320043002d004100360042004200320031003600340046004200440030007d00000036012400000000000000000038010c0a36017b23718f7cd8d68e0000f40030dfd78980e42f01b0e8b277d41145f8feffffff90e42f01f87538010000177730fada73d447af77c547af77acd8d68e0000000080c3db730e1437ed84e42f0114e72f01b0acef73ffffffffc4e42f0172fada7314e72f017ccecc7372fada730100000000000000020000007ccecc73f8e42f010000000080c3db7380fada730000000020e72f017c0b2c7710aa3877da1437ed (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "RtlGetVersion" with parameter 1c0100000a000000000000005d580000020000000000370035003800340037003100370037002d0046003000370037002d0034003100370031002d0042004400320043002d004100360042004200320031003600340046004200440030007d0000002f01a01873738c0f8ea5fefffffffce02f01de66717390e02f01d016d5d7ffffffff000000004767717301000000000000000000000000000000000000000000000000000000000000000100000000000000ffffffffbe1037edd4e02f0120e42f01b0acef73ffffffff14e12f0172fada73b1caaf777ccecc7372fada730100000000000000020000007ccecc7340e12f017ce72f0154e80f0480fada7354e12f0150000000d0073601000000008a1037ed (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "RtlGetVersion" with parameter 1c0100000a000000000000005d58000002000000000000007b00370035003800340037003100370037002d0046003000370037002d0034003100370031002d0042004400320043002d004100360042004200320031003600340046004200440030007d0000000000200000000300020030000000d00736010000360153bfaf770000000020000000a8573a010000000000000000000000000200000030000000d0013601000000000600000000003601220000000000000000003801fe1337ed94e32f0128e42f01b0acef73ffffffffd0e32f0172fada73220000007ccecc7372fada730100000000000000020000007ccecc73fce32f01c47f40010000000080fada7320000000fcffffff00000000d0e32f01 (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "RtlGetVersion" with parameter 1c0100000a000000000000005d580000020000000000370035003800340037003100370037002d0046003000370037002d0034003100370031002d0042004400320043002d004100360042004200320031003600340046004200440030007d00000036012400000008001400000038010c0a360100000000080a360140e42f01febaaf77080014000000000008000000050000008ce42f01f0bd29770000380108001400240000001f40d52c0080000012000000050000000e1437ed84e42f0114e72f01b0acef73ffffffffc4e42f0172fada73b8e42f017ccecc7372fada730100000000000000020000007ccecc73f8e42f010000000080c3db7380fada73000810048ceb2f018eeb2f0193a4fa2dda1437ed (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "RtlGetVersion" with parameter 1c0100000a000000000000005d580000020000000000370035003800340037003100370037002d0046003000370037002d0034003100370031002d0042004400320043002d004100360042004200320031003600340046004200440030007d0000000001fc1d0000a0144201000000000000000074e12f01b0e8b277a41345f8feffffffdce02f016dfcb3770000000094fcb3779014410100003801901441010000000000000000000000000000000018000000fc16d5d7be1037edd4e02f0120e42f01b0acef73ffffffff14e12f0172fada7334e12f017ccecc7372fada730100000000000000020000007ccecc7340e12f017ce72f0154e80f0480fada7310e12f010085737300003801000000008a1037ed (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "RtlGetVersion" with parameter 1c0100000a000000000000005d58000002000000000000007b00370035003800340037003100370037002d0046003000370037002d0034003100370031002d0042004400320043002d004100360042004200320031003600340046004200440030007d0000000000200000000b00170030000000d00736010000360153bfaf770000000020000000a0813f010000000000000000000000000200000030000000d0013601000000000600000000003601220000000000000000003801fe1337ed94e32f0128e42f01b0acef73ffffffffd0e32f0172fada73220000007ccecc7372fada730100000000000000020000007ccecc73fce32f01c47f40010000000080fada7320000000fcffffff00000000d0e32f01 (UID: 00000000-00004792)
  
  source
  
  API Call
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1082 (Show technique in the MITRE ATT&CK™ matrix)
- Calls an API typically used to retrieve local language
  
  details
  
  "HWiNFO_Monitor_Setup.exe" called "GetLocaleInfoW" with parameter "1033" - (UID: 00000000-00001392)
  
  source
  
  API Call
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1614 (Show technique in the MITRE ATT&CK™ matrix)
- Contains a Wine emulator-related string
  
  details
  
  "wine_get_version" (Indicator: "wine_get_version"; File: "HWiNFO_Monitor_Setup.exe")
  
  source
  
  File/Memory
  
  relevance
  
  5/10
  
  ATT&CK ID
  
  T1497.001 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to determine if process is running under WOW64 (API string)
  
  details
  
  Found reference to API "IsWow64Process" (Indicator: "IsWow64Process"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1057 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to perform scheduled transfer (API string)
  
  details
  
  Found reference to API "GetSystemTimes" (Indicator: "GetSystemTime"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1029 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to read software policies
  
  details
  
  "HWiNFO_Monitor_Setup.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS"; Key: "TRANSPARENTENABLED")
  "HWiNFO_Monitor_Setup.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS"; Key: "AUTHENTICODEENABLED")
  "HWiNFO_Monitor_Setup.tmp" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS"; Key: "TRANSPARENTENABLED")
  
  source
  
  Registry Access
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1082 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to retrieve machine time (API string)
  
  details
  
  Found reference to API "GetSystemTimes" (Indicator: "GetSystemTime"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1124 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to retrieve machine timezone (API string)
  
  details
  
  Found reference to API "GetTimeZoneInformationForYear" (Indicator: "GetTimeZoneInformation"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1124 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to retrieve network parameters of a computer (API string)
  
  details
  
  Found reference to API "WNetGetConnectionW" (Indicator: "NetGetConnection"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1016 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to retrieve open application windows (API string)
  
  details
  
  Found reference to API "EnumWindows" (Indicator: "EnumWindows"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API "GetActiveWindow" (Indicator: "GetActiveWindow"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API "GetWindowTextW" (Indicator: "GetWindowText"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API "5841280554,8160,109,,GetWindowTextW,user32.dll,"01:06:04.703",RX=0,PX=0" (Indicator: "GetWindowText"; Source: "00000000-00004792.00000000.253882.013ED000.00000004.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1010 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to retrieve the OS information (API string)
  
  details
  
  Found reference to API "5720624326,8160,3024,,RtlGetVersion,NTDLL.dll,"01:06:04.656",RX=0,PX=0" (Indicator: "GetVersion"; Source: "00000000-00004792.00000000.253882.013ED000.00000004.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1082 (Show technique in the MITRE ATT&CK™ matrix)
- Contains reference to Borland Delphi related registry entry
  
  details
  
  "Software\Borland\Delphi\Locales" (Indicator: "\borland\delphi\locales") in Source: HWiNFO_Monitor_Setup.exe
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1012 (Show technique in the MITRE ATT&CK™ matrix)
- Queries for Borland Delphi related registry entry
  
  details
  
  "HWiNFO_Monitor_Setup.exe" (Access type: "OPEN"; Path: "HKCU\SOFTWARE\BORLAND\DELPHI\LOCALES"; Key: ""; Value: "")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "OPEN"; Path: "HKCU\SOFTWARE\BORLAND\DELPHI\LOCALES"; Key: ""; Value: "")
  
  source
  
  Registry Access
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1012 (Show technique in the MITRE ATT&CK™ matrix)
- Queries volume information
  
  details
  
  "HWiNFO_Monitor_Setup.tmp" queries volume information of an entire harddrive"C:\" at 00000000-00004792-00000C17-2963004575
  
  source
  
  API Call
  
  relevance
  
  8/10
  
  ATT&CK ID
  
  T1082 (Show technique in the MITRE ATT&CK™ matrix)
- Reads the active computer name
  
  details
  
  "HWiNFO_Monitor_Setup.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
  "HWiNFO_Monitor_Setup.tmp" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
  
  source
  
  Registry Access
  
  relevance
  
  5/10
  
  ATT&CK ID
  
  T1082 (Show technique in the MITRE ATT&CK™ matrix)
- Reads the registry for installed applications
  
  details
  
  "HWiNFO_Monitor_Setup.tmp" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1")
  "HWiNFO_Monitor_Setup.tmp" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\HWINFO_MONITOR_SETUP.TMP")
  "HWiNFO_Monitor_Setup.tmp" (Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1")
  "HWiNFO_Monitor_Setup.tmp" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1")
  
  source
  
  Registry Access
  
  relevance
  
  10/10
  
  ATT&CK ID
  
  T1518 (Show technique in the MITRE ATT&CK™ matrix)
General
- Able to retrieve command line parameters of the running process
  
  details
  
  file/memory contains long string(File: "_setup64.tmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1059.003 (Show technique in the MITRE ATT&CK™ matrix)
- Calls an API typically used to create a directory
  
  details
  
  "HWiNFO_Monitor_Setup.exe" called "CreateDirectoryW" with parameter %TEMP%\is-V1X3KIG9SZ.tmp (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.tmp" called "CreateDirectoryW" with parameter %TEMP%\is-1JFN0P1ZCP.tmp (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "CreateDirectoryW" with parameter %TEMP%\is-1JFN0P1ZCP.tmp\_isetup (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "CreateDirectoryW" with parameter %PROGRAMFILES%\CPUID (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "CreateDirectoryW" with parameter %PROGRAMFILES%\CPUID\HWiNFO (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "CreateDirectoryW" with parameter %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\CPUID (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "CreateDirectoryW" with parameter %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\CPUID\HWiNFO (UID: 00000000-00004792)
  
  source
  
  API Call
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1074.001 (Show technique in the MITRE ATT&CK™ matrix)
- Calls an API typically used to create a process
  
  details
  
  "HWiNFO_Monitor_Setup.exe" called "CreateProcessW" with parameter ""%TEMP%\is-V1X3KIG9SZ.tmp\HWiNFO_Monitor_Setup.tmp" /SL5="$10034C
  3034253
  905728
  C:\HWiNFO_Monitor_Se" - (UID: 00000000-00001392)
  
  source
  
  API Call
  
  relevance
  
  5/10
  
  ATT&CK ID
  
  T1106 (Show technique in the MITRE ATT&CK™ matrix)
- Calls an API typically used to load libraries
  
  details
  
  "HWiNFO_Monitor_Setup.exe" called "LoadLibrary" with a parameter api-ms-win-core-synch-l1-2-0 (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "LoadLibrary" with a parameter api-ms-win-core-fibers-l1-1-1 (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "LoadLibrary" with a parameter api-ms-win-core-localization-l1-2-1 (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "LoadLibrary" with a parameter kernel32 (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "LoadLibrary" with a parameter kernel32.dll (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "LoadLibrary" with a parameter %WINDIR%\system32\bcrypt.dll (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.tmp" called "LoadLibrary" with a parameter api-ms-win-core-synch-l1-2-0 (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "LoadLibrary" with a parameter api-ms-win-core-fibers-l1-1-1 (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "LoadLibrary" with a parameter api-ms-win-core-localization-l1-2-1 (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "LoadLibrary" with a parameter kernel32 (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "LoadLibrary" with a parameter kernel32.dll (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "LoadLibrary" with a parameter Msctf.dll (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "LoadLibrary" with a parameter imm32.dll (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "LoadLibrary" with a parameter uxtheme.dll (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "LoadLibrary" with a parameter %WINDIR%\system32\shell32.dll (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "LoadLibrary" with a parameter %WINDIR%\system32\uxtheme.dll (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "LoadLibrary" with a parameter %WINDIR%\system32\bcrypt.dll (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "LoadLibrary" with a parameter %WINDIR%\system32\shfolder.dll (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "LoadLibrary" with a parameter %WINDIR%\system32\Rstrtmgr.dll (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "LoadLibrary" with a parameter DWMAPI.DLL (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "LoadLibrary" with a parameter user32.dll (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "LoadLibrary" with a parameter shell32.dll (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "LoadLibrary" with a parameter msimg32.dll (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "LoadLibrary" with a parameter %WINDIR%\system32\sfc.dll (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "LoadLibrary" with a parameter api-ms-win-core-fibers-l1-1-0 (UID: 00000000-00004792)
  
  source
  
  API Call
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1129 (Show technique in the MITRE ATT&CK™ matrix)
- Calls an API typically used to move file or directory
  
  details
  
  "HWiNFO_Monitor_Setup.tmp" called "MoveFileW" with parameter %PROGRAMFILES%\CPUID\HWiNFO\is-96Q5IE2WSZ.tmp & %PROGRAMFILES%\CPUID\HWiNFO\unins000.exe (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "MoveFileW" with parameter %PROGRAMFILES%\CPUID\HWiNFO\is-6A6AUP6767.tmp & %PROGRAMFILES%\CPUID\HWiNFO\CRYPTBASE.dll (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "MoveFileW" with parameter %PROGRAMFILES%\CPUID\HWiNFO\is-DZZ74NCPUI.tmp & %PROGRAMFILES%\CPUID\HWiNFO\HWMonitor.exe (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "MoveFileW" with parameter %PROGRAMFILES%\CPUID\HWiNFO\is-BJKFJATABB.tmp & %PROGRAMFILES%\CPUID\HWiNFO\hwm_readme.txt (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "MoveFileW" with parameter %PROGRAMFILES%\CPUID\HWiNFO\is-TI156WG2Y2.tmp & %PROGRAMFILES%\CPUID\HWiNFO\unins000.dat (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "MoveFileW" with parameter %PROGRAMFILES%\CPUID\HWiNFO\is-FNEYTLL0RX.tmp & %PROGRAMFILES%\CPUID\HWiNFO\unins000.exe (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "MoveFileW" with parameter %PROGRAMFILES%\CPUID\HWiNFO\is-F54G98LCMX.tmp & %PROGRAMFILES%\CPUID\HWiNFO\unins000.msg (UID: 00000000-00004792)
  
  source
  
  API Call
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1570 (Show technique in the MITRE ATT&CK™ matrix)
- Calls an API typically used to retrieve function addresses
  
  details
  
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter InitializeCriticalSectionEx (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter FlsAlloc (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter FlsSetValue (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter FlsGetValue (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter LCMapStringEx (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter FlsFree (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter InitOnceExecuteOnce (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter CreateEventExW (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter CreateSemaphoreW (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter CreateSemaphoreExW (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter CreateThreadpoolTimer (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter SetThreadpoolTimer (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter WaitForThreadpoolTimerCallbacks (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter CloseThreadpoolTimer (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter CreateThreadpoolWait (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter SetThreadpoolWait (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter CloseThreadpoolWait (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter FlushProcessWriteBuffers (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter FreeLibraryWhenCallbackReturns (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter GetCurrentProcessorNumber (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter CreateSymbolicLinkW (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter GetCurrentPackageId (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter GetTickCount64 (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter GetFileInformationByHandleEx (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter SetFileInformationByHandle (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter GetSystemTimePreciseAsFileTime (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter InitializeConditionVariable (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter WakeConditionVariable (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter WakeAllConditionVariable (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter SleepConditionVariableCS (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter InitializeSRWLock (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter AcquireSRWLockExclusive (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter TryAcquireSRWLockExclusive (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter ReleaseSRWLockExclusive (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter SleepConditionVariableSRW (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter CreateThreadpoolWork (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter SubmitThreadpoolWork (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter CloseThreadpoolWork (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter CompareStringEx (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter GetLocaleInfoEx (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter AreFileApisANSI (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter RtlGetVersion (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter CoCreateInstance (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter CoCreateInstanceEx (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter CoGetClassObject (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter CoGetInstanceFromFile (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter CoGetInstanceFromIStorage (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter wine_get_version (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter GetLogicalProcessorInformation (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter GetThreadPreferredUILanguages (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter SetThreadPreferredUILanguages (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter GetThreadUILanguage (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter SetDefaultDllDirectories (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter SetSearchPathMode (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter SetProcessDEPPolicy (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter GetNativeSystemInfo (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter CompareStringOrdinal (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter VariantChangeTypeEx (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter VarNeg (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter VarNot (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter VarAdd (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter VarSub (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter VarMul (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter VarDiv (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter VarIdiv (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter VarMod (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter VarAnd (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter VarOr (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter VarXor (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter VarCmp (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter VarI4FromStr (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter VarR4FromStr (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter VarR8FromStr (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter VarDateFromStr (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter VarCyFromStr (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter VarBoolFromStr (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter VarBstrFromCy (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter VarBstrFromDate (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter VarBstrFromBool (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter GetUserDefaultUILanguage (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter CheckTokenMembership (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter GetTempPath2W (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter BCryptGenRandom (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter GetFinalPathNameByHandleW (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter DecodePointer (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "GetProcAddress" with a parameter EncodePointer (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter InitializeCriticalSectionEx (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter FlsAlloc (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter FlsSetValue (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter FlsGetValue (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter LCMapStringEx (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter FlsFree (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter InitOnceExecuteOnce (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter CreateEventExW (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter CreateSemaphoreW (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter CreateSemaphoreExW (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter CreateThreadpoolTimer (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter SetThreadpoolTimer (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter WaitForThreadpoolTimerCallbacks (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter CloseThreadpoolTimer (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter CreateThreadpoolWait (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter SetThreadpoolWait (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter CloseThreadpoolWait (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter FlushProcessWriteBuffers (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter FreeLibraryWhenCallbackReturns (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetCurrentProcessorNumber (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter CreateSymbolicLinkW (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetCurrentPackageId (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetTickCount64 (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetFileInformationByHandleEx (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter SetFileInformationByHandle (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetSystemTimePreciseAsFileTime (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter InitializeConditionVariable (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter WakeConditionVariable (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter WakeAllConditionVariable (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter SleepConditionVariableCS (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter InitializeSRWLock (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter AcquireSRWLockExclusive (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter TryAcquireSRWLockExclusive (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter ReleaseSRWLockExclusive (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter SleepConditionVariableSRW (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter CreateThreadpoolWork (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter SubmitThreadpoolWork (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter CloseThreadpoolWork (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter CompareStringEx (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetLocaleInfoEx (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter AreFileApisANSI (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter RtlGetVersion (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter CoCreateInstance (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter CoCreateInstanceEx (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter CoGetClassObject (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter CoGetInstanceFromFile (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter CoGetInstanceFromIStorage (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter wine_get_version (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetLogicalProcessorInformation (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetThreadPreferredUILanguages (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter SetThreadPreferredUILanguages (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetThreadUILanguage (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter SetDefaultDllDirectories (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter SetSearchPathMode (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter SetProcessDEPPolicy (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetNativeSystemInfo (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter CompareStringOrdinal (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter VariantChangeTypeEx (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter VarNeg (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter VarNot (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter VarAdd (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter VarSub (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter VarMul (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter VarDiv (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter VarIdiv (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter VarMod (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter VarAnd (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter VarOr (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter VarXor (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter VarCmp (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter VarI4FromStr (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter VarR4FromStr (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter VarR8FromStr (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter VarDateFromStr (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter VarCyFromStr (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter VarBoolFromStr (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter VarBstrFromCy (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter VarBstrFromDate (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter VarBstrFromBool (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter CoInitializeEx (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter CoAddRefServerProcess (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter CoReleaseServerProcess (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter CoResumeClassObjects (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter CoSuspendClassObjects (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter BufferedPaintInit (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter AnimateWindow (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter InitializeFlatSB (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter UninitializeFlatSB (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter FlatSB_GetScrollProp (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter FlatSB_SetScrollProp (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter FlatSB_EnableScrollBar (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter FlatSB_ShowScrollBar (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter FlatSB_GetScrollRange (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter FlatSB_GetScrollInfo (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter FlatSB_GetScrollPos (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter FlatSB_SetScrollPos (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter FlatSB_SetScrollInfo (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter FlatSB_SetScrollRange (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter SetLayeredWindowAttributes (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter Wow64DisableWow64FsRedirection (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter Wow64RevertWow64FsRedirection (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter OpenThemeData (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter CloseThemeData (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter DrawThemeBackground (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter DrawThemeText (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter DrawThemeTextEx (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetThemeBackgroundContentRect (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetThemePartSize (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetThemeTextExtent (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetThemeTextMetrics (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetThemeBackgroundRegion (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter HitTestThemeBackground (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter DrawThemeEdge (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter DrawThemeIcon (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter IsThemePartDefined (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter IsThemeBackgroundPartiallyTransparent (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetThemeColor (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetThemeMetric (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetThemeString (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetThemeBool (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetThemeInt (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetThemeEnumValue (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetThemePosition (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetThemeFont (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetThemeRect (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetThemeMargins (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetThemeIntList (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetThemePropertyOrigin (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter SetWindowTheme (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetThemeFilename (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetThemeSysColor (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetThemeSysColorBrush (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetThemeSysBool (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetThemeSysSize (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetThemeSysFont (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetThemeSysString (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetThemeSysInt (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter IsThemeActive (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter IsAppThemed (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetWindowTheme (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter EnableThemeDialogTexture (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter IsThemeDialogTextureEnabled (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetThemeAppProperties (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter SetThemeAppProperties (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetCurrentThemeName (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetThemeDocumentationProperty (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter DrawThemeParentBackground (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter EnableTheming (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter NotifyWinEvent (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter SHPathPrepareForWriteW (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter TaskDialogIndirect (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter IsWow64Process2 (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetSystemWow64DirectoryA (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter RegDeleteKeyExA (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter IsWow64GuestMachineSupported (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter SHGetKnownFolderPath (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter DisableProcessWindowsGhosting (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter CheckTokenMembership (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetUserDefaultUILanguage (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter ShutdownBlockReasonDestroy (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter ShutdownBlockReasonCreate (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter SetProcessMitigationPolicy (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetSystemWow64DirectoryW (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetTempPath2W (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter BCryptGenRandom (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter SHGetFolderPathW (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter RmStartSession (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter RmRegisterResources (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter RmGetList (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter RmShutdown (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter RmRestart (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter RmEndSession (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetThemeBackgroundExtent (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter DwmSetWindowAttribute (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter ChangeWindowMessageFilterEx (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetWindowDpiAwarenessContext (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter AreDpiAwarenessContextsEqual (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter SHGetStockIconInfo (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter SHGetImageList (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter MonitorFromRect (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter GetMonitorInfoA (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter ImmAssociateContextEx (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter AlphaBlend (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter DwmIsCompositionEnabled (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter DwmExtendFrameIntoClientArea (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter SfcIsFileProtected (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter ProcessIdToSessionId (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter BufferedPaintUnInit (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "GetProcAddress" with a parameter RtlDllShutdownInProgress (UID: 00000000-00004792)
  
  source
  
  API Call
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1106 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to execute Windows APIs
  
  details
  
  Found reference to API (Indicator: "GetLogicalProcessorInformation"; File: "HWiNFO_Monitor_Setup.exe")
  Found reference to API (Indicator: "GetThreadPreferredUILanguages"; File: "HWiNFO_Monitor_Setup.exe")
  Found reference to API (Indicator: "SetThreadPreferredUILanguages"; File: "HWiNFO_Monitor_Setup.exe")
  Found reference to API (Indicator: "GetThreadUILanguage"; File: "HWiNFO_Monitor_Setup.exe")
  Found reference to API (Indicator: "GetLongPathNameW"; File: "HWiNFO_Monitor_Setup.exe")
  Found reference to API (Indicator: "SetEvent"; File: "HWiNFO_Monitor_Setup.exe")
  Found reference to API (Indicator: "ResetEvent"; File: "HWiNFO_Monitor_Setup.exe")
  Found reference to API (Indicator: "CompareStringOrdinal"; File: "HWiNFO_Monitor_Setup.exe")
  Found reference to API (Indicator: "RtlCompareUnicodeString"; File: "HWiNFO_Monitor_Setup.exe")
  Found reference to API (Indicator: "GetDiskFreeSpaceExW"; File: "HWiNFO_Monitor_Setup.exe")
  Found reference to API (Indicator: "InitializeConditionVariable"; File: "HWiNFO_Monitor_Setup.exe")
  Found reference to API (Indicator: "WakeConditionVariable"; File: "HWiNFO_Monitor_Setup.exe")
  Found reference to API (Indicator: "WakeAllConditionVariable"; File: "HWiNFO_Monitor_Setup.exe")
  Found reference to API (Indicator: "SleepConditionVariableCS"; File: "HWiNFO_Monitor_Setup.exe")
  Found reference to API (Indicator: "GetTickCount64"; File: "HWiNFO_Monitor_Setup.exe")
  Found reference to API (Indicator: "CheckTokenMembership"; File: "HWiNFO_Monitor_Setup.exe")
  Found reference to API (Indicator: "GetUserDefaultUILanguage"; File: "HWiNFO_Monitor_Setup.exe")
  Found reference to API (Indicator: "SeShutdownPrivilege"; File: "HWiNFO_Monitor_Setup.exe")
  Found reference to API (Indicator: "GetFinalPathNameByHandleW"; File: "HWiNFO_Monitor_Setup.exe")
  Found reference to API (Indicator: "GetCurrentDirectory"; File: "HWiNFO_Monitor_Setup.exe")
  Found reference to API (Indicator: "WNetEnumResourceW"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "WNetGetUniversalNameW"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "WNetGetConnectionW"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "WNetCloseEnum"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "WNetOpenEnumW"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "GetSaveFileNameW"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "GetOpenFileNameW"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "SHGetFileInfoW"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "Shell_NotifyIconW"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "ShellExecuteW"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "ShellExecuteExW"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "MoveWindow"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "CopyImage"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "SetMenuItemInfoW"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "GetMenuItemInfoW"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "FrameRect"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "GetMenuStringW"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "FillRect"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "SendMessageA"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "EnumWindows"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "ShowOwnedPopups"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "GetScrollRange"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "SetActiveWindow"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "GetActiveWindow"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "DrawEdge"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "GetKeyboardLayoutList"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "OemToCharBuffA"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "EnumChildWindows"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "UnhookWindowsHookEx"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "SetCapture"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "GetCapture"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "ShowCaret"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "CreatePopupMenu"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "GetMenuItemID"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "CharLowerBuffW"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "IsZoomed"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "SetParent"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "DrawMenuBar"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "GetClientRect"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "IsChild"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "IsIconic"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "CallNextHookEx"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "ShowWindow"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "GetWindowTextW"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "SetForegroundWindow"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "DestroyWindow"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "RegisterClassW"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "CharNextW"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "GetFocus"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "GetDC"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "SetFocus"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "ReleaseDC"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "ExitWindowsEx"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "CharToOemBuffA"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "SetScrollRange"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "PeekMessageA"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "MessageBeep"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "GetSubMenu"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "DestroyIcon"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "IsWindowVisible"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "DispatchMessageA"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "UnregisterClassW"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "GetTopWindow"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "LoadStringW"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "CreateMenu"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "CharLowerW"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "SetWindowRgn"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "SetWindowPos"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "GetMenuItemCount"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "GetSysColorBrush"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "GetWindowDC"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "GetScrollInfo"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "SetWindowTextW"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "GetSysColor"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "EnableScrollBar"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "TrackPopupMenu"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "DrawIconEx"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API (Indicator: "GetLogicalProcessorInformation"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found reference to API (Indicator: "MessageBoxA"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found reference to API (Indicator: "IsWow64Process"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found reference to API (Indicator: "ProcessIdToSessionId"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found reference to API (Indicator: "LocaleNameToLCID"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found reference to API (Indicator: "GetTimeZoneInformationForYear"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found reference to API (Indicator: "GetNativeSystemInfo"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found reference to API (Indicator: "GetSystemTimes"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found reference to API (Indicator: "RegDeleteKeyExW"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found reference to API (Indicator: "CryptDecodeObject"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found reference to API (Indicator: "PFXImportCertStore"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found reference to API (Indicator: "CertGetNameStringW"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found reference to API (Indicator: "CertNameToStrW"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found reference to API (Indicator: "CertFreeCertificateContext"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found reference to API (Indicator: "CertDuplicateCertificateContext"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found reference to API (Indicator: "CertCloseStore"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found reference to API (Indicator: "CertOpenSystemStoreW"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found reference to API (Indicator: "CertOpenStore"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found reference to API (Indicator: "CertFindChainInStore"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found reference to API (Indicator: "CertFindCertificateInStore"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found reference to API (Indicator: "StrToInt64ExW"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  Found reference to API (Indicator: "GetLastError"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  Found reference to API (Indicator: "LocalFree"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  Found reference to API (Indicator: "CloseHandle"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  Found reference to API (Indicator: "ReadFile"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  Found reference to API (Indicator: "WriteFile"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  Found reference to API (Indicator: "GetCommandLineW"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  Found reference to API (Indicator: "SetConsoleCtrlHandler"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  Found reference to API (Indicator: "SetProcessShutdownParameters"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  Found reference to API (Indicator: "SetCurrentDirectoryW"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  Found reference to API (Indicator: "GetSystemDirectoryW"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  Found reference to API (Indicator: "SetErrorMode"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  Found reference to API (Indicator: "ExitProcess"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  Found reference to API (Indicator: "FreeSid"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  Found reference to API (Indicator: "SetNamedSecurityInfoW"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  Found reference to API (Indicator: "SetEntriesInAclW"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  Found reference to API (Indicator: "AllocateAndInitializeSid"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  Found reference to API (Indicator: "GetNamedSecurityInfoW"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  Found reference to API (Indicator: "CommandLineToArgvW"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  Found reference to API (Indicator: "SessionEnv"; Source: "00000000-00004792.00000000.253882.013ED000.00000004.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1106 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to execute an application (API string)
  
  details
  
  Found reference to API "ShellExecuteW" (Indicator: "ShellExecute"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API "ShellExecuteExW" (Indicator: "ShellExecute"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1106 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to retrieve the command-line string for the current process (API string)
  
  details
  
  Found reference to API "GetCommandLineW" (Indicator: "GetCommandLine"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  Found reference to API "CommandLineToArgvW" (Indicator: "CommandLineToArgv"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1059.003 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to set/get the last-error code for a calling thread (API string)
  
  details
  
  Found reference to API "GetLastError" (Indicator: "GetLastError"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1106 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to show a graphical window (API string)
  
  details
  
  Found reference to API "ShowWindow" (Indicator: "ShowWindow"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1564.003 (Show technique in the MITRE ATT&CK™ matrix)
- Contains registry location strings
  
  details
  
  "Software\Embarcadero\Locales" in Source: HWiNFO_Monitor_Setup.exe
  "Software\CodeGear\Locales" in Source: HWiNFO_Monitor_Setup.exe
  "Software\Borland\Locales" in Source: HWiNFO_Monitor_Setup.exe
  "Software\Borland\Delphi\Locales" in Source: HWiNFO_Monitor_Setup.exe
  "SOFTWARE\Microsoft\Windows NT\CurrentVersion" in Source: HWiNFO_Monitor_Setup.exe
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1012 (Show technique in the MITRE ATT&CK™ matrix)
- Creates mutants
  
  details
  
  Process HWiNFO_Monitor_Setup.tmp created mutex with name "\Sessions\1\BaseNamedObjects\Local\SM0:4792:168:WilStaging_02"
  Process HWiNFO_Monitor_Setup.tmp created mutex with name "\Sessions\1\BaseNamedObjects\RstrMgr3887CAB8-533F-4C85-B0DC-3E5639F8D511"
  Process HWiNFO_Monitor_Setup.tmp created mutex with name "\Sessions\1\BaseNamedObjects\RstrMgr-3887CAB8-533F-4C85-B0DC-3E5639F8D511-Session0000"
  Process HWiNFO_Monitor_Setup.tmp created mutex with name "\Sessions\1\BaseNamedObjects\SM0:4792:64:WilError_03"
  Process HWiNFO_Monitor_Setup.tmp created mutex with name "\Sessions\1\BaseNamedObjects\Local\SM0:4792:64:WilError_03"
  Process HWiNFO_Monitor_Setup.tmp created mutex with name "\BaseNamedObjects\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwWriterMutex"
  Process HWiNFO_Monitor_Setup.tmp created mutex with name "\BaseNamedObjects\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_16.db!dfMaintainer"
  Process HWiNFO_Monitor_Setup.tmp created mutex with name "\BaseNamedObjects\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_32.db!dfMaintainer"
  Process HWiNFO_Monitor_Setup.tmp created mutex with name "\BaseNamedObjects\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_48.db!dfMaintainer"
  Process HWiNFO_Monitor_Setup.tmp created mutex with name "\BaseNamedObjects\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_96.db!dfMaintainer"
  Process HWiNFO_Monitor_Setup.tmp created mutex with name "\BaseNamedObjects\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_256.db!dfMaintainer"
  Process HWiNFO_Monitor_Setup.tmp created mutex with name "\BaseNamedObjects\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_768.db!dfMaintainer"
  Process HWiNFO_Monitor_Setup.tmp created mutex with name "\BaseNamedObjects\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_1280.db!dfMaintainer"
  Process HWiNFO_Monitor_Setup.tmp created mutex with name "\BaseNamedObjects\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_1920.db!dfMaintainer"
  Process HWiNFO_Monitor_Setup.tmp created mutex with name "\BaseNamedObjects\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_2560.db!dfMaintainer"
  Process HWiNFO_Monitor_Setup.tmp created mutex with name "\BaseNamedObjects\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_sr.db!dfMaintainer"
  Process HWiNFO_Monitor_Setup.tmp created mutex with name "\BaseNamedObjects\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_wide.db!dfMaintainer"
  Process HWiNFO_Monitor_Setup.tmp created mutex with name "\BaseNamedObjects\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_exif.db!dfMaintainer"
  Process HWiNFO_Monitor_Setup.tmp created mutex with name "\BaseNamedObjects\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_wide_alternate.db!dfMaintainer"
  Process HWiNFO_Monitor_Setup.tmp created mutex with name "\BaseNamedObjects\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_custom_stream.db!dfMaintainer"
  Process HWiNFO_Monitor_Setup.tmp created mutex with name "\BaseNamedObjects\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!IconCacheInit"
  Process HWiNFO_Monitor_Setup.tmp created mutex with name "\BaseNamedObjects\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs"
  Process HWiNFO_Monitor_Setup.tmp created mutex with name "Local\SM0:4792:168:WilStaging_02"
  Process HWiNFO_Monitor_Setup.tmp created mutex with name "Local\SM0:4792:64:WilError_03"
  Process HWiNFO_Monitor_Setup.tmp created mutex with name "SM0:4792:64:WilError_03"
  
  source
  
  Created Mutant
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1480 (Show technique in the MITRE ATT&CK™ matrix)
- Drops files marked as clean
  
  details
  
  Antivirus vendors marked dropped file "HWiNFO Monitor.lnk" as clean (type is "MS Windows shortcut Item id list present Has Relative path Has Working directory Icon number=0 Unicoded HasExpIcon "%SystemDrive%\Program Files\CPUID\HWiNFO\HWiNFO.exe" length=0 window=normal IDListSize 0x019b Root folder "20D04FE0-3AEA-1069-A2D8-08002B30309D" Volume "C:\"")
  Antivirus vendors marked dropped file "#U0423#U0434#U0430#U043b#U0438#U0442#U044c HWiNFO Monitor.lnk" as clean (type is "MS Windows shortcut Item id list present Points to a file or directory Has Relative path Has Working directory Unicoded MachineID hk2lovh86kohwgg Archive ctime=Sat Apr 11 05:54:00 2026 atime=Sat Apr 11 05:55:00 2026 mtime=Wed Apr 8 15:11:14 2026 length=3130088 window=normal IDListSize 0x01c5 Root folder "20D04FE0-3AEA-1069-A2D8-08002B30309D" Volume "C:\" LocalBasePath "%PROGRAMFILES%\CPUID\HWiNFO\unins000.exe"")
  Antivirus vendors marked dropped file "is-DZZ74NCPUI.tmp" as clean (type is "PE32+ executable for MS Windows 5.02 (GUI) x86-64 5 sections"), Antivirus vendors marked dropped file "_setup64.tmp" as clean (type is "PE32+ executable for MS Windows 5.02 (console) x86-64 5 sections")
  
  source
  
  Binary File
  
  relevance
  
  10/10
- File contains dynamic base/NX flags
  
  details
  
  "is-6A6AUP6767.tmp" has flags like IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
  IMAGE_DLLCHARACTERISTICS_NX_COMPAT
  
  source
  
  Static Parser
- Found E-Mail address in binary/memory
  
  details
  
  Pattern match: "fdelattre@cpuid.com"
  
  source
  
  File/Memory
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1114 (Show technique in the MITRE ATT&CK™ matrix)
- Loads modules at runtime
  
  details
  
  "HWiNFO_Monitor_Setup.exe" loaded module "API-MS-WIN-CORE-SYNCH-L1-2-0" at base 77170000
  "HWiNFO_Monitor_Setup.exe" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-1" at base 77170000
  "HWiNFO_Monitor_Setup.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-L1-2-1" at base 77170000
  "HWiNFO_Monitor_Setup.exe" loaded module "KERNEL32" at base 76890000
  "HWiNFO_Monitor_Setup.exe" loaded module "%WINDIR%\TEMP\VXOLE32.DLL" at base 73630000
  "HWiNFO_Monitor_Setup.exe" loaded module "KERNEL32.DLL" at base 76890000
  "HWiNFO_Monitor_Setup.exe" loaded module "%WINDIR%\SYSTEM32\BCRYPT.DLL" at base 73610000
  "HWiNFO_Monitor_Setup.exe" loaded module "%WINDIR%\SYSTEM32\BCRYPTPRIMITIVES.DLL" at base 76fb0000
  "HWiNFO_Monitor_Setup.exe" loaded module "RPCRT4.DLL" at base 75d30000
  "HWiNFO_Monitor_Setup.exe" loaded module "%WINDIR%\SYSTEM32\UXTHEME.DLL" at base 74fb0000
  "HWiNFO_Monitor_Setup.exe" loaded module "NTDLL.DLL" at base 77ab0000
  "HWiNFO_Monitor_Setup.exe" loaded module "%WINDIR%\SYSTEM32\APPHELP.DLL" at base 74ee0000
  "HWiNFO_Monitor_Setup.tmp" loaded module "API-MS-WIN-CORE-SYNCH-L1-2-0" at base 77170000
  "HWiNFO_Monitor_Setup.tmp" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-1" at base 77170000
  "HWiNFO_Monitor_Setup.tmp" loaded module "API-MS-WIN-CORE-LOCALIZATION-L1-2-1" at base 77170000
  "HWiNFO_Monitor_Setup.tmp" loaded module "KERNEL32" at base 76890000
  "HWiNFO_Monitor_Setup.tmp" loaded module "%WINDIR%\TEMP\VXOLE32.DLL" at base 73630000
  "HWiNFO_Monitor_Setup.tmp" loaded module "KERNEL32.DLL" at base 76890000
  "HWiNFO_Monitor_Setup.tmp" loaded module "MSCTF.DLL" at base 773f0000
  "HWiNFO_Monitor_Setup.tmp" loaded module "IMM32.DLL" at base 776a0000
  "HWiNFO_Monitor_Setup.tmp" loaded module "%WINDIR%\SYSTEM32\UXTHEME.DLL" at base 74fb0000
  "HWiNFO_Monitor_Setup.tmp" loaded module "NTDLL.DLL" at base 77ab0000
  "HWiNFO_Monitor_Setup.tmp" loaded module "RPCRT4.DLL" at base 75d30000
  "HWiNFO_Monitor_Setup.tmp" loaded module "UXTHEME.DLL" at base 74fb0000
  "HWiNFO_Monitor_Setup.tmp" loaded module "%WINDIR%\SYSTEM32\SHELL32.DLL" at base 75f00000
  "HWiNFO_Monitor_Setup.tmp" loaded module "%WINDIR%\SYSTEM32\BCRYPT.DLL" at base 73610000
  "HWiNFO_Monitor_Setup.tmp" loaded module "%WINDIR%\SYSTEM32\BCRYPTPRIMITIVES.DLL" at base 76fb0000
  "HWiNFO_Monitor_Setup.tmp" loaded module "%WINDIR%\SYSTEM32\SHFOLDER.DLL" at base 73530000
  "HWiNFO_Monitor_Setup.tmp" loaded module "%WINDIR%\SYSTEM32\RSTRTMGR.DLL" at base 734f0000
  "HWiNFO_Monitor_Setup.tmp" loaded module "COMCTL32" at base 75530000
  "HWiNFO_Monitor_Setup.tmp" loaded module "DWMAPI.DLL" at base 73160000
  "HWiNFO_Monitor_Setup.tmp" loaded module "USER32.DLL" at base 778f0000
  "HWiNFO_Monitor_Setup.tmp" loaded module "COMCTL32.DLL" at base 75530000
  "HWiNFO_Monitor_Setup.tmp" loaded module "SHELL32.DLL" at base 75f00000
  "HWiNFO_Monitor_Setup.tmp" loaded module "%WINDIR%\SYSWOW64\THUMBCACHE.DLL" at base 73100000
  "HWiNFO_Monitor_Setup.tmp" loaded module "%WINDIR%\SYSTEM32\ICONCODECSERVICE.DLL" at base 734e0000
  "HWiNFO_Monitor_Setup.tmp" loaded module "%WINDIR%\SYSTEM32\WINDOWSCODECS.DLL" at base 73370000
  "HWiNFO_Monitor_Setup.tmp" loaded module "MSIMG32.DLL" at base 734d0000
  "HWiNFO_Monitor_Setup.tmp" loaded module "SSPICLI.DLL" at base 744a0000
  "HWiNFO_Monitor_Setup.tmp" loaded module "%WINDIR%\SYSTEM32\EXPLORERFRAME.DLL" at base 72d30000
  "HWiNFO_Monitor_Setup.tmp" loaded module "%WINDIR%\SYSTEM32\SFC.DLL" at base 5db0000
  "HWiNFO_Monitor_Setup.tmp" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-0" at base 77170000
  "HWiNFO_Monitor_Setup.tmp" loaded module "API-MS-WIN-CORE-REGISTRY-L1-1-0.DLL" at base 77170000
  "HWiNFO_Monitor_Setup.tmp" loaded module "%WINDIR%\SYSWOW64\WINDOWS.STORAGE.DLL" at base 73c70000
  "HWiNFO_Monitor_Setup.tmp" loaded module "%WINDIR%\SYSTEM32\PROPSYS.DLL" at base 74560000
  "HWiNFO_Monitor_Setup.tmp" loaded module "CSCAPI.DLL" at base 743f0000
  "HWiNFO_Monitor_Setup.tmp" loaded module "%WINDIR%\SYSTEM32\DWMAPI.DLL" at base 73160000
  
  source
  
  API Call
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1129 (Show technique in the MITRE ATT&CK™ matrix)
- Loads the Bcrypt module DLL
  
  details
  
  "HWiNFO_Monitor_Setup.exe" loaded module "%WINDIR%\SysWOW64\bcrypt.dll" at 73610000
  "HWiNFO_Monitor_Setup.exe" loaded module "%WINDIR%\SysWOW64\bcryptprimitives.dll" at 76FB0000
  "HWiNFO_Monitor_Setup.tmp" loaded module "%WINDIR%\SysWOW64\bcryptprimitives.dll" at 76FB0000
  "HWiNFO_Monitor_Setup.tmp" loaded module "%WINDIR%\SysWOW64\bcrypt.dll" at 73610000
  
  source
  
  Loaded Module
  
  ATT&CK ID
  
  T1027 (Show technique in the MITRE ATT&CK™ matrix)
- Loads the RPC (Remote Procedure Call) module DLL
  
  details
  
  "HWiNFO_Monitor_Setup.exe" loaded module "%WINDIR%\SysWOW64\rpcrt4.dll" at 75D30000
  "HWiNFO_Monitor_Setup.tmp" loaded module "%WINDIR%\SysWOW64\rpcrt4.dll" at 75D30000
  
  source
  
  Loaded Module
  
  ATT&CK ID
  
  T1129 (Show technique in the MITRE ATT&CK™ matrix)
- Matched Compiler/Packer signature (DIE)
  
  details
  
  "HWiNFO_Monitor_Setup.exe" was detected as "Inno Setup Module" and name: "Installer"
  "HWiNFO_Monitor_Setup.exe" was detected as ".NET Reactor" and name: "Protector"
  "HWiNFO_Monitor_Setup.exe" was detected as "Embarcadero Delphi" and name: "Compiler"
  "HWiNFO_Monitor_Setup.exe" was detected as "Turbo Linker" and name: "Linker"
  "is-DZZ74NCPUI.tmp" was detected as "Inno Setup Module" and name: "Installer"
  "is-DZZ74NCPUI.tmp" was detected as ".NET Reactor" and name: "Protector"
  "is-DZZ74NCPUI.tmp" was detected as "Embarcadero Delphi" and name: "Compiler"
  "is-DZZ74NCPUI.tmp" was detected as "Turbo Linker" and name: "Linker"
  "is-6A6AUP6767.tmp" was detected as "Inno Setup Module" and name: "Installer"
  "is-6A6AUP6767.tmp" was detected as ".NET Reactor" and name: "Protector"
  "is-6A6AUP6767.tmp" was detected as "Embarcadero Delphi" and name: "Compiler"
  "is-6A6AUP6767.tmp" was detected as "Turbo Linker" and name: "Linker"
  "_setup64.tmp" was detected as "Inno Setup Module" and name: "Installer"
  "_setup64.tmp" was detected as ".NET Reactor" and name: "Protector"
  "_setup64.tmp" was detected as "Embarcadero Delphi" and name: "Compiler"
  "_setup64.tmp" was detected as "Turbo Linker" and name: "Linker"
  
  source
  
  Static Parser
  
  ATT&CK ID
  
  T1027 (Show technique in the MITRE ATT&CK™ matrix)
- Overview of unique CLSIDs touched in registry
  
  details
  
  "HWiNFO_Monitor_Setup.tmp" touched "Local Icon Cache" (Path: "HKCU\WOW6432NODE\CLSID\{2155FEE3-2419-4373-B102-6843707EB41F}")
  "HWiNFO_Monitor_Setup.tmp" touched "Task Bar Communication" (Path: "HKCU\WOW6432NODE\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}\TREATAS")
  "HWiNFO_Monitor_Setup.tmp" touched "Computer" (Path: "HKCU\WOW6432NODE\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\SHELLFOLDER")
  "HWiNFO_Monitor_Setup.tmp" touched "Shortcut" (Path: "HKCU\WOW6432NODE\CLSID\{00021401-0000-0000-C000-000000000046}\TREATAS")
  "HWiNFO_Monitor_Setup.tmp" touched "Memory Mapped Cache Mgr" (Path: "HKCU\WOW6432NODE\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\TREATAS")
  
  source
  
  Registry Access
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1546.015 (Show technique in the MITRE ATT&CK™ matrix)
- Process launched with changed environment
  
  details
  
  Process "HWiNFO_Monitor_Setup.tmp" (Show Process) was launched with new environment variables: "USERDNSDOMAIN="DESKTOP-8LD9T6N""
  Process "HWiNFO_Monitor_Setup.tmp" (Show Process) was launched with modified environment variables: "NUMBER_OF_PROCESSORS"
  
  source
  
  Monitored Target
  
  relevance
  
  10/10
  
  ATT&CK ID
  
  T1057 (Show technique in the MITRE ATT&CK™ matrix)
- Reads information about supported languages
  
  details
  
  "HWiNFO_Monitor_Setup.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE"; Key: "EMPTY")
  "HWiNFO_Monitor_Setup.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE"; Key: "EN-US")
  "HWiNFO_Monitor_Setup.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\EXTENDEDLOCALE"; Key: "EN-US")
  "HWiNFO_Monitor_Setup.tmp" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE"; Key: "EMPTY")
  "HWiNFO_Monitor_Setup.tmp" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE"; Key: "EN-US")
  "HWiNFO_Monitor_Setup.tmp" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\EXTENDEDLOCALE"; Key: "EN-US")
  
  source
  
  Registry Access
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1082 (Show technique in the MITRE ATT&CK™ matrix)
- References Windows file paths for DLLs (possible dropped files)
  
  details
  
  Observed system executable string:"%WINDIR%\system32\bcrypt.dll" [Source: 00000000-00001392-00000C2B-2957734118]
  Observed system executable string:"%WINDIR%\system32\shell32.dll" [Source: 00000000-00004792-00000C2B-2959597676]
  Observed system executable string:"%WINDIR%\system32\uxtheme.dll" [Source: 00000000-00004792-00000C2B-2959643739]
  Observed system executable string:"%WINDIR%\system32\shfolder.dll" [Source: 00000000-00004792-00000C2B-2959985508]
  Observed system executable string:"%WINDIR%\system32\Rstrtmgr.dll" [Source: 00000000-00004792-00000C2B-2960040978]
  Observed system executable string:"%WINDIR%\system32\sfc.dll" [Source: 00000000-00004792-00000C2B-2961330496]
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1083 (Show technique in the MITRE ATT&CK™ matrix)
- Scanning for window names
  
  details
  
  "HWiNFO_Monitor_Setup.tmp" searching for class "Shell_TrayWnd"
  
  source
  
  API Call
  
  relevance
  
  10/10
  
  ATT&CK ID
  
  T1010 (Show technique in the MITRE ATT&CK™ matrix)
- Spawns new processes
  
  details
  
  Spawned process "HWiNFO_Monitor_Setup.tmp" with commandline "/SL5="$10034C
  3034253
  905728
  C:\\HWiNFO_Monitor_Setup.exe" /SILE ..." (Show Process)
  
  source
  
  Monitored Target
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1057 (Show technique in the MITRE ATT&CK™ matrix)
- Spawns new processes that are not known child processes
  
  details
  
  Spawned process "HWiNFO_Monitor_Setup.tmp" with commandline "/SL5="$10034C
  3034253
  905728
  C:\\HWiNFO_Monitor_Setup.exe" /SILE ..." (Show Process)
  
  source
  
  Monitored Target
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1057 (Show technique in the MITRE ATT&CK™ matrix)
- Writes files in a temp directory
  
  details
  
  "HWiNFO_Monitor_Setup.exe" writes to a file "%TEMP%\is-V1X3KIG9SZ.tmp\HWiNFO_Monitor_Setup.tmp"
  "HWiNFO_Monitor_Setup.tmp" writes to a file "C:\Users\%USERNAME%\AppData\Local\Temp\is-1JFN0P1ZCP.tmp\_isetup\_setup64.tmp"
  
  source
  
  API Call
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1005 (Show technique in the MITRE ATT&CK™ matrix)
Installation/Persistence
- Attempts to launch the Installer package binary
  
  details
  
  Process "HWiNFO_Monitor_Setup.tmp" with commandline "/SL5="$10034C
  3034253
  905728
  C:\\HWiNFO_Monitor_Setup.exe" /SILENT" (Show Process)
  
  source
  
  Monitored Target
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1546.016 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to load modules (API string)
  
  details
  
  Found reference to API "LoadLibraryEx failed" (Indicator: "LoadLibrary"; File: "HWiNFO_Monitor_Setup.exe")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1106 (Show technique in the MITRE ATT&CK™ matrix)
- Dropped files
  
  details
  
  "HWiNFO Monitor.lnk" has type "MS Windows shortcut Item id list present Has Relative path Has Working directory Icon number=0 Unicoded HasExpIcon "%SystemDrive%\Program Files\CPUID\HWiNFO\HWiNFO.exe" length=0 window=normal IDListSize 0x019b Root folder "20D04FE0-3AEA-1069-A2D8-08002B30309D" Volume "C:\""- Location: [%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\CPUID\HWiNFO\HWiNFO Monitor.lnk]- [targetUID: 00000000-00004792]
  "#U0423#U0434#U0430#U043b#U0438#U0442#U044c HWiNFO Monitor.lnk" has type "MS Windows shortcut Item id list present Points to a file or directory Has Relative path Has Working directory Unicoded MachineID hk2lovh86kohwgg Archive ctime=Sat Apr 11 05:54:00 2026 atime=Sat Apr 11 05:55:00 2026 mtime=Wed Apr 8 15:11:14 2026 length=3130088 window=normal IDListSize 0x01c5 Root folder "20D04FE0-3AEA-1069-A2D8-08002B30309D" Volume "C:\" LocalBasePath "%PROGRAMFILES%\CPUID\HWiNFO\unins000.exe""- [targetUID: N/A]
  "is-96Q5IE2WSZ.tmp" has type "PE32 executable for MS Windows 6.01 (GUI) Intel i386 11 sections"- Location: [%PROGRAMFILES%\CPUID\HWiNFO\is-96Q5IE2WSZ.tmp]- [targetUID: 00000000-00004792]
  "HWiNFO_Monitor_Setup.tmp" has type "PE32 executable for MS Windows 6.01 (GUI) Intel i386 11 sections"- Location: [%TEMP%\is-V1X3KIG9SZ.tmp\HWiNFO_Monitor_Setup.tmp]- [targetUID: 00000000-00001392]
  "is-DZZ74NCPUI.tmp" has type "PE32+ executable for MS Windows 5.02 (GUI) x86-64 5 sections"- Location: [%PROGRAMFILES%\CPUID\HWiNFO\is-DZZ74NCPUI.tmp]- [targetUID: 00000000-00004792]
  "is-FNEYTLL0RX.tmp" has type "PE32 executable for MS Windows 6.01 (GUI) Intel i386 10 sections"- Location: [%PROGRAMFILES%\CPUID\HWiNFO\is-FNEYTLL0RX.tmp]- [targetUID: 00000000-00004792]
  "is-6A6AUP6767.tmp" has type "PE32+ executable for MS Windows 6.00 (DLL) x86-64 7 sections"- Location: [%PROGRAMFILES%\CPUID\HWiNFO\is-6A6AUP6767.tmp]- [targetUID: 00000000-00004792]
  "is-F54G98LCMX.tmp" has type "InnoSetup messages version 6.0.0 261 messages (UTF-16) Cancel installation"- Location: [%PROGRAMFILES%\CPUID\HWiNFO\is-F54G98LCMX.tmp]- [targetUID: 00000000-00004792]
  "is-BJKFJATABB.tmp" has type "ASCII text with CRLF line terminators"- Location: [%PROGRAMFILES%\CPUID\HWiNFO\is-BJKFJATABB.tmp]- [targetUID: 00000000-00004792]
  "_setup64.tmp" has type "PE32+ executable for MS Windows 5.02 (console) x86-64 5 sections"- Location: [%TEMP%\is-1JFN0P1ZCP.tmp\_isetup\_setup64.tmp]- [targetUID: 00000000-00004792]
  "is-TI156WG2Y2.tmp" has type "InnoSetup Log 64-bit CPUID HWMonitor version 0x418 4783 bytes DESKTOP-D\TepHoBHuK C:\Program Files\CPUID\HWMonitor\376\377\3"- Location: [%PROGRAMFILES%\CPUID\HWiNFO\is-TI156WG2Y2.tmp]- [targetUID: 00000000-00004792]
  "unins000.dat" has type "InnoSetup Log 64-bit HWiNFO Monitor {8F12FE46-4F7A-43AB-93D5-012BBED69B1A} version 0x41e 3331 bytes hK2lOvH86\lwEaUAK\3 C:\Program Files\CPUID\HWiNFO\376\377\377\"- Location: [%PROGRAMFILES%\CPUID\HWiNFO\unins000.dat]- [targetUID: 00000000-00004792]
  
  source
  
  Binary File
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1105 (Show technique in the MITRE ATT&CK™ matrix)
- Drops temp files
  
  details
  
  "is-96Q5IE2WSZ.tmp" has type "PE32 executable for MS Windows 6.01 (GUI) Intel i386 11 sections" - Location: [%PROGRAMFILES%\CPUID\HWiNFO\is-96Q5IE2WSZ.tmp]
  "HWiNFO_Monitor_Setup.tmp" has type "PE32 executable for MS Windows 6.01 (GUI) Intel i386 11 sections" - Location: [%TEMP%\is-V1X3KIG9SZ.tmp\HWiNFO_Monitor_Setup.tmp]
  "is-DZZ74NCPUI.tmp" has type "PE32+ executable for MS Windows 5.02 (GUI) x86-64 5 sections" - Location: [%PROGRAMFILES%\CPUID\HWiNFO\is-DZZ74NCPUI.tmp]
  "is-FNEYTLL0RX.tmp" has type "PE32 executable for MS Windows 6.01 (GUI) Intel i386 10 sections" - Location: [%PROGRAMFILES%\CPUID\HWiNFO\is-FNEYTLL0RX.tmp]
  "is-6A6AUP6767.tmp" has type "PE32+ executable for MS Windows 6.00 (DLL) x86-64 7 sections" - Location: [%PROGRAMFILES%\CPUID\HWiNFO\is-6A6AUP6767.tmp]
  "is-F54G98LCMX.tmp" has type "InnoSetup messages version 6.0.0 261 messages (UTF-16) Cancel installation" - Location: [%PROGRAMFILES%\CPUID\HWiNFO\is-F54G98LCMX.tmp]
  "is-BJKFJATABB.tmp" has type "ASCII text with CRLF line terminators" - Location: [%PROGRAMFILES%\CPUID\HWiNFO\is-BJKFJATABB.tmp]
  "_setup64.tmp" has type "PE32+ executable for MS Windows 5.02 (console) x86-64 5 sections" - Location: [%TEMP%\is-1JFN0P1ZCP.tmp\_isetup\_setup64.tmp]
  "is-TI156WG2Y2.tmp" has type "InnoSetup Log 64-bit CPUID HWMonitor version 0x418 4783 bytes DESKTOP-D\TepHoBHuK %PROGRAMFILES%\CPUID\HWMonitor\376\377\3" - Location: [%PROGRAMFILES%\CPUID\HWiNFO\is-TI156WG2Y2.tmp]
  
  source
  
  Binary File
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1105 (Show technique in the MITRE ATT&CK™ matrix)
- Opens registry keys
  
  details
  
  "HWiNFO_Monitor_Setup.exe" (Access type: "OPEN"; Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CODEPAGE"; Key: ""; Value: "")
  "HWiNFO_Monitor_Setup.exe" (Access type: "OPEN"; Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\SESSION MANAGER"; Key: ""; Value: "")
  "HWiNFO_Monitor_Setup.exe" (Access type: "OPEN"; Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\SESSION MANAGER\SEGMENT HEAP"; Key: ""; Value: "")
  "HWiNFO_Monitor_Setup.exe" (Access type: "OPEN"; Path: "HKLM\SOFTWARE\MICROSOFT\WOW64\X86"; Key: ""; Value: "")
  "HWiNFO_Monitor_Setup.exe" (Access type: "OPEN"; Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\STATESEPARATION\REDIRECTIONMAP\KEYS"; Key: ""; Value: "")
  "HWiNFO_Monitor_Setup.exe" (Access type: "OPEN"; Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\SAFEBOOT\OPTION"; Key: ""; Value: "")
  "HWiNFO_Monitor_Setup.exe" (Access type: "OPEN"; Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\SRP\GP\DLL"; Key: ""; Value: "")
  "HWiNFO_Monitor_Setup.exe" (Access type: "OPEN"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS"; Key: ""; Value: "")
  "HWiNFO_Monitor_Setup.exe" (Access type: "OPEN"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS"; Key: ""; Value: "")
  "HWiNFO_Monitor_Setup.exe" (Access type: "OPEN"; Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\FILESYSTEM"; Key: ""; Value: "")
  
  source
  
  Registry Access
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1012 (Show technique in the MITRE ATT&CK™ matrix)
- Queries basic information of the specified process
  
  details
  
  "HWiNFO_Monitor_Setup.exe" queries basic process information of the "C:\HWiNFO_Monitor_Setup.exe" (UID: 1392)
  
  source
  
  API Call
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1057 (Show technique in the MITRE ATT&CK™ matrix)
- Queries registry keys
  
  details
  
  "HWiNFO_Monitor_Setup.exe" (Access type: "QUERYVAL"; Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CODEPAGE"; Key: "ACP"; Value: "")
  "HWiNFO_Monitor_Setup.exe" (Access type: "QUERYVAL"; Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CODEPAGE"; Key: "OEMCP"; Value: "")
  "HWiNFO_Monitor_Setup.exe" (Access type: "QUERYVAL"; Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\SESSION MANAGER"; Key: "RAISEEXCEPTIONONPOSSIBLEDEADLOCK"; Value: "")
  "HWiNFO_Monitor_Setup.exe" (Access type: "QUERYVAL"; Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\SESSION MANAGER"; Key: "RESOURCEPOLICIES"; Value: "")
  "HWiNFO_Monitor_Setup.exe" (Access type: "QUERYVAL"; Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\WMI\SECURITY"; Key: "57A6ED1A-79F7-5011-B242-4784E5620CF7"; Value: "")
  "HWiNFO_Monitor_Setup.exe" (Access type: "QUERYVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WOW64\X86"; Key: "HWINFO_MONITOR_SETUP.EXE"; Value: "")
  "HWiNFO_Monitor_Setup.exe" (Access type: "QUERYVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WOW64\X86"; Key: ""; Value: "")
  "HWiNFO_Monitor_Setup.exe" (Access type: "QUERYVAL"; Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\WMI\SECURITY"; Key: "3C74AFB9-8D82-44E3-B52C-365DBF48382A"; Value: "")
  "HWiNFO_Monitor_Setup.exe" (Access type: "QUERYVAL"; Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\WMI\SECURITY"; Key: "B749553B-D950-5E03-6282-3145A61B1002"; Value: "")
  "HWiNFO_Monitor_Setup.exe" (Access type: "QUERYVAL"; Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\WMI\SECURITY"; Key: "05F95EFE-7F75-49C7-A994-60A55CC09571"; Value: "")
  "HWiNFO_Monitor_Setup.exe" (Access type: "QUERYVAL"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS"; Key: "TRANSPARENTENABLED"; Value: "")
  "HWiNFO_Monitor_Setup.exe" (Access type: "QUERYVAL"; Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\FILESYSTEM"; Key: "LONGPATHSENABLED"; Value: "")
  "HWiNFO_Monitor_Setup.exe" (Access type: "QUERYVAL"; Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\SORTING\VERSIONS"; Key: ""; Value: "")
  "HWiNFO_Monitor_Setup.exe" (Access type: "QUERYVAL"; Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\SORTING\VERSIONS"; Key: "000604XX"; Value: "")
  "HWiNFO_Monitor_Setup.exe" (Access type: "QUERYVAL"; Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\WMI\SECURITY"; Key: "CA967C75-04BF-40B5-9A16-98B5F9332A92"; Value: "")
  "HWiNFO_Monitor_Setup.exe" (Access type: "QUERYVAL"; Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\WMI\SECURITY"; Key: "B6FD710B-F783-4B1C-AB9C-C68099DCC0C7"; Value: "")
  "HWiNFO_Monitor_Setup.exe" (Access type: "QUERYVAL"; Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\WMI\SECURITY"; Key: "BF30465B-E93C-46FD-9CDF-F41C8904A01F"; Value: "")
  "HWiNFO_Monitor_Setup.exe" (Access type: "QUERYVAL"; Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\WMI\SECURITY"; Key: "C1376338-0984-48B8-B933-9C7D779FD84D"; Value: "")
  "HWiNFO_Monitor_Setup.exe" (Access type: "QUERYVAL"; Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\WMI\SECURITY"; Key: "F25BCD2E-2690-55DC-3BC4-07B65B1B41C9"; Value: "")
  
  source
  
  Registry Access
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1012 (Show technique in the MITRE ATT&CK™ matrix)
- Reads files
  
  details
  
  "HWiNFO_Monitor_Setup.exe" reads file "c:\hwinfo_monitor_setup.exe"
  
  source
  
  API Call
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1083 (Show technique in the MITRE ATT&CK™ matrix)
- Shows ability to use execution guardrails
  
  details
  
  The analysis shows indicators which can be used as execution guardrails to ensure that payload only executes against intended targets/system. Matched sigs: Contains a Wine emulator-related string
  Matched sigs: Contains ability to delay execution by waiting for signal/timeout (API string)
  Matched sigs: Contains ability to retrieve the time elapsed since the system was started (API string)
  Matched sigs: Able to identify virtual environment by using user activity (API string)
  Matched sigs: Able to detect virtual machine (string)
  Matched sigs: Able to identify sandbox environment running process
  Matched sigs: Queries process mitigation policy via NtQueryInformationProcess
  Matched sigs: Attempts to call APIs commonly associated with anti-analysis and evasion techniques
  Matched sigs: Observed a high volume of repeated registry API calls (API Hammering)
  
  source
  
  Indicator Combinations
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1480 (Show technique in the MITRE ATT&CK™ matrix)
- Touches files
  
  details
  
  "HWiNFO_Monitor_Setup.exe" trying to touch file "%WINDIR%\SysWOW64\imm32.dll"
  "HWiNFO_Monitor_Setup.exe" trying to touch file "C:\Windows\SysWOW64\ole32.dll"
  "HWiNFO_Monitor_Setup.exe" trying to touch file "C:\Windows\Temp\VxSSL32.dll"
  "HWiNFO_Monitor_Setup.exe" trying to touch file "C:\Windows\SysWOW64\fltLib.dll"
  "HWiNFO_Monitor_Setup.exe" trying to touch file "C:\Windows\SysWOW64\cryptsp.dll"
  "HWiNFO_Monitor_Setup.exe" trying to touch file "C:\Windows\SysWOW64\netapi32.dll"
  "HWiNFO_Monitor_Setup.exe" trying to touch file "C:\Windows\SysWOW64\winhttp.dll"
  "HWiNFO_Monitor_Setup.exe" trying to touch file "C:\Windows\SysWOW64\mpr.dll"
  "HWiNFO_Monitor_Setup.exe" trying to touch file "C:\windows\temp\VxOle32.dll"
  "HWiNFO_Monitor_Setup.exe" trying to touch file "C:\Windows\Temp\VxOle32.dll"
  "HWiNFO_Monitor_Setup.exe" trying to touch file "C:\WINDOWS\system32\netapi32.DLL"
  
  source
  
  API Call
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1083 (Show technique in the MITRE ATT&CK™ matrix)
- Touches files in program files directory
  
  details
  
  "HWiNFO_Monitor_Setup.tmp" touched file "%PROGRAMFILES%\CPUID\HWiNFO\unins000.dat"
  "HWiNFO_Monitor_Setup.tmp" touched file "C:\Program Files\CPUID\HWiNFO\is-96Q5IE2WSZ.tmp"
  "HWiNFO_Monitor_Setup.tmp" touched file "C:\Program Files\CPUID\HWiNFO\is-6A6AUP6767.tmp"
  "HWiNFO_Monitor_Setup.tmp" touched file "C:\Program Files\CPUID\HWiNFO\is-DZZ74NCPUI.tmp"
  "HWiNFO_Monitor_Setup.tmp" touched file "C:\Program Files\CPUID\HWiNFO\is-BJKFJATABB.tmp"
  "HWiNFO_Monitor_Setup.tmp" touched file "C:\Program Files\CPUID\HWiNFO\is-TI156WG2Y2.tmp"
  "HWiNFO_Monitor_Setup.tmp" touched file "C:\Program Files\CPUID\HWiNFO\is-FNEYTLL0RX.tmp"
  "HWiNFO_Monitor_Setup.tmp" touched file "C:\Program Files\CPUID\HWiNFO\is-F54G98LCMX.tmp"
  
  source
  
  API Call
  
  relevance
  
  5/10
  
  ATT&CK ID
  
  T1083 (Show technique in the MITRE ATT&CK™ matrix)
- Touches files in the Windows directory
  
  details
  
  "HWiNFO_Monitor_Setup.tmp" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Explorer"
  "HWiNFO_Monitor_Setup.tmp" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Caches"
  "HWiNFO_Monitor_Setup.tmp" touched file "%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\CPUID\HWiNFO\HWiNFO Monitor.lnk"
  "HWiNFO_Monitor_Setup.tmp" touched file "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWiNFO\Удалить HWiNFO Monitor.lnk"
  "HWiNFO_Monitor_Setup.tmp" touched file "%LOCALAPPDATA%\Microsoft\Windows\Explorer"
  "HWiNFO_Monitor_Setup.tmp" touched file "%LOCALAPPDATA%\Microsoft\Windows\Caches"
  "HWiNFO_Monitor_Setup.tmp" touched file "%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\CPUID\HWiNFO\HWiNFO Monitor.lnk"
  "HWiNFO_Monitor_Setup.tmp" touched file "%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\CPUID\HWiNFO\Удалить HWiNFO Monitor.lnk"
  
  source
  
  API Call
  
  relevance
  
  7/10
  
  ATT&CK ID
  
  T1083 (Show technique in the MITRE ATT&CK™ matrix)
- Tries to access LNK files (Windows shortcut)
  
  details
  
  "HWiNFO_Monitor_Setup.tmp" trying to access LNK file "%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\CPUID\HWiNFO\HWiNFO Monitor.lnk"
  "HWiNFO_Monitor_Setup.tmp" trying to access LNK file "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWiNFO\Удалить HWiNFO Monitor.lnk"
  "HWiNFO_Monitor_Setup.tmp" trying to access LNK file "%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\CPUID\HWiNFO\HWiNFO Monitor.lnk"
  "HWiNFO_Monitor_Setup.tmp" trying to access LNK file "%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\CPUID\HWiNFO\Удалить HWiNFO Monitor.lnk"
  
  source
  
  API Call
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1083 (Show technique in the MITRE ATT&CK™ matrix)
- Tries to access non-existent files (executable)
  
  details
  
  "HWiNFO_Monitor_Setup.tmp" trying to access non-existent file "C:\WINDOWS\system32\rpcss.dll"
  "HWiNFO_Monitor_Setup.tmp" trying to access non-existent file "%PROGRAMFILES%\CPUID\HWiNFO\unins000.exe"
  "HWiNFO_Monitor_Setup.tmp" trying to access non-existent file "C:\Program Files\CPUID\HWiNFO\CRYPTBASE.dll"
  "HWiNFO_Monitor_Setup.tmp" trying to access non-existent file "C:\Program Files\CPUID\HWiNFO\HWMonitor.exe"
  "HWiNFO_Monitor_Setup.tmp" trying to access non-existent file "C:\Program Files\CPUID\HWiNFO\HWiNFO.exe"
  
  source
  
  API Call
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1083 (Show technique in the MITRE ATT&CK™ matrix)
- Tries to access non-existent files (non-executable)
  
  details
  
  "HWiNFO_Monitor_Setup.exe" trying to access non-existent file "%TEMP%\is-V1X3KIG9SZ.tmp"
  "HWiNFO_Monitor_Setup.tmp" trying to access non-existent file "C:\Windows\SysWOW64\en-US\tzres.dll.mui"
  "HWiNFO_Monitor_Setup.tmp" trying to access non-existent file "C:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui"
  "HWiNFO_Monitor_Setup.tmp" trying to access non-existent file "C:\Windows\SysWOW64\en-US\netmsg.dll.mui"
  "HWiNFO_Monitor_Setup.tmp" trying to access non-existent file "C:\Users\%USERNAME%\AppData\Local\Temp\is-1JFN0P1ZCP.tmp"
  "HWiNFO_Monitor_Setup.tmp" trying to access non-existent file "C:\Users\%USERNAME%\AppData\Local\Temp\is-V1X3KIG9SZ.tmp\HWiNFO_Monitor_Setup.tmp.Local\"
  "HWiNFO_Monitor_Setup.tmp" trying to access non-existent file "C:\Windows\SysWOW64\uxtheme.dll.Config"
  "HWiNFO_Monitor_Setup.tmp" trying to access non-existent file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete"
  "HWiNFO_Monitor_Setup.tmp" trying to access non-existent file "C:\Windows\SysWOW64\en-US\imageres.dll.mui"
  "HWiNFO_Monitor_Setup.tmp" trying to access non-existent file "C:\Windows\SystemResources\USER32.dll.mun"
  "HWiNFO_Monitor_Setup.tmp" trying to access non-existent file "C:\Program Files\CPUID"
  "HWiNFO_Monitor_Setup.tmp" trying to access non-existent file "C:\Windows\WinSxS\FileMaps\program_files_cpuid_hwinfo_e2a2a1e6add8f4d7.cdf-ms"
  "HWiNFO_Monitor_Setup.tmp" trying to access non-existent file "\SystemRoot\WinSxS\FileMaps\program_files_cpuid_hwinfo_e2a2a1e6add8f4d7.cdf-ms"
  "HWiNFO_Monitor_Setup.tmp" trying to access non-existent file "C:\Program Files\CPUID\HWiNFO\is-96Q5IE2WSZ.tmp"
  "HWiNFO_Monitor_Setup.tmp" trying to access non-existent file "C:\Program Files\CPUID\HWiNFO\is-6A6AUP6767.tmp"
  
  source
  
  API Call
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1083 (Show technique in the MITRE ATT&CK™ matrix)
- Writes files
  
  details
  
  "HWiNFO_Monitor_Setup.exe" writes file "%TEMP%\is-v1x3kig9sz.tmp\hwinfo_monitor_setup.tmp"
  "HWiNFO_Monitor_Setup.exe" writes file "%temp%\is-v1x3kig9sz.tmp\hwinfo_monitor_setup.tmp"
  "HWiNFO_Monitor_Setup.tmp" writes file "C:\Users\%USERNAME%\appdata\local\temp\is-1jfn0p1zcp.tmp\_isetup\_setup64.tmp"
  "HWiNFO_Monitor_Setup.tmp" writes file "c:\program files\cpuid\hwinfo\is-96q5ie2wsz.tmp"
  
  source
  
  API Call
  
  relevance
  
  1/10
- Writes log files
  
  details
  
  "HWiNFO_Monitor_Setup.tmp" writes a file "%PROGRAMFILES%\CPUID\HWiNFO\unins000.dat"
  "HWiNFO_Monitor_Setup.tmp" writes a file "%PROGRAMFILES%\CPUID\HWiNFO\unins000.dat"
  
  source
  
  API Call
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1074.001 (Show technique in the MITRE ATT&CK™ matrix)
Network Related
- Able to access Windows networking-related API (String)
  
  details
  
  Found reference to API "WNetEnumResourceW" (Indicator: "WNetEnumResource"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API "WNetGetUniversalNameW" (Indicator: "WNetGetUniversalName"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API "WNetGetConnectionW" (Indicator: "WNetGetConnection"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API "WNetCloseEnum" (Indicator: "WNetCloseEnum"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API "WNetOpenEnumW" (Indicator: "WNetOpenEnum"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1135 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to enumerate network resources (API string)
  
  details
  
  Found reference to API "WNetEnumResourceW" (Indicator: "NetEnumResource"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API "WNetGetConnectionW" (Indicator: "NetGetConnection"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API "WNetCloseEnum" (Indicator: "NetCloseEnum"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1049 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to query information about shared network resources (API string)
  
  details
  
  Found reference to API "EnumPrintersW" (Indicator: "EnumPrinters"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1135 (Show technique in the MITRE ATT&CK™ matrix)
- Found mail related domain names
  
  details
  
  Observed email domain:"%programfiles%\cpuid\hwinfo\is-f54g98lcmx.tmp" [Source: 00000000-00004792-00000C57-2962609903]
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1071.003 (Show technique in the MITRE ATT&CK™ matrix)
- Found potential URL in binary/memory
  
  details
  
  Pattern match: "https://jrsoftware.org/ishelp/index.php?topic=setupcmdline"
  Pattern match: "https://www.cpuid.com/softwares/hwmonitor.htmlcpuid"
  Pattern match: "https://www.cpuid.com"
  Heuristic match: "font.name"
  Pattern match: "http://schemas.microsoft.com/smi/2005/windowssettings"
  Pattern match: "crl.comodoca.com/aaacertificateservices.crl04"
  Pattern match: "http://ocsp.comodoca.com0"
  Pattern match: "http://crl.sectigo.com/sectigopubliccodesigningrootr46.crl0"
  Pattern match: "http://crt.sectigo.com/sectigopubliccodesigningrootr46.p7c0#"
  Pattern match: "http://ocsp.sectigo.com0"
  Pattern match: "https://sectigo.com/cps0"
  Pattern match: "http://crl.sectigo.com/sectigopubliccodesigningcaevr36.crl0"
  Pattern match: "http://crt.sectigo.com/sectigopubliccodesigningcaevr36.crt0#"
  Pattern match: "http://ocsp.sectigo.com0d"
  Pattern match: "crl.sectigo.com/sectigopublictimestampingcar36.crl0z"
  Pattern match: "crt.sectigo.com/sectigopublictimestampingcar36.crt0#"
  
  source
  
  File/Memory
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1071 (Show technique in the MITRE ATT&CK™ matrix)
- Possibly tries to communicate over SSL connection (HTTPS)
  
  details
  
  Found HTTPS url "https://jrsoftware.org"
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1573 (Show technique in the MITRE ATT&CK™ matrix)
Pattern Matching
- YARA signature match - Anti Debugging Used
  
  details
  
  YARA signature matched on Anti Debugging used in file "is-DZZ74NCPUI.tmp"
  
  source
  
  YARA Signature
  
  relevance
  
  2/10
  
  ATT&CK ID
  
  T1622 (Show technique in the MITRE ATT&CK™ matrix)
- YARA signature match - PE executable embedded in .rsrc section
  
  details
  
  YARA signature for embedded PE executable in .rsrc section matched on file "is-DZZ74NCPUI.tmp"
  
  source
  
  YARA Signature
  
  relevance
  
  5/10
  
  ATT&CK ID
  
  T1027.009 (Show technique in the MITRE ATT&CK™ matrix)
- YARA signature match – Embedded PE executable
  
  details
  
  YARA signature matched on embedded PE in file "is-DZZ74NCPUI.tmp"
  
  source
  
  YARA Signature
  
  relevance
  
  2/10
  
  ATT&CK ID
  
  T1027.009 (Show technique in the MITRE ATT&CK™ matrix)
Spyware/Information Retrieval
- Able to capture screen (API string)
  
  details
  
  Found reference to API "GetDC" (Indicator: "GetDC"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API "GetWindowDC" (Indicator: "GetWindowDC"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1113 (Show technique in the MITRE ATT&CK™ matrix)
- Able to discover operating system information (API string)
  
  details
  
  Found reference to API "5720624326,8160,3024,,RtlGetVersion,NTDLL.dll,"01:06:04.656",RX=0,PX=0" (Indicator: "RtlGetVersion"; Source: "00000000-00004792.00000000.253882.013ED000.00000004.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1082 (Show technique in the MITRE ATT&CK™ matrix)
- Attempts to read volume data via DOS device path
  
  details
  
  "HWiNFO_Monitor_Setup.tmp" tries to directly access volume data "Z:"
  
  source
  
  API Call
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1006 (Show technique in the MITRE ATT&CK™ matrix)
- Calls an API typically used for searching a directory for files
  
  details
  
  "HWiNFO_Monitor_Setup.exe" called "FindFirstFileW" with parameter C:\HWiNFO_Monitor_Setup.en-US (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "FindFirstFileW" with parameter C:\HWiNFO_Monitor_Setup.en (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "FindFirstFileW" with parameter C:\HWiNFO_Monitor_Setup.ENU (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.exe" called "FindFirstFileW" with parameter C:\HWiNFO_Monitor_Setup.EN (UID: 00000000-00001392)
  "HWiNFO_Monitor_Setup.tmp" called "FindFirstFileW" with parameter %TEMP%\is-V1X3KIG9SZ.tmp\HWiNFO_Monitor_Setup.en-US (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "FindFirstFileW" with parameter %TEMP%\is-V1X3KIG9SZ.tmp\HWiNFO_Monitor_Setup.en (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "FindFirstFileW" with parameter %TEMP%\is-V1X3KIG9SZ.tmp\HWiNFO_Monitor_Setup.ENU (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "FindFirstFileW" with parameter %TEMP%\is-V1X3KIG9SZ.tmp\HWiNFO_Monitor_Setup.EN (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "FindFirstFileW" with parameter %TEMP%\is-V1X3KIG9SZ.tmp\HWiNFO_Monitor_Setup.tmp (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "FindFirstFileW" with parameter %PROGRAMFILES%\CPUID\HWiNFO\unins???.* (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "FindFirstFileW" with parameter %PROGRAMFILES%\CPUID\HWiNFO\unins000.dat (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "FindFirstFileW" with parameter %PROGRAMFILES%\CPUID\HWiNFO\unins000.exe (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "FindFirstFileW" with parameter %TEMP%\is-1JFN0P1ZCP.tmp\* (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "FindNextFileW" with parameter .. (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "FindNextFileW" with parameter _isetup (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "FindFirstFileW" with parameter %TEMP%\is-1JFN0P1ZCP.tmp\_isetup\* (UID: 00000000-00004792)
  "HWiNFO_Monitor_Setup.tmp" called "FindNextFileW" with parameter _setup64.tmp (UID: 00000000-00004792)
  
  source
  
  API Call
  
  relevance
  
  5/10
  
  ATT&CK ID
  
  T1083 (Show technique in the MITRE ATT&CK™ matrix)
- Calls an API typically used for taking snapshot of the specified processes
  
  details
  
  "HWiNFO_Monitor_Setup.exe" called "CreateToolhelp32Snapshot" with parameters {"dwFlags": "4"
  "th32ProcessID": "0"}
  "HWiNFO_Monitor_Setup.tmp" called "CreateToolhelp32Snapshot" with parameters {"dwFlags": "4"
  "th32ProcessID": "0"}
  
  source
  
  API Call
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1057 (Show technique in the MITRE ATT&CK™ matrix)
- Calls an API typically used to retrieve computer name
  
  details
  
  "HWiNFO_Monitor_Setup.tmp" called "GetComputerNameW" (UID: 00000000-00004792)
  
  source
  
  API Call
  
  relevance
  
  2/10
  
  ATT&CK ID
  
  T1082 (Show technique in the MITRE ATT&CK™ matrix)
- Calls an API typically used to retrieve information about the current system
  
  details
  
  "HWiNFO_Monitor_Setup.exe" called "GetNativeSystemInfo" with parameters {"lpSystemInfo": "090000000010000000000100fffffeff0300000002000000d8210000000001000600004f"}
  "HWiNFO_Monitor_Setup.tmp" called "GetNativeSystemInfo" with parameters {"lpSystemInfo": "090000000010000000000100fffffeff0300000002000000d8210000000001000600004f"}
  
  source
  
  API Call
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1082 (Show technique in the MITRE ATT&CK™ matrix)
- Calls an API typically used to retrieve user name
  
  details
  
  "HWiNFO_Monitor_Setup.tmp" called "GetUserNameW" (UID: 00000000-00004792)
  
  source
  
  API Call
  
  relevance
  
  2/10
  
  ATT&CK ID
  
  T1033 (Show technique in the MITRE ATT&CK™ matrix)
- Contains CRYPTO related strings
  
  details
  
  Found string "TChaCha20Ctx@" (Indicator: "chacha"; File: "HWiNFO_Monitor_Setup.exe")
  Found string "TChaCha20Context" (Indicator: "chacha"; File: "HWiNFO_Monitor_Setup.exe")
  Found string "D:\Coding\Is\issrc-build\Components\ChaCha20.pas" (Indicator: "chacha"; File: "HWiNFO_Monitor_Setup.exe")
  Found string "AShared.EncryptionFunc" (Indicator: ".encrypt"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  Found string "ChaCha20" (Indicator: "chacha"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  Found string "kECDSA" (Indicator: "ecdsa"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1027 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to enumerate system network resources (API string)
  
  details
  
  Found reference to API "WNetOpenEnumW" (Indicator: "WNetOpenEnum"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1135 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to read files (API string)
  
  details
  
  Found reference to API "ReadFile" (Indicator: "ReadFile"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  
  source
  
  File/Memory
  
  ATT&CK ID
  
  T1083 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to retrieve file and directory information (API string)
  
  details
  
  Found reference to API "GetTempDir: GetTempPath failed (%u, %u)" (Indicator: "GetTempPath"; File: "HWiNFO_Monitor_Setup.exe")
  Found reference to API "GetCurrentDirectory" (Indicator: "GetCurrentDirectory"; File: "HWiNFO_Monitor_Setup.exe")
  Found reference to API "GetSystemDirectoryW" (Indicator: "GetSystemDirectory"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1083 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to retrieve files based on search patterns
  
  details
  
  Found string "Where should [name] be installed?" (Indicator: "where "; Source: "00000000-00004792.00000000.253882.012EE000.00000004.mdmp")
  Found string "Where should Setup place the program's shortcuts?" (Indicator: "where "; Source: "00000000-00004792.00000000.253882.012EE000.00000004.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1083 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to retrieve the specified system metric or system configuration setting (API string)
  
  details
  
  Found reference to API "GetSystemMetricsForDpi" (Indicator: "GetSystemMetrics"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  Found reference to API "10372453688,8160,111,,GetSystemMetrics,user32.dll,"01:06:06.593",RX=0,PX=0" (Indicator: "GetSystemMetrics"; Source: "00000000-00004792.00000000.253882.01407000.00000004.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1082 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to retrieve the time elapsed since the system was started (API string)
  
  details
  
  Found reference to API "GetTickCount64" (Indicator: "GetTickCount"; File: "HWiNFO_Monitor_Setup.exe")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1497.003 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to retrieve token privileges information (API string)
  
  details
  
  Found reference to API "CheckTokenMembership" (Indicator: "CheckTokenMembership"; File: "HWiNFO_Monitor_Setup.exe")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1134 (Show technique in the MITRE ATT&CK™ matrix)
- Contains string like password/secret
  
  details
  
  file/memory contains long string with (Indicator: "password"; File: "HWiNFO_Monitor_Setup.exe")
  Found string "Please specify the password using the /PASSWORD= command line parameter." (Indicator: "password"; File: "HWiNFO_Monitor_Setup.exe")
  Found string "The password you specified is not correct. Please try again." (Indicator: "password"; File: "HWiNFO_Monitor_Setup.exe")
  Found string "Scheme "%s" is not registered$Credential without user and password+Platform-dependant function not implemented)Scheme-dependant function not implemented" (Indicator: "password"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  Found string "The password you entered is not correct. Please try again." (Indicator: "password"; Source: "00000000-00004792.00000000.253882.012EE000.00000004.mdmp")
  Found string "This installation is password protected." (Indicator: "password"; Source: "00000000-00004792.00000000.253882.012EE000.00000004.mdmp")
  Found string "Please provide the password, then click Next to continue. Passwords are case-sensitive." (Indicator: "password"; Source: "00000000-00004792.00000000.253882.012EE000.00000004.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1555 (Show technique in the MITRE ATT&CK™ matrix)
System Security
- Able to delete registry key/value (API string)
  
  details
  
  Found registry deletion API: "RegDeleteKeyExW" in "00000000-00004792.00000000.253882.00E89000.00000004.mdmp"
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1112 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to access device drivers
  
  details
  
  Found string "\Device\HarddiskVolume3\Users\%OSUSER%\AppData\Local\Temp\is-V1X3KIG9SZ.tmp\HWiNFO_Monitor_Setup.tmp" (Indicator: "\Device\"; Source: "00000000-00001392-00000BC0-2958373228")
  Found string "DriverData=%WINDIR%\System32\Drivers\DriverData" (Indicator: "\drivers\"; Source: "00000000-00004792.00000000.253882.01380000.00000004.mdmp, 00000000-00004792.00000000.253882.013BC000.00000004.mdmp, 00000000-00004792.00000000.253882.019B0000.00000004.mdmp")
  Found string "DriverData=C:\Windows\System32\Drivers\DriverData" (Indicator: "system32\drivers"; Source: "00000000-00004792.00000000.253882.01380000.00000004.mdmp, 00000000-00004792.00000000.253882.013BC000.00000004.mdmp, 00000000-00004792.00000000.253882.019B0000.00000004.mdmp")
  Found string ":\WINDOWS\system32\DriverStore\FileRepository" (Indicator: "system32\drivers"; Source: "00000000-00004792.00000000.253882.01380000.00000004.mdmp")
  Found string ":\WINDOWS\system32\DRIVERS" (Indicator: "system32\drivers"; Source: "00000000-00004792.00000000.253882.013BC000.00000004.mdmp")
  Found string "e3\DosDevices\C:\??\Volume{44294f7c-6083-41c6-8176-3c202d755616}" (Indicator: "\DosDevices\"; Source: "00000000-00004792.00000000.253882.01407000.00000004.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1543.003 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to hook/unhook windows functions (API string)
  
  details
  
  Found reference to API "UnhookWindowsHookEx" (Indicator: "UnhookWindowsHook"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  Found reference to API "CallNextHookEx" (Indicator: "CallNextHook"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1056.001 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to modify access token privileges (API string)
  
  details
  
  Found reference to API "CheckTokenMembership" (Indicator: "CheckTokenMembership"; File: "HWiNFO_Monitor_Setup.exe")
  Found reference to API "SeShutdownPrivilege" (Indicator: "SeShutdownPrivilege"; File: "HWiNFO_Monitor_Setup.exe")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1134 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to modify the user configuration/privilege (API string)
  
  details
  
  Found reference to API "SystemParametersInfoForDpi" (Indicator: "SystemParametersInfo"; Source: "00000000-00004792.00000000.253882.00E89000.00000004.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1098 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to obtains specified information about the security of a file or directory (API string)
  
  details
  
  Found reference to API "FreeSid" (Indicator: "FreeSid"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  Found reference to API "SetEntriesInAclW" (Indicator: "SetEntriesInAcl"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  Found reference to API "AllocateAndInitializeSid" (Indicator: "AllocateAndInitializeSid"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  Found reference to API "AllocateAndInitializeSid" (Indicator: "InitializeSid"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1134.001 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to terminate a process (API string)
  
  details
  
  Found reference to API "ExitProcess" (Indicator: "ExitProcess"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1489 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to write files (API string)
  
  details
  
  Found reference to API "WriteFile" (Indicator: "WriteFile"; Source: "00000000-00004792.00000000.253882.00E8C000.00000002.mdmp")
  
  source
  
  File/Memory
  
  ATT&CK ID
  
  T1105 (Show technique in the MITRE ATT&CK™ matrix)
- Opens the Kernel Security Device Driver (KsecDD) of Windows
  
  details
  
  "HWiNFO_Monitor_Setup.exe" opened "\Device\KsecDD"
  "HWiNFO_Monitor_Setup.tmp" opened "\Device\KsecDD"
  
  source
  
  API Call
  
  relevance
  
  10/10
  
  ATT&CK ID
  
  T1068 (Show technique in the MITRE ATT&CK™ matrix)
- Queries services related registry keys
  
  details
  
  "HWiNFO_Monitor_Setup.exe" (Access type: "QUERYVAL"; Path: "HKLM\SYSTEM\CONTROLSET001\SERVICES\BAM\STATE\USERSETTINGS\S-1-5-21-1271187874-1938232448-3812392235-1001"; Key: "\DEVICE\HARDDISKVOLUME3\USERS\HAPUBWS\APPDATA\LOCAL\TEMP\IS-V1X3KIG9SZ.TMP\HWINFO_MONITOR_SETUP.TMP"; Value: "")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "QUERYVAL"; Path: "HKLM\SYSTEM\CONTROLSET001\SERVICES\LANMANWORKSTATION\PARAMETERS"; Key: "RPCCACHETIMEOUT"; Value: "")
  
  source
  
  Registry Access
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1007 (Show technique in the MITRE ATT&CK™ matrix)
- References device drivers used by rootkit malware
  
  details
  
  Found string "e3\DosDevices\C:\??\Volume{44294f7c-6083-41c6-8176-3c202d755616}" (Indicator: "\DosDevices\c:"; Source: "00000000-00004792.00000000.253882.01407000.00000004.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1014 (Show technique in the MITRE ATT&CK™ matrix)
- Writes registry keys
  
  details
  
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\RESTARTMANAGER\SESSION0000"; Key: "OWNER"; Value: "B8120000780E9F2C77C9DC0100")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\RESTARTMANAGER\SESSION0000"; Key: "SESSIONHASH"; Value: "E8BAEA20A7118F45F93D5A2C1346E4A92125AFF206DAB3694E8B240906DBDD5300")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\RESTARTMANAGER\SESSION0000"; Key: "SEQUENCE"; Value: "0100000000")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\RESTARTMANAGER\SESSION0000"; Key: "REGFILES0000"; Value: "%PROGRAMFILES%\CPUID\HWiNFO\CRYPTBASE.dll")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\RESTARTMANAGER\SESSION0000"; Key: "REGFILESHASH"; Value: "A21397A4B68B1D9B2A13B14D92195CEA1B5FA56F2D4692067BA9E17E1F18EC8000")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1"; Key: "INNO SETUP: SETUP VERSION"; Value: "6.7.1")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1"; Key: "INNO SETUP: APP PATH"; Value: "%PROGRAMFILES%\CPUID\HWiNFO")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1"; Key: "INSTALLLOCATION"; Value: "%PROGRAMFILES%\CPUID\HWiNFO\")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1"; Key: "INNO SETUP: ICON GROUP"; Value: "CPUID\HWiNFO")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1"; Key: "INNO SETUP: USER"; Value: "lwEaUAK")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1"; Key: "INNO SETUP: SELECTED TASKS"; Value: "000000")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1"; Key: "INNO SETUP: DESELECTED TASKS"; Value: "desktopicon")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1"; Key: "INNO SETUP: LANGUAGE"; Value: "russian")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1"; Key: "DISPLAYNAME"; Value: "HWiNFO Monitor,")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1"; Key: "DISPLAYICON"; Value: "%PROGRAMFILES%\CPUID\HWiNFO\HWiNFO.exe")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1"; Key: "UNINSTALLSTRING"; Value: ""%PROGRAMFILES%\CPUID\HWiNFO\unins000.exe"")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1"; Key: "QUIETUNINSTALLSTRING"; Value: ""%PROGRAMFILES%\CPUID\HWiNFO\unins000.exe" /SILENT")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1"; Key: "DISPLAYVERSION"; Value: "1.63")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1"; Key: "PUBLISHER"; Value: "CPUID")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1"; Key: "URLINFOABOUT"; Value: "https://www.cpuid.com")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1"; Key: "HELPLINK"; Value: "https://www.cpuid.com")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1"; Key: "URLUPDATEINFO"; Value: "https://www.cpuid.com")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1"; Key: "NOMODIFY"; Value: "0100000000")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1"; Key: "NOREPAIR"; Value: "0100000000")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1"; Key: "INSTALLDATE"; Value: "20260410")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1"; Key: "MAJORVERSION"; Value: "0100000000")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1"; Key: "MINORVERSION"; Value: "3F00000000")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1"; Key: "VERSIONMAJOR"; Value: "0100000000")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1"; Key: "VERSIONMINOR"; Value: "3F00000000")
  "HWiNFO_Monitor_Setup.tmp" (Access type: "SETVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}_IS1"; Key: "ESTIMATEDSIZE"; Value: "0933000000")
  
  source
  
  Registry Access
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1112 (Show technique in the MITRE ATT&CK™ matrix)
Unusual Characteristics
- Contains ability to reboot/shutdown the operating system (API string)
  
  details
  
  Found reference to API "ExitWindowsEx" (Indicator: "ExitWindows"; Source: "00000000-00004792.00000000.253882.00E82000.00000004.mdmp")
  
  source
  
  File/Memory
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1529 (Show technique in the MITRE ATT&CK™ matrix)
- Drops executable files inside temp directory
  
  details
  
  "HWiNFO_Monitor_Setup.tmp" has type "PE32 executable for MS Windows 6.01 (GUI) Intel i386 11 sections"- Location: [%TEMP%\is-V1X3KIG9SZ.tmp\HWiNFO_Monitor_Setup.tmp]- [targetUID: 00000000-00001392]
  "_setup64.tmp" has type "PE32+ executable for MS Windows 5.02 (console) x86-64 5 sections"- Location: [%TEMP%\is-1JFN0P1ZCP.tmp\_isetup\_setup64.tmp]- [targetUID: 00000000-00004792]
  
  source
  
  Binary File
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1105 (Show technique in the MITRE ATT&CK™ matrix)
- Input file contains API references not part of its Import Address Table (IAT)
  
  details
  
  Found string "GetLogicalProcessorInformation" (Source: HWiNFO_Monitor_Setup.exe, API is part of module: KERNELBASE.DLL)
  Found string "GetThreadPreferredUILanguages" (Source: HWiNFO_Monitor_Setup.exe, API is part of module: KERNELBASE.DLL)
  Found string "SetThreadPreferredUILanguages" (Source: HWiNFO_Monitor_Setup.exe, API is part of module: KERNELBASE.DLL)
  Found string "GetThreadUILanguage" (Source: HWiNFO_Monitor_Setup.exe, API is part of module: KERNELBASE.DLL)
  Found string "GetLongPathNameW" (Source: HWiNFO_Monitor_Setup.exe, API is part of module: KERNELBASE.DLL)
  Found string "SetEvent" (Source: HWiNFO_Monitor_Setup.exe, API is part of module: KERNELBASE.DLL)
  Found string "ResetEvent" (Source: HWiNFO_Monitor_Setup.exe, API is part of module: KERNELBASE.DLL)
  Found string "VariantChangeTypeEx" (Source: HWiNFO_Monitor_Setup.exe, API is part of module: OLEAUT32.DLL)
  Found string "VarNeg" (Source: HWiNFO_Monitor_Setup.exe, API is part of module: OLEAUT32.DLL)
  Found string "VarNot" (Source: HWiNFO_Monitor_Setup.exe, API is part of module: OLEAUT32.DLL)
  Found string "VarAdd" (Source: HWiNFO_Monitor_Setup.exe, API is part of module: OLEAUT32.DLL)
  Found string "VarSub" (Source: HWiNFO_Monitor_Setup.exe, API is part of module: OLEAUT32.DLL)
  Found string "VarMul" (Source: HWiNFO_Monitor_Setup.exe, API is part of module: OLEAUT32.DLL)
  Found string "VarDiv" (Source: HWiNFO_Monitor_Setup.exe, API is part of module: OLEAUT32.DLL)
  Found string "VarIdiv" (Source: HWiNFO_Monitor_Setup.exe, API is part of module: OLEAUT32.DLL)
  Found string "VarMod" (Source: HWiNFO_Monitor_Setup.exe, API is part of module: OLEAUT32.DLL)
  Found string "VarAnd" (Source: HWiNFO_Monitor_Setup.exe, API is part of module: OLEAUT32.DLL)
  Found string "VarOr" (Source: HWiNFO_Monitor_Setup.exe, API is part of module: OLEAUT32.DLL)
  Found string "VarXor" (Source: HWiNFO_Monitor_Setup.exe, API is part of module: OLEAUT32.DLL)
  Found string "VarCmp" (Source: HWiNFO_Monitor_Setup.exe, API is part of module: OLEAUT32.DLL)
  Found string "VarI4FromStr" (Source: HWiNFO_Monitor_Setup.exe, API is part of module: OLEAUT32.DLL)
  Found string "VarR4FromStr" (Source: HWiNFO_Monitor_Setup.exe, API is part of module: OLEAUT32.DLL)
  Found string "VarR8FromStr" (Source: HWiNFO_Monitor_Setup.exe, API is part of module: OLEAUT32.DLL)
  Found string "VarDateFromStr" (Source: HWiNFO_Monitor_Setup.exe, API is part of module: OLEAUT32.DLL)
  Found string "VarCyFromStr" (Source: HWiNFO_Monitor_Setup.exe, API is part of module: OLEAUT32.DLL)
  
  source
  
  File/Memory
  
  relevance
  
  10/10
  
  ATT&CK ID
  
  T1106 (Show technique in the MITRE ATT&CK™ matrix)
- Reads the windows installation language
  
  details
  
  "HWiNFO_Monitor_Setup.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LANGUAGE"; Key: "INSTALLLANGUAGEFALLBACK")
  "HWiNFO_Monitor_Setup.tmp" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LANGUAGE"; Key: "INSTALLLANGUAGEFALLBACK")
  
  source
  
  Registry Access
  
  relevance
  
  2/10
  
  ATT&CK ID
  
  T1614.001 (Show technique in the MITRE ATT&CK™ matrix)

File Details

All Details:

OnOff

HWiNFO_Monitor_Setup.exe

Filename: HWiNFO_Monitor_Setup.exe
Size: 4MiB (4233610 bytes)
Type: compressed innosetup
Description: PE32 executable for MS Windows 6.01 (GUI), Intel i386, 11 sections
Architecture
: WINDOWS
SHA256
: eefc0f986dd3ea376a4a54f80ce0dc3e6491165aefdd7d5d6005da3892ce248f
MD5
: cdc459a866361463d719bc89622300f3
SHA1
: 02a53d660332c25af623bbb7df57c2aad1b0b91b
ssdeep
: 49152:VuI2hj6XF18ahT8kRdwIcwcBQSuBP9HqT9LnTiHejJkT6Dt7ON9Vnc:V5Oj6JR8kRdwIHcBIHqxLnmMBJ+c

Resources

Icon

Classification (TrID)

46.7% (.EXE) Inno Setup installer
25.0% (.CPL) Windows Control Panel Item (generic)
18.1% (.EXE) Win32 EXE PECompact compressed (generic)
4.5% (.EXE) Win64 Executable (generic)
1.9% (.EXE) Win32 Executable (generic)

Screenshots

Hybrid Analysis

Tip: Click an analysed process below to view more details.

Analysed 2 processes in total (System Resource Monitor).

HWiNFO_Monitor_Setup.exe /SILENT (PID: 1392) 9/26
- HWiNFO_Monitor_Setup.tmp /SL5="$10034C,3034253,905728,C:\HWiNFO_Monitor_Setup.exe" /SILENT (PID: 4792) Hash Seen Before

Logged Script Calls	Logged Stdout	Extracted Streams	Memory Dumps
Reduced Monitoring	Network Activity	Network Error	Multiscan Match

Network Analysis

DNS Requests

No relevant DNS requests were made.

Contacted Hosts

No relevant hosts were contacted.

HTTP Traffic

No relevant HTTP requests were made.

Extracted Strings

Download All Memory Strings (7.2KiB)

!"#$%&'(!)*+,-./0'

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

!IComparer<System.Rtti.TRttiField>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

!IEqualityComparer<System.Pointer>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

!TArray<System.Rtti.TRttiProperty>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

!This program cannot be run in DOS mode.Rich.text`.rdata@.data.pdata@.rsrcWATAUAVAWHD$pE3D$8HD$hL|$0HD$(ED$xHD$PD|$HD|$@D|$8D|$0D|$(DD$xDD$hLL$`HD$`E3|$0HD$(EA_A^A]A\_VWATHT$`HL$`uL$`HT$hLL$`Hl$XA0A\_^@SUVWHT$hHL$pH\$ Dtc9t$puVLL$`H8_^][COMCTL32.dllStrToInt64ExWStrToIntWSHLWAPI.dllGetLastErrorLocalFreeCloseHandleReadFileWriteFileGetCommandLineWSetConsoleCtrlHandlerSetProcessShutdownParametersSetCurrentDirectoryWGetSystemDirectoryWSetErrorModeExitProcessKERNEL32.dllFreeSidSetNamedSecurityInfoWSetEntriesInAclWAllocateAndInitializeSidGetNamedSecurityInfoWADVAPI32.dllCommandLineToArgvWSHELL32.dllOLEAUT32.dll<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX

Ansi based on File String Dumps (_setup64.tmp)

!TList<System.Pointer>.TEnumerator

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

!TList<System.Pointer>.TEnumerator5

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

!TMethodImplementation.TInvokeInfo

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

!TMethodImplementation.TInvokeInfoK

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

"%PROGRAMFILES%\CPUID\HWiNFO\unins000.exe"

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

"%PROGRAMFILES%\CPUID\HWiNFO\unins000.exe" /SILENT

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

"%TEMP%\is-V1X3KIG9SZ.tmp\HWiNFO_Monitor_Setup.tmp" /SL5="$10034C,3034253,905728,C:\HWiNFO_Monitor_Se

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.exe )

"IComparer<System.Rtti.TRttiMethod>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

"IComparer<System.TCustomAttribute>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

"TArray<System.Rtti.TRttiParameter>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

"Variant method calls not supported

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

#D$`#T$d3

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

#IEnumerable<System.Rtti.TRttiField>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

#TEnumerable<System.Rtti.TRttiField>'

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

#TEnumerable<System.Rtti.TRttiField>,

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

#TEnumerator<System.Rtti.TRttiField>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

#TEnumerator<System.Rtti.TRttiField>(

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

$IComparer<System.Rtti.TRttiProperty>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

$IEnumerable<System.Rtti.TRttiMethod>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

$IEnumerable<System.TCustomAttribute>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

$TArray<System.TypInfo.TElementAlias>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

$TEnumerable<System.Rtti.TRttiMethod>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

$TEnumerable<System.Rtti.TRttiMethod>'

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

$TEnumerable<System.Rtti.TRttiObject>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

$TEnumerable<System.Rtti.TRttiObject>'

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

$TEnumerable<System.TCustomAttribute>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

$TEnumerable<System.TCustomAttribute>'

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

$TEnumerator<System.Rtti.TRttiMethod>(

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

$TEnumerator<System.Rtti.TRttiMethod>x

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

$TEnumerator<System.Rtti.TRttiObject>(

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

$TEnumerator<System.Rtti.TRttiObject>P^D

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

$TEnumerator<System.TCustomAttribute>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

$TEnumerator<System.TCustomAttribute>(

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

$TList<System.Rtti.TRttiManagedField>&

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

$TList<System.Rtti.TRttiManagedField>t

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

$TMultiReadExclusiveWriteSynchronizer

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

$TMultiReadExclusiveWriteSynchronizer&

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

%&'()*+,

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

%&'()*+,-.

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\CPUID

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\CPUID\HWiNFO

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%GUID:"Computer"%

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%LazyLoadAttributes.MakeClosure$0$Intf

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

%LazyLoadAttributes.MakeClosure$ActRec

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

%PROGRAMFILES%\CPUID

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%PROGRAMFILES%\CPUID\HWiNFO

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%PROGRAMFILES%\CPUID\HWiNFO\

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%PROGRAMFILES%\CPUID\HWiNFO\CRYPTBASE.dll

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%PROGRAMFILES%\CPUID\HWiNFO\HWiNFO.exe

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%PROGRAMFILES%\CPUID\HWiNFO\hwm_readme.txt

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%PROGRAMFILES%\CPUID\HWiNFO\HWMonitor.exe

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%PROGRAMFILES%\CPUID\HWiNFO\is-6A6AUP6767.tmp

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%PROGRAMFILES%\CPUID\HWiNFO\is-96Q5IE2WSZ.tmp

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%PROGRAMFILES%\CPUID\HWiNFO\is-BJKFJATABB.tmp

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%PROGRAMFILES%\CPUID\HWiNFO\is-DZZ74NCPUI.tmp

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%PROGRAMFILES%\CPUID\HWiNFO\is-F54G98LCMX.tmp

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%PROGRAMFILES%\CPUID\HWiNFO\is-FNEYTLL0RX.tmp

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%PROGRAMFILES%\CPUID\HWiNFO\is-TI156WG2Y2.tmp

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%PROGRAMFILES%\CPUID\HWiNFO\unins000.dat

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%PROGRAMFILES%\CPUID\HWiNFO\unins000.exe

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%PROGRAMFILES%\CPUID\HWiNFO\unins000.msg

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%PROGRAMFILES%\CPUID\HWiNFO\unins???.*

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%s (%s, line %d)

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

%s.Seek not implemented

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

%TArray<System.Rtti.TRttiManagedField>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

%TCollectionNotifyEvent<System.string>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

%TEMP%\is-1JFN0P1ZCP.tmp

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%TEMP%\is-1JFN0P1ZCP.tmp\*

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%TEMP%\is-1JFN0P1ZCP.tmp\_isetup

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%TEMP%\is-1JFN0P1ZCP.tmp\_isetup\*

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%TEMP%\is-V1X3KIG9SZ.tmp

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.exe )

%TEMP%\is-V1X3KIG9SZ.tmp\HWiNFO_Monitor_Setup.en

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%TEMP%\is-V1X3KIG9SZ.tmp\HWiNFO_Monitor_Setup.EN

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%TEMP%\is-V1X3KIG9SZ.tmp\HWiNFO_Monitor_Setup.en-US

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%TEMP%\is-V1X3KIG9SZ.tmp\HWiNFO_Monitor_Setup.ENU

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%TEMP%\is-V1X3KIG9SZ.tmp\HWiNFO_Monitor_Setup.tmp

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

%TEnumerable<System.TypInfo.PTypeInfo>'

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

%TEnumerable<System.TypInfo.PTypeInfo>4

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

%TEnumerator<System.TypInfo.PTypeInfo>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

%TEnumerator<System.TypInfo.PTypeInfo>(

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

%TMethodImplementation.PInterceptFrame(

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

%TMethodImplementation.TInterceptFrame(

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

%WINDIR%\system32\bcrypt.dll

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.exe )

%WINDIR%\system32\Rstrtmgr.dll

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%WINDIR%\system32\sfc.dll

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%WINDIR%\system32\shell32.dll

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%WINDIR%\system32\shfolder.dll

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

%WINDIR%\system32\uxtheme.dll

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

&IEnumerable<System.Rtti.TRttiProperty>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

&op_Addition

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

&op_Equality

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

&op_Explicit

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

&op_GreaterThan

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

&op_GreaterThanOrEqual

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

&op_Implicit

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

&op_Inequality

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

&op_LessThan

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

&op_LessThanOrEqual

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

&op_Subtraction

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

&op_UnaryNegation

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

&op_UnaryPlus

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

&TArray<System.Rtti.TRttiInterfaceType>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

&TArray<System.SysUtils.TUnitHashEntry>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

&TArray<System.TypInfo.TEnumAliasEntry>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

&TCollectionNotifyEvent<System.Pointer>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

&TEnumerable<System.Rtti.TRttiProperty>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

&TEnumerable<System.Rtti.TRttiProperty>'

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

&TEnumerator<System.Rtti.TRttiProperty>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

&TEnumerator<System.Rtti.TRttiProperty>(

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

&TList<System.Rtti.TRttiField>.arrayofT

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

'TList<System.Rtti.TRttiField>.ParrayofTT

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

'TList<System.Rtti.TRttiMethod>.arrayofT

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

'TList<System.TCustomAttribute>.arrayofT

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

'TMethodImplementation.TRuntimeTypeInfos

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

'TMethodImplementation.TRuntimeTypeInfos&

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

(A;OICI;FA;;;BA)

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

(A;OICI;FA;;;SY)

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

(basic) procedure

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

(IComparer<System.Rtti.TRttiManagedField>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

(orphan package)

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

(TArray<System.Rtti.TRttiIndexedProperty>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

(TList<System.Rtti.TRttiField>.TEmptyFunc

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

(TList<System.Rtti.TRttiMethod>.ParrayofT

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

(TList<System.TCustomAttribute>.ParrayofT82E

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

(TRttiPool.GetPackageList.DoUpdate$0$Intf

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

(TRttiPool.GetPackageList.DoUpdate$ActRec

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

):TMethodImplementation.TInterceptFrame.:1

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

)TList<System.Rtti.TPrivateHeap.THeapItem>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

)TList<System.Rtti.TPrivateHeap.THeapItem>&

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

)TList<System.Rtti.TRttiField>.TEnumerator

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

)TList<System.Rtti.TRttiField>.TEnumerator5

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

)TList<System.Rtti.TRttiMethod>.TEmptyFunc

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

)TList<System.Rtti.TRttiProperty>.arrayofT

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

)TList<System.TCustomAttribute>.TEmptyFunc

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

*IEnumerable<System.Rtti.TRttiManagedField>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

*TArray<System.Rtti.TPrivateHeap.THeapItem>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

*TEnumerable<System.Rtti.TRttiManagedField>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

*TEnumerable<System.Rtti.TRttiManagedField>'

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

*TEnumerator<System.Rtti.TRttiManagedField>(

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

*TEnumerator<System.Rtti.TRttiManagedField>H

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

*TList<System.Rtti.TRttiMethod>.TEnumerator

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

*TList<System.Rtti.TRttiMethod>.TEnumerator5

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

*TList<System.Rtti.TRttiProperty>.ParrayofTP

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

*TList<System.TCustomAttribute>.TEnumerator

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

*TList<System.TCustomAttribute>.TEnumerator5

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

*TMethodImplementation.PFirstStageIntercept

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

*TMethodImplementation.TFirstStageIntercept

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

+IEqualityComparer<System.TypInfo.PTypeInfo>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

+TList<System.Rtti.TRttiProperty>.TEmptyFunc

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

,TList<System.Rtti.TRttiProperty>.TEnumerator

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

,TList<System.Rtti.TRttiProperty>.TEnumerator5

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

-IComparer<System.Rtti.TPrivateHeap.THeapItem>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

-TArray<System.TArray<System.Rtti.TRttiField>>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

-TFunc<System.TArray<System.TCustomAttribute>>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

-TList<System.Rtti.TRttiManagedField>.arrayofT

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

-TPair<System.Pointer,System.Rtti.TRttiObject>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

-TPair<System.string,System.TypInfo.PTypeInfo>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

-TPair<System.TypInfo.PTypeInfo,System.string>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

. %s is empty+Out of memory while expanding memory stream)%s has not been registered as a COM class

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

. %s range is 0..%d

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

.DEFAULT\Control Panel\International

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

.TArray<System.TArray<System.Rtti.TRttiMethod>>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

.TArray<System.Types.TMultiWaitEvent.TWaitInfo>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

.TCollectionNotifyEvent<System.Rtti.TRttiField>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

.TList<System.Rtti.TRttiManagedField>.ParrayofT

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

/ALLUSERSInstructs Setup to install in administrative install mode./CURRENTUSERInstructs Setup to install in non administrative install mode.

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

/%PROGRAMFILES%\PUIDHWiNFOHWiNFO.exe%SystemDrive%\Program Files\CPUID\HWiNFO\HWiNFO.exe

Ansi based on File String Dumps (HWiNFO Monitor.lnk)

/%PROGRAMFILES%\PUIDHWiNFO\gy unins000.exeC:\Program Files\CPUID\HWiNFO\unins000.exehk2lovh86kohwgg1SPS|O)Dv< -uV

Ansi based on File String Dumps (#U0423#U0434#U0430#U043b#U0438#U0442#U044c HWiNFO Monitor.lnk)

/IEnumerable<System.Rtti.TPrivateHeap.THeapItem>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

/Password=

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

/SL5="$%x,%d,%d,

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

/SL5="$10034C,3034253,905728,C:\HWiNFO_Monitor_Setup.exe" /SILENT

Ansi based on Process Commandline (HWiNFO_Monitor_Setup.tmp , HWiNFO_Monitor_Setup.tmp)

/SPAWNWND=

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

/SuppressMsgBoxes

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

/TCollectionNotifyEvent<System.Rtti.TRttiMethod>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

/TCollectionNotifyEvent<System.Rtti.TRttiObject>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

/TCollectionNotifyEvent<System.TCustomAttribute>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

/TEnumerable<System.Rtti.TPrivateHeap.THeapItem>'

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

/TEnumerable<System.Rtti.TPrivateHeap.THeapItem>puD

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

/TEnumerator<System.Rtti.TPrivateHeap.THeapItem>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

/TEnumerator<System.Rtti.TPrivateHeap.THeapItem>(

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

/TList<System.Rtti.TRttiManagedField>.TEmptyFunc

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

/VerySilent

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

05f95efe-7f75-49c7-a994-60a55cc09571

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

0e0fe12b-e926-44d2-8cf1-8a62a6d44036

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

0TArray<System.TArray<System.Rtti.TRttiProperty>>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

0TCollectionNotifyEvent<System.TypInfo.PTypeInfo>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

0TList<System.Rtti.TRttiManagedField>.TEnumerator

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

0TList<System.Rtti.TRttiManagedField>.TEnumerator5

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

1200 (Unicode)

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

139299bb-9394-5058-dd33-9422e5903fc3

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

18608e62-a628-49d9-8c02-55972e097d24

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

1aff6089-e863-4d36-bdfd-3581f07440be

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

1TCollectionNotifyEvent<System.Rtti.TRttiProperty>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

2TList<System.Rtti.TMethodImplementation.TParamLoc>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

2TList<System.Rtti.TMethodImplementation.TParamLoc>&

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

2TList<System.Rtti.TPrivateHeap.THeapItem>.arrayofT

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

30336ed4-e327-447c-9de0-51b652c86108

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

32-bit Edition

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

32980f26-c8f5-5767-6b26-635b3fa83c61

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

3c74afb9-8d82-44e3-b52c-365dbf48382a

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

3f30522e-d47a-407c-9067-2e928d00d54e

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

3TArray<System.Rtti.TMethodImplementation.TParamLoc>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

3TDictionary<System.Pointer,System.Rtti.TRttiObject> gD

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

3TDictionary<System.Pointer,System.Rtti.TRttiObject>&

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

3TDictionary<System.string,System.TypInfo.PTypeInfo>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

3TDictionary<System.string,System.TypInfo.PTypeInfo>&

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

3TDictionary<System.TypInfo.PTypeInfo,System.string>&

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

3TDictionary<System.TypInfo.PTypeInfo,System.string>x

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

3TList<System.Rtti.TPrivateHeap.THeapItem>.ParrayofT

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

496b3c19-9dca-51a5-187c-5c746785fe4e

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

4e7add1a-6945-435a-82b6-612688ba9f57

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

4TList<System.Rtti.TPrivateHeap.THeapItem>.TEmptyFunc

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

504665a2-31f7-4b2f-bf1b-9635312e8088

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

57a6ed1a-79f7-5011-b242-4784e5620cf7

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

5eb60b36-6206-5538-e60a-0a7af8a1e59d

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

5TCollectionNotifyEvent<System.Rtti.TRttiManagedField>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

5TList<System.Rtti.TPrivateHeap.THeapItem>.TEnumerator

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

5TList<System.Rtti.TPrivateHeap.THeapItem>.TEnumerator5

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

64-bit Edition

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

673cf800-208a-5327-3f4b-2be44a66627a

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

6IComparer<System.Rtti.TMethodImplementation.TParamLoc>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

703fcc13-b66f-5868-ddd9-e2db7f381ffb

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

7c29709d-3c02-47fb-8a39-d8287522fadb

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

7TArray<System.TArray<System.Rtti.TRttiIndexedProperty>>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

8ccca27d-f1d8-4dda-b5dd-339aee937731

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

8d07cb9d-ca74-44e4-b389-c7068a51393e

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

8IEnumerable<System.Rtti.TMethodImplementation.TParamLoc>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

8TEnumerable<System.Rtti.TMethodImplementation.TParamLoc>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

8TEnumerable<System.Rtti.TMethodImplementation.TParamLoc>'

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

8TEnumerator<System.Rtti.TMethodImplementation.TParamLoc> ;D

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

8TEnumerator<System.Rtti.TMethodImplementation.TParamLoc>(

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

9TDictionary<System.Pointer,System.Rtti.TRttiObject>.TItem

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

9TDictionary<System.string,System.TypInfo.PTypeInfo>.TItem

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

9TDictionary<System.TypInfo.PTypeInfo,System.string>.TItem

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

9TObjectDictionary<System.Pointer,System.Rtti.TRttiObject>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

9TObjectDictionary<System.Pointer,System.Rtti.TRttiObject>M

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

:;;;;;;;;<<<<<<<<<<<<<<<<<<<<<<<<<

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

:TCollectionNotifyEvent<System.Rtti.TPrivateHeap.THeapItem>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

:TFormatSettings.:10

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

:TFormatSettings.:20

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

:TFormatSettings.:3

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

:TFormatSettings.:4

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

:TFormatSettings.:5

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

:TInstHashMap.:1<

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

:TInternalEraInfoRecord.:1

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

:TListHelper.:3

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

:TListHelper.:4

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

:TMultiWaitEvent.TMultiWaiter.:1

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

:TPropData.:1

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

;TList<System.Rtti.TMethodImplementation.TParamLoc>.arrayofT

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

<@t!QS<$t<*t0

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

<TList<System.Rtti.TMethodImplementation.TParamLoc>.ParrayofT

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

= function

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

= procedure

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

=TList<System.Rtti.TMethodImplementation.TParamLoc>.TEmptyFunc

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

>TDictionary<System.Pointer,System.Rtti.TRttiObject>.TItemArray

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

>TDictionary<System.string,System.TypInfo.PTypeInfo>.TItemArray

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

>TDictionary<System.TypInfo.PTypeInfo,System.string>.TItemArray

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

>TList<System.Rtti.TMethodImplementation.TParamLoc>.TEnumerator AD

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

>TList<System.Rtti.TMethodImplementation.TParamLoc>.TEnumerator5

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

?@ABCDEFG

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

@GetPackageInfoTable

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

@klmn-opqArstu

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

@w+AUUUUUU

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

[ExceptObject=nil]

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

\Device\HarddiskVolume3\Users\%OSUSER%\AppData\Local\Temp\is-V1X3KIG9SZ.tmp\HWiNFO_Monitor_Setup.tmp

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

\PIPE\srvsvc

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

]ï¿½vï¿½jYï¿½Lï¿½

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

_LIST_ENTRY

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

_Reserved1

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

_RTL_CRITICAL_SECTION

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

_RTL_CRITICAL_SECTION_DEBUG

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

A call to an OS function failed

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

a40b455c-253c-4311-ac6d-6e667edccefc

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

AAttrClass

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

abc?defg

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

abcddddddddde

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Abstract ErrorKAccess violation at address %p in module '%s' (offset %x). %s of address %p

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ACallback

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ACallConv

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ACapacity

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Access violation

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ACollection

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AComparer

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AConstant

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AcquireSRWLockExclusive

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

ActivateAtStorage

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ActivateOnHostFlags

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

AddInstItem

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AddOrSetValue

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AddParameter

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ADefaultEncoding

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ADictionary

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ADMXMetadataBoth

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ADMXMetadataDevice

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ADMXMetadataUser

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

advapi32.dll

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AElCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AEncoding

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

aExtended80

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AFormatSettings

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AfterConstruction

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AggressiveMTATesting

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

AHasSelf

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AHelpContext

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AHighLoc

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AInstance

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AInterfaceList

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AllowFileCLSIDJunctions

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

AllowFree

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AlphaBlend

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

AlternateCodePage

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

AlwaysShowExt

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

An unexpected memory leak has occurred.

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Ancestor for '%s' not found

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AnimateWindow

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

AnsiChar

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AnsiString

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AOpenArray

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AOperator

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AParameters

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

api-ms-win-core-fibers-l1-1-0

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

api-ms-win-core-fibers-l1-1-1

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.exe )

api-ms-win-core-localization-l1-2-1

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.exe )

api-ms-win-core-synch-l1-2-0

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.exe )

api-ms-win-core-synch-l1-2-0.dll

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.exe )

AppIDFlags

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Application Error1Format '%s' invalid or incompatible with argument

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AppsUseLightTheme

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

AQualifiedName

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ArbitrationPriority

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

AreDpiAwarenessContextsEqual

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

AreFileApisANSI

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

AReturnType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Argument out of range

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ArrayData

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ArrayTypeInfo

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AsBoolean

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AsCurrency

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ASelfTypeHandle

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ASetDefault

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AsExtended

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AsInstance

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AsInteger

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AsInterface

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AsObject

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AsOrdinal

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ASpinCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AsRecord

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Assertion failed

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Assertion failure

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AsString

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AStartIndex

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AsUInt64

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AsVariant

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AsVarRec

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Attributes

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Attributes_36354489

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ATypeInfo

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ATypeInfos

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AugustSeptember

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AUserData

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AuthenticationLevel

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

AuthenticodeEnabled

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

AutoCheckSelect

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

AVarType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

AvoidKnownFolderCaching

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

az-Cyrl-AZ

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

az-Latn-AZ

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

b6fd710b-f783-4b1c-ab9c-c68099dcc0c7

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

b749553b-d950-5e03-6282-3145a61b1002

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

BaseAddress

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

BaseException

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

BaseTypel

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

bcrypt.dll

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

BCryptGenRandom

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

BeforeDestruction

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

BeginRead

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

BeginUpdate

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

BeginWrite

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Behavior

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

bf30465b-e93c-46fd-9cdf-f41c8904a01f

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

BigEndian

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

BinaryOp

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

BinarySearch

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

BlockedCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

BrowseInPlace

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

bs-Cyrl-BA

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

bs-Latn-BA

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

BTDictionary<System.Pointer,System.Rtti.TRttiObject>.TKeyCollection

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

BTDictionary<System.Pointer,System.Rtti.TRttiObject>.TKeyCollection;

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

BTDictionary<System.Pointer,System.Rtti.TRttiObject>.TKeyEnumerator

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

BTDictionary<System.Pointer,System.Rtti.TRttiObject>.TKeyEnumerator;

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

BTDictionary<System.string,System.TypInfo.PTypeInfo>.TKeyCollection

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

BTDictionary<System.string,System.TypInfo.PTypeInfo>.TKeyCollection;

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

BTDictionary<System.string,System.TypInfo.PTypeInfo>.TKeyEnumerator

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

BTDictionary<System.string,System.TypInfo.PTypeInfo>.TKeyEnumerator;

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

BTDictionary<System.TypInfo.PTypeInfo,System.string>.TKeyCollection

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

BTDictionary<System.TypInfo.PTypeInfo,System.string>.TKeyCollection;

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

BTDictionary<System.TypInfo.PTypeInfo,System.string>.TKeyEnumerator

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

BTDictionary<System.TypInfo.PTypeInfo,System.string>.TKeyEnumerator;

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

BufferedPaintInit

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

BufferedPaintUnInit

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ByteCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ByteIndex

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ByteOffset

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

c11543b0-3a34-4f10-b50b-4ddb76ff2c6e

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

c1376338-0984-48b8-b933-9c7d779fd84d

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

c69cb70a-3133-4cca-ab0e-046848effcda

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

c7e09e2a-c663-5399-af79-2fccd321d19a

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

C:\...\Microsoft\Windows\Start Menu\Programs\CPUID\HWiNFO\

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

C:\...\Microsoft\Windows\Start Menu\Programs\CPUID\HWiNFO\HWiNFO Monitor.lnk

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

C:\HWiNFO_Monitor_Setup.en

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.exe )

C:\HWiNFO_Monitor_Setup.EN

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.exe )

C:\HWiNFO_Monitor_Setup.en-US

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.exe )

C:\HWiNFO_Monitor_Setup.ENU

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.exe )

ca967c75-04bf-40b5-9a16-98b5f9332a92

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

CallForAttributes

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

CallingConvention

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Cannot assign a %s to a %sECheckSynchronize called from thread $%x, which is NOT the main thread

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CastToOle

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CastToVarRec

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Category

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ccPascalccStdCallccSafeCall

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ChangeWindowMessageFilterEx

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

CharCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CharIndex

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CheckTokenMembership

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Ci\Program

Ansi based on Image Processing (screen_1.png)

Class %s not found%List does not allow duplicates ($0%x)#A component named %s already exists$''%s'' is not a valid component name

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ClassicShell

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ClassInfo

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ClassName

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ClassNameIs

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ClassParent

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ClassRefAttrData

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ClassType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CleanupInstance

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ClearAndResetID

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CloseThemeData

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

CloseThreadpoolTimer

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

CloseThreadpoolWait

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

CloseThreadpoolWork

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

cnExtractedcnDeletingcnRemoved

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

cnExtracting

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CoAddRefServerProcess

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

CoCreateInstance

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

CoCreateInstanceEx

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

CodeAddress

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CodeInstance

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CoGetClassObject

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

CoGetInstanceFromFile

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

CoGetInstanceFromIStorage

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

CoInitializeEx

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Collection

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Collisions

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ColorManagementVersion

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Com+Enabled

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

comctl32.dll

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Common Desktop

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Common Documents

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Common Programs

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Common Startup

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

CommonFilesDir

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

CommonMusic

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

CommonPictures

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

CommonVideo

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

CompanyName

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CompareOp

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CompareStringEx

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

CompareStringOrdinal

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Compressed block is corrupted

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

constructor

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ContainerFormat

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ContainsKey

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ContainsValue

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ContentionCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CoReleaseServerProcess

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

CoResumeClassObjects

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

CoSuspendClassObjects

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

CPUID\HWiNFO

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

create a Start Menu folder check box./TYPE=type nameOverrides the default setup type./COMPONENTS="comma separated list of component names"Overrides the default component settings./TASKS="comma separated list of task names"Specifies a list of tasks that should be initially selected./MERGETASKS="comma separated list of task names"Like the /TASKS parameter, except the specified tasks will be merged with the set of tasks that would have otherwise been selected by default./PASSWORD=passwordSpecifies the password to use.

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CreateEmpty

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CreateEventExW

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

CreateFmt

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CreateFmtHelp

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CreateHelp

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CreateImplementation

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CreateRes

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CreateResFmt

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CreateResFmtHelp

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CreateResHelp

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CreateReturn

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CreateSemaphoreExW

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

CreateSemaphoreW

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

CreateSymbolicLinkW

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

CreateThreadpoolTimer

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

CreateThreadpoolWait

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

CreateThreadpoolWork

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

CreateWithoutCopy

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CreatorBackTraceIndex

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

crEqualcrGreaterThan

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CriticalSection

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

crLessThan

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CTCollectionNotifyEvent<System.Rtti.TMethodImplementation.TParamLoc>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CTDictionary<System.Pointer,System.Rtti.TRttiObject>.TPairEnumerator0eD

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CTDictionary<System.Pointer,System.Rtti.TRttiObject>.TPairEnumerator;

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CTDictionary<System.string,System.TypInfo.PTypeInfo>.TPairEnumerator

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CTDictionary<System.string,System.TypInfo.PTypeInfo>.TPairEnumerator;

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CTDictionary<System.TypInfo.PTypeInfo,System.string>.TPairEnumerator

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CTDictionary<System.TypInfo.PTypeInfo,System.string>.TPairEnumerator;

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

cts Setup to attempt closing applications using files that need to be updated, or prevents it from doing so./FORCECLOSEAPPLICATIONS, /FORCENOCLOSEAPPLICATIONSInstructs Setup to force close when closing applications, or prevents it from doing so./LOGCLOSEAPPLICATIONSInstructs Setup to create extra logging when closing applications for debugging purposes./RESTARTAPPLICATIONS, /NORESTARTAPPLICATIONSInstructs Setup to attempt restarting applications, or prevents it from doing so./REDIRECTIONGUARD, /NOREDIRECTIONGUARDInstructs Setup to attempt enabling RedirectionGuard, or prevents it from doing so./LOADINF="filename", /SAVEINF="filename"Instructs Setup to load the settings from the specified file after having checked the command line, or to save them to it./LANG=languageSpecifies the internal name of the language to use./DIR="x:\dirname"Overrides the default directory name./GROUP="folder name"Overrides the default folder name./NOICONSInstructs Setup to initially check the Don't

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CurIndex

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CurrencyDecimals

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CurrencyFormat

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CurrencyString

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Current gD

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CurrentBuild

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CurrentBuildNumber

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CurrentMajorVersionNumber

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CurrentMinorVersionNumber

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CurrentP&D

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CurrentpuD

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

CurrentVersion

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

d0f1a5c6-fc43-48ae-99bf-efb1c38be9d1

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

D:\Coding\Is\issrc-build\Components\ChaCha20.pas

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DataFilePath

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

DataInstance

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DateSeparator

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ddddddddd

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DebugInfo

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DecimalSeparator

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DeclaringUnitName

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DecodePointer

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

DefaultHandler

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DeferPrecreateAndRedirect

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

DefineOpenArray

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DefinitionFlags

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

DeleteRange

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DELPHICLASS TRttiMethod; DELPHICLASS TRawVirtualClass

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Description

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

desktopicon

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Destination

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

destructor

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DeviceManufacturer

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

DeviceModels

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

DimCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DimensionCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Dimensions

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Direction

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DisableDoubleQuerySdbs

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

DisableKnownFolders

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

DisableMetaFiles

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

DisableProcessWindowsGhosting

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

DisableThumbnailsOnNetworkFolders

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Dispatch

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DispatchKind

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DisplayIcon

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

DisplayName

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DisplayVersion

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

DisposeOf

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Division by zero

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

dkInterface

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

dkVtabledkDynamicdkMessage

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DllSurrogate

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

DocObject

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

DontPrettyPath

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

DontShowSuperHidden

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

doOwnsKeys

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

doOwnsValues

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DPLProtectionLevel

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

DrawThemeBackground

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

DrawThemeEdge

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

DrawThemeIcon

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

DrawThemeParentBackground

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

DrawThemeText

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

DrawThemeTextEx

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

DriveMask

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

DropContext

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

dsb-DE,dsb,hsb

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DTDictionary<System.Pointer,System.Rtti.TRttiObject>.TValueCollection

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DTDictionary<System.Pointer,System.Rtti.TRttiObject>.TValueCollection;

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DTDictionary<System.Pointer,System.Rtti.TRttiObject>.TValueEnumerator

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DTDictionary<System.Pointer,System.Rtti.TRttiObject>.TValueEnumerator;

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DTDictionary<System.string,System.TypInfo.PTypeInfo>.TValueCollection

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DTDictionary<System.string,System.TypInfo.PTypeInfo>.TValueCollection;

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DTDictionary<System.string,System.TypInfo.PTypeInfo>.TValueEnumerator

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DTDictionary<System.string,System.TypInfo.PTypeInfo>.TValueEnumerator;

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DTDictionary<System.TypInfo.PTypeInfo,System.string>.TValueCollection;

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DTDictionary<System.TypInfo.PTypeInfo,System.string>.TValueCollection`

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DTDictionary<System.TypInfo.PTypeInfo,System.string>.TValueEnumerator;

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DTDictionary<System.TypInfo.PTypeInfo,System.string>.TValueEnumeratorl

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

dupIgnoredupAccept

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Duplicates not allowed

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DupsAllowed

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Duration

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DWMAPI.DLL

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

DwmExtendFrameIntoClientArea

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

DwmIsCompositionEnabled

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

DwmSetWindowAttribute

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

DynArrAttrData

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DynArrElType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DynUnitName

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

DynUnitNameFld

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EAbort\sA

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EAbstractError

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EAccessViolation

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EArgumentException

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EArgumentException|pA

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EArgumentOutOfRangeException

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EArgumentOutOfRangeException4qA

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EAssertionFailed

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EAssertionFailed@

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ebadf775-48aa-4bf3-8f8e-ec68d113c98e

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

EClassNotFound

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EClassNotFoundX

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EComponentError

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EControlC

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EConvertError

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EDivByZero

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EDivByZeroLyA

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EDPShowIcons

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

EEncodingError

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EExternal

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EExternal(wA

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EExternalException

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EFilerError

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EFilerError`

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EHashException

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EHeapException

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EHeapException,

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EInOutError

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EInOutErrorA

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EInsufficientRtti

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EInsufficientRttix

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EIntError

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EIntfCastError

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EIntOverflow

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EInvalidCast

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EInvalidCast8

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EInvalidOp

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EInvalidOperation

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EInvalidOpException

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EInvalidPointer

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EInvocationError

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EInvocationError(

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ElementCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ElementSize

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ElementType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EListError

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EMathError

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EMathErrorD{A

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EMonitorLockException

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EMonitorLockExceptiond

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EmptyAsAnyType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EnableAnchorContext

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

EnablePerProcessSystemDPI

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

EnableThemeDialogTexture

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

EnableTheming

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

EncodePointer

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

EncodingName

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EndUpdate

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EndWrite

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ENoMonitorSupportException

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ENonPublicType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ENotImplemented

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EntryCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EObjectDisposed

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EOSErrorP

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EOutOfMemory

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EOverflow<}A

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EOverflowX}A

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EPrivilege

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EPrivilege<

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EPropReadOnly

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EPropWriteOnly

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EraCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ERangeError

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EraOffset

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EReadError

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Error reading %s%s%s: %s

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ErrorCode

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

es-ES_tradnl

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ESafecallException

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EStackOverflow

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EstimatedSize

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

EStreamError

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EUnderflow

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EVariantArrayCreateError

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EVariantArrayLockedError

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EVariantBadIndexError

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EVariantBadIndexError0

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EVariantBadVarTypeError

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EVariantBadVarTypeErrorH

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EVariantDispatchError

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EVariantDispatchError|

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EVariantError8

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EVariantErrorX

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EVariantInvalidArgError

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EVariantInvalidNullOpError

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EVariantInvalidNullOpError8

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EVariantInvalidOpError

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EVariantInvalidOpErrorP~B

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EVariantNotImplError

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EVariantNotImplErrorD

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EVariantOutOfMemoryError

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EVariantOverflowError

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EVariantTypeCastError

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EVariantTypeCastError8

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EVariantUnexpectedError

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EventCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EWriteError

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ExceptAddr

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Exception

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Exception in safecall method

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Exception3

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ExceptionAddress

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ExceptionCode

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ExceptionFlags

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ExceptionInformation

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ExceptionRecord

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ExceptObject

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Exchange

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

External exception %x

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ExtractAt

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ExtractItem

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ExtractPair

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ExtractRawData

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ExtractRawDataNoCopy

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

EZeroDivide

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

f0558438-f56a-5987-47da-040ca75aef05

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

f25bcd2e-2690-55dc-3bc4-07b65b1b41c9

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

f3a71a4b-6118-4257-8ccb-39a33ba059d4

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

f85b4793-1347-5620-7572-b79d5a28da82

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

FAcquireInnerException

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FAllocated

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FAsDouble

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FAsExtended

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FAsMethod

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FAsObject

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FAsPointer

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FAsSByte

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FAsSingle

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FAsSInt64

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FAsSLong

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FAsSWord

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FAsUByte

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FAsUInt64

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FAsULong

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FAsUWord

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FAttributeGetter

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Favorites

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

fb2a6d3f-0896-532e-77fc-2d9191d1c717

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

FBaseAddress

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FBlockedCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FBuckets

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FByRefParam

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FCallback

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FCallConv

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FCallerPopsStack

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FCapacity

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FClassTab

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FCodePage

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FCollection

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FCompare

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FComparer

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FConstant

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FContextToken

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FDictionary

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Feature not implemented Method called on disposed object

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ffdb0cfd-833c-4f16-ad3f-ec4be3cc1af5

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

FFieldType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FFreeCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FFreeInstItems

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FGHIJKLMN&OPQRS

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FGlobalContextCounter

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FGlobalContextToken

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FGrowThreshold

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FHandleToObject

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FHashTable

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FHasSelf

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FHelpContext

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FieldAddress

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FieldOffset

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FieldType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

File access denied

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

File I/O error %d

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

File not found

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FileDescription

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FileExtensions

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Files\CPUID\HWINFO\unins000.exe

Ansi based on Image Processing (screen_1.png)

FileVersion

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

finalizer

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FIndexedProps

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FindInstItem

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FindItemID

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FindType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FInitialized

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FInitLock

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FInnerException

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FInstance

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FInstanceMethod

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FInstItems

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FInterfaceList

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FInvokeInfo

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FipsAlgorithmPolicy

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

FiredEvent

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FIsMoved

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FIsSingleByte

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FItemClass

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FKeyCollection

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FLatestPackageList

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FlatSB_EnableScrollBar

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

FlatSB_GetScrollInfo

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

FlatSB_GetScrollPos

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

FlatSB_GetScrollProp

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

FlatSB_GetScrollRange

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

FlatSB_SetScrollInfo

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

FlatSB_SetScrollPos

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

FlatSB_SetScrollProp

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

FlatSB_SetScrollRange

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

FlatSB_ShowScrollBar

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

FldOffset

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FListObj

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Floating point division by zero

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Floating point overflow

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Floating point underflow

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FloatType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FLocation

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FLockCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FLockEvent

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FlsGetValue

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

FlsSetValue

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

FlushProcessWriteBuffers

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

FMaxCharSize

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FMBToWCharFlags

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FMethodBuckets

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FMethods

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FMethOfs

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FNameToType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FolderTypeID

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

FolderValueFlags

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

FOnKeyNotify

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FOnNotify

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FOnValueNotify

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FOpenArray

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

For more detailed information, please visit https://jrsoftware.org/ishelp/index.php?topic=setupcmdline

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FOrphanPackage

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FoundIndex

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FOwnerships

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FOwningThread

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FPackageVer

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FPageSize

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FParameters

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FParamList

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FParamType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FProcSig

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FPropertyType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FPropName

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FQueueLock

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Fraction

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FReadMethData

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FReadMethod

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FReadPropData

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FReadSignal

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FRecursionCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FreeEncodings

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FreeInstance

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FreeLibraryWhenCallbackReturns

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

FRefCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FResultFP

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FResultLoc

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FReturnType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FReturnTypeInfo

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FRevisionLevel

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FriendlyName

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

FromArray

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FromBeginning

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FromDays

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FromHours

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FromMilliseconds

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FromMinutes

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FromOrdinal

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FromSeconds

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FromTicks

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FromVariant

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FromVarRec

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FRttiDataSize

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FSafeExcHandler

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FSection

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FSentinel

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FSetDefault

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

fsNDenormalfsPositivefsNegative

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

fsNZerofsDenormal

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FSpinCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FStackInfo

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FStackSize

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FStateAndSpin

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FTagCounter

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ftDoubleftExtended

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FTotalMethodCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ftSingle

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FTypeInfo

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FTypeInfos

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FTypeToName

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FUpdateCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FUserData

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FValueCollection

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FValueData

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FVarType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FVirtCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FVirtualIndex

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FWaiters

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FWaitQueue

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FWaitRecycle

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FWCharToMBFlags

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FWriteMethod

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FWriteRecursionCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FWriterID

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

FWriteSignal

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Generation

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetArgLoc

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetArrayElement

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetArrayLength

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetAttribute

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetAttributes

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetBaseException

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetBufferEncoding

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetByteCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetCharCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetChars

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetCurrent

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetCurrentDirectory

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetCurrentPackageId

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

GetCurrentProcessorNumber

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

GetCurrentThemeName

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetDataSize

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetDeclaredFields

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetDeclaredImplementedInterfaces

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetDeclaredIndexedProperties

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetDeclaredMethods

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetDeclaredProperties

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetDimension

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetDiskFreeSpaceExW

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetEncoding

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetEnumerator

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetEraYearOffset

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetFields

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetFileInformationByHandleEx

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

GetFinalPathNameByHandleW

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetHashCode

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetImplementedInterfaces

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetIndexedProperties

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetIndexedProperty

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetInterface

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetInterfaceEntry

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetInterfaceTable

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetLocaleInfoEx

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

GetLogicalProcessorInformation

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetLongPathNameW

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetMaxByteCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetMaxCharCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetMethod

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetMethods

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetMonitorInfoA

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetNamePath

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetNativeSystemInfo

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

GetOpenArrayArg

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetPackages

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetParameters

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetParamLocs

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetParams

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetPreamble

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetProperties

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetProperty

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetReferenceToRawArrayElement

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetReferenceToRawData

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetReturnType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetString

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetSystemTimePreciseAsFileTime

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

GetSystemWow64DirectoryA

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetSystemWow64DirectoryW

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetTempDir: GetTempPath failed (%u, %u)

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetTempPath2W

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

GetThemeAppProperties

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetThemeBackgroundContentRect

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetThemeBackgroundExtent

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetThemeBackgroundRegion

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetThemeBool

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetThemeColor

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetThemeDocumentationProperty

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetThemeEnumValue

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetThemeFilename

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetThemeFont

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetThemeInt

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetThemeIntList

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetThemeMargins

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetThemeMetric

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetThemePartSize

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetThemePosition

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetThemePropertyOrigin

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetThemeRect

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetThemeString

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetThemeSysBool

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetThemeSysColor

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetThemeSysColorBrush

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetThemeSysFont

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetThemeSysInt

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetThemeSysSize

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetThemeSysString

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetThemeTextExtent

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetThemeTextMetrics

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetThreadPreferredUILanguages

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetThreadUILanguage

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetTickCount64

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetUserDefaultUILanguage

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

GetWindowDpiAwarenessContext

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GetWindowTheme

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GlobalAssocChangedCounter

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GNo single cast observer with ID %d was added to the observer collectionFNo multi cast observer with ID %d was added to the observer collection$SHA2: Cannot update a finalized hash

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

grouppolicyname

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

GrowThreshold

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ha-Latn-NG

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

HandlexsD

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

HasAttribute

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

HasExtendedInfo

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

HashCode

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

hddddddddddddddddddddddddddidddddd

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

HelpContext

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

HelpLink

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

HFAElementCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

HFAElementType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

HideFileExt

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

HideIcons

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

hij@klmn-opqArstu

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

hij@klmn-opqArstuBwxyz{|}~

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

HIJKLMNOPQRSTUVWXYZ[\]^_`

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

HitTestThemeBackground

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

HPPGENAttribute

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

HPPGENAttribute5

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

https://www.cpuid.com

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

HWiNFO Monitor

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

HWiNFO Monitor Setup

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

HWiNFO Monitor,

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

HWiNFO_Monitor_Setup

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

HWiNFO_Monitor_Setup.exe

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

HWiNFO_Monitor_Setup.tmp

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

HWMonitor Readme file----------------------Version 1.63April 2026Contact : cpuz@cpuid.comWeb page: https://www.cpuid.com/softwares/hwmonitor.htmlCPUID SDK : https://www.cpuid-pro.com/products-system-monitoring-kit.phpHistory---------------------------------------------------------------------------------------------------------1.63 - April 2026- Intel Core Ultra 7 270K Plus and Ultra 5 250K Plus (Arrow Lake Refresh).- Intel Core 7 360 and 350 (Wildcat Lake).- Intel Core 5 330, 320 and 315 (Wildcat Lake).- Intel Core 3 304 (Wildcat Lake).- Intel Core 9 273PQE, 273PTE, 273PE (Bartlett Lake).- Intel Core 7 253PQE, 253PTE, 253PE, 251TE, 251E (Bartlett Lake).- Intel Core 5 223PQE, 223PTE, 223PE, 221TE, 221E, 213PTE, 213PE, 211TE, 211E (Bartlett Lake).- Intel Core 3 201TE, 201E (Bartlett Lake).- Intel Core i7-13645HX (Raptor Lake).- Preliminary support of Intel Nova Lake.- AMD Ryzen 9 9950X3D2 (Granite Ridge).- AMD Ryzen AI Max+ 392 (Strix Halo).- AMD Ryzen AI 7/PRO 450G/E, AI 5/PRO 440G/E & 435G/E (Kraken Point 2).- VR temperatures on Intel Arc B580/570.- Intel Arc Pro B70 and B65 (BMG-G31).- Intel Arc Pro B60 and B50 (BMG-G21).- CQDIMM (4-ranks CUDIMM) memory support.--------------------------------------------------------------------------------------------------1.62 - February 2026- Improved Intel Voltage Regulator monitoring.- Support of Thermal Grizzly WireView PRO II monitoring device.- Monitoring of MSI MEG Ai1000P, Ai1300P and Ai1600T PSUs.- Preliminary support of Intel Wildcat Lake.- AMD Ryzen AI 9 HX 470.- New CSV logging feature.--------------------------------------------------------------------------------------------------1.61 - December 2025- AMD Ryzen 7 9850X3D (Granite Ridge).- AMD Ryzen 5 7500X3D (Raphael).- Preliminary support of AMD Medusa Point.- Intel Arrow Lake Refresh.--------------------------------------------------------------------------------------------------1.60 - October 2025- Intel Core Ultra X9 388H, Core Ultra X7 368H and 358H, Core Ultra X5 338H (Panther Lake-H).- Intel Core Ultra 9 375H, Core Ultra 7 355H and 345H, Core Ultra 5 325H (Panther Lake-H).- Intel Core Ultra 7 360U, Core Ultra 5 350U and 340U, Core Ultra 3 320U (Panther Lake-U).- Intel Core Ultra 3 205 (Arrow Lake).- Intel Core 3/5/7 2xxE (Bartlett Lake).- Intel Core i5 110 (Comet Lake).- AMD Ryzen 5 5600F (Vermeer).- AMD Ryzen 9 PRO 9945, Ryzen 7 PRO 9745, Ryzen 5 PRO 9645 (Granite Ridge).- Improved support of AMD Ryzen AI 7 350 and Ryzen AI 5 340 (Kraken Point).--------------------------------------------------------------------------------------------------1.59 - August 2025- AMD Ryzen Z2 and Z2 Extreme (Strix Point).- AMD Ryzen Threadripper 9000 (Shimada Peak).- NVIDIA RTX 5060 Ti (GB206), RTX 5050 (GB207).--------------------------------------------------------------------------------------------------1.58 - June 2025- AMD Radeon RX 9060 XT (Navi 44).- NVIDIA RTX 5060 (GB206).--------------------------------------------------------------------------------------------------1.57 - April 2025- AMD Ryzen 9 8945HX, 8940HX, Ryzen 7 8840HX, 8745HX (Dragon Range refresh).- AMD Ryzen AI Max+ 395 & AI Max+ PRO 395, Ryzen AI Max 390 & AI Max 385 (Strix Halo).- AMD Ryzen AI 7 350, Ryzen AI 5 340 (Kraken Point).- AMD Ryzen 7 5705G, 5705GE, Ryzen 5 5605G, 5605GE, Ryzen 3 5305G, 5305GE (Cezanne).- AMD Radeon RX 9070 XT & 9070 (Navi 48).- Zhaoxin KaiXian KX-U6780A and KX-U6580 (LuJiaZui, 8 cores).- NVIDIA RTX 5070 Ti (GB203) & 5070 (GB205), RTX 5060 Ti (GB206).- NVIDIA PCI-E error counters.- Fix NVIDIA GPU temperature bug (drivers GeForce 576.02).- Asus RTX Astral 5080 & 5090 12VHPWR per-pin currents and additional temperatures.--------------------------------------------------------------------------------------------------1.56 - February 2025- Intel Arc B580 GPU.- Intel Arrow Lake-U preliminary support.- Improved support of Intel Lunar Lake.- Intel Q870, B860, H810, W880, HM870, WM890, WM880 chipsets.- Intel Core Ultra 9 285HX, Ultra 7 275HX/265HX/255HX, Ultra 5 245HX/235HX (Arrow Lake-HX).- Intel Core Ultra 9 285H, Ultra 7 265H/255H, Ultra 5 235H/225H (Arrow Lake-H).- Intel Core 7 160HL, 150HL, 160UL, 150UL, 150U (Raptor Lake).- Intel Core 5 130HL, 120HL, 130UL, 120U (Raptor Lake).- Intel Core 3 100HL, 100UL, 100U (Raptor Lake).- AMD Ryzen 9 9955HX3D, 9955HX, 9950HX3D, 9950HX, 9850HX, 9845HX (Fire Range).- AMD Ryzen 7 9800X3D (Granite Ridge).- AMD X870/B840 chipsets.- NVIDIA RTX 5090 & 5080 GPUs.- CAMM2 memory modules type.- CUDIMM DDR5 memory.- Remember window position.--------------------------------------------------------------------------------------------------1.55 - September 2024- Added Intel Voltage Regulator (VR) monitoring.- Added GPU memory utilization in MBytes.- Added CPU and SOC BCLK.- Added Intel ICC Max.- Improved support of AMD Granite Ridge and Strix Point.- Improved support of Intel Arrow Lake clock granularity.- Intel Core Ultra 5 235, 225 & 225F (Arrow Lake).- Intel Core i9 14901KE & 14901E, Core i7 14701KE, Core i5 14501E & 14401E/F (Raptor Lake).--------------------------------------------------------------------------------------------------1.54 - July 2024- AMD Ryzen 9 9950X (16C/32T), 9900X (12C/24T), Ryzen 7 9700X (8C/16T) and Ryzen 5 9600X (6C/12T) Granite Ridge (Zen 5).- AMD Ryzen AI 9 HX 375 (4x Zen 5 + 8x Zen 5c), Ryzen AI 9 365 (4x Zen 5 + 6x Zen 5c) Strix Point APUs.- AMD Ryzen 9 8945H, Ryzen 7 8845HS (Hawk Point).- Intel Core Ultra 9 285K & 275, Core Ultra 7 265K & 255, Core Ultra 5 245K & 240 (Arrow Lake). - Intel Core Ultra 9 288V ; Ultra 7 268V, 266V, 258V, 256V ; Ultra 5 236V, 228V, 2266V (Lunar Lake).- AMD Radeon RX 7600 XT (Navi 33 XT).--------------------------------------------------------------------------------------------------1.53 - February 2024- Improved support of Intel Meteor Lake and preliminary support of Arrow Lake.- AMD Ryzen 7 8700G, Ryzen 5 8600G, Ryzen 5 8500G (Phoenix).- AMD Hawk Point and Hawk Point 2 (Zen 4/Zen 4c).- AMD Radeon RX 7600 XT (Navi 33 XT).- NVIDIA RTX 4070 SUPER (AD104-350), RTX 4070 Ti SUPER (AD103-275), RTX 4080 SUPER (AD103-400).- Adds NPU utilization.- Marks fastest cores.--------------------------------------------------------------------------------------------------1.52 - September 2023- Intel Core i9-14900K/KF (24c), Core i7-14700K/KF (20c), Core i5-14600K/KF (14c).- Support of Intel Core 3, 5, 7 and Core Ultra 5, 7, 9 new branding.- Preliminary support for Intel Meteor Lake.- AMD Radeon RX 7800 XT and 7700 XT (Navi 32).--------------------------------------------------------------------------------------------------1.51 - June 2023- AMD Ryzen Z1 and Z1 Extreme.- AMD Ryzen 9 7940H & HS, Ryzen 7 7840HS (Phoenix).- AMD Dragon Range Ryzen 9 7945HX (16c/55-75W), 7845HX (12c/45-75W), Ryzen 7 7745HX (8c/45-75W), 7645HX (6c/45-75W).- Intel Core i9 13980HX, 13900HX, 13900HK, Core i7 13700H, 13650HX, Core i5 13500HX, 13420H.- Intel N97, N95 and N50 (ADL-N, 6W to 15W).- Zhaoxin C-1080 IGP (KX-6000G).- Zhaoxin KH-40000 YongFeng (12/16/32c).- NVIDIA RTX 4060 Ti (AD106-350).- AMD Radeon RX 7600 (Navi 33 XL).--------------------------------------------------------------------------------------------------1.50.1 - March 2023- Loading dialog (1.50.1).- Fix RTX 4090/4080/4070 detection bug (1.50.1).- Fix DMI crash bug (1.50.1).- Preliminary support for AMD Storm Peak platform.- Improved support of AMD Radeon 6950 XT.- Zhaoxin KX-6000G/4 CPU.- Intel Xeon Sapphire Rapids platform.- Intel N100 and N200 (ADL-N).- Intel Core i3 N300 and N305 (ADL-N).- Intel Core i5 13450HX, 13500HX, Core i7 13650HX, 13700HX (55W).--------------------------------------------------------------------------------------------------1.49 - January 2023- Intel Core i9 13900KS.- AMD Ryzen 9 7950X3D, 7900X3D, Ryzen 7 7800X3D.- AMD Ryzen 9 7900, Ryzen 7 7700, Ryzen 5 7600.- AMD Radeon 7900 XT/XTX.- NVIDIA RTX RTX 4070 Ti.- DDR5 VDD/VDDQ/VDDP,VOUT 1.8V & 1.0 voltages.--------------------------------------------------------------------------------------------------1.48 - December 2022- NVIDIA GPU power rails.- NVIDIA RTX 4080 16GB (AD103).- AMD Ryzen 5 7535H (zen3+, 6C/12T), Ryzen 7 7735HS (zen3+, 8C/16T).- AMD Athlon Gold 7220U, Ryzen 3 7320U, Ryzen 5 7520U (MDN-A0, 15W).- Intel Core i5 13450HX, 13500HX, Core i7 13650HX, 13700HX (55W).- Intel Core i5 13420H, 13500H and Core i7 13620H (RPL, 45W).- Intel Core i7 12850HX (8P+8E, 55W).- Preliminary support for AMD Radeon RX 7900 XT/XTX (Navi 31).--------------------------------------------------------------------------------------------------1.47 - October 2022- Intel Core i9-13900/K/F/KF, Core i7-13700/K/F/KF, Core i5-13600/K/F/KF, Core i5-13500, Core i5-13400 and Core i3-13100.- Intel Core i9 13900HK, Core i7 13700H.- Intel Z790 and B760 chipsets.- Intel ARC A770, A750, A580 (ACM-G10) and A380 (ACM-G11) GPUs.- AMD Ryzen 9 7950X, Ryzen 9 7900X, Ryzen 7 7700X, Ryzen 5 7600X.- AMD X670E/B650 chipsets.- AMD Radeon RX 6950 XT (Navi 21 KXTX), RX 6750 XT (Navi 22 KXT), RX 6650 XT (Navi 23 KXT) and RX 6400 (Navi 24 XL).- NVIDIA RTX 4090 GPU.- Gigabyte AORUS 1200W Platinium PSU monitoring.--------------------------------------------------------------------------------------------------1.46 - April 2022- Improved sensors organization in tree display.- New "max" sensors for CPU VID, CPU core temperatures and CPU core powers.- Glenfly Arise-GT10C0 GPU (Arise).- Intel Core i9-12900T, Core i5-12600T (35W).- Intel Core i7-1280P/1270P/1260P, Core i5-1250P/1240P, Core i3-1220P (28W).- Intel Core i7-1265U/1255U, Core i5 1245U/1235U, Core i3 1215U (15W).- Intel Core i7-1260U/1250U, Core i5 1240U/1230U, Core i3 1210U (9W).- Intel Atom x6427FE, x6425RE, x6425E, x6414RE, x6413E, x6212RE, x6211E, x6200FE (EHL, FCBGA1493).- Intel Pentium J6425, N6415 (EHL, FCBGA1493).- Intel Celeron J6413, N6211 (EHL, FCBGA1493).- Intel Xeon Platinum, Gold and Silver "Ice Lake-SP" (10nm, FCLGA4189).- Preliminary support for Intel Raptor Lake (13th gen).- Preliminary support for Intel ARC 3/5/7 (DG2).- AMD Ryzen 9 6980HX, 6900HX, Ryzen 7 6800H, Ryzen 5 6600H (45W).- AMD Ryzen 9 6980HS, 6900HS, Ryzen 7 6800HS, Ryzen 5 6600HS (35W).- AMD Ryzen 7 5800X3D.- AMD Ryzen 7 5700X, Ryzen 5 5600/5500.- AMD Ryzen 7 6800U, Ryzen 5 6600U (15-28W).- AMD Ryzen 7 5825U, Ryzen 5 5625U, Ryzen 3 5425U (15W).- AMD Ryzen 7 4800U (15W).- AMD Ryzen 3 5300GE, Ryzen 3 PRO 5350GE, Ryzen 5 PRO 5650GE, Ryzen 7 PRO 5750GE (CZN).- AMD Rembrandt & Raphael APUs (RDNA2).- Preliminary support for AMD Phoenix (Zen 4, FP8).- Preliminary support for AMD Raphael (Zen 4).- AMD Radeon RX 6500 XT (Navi 24 XT), RX 6400 (Navi 24 XL).- AMD Radeon RX 6850M XT (Navi 22).- AMD RX 6800S, RX 6700S, RX 6650M, RX 6650M XT (Navi 23).- NVIDIA GeForce RTX 3090 Ti (GA102-350, 450W).--------------------------------------------------------------------------------------------------1.45 - November 2021- Intel 12th gen Alder Lake processors, Z6xx platform and DDR5 memory.- AMD Radeon 6600XT GPU.- Hard disks activity and read/write speeds.--------------------------------------------------------------------------------------------------1.44 - April 2021- Preliminary support of Intel Alder Lake and Z6xx platform.- Preliminary support of DDR5 memory.- AMD Ryzen 5700G, 5600G and 5300G APUs.- AMD Radeon RX 6900 XT and 6700 XT GPUs.- Added hotspot and GDDR6 temperatures on NVIDIA GPUs.--------------------------------------------------------------------------------------------------1.43 - November 2020- AMD Ryzen 5000 "Zen 3" Vermeer support.- AMD Radeon 6800 and 6800 XT GPUs.- Intel Rocket Lake processors preliminary support.- Intel Tiger Lake-U and Tiger Lake-H processors.- Intel Z590 chipset.- NVIDIA RTX 3090, 3080, 3070 GPUs.--------------------------------------------------------------------------------------------------1.42 - September 2020- AMD Ryzen 9 3900XT, Ryzen 7 3800XT and Ryzen 5 3600XT, Ryzen 7 PRO 4750G, Ryzen 5 PRO 4650G, Ryzen 3 PRO 4350G processors.- AMD B550 chipset.- Intel Comet Lake, Tiger Lake processors.- Intel Z490/W480/B460 chipsets.- Hygon processors.--------------------------------------------------------------------------------------------------1.41 - September 2019- Intel Cascade Lake and Ice Lake processors.- NVIDIA RTX 2070 and 2080 Super.- AMD Threadripper 3000 preliminary support.- Zhaoxin processors.--------------------------------------------------------------------------------------------------1.40 - March 2019- AMD Radeon VII.- NVIDIA GTX 1660 and 1660 Ti.--------------------------------------------------------------------------------------------------1.39 - February 2019- NVIDIA GeForce RTX serie 20 (multiple fans).- Intel Basin Falls Skylake-X refresh.--------------------------------------------------------------------------------------------------1.38 - November 2018- Intel Gemini Lake family.- Intel Xeon E processors.- Fix issue with multiple graphics devices.--------------------------------------------------------------------------------------------------1.37 - October 2018- Improved support of Z390 mainboards.- New performance limits indicators (NVIDIA GPUs)- Fix GPU utilization bug reported at 0%.--------------------------------------------------------------------------------------------------1.36 - September 2018- AMD Threadripper 2000 processors.- Intel 9th generation Core family (Coffee Lake 9900K, 9700K, 9600K, 9600, 9500 and 9400).- Intel Coffee Lake-U processors.- Preliminary support of ASUS WMI monitoring.--------------------------------------------------------------------------------------------------1.35 - April 2018- AMD Ryzen 2000 processors.- Intel Xeon Bronze / Silver / Gold / Platinium processors.- Improved Intel IGP monitoring.- Improved HDD monitoring.--------------------------------------------------------------------------------------------------1.34 - December 2017- AMD Raven Ridge processors.- Windows 10 Build 16299.- Improved NVIDIA GPUs monitoring.--------------------------------------------------------------------------------------------------1.33 - October 2017- Intel Coffee Lake processors and Z370 platform.- Intel Skylake-X HCC processors.- Intel Xeon Skylake-SP and Xeon W Skylake processors.--------------------------------------------------------------------------------------------------1.32 - August 2017- Intel Core X processors (KBL-X and SKL-X) and X299 platform.- AMD ThreadRipper and X399 platform.--------------------------------------------------------------------------------------------------1.31 - March 2017- AMD Ryzen processors.- AMD Polaris GPU power report.--------------------------------------------------------------------------------------------------1.30 - October 2016- Corsair Hydro series CPU coolers (H80i, H100i, H110i, H115i) support.- Corsair RMi and AXi series PSUs support.- NVMe SSDs support.- Intel Kaby Lake processors.- AMD Bristol Ridge processors.- NVIDIA Pascal GPUs (GTX10x0).--------------------------------------------------------------------------------------------------1.29 - June 2016- Intel Broadwell-E/EP processors.- Intel Skylake Pentium and Celeron.- AMD Carrizo APUs.- Adds disks volumes space utilisation.--------------------------------------------------------------------------------------------------1.28 - July 2015- Intel Broadwell and Intel Skylake CPUs.- Added indivudual CPU load.- Added NVIDIA TDP percentage--------------------------------------------------------------------------------------------------1.27 - March 2015- Report CPU and GPU clocks.- Intel Core M CPUs and preliminary support of Intel Skylake.--------------------------------------------------------------------------------------------------1.26 - December 2014- Added CPU and GPU utilization.- Added DRAM power (Haswell processors).- Intel X99 Platform (DDR4 and Haswell-E).- Support for Windows 10.- New application icon.--------------------------------------------------------------------------------------------------1.25 - May 2014- Intel Haswell-E, Core i7-4770R and Core i5-4570R Crystal Well, Celeron Haswell (G1830, G1820).

Ansi based on File String Dumps (is-BJKFJATABB.tmp)

I/O error %d

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IAsyncResult

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IComparer<System.Pointer>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IComparer<System.string>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IconServiceLib

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

IconsOnly

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Identifier

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IDispatch

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IdleTimerWindow

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

IEnumerable

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IEnumerable<System.Pointer>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IEqualityComparer<System.string>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ifDispInterfaceifDispatchifHasRttiifUnused1ifUnused2ifMethRefifUnused3

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ifHasGuid

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IFinalizer

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IInterface

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IInterfaceList

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IInterfaceListEx

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

imm32.dll

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ImmAssociateContextEx

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ImplGetter

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IndexOfItem

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Indirect

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

InheritsFrom

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

InitFolderHandler

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Initialize

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

InitializeConditionVariable

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

InitializeCriticalSectionEx

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

InitializeFlatSB

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

InitializeSRWLock

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

InitialState

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

InitInstance

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

InitOnceExecuteOnce

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

InnerException

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Inno Setup Messages (6.0.0) (u)!mlo!001T

Ansi based on File String Dumps (is-F54G98LCMX.tmp)

Inno Setup Uninstall Log (b) 64-bitCPUID HWMonitorCPUID HWMonitorIFPSANYMETHODBOOLEANTWIZARDFORMTWIZARDFORMTMAINFORMTMAINFORMTUNINSTALLPROGRESSFORMTUNINSTALLPROGRESSFORMTSETUPPROCESSORARCHITECTURE!MAINISX64IS64BITINSTALLMODEPROCESSORARCHITECTUREWIZARDFORMMAINFORM UNINSTALLPROGRESSFORM

Ansi based on File String Dumps (is-TI156WG2Y2.tmp)

Inno Setup Uninstall Log (b) 64-bit{8F12FE46-4F7A-43AB-93D5-012BBED69B1A}HWiNFO Monitor

Ansi based on File String Dumps (unins000.dat)

Inno Setup: App Path

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Inno Setup: Deselected Tasks

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Inno Setup: Icon Group

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Inno Setup: Language

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Inno Setup: Selected Tasks

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Inno Setup: Setup Version

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Inno Setup: User

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

InnoSetupLdrWindow

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

InprocServer32

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

InsertRange

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

InstallDate

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

InstallLanguageFallback

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

InstallLocation

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

InstanceSize

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

InstanceType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Int64AttrData

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Integer overflow

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Interface not supported

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IntfFlags

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IntfGuid

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IntfMethods

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IntfParent

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IntfUnitFld

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Invalid access$Error creating variant or safe array)Variant or safe array index out of bounds

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Invalid argument

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Invalid argument to date encodeOut of memory

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Invalid argument to time encode

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Invalid argument2Source and Destination arrays must not be the same0SpinCount out of range. Must be between 0 and %d

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Invalid class typecast0Access violation at address %p. %s of address %p

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Invalid code pageNNo mapping for the Unicode character exists in the target multi-byte code page

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Invalid count (%d)

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Invalid destination array"Character index out of bounds (%d)

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Invalid destination index (%d)

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Invalid filename

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Invalid floating point operation

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Invalid NULL variant operation%Invalid variant operation (%s%.8x)%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Invalid numeric input

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Invalid pointer operation

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Invalid property path

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Invalid property value

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Invalid property value List capacity out of bounds (%d)

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Invalid source array

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Invalid StringBaseIndex

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Invalid variant operation

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Invalid variant type

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Invalid variant type conversion

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Invariant

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IReadWriteSync

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IsAppThemed

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

IsBufferValid

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IsClassMethod

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IsConstructor

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IsDefault

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IsDestructor

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IsEmpty82E

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IsEmptyh'D

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IsEmptyP

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IsEmptyT

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IsHvsiContainer

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

IsInstancehD

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IsInstanceOf

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IsManaged

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IsObject

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IsObjectInstance

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IsOpenArray

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IsOrdinal

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IsPublicTypeD/@

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IsReadable

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IsRecord

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IsRegistered

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IsShortcut

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

IsSingleByte

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IsStandardEncoding

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IsThemeActive

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

IsThemeBackgroundPartiallyTransparent

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

IsThemeDialogTextureEnabled

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

IsThemePartDefined

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

IsWow64GuestMachineSupported

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

IsWow64Process2

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

IsWritable

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ItemClass

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ItemPTypeInfo

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ItemTRttiField

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ItemTRttiProperty

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

iu-Cans-CA

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

iu-Latn-CA

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

IValueData

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

JmpRel_E9

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

KeepContext

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

kernel32.dll

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

keystream

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

KOMREHOTEP.

Ansi based on Image Processing (screen_1.png)

laDestUnique

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

laSrcUnique

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

LastIndexOf

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

LaunchPermission

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

LaunchUserOOBE

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

LCMapStringEx

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

LegacyAuthenticationLevel

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

LegacyImpersonationLevel

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

LegalCopyright

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

LibModule

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

List count out of bounds (%d)

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

List index out of bounds (%d)

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ListSeparator

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

LoadAppInit_DLLs

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

LoadLibraryEx failed

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

LoadUserSettings

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Local AppData

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

LocaleName

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

LocalizedName

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

LocalRedirectOnly

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

LocalService

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

LockCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

LockSemaphore

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

LongDateFormat

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

LongDayNames

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

LongMonthNames

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

LongPathsEnabled

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

LongTimeFormat

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

lsapolicylookup

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

lsasspirpc

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

lzma1smalldecompressor: %s

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

lzma1smalldecompressor: Compressed data is corrupted (%d)

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

LzmaDecode failed (%d)

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

MachinePreferredUILanguages

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

MAINICON(

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

MajorVersion

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

MakeWithoutCopy

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ManagedFields

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ManagedFldCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

MapNetDrvBtn

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Max Cached Icons

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

MaxInt64Value

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

MaxLength

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

MaxRpcSize

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

MaxSxSHashCount

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

MBToWCharFlags

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

MDMEnabled

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

MergeAlgorithm

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

MetaclassType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

MethodAddress

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

MethodKind

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

MethodKindT

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

MethodName

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

MGOTFlags

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Milliseconds

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

MimeTypes

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

MinInt64Value

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

MinorVersion

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

MinValue

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

mkClassConstructor

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

mkClassDestructor

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

mkClassFunction

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

mkClassProcedure

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

mkDestructor

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

mkOperatorOverload

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

mkProceduremkFunctionmkConstructor

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

mkSafeFunction

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

mkSafeProcedure

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

mmmm d, yyyy

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

mn-MN,mn-Cyrl,mn

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

mn-Mong-CN

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

MonitorFromRect

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

MonitorRegistry

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

MovEBP_ESP_1_89

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

MovEBP_ESP_2_E5

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Msctf.dll

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

msimg32.dll

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Must wait on at least one eventECannot call BeginInvoke on a TComponent in the process of destruction

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

mvPrivate

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

mvProtected

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

mvPublic

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

mvPublished

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

My Pictures

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

My Video

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

n00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7D8D9DADBDCDDDEDFE0E1E2E3E4E5E6E7E8E9EAEBECEDEEEFF0F1F2F3F4F5F6F7F8F9FAFBFCFDFEFF0123456789ABCDEF

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

NameIndex

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

NameList

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

NameListFld

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

nb-NO,nb,no

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ncacn_np:[\\PIPE\\srvsvc,Security=Impersonation Dynamic False]

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ncalrpc:[lsapolicylookup]

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ncalrpc:[lsasspirpc]

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ncalrpc:[LSMApi,Security=Impersonation Dynamic False]

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ncalrpc:[ntsvcs]

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

NdrOleExtDLL

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

NegCurrFormat

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

NeverShowExt

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

NewInstance

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

nn-NO,nn,no

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

No argument for format '%s'!'%s' is not a valid integer value '%d.%d' is not a valid timestamp

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

noaoscaute,

Ansi based on Image Processing (screen_1.png)

NoCommonGroups

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

NoControlPanel

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

NoInternetIcon

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

NoNetCrawling

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

NoPropertiesMyComputer

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

NoPropertiesRecycleBin

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

NoRepair

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

NormalizedLocaleName

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

NoSetFolders

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

NotifyWinEvent

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

NoWebView

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ntdll.dll

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

NTDLL.DLL

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

NumberParameters

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Object lock not owned(Monitor support function not initialized

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Observer is not supportedLCannot have multiple single cast observers added to the observers collection4The object does not implement the observer interface5Insufficient RTTI available to support this operation

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

of object

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ole32.dll

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

oleaut32.dll

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

OleAutoVarType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

OleVariant

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

OnKeyNotify

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

OnNotify

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

OnNotifyU

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

OnNotifyx

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

OnValueNotify

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

OpenThemeData

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Operation aborted(Exception %s in module %s at %p.%s%s

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Operation not supported

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

OriginalFileName

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Ownerships

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

OwningThread

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PACKAGEINFO

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Pacnaosxa

Ansi based on Image Processing (screen_1.png)

PageAllocatorSystemHeapIsPrivate

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

PageAllocatorUseSystemHeap

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

PAnsiChar0

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ParamCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Parameter count mismatch<Type '%s' is not declared in the interface section of a unit7VAR and OUT arguments must match parameter type exactly

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ParamList

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ParamType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ParamTypeX

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ParentFolder

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ParentInfo

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Parentx D

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PArrayPropInfo

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ParsingName

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ParsingName_36354489

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

PathStrCompare: CompareStringOrdinal failed (%u)

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PathStrCompare: CompareStringOrdinal result invalid (%d)

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PAttrData

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PCurrency

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PendingFileRenameOperations

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

PendingFileRenameOperations2

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Personal

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

PExceptionRecordt6@

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PExtendedd

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

pfArraypfAddress

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PFieldExEntry,

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

pfReference

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

pfResult

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PInstItem

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PInterfaceEntry

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PInterfaceTable

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PIntfMethodEntryd$C

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PIntfMethodEntryTail

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PIntfMethodTable

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Please specify the password using the /PASSWORD= command line parameter.

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PLibModule

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PLIST_ENTRY

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PMonitorT$@

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PolicyType

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Populate

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PPackageTypeInfoX2@

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PProcedureParam

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PProcedureSignatured#C

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PPropData

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PPropInfo

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PPropInfoEx

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PPTypeInfoX

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

pqdddddddddddddddddddddddddddddddddr

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PRecordTypeField

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PreCreate

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

PreferExternalManifest

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

PreferredServerBitness

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

PreferredUILanguages

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

PResStringHashItemdaB

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PResStringRech4@

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PreviousFrame

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Privileged instruction

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ProcAttrData

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

procedure

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ProcessIdToSessionId

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ProcessLocksList

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ProcessMitigationPolicy

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ProcOrMeth

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ProductName

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ProductVersion

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ProfileImagePath

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ProfilesDirectory

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ProgramFilesDir

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

PropCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Property %s does not exist

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Property '%s' is read-only

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Property '%s' is write-only=RTTI objects cannot be manually destroyed by application code"%s (Version %d.%d, Build %d, %5:s):%s Service Pack %4:d (Version %1:d.%2:d, Build %3:d, %5:s)

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Property is read-only

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PropertyType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PropertyTypeT

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PropList

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ProtectionLevel

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

PRTLCriticalSection

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PRTLCriticalSectionDebug

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PShortString

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PThreadInfo

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PtrAttrData

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PTypeDataH&C

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PTypeInfop

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PTypeTable

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Publisher

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

PublishExpandedPath

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

PUnitHashEntry

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PushEBP_55

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PVarArray

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PVmtFieldClassTab

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PVmtFieldEntry

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PVmtMethodEntry

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PVmtMethodEntryTail

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PVmtMethodExEntry0!C

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

PWideCharL

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

qps-ploc,en

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

qps-ploca,ja

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

qps-plocm,ar

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

QQQQQQQSV

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

QTArray<System.Generics.Collections.TPair<System.Pointer,System.Rtti.TRttiObject>>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

QTArray<System.Generics.Collections.TPair<System.string,System.TypInfo.PTypeInfo>>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

QTArray<System.Generics.Collections.TPair<System.TypInfo.PTypeInfo,System.string>>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

QualifiedClassName

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

QualifiedName

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

QuietUninstallString

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

RaiseExceptionOnPossibleDeadlock

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

RaiseOuterException

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Range check error

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

RawByteString

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Read beyond end of fileDisk full

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ReadBuffer

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ReadBufferData

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ReadIndex

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ReadMethodT

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

RecursionCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

RefCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ReferredType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

RegDeleteKeyExA

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

RegDouble

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

RegExtended

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

RegFiles0000

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

RegFiles0001

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

RegFilesHash

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

RegisteredOrganization

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

RegisteredOwner

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

RegisterWeakMethodRef

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

RegisterWeakRef

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

RegKeyPathRedirect

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

RegKeyPathRedirectMapped

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

RegProcs0000

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

RegSingle

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

RegSvcs0000

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Relationship

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

RelativePath

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ReleaseSRWLockExclusive

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

RelTarget

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

RemoteServerName

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

RemoveInstItem

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

RemoveItem

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

RequestedVarType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Reserved1

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Reserved2

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Reserved3

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ResetEvent

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ResInstance

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ResourcePolicies

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

ResStringRec

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

RestrictedAttributes

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ResultType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ReturnType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ReturnType\

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ReturnTypeInfo

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

RevisionLevel

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

RmEndSession

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

RmGetList

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

RmRegisterResources

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

RmRestart

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

RmShutdown

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

RmStartSession

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ROTFlags

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

RtlCompareUnicodeString

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

RtlDllShutdownInProgress

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

RtlGetVersion

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

RttiCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

RttiDataSize8

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

SafeCallException

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

SafeDllSearchMode

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

Security

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Security=Impersonation Dynamic False

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

SeparateProcess

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ServicesActive

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

SeShutdownPrivilege

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

SessionHash

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

SetArrayElement

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

SetDefaultDllDirectories

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

SetEvent

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

SetFileInformationByHandle

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

SetLayeredWindowAttributes

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

SetProcessDEPPolicy

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

SetProcessMitigationPolicy

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

SetSearchPathMode

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

SetSpinCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

SetThemeAppProperties

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

SetThreadpoolTimer

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

SetThreadpoolWait

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

SetThreadPreferredUILanguages

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

SetTypeOrSize

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

SetWindowTheme

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

SfcIsFileProtected

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

shell32.dll

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Shell_TrayWnd

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ShellState

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

SHGetFolderPathW

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

SHGetImageList

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

SHGetKnownFolderPath

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

SHGetStockIconInfo

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ShortDateFormat

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ShortDayNames

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ShortMonthNames

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ShortString

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ShortTimeFormat

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ShowCompColor

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ShowInfoTip

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ShowStatusBar

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ShowSuperHidden

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ShowTypeOverlay

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

SHPathPrepareForWriteW

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ShutdownBlockReasonCreate

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ShutdownBlockReasonDestroy

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

SignatureU

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

SizeOfMem

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

skAnsiString

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

skShortString

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

skUnicodeString

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

skWideString

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

SleepConditionVariableCS

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

SleepConditionVariableSRW

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

sma-NO,sma,se

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

sma-SE,sma,se

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

smj-NO,smj,se

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

smj-SE,smj,se

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

smn-FI,smn,se

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

sms-FI,sms,se

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

SmtDelayBaseYield

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

SmtDelayMaxYield

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

SmtDelaySleepLoopWindowSize

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

SmtDelaySpinCountThreshold

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

SmtFactorYield

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

soBeginningsoCurrent

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Software\Borland\Delphi\Locales

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Software\Borland\Locales

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Software\CodeGear\Locales

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Software\Embarcadero\Locales

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

SOFTWARE\Microsoft\Windows NT\CurrentVersion

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

SpecialType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

SpecVersion

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

SpinCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

sr-Cyrl-BA

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

sr-Cyrl-CS

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

sr-Cyrl-ME

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

sr-Cyrl-RS

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

sr-Latn-BA

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

sr-Latn-CS

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

sr-Latn-ME

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

sr-Latn-RS

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

SRPTrustLevel

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Stack overflowControl-C hit

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

StackInfo

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

StackTrace

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Start index out of bounds (%d)

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

StartIndex

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

stcOSErrorInfo

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

stcPreallocateOptimization

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

stdddddddddudddddddddddddddv'wxyz{|}~

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

StoredProc

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Stream read error

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Stream write error

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

StreamResource

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

StreamResourceType

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

StringBaseIndex

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

StringFileInfo

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

StringKind

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

SubmitThreadpoolWork

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

SupportAnimation

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

SupportChromakey

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

SupportLossless

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

SupportMultiframe

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

sysmain.sdb

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

sysMerge.sdb

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

System Error. Code: %d.%s%s

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

System,.C

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

System.Classes

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

System.Generics.Collections

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

System.Generics.Collections4

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

System.Generics.Collections`

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

System.Generics.CollectionsT

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

System.Generics.Defaults

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

System.Hash

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

System.Rtti

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

System.SyncObjs

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

System.SysUtils

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

System.SysUtilsL

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

System.Types

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

System.TypInfo

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

System.Variants

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

System0#D

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

SystemDSD

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Systemt#D

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Systemx D

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

t"f;tGf;J

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

T$$#D$(#T$,RP

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

T$,#D$8#T$<3

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

T$4#D$8#T$<3

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

T$L#D$P#T$TRP

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

t-Rf;t f;J

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TailHandle

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TailHandleX

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TApplication

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TArray<System.Byte>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TArray<System.Cardinal>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TArray<System.Char>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TArray<System.Integer>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TArray<System.PInstItem>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TArray<System.Pointer>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TArray<System.PPointer>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TArray<System.Rtti.TRttiField>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TArray<System.Rtti.TRttiMethod>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TArray<System.Rtti.TRttiObject>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TArray<System.Rtti.TRttiPackage>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TArray<System.Rtti.TRttiType>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TArray<System.Rtti.TValue>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TArray<System.string>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TArray<System.TCustomAttribute>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TArray<System.TypInfo.PTypeInfo>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TArrayPropInfo

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TArrayTypeData

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TaskDialogIndirect

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

TAttrData

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TBoundArray

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TCallConv

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TChaCha20Context

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TChaCha20Ctx@

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TCollection

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TCollection9

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TCollectionEnumerator;

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TCollectionEnumerator\

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TCollectionItem

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TCollectionItem:

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TCollectionItemClass

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TCollectionNotification

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TCriticalSection

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TCriticalSection&

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TCustomAttribute

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TCustomAttributeClass

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TCustomComparer<System.string>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TCustomVariantType&

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TCustomVariantTypeLyB

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TDateTime

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TDictionaryOwnership

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TDictionaryOwnerships

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TDirection

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TDispatchKind

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TDuplicates

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TElementAlias

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TEncoding%

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TEncoding8

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TEnumAliasEntry

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TEnumerable<System.Pointer>'

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TEnumerable<System.Pointer>P&D

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TEnumerable<System.string>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TEnumerable<System.string>'

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TEnumerator<System.Pointer>$%D

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TEnumerator<System.Pointer>(

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TEnumerator<System.string>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TEnumerator<System.string>(

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TExceptionRecordP

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TExtended80Rec

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TFieldExEntry

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TFinalizer

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TFinalizer'

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TFloatSpecial

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TFloatType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TFormatSettings

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TFormatSettings.TEraInfo

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TFreeInstItem

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

tg-Cyrl-TJ

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TGlobalContext

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

The password you specified is not correct. Please try again.

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

The setup files are corrupted. Please obtain a new copy of the program.

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the "This will install... Do you wish to continue?" message box at the beginning of Setup./SILENT, /VERYSILENTInstructs Setup to be silent or very silent./NOSTYLEPrevents Setup from activating custom styles (including the built-in custom dark style)./SUPPRESSMSGBOXESInstructs Setup to suppress message boxes./LOGCauses Setup to create a log file in the user's TEMP directory./LOG="filename"Same as /LOG, except it allows you to specify a fixed path/filename to use for the log file./NOCANCELPrevents the user from cancelling during the installation process./NORESTARTPrevents Setup from restarting the system following a successful installation, or after a Preparing to Install failure that requests a restart./RESTARTEXITCODE=exit codeSpecifies a custom exit code that Setup is to return when the system needs to be restarted./CLOSEAPPLICATIONS, /NOCLOSEAPPLICATIONSInstru

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

The sizes of unexpected leaked medium and large blocks are:

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

The unexpected small block leaks are:

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

This installation was built with Inno Setup.

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

This program must be run under Win32$7

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ThousandSeparator

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Thread creation error: %s

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Thread Error: %s (%d)-Cannot terminate an externally created thread,Cannot wait for an externally created thread2Cannot call Start on a running or suspended thread

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ThreadID

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ThreadingModel

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ThrowOuterException

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Thursday

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TimeAMString

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TimePMString

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TimeSeparator

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TInstBucket

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TInstHashMapX

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TInstItem

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TInstItem.TBucketArray|

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TInterfacedObject

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TInterfacedObject1

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TInterfaceEntry

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TInterfaceList

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TInterfaceList&

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TInterfaceListEnumerator

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TInterfaceListEnumerator>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TInterfaceTable

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TInternalEraInfoRecord

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TIntfFlag

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TIntfFlags

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TIntfFlagsBase

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TIntfMethodEntry

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TIntfMethodEntryTail

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TIntfMethodTable

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

tkChartkEnumeration

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

tkInt64tkDynArraytkUStringtkClassReftkPointer

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

tkInterface

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

tkProceduretkMRecord

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

tkRecord

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

tkUnknowntkInteger

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

tkWChartkLStringtkWStringtkVariant

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TLibModule

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TLightweightEvent

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TLightweightEvent&

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TList<System.Pointer>&

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TList<System.Pointer>.arrayofT

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TList<System.Pointer>.ParrayofTh'D

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TList<System.Pointer>.TEmptyFunc

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TList<System.Pointer>8+D

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TList<System.Rtti.TRttiField>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TList<System.Rtti.TRttiField>&

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TList<System.Rtti.TRttiMethod>&

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TList<System.Rtti.TRttiMethod>P

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TList<System.Rtti.TRttiProperty>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TList<System.Rtti.TRttiProperty>&

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TList<System.TCustomAttribute>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TList<System.TCustomAttribute>&

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TListAssignOp

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TListEnumerator

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TListEnumerator5

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TListHelper.TInternalCompareFunc$

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TListHelper.TInternalNotifyProc

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TListSortCompared

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TListSortCompareFunc

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TManagedField

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TMBCSEncoding&

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TMBCSEncoding,

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TMemberVisibility

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TMethodImplementation

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TMethodImplementation&

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TMethodImplementation.TFloatReg

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TMethodImplementation.TParamLoc

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TMethodImplementationCallback

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TMethodKind

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TModuleInfo

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TMonitor.PWaitingThread

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TMonitor.TSpinLock

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TMonitor.TWaitingThread

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TMultiWaitEvent

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TMultiWaitEvent.TMultiWaiter&

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TMultiWaitEvent.TMultiWaitert

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TMultiWaitEvent.TWaiterFlag

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TMultiWaitEvent.TWaiterFlags

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TMultiWaitEvent.TWaitInfo

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TMultiWaitEvent<

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TMultiWaitEventImpl&

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TMultiWaitEventImpl(

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TNoRefCountObject

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TNotifyEvent

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TObject&

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TObjectD

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ToByteArray

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Too many open files

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TOrdinalIStringComparer

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TOrdinalIStringComparerD

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TOrphanPackage

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TOrphanPackage&

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ToShortUTF8String

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ToString

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TotalElementCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Toxanyiicra,

Ansi based on Image Processing (screen_1.png)

TPackageTypeInfo

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TParamFlag

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TParamFlags

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TPersistent'

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TPersistent(

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TPersistentClass

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TPointerList

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TPoolToken

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TPoolToken&

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TPrivateHeap

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TPrivateHeap&

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TPrivateHeap.THeapItem

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TProcedureParam

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TProcedureSignature

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TProcParam

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TProcParam6

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TProcSig'

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TProcSig\

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TPropData

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TPropInfo

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TPropInfoEx

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TPropSet<System.Comp>0HC

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TPropSet<System.Comp>K

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TPropSet<System.Currency>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TPropSet<System.Currency>K

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TPropSet<System.Double>K

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TPropSet<System.Double>TEC

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TPropSet<System.Extended>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TPropSet<System.Extended>K

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TPropSet<System.IInterface>0MC

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TPropSet<System.IInterface>V

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TPropSet<System.RawByteString>h?C

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TPropSet<System.RawByteString>V

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TPropSet<System.Single>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TPropSet<System.Single>K

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TPropSet<System.string>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TPropSet<System.string>V

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TPropSet<System.WideString>hBC

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TPropSet<System.WideString>V

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Translation

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TransparentEnabled

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

TRealPackage'

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRealPackage0

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRecordTypeField

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TResStringHashItem

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TResStringRec

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TrimExcess

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiAnsiStringType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiArrayType;

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiArrayType<

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiClassRefType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiClassRefType0

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiContext

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiDataMemberE

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiDataMemberp

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiDynamicArrayType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiEnumerationType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiEnumerationType3

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiField`

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiFieldE

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiFloatType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiIndexedProperty

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiIndexedProperty6

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiInstanceFieldClassic

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiInstanceFieldClassic6

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiInstanceFieldEx4lE

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiInstanceFieldEx6

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiInstanceMethodClassic

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiInstanceMethodClassic6

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiInstanceMethodEx6

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiInstanceMethodExL]E

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiInstanceProperty3

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiInstancePropertyClassic

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiInstancePropertyEx

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiInstancePropertyX

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiInstanceType8

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiInstanceType@

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiInstMethParameter6

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiInstMethParameterDTE

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiInt64Type

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiInt64TypetD

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiInterfaceType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiInterfaceType=

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiIntfMethod6

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiIntfMethodX

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiIntfMethParameter

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiIntfMethParameter6

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiInvokableType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiInvokableType'

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiManagedField

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiMember

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiMemberh

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiMethod

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiMethod'

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiMethodType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiMethodTypeQ

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiNamedObject6

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiNamedObjecth

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiObject

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiObject'

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiObjectH

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiOrdinalType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiPackage'

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiPackageH

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiParameter3

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiParameterh

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiPointerType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiPointerType8

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiPool

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiPool&

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiProcedureType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiProcedureTypeQ

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiProperty

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiPropertyE

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiRecordField6

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiRecordField\

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiRecordMethod

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiRecordMethod6

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiRecordType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiRecordType<

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiSetType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiStringKind

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiStringType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiStructuredType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiStructuredTypel

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TRttiType3

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TryAcquireSRWLockExclusive

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

TryAsOrdinal

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TryGetValue

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TSeekOrigin

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TStreamC

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TStreamCapabilities

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TStreamCapability

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TStringComparer

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TStringComparer'

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TStrongRandom: BCryptGenRandom failed (0x%x)

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TStrongRandom: Failed to get address of BCryptGenRandom

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TStrongRandom: Failed to load bcrypt.dll

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TSymbolName

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TSynchroObject

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TSynchroObject'

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TThreadInfo

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TThreadLocalCounter'

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TThreadLocalCountert

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TTimeSpan

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TTypeData

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TTypeInfo

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TTypeInfoFieldAccessor

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TTypeKind

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TTypeTable

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TuesdayWednesday

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TUnicodeEncoding&

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TUnicodeEncodingX

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TUnitHashEntry

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TurnOffSPIAnimations

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

TUTF7Encoding

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TUTF7Encoding&

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TUTF8Encoding

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TUTF8Encoding&

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TUVW'XYZ[\]^_`(

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TValueDataImpl

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TValueDataImplZ

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TVarArray

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TVarArrayBound

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TVarArrayBoundArray

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TVarCompareResult

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TVariantBoundArray

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TVarRecord

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TVmtFieldClassTab

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TVmtFieldEntry

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TVmtMethodEntry

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TVmtMethodEntryTail

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TVmtMethodExEntry

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TWaitResult

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TwoDigitYearCenturyWindow

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TypeCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TypeIndex

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TypeInfo

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TypeInfosX

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TypeKind

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

TypeTable

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

tzm-Latn-DZ

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

UnderlyingType

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Unexpected Memory Leak

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Unexpected variant error

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

UnicodeString

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

UninitializeFlatSB

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

UninstallString

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

UnitCount

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

UnitHashArray

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

UnitName

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

UnitNameFld

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

UnitNames

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

UnitScope

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

UnregisterWeakMethodRef

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

UnregisterWeakRef

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

UnsafeAttribute

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

UnsafeAttribute@!@

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

URLInfoAbout

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

URLUpdateInfo

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

UseFindFirstFileEnumeration

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

user32.dll

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

UTF8Length

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

UTF8String

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

uxtheme.dll

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

uz-Cyrl-UZ

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

uz-Latn-UZ

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Validated

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ValidateRegItems

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

ValuesDxC

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VAnsiString

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VarAdd

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VarAnd

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VarBoolFromStr

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VarBstrFromBool

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VarBstrFromCy

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VarBstrFromDate

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VarCmp

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VarCyFromStr

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VarDateFromStr

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VarDiv

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VarFileInfo

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VarI4FromStr

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Variant or safe array is locked

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Variant overflow

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VariantChangeTypeEx

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VarIdiv

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VarMod

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VarMul

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VarNeg

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VarNot

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VarOr

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VarR4FromStr

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VarR8FromStr

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VarSub

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VarXor

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VCurrency

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VDispatch

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VersionMajor

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

VersionMinor

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

VExtended

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VInterface

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VirtualIndex

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VirtualIndex\

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Visibility

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VLongWord

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VolatileAttribute

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VPointer

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VPWideChar

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VS_VERSION_INFO

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VShortInt

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VSmallInt

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VTEnumerable<System.Generics.Collections.TPair<System.Pointer,System.Rtti.TRttiObject>>'

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VTEnumerable<System.Generics.Collections.TPair<System.Pointer,System.Rtti.TRttiObject>>XVD

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VTEnumerable<System.Generics.Collections.TPair<System.string,System.TypInfo.PTypeInfo>>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VTEnumerable<System.Generics.Collections.TPair<System.string,System.TypInfo.PTypeInfo>>'

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VTEnumerable<System.Generics.Collections.TPair<System.TypInfo.PTypeInfo,System.string>>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VTEnumerable<System.Generics.Collections.TPair<System.TypInfo.PTypeInfo,System.string>>'

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VTEnumerator<System.Generics.Collections.TPair<System.Pointer,System.Rtti.TRttiObject>>

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VTEnumerator<System.Generics.Collections.TPair<System.Pointer,System.Rtti.TRttiObject>>(

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VTEnumerator<System.Generics.Collections.TPair<System.string,System.TypInfo.PTypeInfo>>(

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VTEnumerator<System.Generics.Collections.TPair<System.string,System.TypInfo.PTypeInfo>>,

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VTEnumerator<System.Generics.Collections.TPair<System.TypInfo.PTypeInfo,System.string>>(

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VTEnumerator<System.Generics.Collections.TPair<System.TypInfo.PTypeInfo,System.string>>P

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VUnicodeString

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VUString

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VWideChar

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

VWideString

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

WaitEvent

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

WaitForAll

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

WaitForAny

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

WaitForThreadpoolTimerCallbacks

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

WaitToKillServiceTimeout

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

WakeAllConditionVariable

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

WakeConditionVariable

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

WCharToMBFlags

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

WeakAttribute

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

WideString

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Windows 2000Windows XP

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Windows 8.1Windows 10Windows 11

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Windows Server 2003

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Windows Server 2003 R2

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Windows Server 2008 R2

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Windows Server 2008Windows 7

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Windows Server 2012

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Windows Server 2012 R2

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Windows Server 2016

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Windows Server 2019

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Windows Server 2022Windows 8

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Windows Server 2025

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

WindowsWindows Vista

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

wine_get_version

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

winhttp.dll

Unicode based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Wow64DisableWow64FsRedirection

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

Wow64RevertWow64FsRedirection

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

wrAbandoned

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

wrIOCompletion

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

WriteData

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

WriteExecution

Unicode based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

WriteIndex

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

WriteMethod

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

wrSignaledwrTimeout

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

Ycranosca

Ansi based on Image Processing (screen_1.png)

yCTaHoSMTCA

Ansi based on Image Processing (screen_1.png)

Yeranoska

Ansi based on Image Processing (screen_1.png)

zh-CN,zh-Hans,zh

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

zh-HK,zh-Hant,zh

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

zh-MO,zh-Hant,zh

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

zh-SG,zh-Hans,zh

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

zh-TW,zh-Hant,zh

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

ZTUWVSPR

Ansi based on Memory/File Scan (HWiNFO_Monitor_Setup.exe)

{307a29ff-ad8d-4ecc-8869-11273cdbf47d}

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

{35bf919e-0495-48df-8e74-456384e34e74}

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

{374DE290-123F-4565-9164-39C4925E467B}

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

{3B193882-D3AD-4EAB-965A-69829D1FB59F}

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

{3D644C9B-1FB8-4F30-9B45-F670235F79C0}

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

{6b39d1b2-7883-4648-94bf-bd5109b4ac48}

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

{a9f603c2-b224-4a07-b6ea-a2bcc1a51297}

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.exe )

{AB5FB87B-7CE2-4F83-915D-550846C9537B}

Ansi based on Runtime Data (HWiNFO_Monitor_Setup.tmp )

{DE92C1C7-837F-4F69-A3BB-86E631204A23}