General Info

File name

UCLEARUpdater.msi

Full analysis
https://app.any.run/tasks/fad6773b-1f5b-4bed-ada1-a598637e1fba
Verdict
Malicious activity
Analysis date
12/3/2019, 01:29:00
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-msi
File info:
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, MSI Installer, Create Time/Date: Mon Jun 21 08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;1033, Number of Pages: 200, Revision Number: {8FAD4851-9D6C-420B-A7AD-749B287F951B}, Title: UCLEAR Firmware Update, Author: BITwave Pte Ltd, Number of Words: 2, Last Saved Time/Date: Fri Apr 11 10:33:11 2014, Last Printed: Fri Apr 11 10:33:11 2014
MD5

48e839ae0f683f8a26bfb2be848224d5

SHA1

f09e8b53c8e78106d862ce45c26fc53e6e1916e3

SHA256

18565c425d5d2bcf2f099bd73b1bc84c467e600ed061fcefcf29225bce5eec91

SSDEEP

393216:5qSBPyBCqQ+/A+Qe2hPp2NXyMEpdhZwFdXGiQt:5qE6QGA+QeyPpM2sXGiG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • DPInst0.exe (PID: 2588)
  • DPInst.exe (PID: 2276)
  • DPInst.exe (PID: 1896)
  • DPInst.exe (PID: 2972)
 Creates files in the Windows directory
  • msiexec.exe (PID: 3896)
  • DPInst.exe (PID: 2972)
  • DrvInst.exe (PID: 896)
  • DrvInst.exe (PID: 252)
Executable content was dropped or overwritten
  • msiexec.exe (PID: 3896)
  • DPInst.exe (PID: 2972)
  • DrvInst.exe (PID: 896)
  • DrvInst.exe (PID: 252)
Executed as Windows Service
  • vssvc.exe (PID: 3704)
Removes files from Windows directory
  • msiexec.exe (PID: 3896)
  • DrvInst.exe (PID: 896)
  • DrvInst.exe (PID: 252)
Starts CMD.EXE for commands execution
  • DPInst0.exe (PID: 2588)
Creates files in the program directory
  • DPInst.exe (PID: 2972)
Creates a software uninstall entry
  • DPInst.exe (PID: 2972)
Executed via COM
  • DrvInst.exe (PID: 252)
  • DrvInst.exe (PID: 896)
Creates files in the driver directory
  • DrvInst.exe (PID: 896)
  • DrvInst.exe (PID: 252)
 Searches for installed software
  • msiexec.exe (PID: 3896)
Creates files in the program directory
  • msiexec.exe (PID: 3896)
Application launched itself
  • msiexec.exe (PID: 3896)
Creates a software uninstall entry
  • msiexec.exe (PID: 3896)
Dropped object may contain Bitcoin addresses
  • msiexec.exe (PID: 3896)
Low-level read access rights to disk partition
  • vssvc.exe (PID: 3704)
Loads dropped or rewritten executable
  • MsiExec.exe (PID: 4036)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.msi
|   Microsoft Windows Installer (98.5%)
.msi
|   Microsoft Installer (100%)
EXIF
FlashPix
CreateDate:
1999:06:21 07:00:00
Software:
Windows Installer
Security:
Password protected
CodePage:
Windows Latin 1 (Western European)
Template:
Intel;1033
Pages:
200
RevisionNumber:
{8FAD4851-9D6C-420B-A7AD-749B287F951B}
Title:
UCLEAR Firmware Update
Subject:
null
Author:
BITwave Pte Ltd
Keywords:
null
Comments:
null
Words:
2
ModifyDate:
2014:04:11 09:33:11
LastPrinted:
2014:04:11 09:33:11

Screenshots

Screenshot of 18565c425d5d2bcf2f099bd73b1bc84c467e600ed061fcefcf29225bce5eec91 taken from 18980 ms from task started Screenshot of 18565c425d5d2bcf2f099bd73b1bc84c467e600ed061fcefcf29225bce5eec91 taken from 24038 ms from task started Screenshot of 18565c425d5d2bcf2f099bd73b1bc84c467e600ed061fcefcf29225bce5eec91 taken from 33093 ms from task started Screenshot of 18565c425d5d2bcf2f099bd73b1bc84c467e600ed061fcefcf29225bce5eec91 taken from 39097 ms from task started Screenshot of 18565c425d5d2bcf2f099bd73b1bc84c467e600ed061fcefcf29225bce5eec91 taken from 51211 ms from task started Screenshot of 18565c425d5d2bcf2f099bd73b1bc84c467e600ed061fcefcf29225bce5eec91 taken from 55211 ms from task started Screenshot of 18565c425d5d2bcf2f099bd73b1bc84c467e600ed061fcefcf29225bce5eec91 taken from 57218 ms from task started Screenshot of 18565c425d5d2bcf2f099bd73b1bc84c467e600ed061fcefcf29225bce5eec91 taken from 60237 ms from task started Screenshot of 18565c425d5d2bcf2f099bd73b1bc84c467e600ed061fcefcf29225bce5eec91 taken from 85297 ms from task started

Processes

Total processes
52
Monitored processes
12
Malicious processes
4
Suspicious processes
2

Behavior graph

+
start drop and start msiexec.exe no specs msiexec.exe vssvc.exe no specs msiexec.exe no specs msiexec.exe no specs dpinst0.exe no specs cmd.exe no specs dpinst.exe no specs dpinst.exe no specs dpinst.exe drvinst.exe drvinst.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1648
CMD
"C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\UCLEARUpdater.msi"
Path
C:\Windows\System32\msiexec.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll
c:\windows\system32\msihnd.dll
c:\windows\system32\comdlg32.dll

PID
3896
CMD
C:\Windows\system32\msiexec.exe /V
Path
C:\Windows\system32\msiexec.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\srclient.dll
c:\windows\system32\spp.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\es.dll
c:\windows\system32\sxs.dll
c:\windows\system32\propsys.dll
c:\windows\system32\samlib.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\cabinet.dll
c:\uclear\dpinst0.exe
c:\windows\system32\sxsstore.dll

PID
3704
CMD
C:\Windows\system32\vssvc.exe
Path
C:\Windows\system32\vssvc.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\atl.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\xolehlp.dll
c:\windows\system32\version.dll
c:\windows\system32\resutils.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\authz.dll
c:\windows\system32\virtdisk.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\samlib.dll
c:\windows\system32\es.dll
c:\windows\system32\propsys.dll
c:\windows\system32\catsrvut.dll
c:\windows\system32\mfcsubs.dll
c:\windows\system32\sxs.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll

PID
4036
CMD
C:\Windows\system32\MsiExec.exe -Embedding 439974A0BAA14EB62071DDC0B2813863
Path
C:\Windows\system32\MsiExec.exe
Indicators
No indicators
Parent process
msiexec.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\installer\msi54d1.tmp

PID
3308
CMD
"C:\Windows\system32\MsiExec.exe" /Y "C:\UCLEAR\msflxgrd\MSFlxGrd.Ocx"
Path
C:\Windows\system32\MsiExec.exe
Indicators
No indicators
Parent process
msiexec.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\uclear\msflxgrd\msflxgrd.ocx
c:\windows\system32\devrtl.dll
c:\windows\system32\sxs.dll

PID
2588
CMD
"C:\UCLEAR\DPInst0.exe"
Path
C:\UCLEAR\DPInst0.exe
Indicators
No indicators
Parent process
msiexec.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\uclear\dpinst0.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll

PID
1400
CMD
cmd /c ""C:\Users\admin\AppData\Local\Temp\5E18.tmp\DPInst.bat""
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
DPInst0.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\apphelp.dll
c:\uclear\drivers\win32\dpinst.exe
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mpr.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll

PID
1896
CMD
C:\UCLEAR\Drivers\win32\DPInst.exe /S /F /PATH C:\UCLEAR\Drivers\win32
Path
C:\UCLEAR\Drivers\win32\DPInst.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Microsoft Corporation
Description
Driver Package Installer
Version
2.1
Modules
Image
c:\uclear\drivers\win32\dpinst.exe
c:\systemroot\system32\ntdll.dll

PID
2276
CMD
"C:\UCLEAR\Drivers\win32\DPInst.exe" /S /F /PATH C:\UCLEAR\Drivers\win32
Path
C:\UCLEAR\Drivers\win32\DPInst.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Microsoft Corporation
Description
Driver Package Installer
Version
2.1
Modules
Image
c:\uclear\drivers\win32\dpinst.exe
c:\systemroot\system32\ntdll.dll

PID
2972
CMD
"C:\UCLEAR\Drivers\win32\DPInst.exe" /S /F /PATH C:\UCLEAR\Drivers\win32
Path
C:\UCLEAR\Drivers\win32\DPInst.exe
Indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
512
Version:
Company
Microsoft Corporation
Description
Driver Package Installer
Version
2.1
Modules
Image
c:\uclear\drivers\win32\dpinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\version.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\drvstore.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\spinf.dll
c:\windows\system32\cabinet.dll

PID
896
CMD
DrvInst.exe "4" "8" "C:\Users\admin\AppData\Local\Temp\{052f1986-46e9-7467-ae67-c0406ed7731c}\csrbluecoreusb.inf" "0" "634fc17ef" "000005CC" "WinSta0\Default" "00000060" "208" "c:\uclear\drivers\win32"
Path
C:\Windows\system32\DrvInst.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Driver Installation Module
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\drvstore.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\spinf.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll

PID
252
CMD
DrvInst.exe "4" "8" "C:\Users\admin\AppData\Local\Temp\{40c067ae-a197-31a3-b89f-9b2f53f3eb78}\usbspi.inf" "0" "655a53147" "00000060" "WinSta0\Default" "000003C4" "208" "c:\uclear\drivers\win32"
Path
C:\Windows\system32\DrvInst.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Driver Installation Module
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\drvstore.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\spinf.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll

Registry activity

Total events
977
Read events
553
Write events
411
Delete events
13

Modification events

PID
Process
Operation
Key
Name
Value
3896
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PatchedComponents
3896
msiexec.exe
delete key
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\12B\52C64B7E
3896
msiexec.exe
delete key
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\12B
3896
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
3896
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback
3896
msiexec.exe
delete key
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
3896
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
SrCreateRp (Enter)
40000000000000006C7872BC70A9D501380F0000780B0000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppCreate (Enter)
4000000000000000C6DA74BC70A9D501380F0000780B0000D0070000000000000000000000000000000000000000000000000000000000000000000000000000
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
LastIndex
33
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppGatherWriterMetadata (Enter)
4000000000000000765EFABC70A9D501380F0000780B0000D3070000000000000000000000000000000000000000000000000000000000000000000000000000
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
IDENTIFY (Enter)
4000000000000000D0C0FCBC70A9D501380F000064080000E80300000100000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
IDENTIFY (Leave)
4000000000000000827BDABD70A9D501380F000064080000E80300000000000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppGatherWriterMetadata (Leave)
40000000000000006C8699C370A9D501380F0000780B0000D3070000010000000000000000000000000000000000000000000000000000000000000000000000
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppAddInterestingComponents (Enter)
40000000000000006C8699C370A9D501380F0000780B0000D4070000000000000000000000000000000000000000000000000000000000000000000000000000
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppAddInterestingComponents (Leave)
40000000000000003C99ACC370A9D501380F0000780B0000D4070000010000000000000000000000000000000000000000000000000000000000000000000000
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
PREPAREBACKUP (Enter)
40000000000000000CACBFC370A9D501380F0000C4080000E90300000100000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
PREPAREBACKUP (Leave)
4000000000000000526FE3C370A9D501380F0000C4080000E90300000000000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
GETSTATE (Enter)
4000000000000000ACD1E5C370A9D501380F00009C0D0000F90300000100000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
GETSTATE (Leave)
40000000000000000634E8C370A9D501380F00009C0D0000F90300000000000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
DOSNAPSHOT (Enter)
4000000000000000145BEFC370A9D501380F0000780B00000A0400000100000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
DOSNAPSHOT (Leave)
400000000000000048B68CC470A9D501380F0000A40D00000A0400000000000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppCreate (Leave)
400000000000000048B68CC470A9D501380F0000780B0000D0070000010000000000000000000000000000000000000000000000000000000000000000000000
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
SrCreateRp (Leave)
400000000000000048B68CC470A9D501380F0000780B0000D5070000010000000000000000000000000000000000000000000000000000000000000000000000
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
FirstRun
0
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
LastIndex
33
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
NestingLevel
1
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
StartNesting
6C7872BC70A9D501
3896
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Owner
380F0000B02348B670A9D501
3896
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
SessionHash
B4D3D130B950A9BAFCE654BC90CFE4C485CBA3DD1A4B550CE55A3E9E23DE9FC6
3896
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Sequence
1
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
C:\Windows\Installer\394ec7.ipi
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Config.Msi\
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\394ec8.rbs
30779760
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\394ec8.rbsLow
3324431040
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\584DB4EAC0CA818B2FC574B6AD4FAB52
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\Drivers\win64\DPInst0.exe
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\860A546F4B63C63555F96C04F3EAC5E5
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\Drivers\win32\CSRBlueCoreUSB.inf
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\352755CCCC839607E10A49A2471A11C1
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\HBC200_Update_RC207\system_software_installer.ico
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8FC31E85E97B287AED07825C405B539F
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\msflxgrd\MSFlxGrd.Ocx
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2531EA1C77757B93A4209CFE987A48A1
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\Drivers\win32\usbspi.cat
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5AEA1F1A10441476E1DDC1BFCD9369C8
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\Drivers\win32\DPInst.bat
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA2F71F0ED2E87A1BABF288069015E5
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\Drivers\win64\DPInst.xml
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA964DB4837065730563CDED18E4DE87
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\HBC200_Update_RC207\help_contents.ico
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF1EBF2BF9CA5B6544786B2FBC4F0643
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\Drivers\win32\parspi.reg
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\760B3782E035F7EE0EDAC37E5BA06A4B
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\Drivers\win32\parspi.sys
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CDD4F9B6BDFE79EB1A430CB8566AFBA1
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\Drivers\win64\usbspi.sys
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D404E4CD6F5BD279CD30AE1015A9B98
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\Drivers\win32\usbspi.inf
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C32D333AFC2D92770303AA03FADBCF2A
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\msflxgrd\MSFlxGrd.inf
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E186882208B0325AD74630E2B345FF51
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\Drivers\win32\DPInst.xml
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\91FD72C695C125F4CF18AB396B1786FC
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\Drivers\win64\DPInst.bat
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\370583D52A97BEFABE477C0929D2DD42
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\Drivers\win32\csrbc2k.sys
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EB7BDBFB9065D067DEDC7F1920D89093
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\Drivers\win32\csrbluecoreusb.cat
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\93EA80A4F1063FEE67E0E3193BB69641
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\Drivers\win32\usbspi.sys
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E5218C0DC0CEB4CD8705CC9D25B6BD
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\HBC200_Update_RC207\Firmware\HBC200_RC207.dfu
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\168ABAF6322FE4723EE8A7EFA30471F4
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\Drivers\win32\DPInst0.exe
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9188A3BA7B564F609DC0A2FDB2406104
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\Drivers\win64\csrbc.sys
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2AED4E4A96CCB0E50EABD435153A2DB4
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\HBC200_Update_RC207\uclearlogo.ico
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\988C8B89E3EE32CAE8C8EFAA9C120EFF
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\Drivers\win32\csrbc.sys
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3D3531A4B2A3AD993FFF80E3C54F2559
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\HBC200_Update_RC207\vcredist_x86.EXE
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCFA6D62C5366A95C7CA5AF8880F40C9
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\Firmware_Update_Procedures.pdf
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF099FB47A5D81C90D19DEE035F3FAD1
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\HBC200_Update_RC207\DFUEngine.dll
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E8A893EE4803EB00E349C17ED9688BC
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\Drivers\win64\csrbluecoreusb.cat
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D504B12B4C6DC10F01A4C0E4718A3E4
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\Drivers\win32\DPInst.exe
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4BBA308D380992F919EC37C3849615C9
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\msflxgrd\Install0.exe
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\74945D13CEDAEC1F479F74567440C49E
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\HBC200_Update_RC207\vcredist_x86_2009.exe
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E2366ED0E2CE22EF3D6D5B2A9076216E
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\Drivers\win64\DPInst.exe
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C4CAD36EA52CA6443B62C12767BA16F
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\DPInst0.exe
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2C932C13314B4F460F08AF314D071478
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\Drivers\win64\usbspi.inf
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75F0F497B7D556DB468F98EA755F439D
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\Drivers\win64\usbspi.cat
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5B3964B343143AF1F13E9A8D661E647B
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\Drivers\win32\InstParSpi.bat
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F5F266E1B439EF7DBA7548861047E0BD
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\Drivers\win64\CSRBlueCoreUSB.inf
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\31E6EB9122A767141B394D7726D03054
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5B082FE0CBBDB75D9E8BDFCCF719E16C
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\HBC200_Update_RC207\UClearUpgradeWizard.EXE
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F949E36CB3004C50AF18C3B9B1A1EE8
31E6EB9122A767141B394D7726D03054
>\policy.8.0.Microsoft.VC80.CRT,type="win32-policy",version="8.0.50727.42",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F949E36CB3004C50CF18C3B9B1A1EE8
31E6EB9122A767141B394D7726D03054
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D6C7B862FD11C450AF18C3B9B1A1EE8
31E6EB9122A767141B394D7726D03054
>\policy.8.0.Microsoft.VC80.MFC,type="win32-policy",version="8.0.50727.42",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D6C7B862FD11C450CF18C3B9B1A1EE8
31E6EB9122A767141B394D7726D03054
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2A31EAB9FA7E3C6D0AF18C3B9B1A1EE8
31E6EB9122A767141B394D7726D03054
>mfcm80.dll\Microsoft.VC80.MFC,type="win32",version="8.0.50727.42",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2A31EAB9FA7E3C6D0CF18C3B9B1A1EE8
31E6EB9122A767141B394D7726D03054
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2A31EAB9FA7E3C6D0BF18C3B9B1A1EE8
31E6EB9122A767141B394D7726D03054
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B92D5049E11C93DB0DF18C3B9B1A1EE8
31E6EB9122A767141B394D7726D03054
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8
31E6EB9122A767141B394D7726D03054
>msvcr80.dll\Microsoft.VC80.CRT,type="win32",version="8.0.50727.42",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA42BC89BF25F5BD0CF18C3B9B1A1EE8
31E6EB9122A767141B394D7726D03054
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA42BC89BF25F5BD0BF18C3B9B1A1EE8
31E6EB9122A767141B394D7726D03054
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\82DE7549CF3F8CCB0DF18C3B9B1A1EE8
31E6EB9122A767141B394D7726D03054
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E6D5CD953852905D843A68C992A5AC78
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\HBC200_Update_RC207\hlp\page_results.htm
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\412D6551756252F6BD8EBAF8838CAE1D
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\HBC200_Update_RC207\hlp\page_connection.htm
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E694446B3FBAD91773094AA0C0061C9C
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\HBC200_Update_RC207\hlp\page_action.htm
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A402347D225816DA8D69FE2B6C9EE184
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\HBC200_Update_RC207\hlp\page_usbenum.htm
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4016698466774591D0C2F3515691C144
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\HBC200_Update_RC207\hlp\page_file.htm
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C617BC7BF52236F0ECF4D1ADED61D5B6
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\HBC200_Update_RC207\hlp\page_progress.htm
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A12F54647ED4684C24AEEEB3BFC9C187
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\HBC200_Update_RC207\hlp\page_intro.htm
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\496CA552204BF81A4E5BB71B44C49D9F
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\HBC200_Update_RC207\hlp\main_index.htm
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB6C088A9D592832A12AAAFAE98AAF41
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\HBC200_Update_RC207\hlp\page_summary.htm
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\582EB6FA36A1FA994C2074D669EC94A7
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\HBC200_Update_RC207\hlp\cli.htm
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\732F6D3781E1D8905D7B372B70400949
31E6EB9122A767141B394D7726D03054
C:\UCLEAR\HBC200_Update_RC207\hlp\page_com.htm
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\UCLEAR\Drivers\win64\
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\UCLEAR\Drivers\
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\UCLEAR\
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\UCLEAR\Drivers\win32\
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\UCLEAR\HBC200_Update_RC207\hlp\
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\UCLEAR\HBC200_Update_RC207\
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\UCLEAR\msflxgrd\
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\UCLEAR\HBC200_Update_RC207\Firmware\
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\31E6EB9122A767141B394D7726D03054
PatchGUID
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\31E6EB9122A767141B394D7726D03054
MediaCabinet
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\31E6EB9122A767141B394D7726D03054
File
ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\31E6EB9122A767141B394D7726D03054
ComponentVersion
8.0.50727.42
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\31E6EB9122A767141B394D7726D03054
ProductVersion
1.0.2070
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\31E6EB9122A767141B394D7726D03054
PatchSize
0
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\31E6EB9122A767141B394D7726D03054
PatchAttributes
0
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\31E6EB9122A767141B394D7726D03054
PatchSequence
0
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\31E6EB9122A767141B394D7726D03054
SharedComponent
0
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\31E6EB9122A767141B394D7726D03054
IsFullFile
0
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Windows\Installer\{19BE6E13-7A22-4176-B193-D477620D0345}\
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UClear\
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PatchedComponents
{63E949F6-03BC-5C40-A01F-C8B3B9A1E18E}
C:\Windows\winsxs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6\\8.0.50727.42.policy
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PatchedComponents
{68B7C6D9-1DF2-54C1-A01F-C8B3B9A1E18E}
C:\Windows\winsxs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9\\8.0.50727.42.policy
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PatchedComponents
{9BAE13A2-E7AF-D6C3-A01F-C8B3B9A1E18E}
C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2\\mfcm80.dll
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PatchedComponents
{98CB24AD-52FB-DB5F-A01F-C8B3B9A1E18E}
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad\\msvcr80.dll
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\31E6EB9122A767141B394D7726D03054\InstallProperties
LocalPackage
C:\Windows\Installer\394ec9.msi
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\31E6EB9122A767141B394D7726D03054\InstallProperties
AuthorizedCDFPrefix
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\31E6EB9122A767141B394D7726D03054\InstallProperties
Comments
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\31E6EB9122A767141B394D7726D03054\InstallProperties
Contact
BITwave Pte Ltd
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\31E6EB9122A767141B394D7726D03054\InstallProperties
DisplayVersion
1.0.2070
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\31E6EB9122A767141B394D7726D03054\InstallProperties
HelpLink
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\31E6EB9122A767141B394D7726D03054\InstallProperties
HelpTelephone
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\31E6EB9122A767141B394D7726D03054\InstallProperties
InstallDate
20191203
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\31E6EB9122A767141B394D7726D03054\InstallProperties
InstallLocation
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\31E6EB9122A767141B394D7726D03054\InstallProperties
InstallSource
C:\Users\admin\AppData\Local\Temp\
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\31E6EB9122A767141B394D7726D03054\InstallProperties
ModifyPath
MsiExec.exe /I{19BE6E13-7A22-4176-B193-D477620D0345}
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\31E6EB9122A767141B394D7726D03054\InstallProperties
Publisher
BITwave Pte Ltd
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\31E6EB9122A767141B394D7726D03054\InstallProperties
Readme
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\31E6EB9122A767141B394D7726D03054\InstallProperties
Size
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\31E6EB9122A767141B394D7726D03054\InstallProperties
EstimatedSize
10600
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\31E6EB9122A767141B394D7726D03054\InstallProperties
UninstallString
MsiExec.exe /I{19BE6E13-7A22-4176-B193-D477620D0345}
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\31E6EB9122A767141B394D7726D03054\InstallProperties
URLInfoAbout
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\31E6EB9122A767141B394D7726D03054\InstallProperties
URLUpdateInfo
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\31E6EB9122A767141B394D7726D03054\InstallProperties
VersionMajor
1
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\31E6EB9122A767141B394D7726D03054\InstallProperties
VersionMinor
0
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\31E6EB9122A767141B394D7726D03054\InstallProperties
WindowsInstaller
1
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\31E6EB9122A767141B394D7726D03054\InstallProperties
Version
16779286
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\31E6EB9122A767141B394D7726D03054\InstallProperties
Language
1033
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19BE6E13-7A22-4176-B193-D477620D0345}
AuthorizedCDFPrefix
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19BE6E13-7A22-4176-B193-D477620D0345}
Comments
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19BE6E13-7A22-4176-B193-D477620D0345}
Contact
BITwave Pte Ltd
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19BE6E13-7A22-4176-B193-D477620D0345}
DisplayVersion
1.0.2070
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19BE6E13-7A22-4176-B193-D477620D0345}
HelpLink
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19BE6E13-7A22-4176-B193-D477620D0345}
HelpTelephone
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19BE6E13-7A22-4176-B193-D477620D0345}
InstallDate
20191203
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19BE6E13-7A22-4176-B193-D477620D0345}
InstallLocation
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19BE6E13-7A22-4176-B193-D477620D0345}
InstallSource
C:\Users\admin\AppData\Local\Temp\
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19BE6E13-7A22-4176-B193-D477620D0345}
ModifyPath
MsiExec.exe /I{19BE6E13-7A22-4176-B193-D477620D0345}
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19BE6E13-7A22-4176-B193-D477620D0345}
Publisher
BITwave Pte Ltd
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19BE6E13-7A22-4176-B193-D477620D0345}
Readme
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19BE6E13-7A22-4176-B193-D477620D0345}
Size
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19BE6E13-7A22-4176-B193-D477620D0345}
EstimatedSize
10600
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19BE6E13-7A22-4176-B193-D477620D0345}
UninstallString
MsiExec.exe /I{19BE6E13-7A22-4176-B193-D477620D0345}
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19BE6E13-7A22-4176-B193-D477620D0345}
URLInfoAbout
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19BE6E13-7A22-4176-B193-D477620D0345}
URLUpdateInfo
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19BE6E13-7A22-4176-B193-D477620D0345}
VersionMajor
1
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19BE6E13-7A22-4176-B193-D477620D0345}
VersionMinor
0
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19BE6E13-7A22-4176-B193-D477620D0345}
WindowsInstaller
1
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19BE6E13-7A22-4176-B193-D477620D0345}
Version
16779286
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19BE6E13-7A22-4176-B193-D477620D0345}
Language
1033
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\C694D27AF65731E42B0E8D7A3E55D228
31E6EB9122A767141B394D7726D03054
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\31E6EB9122A767141B394D7726D03054\InstallProperties
DisplayName
UCLEAR Firmware Update
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19BE6E13-7A22-4176-B193-D477620D0345}
DisplayName
UCLEAR Firmware Update
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global
policy.8.0.Microsoft.VC80.CRT,type="win32-policy",version="8.0.50727.42",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"
'[email protected]?+~WG&9ep^SN1!D3=>aZO,H*K2`Ee8MkbIdFwU
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global
policy.8.0.Microsoft.VC80.MFC,type="win32-policy",version="8.0.50727.42",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"
'[email protected]?+~WG&9ep^SN1!D3=>=$k`IN]I8Ce8MkbIdFwU
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global
Microsoft.VC80.MFC,type="win32",version="8.0.50727.42",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"
'[email protected]?+~WG&9ep^SN1!D3=>!M!&ZZc0%ne8MkbIdFwU
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global
Microsoft.VC80.CRT,type="win32",version="8.0.50727.42",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"
'[email protected]?+~WG&9ep^SN1!D3=>_j0,Y]s!Soe8MkbIdFwU
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\31E6EB9122A767141B394D7726D03054
DefaultFeature
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\31E6EB9122A767141B394D7726D03054\Features
DefaultFeature
~?Y$a]AB2d%agPJ(ih-0n_s0x!H$nBzL[n8}_rCFfc2bj]By-LPZ9c1ltm$,BJ+XDSJ5p^fe.GhgW.+ySN-9g9*hV6)_a(vM%NT+fA.']lwm3I8L-eybRb3Ul'L]vmGLq^LFOjSA%^BF^[email protected]$A^p_=ZrN`^_Tb&&nrCHC`!w!}wo4,^+!1M1Q`u+u.CsC5-(c^E-ZJJCm9fJ3pvTd1hZ+Z)p?hCzivLCcap,wNR=TdDSN]l}JANdnO_31f^H]YvI+.~GF)^7`%l2x8y(*`,diJ?3zQAJEkPW.D1ak'bazE1QxUa2Q5UV?(*q.r-1^faP'yMn.cvVOb4D6cYTl?1orlu~=rbVpF^W)bmgAi9+,[email protected][email protected]_7r^0j])lz_?bKAZ'k%`@R~7%n([fpXQiZ8.Jf~]s}[email protected]*Y{0cC`B{Gz_I)88{W1am?Wd)NYc5gx7b9G~WKI%Q09d.nD,[email protected],Knl'-dyU,1mb0rnSgn&-[[email protected]$Mgo-YM8Y!$CK8qQz,0Ae4?LnZs.1[4nQL7s~L8ZkqH$4)@vevCXtVHT7K}sX1gO'edfbz&Z(A]8BByrBtv*HDwce=V$?q-XKA+xnzE~3I8!NHR=lK)2v%PSWz$~NzQ*seix5+a)HqmnHME'7a-B2-Xu!_noDwuc7)Pj,.}[email protected]'[email protected]?+~WG&9ep^SN1!D3=`1Em'h(0][email protected]).tjt=JbhaZO,H*K2`Ee8MkbIdFwUaZO,H*K2`E*9MkbIdFwU=$k`IN]I8Ce8MkbIdFwU=$k`IN]I8C*9MkbIdFwU!M!&ZZc0%ne8MkbIdFwU!M!&ZZc0%n*9MkbIdFwU!M!&ZZc0%nu8MkbIdFwU+SnXWTvLne?9MkbIdFwU_j0,Y]s!Soe8MkbIdFwU_j0,Y]s!So*9MkbIdFwU_j0,Y]s!Sou8MkbIdFwU%9YbWIfIbe?9MkbIdFwU%BusDZVuOm3m,BZSl__S{hzq)6hFfK!Sy2V7mdOl+eCYc'3rSLIjhK&vFgpiXbf3n0wXf`6-DSb?&=3?mb!D?tn}.+a8Mo)]*ct90k()drmFy'=~_+o7g'SJlskY=S$p1h%IB=7U=C[NXCQ!0fWbw[Ev_&b3NZAy!vB1_96+K.?C$Oa$k-h)V0CHaDUPIYNbD-KQKkAOGv[7MJ~w(&,T,FbX$XhW
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\31E6EB9122A767141B394D7726D03054\Patches
AllPatches
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\31E6EB9122A767141B394D7726D03054
ProductName
UCLEAR Firmware Update
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\31E6EB9122A767141B394D7726D03054
PackageCode
1584DAF8C6D9B0247ADA47B982F759B1
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\31E6EB9122A767141B394D7726D03054
Language
1033
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\31E6EB9122A767141B394D7726D03054
Version
16779286
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\31E6EB9122A767141B394D7726D03054
Assignment
1
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\31E6EB9122A767141B394D7726D03054
AdvertiseFlags
388
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\31E6EB9122A767141B394D7726D03054
InstanceType
0
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\31E6EB9122A767141B394D7726D03054
AuthorizedLUAApp
0
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\31E6EB9122A767141B394D7726D03054
DeploymentFlags
2
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\C694D27AF65731E42B0E8D7A3E55D228
31E6EB9122A767141B394D7726D03054
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\31E6EB9122A767141B394D7726D03054\SourceList
PackageName
UCLEARUpdater.msi
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\31E6EB9122A767141B394D7726D03054\SourceList\Net
1
C:\Users\admin\AppData\Local\Temp\
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\31E6EB9122A767141B394D7726D03054\SourceList\Media
1
;
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\31E6EB9122A767141B394D7726D03054
Clients
:
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\31E6EB9122A767141B394D7726D03054\SourceList
LastUsedSource
n;1;C:\Users\admin\AppData\Local\Temp\
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
StringCacheGeneration
300
3896
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
NestingLevel
0
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Enter)
4000000000000000EC0E0BBD70A9D501780E00007C0B0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Enter)
4000000000000000EC0E0BBD70A9D501780E000094050000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Enter)
4000000000000000EC0E0BBD70A9D501780E0000440A0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Enter)
4000000000000000EC0E0BBD70A9D501780E0000BC060000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Leave)
4000000000000000FA3512BD70A9D501780E00007C0B0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Leave)
4000000000000000549814BD70A9D501780E000094050000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Leave)
4000000000000000AEFA16BD70A9D501780E0000440A0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Leave)
4000000000000000085D19BD70A9D501780E0000BC060000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_BEGINPREPARE (Enter)
40000000000000000CACBFC370A9D501780E0000BC060000010400000100000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_BEGINPREPARE (Leave)
40000000000000000CACBFC370A9D501780E0000BC060000010400000000000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPAREBACKUP (Enter)
4000000000000000C070C4C370A9D501780E0000440A0000E90300000100000001000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPAREBACKUP (Enter)
4000000000000000C070C4C370A9D501780E000094050000E90300000100000001000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPAREBACKUP (Enter)
4000000000000000C070C4C370A9D501780E0000BC060000E90300000100000001000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPAREBACKUP (Leave)
40000000000000001AD3C6C370A9D501780E0000BC060000E90300000000000001000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_STABLE (SetCurrentState)
40000000000000001AD3C6C370A9D501780E0000BC060000010000000100000001000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPAREBACKUP (Leave)
40000000000000001AD3C6C370A9D501780E0000440A0000E90300000000000001000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_STABLE (SetCurrentState)
40000000000000007435C9C370A9D501780E0000440A0000010000000100000001000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPAREBACKUP (Leave)
40000000000000007435C9C370A9D501780E000094050000E90300000000000001000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_STABLE (SetCurrentState)
40000000000000007435C9C370A9D501780E000094050000010000000100000001000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
GETSTATE (Enter)
40000000000000000634E8C370A9D501780E0000440A0000F90300000100000001000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
GETSTATE (Enter)
40000000000000000634E8C370A9D501780E0000BC060000F90300000100000001000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
GETSTATE (Enter)
40000000000000000634E8C370A9D501780E000094050000F90300000100000001000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
GETSTATE (Leave)
40000000000000000634E8C370A9D501780E0000BC060000F90300000000000001000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
GETSTATE (Leave)
40000000000000000634E8C370A9D501780E0000440A0000F90300000000000001000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
GETSTATE (Leave)
40000000000000000634E8C370A9D501780E000094050000F90300000000000001000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_ENDPREPARE (Enter)
4000000000000000145BEFC370A9D501780E0000EC0D0000020400000100000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_ENDPREPARE (Leave)
4000000000000000F29409C470A9D501780E0000EC0D0000020400000000000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
PREPARESNAPSHOT (Enter)
40000000000000004CF70BC470A9D501780E0000EC0D0000EA0300000100000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPARESNAPSHOT (Enter)
400000000000000000BC10C470A9D501780E0000400E0000EA0300000100000001000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPARESNAPSHOT (Enter)
400000000000000000BC10C470A9D501780E0000AC0D0000EA0300000100000001000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPARESNAPSHOT (Enter)
400000000000000000BC10C470A9D501780E0000E80D0000EA0300000100000001000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPARESNAPSHOT (Leave)
4000000000000000766C21C470A9D501780E0000AC0D0000EA0300000000000001000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
4000000000000000766C21C470A9D501780E0000AC0D0000020000000100000001000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPARESNAPSHOT (Leave)
4000000000000000D0CE23C470A9D501780E0000400E0000EA0300000000000001000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
4000000000000000D0CE23C470A9D501780E0000400E0000020000000100000001000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPARESNAPSHOT (Leave)
40000000000000002A3126C470A9D501780E0000E80D0000EA0300000000000001000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
40000000000000002A3126C470A9D501780E0000E80D0000020000000100000001000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
PREPARESNAPSHOT (Leave)
4000000000000000D87D53C470A9D501780E0000EC0D0000EA0300000000000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE (Enter)
4000000000000000D87D53C470A9D501780E0000EC0D0000EB0300000100000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_FRONT (Enter)
4000000000000000D87D53C470A9D501780E0000EC0D0000EC0300000100000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
FREEZE (Enter)
400000000000000040075DC470A9D501780E0000400E0000EB0300000100000002000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
FREEZE (Leave)
400000000000000040075DC470A9D501780E0000400E0000EB0300000000000002000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
400000000000000040075DC470A9D501780E0000400E0000030000000100000002000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BKGND_FREEZE_THREAD (Enter)
400000000000000040075DC470A9D501780E00008C0F0000FC0300000100000003000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_FRONT (Leave)
400000000000000040075DC470A9D501780E0000EC0D0000EC0300000000000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_BACK (Enter)
400000000000000040075DC470A9D501780E0000EC0D0000ED0300000100000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_BACK (Leave)
40000000000000009A695FC470A9D501780E0000EC0D0000ED0300000000000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_SYSTEM (Enter)
40000000000000009A695FC470A9D501780E0000EC0D0000EE0300000100000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
FREEZE (Enter)
4000000000000000A89066C470A9D501780E0000780D0000EB0300000100000002000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
FREEZE (Leave)
4000000000000000A89066C470A9D501780E0000780D0000EB0300000000000002000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
4000000000000000A89066C470A9D501780E0000780D0000030000000100000002000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BKGND_FREEZE_THREAD (Enter)
4000000000000000A89066C470A9D501780E0000140F0000FC0300000100000003000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_SYSTEM (Leave)
400000000000000002F368C470A9D501780E0000EC0D0000EE0300000000000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_KTM (Enter)
400000000000000002F368C470A9D501780E0000EC0D0000F00300000100000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_KTM (Leave)
400000000000000002F368C470A9D501780E0000EC0D0000F00300000000000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_RM (Enter)
400000000000000002F368C470A9D501780E0000EC0D0000EF0300000100000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
FREEZE (Enter)
4000000000000000B6B76DC470A9D501780E0000AC0D0000EB0300000100000002000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
FREEZE (Leave)
4000000000000000101A70C470A9D501780E0000AC0D0000EB0300000000000002000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
4000000000000000101A70C470A9D501780E0000AC0D0000030000000100000002000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_RM (Leave)
4000000000000000101A70C470A9D501780E0000EC0D0000EF0300000000000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BKGND_FREEZE_THREAD (Enter)
4000000000000000101A70C470A9D501780E0000BC080000FC0300000100000003000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE (Leave)
4000000000000000101A70C470A9D501780E0000EC0D0000EB0300000000000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PRECOMMIT (Enter)
4000000000000000101A70C470A9D501780E0000EC0D0000030400000100000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PRECOMMIT (Leave)
4000000000000000101A70C470A9D501780E0000EC0D0000030400000000000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
OPEN_VOLUME_HANDLE (Enter)
4000000000000000101A70C470A9D501780E0000EC0D0000FD0300000100000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
OPEN_VOLUME_HANDLE (Enter)
4000000000000000101A70C470A9D501780E00002C0B0000FD0300000100000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
OPEN_VOLUME_HANDLE (Leave)
40000000000000002C687EC470A9D501780E00002C0B0000FD0300000000000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
OPEN_VOLUME_HANDLE (Leave)
40000000000000002C687EC470A9D501780E0000EC0D0000FD0300000000000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_FLUSH_AND_HOLD (Enter)
40000000000000002C687EC470A9D501780E00002C0B0000FE0300000100000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_FLUSH_AND_HOLD (Leave)
4000000000000000EE538AC470A9D501780E00002C0B0000FE0300000000000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_RELEASE (Enter)
4000000000000000EE538AC470A9D501780E00002C0B0000FF0300000100000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_RELEASE (Leave)
4000000000000000EE538AC470A9D501780E00002C0B0000FF0300000000000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_FLUSH_AND_HOLD (Enter)
40000000000000002C687EC470A9D501780E0000EC0D0000FE0300000100000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_FLUSH_AND_HOLD (Leave)
4000000000000000EE538AC470A9D501780E0000EC0D0000FE0300000000000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_RELEASE (Enter)
4000000000000000EE538AC470A9D501780E0000EC0D0000FF030000010000000000000000000000000000000000000000000000000000000000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_RELEASE (Leave)
4000000000000000EE538AC470A9D501780E0000EC0D0000FF030000000000000000000000000000000000000000000000000000000000000000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_COMMIT (Enter)
4000000000000000EE538AC470A9D501780E0000400B0000040400000100000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_COMMIT (Leave)
4000000000000000EE538AC470A9D501780E0000400B0000040400000000000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTCOMMIT (Enter)
4000000000000000EE538AC470A9D501780E0000EC0D0000050400000100000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTCOMMIT (Leave)
400000000000000048B68CC470A9D501780E0000EC0D0000050400000000000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW_KTM (Enter)
400000000000000048B68CC470A9D501780E0000EC0D0000F40300000100000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW_KTM (Leave)
400000000000000048B68CC470A9D501780E0000EC0D0000F40300000000000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW (Enter)
400000000000000048B68CC470A9D501780E0000EC0D0000F20300000100000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
THAW (Enter)
4000000000000000FC7A91C470A9D501780E0000400E0000F20300000100000003000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
THAW (Enter)
4000000000000000FC7A91C470A9D501780E00000C0E0000F20300000100000003000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BKGND_FREEZE_THREAD (Leave)
4000000000000000FC7A91C470A9D501780E00008C0F0000FC0300000000000003000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
THAW (Enter)
4000000000000000FC7A91C470A9D501780E0000780D0000F20300000100000003000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BKGND_FREEZE_THREAD (Leave)
4000000000000000FC7A91C470A9D501780E0000140F0000FC0300000000000003000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
THAW (Leave)
4000000000000000FC7A91C470A9D501780E0000400E0000F20300000000000003000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
THAW (Leave)
4000000000000000FC7A91C470A9D501780E0000780D0000F20300000000000003000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BKGND_FREEZE_THREAD (Leave)
4000000000000000FC7A91C470A9D501780E0000BC080000FC0300000000000003000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
4000000000000000FC7A91C470A9D501780E0000400E0000040000000100000003000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
4000000000000000FC7A91C470A9D501780E0000780D0000040000000100000003000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
THAW (Leave)
4000000000000000FC7A91C470A9D501780E00000C0E0000F20300000000000003000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
4000000000000000FC7A91C470A9D501780E00000C0E0000040000000100000003000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW (Leave)
4000000000000000FC7A91C470A9D501780E0000EC0D0000F20300000000000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PREFINALCOMMIT (Enter)
4000000000000000FC7A91C470A9D501780E0000EC0D0000060400000100000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PREFINALCOMMIT (Leave)
40000000000000009628E0C470A9D501780E0000EC0D0000060400000000000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
POSTSNAPSHOT (Enter)
40000000000000009628E0C470A9D501780E0000EC0D0000F50300000100000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
POSTSNAPSHOT (Enter)
4000000000000000F08AE2C470A9D501780E0000AC0D0000F50300000100000004000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
POSTSNAPSHOT (Enter)
40000000000000004AEDE4C470A9D501780E0000640E0000F50300000100000004000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
POSTSNAPSHOT (Enter)
40000000000000004AEDE4C470A9D501780E00000C0E0000F50300000100000004000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
POSTSNAPSHOT (Leave)
40000000000000004AEDE4C470A9D501780E0000AC0D0000F50300000000000004000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
40000000000000004AEDE4C470A9D501780E0000AC0D0000050000000100000004000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
POSTSNAPSHOT (Leave)
40000000000000004AEDE4C470A9D501780E0000640E0000F50300000000000004000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
40000000000000004AEDE4C470A9D501780E0000640E0000050000000100000004000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
POSTSNAPSHOT (Leave)
40000000000000009A9690C570A9D501780E00000C0E0000F50300000000000004000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
40000000000000009A9690C570A9D501780E00000C0E0000050000000100000004000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
POSTSNAPSHOT (Leave)
40000000000000009A9690C570A9D501780E0000EC0D0000F50300000000000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTFINALCOMMIT (Enter)
40000000000000009A9690C570A9D501780E0000EC0D0000070400000100000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTFINALCOMMIT (Leave)
400000000000000086F7B1C570A9D501780E0000EC0D0000070400000000000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
BACKUPSHUTDOWN (Enter)
4000000000000000AAF4EFC570A9D501780E0000EC0D0000FB0300000100000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BACKUPSHUTDOWN (Enter)
4000000000000000B81BF7C570A9D501780E0000640E0000FB0300000100000005000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BACKUPSHUTDOWN (Leave)
4000000000000000B81BF7C570A9D501780E0000640E0000FB0300000000000005000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BACKUPSHUTDOWN (Enter)
4000000000000000B81BF7C570A9D501780E00000C0E0000FB0300000100000005000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BACKUPSHUTDOWN (Enter)
4000000000000000B81BF7C570A9D501780E0000AC0D0000FB0300000100000005000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BACKUPSHUTDOWN (Leave)
4000000000000000B81BF7C570A9D501780E00000C0E0000FB0300000000000005000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BACKUPSHUTDOWN (Leave)
4000000000000000B81BF7C570A9D501780E0000AC0D0000FB0300000000000005000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3704
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
BACKUPSHUTDOWN (Leave)
4000000000000000B81BF7C570A9D501780E0000EC0D0000FB0300000000000000000000000000006FA40DB170DEE143B6BD0305F017D2180000000000000000
3308
MsiExec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74DD2713-BA98-4D10-A16E-270BBEB9B555}
3308
MsiExec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6262D3A0-531B-11CF-91F6-C2863C385E30}
3308
MsiExec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6319EEA0-531B-11CF-91F6-C2863C385E30}
3308
MsiExec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{275DBBA0-805A-11CF-91F7-C2863C385E30}
3308
MsiExec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74DD2713-BA98-4D10-A16E-270BBEB9B555}\Control
3308
MsiExec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74DD2713-BA98-4D10-A16E-270BBEB9B555}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74DD2713-BA98-4D10-A16E-270BBEB9B555}
Microsoft FlexGrid Control, version 6.0 (SP6)
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74DD2713-BA98-4D10-A16E-270BBEB9B555}\InprocServer32
C:\UCLEAR\msflxgrd\MSFlxGrd.Ocx
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74DD2713-BA98-4D10-A16E-270BBEB9B555}\InprocServer32
ThreadingModel
Apartment
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSFlexGridLib.MSFlexGrid
Microsoft FlexGrid Control, version 6.0 (SP6)
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSFlexGridLib.MSFlexGrid\CLSID
{74DD2713-BA98-4D10-A16E-270BBEB9B555}
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSFlexGridLib.MSFlexGrid\CurVer
MSFlexGridLib.MSFlexGrid.1
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSFlexGridLib.MSFlexGrid.1
Microsoft FlexGrid Control, version 6.0 (SP6)
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSFlexGridLib.MSFlexGrid.1\CLSID
{74DD2713-BA98-4D10-A16E-270BBEB9B555}
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74DD2713-BA98-4D10-A16E-270BBEB9B555}\VersionIndependentProgID
MSFlexGridLib.MSFlexGrid
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74DD2713-BA98-4D10-A16E-270BBEB9B555}\ProgID
MSFlexGridLib.MSFlexGrid.1
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74DD2713-BA98-4D10-A16E-270BBEB9B555}\TypeLib
{5E9E78A0-531B-11CF-91F6-C2863C385E30}
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74DD2713-BA98-4D10-A16E-270BBEB9B555}\Version
1.0
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74DD2713-BA98-4D10-A16E-270BBEB9B555}\MiscStatus
0
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74DD2713-BA98-4D10-A16E-270BBEB9B555}\MiscStatus\1
131473
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74DD2713-BA98-4D10-A16E-270BBEB9B555}\ToolboxBitmap32
C:\UCLEAR\msflxgrd\MSFlxGrd.Ocx, 1
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6262D3A0-531B-11CF-91F6-C2863C385E30}
Microsoft FlexGrid Control, version 6.0 (SP6)
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6262D3A0-531B-11CF-91F6-C2863C385E30}\InprocServer32
C:\UCLEAR\msflxgrd\MSFlxGrd.Ocx
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6262D3A0-531B-11CF-91F6-C2863C385E30}\InprocServer32
ThreadingModel
Apartment
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSFlexGridLib.MSFlexGrid\CLSID
{6262D3A0-531B-11CF-91F6-C2863C385E30}
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSFlexGridLib.MSFlexGrid.1\CLSID
{6262D3A0-531B-11CF-91F6-C2863C385E30}
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6262D3A0-531B-11CF-91F6-C2863C385E30}\VersionIndependentProgID
MSFlexGridLib.MSFlexGrid
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6262D3A0-531B-11CF-91F6-C2863C385E30}\ProgID
MSFlexGridLib.MSFlexGrid.1
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6262D3A0-531B-11CF-91F6-C2863C385E30}\TypeLib
{5E9E78A0-531B-11CF-91F6-C2863C385E30}
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6262D3A0-531B-11CF-91F6-C2863C385E30}\Version
1.0
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6262D3A0-531B-11CF-91F6-C2863C385E30}\MiscStatus
0
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6262D3A0-531B-11CF-91F6-C2863C385E30}\MiscStatus\1
131473
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6262D3A0-531B-11CF-91F6-C2863C385E30}\ToolboxBitmap32
C:\UCLEAR\msflxgrd\MSFlxGrd.Ocx, 1
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6319EEA0-531B-11CF-91F6-C2863C385E30}
MSFlexGrid General Property Page Object
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6319EEA0-531B-11CF-91F6-C2863C385E30}\InprocServer32
C:\UCLEAR\msflxgrd\MSFlxGrd.Ocx
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{275DBBA0-805A-11CF-91F7-C2863C385E30}
MSFlexGrid Style Property Page Object
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{275DBBA0-805A-11CF-91F7-C2863C385E30}\InprocServer32
C:\UCLEAR\msflxgrd\MSFlxGrd.Ocx
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5E9E78A0-531B-11CF-91F6-C2863C385E30}\1.0
Microsoft FlexGrid Control 6.0 (SP6)
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5E9E78A0-531B-11CF-91F6-C2863C385E30}\1.0\FLAGS
2
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5E9E78A0-531B-11CF-91F6-C2863C385E30}\1.0\0\win32
C:\UCLEAR\msflxgrd\MSFlxGrd.Ocx
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5E9E78A0-531B-11CF-91F6-C2863C385E30}\1.0\HELPDIR
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib
{5E9E78A0-531B-11CF-91F6-C2863C385E30}
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib
Version
1.0
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib
{5E9E78A0-531B-11CF-91F6-C2863C385E30}
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib
Version
1.0
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9F6AA700-D188-11CD-AD48-00AA003C9CB6}
IRowCursor
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9F6AA700-D188-11CD-AD48-00AA003C9CB6}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9F6AA700-D188-11CD-AD48-00AA003C9CB6}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9F6AA700-D188-11CD-AD48-00AA003C9CB6}\TypeLib
{5E9E78A0-531B-11CF-91F6-C2863C385E30}
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9F6AA700-D188-11CD-AD48-00AA003C9CB6}\TypeLib
Version
1.0
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F4DF280-531B-11CF-91F6-C2863C385E30}
IMSFlexGrid
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F4DF280-531B-11CF-91F6-C2863C385E30}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F4DF280-531B-11CF-91F6-C2863C385E30}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F4DF280-531B-11CF-91F6-C2863C385E30}\TypeLib
{5E9E78A0-531B-11CF-91F6-C2863C385E30}
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F4DF280-531B-11CF-91F6-C2863C385E30}\TypeLib
Version
1.0
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609602E0-531B-11CF-91F6-C2863C385E30}
DMSFlexGridEvents
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609602E0-531B-11CF-91F6-C2863C385E30}\ProxyStubClsid
{00020420-0000-0000-C000-000000000046}
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609602E0-531B-11CF-91F6-C2863C385E30}\ProxyStubClsid32
{00020420-0000-0000-C000-000000000046}
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609602E0-531B-11CF-91F6-C2863C385E30}\TypeLib
{5E9E78A0-531B-11CF-91F6-C2863C385E30}
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609602E0-531B-11CF-91F6-C2863C385E30}\TypeLib
Version
1.0
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6262D3A0-531B-11CF-91F6-C2863C385E30}
Compatibility Flags
1024
3308
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6262D3A0-531B-11CF-91F6-C2863C385E30}
AlternateCLSID
{74DD2713-BA98-4D10-A16E-270BBEB9B555}
1400
cmd.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1400
cmd.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2972
DPInst.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
2972
DPInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupapiLogStatus
setupapi.dev.log
4096
2972
DPInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\88C277C6E63CBDAF35A096E80A5B97A29A619D3A
UninstallString
C:\PROGRA~1\DIFX\507DAFEF8EE1D9B8\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\csrbluecoreusb.inf_x86_neutral_3dcab84e7c12a490\csrbluecoreusb.inf
2972
DPInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\88C277C6E63CBDAF35A096E80A5B97A29A619D3A
DisplayName
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB (02/03/2011 2.4.0.0)
2972
DPInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\88C277C6E63CBDAF35A096E80A5B97A29A619D3A
DisplayIcon
C:\PROGRA~1\DIFX\507DAFEF8EE1D9B8\DPInst.exe,0
2972
DPInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\88C277C6E63CBDAF35A096E80A5B97A29A619D3A
DisplayVersion
02/03/2011 2.4.0.0
2972
DPInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\88C277C6E63CBDAF35A096E80A5B97A29A619D3A
Publisher
Cambridge Silicon Radio Ltd.
2972
DPInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\516F2BEA6007D982DCE90BA1592C17F0FFD75DBA
UninstallString
C:\PROGRA~1\DIFX\507DAFEF8EE1D9B8\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\usbspi.inf_x86_neutral_1221d2a0934471ba\usbspi.inf
2972
DPInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\516F2BEA6007D982DCE90BA1592C17F0FFD75DBA
DisplayName
Windows Driver Package - Cambridge Silicon Radio Ltd. (USBSPI) USB (01/21/2011 2.4.0.0)
2972
DPInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\516F2BEA6007D982DCE90BA1592C17F0FFD75DBA
DisplayIcon
C:\PROGRA~1\DIFX\507DAFEF8EE1D9B8\DPInst.exe,0
2972
DPInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\516F2BEA6007D982DCE90BA1592C17F0FFD75DBA
DisplayVersion
01/21/2011 2.4.0.0
2972
DPInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\516F2BEA6007D982DCE90BA1592C17F0FFD75DBA
Publisher
Cambridge Silicon Radio Ltd.
896
DrvInst.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
252
DrvInst.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US

Files activity

Executable files
33
Suspicious files
19
Text files
83
Unknown types
20

Dropped files

PID
Process
Filename
Type
3896
msiexec.exe
C:\Windows\Installer\MSI54D1.tmp
executable
MD5: 7bfa56d222ecc4267e10c01462c6d0d9
SHA256: 6eeb255e1d5333a7b4f1b62e36afa1bea5cfd6c7e32058bb3a9efebc4d9f2ad6
3896
msiexec.exe
C:\UCLEAR\Drivers\win32\csrbc2k.sys
executable
MD5: 444852367ab9bae43f5942c92cb32f66
SHA256: e0770c2a990ca99906bf9f71915cab689ae18735c0a3500fa4c4a6f37f7db50b
3896
msiexec.exe
C:\Windows\WinSxS\InstallTemp\20191203002950472.0\msvcm80.dll
executable
MD5: cdcc63e967d64ece3729246720af4fcc
SHA256: c75e2f91a7b2032d3757eeac12502112381e0cb6f0e6e308adc74ac30c8a7ec7
3896
msiexec.exe
C:\Windows\WinSxS\InstallTemp\20191203002950519.0\mfc80u.dll
executable
MD5: c297a92852f494ed69a5ec0cc2af9b89
SHA256: e3b1dadbdb2ac2c7d51d2fd0e4e1c34767235904ae9fcb980de3414f2a5594b9
3896
msiexec.exe
C:\Windows\WinSxS\InstallTemp\20191203002950472.0\msvcr80.dll
executable
MD5: 16d7ddf3b659f7cf1cb9f4dcff4219f0
SHA256: 120cd25f5d6002ffd9069cf9550bc16c682bcd3323053b95146e7cd3ba2215ac
3896
msiexec.exe
C:\UCLEAR\Drivers\win64\usbspi.sys
executable
MD5: bef159e0f05db9d5e44655e9f4e68d01
SHA256: c94588b7a6e9e1a4717ff532a323468db7b67c870dc2298d64d35c0972c6931a
3896
msiexec.exe
C:\Windows\Installer\$PatchCache$\Managed\31E6EB9122A767141B394D7726D03054\1.0.2070\ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E
executable
MD5: 16d7ddf3b659f7cf1cb9f4dcff4219f0
SHA256: 120cd25f5d6002ffd9069cf9550bc16c682bcd3323053b95146e7cd3ba2215ac
3896
msiexec.exe
C:\Windows\WinSxS\InstallTemp\20191203002950519.0\mfc80.dll
executable
MD5: 56931baf613550ce64141be8153d03ac
SHA256: 64de0bf521be64a209c2f54648249cec2ba93a8941edc456e609852016ab9d08
3896
msiexec.exe
C:\Windows\Installer\$PatchCache$\Managed\31E6EB9122A767141B394D7726D03054\1.0.2070\ul_msvcm80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E
executable
MD5: cdcc63e967d64ece3729246720af4fcc
SHA256: c75e2f91a7b2032d3757eeac12502112381e0cb6f0e6e308adc74ac30c8a7ec7
3896
msiexec.exe
C:\UCLEAR\Drivers\win32\parspi.sys
executable
MD5: 0a666a2769d7861f96f866b9d78705df
SHA256: 6a7b46e2a9af0f34db4dc3fb71bb4383ce3f7c54b508e172dfe57830dc1245d1
3896
msiexec.exe
C:\UCLEAR\Drivers\win32\usbspi.sys
executable
MD5: d9452317ae9bdd926e0ed3011fbe320e
SHA256: 25f2aa5951ac2800195eed8e0de7e401a8385f658f3fd4bf840fa90e9221dd03
2972
DPInst.exe
C:\Users\admin\AppData\Local\Temp\{052f1986-46e9-7467-ae67-c0406ed7731c}\csrbc.sys
executable
MD5: b2b3b745800cff7f3739b00754ee34da
SHA256: 69b5e5986d925d66da287760c77a1f1b7a289cca007efe53a8d6d4b4fae4acf0
3896
msiexec.exe
C:\UCLEAR\Drivers\win64\DPInst.exe
executable
MD5: 25d0a711e33c75b197d76884dba1dbf1
SHA256: b6bae3bb8fe8dee5db004965bbea0466bab7bb4b4193e8fa544abf47f03562a5
3896
msiexec.exe
C:\UCLEAR\msflxgrd\MSFlxGrd.Ocx
executable
MD5: 20e06689d038e05795863694b5e1dcd7
SHA256: 7827dbdbd340cee846a61238002e5d438b859c06c80e540f29130ce654cc0918
3896
msiexec.exe
C:\UCLEAR\Drivers\win64\csrbc.sys
executable
MD5: c72d445d22c23a14b8b97e36699c22ae
SHA256: d4940968abdbd714f3b98f395a9746d8fc0bd2b322b5eee6dd9ad791ff63bd54
896
DrvInst.exe
C:\Windows\System32\DriverStore\Temp\{464f19d2-7fe2-3f8b-8fe1-046d2df40d23}\csrbc.sys
executable
MD5: b2b3b745800cff7f3739b00754ee34da
SHA256: 69b5e5986d925d66da287760c77a1f1b7a289cca007efe53a8d6d4b4fae4acf0
3896
msiexec.exe
C:\UCLEAR\Drivers\win32\DPInst0.exe
executable
MD5: bb44ace7db2df4157f2b6b8561e3a486
SHA256: 368d8f0a3395602c6ea89341aabfdb663d26fc05388f0fe18a5cfdd93094279d
3896
msiexec.exe
C:\Windows\WinSxS\InstallTemp\20191203002950519.0\mfcm80u.dll
executable
MD5: ae185805654f362ac58c3a6d31c23f70
SHA256: ddf71f0c70eaac0093986f9d98d87908818f054c517c279cdeee1b180038997b
3896
msiexec.exe
C:\UCLEAR\HBC200_Update_RC207\UClearUpgradeWizard.EXE
executable
MD5: 2f3ad45ac7d8411ea53c7acf583352d2
SHA256: f6f1857558f57f148d011cc732ad6f727295aee193330b7da117600ed5907384
2972
DPInst.exe
C:\Users\admin\AppData\Local\Temp\{40c067ae-a197-31a3-b89f-9b2f53f3eb78}\usbspi.sys
executable
MD5: d9452317ae9bdd926e0ed3011fbe320e
SHA256: 25f2aa5951ac2800195eed8e0de7e401a8385f658f3fd4bf840fa90e9221dd03
3896
msiexec.exe
C:\UCLEAR\Drivers\win32\csrbc.sys
executable
MD5: b2b3b745800cff7f3739b00754ee34da
SHA256: 69b5e5986d925d66da287760c77a1f1b7a289cca007efe53a8d6d4b4fae4acf0
3896
msiexec.exe
C:\Windows\WinSxS\InstallTemp\20191203002950472.0\msvcp80.dll
executable
MD5: 2bc650257fb0867abd54fd460ec2bafc
SHA256: 9fc2e85ba84cf0459aab0dc2efac734ad7b5b4c99ba19871fe8f6e35d0191838
3896
msiexec.exe
C:\UCLEAR\HBC200_Update_RC207\vcredist_x86.EXE
executable
MD5: ce2922f83fb4b170affce0ea448b107b
SHA256: 4ee4da0fe62d5fa1b5e80c6e6d88a4a2f8b3b140c35da51053d0d7b72a381d29
252
DrvInst.exe
C:\Windows\System32\DriverStore\Temp\{35db28f4-54f5-3e63-5ecc-0a61730f0c73}\usbspi.sys
executable
MD5: d9452317ae9bdd926e0ed3011fbe320e
SHA256: 25f2aa5951ac2800195eed8e0de7e401a8385f658f3fd4bf840fa90e9221dd03
3896
msiexec.exe
C:\UCLEAR\DPInst0.exe
executable
MD5: bb44ace7db2df4157f2b6b8561e3a486
SHA256: 368d8f0a3395602c6ea89341aabfdb663d26fc05388f0fe18a5cfdd93094279d
3896
msiexec.exe
C:\UCLEAR\Drivers\win64\DPInst0.exe
executable
MD5: 5a2cc1b2109ef553091017eeebdcc95e
SHA256: d291ff15fe0c860b01269a7ce7b4cd9d19c3fbb691c80d21b43df2e907cbcc5c
3896
msiexec.exe
C:\UCLEAR\HBC200_Update_RC207\DFUEngine.dll
executable
MD5: aaa5ff95e893c0ad5ddfc46916e5f8e4
SHA256: 61656c3c47ba03eeba43c3c128c17739ae50ebbea5a35e362cd06050f979a950
2972
DPInst.exe
C:\Program Files\DIFX\507DAFEF8EE1D9B8\DPInst.exe
executable
MD5: 3fd16c1cca83d9f0e91fccfe32d812d0
SHA256: 0af038b08f84604d2805202b5429210c5ef37f23623b8dae2bd8921e4e76a0c8
3896
msiexec.exe
C:\UCLEAR\msflxgrd\Install0.exe
executable
MD5: c1e4b61577111d3e182cd4a151001f82
SHA256: 3660759ce3b9ea4d64ca80cdf29f7a88343fea6a483b361bfd4e3241d32fafa2
3896
msiexec.exe
C:\Windows\WinSxS\InstallTemp\20191203002950519.0\mfcm80.dll
executable
MD5: 95962cd5ea53d4d5ca7c5059f4d937b3
SHA256: 657f1836003aa866a28d48316fc34859c584308f382a8c78d672a37dc07cb5d3
3896
msiexec.exe
C:\UCLEAR\Drivers\win32\DPInst.exe
executable
MD5: 3fd16c1cca83d9f0e91fccfe32d812d0
SHA256: 0af038b08f84604d2805202b5429210c5ef37f23623b8dae2bd8921e4e76a0c8
3896
msiexec.exe
C:\UCLEAR\HBC200_Update_RC207\vcredist_x86_2009.exe
executable
MD5: 6402438591b548121f54b0706a2c6423
SHA256: d6832398e3bc9156a660745f427dc1c2392ce4e9a872e04f41f62d0c6bae07a8
3896
msiexec.exe
C:\Windows\Installer\$PatchCache$\Managed\31E6EB9122A767141B394D7726D03054\1.0.2070\ul_msvcp80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E
executable
MD5: 2bc650257fb0867abd54fd460ec2bafc
SHA256: 9fc2e85ba84cf0459aab0dc2efac734ad7b5b4c99ba19871fe8f6e35d0191838
3896
msiexec.exe
C:\Windows\Installer\$PatchCache$\Managed\31E6EB9122A767141B394D7726D03054\1.0.2070\ul_catalog.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E
cat
MD5: fabf51cadf6ddc1695cdc1d069f5a324
SHA256: 935df4549e21123a2efb986a707f54475380a037519679510e4b4dfc4bdb5767
896
DrvInst.exe
C:\Windows\System32\DriverStore\INFCACHE.0
––
MD5:  ––
SHA256:  ––
896
DrvInst.exe
C:\Windows\System32\DriverStore\OLDCACHE.000
––
MD5:  ––
SHA256:  ––
896
DrvInst.exe
C:\Windows\System32\DriverStore\infpub.dat
binary
MD5: e49123497f46c22c10b58cfebb547fdd
SHA256: 3cc0e305bf5523bf85b0c3caf86e23b53a8639afc89b9a3d3f6a6701c67c5c97
896
DrvInst.exe
C:\Windows\System32\DriverStore\infstor.dat
binary
MD5: c2ec99007bd02aa8bf1b8e03f434358c
SHA256: e30b8e6edd9bba5991a0ad172da6ac9dbb06c469e032443043d0110bb7de540b
896
DrvInst.exe
C:\Windows\System32\DriverStore\infstrng.dat
binary
MD5: 235e8441deda54daaea7ab5c136358cc
SHA256: f827db7d1e7b384d5ed592e9e0673107cd78a8c4224615c0d9e45a2be8bd59a5
896
DrvInst.exe
C:\Windows\INF\oem4.inf
binary
MD5: ae2047a19d83b8594e01c934ca431939
SHA256: 6c1ee280c0d9f5c27a5fc8e89a5b0044dcf9a54266d64e0195055998b409c2a4
2972
DPInst.exe
C:\Windows\DPINST.LOG
text
MD5: 6cfb87a10d4ffb662278650d5bdc1c30
SHA256: eb1956ff4202d5f5b47f9c644c2d4669538df1fee9f862980b46635e8d46c6d8
896
DrvInst.exe
C:\Windows\System32\DriverStore\Temp\{464f19d2-7fe2-3f8b-8fe1-046d2df40d23}\csrbluecoreusb.inf
binary
MD5: ae2047a19d83b8594e01c934ca431939
SHA256: 6c1ee280c0d9f5c27a5fc8e89a5b0044dcf9a54266d64e0195055998b409c2a4
896
DrvInst.exe
C:\Windows\System32\DriverStore\Temp\{464f19d2-7fe2-3f8b-8fe1-046d2df40d23}\SET6790.tmp
––
MD5:  ––
SHA256:  ––
896
DrvInst.exe
C:\Windows\System32\DriverStore\Temp\{464f19d2-7fe2-3f8b-8fe1-046d2df40d23}\SET677F.tmp
––
MD5:  ––
SHA256:  ––
896
DrvInst.exe
C:\Windows\System32\DriverStore\Temp\{464f19d2-7fe2-3f8b-8fe1-046d2df40d23}\CSRBlueCoreUSB.cat
cat
MD5: 44006ad45a68355a10bd15e4994e8aca
SHA256: 0b2f6d40b2677073bc7f095fb1b898a182dd6cac6a214d6ffec650509a8eace8
896
DrvInst.exe
C:\Windows\System32\DriverStore\Temp\{464f19d2-7fe2-3f8b-8fe1-046d2df40d23}\SET6740.tmp
––
MD5:  ––
SHA256:  ––
896
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 543b25bce103ba6ae27cbff41e6ff3d1
SHA256: fd446e1384f3949d2c6f89a5137af709f87ffd0a59e1bbcc999251efbfcf3827
896
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 63633451c6364e0884d23d1f6ba07c1b
SHA256: 332b639426109806dc9dc06133e1662f53e84ee7df62585cdfc3d8941a8b5907
3896
msiexec.exe
C:\Windows\Installer\394ec7.ipi
––
MD5:  ––
SHA256:  ––
2972
DPInst.exe
C:\Users\admin\AppData\Local\Temp\{052f1986-46e9-7467-ae67-c0406ed7731c}\SET65BB.tmp
––
MD5:  ––
SHA256:  ––
2972
DPInst.exe
C:\Users\admin\AppData\Local\Temp\{052f1986-46e9-7467-ae67-c0406ed7731c}\csrbluecoreusb.inf
binary
MD5: ae2047a19d83b8594e01c934ca431939
SHA256: 6c1ee280c0d9f5c27a5fc8e89a5b0044dcf9a54266d64e0195055998b409c2a4
2972
DPInst.exe
C:\Users\admin\AppData\Local\Temp\{052f1986-46e9-7467-ae67-c0406ed7731c}\CSRBlueCoreUSB.cat
cat
MD5: 44006ad45a68355a10bd15e4994e8aca
SHA256: 0b2f6d40b2677073bc7f095fb1b898a182dd6cac6a214d6ffec650509a8eace8
2972
DPInst.exe
C:\Users\admin\AppData\Local\Temp\{052f1986-46e9-7467-ae67-c0406ed7731c}\SET65BA.tmp
––
MD5:  ––
SHA256:  ––
2972
DPInst.exe
C:\Users\admin\AppData\Local\Temp\{052f1986-46e9-7467-ae67-c0406ed7731c}\SET65AA.tmp
––
MD5:  ––
SHA256:  ––
2972
DPInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 63633451c6364e0884d23d1f6ba07c1b
SHA256: 332b639426109806dc9dc06133e1662f53e84ee7df62585cdfc3d8941a8b5907
2972
DPInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 2b19c2e0a655e20054ddc18aa0d3b1c2
SHA256: 97624b6a62021e513cf61893a8f9e9dca133fd72d7f939eab4d956d317291d9f
2972
DPInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 10839e5ad1552ffb80abf1928934dcb0
SHA256: 8e8cc4b99e29e1c8d7dc9be343de0cfc0494ac10887546ea7f26c4244abb0002
2972
DPInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 9866a3adf47651997df374b4cfadab08
SHA256: 19624aadcc2957aa167a1dcb9d0b325585e12e8c7983c85897ec023dc9eb6d6b
2972
DPInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 09994a58804c8a6464d9e431b92cffca
SHA256: 484c31a62d89181caf68a219ba7c6abaa6445e4ea67ff19fe948128a87581959
2972
DPInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 456b4fe3746c82222f1a20b018211f46
SHA256: 606172539b602c7ca16efcd3d845621cf746677a8b6e22c8c0cd9b4a41c7d045
2972
DPInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 6e3c5eef185ab3c474d37914739b06a6
SHA256: 49f7e301f2c685d0de2bc321b1d47c790c98ed78bc7b0466a4db14e0dddf258f
2972
DPInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: e4c38a2d4e77c76dbcf6db7a428e9045
SHA256: 1bf76988e282fae6af35d6591aa0c006e47926894069abd9427ce8f29dcc90f1
2972
DPInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 313beeb1555af2e3f58783e1226911b6
SHA256: 6be4d17f6fc58806f2df45f9b3dbbdc3b6dea5fb6c57a0ec04f48605f68e26cd
2972
DPInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: f81bf7964fb9763d309939bce1bfef0d
SHA256: dc9bc75096f44e1b276fb81e4f7368b94e0b2a423fcf0ad981488b7846787dc1
2588
DPInst0.exe
C:\Users\admin\AppData\Local\Temp\5E18.tmp\DPInst.bat
text
MD5: 9ebc983247e27f0cd7b5bb85ab6590ae
SHA256: 7ce740d557923ed2bbd1f6c255b2e583f659867022df22a3ed98453c448089a3
3896
msiexec.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UClear\HBC200 Firmware Update 2.07.lnk
lnk
MD5: 29648285cc784f44940bc4355038160c
SHA256: 18bae12ceca5e1dbe2758d275cdbc71b40c82e37ac2f0add3cce52ca23652482
3896
msiexec.exe
C:\Users\Public\Desktop\HBC200 Firmware Update 2.07.lnk
lnk
MD5: 3cac1ee1d2e3b8b49914a8d4ff6c17c2
SHA256: 6d4b3918d2b62ced351ffcc43300e4b55d27571fb11d2314d028b43d86f6fd80
3896
msiexec.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UClear\UClear Firmware Guide.lnk
lnk
MD5: f57467b84fefee7c3b9d7c2eab7d2ae5
SHA256: c53f43784a4f87881a422973155b5180ba8f5d81fc54ad0cab0828e726e012e7
3896
msiexec.exe
C:\Windows\Installer\{19BE6E13-7A22-4176-B193-D477620D0345}\_E9326618E6D6245F35D314.exe
image
MD5: c69d32b0300f126c38253e12b82a8dfd
SHA256: 2f7e01a9fd44d405b3fbf64b0481a9bbaeea759ba6d65cdc281d61c3ec2c6816
2972
DPInst.exe
C:\Windows\INF\setupapi.dev.log
text
MD5: 8450035ba7f829ecb2604cf5ac3ed6e0
SHA256: 76c5eb666fdc0adde7406aa08ef3fc735fc9f4e6a85c91a1325117a6b996474f
3896
msiexec.exe
C:\Windows\Installer\{19BE6E13-7A22-4176-B193-D477620D0345}\_EDF8DECBE0F5073095FCD3.exe
image
MD5: c69d32b0300f126c38253e12b82a8dfd
SHA256: 2f7e01a9fd44d405b3fbf64b0481a9bbaeea759ba6d65cdc281d61c3ec2c6816
3896
msiexec.exe
C:\Windows\Installer\{19BE6E13-7A22-4176-B193-D477620D0345}\_A7142FE70A9E13C2539890.exe
image
MD5: 2909873ee84576636ad4746c0af422a0
SHA256: 9485ba4670845c50513510413f8a9b4380cd6a8383cbfb7bffa06e130827757b
2972
DPInst.exe
C:\Windows\System32\CatRoot2\dberr.txt
text
MD5: c30d29b58a114454b3376a6b347ab9a8
SHA256: 9afcddf275bf446570cd2c1687894e44e429789b336f39aa3c3ea9b719514941
252
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
text
MD5: 8450035ba7f829ecb2604cf5ac3ed6e0
SHA256: 76c5eb666fdc0adde7406aa08ef3fc735fc9f4e6a85c91a1325117a6b996474f
3896
msiexec.exe
C:\System Volume Information\SPP\snapshot-2
binary
MD5: 0d1496c4384411d9c7ce2a8a6a8c9129
SHA256: 1ea66cc775e95fb87567b01238f41f0263d61cb54bdf80d3b37f3986567c11f8
3896
msiexec.exe
C:\Windows\Installer\$PatchCache$\Managed\31E6EB9122A767141B394D7726D03054\1.0.2070\ul_manifest.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E
xml
MD5: 953b7388b958713ee9f48d3c5fd733fa
SHA256: b19c81f6bbbd4a0f0a1c50283d83bd4cbe6beb596fb0a0b9181510f0b31fa787
252
DrvInst.exe
C:\Windows\System32\DriverStore\FileRepository\usbspi.inf_x86_neutral_1221d2a0934471ba\usbspi.PNF
pnf
MD5: aea1a421b7d4c24554cde1417164302d
SHA256: 921d5a679ba8c9735bb6189e32ace15837e339edb2c81d46c624dd5bee5c9ed6
3896
msiexec.exe
C:\UCLEAR\Drivers\win64\CSRBlueCoreUSB.inf
binary
MD5: ae2047a19d83b8594e01c934ca431939
SHA256: 6c1ee280c0d9f5c27a5fc8e89a5b0044dcf9a54266d64e0195055998b409c2a4
3896
msiexec.exe
C:\Windows\WinSxS\InstallTemp\20191203002950519.0\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2.cat
cat
MD5: 8d2300495f42803900a57fb63a47aff6
SHA256: ef483ae0673e2975dd4224fe26749623c1c702b8b3fded10161417459e1771a7
3896
msiexec.exe
C:\UCLEAR\Drivers\win64\usbspi.cat
cat
MD5: f472ee17423c42c92cc9438233d2c2d1
SHA256: 2b9410bea69844df07f2d3f1fb348d63819cabc518040e849f8f5c01d604333c
3896
msiexec.exe
C:\Windows\WinSxS\InstallTemp\20191203002950659.0\8.0.50727.42.policy
xml
MD5: 374b0d45b489e08cbb2eb0a67fe1cca7
SHA256: be71c90af2022043cb1aa66a364a416cb7e0106ec20d29260a0a6e45a650e850
3896
msiexec.exe
C:\UCLEAR\Drivers\win32\InstParSpi.bat
text
MD5: b13e0e4dada9c0a8276ef56dbd7acac8
SHA256: 6599d0faaaa7691756565f2b0087ba8fc6e5e7204c4080f0d2695ae60153732b
252
DrvInst.exe
C:\Windows\System32\DriverStore\INFCACHE.1
binary
MD5: 3c4f96bee5ea159bc5cc3cb152cb243d
SHA256: 8414d08e556348af918cda6b06d6fde156262dda20a132370ba4bbf5f20116f5
3896
msiexec.exe
C:\Windows\WinSxS\InstallTemp\20191203002950519.0\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2.manifest
xml
MD5: d11c174932386b3b25182ddf54ccc356
SHA256: 5fc26907bed923754227dcd066863084ef9b431863ed3d6bf35127a0755f968e
3896
msiexec.exe
C:\UCLEAR\HBC200_Update_RC207\hlp\page_com.htm
html
MD5: 1f84600d3eaf4b755747adb4a685b3c9
SHA256: a6d36f12f17361ed5835d7639173c2d960cd0d2b18f7f7d828b825d7a58d1c3b
252
DrvInst.exe
C:\Windows\System32\DriverStore\INFCACHE.2
binary
MD5: 3c4f96bee5ea159bc5cc3cb152cb243d
SHA256: 8414d08e556348af918cda6b06d6fde156262dda20a132370ba4bbf5f20116f5
3896
msiexec.exe
C:\UCLEAR\HBC200_Update_RC207\hlp\cli.htm
html
MD5: d10260f5b9850badc178a6ab694c69ca
SHA256: c1b1fefa775cd4569170453bd45edf541df64af5a00e4eac3485c1c58f0b611c
3896
msiexec.exe
C:\UCLEAR\Drivers\win64\usbspi.inf
text
MD5: 0c523a5fd4b47de7ae55404bc6f81f8a
SHA256: 6588d6a658da5ec534f1acb408bbe42b6198781a61b21ba3f584e311a41ce228
252
DrvInst.exe
C:\Windows\System32\DriverStore\INFCACHE.0
––
MD5:  ––
SHA256:  ––
252
DrvInst.exe
C:\Windows\System32\DriverStore\OLDCACHE.000
––
MD5:  ––
SHA256:  ––
252
DrvInst.exe
C:\Windows\System32\DriverStore\infstor.dat
binary
MD5: c827e0dbe2f44b7aced059447b201f27
SHA256: a222b60d26fd60ba23a3f0ed9a869bc51dbe8ccca800bf93128cc365efe7b408
252
DrvInst.exe
C:\Windows\System32\DriverStore\infstrng.dat
binary
MD5: c526dbb8ca23afe172b6e0d367a65d0b
SHA256: 3b8dc133800e4ec4d153de80ea3eb608ef761d3d034acdf97dcbbc89846326e9
252
DrvInst.exe
C:\Windows\System32\DriverStore\infpub.dat
bas
MD5: bc5d453c6aaaa3622bac92d8db8766a6
SHA256: 10c76f1da29ea7d20fab09d5adfd9a8b168c4becf82b73112ef3a0e813c0d3dc
3896
msiexec.exe
C:\UCLEAR\Drivers\win64\csrbluecoreusb.cat
cat
MD5: d3abf3a86da424ed462be0a3052d34e0
SHA256: 0f1a62ffdd1711068b01fdd7bf63ae7f08b553c985722abec7ab3ddf2c41cb1c
3896
msiexec.exe
C:\UCLEAR\Firmware_Update_Procedures.pdf
pdf
MD5: 44ab678c8cd6f91754426e90cde5982b
SHA256: 4c3018801bf5adbc9fd5d6f06d0c40e3de6bd582a1e98ce9dba63d76854f7b34
252
DrvInst.exe
C:\Windows\INF\oem5.inf
text
MD5: 0c523a5fd4b47de7ae55404bc6f81f8a
SHA256: 6588d6a658da5ec534f1acb408bbe42b6198781a61b21ba3f584e311a41ce228
3896
msiexec.exe
C:\Config.Msi\394ec8.rbs
––
MD5:  ––
SHA256:  ––
3896
msiexec.exe
C:\Windows\WinSxS\InstallTemp\20191203002950659.0\8.0.50727.42.cat
cat
MD5: 72b2b74cf17e5531efd282a5cbc215af
SHA256: bd83dce340498e7c363093c2fc74dfb58e1ec17770453905172c7471fadd9333
252
DrvInst.exe
C:\Windows\System32\DriverStore\Temp\{35db28f4-54f5-3e63-5ecc-0a61730f0c73}\SET6AFB.tmp
––
MD5:  ––
SHA256:  ––
252
DrvInst.exe
C:\Windows\System32\DriverStore\Temp\{35db28f4-54f5-3e63-5ecc-0a61730f0c73}\usbspi.cat
cat
MD5: 1208abe58947417cb8aa00216278dc74
SHA256: b2076bb1ab69effcea2dcd122827b580e8880cc12f54bed368fe3f34bd201864
252
DrvInst.exe
C:\Windows\System32\DriverStore\Temp\{35db28f4-54f5-3e63-5ecc-0a61730f0c73}\usbspi.inf
text
MD5: 0c523a5fd4b47de7ae55404bc6f81f8a
SHA256: 6588d6a658da5ec534f1acb408bbe42b6198781a61b21ba3f584e311a41ce228
3896
msiexec.exe
C:\UCLEAR\HBC200_Update_RC207\uclearlogo.ico
image
MD5: c69d32b0300f126c38253e12b82a8dfd
SHA256: 2f7e01a9fd44d405b3fbf64b0481a9bbaeea759ba6d65cdc281d61c3ec2c6816
3896
msiexec.exe
C:\UCLEAR\HBC200_Update_RC207\hlp\page_summary.htm
html
MD5: 16cc36d2ce8f6be51e501e64c679bf67
SHA256: 472466527adc2f314926ce0e67f40342d3c23390491b862e269f6d20cd4c76f2
252
DrvInst.exe
C:\Windows\System32\DriverStore\Temp\{35db28f4-54f5-3e63-5ecc-0a61730f0c73}\SET6AE9.tmp
––
MD5:  ––
SHA256:  ––
3896
msiexec.exe
C:\UCLEAR\HBC200_Update_RC207\hlp\main_index.htm
html
MD5: e35f9713f83cccb3fb358e22b022caca
SHA256: fc6791c7fc2ada3e34cc82456a858aae2685ebc7209c9f2990b066f37f93c84b
3896
msiexec.exe
C:\UCLEAR\HBC200_Update_RC207\Firmware\HBC200_RC207.dfu
dfu
MD5: 1bb955fd367eed8eab6f15ab1ce1aa46
SHA256: 91ec16b53170f33138436e9e83b7da7e826a4f2e798245e7b6a4b40de268cd7b
3896
msiexec.exe
C:\Windows\WinSxS\InstallTemp\20191203002950472.0\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd.manifest
xml
MD5: 953b7388b958713ee9f48d3c5fd733fa
SHA256: b19c81f6bbbd4a0f0a1c50283d83bd4cbe6beb596fb0a0b9181510f0b31fa787
3896
msiexec.exe
C:\Windows\WinSxS\InstallTemp\20191203002950472.0\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd.cat
cat
MD5: fabf51cadf6ddc1695cdc1d069f5a324
SHA256: 935df4549e21123a2efb986a707f54475380a037519679510e4b4dfc4bdb5767
252
DrvInst.exe
C:\Windows\System32\DriverStore\Temp\{35db28f4-54f5-3e63-5ecc-0a61730f0c73}\SET6AEA.tmp
––
MD5:  ––
SHA256:  ––
3896
msiexec.exe
C:\UCLEAR\HBC200_Update_RC207\hlp\page_intro.htm
html
MD5: ab372209a1d7fdbc0f505112de41bc78
SHA256: 86236d2f23fb97203961213c2b219e93c10bd164c9f272dce0d9c3d1ab9811d1
3896
msiexec.exe
C:\UCLEAR\Drivers\win32\csrbluecoreusb.cat
cat
MD5: 44006ad45a68355a10bd15e4994e8aca
SHA256: 0b2f6d40b2677073bc7f095fb1b898a182dd6cac6a214d6ffec650509a8eace8
2972
DPInst.exe
C:\Users\admin\AppData\Local\Temp\{40c067ae-a197-31a3-b89f-9b2f53f3eb78}\usbspi.inf
text
MD5: 0c523a5fd4b47de7ae55404bc6f81f8a
SHA256: 6588d6a658da5ec534f1acb408bbe42b6198781a61b21ba3f584e311a41ce228
3896
msiexec.exe
C:\UCLEAR\Drivers\win64\DPInst.bat
text
MD5: b32e098b9c27d60eb1cedfaa6794ee64
SHA256: c9449ca90e78eb018c1890dc302c7ac80c0d06535e28a28cedbb5070dc9881e6
3896
msiexec.exe
C:\UCLEAR\Drivers\win32\DPInst.xml
xml
MD5: 94129c43db420d9a6ef0dde468044b46
SHA256: 6d343f34c2582f0835b4cd504a816a7572378672e632b977b513c017afea4b4e
3896
msiexec.exe
C:\UCLEAR\HBC200_Update_RC207\hlp\page_progress.htm
html
MD5: f3f8ab884a84f00e21533893b2284bcf
SHA256: e4a77ea8a102eb513cfad44d1eea00b526f2a7414bf6000a0c2282f5f786841e
3896
msiexec.exe
C:\UCLEAR\msflxgrd\MSFlxGrd.inf
text
MD5: 14e6f681a0388082f91df426cb0c5fef
SHA256: 2282b51f12e311d131e57b782ebd26b3272e775f6f17bdae7bd4875df1714888
2972
DPInst.exe
C:\Users\admin\AppData\Local\Temp\{40c067ae-a197-31a3-b89f-9b2f53f3eb78}\usbspi.cat
cat
MD5: 1208abe58947417cb8aa00216278dc74
SHA256: b2076bb1ab69effcea2dcd122827b580e8880cc12f54bed368fe3f34bd201864
3896
msiexec.exe
C:\UCLEAR\Drivers\win32\usbspi.inf
text
MD5: 0c523a5fd4b47de7ae55404bc6f81f8a
SHA256: 6588d6a658da5ec534f1acb408bbe42b6198781a61b21ba3f584e311a41ce228
3896
msiexec.exe
C:\UCLEAR\HBC200_Update_RC207\hlp\page_usbenum.htm
html
MD5: 15078ab42c5dd524c106f4651d9d06cf
SHA256: 8ec34a168e0a7424b5c9986c5760c6007954b22ee8d7a178eefbdd6e3c2c2833
3896
msiexec.exe
C:\Windows\Installer\394ec9.msi
––
MD5:  ––
SHA256:  ––
3896
msiexec.exe
C:\UCLEAR\HBC200_Update_RC207\hlp\page_file.htm
html
MD5: 1b95512fe1476588295490b723472f1d
SHA256: f128ac16b320a5790cdee18ee34e11ab8b6e1d8d38fd6c310c7291a1db05b09e
2972
DPInst.exe
C:\Users\admin\AppData\Local\Temp\{40c067ae-a197-31a3-b89f-9b2f53f3eb78}\SET6A71.tmp
––
MD5:  ––
SHA256:  ––
2972
DPInst.exe
C:\Users\admin\AppData\Local\Temp\{40c067ae-a197-31a3-b89f-9b2f53f3eb78}\SET6A70.tmp
––
MD5:  ––
SHA256:  ––
3896
msiexec.exe
C:\UCLEAR\Drivers\win32\parspi.reg
text
MD5: 7c81ff85302c92ffa835a8e03c4eca14
SHA256: f3041671307c76d12dde6c5ad85f4fb650fa4935af1655d9efe129da9b48a252
3896
msiexec.exe
C:\UCLEAR\HBC200_Update_RC207\help_contents.ico
image
MD5: 03deac679e1f31351dad78ed1c7d9ba3
SHA256: 81170954880dfb6167b17dd87565b2b1484483a671f906f5f8d6083da9726768
3896
msiexec.exe
C:\Windows\WinSxS\InstallTemp\20191203002950534.0\8.0.50727.42.cat
cat
MD5: fc58045932982fa5222358c39ed5e058
SHA256: d5ecf2ab9387e082648bbcccd6eceb9d67b096939150833d0ae3066b3a1a676e
3896
msiexec.exe
C:\UCLEAR\Drivers\win32\DPInst.bat
text
MD5: 9ebc983247e27f0cd7b5bb85ab6590ae
SHA256: 7ce740d557923ed2bbd1f6c255b2e583f659867022df22a3ed98453c448089a3
3896
msiexec.exe
C:\UCLEAR\Drivers\win32\usbspi.cat
cat
MD5: 1208abe58947417cb8aa00216278dc74
SHA256: b2076bb1ab69effcea2dcd122827b580e8880cc12f54bed368fe3f34bd201864
3896
msiexec.exe
C:\UCLEAR\Drivers\win64\DPInst.xml
xml
MD5: 94129c43db420d9a6ef0dde468044b46
SHA256: 6d343f34c2582f0835b4cd504a816a7572378672e632b977b513c017afea4b4e
3896
msiexec.exe
C:\Windows\WinSxS\InstallTemp\20191203002950534.0\8.0.50727.42.policy
xml
MD5: 60ef4ca2ccf80df51a975d7089335591
SHA256: 8dabc36bfb2fe48ce282967ef588be36e7e9f74ba48804174eedc134a8313270
3896
msiexec.exe
C:\UCLEAR\HBC200_Update_RC207\hlp\page_action.htm
html
MD5: 1725320c7278fd084248c10d2d07b9a1
SHA256: 5f2b5565a3d8d01f08d05b338607e6d71a8eca53d8f5982c472caaa9f2e74afb
2972
DPInst.exe
C:\Users\admin\AppData\Local\Temp\{40c067ae-a197-31a3-b89f-9b2f53f3eb78}\SET6A50.tmp
––
MD5:  ––
SHA256:  ––
896
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: c35e60ddfb244f8f04b74d7d3e78eacc
SHA256: 5c367ce53997230a4356b5a4038de756ee7eb8fbfd5836070cab81a6b1d2919d
3896
msiexec.exe
C:\UCLEAR\HBC200_Update_RC207\system_software_installer.ico
image
MD5: 20d37a26c7b65026ae9d8dca9828bbbb
SHA256: a625e5307c6bfadb121291ba3cefceb1cfb9307100fcb01aabd5ecfbe610b44e
3896
msiexec.exe
C:\UCLEAR\HBC200_Update_RC207\hlp\page_connection.htm
html
MD5: f4784c9a7afa0d16569732d134cf8b38
SHA256: e25c6d0e59b661b95335d015e8031ab66ffd09737ae93623c38a653f7df23bb6
3896
msiexec.exe
C:\UCLEAR\HBC200_Update_RC207\hlp\page_results.htm
html
MD5: 875972c65c43289e81c6296f0b1faf50
SHA256: 193ec3206066c15ec11ee59a4acbfa8a03895ef6dd0f35d4463fdc1aefe7d2b1
896
DrvInst.exe
C:\Windows\System32\DriverStore\FileRepository\csrbluecoreusb.inf_x86_neutral_3dcab84e7c12a490\csrbluecoreusb.PNF
pnf
MD5: c8f97ef12c58d3770c116e88dbf056c3
SHA256: 9e221256656472dc8c1e81df4699f329c526f6eb8c7ec4ff3ccf1692153cdd37
3896
msiexec.exe
C:\UCLEAR\Drivers\win32\CSRBlueCoreUSB.inf
binary
MD5: ae2047a19d83b8594e01c934ca431939
SHA256: 6c1ee280c0d9f5c27a5fc8e89a5b0044dcf9a54266d64e0195055998b409c2a4
896
DrvInst.exe
C:\Windows\System32\DriverStore\INFCACHE.2
binary
MD5: 19a14ca8d730e893174fe74f6f913dc3
SHA256: 4627c364fd24fb0f4435b50f9617833018493b9ca8c01570a523235ca90580b3
3896
msiexec.exe
C:\Windows\Installer\MSI563A.tmp
binary
MD5: 5e5afa4530aac70873ecfb342cab4189
SHA256: a0cc0e3556b3b9c9f033205ac2b6d098126e37f0e6917b607a29816843ba1e83
3704
vssvc.exe
C:
––
MD5:  ––
SHA256:  ––
896
DrvInst.exe
C:\Windows\System32\DriverStore\INFCACHE.1
binary
MD5: 19a14ca8d730e893174fe74f6f913dc3
SHA256: 4627c364fd24fb0f4435b50f9617833018493b9ca8c01570a523235ca90580b3
3896
msiexec.exe
C:\Windows\Installer\394ec7.ipi
binary
MD5: 0e6a249f2afe1bec7a0062a3d0386e05
SHA256: e10bdd79c66d3e0d9116d98f6f2e9a991343bbb525925984b2742635f1b04483
3896
msiexec.exe
C:\Users\admin\AppData\Local\Temp\~DFCA4711046D37E1E1.TMP
––
MD5:  ––
SHA256:  ––
3896
msiexec.exe
C:\Windows\Installer\394ec6.msi
––
MD5:  ––
SHA256:  ––
3896
msiexec.exe
C:\System Volume Information\SPP\metadata-2
––
MD5:  ––
SHA256:  ––
3896
msiexec.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{b10da46f-de70-43e1-b6bd-0305f017d218}_OnDiskSnapshotProp
binary
MD5: 0d1496c4384411d9c7ce2a8a6a8c9129
SHA256: 1ea66cc775e95fb87567b01238f41f0263d61cb54bdf80d3b37f3986567c11f8
3896
msiexec.exe
C:\Users\admin\AppData\Local\Temp\~DF3A3DF2699FC4B3F4.TMP
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

No network activity.

Debug output strings

No debug info.