Sandboxie can be an alternative for the time being.

If you search "windows malware analysis tool" in startpage , you will find Cuckoo Sandbox .

BTW, if you installed canvasblocker in firefox, you will found that bing, google and duckduckgo all try to get your browser's fingerprint.

While I will thank both of you for your input a sandbox isn't what is being looking for, unless a sandbox can do things I am unaware of. I believe a sandbox just simply isolated a program from the rest of the environment to keep it from cause problems. What is being looked for is a program that can record exactly what a program does what it is run. I am sure these programs have to exist because they would be needed in malware and other analysis. Even for just basic use I would love to see where installs are touching and hiding things. And of course if these is another way of tracking this I'm all ears, or I guess being a forum I'm all eyes...

John-

@Baechle A debugger is more at the code level, which is not what I'm looking for, but rather something that just monitors what a program does when it runs. Does it install a service? Does it write to the file system? If so what did it install and what did it write?

John-

Cuckoo is different from Sandboxie, Cuckoo's home page says(red texts are marked by me):

What is Cuckoo?

Cuckoo Sandbox is the leading open source automated malware analysis system.

You can throw any suspicious file at it and in a matter of minutes Cuckoo will provide a detailed report outlining the behavior of the file when executed inside a realistic but isolated environment.

Malware is the swiss-army knife of cybercriminals and any other adversary to your corporation or organization.

In these evolving times, detecting and removing malware artifacts is not enough: it's vitally important to understand how they operate in order to understand the context, the motivations, and the goals of a breach.

Cuckoo Sandbox is free software that automated the task of analyzing any malicious file under Windows, macOS, Linux, and Android.

What can it do?

Cuckoo Sandbox is an advanced, extremely modular, and 100% open source automated malware analysis system with infinite application opportunities. By default it is able to:

• Analyze many different malicious files (executables, office documents, pdf files, emails, etc) as well as malicious websites under Windows, Linux, macOS, and Android virtualized environments.
• Trace API calls and general behavior of the file and distill this into high level information and signatures comprehensible by anyone.
• Dump and analyze network traffic, even when encrypted with SSL/TLS. With native network routing support to drop all traffic or route it through InetSIM, a network interface, or a VPN.
• Perform advanced memory analysis of the infected virtualized system through Volatility as well as on a process memory granularity using YARA.

Due to Cuckoo's open source nature and extensive modular design one may customize any aspect of the analysis environment, analysis results processing, and reporting stage. Cuckoo provides you all the requirements to easily integrate the sandbox into your existing framework and backend in the way you want, with the format you want, and all of that without licensing requirements.

@LiuHuasong OH!!! OK! I will admit I did not take a good look because I thought all sandboxes were the same! Thank you for pointing out how this is different. I think a lot of us make the mistake I just did of not looking deeply enough at some things, but let's face it there has just gotten to be so much to look at now a days.

Thanks you for this, and if any one else has other ideas I would love to hear them..

John-

My pleasure.

Definitely, there exists other malware analysis tools.I think every anti-virus software has an analysis module, and anti-virus software company has more advanced tool but only for their own use.

I prefer open source, so suggest you give Cuckoo a try first.

Regards.