File details
File name: installworkspace.exe
Name: Trend Micro DirectPass
Description: Trend Micro DirectPass Install console
Version: 1.2.0.2048
Product version: 1.2
Size: 753.52 KB
Original file name: InstallWorkspace.exe
Digital certificate
Certificate authority:
VeriSign
Effective date: 12/26/2011
Expiration date: 2/15/2013
Resource utilization
 | CPU utilization averages |
Total CPU: 0.0803718391%
Privileged CPU:
0.0802875035%

User CPU:
0.00008433561294%

Privileged CPU time: 1952.81 ms
Privileged CPU time /min: 0 ms
CPU cycle count:
1,582,285,888
 | Memory utilization averages |
Committed memory:
188.06 MB
Peak committed memory: 191.55 MB
Paged memory:
27.24 MB
Peak paged memory: 28.68 MB
Paged system memory:
108.3 KB
Non-paged system memory: 18.43 KB
Working set memory:
8.68 MB
Peak working set memory: 40.93 MB
Min working set memory: 8.68 MB
Private memory:
27.24 MB
Page faults:
39,993
Page faults /min: 0
 | Process I/O averages |
Total read operations:
844
Total read transfer: 1.65 MB
Total write operations:
1,513
Total write transfer: 619.76 KB
Total other operations:
113,668
Total other transfer: 2.49 MB
 | GUI Object Averages |
GDI objects:
38
Peak GDI objects: 43
USER objects:
19
Peak USER objects: 22
Resources
Handle count average: 336
Thread count average: 33
Thread resource averages
Total CPU: 0.055431315887%
Privileged CPU: 0.030345545916%
User CPU: 0.025085769971%
CPU Cycle count /sec: 2,111,602
Context switches /sec: 2
Module memory size: 16.41 MB
ntdll.dll

Total CPU: 0.015776139982%
Privileged CPU: 0.012135419854%
User CPU: 0.003640720128%
CPU Cycle count /sec: 617,082
Context switches /sec: 3
Module memory size: 1.23 MB
Total CPU: 0.014565693785%
Privileged CPU: 0.012138078154%
User CPU: 0.002427615631%
CPU Cycle count /sec: 333,734
Module memory size: 760 KB
Total CPU: 0.002290146498%
Privileged CPU: 0.002128363061%
User CPU: 0.000161783437%
CPU Cycle count /sec: 80,478
Module memory size: 1.85 MB
Total CPU: 0.001655880699%
Privileged CPU: 0.000827940349%
User CPU: 0.000827940349%
CPU Cycle count /sec: 434,382
Context switches /sec: 19
Module memory size: 316 KB
Process details
Runs as (owner): User
Integrety level: High
Windows platform: 32-bit
Parent Process
Process Command
"C:\users\user\appdata\Roaming\OpenCandy\981FECD9663C44D7A9BA6C8A4E4C3ABB\TrendMicro_DP_MUI_Download\Package\Share\UI\InstallWorkspace.exe" -I "C:\users\user\appdata\Roaming\OpenCandy\981FECD9663C44D7A9BA6C8A4E4C3ABB\TrendMicro_DP_MUI_Download\Package\Share\Resource\EN-US\Install\InstallCheck.html" -X 0 -Y 0 -W 585 -H 398 -o 0
Image hashes
MD5: 4cac5664b3be06288c753b16833a1b29
SHA-1: 4cae563ccddb0d4c67961d7d8e824b3eda163ec4
SHA-256: fd5cdef51bd01dde9d760d125dfdc8a00150e1096c366d5fa7044ab803b0e973
PE image details
Subsystem: Windows GUI
File packed: No
Import Table
advapi32.dll

RegEnumKeyExW
GetAclInformation
AddAce
InitializeAcl
InitializeSecurityDescriptor
MakeAbsoluteSD
IsValidSid
GetSecurityDescriptorControl
GetSecurityDescriptorLength
GetLengthSid
MakeSelfRelativeSD
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
CopySid
GetSecurityDescriptorGroup
InitializeSid
GetSidLengthRequired
GetSecurityDescriptorOwner
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegFlushKey
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
OpenProcessToken
gdi32.dll

kernel32.dll

ReadFile
WriteFile
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
WideCharToMultiByte
Sleep
WaitForSingleObject
ReleaseMutex
OpenMutexW
CreateMutexW
GetVersionExW
GetCurrentProcessId
SetFilePointer
HeapAlloc
GetProcessHeap
HeapFree
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
LoadLibraryA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
FlushFileBuffers
GetLocalTime
LocalAlloc
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSection
WaitForMultipleObjects
ResumeThread
lstrlenW
OpenThread
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
CloseHandle
MultiByteToWideChar
lstrlenA
GetWindowsDirectoryW
GetModuleFileNameW
FreeLibrary
GetProcAddress
LoadLibraryW
GetLastError
GetModuleHandleExW
LocalFree
GetCommandLineW
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapCreate
VirtualFree
VirtualAlloc
GetOEMCP
IsValidCodePage
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
shell32.dll

shlwapi.dll

user32.dll

FindWindowW
CreateWindowExW
DestroyWindow
LoadCursorW
LoadIconW
SendMessageW
DefWindowProcW
RegisterClassW
PostQuitMessage
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW