General Info

File name

na.exe

Full analysis
https://app.any.run/tasks/c6b59a5b-2027-40d4-bba9-05b9bd459883
Verdict
Malicious activity
Analysis date
5/15/2019, 16:16:51
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

adware

evasion

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

ed74e277414e5e269959089350b40ff9

SHA1

a720c5daacf4ba3afa8b9aff094dcdc8114da39b

SHA256

1d7eb8f243f62e68bf8fbba4f2de38fe598dab72658a350581879ee8c54c97c9

SSDEEP

98304:5hERX3fXdv071FCgeg0nJpR6CfiSy/jPI82ShalO9BG0nOtMhA+vZf2Vn9p:5hc+fehs/jPI82S0OFnOtV4Zf2Vn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
off

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Connects to CnC server
  • MsiExec.exe (PID: 3140)
  • desktop_media_service.exe (PID: 2688)
Loads the Task Scheduler COM API
  • MsiExec.exe (PID: 3032)
Loads the Task Scheduler DLL interface
  • na.exe (PID: 2592)
Application was dropped or rewritten from another process
  • watchdog.exe (PID: 2732)
  • desktop_media_service.exe (PID: 2688)
  • 983b543c20e16c20e864.MSIBCAE.tmp (PID: 3124)
Loads dropped or rewritten executable
  • na.exe (PID: 2592)
Reads Environment values
  • MsiExec.exe (PID: 3032)
  • MsiExec.exe (PID: 3140)
  • MsiExec.exe (PID: 1288)
Modifies files in Chrome extension folder
  • chrome.exe (PID: 1088)
Creates a software uninstall entry
  • desktop_media_service.exe (PID: 2688)
Checks for external IP
  • desktop_media_service.exe (PID: 2688)
Executable content was dropped or overwritten
  • na.exe (PID: 2592)
  • MSIBCAE.tmp (PID: 2312)
  • msiexec.exe (PID: 1000)
Creates files in the user directory
  • na.exe (PID: 2592)
Starts Microsoft Installer
  • na.exe (PID: 2592)
Application launched itself
  • chrome.exe (PID: 1088)
  • msiexec.exe (PID: 1000)
Loads dropped or rewritten executable
  • MsiExec.exe (PID: 3032)
  • MsiExec.exe (PID: 1288)
  • MsiExec.exe (PID: 3140)
Creates a software uninstall entry
  • msiexec.exe (PID: 1000)
  • MsiExec.exe (PID: 3140)
Creates files in the program directory
  • msiexec.exe (PID: 1000)
Starts application with an unusual extension
  • msiexec.exe (PID: 1000)
Application was dropped or rewritten from another process
  • MSIBCAE.tmp (PID: 2312)
Low-level read access rights to disk partition
  • vssvc.exe (PID: 2568)
Searches for installed software
  • msiexec.exe (PID: 1000)
Adds / modifies Windows certificates
  • DrvInst.exe (PID: 1580)
Changes settings of System certificates
  • DrvInst.exe (PID: 1580)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable (generic) (3.6%)
.exe
|   Generic Win/DOS Executable (1.6%)
.exe
|   DOS Executable Generic (1.5%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2019:03:20 20:48:06+01:00
PEType:
PE32
LinkerVersion:
14.16
CodeSize:
1505792
InitializedDataSize:
598528
UninitializedDataSize:
null
EntryPoint:
0x121965
OSVersion:
5.1
ImageVersion:
null
SubsystemVersion:
5.1
Subsystem:
Windows GUI
FileVersionNumber:
1.0.0.0
ProductVersionNumber:
0.0.0.0
FileFlagsMask:
0x003f
FileFlags:
Debug
FileOS:
Win32
ObjectFileType:
Dynamic link library
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Unicode
FileDescription:
Installer
FileVersion:
1
InternalName:
setup_3.6.0
LegalCopyright:
Copyright (C)
ProductName:
setup
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
20-Mar-2019 19:48:06
Detected languages
English - United States
Debug artifacts
C:\JobRelease\win\Release\stubs\x86\ExternalUi.pdb
FileDescription:
Installer
FileVersion:
1.0
InternalName:
setup_3.6.0
LegalCopyright:
Copyright (C)
ProductName:
setup
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000118
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
20-Mar-2019 19:48:06
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x0016F82F 0x0016FA00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.44146
.rdata 0x00171000 0x0005ED8E 0x0005EE00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.5644
.data 0x001D0000 0x00007114 0x00005400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 2.10655
.rsrc 0x001D8000 0x000151C4 0x00015200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.34268
.reloc 0x001EE000 0x00018DC0 0x00018E00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 6.56636
Resources
1

2

3

4

5

9

10

11

12

13

14

15

16

17

18

128

201

202

203

206

210

211

212

213

214

216

217

218

219

221

222

223

225

249

255

634

2000

4063

4064

4065

4066

10106

10107

10123

10124

10125

Imports
    KERNEL32.dll

    msi.dll (delay-loaded)

Exports

    No exports.

Screenshots

Processes

Total processes
77
Monitored processes
35
Malicious processes
2
Suspicious processes
2

Behavior graph

+
start drop and start na.exe no specs na.exe msiexec.exe msiexec.exe no specs msiexec.exe no specs vssvc.exe no specs drvinst.exe no specs msiexec.exe msibcae.tmp 983b543c20e16c20e864.msibcae.tmp no specs msiexec.exe no specs HNetCfg.FwPolicy2 no specs desktop_media_service.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs watchdog.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
980
CMD
"C:\Users\admin\AppData\Local\Temp\na.exe"
Path
C:\Users\admin\AppData\Local\Temp\na.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Description
Installer
Version
1.0
Modules
Image
c:\users\admin\appdata\local\temp\na.exe
c:\systemroot\system32\ntdll.dll

PID
2592
CMD
"C:\Users\admin\AppData\Local\Temp\na.exe"
Path
C:\Users\admin\AppData\Local\Temp\na.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Installer
Version
1.0
Modules
Image
c:\users\admin\appdata\local\temp\na.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\psapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msls31.dll
c:\windows\system32\version.dll
c:\windows\system32\mpr.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\propsys.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\msihnd.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\riched20.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\users\admin\appdata\roaming\jetmedia\nativedesktopmediaservice 3.6.0\install\decoder.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msiexec.exe
c:\windows\system32\mstask.dll

PID
1000
CMD
C:\Windows\system32\msiexec.exe /V
Path
C:\Windows\system32\msiexec.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\srclient.dll
c:\windows\system32\spp.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\es.dll
c:\windows\system32\sxs.dll
c:\windows\system32\propsys.dll
c:\windows\system32\samlib.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\installer\msibcae.tmp
c:\windows\system32\devrtl.dll

PID
1288
CMD
C:\Windows\system32\MsiExec.exe -Embedding 43C449D615FC595E992789540E33AD5E C
Path
C:\Windows\system32\MsiExec.exe
Indicators
No indicators
Parent process
msiexec.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\users\admin\appdata\local\temp\msi7ff1.tmp
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\users\admin\appdata\local\temp\msi80ae.tmp
c:\windows\system32\secur32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\microsoft office\office14\vviewer.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\gac_msil\microsoft.office.interop.excel\14.0.0.0__71e9bce111e9429c\microsoft.office.interop.excel.dll
c:\windows\assembly\gac_msil\microsoft.vbe.interop.forms\11.0.0.0__71e9bce111e9429c\microsoft.vbe.interop.forms.dll
c:\windows\assembly\gac_msil\microsoft.office.interop.graph\14.0.0.0__71e9bce111e9429c\microsoft.office.interop.graph.dll
c:\windows\assembly\gac_msil\microsoft.office.interop.outlook\14.0.0.0__71e9bce111e9429c\microsoft.office.interop.outlook.dll
c:\windows\assembly\gac_msil\microsoft.office.interop.powerpoint\14.0.0.0__71e9bce111e9429c\microsoft.office.interop.powerpoint.dll
c:\windows\assembly\gac_msil\office\14.0.0.0__71e9bce111e9429c\office.dll
c:\windows\assembly\gac_msil\microsoft.office.interop.smarttag\14.0.0.0__71e9bce111e9429c\microsoft.office.interop.smarttag.dll
c:\windows\assembly\gac_msil\microsoft.office.interop.word\14.0.0.0__71e9bce111e9429c\microsoft.office.interop.word.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\samlib.dll

PID
3936
CMD
"C:\Windows\system32\msiexec.exe" /i "C:\Users\admin\AppData\Roaming\Jetmedia\NativeDesktopMediaService 3.6.0\install\2CF5F20\NetworkDesktopMedia.msi" AI_SETUPEXEPATH=C:\Users\admin\AppData\Local\Temp\na.exe SETUPEXEDIR=C:\Users\admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup "
Path
C:\Windows\system32\msiexec.exe
Indicators
No indicators
Parent process
na.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll

PID
2568
CMD
C:\Windows\system32\vssvc.exe
Path
C:\Windows\system32\vssvc.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\atl.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\xolehlp.dll
c:\windows\system32\version.dll
c:\windows\system32\resutils.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\authz.dll
c:\windows\system32\virtdisk.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\samlib.dll
c:\windows\system32\es.dll
c:\windows\system32\propsys.dll
c:\windows\system32\catsrvut.dll
c:\windows\system32\mfcsubs.dll
c:\windows\system32\sxs.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll

PID
1580
CMD
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot18" "" "" "6792c44eb" "00000000" "000005D4" "000005D0"
Path
C:\Windows\system32\DrvInst.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Driver Installation Module
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\spinf.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\spfileq.dll

PID
3140
CMD
C:\Windows\system32\MsiExec.exe -Embedding B99231D03CB61753D4A8DCC12944B629
Path
C:\Windows\system32\MsiExec.exe
Indicators
Parent process
msiexec.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\installer\msibab8.tmp
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\installer\msibc6e.tmp
c:\windows\installer\msicbb3.tmp
c:\windows\system32\secur32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\microsoft office\office14\vviewer.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\gac_msil\microsoft.office.interop.excel\14.0.0.0__71e9bce111e9429c\microsoft.office.interop.excel.dll
c:\windows\assembly\gac_msil\microsoft.vbe.interop.forms\11.0.0.0__71e9bce111e9429c\microsoft.vbe.interop.forms.dll
c:\windows\assembly\gac_msil\microsoft.office.interop.graph\14.0.0.0__71e9bce111e9429c\microsoft.office.interop.graph.dll
c:\windows\assembly\gac_msil\microsoft.office.interop.outlook\14.0.0.0__71e9bce111e9429c\microsoft.office.interop.outlook.dll
c:\windows\assembly\gac_msil\microsoft.office.interop.powerpoint\14.0.0.0__71e9bce111e9429c\microsoft.office.interop.powerpoint.dll
c:\windows\assembly\gac_msil\office\14.0.0.0__71e9bce111e9429c\office.dll
c:\windows\assembly\gac_msil\microsoft.office.interop.smarttag\14.0.0.0__71e9bce111e9429c\microsoft.office.interop.smarttag.dll
c:\windows\assembly\gac_msil\microsoft.office.interop.word\14.0.0.0__71e9bce111e9429c\microsoft.office.interop.word.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\samlib.dll
c:\windows\installer\msicc9e.tmp
c:\windows\installer\msiccce.tmp
c:\windows\installer\msiccee.tmp
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\qmgrprxy.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\installer\msie152.tmp
c:\windows\installer\msif43f.tmp
c:\windows\installer\msif45f.tmp
c:\windows\installer\msib54.tmp
c:\windows\installer\msib74.tmp
c:\windows\installer\msib85.tmp
c:\windows\installer\msiba5.tmp
c:\windows\installer\msibb6.tmp
c:\windows\installer\msibd6.tmp
c:\windows\installer\msibf6.tmp
c:\windows\installer\msid9f.tmp
c:\windows\installer\msi3437.tmp
c:\windows\installer\msi480e.tmp

PID
2312
CMD
"C:\Windows\Installer\MSIBCAE.tmp" /p="C:\Users\admin\AppData\Local\Temp\na.exe" /p="C:\Users\admin\AppData\Roaming\Jetmedia\NativeDesktopMediaService 3.6.0\install\2CF5F20\NetworkDesktopMedia.msi" /p="C:\Program Files\Jetmedia\NativeDesktopMediaService" /p="" /p=""
Path
C:\Windows\Installer\MSIBCAE.tmp
Indicators
Parent process
msiexec.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\windows\installer\msibcae.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\983b543c20e16c20e864.msibcae.tmp

PID
3124
CMD
"C:\Users\admin\AppData\Local\Temp\983b543c20e16c20e864.MSIBCAE.tmp" $$MlIRblznbChQCNYZKQjiNSj0_j1LSZr5QxYDtZ9q34QPEnVP3F5udIe8IpzR7dKZME6qzvZZ6cfuBQFizPgDj7yz7WBrAOCnlTUFWt1y_X7z56cK_LYzjktevxujDd7_mGAdMSwgLLhCYgLw5zmZL9KRIyV4_krc6z3lRDjidOJCF7wUQv72etV7A7TUzn9N4IF40ojv0REcRnV4rgIIMhzlxXYJSvjKXA6oEUdgb6411X22NXJYlRj5wZOp7R1i-VgckZ7rx4Q1vWoRhv-9T05H6FFSEuZSRSL0Cxz8161cjb5lTEZovRmJPbCJrgFfIfgPxdF5JvIJGXDJwUVRozZymtm-7D24MIw8jKVKqUSB5D3Ga9Gxzg1BEy6mQ-VvsydeIL1zQbT91iLnR3dKlxVt7pdRovmPRIB6QQzmhhsgyBAfQ_d2UzRZLnznOABsqA57hBNSjc0Sd_EoCX8RmMRa7t6LY7pdN464z6qRjCeYs7nfjILhLBz7tiXJxVweiKVwN4aZBzTfxHkOfeiyUnsdcXTGtzxgTNkw-nBdTCWbU90COP5-7wfYgakCTbFTVOjSsa9uLBQpM6ZEFj4KF7GcH8owNm_nfAAxJndNVYlz3oAZv0wbADMiVGQ5BSrnDsffqC3em60AVQ7aSlnEfFQh_rSjqFk_IuI2n7AeWt88R54KSXHqQL3WFBu6h7dr9RMwo8k0$$
Path
C:\Users\admin\AppData\Local\Temp\983b543c20e16c20e864.MSIBCAE.tmp
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\983b543c20e16c20e864.msibcae.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll

PID
3032
CMD
C:\Windows\system32\MsiExec.exe -Embedding F138B212863F860E7115E10C3F9C1BD5 M Global\MSI0000
Path
C:\Windows\system32\MsiExec.exe
Indicators
No indicators
Parent process
msiexec.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\installer\msica4.tmp
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\xmllite.dll
c:\windows\installer\msie3c.tmp
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\installer\msie8b.tmp
c:\windows\system32\comsvcs.dll
c:\windows\system32\atl.dll
c:\windows\system32\sxs.dll
c:\windows\system32\firewallapi.dll
c:\windows\installer\msi1246.tmp

PID
1856
CMD
C:\Windows\system32\DllHost.exe /Processid:{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}
Path
C:\Windows\system32\DllHost.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
COM Surrogate
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\dllhost.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\sxs.dll

PID
2688
CMD
"C:\Program Files\Jetmedia\NativeDesktopMediaService\desktop_media_service.exe" --service
Path
C:\Program Files\Jetmedia\NativeDesktopMediaService\desktop_media_service.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Description
Version
Modules
Image
c:\program files\jetmedia\nativedesktopmediaservice\desktop_media_service.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\version.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\qmgrprxy.dll
c:\windows\system32\wship6.dll

PID
1088
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe"
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\ie4uinit.exe
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\imagehlp.dll
c:\program files\winrar\rarext.dll
c:\program files\microsoft office\office14\olkfstub.dll
c:\progra~1\micros~1\office14\mlshext.dll
c:\program files\microsoft office\office14\onfilter.dll
c:\program files\microsoft office\office14\visshe.dll
c:\program files\common files\microsoft shared\office14\msoshext.dll
c:\program files\microsoft office\office14\msohevi.dll
c:\windows\system32\mf.dll
c:\windows\system32\shdocvw.dll
c:\program files\filezilla ftp client\fzshellext.dll
c:\windows\system32\syncui.dll
c:\program files\notepad++\nppshell_06.dll
c:\program files\windows sidebar\sbdrop.dll
c:\windows\system32\stobject.dll
c:\windows\system32\cryptext.dll
c:\windows\system32\colorui.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\winspool.drv
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll

PID
1700
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=73.0.3683.75 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6f600f18,0x6f600f28,0x6f600f34
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
1212
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3048 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_watcher.dll

PID
3908
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=960,2205831059465165369,14768757705455383538,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=15575648688057993027 --mojo-platform-channel-handle=956 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\73.0.3683.75\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\73.0.3683.75\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\73.0.3683.75\swiftshader\libegl.dll

PID
2320
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,2205831059465165369,14768757705455383538,131072 --enable-features=PasswordImport --service-pipe-token=1366851129051796946 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1366851129051796946 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1996 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2316
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,2205831059465165369,14768757705455383538,131072 --enable-features=PasswordImport --service-pipe-token=10012069802402205630 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10012069802402205630 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2152 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2492
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,2205831059465165369,14768757705455383538,131072 --enable-features=PasswordImport --service-pipe-token=3530331456729599333 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3530331456729599333 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2176 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
900
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,2205831059465165369,14768757705455383538,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=15467969135120208050 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15467969135120208050 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1892
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,2205831059465165369,14768757705455383538,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=8610334159383415922 --mojo-platform-channel-handle=4048 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3484
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,2205831059465165369,14768757705455383538,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=5528420464491744175 --mojo-platform-channel-handle=4012 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2460
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,2205831059465165369,14768757705455383538,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=421037772552158449 --mojo-platform-channel-handle=4228 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3104
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,2205831059465165369,14768757705455383538,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=9514609221138197890 --mojo-platform-channel-handle=4204 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3848
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,2205831059465165369,14768757705455383538,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=7728236955449854553 --mojo-platform-channel-handle=4284 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3972
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,2205831059465165369,14768757705455383538,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=13415012016356806189 --mojo-platform-channel-handle=4288 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1032
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,2205831059465165369,14768757705455383538,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=11966849095484833367 --mojo-platform-channel-handle=4260 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3624
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,2205831059465165369,14768757705455383538,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=2147155938788564829 --mojo-platform-channel-handle=4328 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2088
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,2205831059465165369,14768757705455383538,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=10509091376534894062 --mojo-platform-channel-handle=4604 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1804
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,2205831059465165369,14768757705455383538,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=6622772580229384167 --mojo-platform-channel-handle=4584 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2648
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=960,2205831059465165369,14768757705455383538,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=16518309504336125322 --mojo-platform-channel-handle=4280 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll

PID
3064
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,2205831059465165369,14768757705455383538,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=15841568763537834802 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15841568763537834802 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2560 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3532
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,2205831059465165369,14768757705455383538,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=14662950165656960813 --mojo-platform-channel-handle=2752 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sendmail.dll
c:\windows\system32\zipfldr.dll
c:\windows\system32\fxsresm.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll

PID
2732
CMD
"C:\Program Files\Jetmedia\NativeDesktopMediaService\watchdog.exe" NativeDesktopMediaService
Path
C:\Program Files\Jetmedia\NativeDesktopMediaService\watchdog.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\program files\jetmedia\nativedesktopmediaservice\watchdog.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll

Registry activity

Total events
1552
Read events
1132
Write events
407
Delete events
13

Modification events

PID
Process
Operation
Key
Name
Value
1000
msiexec.exe
delete key
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E
1000
msiexec.exe
delete key
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62
1000
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
1000
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback
1000
msiexec.exe
delete key
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
1000
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
SrCreateRp (Enter)
4000000000000000FDC704EB280BD501E8030000200D0000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppCreate (Enter)
4000000000000000FDC704EB280BD501E8030000200D0000D0070000000000000000000000000000000000000000000000000000000000000000000000000000
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
LastIndex
20
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppGatherWriterMetadata (Enter)
40000000000000000D2664EB280BD501E8030000200D0000D3070000000000000000000000000000000000000000000000000000000000000000000000000000
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
IDENTIFY (Enter)
4000000000000000678866EB280BD501E8030000180C0000E80300000100000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
IDENTIFY (Leave)
4000000000000000493031EC280BD501E8030000180C0000E80300000000000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppGatherWriterMetadata (Leave)
40000000000000003F2B9FF1280BD501E8030000200D0000D3070000010000000000000000000000000000000000000000000000000000000000000000000000
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppAddInterestingComponents (Enter)
40000000000000003F2B9FF1280BD501E8030000200D0000D4070000000000000000000000000000000000000000000000000000000000000000000000000000
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppAddInterestingComponents (Leave)
4000000000000000B5DBAFF1280BD501E8030000200D0000D4070000010000000000000000000000000000000000000000000000000000000000000000000000
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
PREPAREBACKUP (Enter)
400000000000000039B3C7F1280BD501E8030000CC090000E90300000100000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
PREPAREBACKUP (Leave)
4000000000000000D9D8EDF1280BD501E8030000CC090000E90300000000000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
GETSTATE (Enter)
4000000000000000D9D8EDF1280BD501E8030000AC060000F90300000100000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
GETSTATE (Leave)
40000000000000009BC4F9F1280BD501E8030000AC060000F90300000000000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
DOSNAPSHOT (Enter)
4000000000000000A9EB00F2280BD501E8030000200D00000A0400000100000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
DOSNAPSHOT (Leave)
4000000000000000CBDE17F3280BD501E8030000BC0400000A0400000000000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppCreate (Leave)
400000000000000025411AF3280BD501E8030000200D0000D0070000010000000000000000000000000000000000000000000000000000000000000000000000
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
SrCreateRp (Leave)
400000000000000025411AF3280BD501E8030000200D0000D5070000010000000000000000000000000000000000000000000000000000000000000000000000
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
FirstRun
0
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
LastIndex
20
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
NestingLevel
1
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
StartNesting
FDC704EB280BD501
1000
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Owner
E80300000DF932EA280BD501
1000
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
SessionHash
EDBDB06157C1E1283D339DF31B212FF08508E477CEE5D7D6F1AF80C92F2624C8
1000
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Sequence
1
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
C:\Windows\Installer\13b8d6.ipi
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Config.Msi\
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\13b8d7.rbs
30739249
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\13b8d7.rbsLow
1637469296
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC709AE344971F940A612500314D7368
883B9FC4AF873C644B9091F62EFCF502
02:\Software\Jetmedia\NativeDesktopMediaService\VendorId
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F607D05DC5F63594BBF3B2461B7B7CA5
883B9FC4AF873C644B9091F62EFCF502
02:\Software\Caphyon\Advanced Installer\LZMA\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}\3.6.0\AI_ExePath
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A259754BDFFFF3E42968FEB19C2EBD54
883B9FC4AF873C644B9091F62EFCF502
02:\Software\Jetmedia\NativeDesktopMediaService\VendorId2
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF2BB7EFF73EB794C877730D308C6165
883B9FC4AF873C644B9091F62EFCF502
C:\Program Files\Jetmedia\NativeDesktopMediaService\watchdog.exe
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E58E972E9A5A30C4BAC65C0CF48B48BD
883B9FC4AF873C644B9091F62EFCF502
02:\Software\Jetmedia\NativeDesktopMediaService\InstanceId
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\307D253A70CB21E43A4374E451D0A397
883B9FC4AF873C644B9091F62EFCF502
02:\Software\Jetmedia\NativeDesktopMediaService\Path
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C5E0BF6B88796ED4698E84C44FF06ABF
883B9FC4AF873C644B9091F62EFCF502
02:\Software\Jetmedia\NativeDesktopMediaService\Uninstall
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEB2302CB75968B4AA5F1F6D7E8D4919
883B9FC4AF873C644B9091F62EFCF502
02:\Software\Jetmedia\NativeDesktopMediaService\ServiceName
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF31675ED828A0D459AB9F9BF98DDA5D
883B9FC4AF873C644B9091F62EFCF502
02:\Software\Jetmedia\NativeDesktopMediaService\RegisterDate
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9046CFD34DC49EA45866E320C474DB92
883B9FC4AF873C644B9091F62EFCF502
02:\Software\Jetmedia\NativeDesktopMediaService\VendorId1
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9ED1AE69FBB90AC4EB48676326125C43
883B9FC4AF873C644B9091F62EFCF502
02:\Software\Jetmedia\NativeDesktopMediaService\VendorId3
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE00CF65812E73D43A032920E4C893F2
883B9FC4AF873C644B9091F62EFCF502
02:\Software\Jetmedia\NativeDesktopMediaService\VendorId4
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8639A60AF9BDE664EBC129671F855071
883B9FC4AF873C644B9091F62EFCF502
C:\Program Files\Jetmedia\NativeDesktopMediaService\desktop_media_service.exe
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C2266F4C90F7AAF4A995C1F6CC11F75C
883B9FC4AF873C644B9091F62EFCF502
02:\Software\Jetmedia\NativeDesktopMediaService\Version
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C7949F95D258C47BA2032F20EA40AC
883B9FC4AF873C644B9091F62EFCF502
C:\ProgramData\Jetmedia\NativeDesktopMediaService\comdata.dat
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\Jetmedia\NativeDesktopMediaService\
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\Jetmedia\
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\ProgramData\Jetmedia\NativeDesktopMediaService\
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\ProgramData\Jetmedia\
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Caphyon\Advanced Installer\LZMA\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}\3.6.0
AI_ExePath
C:\Users\admin\AppData\Local\Temp\na.exe
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Jetmedia\NativeDesktopMediaService
VendorId
na
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Jetmedia\NativeDesktopMediaService
InstanceId
573FD9E8-0C22-4320-D4F2-64972B2044E9
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Jetmedia\NativeDesktopMediaService
Uninstall
C:\Windows\system32\msiexec.exe /x {4CF9B388-78FA-46C3-B409-196FE2CF5F20}
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Jetmedia\NativeDesktopMediaService
ServiceName
NativeDesktopMediaService
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Jetmedia\NativeDesktopMediaService
RegisterDate
1557929873
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Jetmedia\NativeDesktopMediaService
VendorId1
na
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Jetmedia\NativeDesktopMediaService
Version
3.6.0
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Jetmedia\NativeDesktopMediaService
Path
C:\Program Files\Jetmedia\NativeDesktopMediaService\
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Jetmedia\NativeDesktopMediaService
VendorId2
na
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Jetmedia\NativeDesktopMediaService
VendorId3
na
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Jetmedia\NativeDesktopMediaService
VendorId4
na
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883B9FC4AF873C644B9091F62EFCF502\InstallProperties
LocalPackage
C:\Windows\Installer\13b8d8.msi
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883B9FC4AF873C644B9091F62EFCF502\InstallProperties
AuthorizedCDFPrefix
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883B9FC4AF873C644B9091F62EFCF502\InstallProperties
Comments
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883B9FC4AF873C644B9091F62EFCF502\InstallProperties
Contact
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883B9FC4AF873C644B9091F62EFCF502\InstallProperties
DisplayVersion
3.6.0
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883B9FC4AF873C644B9091F62EFCF502\InstallProperties
HelpLink
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883B9FC4AF873C644B9091F62EFCF502\InstallProperties
HelpTelephone
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883B9FC4AF873C644B9091F62EFCF502\InstallProperties
InstallDate
20190515
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883B9FC4AF873C644B9091F62EFCF502\InstallProperties
InstallLocation
C:\Program Files\Jetmedia\NativeDesktopMediaService\
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883B9FC4AF873C644B9091F62EFCF502\InstallProperties
InstallSource
C:\Users\admin\AppData\Roaming\Jetmedia\NativeDesktopMediaService 3.6.0\install\2CF5F20\
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883B9FC4AF873C644B9091F62EFCF502\InstallProperties
ModifyPath
MsiExec.exe /X{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883B9FC4AF873C644B9091F62EFCF502\InstallProperties
NoModify
1
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883B9FC4AF873C644B9091F62EFCF502\InstallProperties
NoRepair
1
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883B9FC4AF873C644B9091F62EFCF502\InstallProperties
Publisher
Jetmedia
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883B9FC4AF873C644B9091F62EFCF502\InstallProperties
Readme
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883B9FC4AF873C644B9091F62EFCF502\InstallProperties
Size
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883B9FC4AF873C644B9091F62EFCF502\InstallProperties
EstimatedSize
3016
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883B9FC4AF873C644B9091F62EFCF502\InstallProperties
UninstallString
MsiExec.exe /X{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883B9FC4AF873C644B9091F62EFCF502\InstallProperties
URLInfoAbout
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883B9FC4AF873C644B9091F62EFCF502\InstallProperties
URLUpdateInfo
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883B9FC4AF873C644B9091F62EFCF502\InstallProperties
VersionMajor
3
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883B9FC4AF873C644B9091F62EFCF502\InstallProperties
VersionMinor
6
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883B9FC4AF873C644B9091F62EFCF502\InstallProperties
WindowsInstaller
1
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883B9FC4AF873C644B9091F62EFCF502\InstallProperties
Version
50724864
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883B9FC4AF873C644B9091F62EFCF502\InstallProperties
Language
1033
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
AuthorizedCDFPrefix
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
Comments
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
Contact
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
DisplayVersion
3.6.0
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
HelpLink
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
HelpTelephone
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
InstallDate
20190515
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
InstallLocation
C:\Program Files\Jetmedia\NativeDesktopMediaService\
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
InstallSource
C:\Users\admin\AppData\Roaming\Jetmedia\NativeDesktopMediaService 3.6.0\install\2CF5F20\
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
ModifyPath
MsiExec.exe /X{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
NoModify
1
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
NoRepair
1
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
Publisher
Jetmedia
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
Readme
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
Size
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
EstimatedSize
3016
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
UninstallString
MsiExec.exe /X{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
URLInfoAbout
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
URLUpdateInfo
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
VersionMajor
3
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
VersionMinor
6
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
WindowsInstaller
1
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
Version
50724864
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
Language
1033
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\9570E11754236C944A0D5BEE992BCE2A
883B9FC4AF873C644B9091F62EFCF502
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883B9FC4AF873C644B9091F62EFCF502\InstallProperties
DisplayName
NativeDesktopMediaService
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
DisplayName
NativeDesktopMediaService
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\883B9FC4AF873C644B9091F62EFCF502
MainFeature
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883B9FC4AF873C644B9091F62EFCF502\Features
MainFeature
6mm.8w)'j?,[i+!y[[email protected]?^uR4H_-$3EIThzb_ld0ALU2}+KpON=T{4lzPRR]?039wkaiqaCwh)lqr.^[email protected]*!WoNdnQ]L5s*[email protected]~l1&[email protected]][email protected](*neT-lV=D^[email protected]'p_jdzQPbm{oHw7!'R)@T7Af!M8?K1[SnRXqtG^@njrR5P^]z4i{BzCR([email protected]=8o!l}-33*cIW[X}0_=bq6,N5yuI*s`lAhUuH[ARwKeKKRHPhR{8-y&)[email protected](XBpvRrvwi
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883B9FC4AF873C644B9091F62EFCF502\Patches
AllPatches
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\883B9FC4AF873C644B9091F62EFCF502
ProductName
NativeDesktopMediaService
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\883B9FC4AF873C644B9091F62EFCF502
PackageCode
3D004AA8E6EB9DC4A898EADBB75AC25B
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\883B9FC4AF873C644B9091F62EFCF502
Language
1033
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\883B9FC4AF873C644B9091F62EFCF502
Version
50724864
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\883B9FC4AF873C644B9091F62EFCF502
Assignment
1
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\883B9FC4AF873C644B9091F62EFCF502
AdvertiseFlags
388
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\883B9FC4AF873C644B9091F62EFCF502
InstanceType
0
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\883B9FC4AF873C644B9091F62EFCF502
AuthorizedLUAApp
0
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\883B9FC4AF873C644B9091F62EFCF502
DeploymentFlags
3
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\9570E11754236C944A0D5BEE992BCE2A
883B9FC4AF873C644B9091F62EFCF502
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\883B9FC4AF873C644B9091F62EFCF502\SourceList
PackageName
NetworkDesktopMedia.msi
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\883B9FC4AF873C644B9091F62EFCF502\SourceList\Net
1
C:\Users\admin\AppData\Roaming\Jetmedia\NativeDesktopMediaService 3.6.0\install\2CF5F20\
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\883B9FC4AF873C644B9091F62EFCF502\SourceList\Media
DiskPrompt
[1]
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\883B9FC4AF873C644B9091F62EFCF502\SourceList\Media
1
;
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\883B9FC4AF873C644B9091F62EFCF502
Clients
:
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\883B9FC4AF873C644B9091F62EFCF502\SourceList
LastUsedSource
n;1;C:\Users\admin\AppData\Roaming\Jetmedia\NativeDesktopMediaService 3.6.0\install\2CF5F20\
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
StringCacheGeneration
99
1000
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
NestingLevel
0
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Enter)
400000000000000091FD7BEB280BD501080A0000D0030000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Enter)
400000000000000091FD7BEB280BD501080A0000F00E0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Enter)
400000000000000091FD7BEB280BD501080A0000B0030000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Enter)
400000000000000091FD7BEB280BD501080A0000180D0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Leave)
4000000000000000F98685EB280BD501080A0000F00E0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Leave)
4000000000000000F98685EB280BD501080A0000D0030000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Leave)
4000000000000000AD4B8AEB280BD501080A0000180D0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Leave)
400000000000000007AE8CEB280BD501080A0000B0030000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_BEGINPREPARE (Enter)
400000000000000085EEC2F1280BD501080A0000B0030000010400000100000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_BEGINPREPARE (Leave)
4000000000000000DF50C5F1280BD501080A0000B0030000010400000000000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPAREBACKUP (Enter)
400000000000000009C6DAF1280BD501080A0000B0030000E90300000100000001000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPAREBACKUP (Enter)
400000000000000009C6DAF1280BD501080A0000180D0000E90300000100000001000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPAREBACKUP (Enter)
400000000000000009C6DAF1280BD501080A0000D0030000E90300000100000001000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPAREBACKUP (Leave)
40000000000000006328DDF1280BD501080A0000B0030000E90300000000000001000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_STABLE (SetCurrentState)
40000000000000006328DDF1280BD501080A0000B0030000010000000100000001000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPAREBACKUP (Leave)
4000000000000000BD8ADFF1280BD501080A0000180D0000E90300000000000001000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_STABLE (SetCurrentState)
4000000000000000BD8ADFF1280BD501080A0000180D0000010000000100000001000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPAREBACKUP (Leave)
4000000000000000BD8ADFF1280BD501080A0000D0030000E90300000000000001000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_STABLE (SetCurrentState)
4000000000000000BD8ADFF1280BD501080A0000D0030000010000000100000001000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
GETSTATE (Enter)
40000000000000009BC4F9F1280BD501080A0000D0030000F90300000100000001000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
GETSTATE (Enter)
40000000000000009BC4F9F1280BD501080A0000180D0000F90300000100000001000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
GETSTATE (Enter)
40000000000000009BC4F9F1280BD501080A0000B0030000F90300000100000001000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
GETSTATE (Leave)
40000000000000009BC4F9F1280BD501080A0000B0030000F90300000000000001000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
GETSTATE (Leave)
40000000000000009BC4F9F1280BD501080A0000D0030000F90300000000000001000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
GETSTATE (Leave)
40000000000000009BC4F9F1280BD501080A0000180D0000F90300000000000001000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_ENDPREPARE (Enter)
4000000000000000A9EB00F2280BD501080A00004C080000020400000100000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_ENDPREPARE (Leave)
4000000000000000CF1F97F2280BD501080A00004C080000020400000000000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
PREPARESNAPSHOT (Enter)
4000000000000000298299F2280BD501080A00004C080000EA0300000100000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPARESNAPSHOT (Enter)
400000000000000045D0A7F2280BD501080A0000FC0D0000EA0300000100000001000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPARESNAPSHOT (Enter)
400000000000000045D0A7F2280BD501080A0000440A0000EA0300000100000001000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPARESNAPSHOT (Enter)
400000000000000045D0A7F2280BD501080A00006C0F0000EA0300000100000001000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPARESNAPSHOT (Leave)
40000000000000006F45BDF2280BD501080A00006C0F0000EA0300000000000001000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
40000000000000006F45BDF2280BD501080A00006C0F0000020000000100000001000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPARESNAPSHOT (Leave)
40000000000000006F45BDF2280BD501080A0000440A0000EA0300000000000001000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
40000000000000006F45BDF2280BD501080A0000440A0000020000000100000001000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPARESNAPSHOT (Leave)
4000000000000000C9A7BFF2280BD501080A0000FC0D0000EA0300000000000001000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
4000000000000000C9A7BFF2280BD501080A0000FC0D0000020000000100000001000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
PREPARESNAPSHOT (Leave)
40000000000000000F6BE3F2280BD501080A00004C080000EA0300000000000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE (Enter)
40000000000000000F6BE3F2280BD501080A00004C080000EB0300000100000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_FRONT (Enter)
40000000000000000F6BE3F2280BD501080A00004C080000EC0300000100000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
FREEZE (Enter)
4000000000000000C32FE8F2280BD501080A0000FC0D0000EB0300000100000002000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
FREEZE (Leave)
4000000000000000C32FE8F2280BD501080A0000FC0D0000EB0300000000000002000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
4000000000000000C32FE8F2280BD501080A0000FC0D0000030000000100000002000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BKGND_FREEZE_THREAD (Enter)
4000000000000000C32FE8F2280BD501080A0000D00A0000FC0300000100000003000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_FRONT (Leave)
40000000000000001D92EAF2280BD501080A00004C080000EC0300000000000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_BACK (Enter)
40000000000000001D92EAF2280BD501080A00004C080000ED0300000100000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_BACK (Leave)
400000000000000077F4ECF2280BD501080A00004C080000ED0300000000000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_SYSTEM (Enter)
400000000000000077F4ECF2280BD501080A00004C080000EE0300000100000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
FREEZE (Enter)
40000000000000002BB9F1F2280BD501080A00006C0F0000EB0300000100000002000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
FREEZE (Leave)
40000000000000002BB9F1F2280BD501080A00006C0F0000EB0300000000000002000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
40000000000000002BB9F1F2280BD501080A00006C0F0000030000000100000002000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BKGND_FREEZE_THREAD (Enter)
40000000000000002BB9F1F2280BD501080A0000B00B0000FC0300000100000003000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_SYSTEM (Leave)
4000000000000000DF7DF6F2280BD501080A00004C080000EE0300000000000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_KTM (Enter)
4000000000000000DF7DF6F2280BD501080A00004C080000F00300000100000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_KTM (Leave)
4000000000000000DF7DF6F2280BD501080A00004C080000F00300000000000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_RM (Enter)
4000000000000000DF7DF6F2280BD501080A00004C080000EF0300000100000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
FREEZE (Enter)
400000000000000039E0F8F2280BD501080A0000FC000000EB0300000100000002000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
FREEZE (Leave)
4000000000000000A16902F3280BD501080A0000FC000000EB0300000000000002000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
4000000000000000A16902F3280BD501080A0000FC000000030000000100000002000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BKGND_FREEZE_THREAD (Enter)
4000000000000000A16902F3280BD501080A000098010000FC0300000100000003000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_RM (Leave)
4000000000000000A16902F3280BD501080A00004C080000EF0300000000000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE (Leave)
4000000000000000A16902F3280BD501080A00004C080000EB0300000000000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PRECOMMIT (Enter)
4000000000000000A16902F3280BD501080A00004C080000030400000100000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PRECOMMIT (Leave)
4000000000000000A16902F3280BD501080A00004C080000030400000000000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
OPEN_VOLUME_HANDLE (Enter)
4000000000000000A16902F3280BD501080A00004C080000FD0300000100000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
OPEN_VOLUME_HANDLE (Enter)
4000000000000000A16902F3280BD501080A000054040000FD0300000100000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
OPEN_VOLUME_HANDLE (Leave)
400000000000000063550EF3280BD501080A000054040000FD0300000000000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
OPEN_VOLUME_HANDLE (Leave)
400000000000000063550EF3280BD501080A00004C080000FD0300000000000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_FLUSH_AND_HOLD (Enter)
400000000000000063550EF3280BD501080A000054040000FE0300000100000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_FLUSH_AND_HOLD (Leave)
4000000000000000717C15F3280BD501080A000054040000FE0300000000000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_RELEASE (Enter)
4000000000000000717C15F3280BD501080A000054040000FF0300000100000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_RELEASE (Leave)
4000000000000000717C15F3280BD501080A000054040000FF0300000000000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_FLUSH_AND_HOLD (Enter)
400000000000000063550EF3280BD501080A00004C080000FE0300000100000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_FLUSH_AND_HOLD (Leave)
4000000000000000717C15F3280BD501080A00004C080000FE0300000000000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_RELEASE (Enter)
4000000000000000717C15F3280BD501080A00004C080000FF030000010000000000000000000000000000000000000000000000000000000000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_RELEASE (Leave)
4000000000000000717C15F3280BD501080A00004C080000FF030000000000000000000000000000000000000000000000000000000000000000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_COMMIT (Enter)
4000000000000000717C15F3280BD501080A0000C4040000040400000100000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_COMMIT (Leave)
4000000000000000717C15F3280BD501080A0000C4040000040400000000000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTCOMMIT (Enter)
4000000000000000717C15F3280BD501080A00004C080000050400000100000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTCOMMIT (Leave)
4000000000000000CBDE17F3280BD501080A00004C080000050400000000000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW_KTM (Enter)
4000000000000000CBDE17F3280BD501080A00004C080000F40300000100000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW_KTM (Leave)
4000000000000000CBDE17F3280BD501080A00004C080000F40300000000000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW (Enter)
4000000000000000CBDE17F3280BD501080A00004C080000F20300000100000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
THAW (Enter)
40000000000000008DCA23F3280BD501080A0000BC0D0000F20300000100000003000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
THAW (Enter)
40000000000000008DCA23F3280BD501080A0000440A0000F20300000100000003000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BKGND_FREEZE_THREAD (Leave)
40000000000000008DCA23F3280BD501080A0000D00A0000FC0300000000000003000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BKGND_FREEZE_THREAD (Leave)
40000000000000008DCA23F3280BD501080A000098010000FC0300000000000003000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
THAW (Enter)
40000000000000008DCA23F3280BD501080A00005C0F0000F20300000100000003000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
THAW (Leave)
40000000000000008DCA23F3280BD501080A0000BC0D0000F20300000000000003000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
THAW (Leave)
40000000000000008DCA23F3280BD501080A0000440A0000F20300000000000003000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BKGND_FREEZE_THREAD (Leave)
40000000000000008DCA23F3280BD501080A0000B00B0000FC0300000000000003000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
40000000000000008DCA23F3280BD501080A0000BC0D0000040000000100000003000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
40000000000000008DCA23F3280BD501080A0000440A0000040000000100000003000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
THAW (Leave)
40000000000000008DCA23F3280BD501080A00005C0F0000F20300000000000003000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
40000000000000008DCA23F3280BD501080A00005C0F0000040000000100000003000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW (Leave)
40000000000000008DCA23F3280BD501080A00004C080000F20300000000000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PREFINALCOMMIT (Enter)
40000000000000008DCA23F3280BD501080A00004C080000060400000100000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PREFINALCOMMIT (Leave)
400000000000000057655FF3280BD501080A00004C080000060400000000000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
POSTSNAPSHOT (Enter)
400000000000000057655FF3280BD501080A00004C080000F50300000100000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
POSTSNAPSHOT (Enter)
400000000000000073B36DF3280BD501080A00006C0F0000F50300000100000004000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
POSTSNAPSHOT (Enter)
400000000000000073B36DF3280BD501080A0000FC000000F50300000100000004000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
POSTSNAPSHOT (Enter)
400000000000000073B36DF3280BD501080A00005C0F0000F50300000100000004000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
POSTSNAPSHOT (Leave)
4000000000000000CD1570F3280BD501080A0000FC000000F50300000000000004000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
4000000000000000CD1570F3280BD501080A0000FC000000050000000100000004000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
POSTSNAPSHOT (Leave)
4000000000000000CD1570F3280BD501080A00006C0F0000F50300000000000004000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
4000000000000000CD1570F3280BD501080A00006C0F0000050000000100000004000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
POSTSNAPSHOT (Leave)
40000000000000002BE622F4280BD501080A00005C0F0000F50300000000000004000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
40000000000000002BE622F4280BD501080A00005C0F0000050000000100000004000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
POSTSNAPSHOT (Leave)
40000000000000002BE622F4280BD501080A00004C080000F50300000000000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTFINALCOMMIT (Enter)
40000000000000002BE622F4280BD501080A00004C080000070400000100000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTFINALCOMMIT (Leave)
4000000000000000FBF835F4280BD501080A00004C080000070400000000000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
BACKUPSHUTDOWN (Enter)
4000000000000000174744F4280BD501080A00004C080000FB0300000100000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BACKUPSHUTDOWN (Enter)
4000000000000000CB0B49F4280BD501080A0000FC0D0000FB0300000100000005000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BACKUPSHUTDOWN (Enter)
4000000000000000CB0B49F4280BD501080A0000440A0000FB0300000100000005000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BACKUPSHUTDOWN (Leave)
4000000000000000CB0B49F4280BD501080A0000FC0D0000FB0300000000000005000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BACKUPSHUTDOWN (Leave)
4000000000000000CB0B49F4280BD501080A0000440A0000FB0300000000000005000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BACKUPSHUTDOWN (Enter)
4000000000000000CB0B49F4280BD501080A00005C0F0000FB0300000100000005000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BACKUPSHUTDOWN (Leave)
4000000000000000CB0B49F4280BD501080A00005C0F0000FB0300000000000005000000000000000073688AA495A3438172DF1D533883C10000000000000000
2568
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
BACKUPSHUTDOWN (Leave)
4000000000000000CB0B49F4280BD501080A00004C080000FB0300000000000000000000000000000073688AA495A3438172DF1D533883C10000000000000000
1580
DrvInst.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
1580
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
0F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE09000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030353000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C01400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB5748501D00000001000000100000005B3B67000EEB80022E42605B6B3B72400B000000010000000E000000740068006100770074006500000003000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B812000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
1580
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
190000000100000010000000DC73F9B71E16D51D26527D32B11A6A3D03000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B810B000000010000000E00000074006800610077007400650000001D00000001000000100000005B3B67000EEB80022E42605B6B3B72401400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB57485053000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703030F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE2000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
3140
MsiExec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
3140
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4D0888BE-2F43-E789-4DE7-DA8ED57FBE3A}
cd77f991
01BEB59F6C0500010000004000000040000000501FF374BAB5EBDF01887904F4CB72AE58781EF191580CF025DF60B25BF935C136EEEFFFBA2ED45CA320033D90BECAEB3E52C0B6A128FF9D5B551E09ED24C68CF9AE0DD9CEF806BC89905816D448C5E8
3140
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4D0888BE-2F43-E789-4DE7-DA8ED57FBE3A}
cd77f991
01976C33D805000100000040000000400000000401C64F3A26A98A9236EC3B78D931A2FD504225D1E3FB37463D9268960DD23B131CBEBD76D6C106D9DED7388044CFE027F813908183DBDAC1F36A03B13E4439138580A803710402AF1D970EAD11708D
3140
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4D0888BE-2F43-E789-4DE7-DA8ED57FBE3A}
7e34172e
01233761CF0500010000001C0000001C000000C527E4B3A8E85030CE26E1450C4EF893DE6D20996D8B02B1408CA566111058EC58FECE19D9775B777C2F0796
3140
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
cd77f991
01E3A7CF58050001000000400000004000000038627FB19B4EBCBED1B4AEEBCF9958D36280A15DEC4B93E07910606ABE2CA785130ACED31C52B7970D9653262D8E4EA78F334C38C7FD84FE2CB2CC0CB60A572AA9E1F61163137FFED9E5D78163DAF023
3140
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
cd77f991
019F4064A90500010000004000000040000000C64002A29C34EB72F9DEAD4C36F8D96C45048F66EA339FBD269A79FFEB070BB83D67BBA63B67502E5B6F60E2A44C71EF90B1FA7660B4E92B4D35C953A214D69DA30BCFADBE7EBFE1D9174322325BCF42
3140
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B4CD726-7EF9-8434-4EEA-5F1DAB018183}
f6057a2d
01EDC102C8050301000000E00100007F0200001F7ECF4E9CE203FD709ECEAC3DC4E8D6F361CE9F0D80851CE4A1D3EF6BCBEB16A75A1A1B5D596FD7770C62220C5D3339452252F6872B64E835664ED9C9EFCDF01DC3745F3D37C7FD63BEF66AFC2B6337C493991D4F5186A556D3A741E375B86CB87A5D1FDF8330A179C5D89485B13E17EE1A54C470D76802C3EF64D6254B7EB3E5DB89C12E2AD53F48E5A66B4117AD4E2283BA11AD4982EBA47912EA0CCCDA843A9A8E2444CF93D7631B51ACED586276D68E3D43DC49286FA195C0B3BBAEB2091A64A4AF24E5384EC38145E3E7C44A3028A1310614384007790240555CF21007237552C4DDBEF38F610C0A0A5F437C02774561B9888516ABBB038C8169CAA2518A0C6F012121D4F5AA4F9CF5601FDB8E6B1DA5FF24E0D6257D47705E60D1D8E67D55532DF11F130982E163D755680ADF4349378FBF2898B4BCDE66AB687EBBBE68A4BF5462C60F423EA232EE460212B173F187AF58D0BE6E6E316A0C076559A37D3244EB2D264CE0D4DD602BFD615C051EE104F492148C32BB4EF506388263A8B897ADBCDCFEC15BC9BC0BFF97CF34E82D6B51E5E920531DD0EC24E2E500DE7CD719441EEA529C623AD563C2366378786AA6CCB21A14136FA01E1D25E3D9CF2A880A6C49587BAD653615A2B8FFEA3BBAFAB194FFC2C767544748B79BBE1DBAB3B222C3C9866F86ECB0F2274E190E289B
3140
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
cd77f991
01FB5C7BE20500010000004000000040000000FEB920E9E17AFD27FD6DF547764BF5B50AE0CBFE712DB7EB43C8F9E3DDDC482EAAA18D21CA328CD182FEFB222608517BC3E996BCF1E320FF56D01D7A1BBA6AC1922970797DC47E9A9E53CFBD5CB3CEFD
3140
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
cd77f991
01F810F59805000100000040000000400000006D75C26D896B287D0D8865C6AD2E760EAF2796F7BF3CAFC972DCF62DAA48C4BE03235F859968849BBC2D14E8E66B8014181AE129825CC09FAC8D435344E9A0D3039DB3EB6552215903852A0E7608AC5C
3140
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6CB02112-C969-A66D-A3E9-5D172266194B}
f6057a2d
01BA6BA10A050301000000E00100007F02000054F1172CB92B99C72D40408409E9E3099C12F86FA7D597B2BF6DB466397E01B3053D645E50809A7689090BADC8C2C028A0E6CA9B5CE237D11FF6AB869480C48A3DD1A5AD95B8A08BECB0EFC1F5C31111096E820B99FCB936C04E17BB2FDC269AF2473A089DC7D8B63105D5623FBFE63E6AA424434D041F99E997219439767932ACD4715EB5A98B4E9102131B3A7EB554734FCB29A80C052BCED5D2BCA8598BF74156021A997A44F4A8906E7FC2DE015F6A7EA15F34DCC0F04F1F81430161BF703CA85558F2B0675579D085D2095DBAEFCDB52A6CFB00CA4E2A10314418E9C73652C9D5E30639442E6ECC864F561BAC464CB3B25D4ED789977064104B12874FB5434946B474EFC726EE0AAB06C7EB9740C5D86EC58BB4890D06B52E479556C223BD53CE5464EB7B3BA6C7845809EC584074EE8EC4BC621AF96D706CA5E7CE6C5CE634F51E1B242EF4FD5DAD8D8B9369470906896DEB46DEABC186D9C620003679A88E6033B529001289873C5C791ECD0E77B157DE00819B65C4588A978DE1FA9D4E203EEE3A46DB36330790B5BA63C6EFD83169D807E84CF8F67A05130F799CFF341D03DB6E874F87195B3247D57F0FE346C9BF144B5F3B76C1FC94E18DCA9C808B45934F52F068B4857C90E8CC6CCB0100D54C35B5605F72D64B6B990ECE8BA747ABE9A8075D63ED00AB49D76C981A73
3140
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
cd77f991
0107A4B4DC05000100000040000000400000000429EE8F1A40D5877C85E494109FEE01FC6CA30A36957D2C68DA75E2EDC2CA99A17ADF18F2B8894FA9979A7890491E7EB7A2EF41EA38F1D8B31A71951D28EF06F77EEBFB490C1152348239C7133EAFA7
3140
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
cd77f991
01FD9BBFE505000100000040000000400000004F6D875C2FF10B058918E3D5C6B4A6620FF88A82E87264553368F2EBCC8CB74249845506C9309D6E1A5C23A593271A0C931A0118D4751D4A90C9000CE3ECBAC22D193B824815FE0099F23420A05EA0E2
3140
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
80cc0950
013FE1DCB00500010000001C0000001C0000006B4F71AEB51E42C574E53E2C6DB34981ADDA031AEAB2E8D250E3F8C9F0F0B690E0CC789749E1D7160EF37264
3140
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
cd77f991
01BB4903DD050001000000400000004000000064E6CD97AEA0CCC26EA0F3AC23DE7482855DE7E14D790E25032458F0509B7169482A52AC0C9A782E6FFD794B51B059348C65ED06419E9E94AD2BCA353C49A2B87089C46A58A95369BBF8DA646774DCBB
3140
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
cd77f991
014A7ACB980500010000004000000040000000A00015371C0BAD6525325244A289250E17F79EF319C792C600C9DE36D83D8516966F7CC5F23C7FCD3FE241859C39A67FB7061EBAB9ECCB77F6462BAFC69E309B9A6C5B4C2EC3EC85AC14673B8659BB4B
3140
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
7d43e92e
0104EA6DF10500010000001C0000001C000000E018DC9839197DA7C2F7C12E66A31E900398F5C106A07C0C6EBFBA347B2DB4F75F6E97E557B2C19037ACAEBA
3124
983b543c20e16c20e864.MSIBCAE.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths
C:\Program Files\Jetmedia\NativeDesktopMediaService
0
3124
983b543c20e16c20e864.MSIBCAE.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths
C:\ProgramData\1557933459
0
3124
983b543c20e16c20e864.MSIBCAE.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths
C:\Users\admin\AppData\Local\Temp\na.exe
0
3124
983b543c20e16c20e864.MSIBCAE.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths
C:\Users\admin\AppData\Roaming\Jetmedia\NativeDesktopMediaService 3.6.0\install\2CF5F20\NetworkDesktopMedia.msi
0
3124
983b543c20e16c20e864.MSIBCAE.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths
C:\Windows\Installer
0
3124
983b543c20e16c20e864.MSIBCAE.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths
C:\Windows\Installer\MSIBCAE.tmp
0
3124
983b543c20e16c20e864.MSIBCAE.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes
C:\Windows\Installer\MSIBCAE.tmp
0
3124
983b543c20e16c20e864.MSIBCAE.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes
DMService
0
3124
983b543c20e16c20e864.MSIBCAE.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes
NativeDesktopMediaService
0
3124
983b543c20e16c20e864.MSIBCAE.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes
desktop_media_service.exe
0
3124
983b543c20e16c20e864.MSIBCAE.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes
watchdog.exe
0
3032
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Caphyon\Advanced Installer\Scheduled Tasks\{711E0759-3245-49C6-A4D0-B5EE99B2ECA2}
Checker641
1
3032
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Caphyon\Advanced Installer\Scheduled Tasks\{711E0759-3245-49C6-A4D0-B5EE99B2ECA2}
Checker641_ID
{8AA400D3-BE6E-4CD9-8A89-AEBD7BA52CB5}
3032
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Caphyon\Advanced Installer\Windows Firewall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
AllowExceptions
1
3032
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Caphyon\Advanced Installer\Windows Firewall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
AllowUnicastResponses
1
3032
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Caphyon\Advanced Installer\Windows Firewall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}\Registered Applications
netmedia32
{14094405-1A12-4021-BBD0-7A331AE9DE9E}
3032
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Caphyon\Advanced Installer\Windows Firewall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}\Registered Applications
tcpsvcs64
{073E64CA-AE45-41B5-A8D8-78295ACFD94E}
2688
desktop_media_service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
cd77f991
01356AFF2E0500010000004000000040000000EE3E0C4AE2537EFB62C22B79F5300A5F17F9EF6136C3D3F5ACA70318CED960563BD7AB79B38726C06F0BC36BC5C7EAEB382333982472894727F7441964122F59F2A1845F9CA93CF7CDC470E72088CE27
2688
desktop_media_service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
cd77f991
01841DF42405000100000040000000400000007EDD4EB93091C945418F64A0686B00A578E5AE1343EE8AF457CAD7AC906AF6F3046C145B87CDAF529C40F23C97F630495F31023E796FFF86DB9D82750AA550CDE7B3E2424AD10E6B8F3DEA1AC4426DAC
2688
desktop_media_service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
7ecbe8b2
01308EB47F0500010000001C0000001C0000003FC6F631934DA4CDF29E9A8A7711FE0059398230357C48D0AA285B218F45BC88E71CC2CCD0F35EFAAF256856
2688
desktop_media_service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
cd77f991
01F65F3BED0500010000004000000040000000BFA8ECA6735152896B3D0E784AB5476906811DF5B897C3193437C864D488147313A08BF80E1A8A00F716E7B3C3BC94E4E6FBF61058A40E4937CC2A28EB0402F013A3BB368A919A5030E61A4EEBBCB907
2688
desktop_media_service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
cd77f991
018A4DAA5E05000100000040000000400000007D10BD92E782F779B2811A55E0B81C5C2DE5BAE9180B4F77D80C54EC170456EF4B54E54ABE83A7210CBF9CACB8C523068AAB4272749F9E9D1C764AA917E5CEAE31BD9C3F80DD215815C5DDDC5EAA7BFF
2688
desktop_media_service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
81c40952
0189575F080500010000001C0000001C000000607D5E2BFCDC4FCEB190CD3AACCF61CE89E1F361E0F8A27E796D9BECC9E58144530D93F0112F9DA2083C0ABD
2688
desktop_media_service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
cd77f991
01CC30A3BE05000100000040000000400000008D34B7DDFFF802F06A7430A7E0485DDEA2C4F9C992D27FC86410F31BC35CCCBE43A5B7D6777BC614C17AC7838374F073CEB2C884AC7184500ED8E24DED125CCA4411A2B9679564F243266D1F4132C6F3
2688
desktop_media_service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
cd77f991
0148F37AEC05000100000040000000400000000D907C5759123DF958EA8E34EA078E49359BD0F0184173F1CB4E4B0F9C5458E7799E3C963E95ED8507B33D09A1719953E2DBDE611170B0454151499620C7A78429B89E1FE7371C781E13ADB1B9AEFDC7
2688
desktop_media_service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
7ec3f6ac
01EB079E630500010000001C0000001C000000571698821211482C4EAF134DC4814D866E0A31A887D30F80567EAAE02BA98B611EDB3990C0D1FB82E65488FD
2688
desktop_media_service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
cd77f991
01B30666310500010000004000000040000000A9E25FB42CE077153AB89BD2F27EB644E09160BD76A089E058D4C96FB06A719EC91B7BD5913BDAA5AF853DF2E463D0B3A92CBCEE0C463E61481799586825B8B942EBEA4ECBE7FDA0ABB1D3A09BE710FC
2688
desktop_media_service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
cd77f991
01252821170500010000004000000040000000A9A9D82FB0E7BE30F15889FEA70DA4A89EE37E052F881F5C71001CC129598E589E4E86BC1B86B80AEE3CC4E926BB31DF181B9ED1523FA64D5626CF9545AC0DD9D172C295B658A5D4DAF8BAFE07E19D52
2688
desktop_media_service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
8044194c
01D4D007800500010000001C0000001C00000097BF5A62827B2AABF68C584DFC2041DB775CB7F0AB36150DA76541A70018400DEA6FAF1A3B7402C469EE5860
2688
desktop_media_service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
cd77f991
01AD65EB11050001000000400000004000000059E92392D4CB66C7F83F4E92CCF0CC7C0C89B66F717838076CE7982AE7A7F57BA4FD94AA8647F3A76CE84A057321E4CB3945242F1BCCFEFCD0B3FF5521328FBDE861ECC1742516FA8EE8E103144E535D
2688
desktop_media_service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
cd77f991
0147F35770050001000000400000004000000036E3050D0E8A788B54B7D6C5A816B47C9C66A116E7FC207B94E96C35166A57B6DB628FD1DF4A780310AD3F5B7491CD7C4CD745A7443330E7A0FC6E30BD45E74701447582E91D5FE4C49A346B96914EC8
2688
desktop_media_service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
7ec41750
01C06C3BD30500010000001C0000001C00000051C215A3777A3A8E8492CD56F4B2A54C05BA17C1DEBA9340250D7BE6862F0DE55F47BE5913129CB6490C613A
2688
desktop_media_service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
cd77f991
018E125C0105000100000040000000400000005E64198B977BC1328D446F073BEC87F80003BF57CB8A94135570263C50EF477DF95F7F7B4C5A056AE2335280A447E5CE5DD2DF374BE867793FE11802B9F6E6E70790CDE6E9BA08C2A64E852A52534F24
2688
desktop_media_service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
cd77f991
011EC2CBBD0500010000004000000040000000F804607B45B608FE577EC0A2FC5B1C4E2198B4B29E0BA0A67586B0FF1A35DF828C8EE15D5243D28C077E0EB5B1979C51862FDF3701D294F7C683207864B940B8607A12BB2CB574D02ABD612076153815
2688
desktop_media_service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
823c074e
014B92F5530500010000001C0000001C0000000024FB5F8D19303E716F4B13091136DB4F580291FA6E51F41C4B62550C2CCBFEF19155AE2FD241CB7C562CDC
2688
desktop_media_service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
cd77f991
016F9875B90500010000004000000040000000E9C8C6C0172A74E494A90E4A0AB9FE818F90E76031DAFFABD2E767AF9D325A47AAE91E5D99DF74C6BE280940177BE9B20451A49B9820E867184B6FE2B4E4A6095566EF17B8B8966BE754CE4505BDC093
2688
desktop_media_service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
cd77f991
01DB71A30005000100000040000000400000007A0C1DD691CAF4A4414EC3DF97ED88457358ED449C6156E2571299585F03297104BFB5D3135E7CE62B5D75B8C8CF941CC39CB4D5D39480B2702888EF859EB4AFC2E141CF74111C1A2F45285B0CD2E849
2688
desktop_media_service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B52302A-33D8-F88A-CF6D-A3E95D172266}
803bf730
01B315C1070500010000001C0000001C000000AA69A226564D55FB8386A158A00A8D1C66950D1279C0E9CBF0FF59259FB3B86A0A5DEB61932A86FC8E454361
1088
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
1088
chrome.exe
delete key
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
1088
chrome.exe
delete key
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62
1088
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
1088
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
1088
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
1088
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
1088
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
01000000
1088
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
1088
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
1088
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
1088
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
1088
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
1088
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
1088
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
1088
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
1088
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
1088
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
1088
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
1088
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
1088
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13202403566747914
1088
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\63\52C64B7E
LanguageList
en-US
1088
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\63\52C64B7E
@"%windir%\System32\ie4uinit.exe",-732
Finds and displays information and Web sites on the Internet.
1088
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\63\52C64B7E
@%SystemRoot%\system32\p2pcollab.dll,-8042
Peer to Peer Trust
1088
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\63\52C64B7E
@%SystemRoot%\system32\qagentrt.dll,-10
System Health Authentication
1088
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\63\52C64B7E
@%SystemRoot%\system32\dnsapi.dll,-103
Domain Name System (DNS) Server Trust
1088
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\63\52C64B7E
@%SystemRoot%\System32\fveui.dll,-843
BitLocker Drive Encryption
1088
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\63\52C64B7E
@%SystemRoot%\System32\fveui.dll,-844
BitLocker Data Recovery Agent
1088
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aapocclcgogkmnckokdopfmhonfmgoek
D227100DC4A59BCD7EB7FE4E77AA7060DB1DBD3345B57665FDAA1B5F12CAE0B5
1088
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
15B1C3FE35F29528448F36A72A4DFBC58A8083C7190559D25865779166D220A2
1088
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aohghmighlieiainnegkcijnfilokake
06FACDF32B42A1F492D6834ADA0BDC6967604E93EABF9BC18EFD81DC56223CA9
1088
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
apdfllckaahabafndbhieahigkjlhalf
6F0B943AAF581A70517D457D42424D868E429DD291E223BA3F7AF7AD2A942B52
1088
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
blpcfgokakmgnkcojhhkbfbldkacnbeo
54972D8FE430A18DBDC33C2F2F4E473BB20171A2D421967C924F4F771C3CA63C
1088
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
felcaaldnbdncclmgdcncolpebgiejap
6F2A8371926A2837E509E82C6B95C2C98C5256E815C2A5CAE3678093B4613676
1088
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
D6B079666F209503A09486C70AC09307652A0F7F783166A999B27C99D0DA79E2
1088
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
7F7D3271876A005E8E6D7F707E13171209442D84E9B000E9C1BBECCCDFA8ECDE
1088
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
00175B8120231631976CA8B862A3416996C9373BA3D289F0619DDA992973DDFA
1088
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
63355C14E8C7DF9A075F2EDDEA6F2807DC8166B83F96F4C975B9B6554C6324D7
1088
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
0E265BFED6F1C7D5F0A9BD790C50BB30E78E959631D51EEBB8BB0DE73E65763C
1088
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
04A45240BDA55E8777FA04357712CA6DD942253A21323E4C7D3CCF769B34BFED
1088
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
EFA63CBF982B82CF44E63E567FF3BB95FE3F51570D9A0CED8846E77B13199169
1088
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
2185CFA475E48232081BD9B022C35CC951047FA61B10D587059D71DCB26B35AF
1088
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pjkljhegncpnkpknbcohdijeoejaedia
E7A95FF6CA22DE87470A244A427D2FACCAC92188B1C7EFD0919098F3BFCCB4F7
1088
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
44D45F0753CC3478345FAB0887131FC12D7C458DD75923BC3DE684814FD356A2
1088
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
D15B1E23CC9ADA168E4816F5B1B5EB3237DF46B7B8E131D74A3179C1D225A14F
1212
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
1088-13202403565935414
259
3532
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\63\52C64B7E
LanguageList
en-US
3532
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\63\52C64B7E
@sendmail.dll,-21
Desktop (create shortcut)
3532
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\63\52C64B7E
@zipfldr.dll,-10148
Compressed (zipped) folder
3532
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\63\52C64B7E
@sendmail.dll,-4
Mail recipient
3532
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\63\52C64B7E
@C:\Windows\system32\FXSRESM.dll,-120
Fax recipient

Files activity

Executable files
17
Suspicious files
54
Text files
295
Unknown types
5

Dropped files

PID
Process
Filename
Type
2592
na.exe
C:\Users\admin\AppData\Roaming\Jetmedia\NativeDesktopMediaService 3.6.0\install\decoder.dll
executable
MD5: 7dba3f67223e1db36ccf17c010b5cea5
SHA256: 32899d4642474607ac17534bd799e3c78182fd975ab6e9f5f0db77d52acdc09f
1000
msiexec.exe
C:\Windows\Installer\MSIE152.tmp
executable
MD5: 5d907dfd1ab00b5003c9a464fac22cb0
SHA256: 2b109e113ba67061b900718aebeb6ad7a42ccf56f1b8b41c69c7373f5855efea
1000
msiexec.exe
C:\Windows\Installer\MSICCEE.tmp
executable
MD5: 5d907dfd1ab00b5003c9a464fac22cb0
SHA256: 2b109e113ba67061b900718aebeb6ad7a42ccf56f1b8b41c69c7373f5855efea
1000
msiexec.exe
C:\Windows\Installer\MSICBB3.tmp
executable
MD5: 3df1a130b263daf320aabfc98b2f0206
SHA256: db8cfaaff769fa7117372e2c051a4a5e9646a20777c1c04cbf2f9a42e4799490
1000
msiexec.exe
C:\Windows\Installer\MSIF45F.tmp
executable
MD5: 5d907dfd1ab00b5003c9a464fac22cb0
SHA256: 2b109e113ba67061b900718aebeb6ad7a42ccf56f1b8b41c69c7373f5855efea
1000
msiexec.exe
C:\Windows\Installer\MSIE8B.tmp
executable
MD5: ec02fd954c6fab85acaa0efec4f6900c
SHA256: 1501d29a77df405e9fea46e1e52e4585233ff884c3d21788d6e19633c3f83212
1000
msiexec.exe
C:\Windows\Installer\MSIBCAE.tmp
executable
MD5: aa8a0837e4d96a0567805cbf9718e7e4
SHA256: cd5c9a0059c34543c0744f21df87696f13709b9d52440c996f78b2ff6a553fcc
1000
msiexec.exe
C:\Windows\Installer\MSI3437.tmp
executable
MD5: 5d907dfd1ab00b5003c9a464fac22cb0
SHA256: 2b109e113ba67061b900718aebeb6ad7a42ccf56f1b8b41c69c7373f5855efea
2592
na.exe
C:\Users\admin\AppData\Local\Temp\MSI80AE.tmp
executable
MD5: 3df1a130b263daf320aabfc98b2f0206
SHA256: db8cfaaff769fa7117372e2c051a4a5e9646a20777c1c04cbf2f9a42e4799490
1000
msiexec.exe
C:\Windows\Installer\MSI480E.tmp
executable
MD5: 5d907dfd1ab00b5003c9a464fac22cb0
SHA256: 2b109e113ba67061b900718aebeb6ad7a42ccf56f1b8b41c69c7373f5855efea
1000
msiexec.exe
C:\Program Files\Jetmedia\NativeDesktopMediaService\watchdog.exe
executable
MD5: 319c01589714df25f1a46d32263f86a6
SHA256: e00dc77b5e548df38ff86578ba6c4ce0c081bc0a89ec7820230d02e3d4d1d552
2592
na.exe
C:\Users\admin\AppData\Local\Temp\MSI7FF1.tmp
executable
MD5: 3144225f1a2dccfda435970964158357
SHA256: a99d2c6fd1667942a085f01784bd599762182fce8a8f866fa12ac93f52ae2ed1
2592
na.exe
C:\Users\admin\AppData\Roaming\Jetmedia\NativeDesktopMediaService 3.6.0\install\2CF5F20\desktop_media_service.exe
executable
MD5: fd744daf5f09fec21142c1eb280e4f6c
SHA256: c5078e1d65822d690d18e0bf35d878c081d956d49617bba13ab2d0ebf3e52738
1000
msiexec.exe
C:\Windows\Installer\MSICA4.tmp
executable
MD5: 5685c1bfaa16699bf9662696a38b4274
SHA256: 914ac28799cd54d9966807e62708a60e45849e26bdda492d9e66d007e682d68f
2592
na.exe
C:\Users\admin\AppData\Roaming\Jetmedia\NativeDesktopMediaService 3.6.0\install\2CF5F20\watchdog.exe
executable
MD5: 319c01589714df25f1a46d32263f86a6
SHA256: e00dc77b5e548df38ff86578ba6c4ce0c081bc0a89ec7820230d02e3d4d1d552
1000
msiexec.exe
C:\Program Files\Jetmedia\NativeDesktopMediaService\desktop_media_service.exe
executable
MD5: fd744daf5f09fec21142c1eb280e4f6c
SHA256: c5078e1d65822d690d18e0bf35d878c081d956d49617bba13ab2d0ebf3e52738
2312
MSIBCAE.tmp
C:\Users\admin\AppData\Local\Temp\983b543c20e16c20e864.MSIBCAE.tmp
executable
MD5: aa8a0837e4d96a0567805cbf9718e7e4
SHA256: cd5c9a0059c34543c0744f21df87696f13709b9d52440c996f78b2ff6a553fcc
1088
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\9cfa0dda3968329980b7e40c251f29bfef877f68\3b75e0c4-5c4c-4da8-b459-c830049d259c\index-dir\the-real-index
binary
MD5: d4770609e937630ea1d378a05caa8001
SHA256: 523050572cc06946b9c1205385f3f0b8a73fa19c672fa40aa6497ff7b2bb9c0f
1088
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF15c52e.TMP
text
MD5: 3dac06bef463c2bf87aa13bde0336159
SHA256: 7da7cf7d262a25a4ec2c5635d54e2f150275e86f0628fe3ec051ffc2052373bc
1088
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\9cfa0dda3968329980b7e40c251f29bfef877f68\3b75e0c4-5c4c-4da8-b459-c830049d259c\index-dir\the-real-index~RF15c52e.TMP
binary
MD5: d4770609e937630ea1d378a05caa8001
SHA256: 523050572cc06946b9c1205385f3f0b8a73fa19c672fa40aa6497ff7b2bb9c0f
1088
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\6bfb72b4-c524-4eb3-acc8-1baadc35512c.tmp
––
MD5:  ––
SHA256:  ––
1088
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\9cfa0dda3968329980b7e40c251f29bfef877f68\3b75e0c4-5c4c-4da8-b459-c830049d259c\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
1088
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF15bc74.TMP
binary
MD5: 840a35e90b6478e88c625146e58cd261
SHA256: 3c234e1064a47ff9138d3da9d01bf6197cd54048e8c0cc9a9d2c66346fc58c4e
1088
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
binary
MD5: 840a35e90b6478e88c625146e58cd261
SHA256: 3c234e1064a47ff9138d3da9d01bf6197cd54048e8c0cc9a9d2c66346fc58c4e
1088
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
1088
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences~RF15b60b.TMP
text
MD5: b702368bcd70b88f9c3e6aee486249cc
<