General Info

File name

printtopdf-full.exe

Full analysis
https://app.any.run/tasks/06563ac1-3a4c-496e-901a-f8927ca6393b
Verdict
Malicious activity
Analysis date
3/14/2019, 13:56:09
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

ad57770f2dec4795066a1c3752dfdf44

SHA1

b4e627948ffe358901c02653530ed2413b9d7b07

SHA256

2aac5bfd9655f65c998a78c9d713423a44f3bef0e0839c0450de3d28da5a5ca8

SSDEEP

196608:dei3hi6uGhU2s0KGgYeHIPxQ7RkGLW/7W4bUfU+:VhfY2jaJIPy7GG/4b7+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • spoolsv.exe (PID: 1192)
  • irsetup.exe (PID: 2636)
Application was dropped or rewritten from another process
  • Print_To_PDF.exe (PID: 3476)
  • Print_To_PDF_Config.exe (PID: 2924)
  • irsetup.exe (PID: 2636)
  • Print_To_PDF.exe (PID: 3644)
Changes the autorun value in the registry
  • irsetup.exe (PID: 2636)
Uses RUNDLL32.EXE to load library
  • cmd.exe (PID: 3136)
  • cmd.exe (PID: 3992)
  • DrvInst.exe (PID: 2524)
Searches for installed software
  • DrvInst.exe (PID: 2524)
Removes files from Windows directory
  • spoolsv.exe (PID: 1192)
  • DrvInst.exe (PID: 2524)
Creates files in the Windows directory
  • DrvInst.exe (PID: 2524)
  • spoolsv.exe (PID: 1192)
Starts CMD.EXE for commands execution
  • Print_To_PDF.exe (PID: 3476)
  • Print_To_PDF.exe (PID: 3644)
Creates files in the driver directory
  • DrvInst.exe (PID: 2524)
Executable content was dropped or overwritten
  • spoolsv.exe (PID: 1192)
  • irsetup.exe (PID: 2636)
  • printtopdf-full.exe (PID: 3612)
Creates a software uninstall entry
  • irsetup.exe (PID: 2636)
Creates files in the user directory
  • irsetup.exe (PID: 2636)
Creates files in the program directory
  • irsetup.exe (PID: 2636)
Low-level read access rights to disk partition
  • vssvc.exe (PID: 4024)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (42.8%)
.exe
|   Win32 EXE Yoda's Crypter (36.4%)
.dll
|   Win32 Dynamic Link Library (generic) (9%)
.exe
|   Win32 Executable (generic) (6.1%)
.exe
|   Generic Win/DOS Executable (2.7%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2012:06:14 18:16:10+02:00
PEType:
PE32
LinkerVersion:
10
CodeSize:
22528
InitializedDataSize:
48128
UninitializedDataSize:
null
EntryPoint:
0x29e1
OSVersion:
5.1
ImageVersion:
null
SubsystemVersion:
5.1
Subsystem:
Windows GUI
FileVersionNumber:
9.1.0.0
ProductVersionNumber:
9.1.0.0
FileFlagsMask:
0x003f
FileFlags:
Private build
FileOS:
Windows NT 32-bit
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Windows, Latin1
Comments:
Created with Setup Factory
FileDescription:
Setup Application
FileVersion:
9.1.0.0
InternalName:
suf_launch
LegalCopyright:
Setup Engine Copyright © 2004-2012 Indigo Rose Corporation
LegalTrademarks:
Setup Factory is a trademark of Indigo Rose Corporation.
OriginalFileName:
suf_launch.exe
ProductName:
Setup Factory Runtime
ProductVersion:
9.1.0.0
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
14-Jun-2012 16:16:10
Detected languages
English - United States
Comments:
Created with Setup Factory
FileDescription:
Setup Application
FileVersion:
9.1.0.0
InternalName:
suf_launch
LegalCopyright:
Setup Engine Copyright © 2004-2012 Indigo Rose Corporation
LegalTrademarks:
Setup Factory is a trademark of Indigo Rose Corporation.
OriginalFilename:
suf_launch.exe
ProductName:
Setup Factory Runtime
ProductVersion:
9.1.0.0
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000D8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
14-Jun-2012 16:16:10
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x00005718 0x00005800 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.45945
.rdata 0x00007000 0x00002E82 0x00003000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.97533
.data 0x0000A000 0x00001968 0x00000C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 2.58663
.rsrc 0x0000C000 0x00006DCC 0x00006E00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.82004
.reloc 0x00013000 0x00001092 0x00001200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 3.7122
Resources
1

2

3

4

5

6

7

8

9

101

Imports
    KERNEL32.dll

    USER32.dll

    ADVAPI32.dll

    SHELL32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
49
Monitored processes
15
Malicious processes
5
Suspicious processes
1

Behavior graph

+
drop and start start drop and start drop and start printtopdf-full.exe no specs printtopdf-full.exe irsetup.exe print_to_pdf.exe no specs cmd.exe no specs rundll32.exe no specs print_to_pdf_config.exe no specs drvinst.exe no specs rundll32.exe no specs vssvc.exe no specs drvinst.exe no specs spoolsv.exe print_to_pdf.exe no specs cmd.exe no specs rundll32.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1192
CMD
C:\Windows\System32\spoolsv.exe
Path
C:\Windows\System32\spoolsv.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Spooler SubSystem App
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\spoolsv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\slc.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\umb.dll
c:\windows\system32\atl.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\localspl.dll
c:\windows\system32\spoolss.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\winspool.drv
c:\windows\system32\printisolationproxy.dll
c:\windows\system32\fxsmon.dll
c:\windows\system32\tcpmon.dll
c:\windows\system32\snmpapi.dll
c:\windows\system32\wsnmp32.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\usbmon.dll
c:\windows\system32\wls0wndh.dll
c:\windows\system32\wsdmon.dll
c:\windows\system32\wsdapi.dll
c:\windows\system32\webservices.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\fundisc.dll
c:\windows\system32\fdpnp.dll
c:\windows\system32\spool\prtprocs\w32x86\winprint.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\spinf.dll
c:\windows\system32\win32spl.dll
c:\windows\system32\inetpp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\netutils.dll
c:\windows\system32\ntprint.dll
c:\windows\system32\mscms.dll
c:\windows\system32\shell32.dll
c:\windows\system32\spfileq.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\spool\drivers\w32x86\{1d82fa87-efdd-47a5-9725-be7b0a61b19d}\pscript5.dll
c:\windows\system32\spool\drivers\w32x86\{1d82fa87-efdd-47a5-9725-be7b0a61b19d}\ps5ui.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\spool\drivers\w32x86\3\pscript5.dll
c:\windows\system32\spool\drivers\w32x86\3\ps5ui.dll
c:\windows\system32\fxsresm.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\spool\drivers\w32x86\{643671fc-cf47-438d-9959-15c08ef76745}\pscript5.dll
c:\windows\system32\spool\drivers\w32x86\{643671fc-cf47-438d-9959-15c08ef76745}\ps5ui.dll

PID
3168
CMD
"C:\Users\admin\AppData\Local\Temp\printtopdf-full.exe"
Path
C:\Users\admin\AppData\Local\Temp\printtopdf-full.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Description
Setup Application
Version
9.1.0.0
Modules
Image
c:\users\admin\appdata\local\temp\printtopdf-full.exe
c:\systemroot\system32\ntdll.dll

PID
3612
CMD
"C:\Users\admin\AppData\Local\Temp\printtopdf-full.exe"
Path
C:\Users\admin\AppData\Local\Temp\printtopdf-full.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Setup Application
Version
9.1.0.0
Modules
Image
c:\users\admin\appdata\local\temp\printtopdf-full.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\users\admin\appdata\local\temp\_ir_sf_temp_0\irsetup.exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll

PID
2636
CMD
"C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1742706 "__IRAFN:C:\Users\admin\AppData\Local\Temp\printtopdf-full.exe" "__IRCT:0" "__IRTSS:0" "__IRSID:S-1-5-21-1302019708-1500728564-335382590-1000"
Path
C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Indicators
Parent process
printtopdf-full.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Indigo Rose Corporation
Description
Setup Application
Version
9.1.0.0
Modules
Image
c:\users\admin\appdata\local\temp\_ir_sf_temp_0\irsetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\users\admin\appdata\local\temp\_ir_sf_temp_0\lua5.1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oledlg.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\winspool.drv
c:\windows\system32\uxtheme.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\users\admin\appdata\local\temp\printtopdf-full.exe
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\free pdf solutions\print to pdf\gswin32c.exe
c:\program files\free pdf solutions\print to pdf\print_to_pdf.exe
c:\program files\free pdf solutions\print to pdf\print_to_pdf_config.exe
c:\program files\free pdf solutions\print to pdf\print_to_pdf_ui.exe
c:\windows\system32\apphelp.dll

PID
3644
CMD
"C:\Program Files\Free PDF Solutions\Print To PDF\Print_To_PDF.exe"
Path
C:\Program Files\Free PDF Solutions\Print To PDF\Print_To_PDF.exe
Indicators
No indicators
Parent process
irsetup.exe
User
admin
Integrity Level
HIGH
Version:
Company
Description
Print_To_PDF
Version
1.0.0.0
Modules
Image
c:\program files\free pdf solutions\print to pdf\print_to_pdf.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\5aac750b35b27770dccb1a43f83cced7\system.windows.forms.ni.dll
c:\windows\system32\uxtheme.dll
c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\winspool.drv
c:\windows\system32\apphelp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll

PID
3136
CMD
"C:\Windows\system32\cmd.exe" /C rundll32 printui.dll,PrintUIEntry /if /b "Print To PDF" /f "C:\Print To PDF.inf" /r "C:\Output.ps" /m "Print To PDF" c:\
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
Print_To_PDF.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rundll32.exe

PID
3556
CMD
rundll32 printui.dll,PrintUIEntry /if /b "Print To PDF" /f "C:\Print To PDF.inf" /r "C:\Output.ps" /m "Print To PDF" c:\
Path
C:\Windows\system32\rundll32.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\printui.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\puiapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ntprint.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mscms.dll
c:\windows\system32\version.dll
c:\windows\system32\spinf.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\drvstore.dll
c:\windows\system32\cabinet.dll

PID
2924
CMD
"C:\Program Files\Free PDF Solutions\Print To PDF\Print_To_PDF_Config.exe"
Path
C:\Program Files\Free PDF Solutions\Print To PDF\Print_To_PDF_Config.exe
Indicators
No indicators
Parent process
irsetup.exe
User
admin
Integrity Level
HIGH
Version:
Company
Description
Print_To_PDF_Config
Version
1.0.0.0
Modules
Image
c:\program files\free pdf solutions\print to pdf\print_to_pdf_config.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\5aac750b35b27770dccb1a43f83cced7\system.windows.forms.ni.dll
c:\windows\system32\uxtheme.dll
c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\shell32.dll

PID
2524
CMD
DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{68f88bde-52d9-3b79-1348-2f17e207896d}\print to pdf.inf" "0" "64bda9aa3" "00000060" "WinSta0\Default" "000004A8" "208" "c:\"
Path
C:\Windows\system32\DrvInst.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Driver Installation Module
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\drvstore.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rundll32.exe
c:\windows\system32\spinf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\srclient.dll
c:\windows\system32\spp.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\es.dll
c:\windows\system32\sxs.dll
c:\windows\system32\propsys.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll

PID
4092
CMD
rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 10 Global\{60aabdfa-dbe3-312e-4657-0468e799d945} Global\{5d1b72d8-5e47-56bd-aefa-d11aa2b47c34} C:\Windows\System32\DriverStore\Temp\{68db3b64-6210-3f0c-c998-292a88a1d46d}\print to pdf.inf
Path
C:\Windows\system32\rundll32.exe
Indicators
No indicators
Parent process
DrvInst.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\pnpui.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dui70.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\spinf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\duser.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\netutils.dll

PID
4024
CMD
C:\Windows\system32\vssvc.exe
Path
C:\Windows\system32\vssvc.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\atl.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\xolehlp.dll
c:\windows\system32\version.dll
c:\windows\system32\resutils.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\authz.dll
c:\windows\system32\virtdisk.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\samlib.dll
c:\windows\system32\es.dll
c:\windows\system32\propsys.dll
c:\windows\system32\catsrvut.dll
c:\windows\system32\mfcsubs.dll
c:\windows\system32\sxs.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll

PID
2740
CMD
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot18" "" "" "6792c44eb" "00000000" "000005C8" "000005C4"
Path
C:\Windows\system32\DrvInst.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Driver Installation Module
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\spinf.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\spfileq.dll

PID
3476
CMD
"C:\Program Files\Free PDF Solutions\Print To PDF\Print_To_PDF.exe"
Path
C:\Program Files\Free PDF Solutions\Print To PDF\Print_To_PDF.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Print_To_PDF
Version
1.0.0.0
Modules
Image
c:\program files\free pdf solutions\print to pdf\print_to_pdf.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\5aac750b35b27770dccb1a43f83cced7\system.windows.forms.ni.dll
c:\windows\system32\uxtheme.dll
c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\winspool.drv
c:\windows\system32\apphelp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll

PID
3992
CMD
"C:\Windows\system32\cmd.exe" /C rundll32 printui.dll,PrintUIEntry /if /b "Print To PDF" /f "C:\Print To PDF.inf" /r "C:\Output.ps" /m "Print To PDF" c:\
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
Print_To_PDF.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\rundll32.exe
c:\windows\system32\apphelp.dll

PID
4084
CMD
rundll32 printui.dll,PrintUIEntry /if /b "Print To PDF" /f "C:\Print To PDF.inf" /r "C:\Output.ps" /m "Print To PDF" c:\
Path
C:\Windows\system32\rundll32.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\printui.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\puiapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ntprint.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mscms.dll
c:\windows\system32\version.dll
c:\windows\system32\spinf.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\drvstore.dll

Registry activity

Total events
1686
Read events
639
Write events
1043
Delete events
4

Modification events

PID
Process
Operation
Key
Name
Value
1192
spoolsv.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsDriver
1192
spoolsv.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsSpooler
1192
spoolsv.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsDriver
1192
spoolsv.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsSpooler
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports
C:\Output.ps
1192
spoolsv.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupapiLogStatus
setupapi.app.log
4096
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows NT x86\Drivers\Version-3\Print To PDF
Dependent Files
PSCRIPT.NTF
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows NT x86\Drivers\Version-3\Print To PDF
Configuration File
PS5UI.DLL
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows NT x86\Drivers\Version-3\Print To PDF
Data File
Print To PDF.PPD
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows NT x86\Drivers\Version-3\Print To PDF
Driver
PSCRIPT5.DLL
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows NT x86\Drivers\Version-3\Print To PDF
Help File
PSCRIPT.HLP
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows NT x86\Drivers\Version-3\Print To PDF
Monitor
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows NT x86\Drivers\Version-3\Print To PDF
Datatype
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows NT x86\Drivers\Version-3\Print To PDF
Previous Names
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows NT x86\Drivers\Version-3\Print To PDF
Version
3
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows NT x86\Drivers\Version-3\Print To PDF
TempDir
0
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows NT x86\Drivers\Version-3\Print To PDF
Attributes
2
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows NT x86\Drivers\Version-3\Print To PDF
Manufacturer
Ghostscript
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows NT x86\Drivers\Version-3\Print To PDF
OEM URL
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows NT x86\Drivers\Version-3\Print To PDF
HardwareID
ghostscript_pdf
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows NT x86\Drivers\Version-3\Print To PDF
Provider
Ghostgum Software Pty Ltd
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows NT x86\Drivers\Version-3\Print To PDF
Print Processor
winprint
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows NT x86\Drivers\Version-3\Print To PDF
VendorSetup
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows NT x86\Drivers\Version-3\Print To PDF
ColorProfiles
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows NT x86\Drivers\Version-3\Print To PDF
InfPath
C:\Windows\System32\DriverStore\FileRepository\print to pdf.inf_x86_neutral_0aba5bd50d89eac7\print to pdf.inf
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows NT x86\Drivers\Version-3\Print To PDF
PrinterDriverAttributes
0
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows NT x86\Drivers\Version-3\Print To PDF
CoreDependencies
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows NT x86\Drivers\Version-3\Print To PDF
DriverDate
01/02/2007
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows NT x86\Drivers\Version-3\Print To PDF
DriverVersion
1.0.0.1
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows NT x86\Drivers\Version-3\Print To PDF
MinInboxDriverVerDate
01/01/1601
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows NT x86\Drivers\Version-3\Print To PDF
MinInboxDriverVerVersion
0.0.0.0
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807406
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807406
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807406
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports
Ne02:
1192
spoolsv.exe
write
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Devices
Print To PDF
winspool,Ne02:
1192
spoolsv.exe
write
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts
Print To PDF
winspool,Ne02:,15,45
1192
spoolsv.exe
write
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Devices
Print To PDF
winspool,Ne02:
1192
spoolsv.exe
write
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts
Print To PDF
winspool,Ne02:,15,45
1192
spoolsv.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Windows NT\CurrentVersion\Devices
Print To PDF
winspool,Ne02:
1192
spoolsv.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts
Print To PDF
winspool,Ne02:,15,45
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807468
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
StatusExt
0
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
Status
64
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
Name
Print To PDF
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
Share Name
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
Print Processor
winprint
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
Datatype
RAW
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
Parameters
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
Action
0
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ObjectGUID
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
DsKeyUpdate
0
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
DsKeyUpdateForeground
0
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
Description
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
Printer Driver
Print To PDF
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
Default DevMode
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
Priority
1
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
Default Priority
0
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
StartTime
0
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
UntilTime
0
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
Separator File
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
Location
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
Attributes
512
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
txTimeout
45000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
dnsTimeout
15000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
Security
01000C80D0000000DC00000000000000140000000200BC0007000000000024000C000F000105000000000005150000007C3E9B4DF44C73593E88FD13E80300000009240030000F000105000000000005150000007C3E9B4DF44C73593E88FD13E803000000091400000000100101000000000003000000000000140008000200010100000000000100000000000A140000000020010100000000000100000000000018000C000F0001020000000000052000000020020000000B18000000001001020000000000052000000020020000010100000000000512000000010100000000000512000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
CreatorSid
0105000000000005150000007C3E9B4DF44C73593E88FD13E8030000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
SpoolDirectory
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
Port
C:\Output.ps
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
Status
0
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\PrinterDriverData
InitDriverVersion
1536
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807500
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\PrinterDriverData
FreeMem
9765
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807501
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\PrinterDriverData
JobTimeOut
0
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807515
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\PrinterDriverData
Protocol
0
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807516
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\PrinterDriverData
PrinterDataSize
560
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsDriver
printMaxXExtent
20002
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
DsKeyUpdateForeground
3
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsDriver
printMaxYExtent
20002
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsDriver
printMinXExtent
254
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsDriver
printMinYExtent
254
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsDriver
printMediaSupported
Letter
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsDriver
printMediaReady
Letter
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsDriver
printNumberUp
6
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsDriver
printMemory
9765
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsDriver
printOrientationsSupported
PORTRAIT
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsDriver
printMaxResolutionSupported
4000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsDriver
printLanguage
PostScript
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsDriver
printRateUnit
PagesPerMinute
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsDriver
driverVersion
1025
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1808109
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
Status
128
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
Default DevMode
5000720069006E007400200054006F00200050004400460000006E007400200054006F0020005000440046002C004C006F00630061006C004F006E006C00000001040006DC00440453EF810101000100EA0A6F08640001000F005802020001005802030001004C00650074007400650072000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000200000001000000000000000000000000000000000000000000000050524956E23000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000180000000000102710271027000010270000000000000000700144040000000000000000000000000000000000000000000000000300000000000000000010005C4B03006843040000000000000000000000010000000000000000000000000000000000DE9062D10E00000005000400FF0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000070010000534D544A00000000100060015000720069006E007400200054006F00200050004400460000005265736F6C7574696F6E00363030647069005061676553697A65004C65747465720050616765526567696F6E0000436F6C6F724D6F64656C0044656661756C740050444653657474696E67730044656661756C7400436F6C6F72496D61676546696C7465720044656661756C740047726179496D61676546696C7465720044656661756C74004D6F6E6F496D61676546696C7465720044656661756C7400436F6D7061746962696C6974794C6576656C0044656661756C74004175746F526F7461746550616765730044656661756C74005061727365445343436F6D6D656E74730044656661756C7400456D626564416C6C466F6E74730044656661756C7400537562736574466F6E74730044656661756C7400436F6D707265737350616765730044656661756C740000000000000000000000000000000000000000000000000000000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1808140
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsDriver
printBinNames
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsDriver
printCollate
01
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsDriver
printColor
01
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsDriver
printDuplexSupported
00
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsDriver
printStaplingSupported
00
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807531
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\PrinterDriverData
PrinterData
00063002800C000080969800000000002C0100006400580200000000000000000000000000000000DE9062D1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807532
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\PrinterDriverData
FeatureKeywordSize
2
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\PrinterDriverData
FeatureKeyword
0000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
LetterSmall
5C4B03006843040000000000000000005C4B0300684304000100000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\LetterSmall
FormKeyword
4C6574746572536D616C6C3A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807546
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807546
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807546
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807546
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
A0
3ED50C00FD23120000000000000000003ED50C00FD2312000200000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\A0
FormKeyword
41303A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807562
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807562
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807562
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807562
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
A1
9E1009003ED50C0000000000000000009E1009003ED50C000300000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\A1
FormKeyword
41313A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807563
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807563
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807563
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807563
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
A4Small
EF3303004F8804000000000000000000EF3303004F8804000400000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\A4Small
FormKeyword
4134536D616C6C3A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807578
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807578
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807578
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
A7
6321010047990100000000000000000063210100479901000500000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\A7
FormKeyword
41373A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807578
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807579
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807579
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807579
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
A8
F3CB0000632101000000000000000000F3CB0000632101000600000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\A8
FormKeyword
41383A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807593
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807593
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807593
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807593
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
A9
B2900000F3CB00000000000000000000B2900000F3CB00000700000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\A9
FormKeyword
41393A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807594
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807594
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807594
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807594
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
A10
99640000B2900000000000000000000099640000B29000000800000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\A10
FormKeyword
4131303A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807609
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807609
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807609
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
ISO B0
BD420F002D9315000000000000000000BD420F002D9315000900000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\ISO B0
FormKeyword
49534F42303A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807609
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807610
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807610
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807610
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
ISO B1
97C90A00BD420F00000000000000000097C90A00BD420F000A00000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\ISO B1
FormKeyword
49534F42313A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807610
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807625
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807625
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807625
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
ISO B2
AEA0070097C90A000000000000000000AEA0070097C90A000B00000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\ISO B2
FormKeyword
49534F42323A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807625
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807626
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807626
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807626
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
ISO B3
6B630500AEA0070000000000000000006B630500AEA007000C00000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\ISO B3
FormKeyword
49534F42333A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807640
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807640
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807640
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807640
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
ISO B4
07D103006B630500000000000000000007D103006B6305000D00000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\ISO B4
FormKeyword
49534F42343A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807641
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807641
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807656
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807656
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
ISO B5
A4AF020007D103000000000000000000A4AF020007D103000E00000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\ISO B5
FormKeyword
49534F42353A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807656
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807656
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807657
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807657
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
ISO B6
D3E70100A4AF02000000000000000000D3E70100A4AF02000F00000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\ISO B6
FormKeyword
49534F42363A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807671
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807671
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807671
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807671
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
JIS B0
DFB70F002A3716000000000000000000DFB70F002A3716001000000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\JIS B0
FormKeyword
42303A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807672
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807672
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807672
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807672
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
JIS B1
451C0B00DFB70F000000000000000000451C0B00DFB70F001100000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\JIS B1
FormKeyword
42313A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807687
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807687
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807687
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807687
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
JIS B2
F0DB0700451C0B000000000000000000F0DB0700451C0B001200000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\JIS B2
FormKeyword
42323A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807688
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807703
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807703
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807703
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
JIS B3
238E0500F0DB07000000000000000000238E0500F0DB07001300000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\JIS B3
FormKeyword
42333A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807703
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807704
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807704
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807718
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
JIS B4
97EC0300238E0500000000000000000097EC0300238E05001400000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\JIS B4
FormKeyword
42343A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807718
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807718
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807718
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807719
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
JIS B5
11C7020097EC0300000000000000000011C7020097EC03001500000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1808250
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsSpooler
driverName
Print To PDF
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsSpooler
portName
C:\Output.ps
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsSpooler
printStartTime
0
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsSpooler
printEndTime
0
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsSpooler
printerName
Print To PDF
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsSpooler
printKeepPrintedJobs
00
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\JIS B5
FormKeyword
42353A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807719
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807734
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807734
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807734
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
JIS B6
3AF4010011C7020000000000000000003AF4010011C702001600000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\JIS B6
FormKeyword
42363A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807734
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807735
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807750
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807750
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
Envelope C0
85FD0D000CCB1300000000000000000085FD0D000CCB13001700000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\Envelope C0
FormKeyword
456E7643303A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807750
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807750
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807751
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807765
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
Envelope C1
75E3090085FD0D00000000000000000075E3090085FD0D001800000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\Envelope C1
FormKeyword
456E7643313A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807765
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807781
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807781
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807781
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
Envelope C2
F0F9060075E309000000000000000000F0F9060075E309001900000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\Envelope C2
FormKeyword
456E7643323A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807796
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807796
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807796
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807796
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
ARCHE
E0F30D00809A12000000000000000000E0F30D00809A12001A00000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\ARCHE
FormKeyword
41524348453A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807797
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807797
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807797
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807812
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
ARCHD
404D0900E0F30D000000000000000000404D0900E0F30D001B00000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\ARCHD
FormKeyword
41524348443A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807828
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807828
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807828
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807843
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
ARCHC
F0F90600404D09000000000000000000F0F90600404D09001C00000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\ARCHC
FormKeyword
41524348433A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807843
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807859
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807859
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807859
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
ARCHB
A0A60400F0F906000000000000000000A0A60400F0F906001D00000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\ARCHB
FormKeyword
41524348423A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807875
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807875
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807875
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807875
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
ARCHA
F87C0300A0A604000000000000000000F87C0300A0A604001E00000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\ARCHA
FormKeyword
41524348413A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807890
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807890
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807890
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807890
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
FLSA
5C4B0300D809050000000000000000005C4B0300D80905001F00000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\FLSA
FormKeyword
464C53413A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807891
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807906
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807906
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsSpooler
printShareName
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsSpooler
printSpooling
PrintAfterSpooled
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsSpooler
priority
1
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsSpooler
uNCName
\\User-PC\Print To PDF
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsSpooler
serverName
User-PC
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsSpooler
shortServerName
USER-PC
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsSpooler
versionNumber
4
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsSpooler
url
http://User-PC/
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\DsSpooler
flags
0
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\PnPData
HardwareID
ghostscript_pdf
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\PnPData
Manufacturer
Ghostscript
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807906
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
FLSE
5C4B0300D809050000000000000000005C4B0300D80905002000000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\FLSE
FormKeyword
464C53453A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807906
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807907
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807907
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807921
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms
PA4
EF330300684304000000000000000000EF330300684304002100000002000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\PA4
FormKeyword
5041343A47686F737473637269707400
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807921
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Send To OneNote 2010
ChangeID
1807921
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer
ChangeID
1807937
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax
ChangeID
1807937
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\PrinterDriverData
Forms?
3512897758
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807937
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF\PrinterDriverData
DependentFiles
PSCRIPT.NTF
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807938
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
ChangeID
1807953
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF
DsKeyUpdateForeground
1
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports
Ne03:
1192
spoolsv.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Windows NT\CurrentVersion\Devices
Print To PDF (Copy 1)
winspool,Ne03:
1192
spoolsv.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts
Print To PDF (Copy 1)
winspool,Ne03:,15,45
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
ChangeID
1817235
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
StatusExt
0
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
Status
64
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
Name
Print To PDF (Copy 1)
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
Share Name
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
Print Processor
winprint
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
Datatype
RAW
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
Parameters
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
Action
0
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
ObjectGUID
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
DsKeyUpdate
0
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
DsKeyUpdateForeground
0
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
Description
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
Printer Driver
Print To PDF
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
Default DevMode
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
Priority
1
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
Default Priority
0
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
StartTime
0
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
UntilTime
0
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
Separator File
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
Location
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
Attributes
512
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
txTimeout
45000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
dnsTimeout
15000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
Security
01000C80D0000000DC00000000000000140000000200BC0007000000000024000C000F000105000000000005150000007C3E9B4DF44C73593E88FD13E80300000009240030000F000105000000000005150000007C3E9B4DF44C73593E88FD13E803000000091400000000100101000000000003000000000000140008000200010100000000000100000000000A140000000020010100000000000100000000000018000C000F0001020000000000052000000020020000000B18000000001001020000000000052000000020020000010100000000000512000000010100000000000512000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
CreatorSid
0105000000000005150000007C3E9B4DF44C73593E88FD13E8030000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
SpoolDirectory
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
Port
C:\Output.ps
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
Status
0
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\PrinterDriverData
InitDriverVersion
1536
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
ChangeID
1817250
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\PrinterDriverData
FreeMem
9765
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
ChangeID
1817251
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\PrinterDriverData
JobTimeOut
0
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
ChangeID
1817265
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\PrinterDriverData
Protocol
0
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
ChangeID
1817266
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\PrinterDriverData
PrinterDataSize
560
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\PrinterDriverData
PrinterData
00063002800C000080969800000000002C0100006400580200000000000000000000000000000000DE9062D1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\PrinterDriverData
FeatureKeywordSize
2
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\PrinterDriverData
FeatureKeyword
0000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\PrinterDriverData
Forms?
3512897758
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
ChangeID
1817281
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\PrinterDriverData
DependentFiles
PSCRIPT.NTF
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
ChangeID
1817282
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
Status
128
1192
spoolsv.exe
write
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Devices
Print To PDF (Copy 1)
winspool,Ne03:
1192
spoolsv.exe
write
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts
Print To PDF (Copy 1)
winspool,Ne03:,15,45
1192
spoolsv.exe
write
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Devices
Print To PDF (Copy 1)
winspool,Ne03:
1192
spoolsv.exe
write
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts
Print To PDF (Copy 1)
winspool,Ne03:,15,45
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
DsKeyUpdateForeground
1
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsSpooler
driverName
Print To PDF
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsSpooler
portName
C:\Output.ps
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsSpooler
printStartTime
0
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsSpooler
printEndTime
0
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsSpooler
printerName
Print To PDF (Copy 1)
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsSpooler
printKeepPrintedJobs
00
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsSpooler
printShareName
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsSpooler
printSpooling
PrintAfterSpooled
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsSpooler
priority
1
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsSpooler
uNCName
\\User-PC\Print To PDF (Copy 1)
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsSpooler
serverName
User-PC
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsSpooler
shortServerName
USER-PC
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsSpooler
versionNumber
4
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsSpooler
url
http://User-PC/
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsSpooler
flags
0
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsDriver
printBinNames
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
DsKeyUpdateForeground
3
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsDriver
printCollate
01
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsDriver
printColor
01
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsDriver
printDuplexSupported
00
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsDriver
printStaplingSupported
00
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsDriver
printMaxXExtent
20002
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsDriver
printMaxYExtent
20002
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsDriver
printMinXExtent
254
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsDriver
printMinYExtent
254
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsDriver
printMediaSupported
Letter
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsDriver
printMediaReady
Letter
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsDriver
printNumberUp
6
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsDriver
printMemory
9765
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsDriver
printOrientationsSupported
PORTRAIT
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsDriver
printMaxResolutionSupported
4000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsDriver
printLanguage
PostScript
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsDriver
printRateUnit
PagesPerMinute
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\DsDriver
driverVersion
1025
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
ChangeID
1817390
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
Default DevMode
5000720069006E007400200054006F0020005000440046002000280043006F007000790020003100290000002000280043006F0070007900200031002900000001040006DC00440453EF810101000100EA0A6F08640001000F005802020001005802030001004C00650074007400650072000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000200000001000000000000000000000000000000000000000000000050524956E23000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000180000000000102710271027000010270000000000000000700144040000000000000000000000000000000000000000000000000300000000000000000010005C4B03006843040000000000000000000000010000000000000000000000000000000000DE9062D10E00000005000400FF0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000070010000534D544A00000000100060015000720069006E007400200054006F00200050004400460000005265736F6C7574696F6E00363030647069005061676553697A65004C65747465720050616765526567696F6E0000436F6C6F724D6F64656C0044656661756C740050444653657474696E67730044656661756C7400436F6C6F72496D61676546696C7465720044656661756C740047726179496D61676546696C7465720044656661756C74004D6F6E6F496D61676546696C7465720044656661756C7400436F6D7061746962696C6974794C6576656C0044656661756C74004175746F526F7461746550616765730044656661756C74005061727365445343436F6D6D656E74730044656661756C7400456D626564416C6C466F6E74730044656661756C7400537562736574466F6E74730044656661756C7400436F6D707265737350616765730044656661756C740000000000000000000000000000000000000000000000000000000000
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
ChangeID
1817406
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)
ChangeID
1817500
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\PnPData
HardwareID
ghostscript_pdf
1192
spoolsv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print To PDF (Copy 1)\PnPData
Manufacturer
Ghostscript
3612
printtopdf-full.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3612
printtopdf-full.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2636
irsetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Print to PDF
DisplayName
Print to PDF
2636
irsetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Print to PDF
NoModify
1
2636
irsetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Print to PDF
NoRepair
1
2636
irsetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Print to PDF
UninstallString
"C:\Program Files\Print to PDF\uninstall.exe" "/U:C:\Program Files\Print to PDF\Uninstall\uninstall.xml"
2636
irsetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Print to PDF
Publisher
Free PDF Solutions
2636
irsetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Print to PDF
URLInfoAbout
http://www.freepdfsolutions.com
2636
irsetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Print to PDF
HelpLink
http://www.freepdfsolutions.com
2636
irsetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Print to PDF
Contact
Free PDF Solutions Support Department
2636
irsetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Print to PDF
InstallLocation
C:\Program Files\Print to PDF
2636
irsetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Print to PDF
DisplayIcon
"C:\Program Files\Free PDF Solutions\Print To PDF\print.ico",0
2636
irsetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
PrintToPDF
"C:\Program Files\Free PDF Solutions\Print To PDF\Print_To_PDF_Config.exe"
3556
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3556
rundll32.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupapiLogStatus
setupapi.dev.log
4096
3556
rundll32.exe
write
HKEY_CURRENT_USER\Printers\Settings\Wizard
Default Attributes
512
2524
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
SrCreateRp (Enter)
400000000000000044B6BD6865DAD401DC090000E0090000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
2524
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppCreate (Enter)
40000000000000009E18C06865DAD401DC090000E0090000D0070000000000000000000000000000000000000000000000000000000000000000000000000000
2524
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
LastIndex
20
2524
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppGatherWriterMetadata (Enter)
4000000000000000EC8A136965DAD401DC090000E0090000D3070000000000000000000000000000000000000000000000000000000000000000000000000000
2524
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
IDENTIFY (Enter)
400000000000000046ED156965DAD401DC090000B00D0000E803000001000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
2524
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
IDENTIFY (Leave)
4000000000000000C00BD76965DAD401DC090000B00D0000E803000000000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
2524
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppGatherWriterMetadata (Leave)
4000000000000000BC7E1C6F65DAD401DC090000E0090000D3070000010000000000000000000000000000000000000000000000000000000000000000000000
2524
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppAddInterestingComponents (Enter)
4000000000000000BC7E1C6F65DAD401DC090000E0090000D4070000000000000000000000000000000000000000000000000000000000000000000000000000
2524
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppAddInterestingComponents (Leave)
4000000000000000322F2D6F65DAD401DC090000E0090000D4070000010000000000000000000000000000000000000000000000000000000000000000000000
2524
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
PREPAREBACKUP (Enter)
40000000000000000242406F65DAD401DC090000140A0000E903000001000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
2524
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
PREPAREBACKUP (Leave)
4000000000000000E07B5A6F65DAD401DC090000140A0000E903000000000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
2524
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
GETSTATE (Enter)
4000000000000000E07B5A6F65DAD401DC090000800A0000F903000001000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
2524
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
GETSTATE (Leave)
400000000000000094405F6F65DAD401DC090000800A0000F903000000000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
2524
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
DOSNAPSHOT (Enter)
40000000000000004805646F65DAD401DC090000E00900000A04000001000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
2524
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
DOSNAPSHOT (Leave)
4000000000000000160E507065DAD401DC090000880A00000A04000000000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
2524
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppCreate (Leave)
4000000000000000160E507065DAD401DC090000E0090000D0070000010000000000000000000000000000000000000000000000000000000000000000000000
2524
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
SrCreateRp (Leave)
4000000000000000160E507065DAD401DC090000E0090000D5070000010000000000000000000000000000000000000000000000000000000000000000000000
2524
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
FirstRun
0
2524
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
LastIndex
20
2524
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
NestingLevel
1
2524
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
StartNesting
44B6BD6865DAD401
2524
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
NestingLevel
0
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Enter)
400000000000000008D9216965DAD401B80F0000480A0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Enter)
400000000000000008D9216965DAD401B80F0000880E0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Enter)
400000000000000008D9216965DAD401B80F00003C0A0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Enter)
400000000000000008D9216965DAD401B80F0000740E0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Leave)
40000000000000001600296965DAD401B80F00003C0A0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Leave)
40000000000000001600296965DAD401B80F0000740E0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Leave)
4000000000000000CAC42D6965DAD401B80F0000880E0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Leave)
40000000000000002427306965DAD401B80F0000480A0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_BEGINPREPARE (Enter)
40000000000000000242406F65DAD401B80F0000480A00000104000001000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_BEGINPREPARE (Leave)
40000000000000000242406F65DAD401B80F0000480A00000104000000000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPAREBACKUP (Enter)
4000000000000000B606456F65DAD401B80F0000740E0000E903000001000000010000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPAREBACKUP (Enter)
4000000000000000B606456F65DAD401B80F0000480A0000E903000001000000010000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPAREBACKUP (Enter)
4000000000000000B606456F65DAD401B80F0000880E0000E903000001000000010000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPAREBACKUP (Leave)
40000000000000001069476F65DAD401B80F0000740E0000E903000000000000010000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_STABLE (SetCurrentState)
40000000000000001069476F65DAD401B80F0000740E00000100000001000000010000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPAREBACKUP (Leave)
40000000000000001069476F65DAD401B80F0000880E0000E903000000000000010000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_STABLE (SetCurrentState)
40000000000000001069476F65DAD401B80F0000880E00000100000001000000010000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPAREBACKUP (Leave)
40000000000000006ACB496F65DAD401B80F0000480A0000E903000000000000010000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_STABLE (SetCurrentState)
40000000000000006ACB496F65DAD401B80F0000480A00000100000001000000010000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
GETSTATE (Enter)
40000000000000003ADE5C6F65DAD401B80F0000480A0000F903000001000000010000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
GETSTATE (Enter)
40000000000000003ADE5C6F65DAD401B80F0000880E0000F903000001000000010000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
GETSTATE (Enter)
40000000000000003ADE5C6F65DAD401B80F0000740E0000F903000001000000010000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
GETSTATE (Leave)
40000000000000003ADE5C6F65DAD401B80F0000480A0000F903000000000000010000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
GETSTATE (Leave)
400000000000000094405F6F65DAD401B80F0000880E0000F903000000000000010000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
GETSTATE (Leave)
400000000000000094405F6F65DAD401B80F0000740E0000F903000000000000010000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_ENDPREPARE (Enter)
40000000000000004805646F65DAD401B80F0000980A00000204000001000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_ENDPREPARE (Leave)
4000000000000000369DDD6F65DAD401B80F0000980A00000204000000000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
PREPARESNAPSHOT (Enter)
4000000000000000369DDD6F65DAD401B80F0000980A0000EA03000001000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPARESNAPSHOT (Enter)
40000000000000009E26E76F65DAD401B80F0000EC090000EA03000001000000010000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPARESNAPSHOT (Enter)
40000000000000009E26E76F65DAD401B80F0000080A0000EA03000001000000010000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPARESNAPSHOT (Enter)
40000000000000009E26E76F65DAD401B80F0000E4090000EA03000001000000010000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPARESNAPSHOT (Leave)
40000000000000007C60017065DAD401B80F0000EC090000EA03000000000000010000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
40000000000000007C60017065DAD401B80F0000EC0900000200000001000000010000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPARESNAPSHOT (Leave)
40000000000000007C60017065DAD401B80F0000E4090000EA03000000000000010000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
40000000000000007C60017065DAD401B80F0000E40900000200000001000000010000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPARESNAPSHOT (Leave)
4000000000000000D6C2037065DAD401B80F0000080A0000EA03000000000000010000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
4000000000000000D6C2037065DAD401B80F0000080A00000200000001000000010000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
PREPARESNAPSHOT (Leave)
40000000000000000E5F207065DAD401B80F0000980A0000EA03000000000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE (Enter)
40000000000000000E5F207065DAD401B80F0000980A0000EB03000001000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_FRONT (Enter)
40000000000000000E5F207065DAD401B80F0000980A0000EC03000001000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
FREEZE (Enter)
4000000000000000C223257065DAD401B80F0000080A0000EB03000001000000020000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
FREEZE (Leave)
4000000000000000C223257065DAD401B80F0000080A0000EB03000000000000020000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
4000000000000000C223257065DAD401B80F0000080A00000300000001000000020000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BKGND_FREEZE_THREAD (Enter)
4000000000000000C223257065DAD401B80F00008C0B0000FC03000001000000030000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_FRONT (Leave)
40000000000000001C86277065DAD401B80F0000980A0000EC03000000000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_BACK (Enter)
40000000000000001C86277065DAD401B80F0000980A0000ED03000001000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_BACK (Leave)
400000000000000076E8297065DAD401B80F0000980A0000ED03000000000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_SYSTEM (Enter)
400000000000000076E8297065DAD401B80F0000980A0000EE03000001000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
FREEZE (Enter)
40000000000000002AAD2E7065DAD401B80F0000080A0000EB03000001000000020000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
FREEZE (Leave)
40000000000000002AAD2E7065DAD401B80F0000080A0000EB03000000000000020000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
40000000000000002AAD2E7065DAD401B80F0000080A00000300000001000000020000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BKGND_FREEZE_THREAD (Enter)
40000000000000002AAD2E7065DAD401B80F0000B40B0000FC03000001000000030000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_SYSTEM (Leave)
4000000000000000840F317065DAD401B80F0000980A0000EE03000000000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_KTM (Enter)
4000000000000000840F317065DAD401B80F0000980A0000F003000001000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_KTM (Leave)
4000000000000000840F317065DAD401B80F0000980A0000F003000000000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_RM (Enter)
4000000000000000840F317065DAD401B80F0000980A0000EF03000001000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
FREEZE (Enter)
400000000000000038D4357065DAD401B80F0000E4090000EB03000001000000020000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
FREEZE (Leave)
4000000000000000EC983A7065DAD401B80F0000E4090000EB03000000000000020000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
400000000000000046FB3C7065DAD401B80F0000E40900000300000001000000020000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BKGND_FREEZE_THREAD (Enter)
400000000000000046FB3C7065DAD401B80F0000FC0C0000FC03000001000000030000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_RM (Leave)
400000000000000046FB3C7065DAD401B80F0000980A0000EF03000000000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE (Leave)
400000000000000046FB3C7065DAD401B80F0000980A0000EB03000000000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PRECOMMIT (Enter)
400000000000000046FB3C7065DAD401B80F0000980A00000304000001000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PRECOMMIT (Leave)
400000000000000046FB3C7065DAD401B80F0000980A00000304000000000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
OPEN_VOLUME_HANDLE (Enter)
400000000000000046FB3C7065DAD401B80F0000980A0000FD03000001000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
OPEN_VOLUME_HANDLE (Enter)
400000000000000046FB3C7065DAD401B80F00000C0C0000FD03000001000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
OPEN_VOLUME_HANDLE (Leave)
4000000000000000FABF417065DAD401B80F00000C0C0000FD03000000000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
OPEN_VOLUME_HANDLE (Leave)
4000000000000000FABF417065DAD401B80F0000980A0000FD03000000000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_FLUSH_AND_HOLD (Enter)
4000000000000000FABF417065DAD401B80F00000C0C0000FE03000001000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_FLUSH_AND_HOLD (Leave)
4000000000000000BCAB4D7065DAD401B80F00000C0C0000FE03000000000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_RELEASE (Enter)
4000000000000000BCAB4D7065DAD401B80F00000C0C0000FF03000001000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_RELEASE (Leave)
4000000000000000BCAB4D7065DAD401B80F00000C0C0000FF03000000000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_FLUSH_AND_HOLD (Enter)
4000000000000000FABF417065DAD401B80F0000980A0000FE03000001000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_FLUSH_AND_HOLD (Leave)
4000000000000000BCAB4D7065DAD401B80F0000980A0000FE03000000000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_RELEASE (Enter)
4000000000000000BCAB4D7065DAD401B80F0000980A0000FF030000010000000000000000000000000000000000000000000000000000000000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_RELEASE (Leave)
4000000000000000BCAB4D7065DAD401B80F0000980A0000FF030000000000000000000000000000000000000000000000000000000000000000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_COMMIT (Enter)
4000000000000000BCAB4D7065DAD401B80F0000040D00000404000001000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_COMMIT (Leave)
4000000000000000BCAB4D7065DAD401B80F0000040D00000404000000000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTCOMMIT (Enter)
4000000000000000BCAB4D7065DAD401B80F0000980A00000504000001000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTCOMMIT (Leave)
4000000000000000160E507065DAD401B80F0000980A00000504000000000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW_KTM (Enter)
4000000000000000160E507065DAD401B80F0000980A0000F403000001000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW_KTM (Leave)
4000000000000000160E507065DAD401B80F0000980A0000F403000000000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW (Enter)
4000000000000000160E507065DAD401B80F0000980A0000F203000001000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
THAW (Enter)
4000000000000000CAD2547065DAD401B80F0000080A0000F203000001000000030000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BKGND_FREEZE_THREAD (Leave)
4000000000000000CAD2547065DAD401B80F0000B40B0000FC03000000000000030000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
THAW (Enter)
4000000000000000CAD2547065DAD401B80F0000180A0000F203000001000000030000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
THAW (Enter)
4000000000000000CAD2547065DAD401B80F0000F0090000F203000001000000030000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
THAW (Leave)
4000000000000000CAD2547065DAD401B80F0000080A0000F203000000000000030000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BKGND_FREEZE_THREAD (Leave)
4000000000000000CAD2547065DAD401B80F00008C0B0000FC03000000000000030000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BKGND_FREEZE_THREAD (Leave)
4000000000000000CAD2547065DAD401B80F0000FC0C0000FC03000000000000030000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
4000000000000000CAD2547065DAD401B80F0000080A00000400000001000000030000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
THAW (Leave)
4000000000000000CAD2547065DAD401B80F0000180A0000F203000000000000030000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
THAW (Leave)
4000000000000000CAD2547065DAD401B80F0000F0090000F203000000000000030000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
4000000000000000CAD2547065DAD401B80F0000180A00000400000001000000030000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
4000000000000000CAD2547065DAD401B80F0000F00900000400000001000000030000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW (Leave)
4000000000000000CAD2547065DAD401B80F0000980A0000F203000000000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PREFINALCOMMIT (Enter)
4000000000000000CAD2547065DAD401B80F0000980A00000604000001000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PREFINALCOMMIT (Leave)
4000000000000000EECF927065DAD401B80F0000980A00000604000000000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
POSTSNAPSHOT (Enter)
4000000000000000EECF927065DAD401B80F0000980A0000F503000001000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
POSTSNAPSHOT (Enter)
40000000000000003493B67065DAD401B80F0000EC090000F503000001000000040000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
POSTSNAPSHOT (Enter)
40000000000000003493B67065DAD401B80F0000040A0000F503000001000000040000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
POSTSNAPSHOT (Enter)
40000000000000003493B67065DAD401B80F0000E4090000F503000001000000040000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
POSTSNAPSHOT (Leave)
40000000000000003493B67065DAD401B80F0000E4090000F503000000000000040000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
40000000000000003493B67065DAD401B80F0000E40900000500000001000000040000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
POSTSNAPSHOT (Leave)
40000000000000008EF5B87065DAD401B80F0000EC090000F503000000000000040000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
40000000000000008EF5B87065DAD401B80F0000EC0900000500000001000000040000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
POSTSNAPSHOT (Leave)
4000000000000000AEB1777165DAD401B80F0000040A0000F503000000000000040000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
4000000000000000AEB1777165DAD401B80F0000040A00000500000001000000040000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
POSTSNAPSHOT (Leave)
4000000000000000AEB1777165DAD401B80F0000980A0000F503000000000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTFINALCOMMIT (Enter)
4000000000000000AEB1777165DAD401B80F0000980A00000704000001000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTFINALCOMMIT (Leave)
400000000000000010C3A97165DAD401B80F0000980A00000704000000000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
BACKUPSHUTDOWN (Enter)
40000000000000008673BA7165DAD401B80F0000980A0000FB03000001000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BACKUPSHUTDOWN (Enter)
4000000000000000E0D5BC7165DAD401B80F0000180A0000FB03000001000000050000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BACKUPSHUTDOWN (Leave)
4000000000000000E0D5BC7165DAD401B80F0000180A0000FB03000000000000050000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BACKUPSHUTDOWN (Enter)
4000000000000000E0D5BC7165DAD401B80F0000040A0000FB03000001000000050000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BACKUPSHUTDOWN (Leave)
4000000000000000E0D5BC7165DAD401B80F0000040A0000FB03000000000000050000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BACKUPSHUTDOWN (Enter)
4000000000000000E0D5BC7165DAD401B80F0000EC090000FB03000001000000050000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BACKUPSHUTDOWN (Leave)
4000000000000000E0D5BC7165DAD401B80F0000EC090000FB03000000000000050000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
4024
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
BACKUPSHUTDOWN (Leave)
4000000000000000E0D5BC7165DAD401B80F0000980A0000FB03000000000000000000000000000067D5BAEAD262494EBFE99969C9957BF90000000000000000
2740
DrvInst.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
4084
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US

Files activity

Executable files
11
Suspicious files
16
Text files
220
Unknown types
10

Dropped files

PID
Process
Filename
Type
3612
printtopdf-full.exe
C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
executable
MD5: b5fc476c1bf08d5161346cc7dd4cb0ba
SHA256: 12cb9b8f59c00ef40ea8f28bfc59a29f12dc28332bf44b1a5d8d6a8823365650
2636
irsetup.exe
C:\Program Files\Free PDF Solutions\Print To PDF\gswin32c.exe
executable
MD5: 1fbea81ee6d95d8dffcafd4eec87e8be
SHA256: 56bc3bf56a28ca364cdfbc1fb0925ae6b97258b194eb868d9b64ec3d36023dd8
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\PS5UI.DLL
executable
MD5: 950c2e097ef182467624de79fbb80c5c
SHA256: 33aeb450d3e446a3444715f1836a77f5ca7f9e2501d5c556731d87232bd7aa07
2636
irsetup.exe
C:\Program Files\Free PDF Solutions\Print To PDF\Print_To_PDF_UI.exe
executable
MD5: e746c30a8f778acf4c376a7a8e01abde
SHA256: 71de8cc0d2aec6a214613941af78b249d5a6a8193d342c618ad0f830468e4071
2636
irsetup.exe
C:\Program Files\Free PDF Solutions\Print To PDF\Print_To_PDF.exe
executable
MD5: 1d9212d0c622a15bcadbf332c6c4e650
SHA256: 258d9b8b0dd63e79ea21c156f3b6c003f755fcb1d1919366b06239df6027f781
2636
irsetup.exe
C:\Program Files\Print to PDF\lua5.1.dll
executable
MD5: b5fc476c1bf08d5161346cc7dd4cb0ba
SHA256: 12cb9b8f59c00ef40ea8f28bfc59a29f12dc28332bf44b1a5d8d6a8823365650
2636
irsetup.exe
C:\Program Files\Print to PDF\uninstall.exe
executable
MD5: 30dd6c9d0bf2e0e2ff06e07d07adbf79
SHA256: 90036694098ac538f319d97f621e3171046c77dac6c0589862b898f645e0cd13
3612
printtopdf-full.exe
C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
executable
MD5: 30dd6c9d0bf2e0e2ff06e07d07adbf79
SHA256: 90036694098ac538f319d97f621e3171046c77dac6c0589862b898f645e0cd13
2636
irsetup.exe
C:\Program Files\Free PDF Solutions\Print To PDF\Print_To_PDF_Config.exe
executable
MD5: f3701202de3b0bd688af3af2bad37ccd
SHA256: 0a3d8abc538cd16d0aa3c1778ddb5c4ca950e94a7a62dc67470ccc99fc336872
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\PSCRIPT5.DLL
executable
MD5: fce6b0393ea2ce0f6234e7daca7772a2
SHA256: 44fe3c7e8867b1ae343e2ea28a09bd3619fd2c16616fb7bea35c6c62de3bc3b3
2636
irsetup.exe
C:\Program Files\Free PDF Solutions\Print To PDF\gsdll32.dll
executable
MD5: dbd87962936ee1827324fde53e0f4a75
SHA256: 6176723af0db5ff73fd20b452852b53d74dd09727b6af152f961555b0ac9474b
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\{643671FC-CF47-438D-9959-15C08EF76745}\Print To PDF.PPD
––
MD5:  ––
SHA256:  ––
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\{643671FC-CF47-438D-9959-15C08EF76745}\SETB97F.tmp
––
MD5:  ––
SHA256:  ––
1192
spoolsv.exe
C:\Windows\INF\setupapi.app.log
text
MD5: 186c4abedf600dadb11d4e30048251c9
SHA256: 55b85256934e44da9028d21eec32457391b5bc8a9ccf634755b3911afde0009c
4024
vssvc.exe
C:
––
MD5:  ––
SHA256:  ––
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\Print To PDF.BPD
binary
MD5: e5af2ee8090e74f08d4f7286face0caa
SHA256: be1240ae94ca8429c075fe7f3a34ae7bed1eef5e50c5e9ec0355d5572cb7263d
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\PS_SCHM.GDL
text
MD5: 26726bc9e259c92f7d35db18f3d3a6c0
SHA256: 231b59f61fffd20503b67c2ee2cf53aa426c06039316d80da493aac3180ec8b0
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\PSCRIPT.NTF
ntf
MD5: acd06ccd864e483846b624642a0114b3
SHA256: c19d4922df0298d693f08d67557d48c1de14ebfaba6bad2cd69b1b4ddd5f0b82
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\New\PS_SCHM.GDL
––
MD5:  ––
SHA256:  ––
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\New\PSCRIPT.NTF
––
MD5:  ––
SHA256:  ––
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\Print To PDF.PPD
text
MD5: 910d456d7bfab51ac3527e19d2629b3c
SHA256: 2c011b3f828ba2e7caa91a5a9021f937f8ce5f59f23ac20b51103a7dd731050b
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\PSCRIPT.HLP
hlp
MD5: 02c3f8c32018f3aaf66e7421400f1781
SHA256: 6faef4c998e810fff139958f28722c79879ec2fd66c97c7e3e2c5040fd5550d9
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\New\PSCRIPT.HLP
––
MD5:  ––
SHA256:  ––
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\New\Print To PDF.PPD
––
MD5:  ––
SHA256:  ––
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\{643671FC-CF47-438D-9959-15C08EF76745}\PS_SCHM.GDL
––
MD5:  ––
SHA256:  ––
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\New\PS5UI.DLL
––
MD5:  ––
SHA256:  ––
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\{643671FC-CF47-438D-9959-15C08EF76745}\PSCRIPT.NTF
––
MD5:  ––
SHA256:  ––
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\New\PSCRIPT5.DLL
––
MD5:  ––
SHA256:  ––
1192
spoolsv.exe
C:\Windows\INF\setupapi.app.log
text
MD5: 7093d38760d2f2c5c3ad6690058b2871
SHA256: 24aeb26bde8619c64a7801a08031f0eecccd29e4b686be2740d421ab3b36b658
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\{1D82FA87-EFDD-47A5-9725-BE7B0A61B19D}\PS_SCHM.GDL
––
MD5:  ––
SHA256:  ––
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\{1D82FA87-EFDD-47A5-9725-BE7B0A61B19D}\SET9368.tmp
––
MD5:  ––
SHA256:  ––
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\{1D82FA87-EFDD-47A5-9725-BE7B0A61B19D}\PSCRIPT.NTF
––
MD5:  ––
SHA256:  ––
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\{1D82FA87-EFDD-47A5-9725-BE7B0A61B19D}\SET9347.tmp
––
MD5:  ––
SHA256:  ––
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\{1D82FA87-EFDD-47A5-9725-BE7B0A61B19D}\PSCRIPT.HLP
––
MD5:  ––
SHA256:  ––
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\{1D82FA87-EFDD-47A5-9725-BE7B0A61B19D}\SET9337.tmp
––
MD5:  ––
SHA256:  ––
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\{1D82FA87-EFDD-47A5-9725-BE7B0A61B19D}\PS5UI.DLL
––
MD5:  ––
SHA256:  ––
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\{1D82FA87-EFDD-47A5-9725-BE7B0A61B19D}\SET9326.tmp
––
MD5:  ––
SHA256:  ––
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\{1D82FA87-EFDD-47A5-9725-BE7B0A61B19D}\PSCRIPT5.DLL
––
MD5:  ––
SHA256:  ––
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\{1D82FA87-EFDD-47A5-9725-BE7B0A61B19D}\SET9316.tmp
––
MD5:  ––
SHA256:  ––
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\{1D82FA87-EFDD-47A5-9725-BE7B0A61B19D}\Print To PDF.PPD
text
MD5: 910d456d7bfab51ac3527e19d2629b3c
SHA256: 2c011b3f828ba2e7caa91a5a9021f937f8ce5f59f23ac20b51103a7dd731050b
1192
spoolsv.exe
C:\Windows\INF\setupapi.app.log
text
MD5: bba72ccd8d57830487bcf3599f5854fa
SHA256: 30114eb30672bdb355fa03f7cc8812c1b0e083e626b186bea0587b611b1afa6f
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\{1D82FA87-EFDD-47A5-9725-BE7B0A61B19D}\SET92F5.tmp
––
MD5:  ––
SHA256:  ––
1192
spoolsv.exe
C:\Windows\INF\NTPRINT.PNF
pnf
MD5: 2aa728146bacb13879df94e42afea6a9
SHA256: 88e9be279aba60299706201c52162fd1e643545438ad8c3e228f1c3adc749565
3556
rundll32.exe
C:\Windows\INF\setupapi.dev.log
text
MD5: 37a8c47e9ff157497b49e0303170ab44
SHA256: 0e6cda4e079d8e15e191182e43736f00cbc0be1e6a1839e935cc931942db45a7
2524
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
text
MD5: 37a8c47e9ff157497b49e0303170ab44
SHA256: 0e6cda4e079d8e15e191182e43736f00cbc0be1e6a1839e935cc931942db45a7
2524
DrvInst.exe
C:\Windows\System32\DriverStore\FileRepository\print to pdf.inf_x86_neutral_0aba5bd50d89eac7\print to pdf.PNF
pnf
MD5: a0c3e083e4abb1a37c1d06ae488376c9
SHA256: 6b31ebfb32e0af09304bb92adadd945fb8ff3d02be633e4ab2bd4ddc2896a0b5
2524
DrvInst.exe
C:\Windows\System32\DriverStore\INFCACHE.2
binary
MD5: a858596d75eed87ff3abe9fcc6c86e7b
SHA256: 780f5cc4213cbdfbdda5e34dc8016bacc37801776b86fcfaac5d17769c3fd667
2524
DrvInst.exe
C:\Windows\System32\DriverStore\INFCACHE.1
binary
MD5: a858596d75eed87ff3abe9fcc6c86e7b
SHA256: 780f5cc4213cbdfbdda5e34dc8016bacc37801776b86fcfaac5d17769c3fd667
2524
DrvInst.exe
C:\Windows\System32\DriverStore\OLDCACHE.000
––
MD5:  ––
SHA256:  ––
2524
DrvInst.exe
C:\Windows\System32\DriverStore\INFCACHE.0
––
MD5:  ––
SHA256:  ––
2524
DrvInst.exe
C:\Windows\System32\DriverStore\infpub.dat
binary
MD5: ebb87658bdbdaef975fe45dfe8ffcde5
SHA256: 284f789dc435681f52446a74668d2083203ea26d1c9a81bae65c5c8d71da77ab
2524
DrvInst.exe
C:\Windows\System32\DriverStore\infstor.dat
ozfx3
MD5: 04d2f4fd281ea848d80353d4e6c48f70
SHA256: 8b4cf3adef324d26005b6645a2bedb34735bb3a7bd20e2659ae8cc80408cd0db
2524
DrvInst.exe
C:\Windows\System32\DriverStore\infstrng.dat
binary
MD5: dd14ad53a5d1c98369e0d019bd52d156
SHA256: fcb5c2d0ba215082ffc2267819294bee8b3f494c15dbdbb9235ee7ae93780a8c
2524
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 391d78af575e2419a2844cf746a04562
SHA256: a21efcef4bcaa7af82015554ce1e5b51e80a292857a4f82c190106c59b779e8f
2524
DrvInst.exe
C:\Windows\INF\oem4.inf
binary
MD5: 4305f752d50b350fa70ab456983f7f40
SHA256: 38ad04305ea8138eddc748760d4cbe117b29a9ab9a3641b1f251aa56a43fb259
2524
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 73292255465501eb42f25b732afe2084
SHA256: ff2b8c53459e39c15d39da6540e99a3cfea72f98dbb9a300c28bb0a6a1962164
2524
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: f7bfa60845a7340d2dc7eeb6a386d6c1
SHA256: 92d96bc7da8d4ca2dcafb5da569f5cc4649fce4b7f0f77f0e6a74482b5ad7a71
2740
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 4a9a9445db5cf99742a5b24c3db0c06b
SHA256: 13cacb63c8cdde2080d3227df602da02294a6fa528790fdf6f34c4ebee8b8deb
2740
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: e97ec7f15d28b1d5b9aa7df03414a9ab
SHA256: 5db35f90543b3556e7d840a0f5f88c7fdfb71ac3ff5bffa6b78c126551a6a0b3
2740
DrvInst.exe
C:\Windows\INF\setupapi.ev3
binary
MD5: 76dcc60f78b3dff1ae3627619074f465
SHA256: 18541ac1875315c4f9eff75050c574faff83717c029dae6b366f9c6c3f0c19e0
2740
DrvInst.exe
C:\Windows\INF\setupapi.ev1
binary
MD5: ce650144cc44caf823b96060a66e4aba
SHA256: 598425ba2c8676aed621a0eb9244288794d9296c028d8093efa353329f6f3288
2524
DrvInst.exe
C:\System Volume Information\SPP\metadata-2
––
MD5:  ––
SHA256:  ––
2524
DrvInst.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{eabad567-62d2-4e49-bfe9-9969c9957bf9}_OnDiskSnapshotProp
binary
MD5: e361f3cd1e35db93a4d30af28fd57c43
SHA256: 862ad256a2e4ebd9da425184e4cf71a899e5d08fe6bc552554c050677ffc4b38
2524
DrvInst.exe
C:\System Volume Information\SPP\snapshot-2
binary
MD5: e361f3cd1e35db93a4d30af28fd57c43
SHA256: 862ad256a2e4ebd9da425184e4cf71a899e5d08fe6bc552554c050677ffc4b38
2524
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 93d723315b15e900784c176c6aa381eb
SHA256: d72c421f2d732024eeae97949407a8bc3aa84bbf10139266cfde3ee278be45be
2524
DrvInst.exe
C:\Windows\System32\DriverStore\Temp\{68db3b64-6210-3f0c-c998-292a88a1d46d}\print to pdf.inf
binary
MD5: 4305f752d50b350fa70ab456983f7f40
SHA256: 38ad04305ea8138eddc748760d4cbe117b29a9ab9a3641b1f251aa56a43fb259
2524
DrvInst.exe
C:\Windows\System32\DriverStore\Temp\{68db3b64-6210-3f0c-c998-292a88a1d46d}\Print To PDF.PPD
text
MD5: 910d456d7bfab51ac3527e19d2629b3c
SHA256: 2c011b3f828ba2e7caa91a5a9021f937f8ce5f59f23ac20b51103a7dd731050b
2524
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: a3e54356a15fcae23cce0b2dbc7a16b6
SHA256: 621193532f364d168b6b9c8ff4b986db7c82702e693efacf82d42ad72ee7cda2
2524
DrvInst.exe
C:\Windows\System32\DriverStore\Temp\{68db3b64-6210-3f0c-c998-292a88a1d46d}\SET53EA.tmp
––
MD5:  ––
SHA256:  ––
2524
DrvInst.exe
C:\Windows\System32\DriverStore\Temp\{68db3b64-6210-3f0c-c998-292a88a1d46d}\SET53E9.tmp
––
MD5:  ––
SHA256:  ––
3556
rundll32.exe
C:\Users\admin\AppData\Local\Temp\{68f88bde-52d9-3b79-1348-2f17e207896d}\print to pdf.inf
binary
MD5: 4305f752d50b350fa70ab456983f7f40
SHA256: 38ad04305ea8138eddc748760d4cbe117b29a9ab9a3641b1f251aa56a43fb259
3556
rundll32.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: a3e54356a15fcae23cce0b2dbc7a16b6
SHA256: 621193532f364d168b6b9c8ff4b986db7c82702e693efacf82d42ad72ee7cda2
3556
rundll32.exe
C:\Users\admin\AppData\Local\Temp\{68f88bde-52d9-3b79-1348-2f17e207896d}\Print To PDF.PPD
text
MD5: 910d456d7bfab51ac3527e19d2629b3c
SHA256: 2c011b3f828ba2e7caa91a5a9021f937f8ce5f59f23ac20b51103a7dd731050b
3556
rundll32.exe
C:\Users\admin\AppData\Local\Temp\{68f88bde-52d9-3b79-1348-2f17e207896d}\SET538C.tmp
––
MD5:  ––
SHA256:  ––
3556
rundll32.exe
C:\Users\admin\AppData\Local\Temp\{68f88bde-52d9-3b79-1348-2f17e207896d}\SET538B.tmp
––
MD5:  ––
SHA256:  ––
2636
irsetup.exe
C:\Program Files\Print to PDF\Uninstall\uninstall.xml
xml
MD5: 39db76229a215d32e680af25d09e4047
SHA256: 745b7d9e01dd6bf83f317856e8fdf56926568f01a4dc5a1e828cd86ba5afd271
2636
irsetup.exe
C:\Users\admin\AppData\Local\Temp\Print to PDF Setup Log.txt
text
MD5: eaf17312e17af0a1589abc5323af0e20
SHA256: ca561845670cf6c0eee416239c00ed0723a54869efb9f2b4f0ac6a308a8b5588
2636
irsetup.exe
C:\Print To PDF.inf
binary
MD5: 4305f752d50b350fa70ab456983f7f40
SHA256: 38ad04305ea8138eddc748760d4cbe117b29a9ab9a3641b1f251aa56a43fb259
2636
irsetup.exe
C:\Print To PDF.ppd
text
MD5: 910d456d7bfab51ac3527e19d2629b3c
SHA256: 2c011b3f828ba2e7caa91a5a9021f937f8ce5f59f23ac20b51103a7dd731050b
2636
irsetup.exe
C:\Program Files\Print to PDF\Uninstall\uninstall.xml
xml
MD5: 2f75bdcf977f03572319ec5ed17754d2
SHA256: c86c05b97692d7b794e9fc16303b964cb765f2f795c6cdedef722a2d6d753398
2636
irsetup.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Print to PDF\Print_To_PDF_Config.lnk
lnk
MD5: 05a454a2cdaa27a0150452267507ce3a
SHA256: 04a9959f650920ec4b2ea1f9c0471c368d5c14389e02e5e3e95fc035dc4ea8d6
2636
irsetup.exe
C:\Program Files\Print to PDF\Uninstall\IRIMG1.JPG
image
MD5: 5dc2d6c2cdb0bd1447dc42810344fa1e
SHA256: eca7064b09fa0b62582a795965b3d980e299293a4d5052d7925b40002ea9000b
2636
irsetup.exe
C:\Program Files\Print to PDF\Uninstall\IRIMG2.JPG
image
MD5: 8da00a281dd2d7b7861e785eb5f6086e
SHA256: 52922ab69824570d12d004eb9281cf926f4d30dca53ae05aac52611f36db12a2
2636
irsetup.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Print to PDF\Print_To_PDF_UI.lnk
lnk
MD5: 4180dfe5e272692fdec2ac1300f7f000
SHA256: c5af2c8b26a521b59a06d072cc525c8b91f2f564657932985887a9712047fff0
2636
irsetup.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Print to PDF\Print_To_PDF.lnk
lnk
MD5: aad461c4a3141e5b12c18f7776c950ea
SHA256: 8efe68d802bc202bc68cfe0cb3bcea2a0196af3b26dc07721adb9074fa15f385
2636
irsetup.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Print to PDF\gswin32c.lnk
lnk
MD5: c07cd0f1e2b8e71637bafaffd2c77911
SHA256: 46bbcd3386f7465e525da99df8d4b8af13eb5152b6229f77d01d9747c359a658
2636
irsetup.exe
C:\Users\admin\AppData\Local\Temp\Print to PDF Setup Log.txt
text
MD5: 7da1be9a6ac59d523d8dfd0c426f5d1e
SHA256: 9dc993c584faeb9db1b877072e873956bf140ca49b58cf6a6f8b54f700cd4e95
2636
irsetup.exe
C:\Program Files\Free PDF Solutions\Print To PDF\Print To PDF.inf
binary
MD5: 4305f752d50b350fa70ab456983f7f40
SHA256: 38ad04305ea8138eddc748760d4cbe117b29a9ab9a3641b1f251aa56a43fb259
2636
irsetup.exe
C:\Program Files\Free PDF Solutions\Print To PDF\Print To PDF.ppd
text
MD5: 910d456d7bfab51ac3527e19d2629b3c
SHA256: 2c011b3f828ba2e7caa91a5a9021f937f8ce5f59f23ac20b51103a7dd731050b
2636
irsetup.exe
C:\Program Files\Free PDF Solutions\Print To PDF\print.ico
image
MD5: 45de86a406d7c483be6c438595121c96
SHA256: f10e23c663e6b48e4a1dde0ac39bd394bd883803cddcd4ae2d4d519ab9fbef89
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\{643671FC-CF47-438D-9959-15C08EF76745}\SETBA7D.tmp
––
MD5:  ––
SHA256:  ––
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\{643671FC-CF47-438D-9959-15C08EF76745}\PSCRIPT.HLP
––
MD5:  ––
SHA256:  ––
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\{643671FC-CF47-438D-9959-15C08EF76745}\SETBA6C.tmp
––
MD5:  ––
SHA256:  ––
2636
irsetup.exe
C:\Program Files\Free PDF Solutions\Print To PDF\gsdll32.lib
obj
MD5: 2952e67fc1244082e43bdb7ffb245b08
SHA256: b3309a59d348ca40f6e1822cf167a392a8e9921878a0726843df92a57363e87b
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\{643671FC-CF47-438D-9959-15C08EF76745}\SETBA5B.tmp
––
MD5:  ––
SHA256:  ––
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\{643671FC-CF47-438D-9959-15C08EF76745}\PS5UI.DLL
––
MD5:  ––
SHA256:  ––
2636
irsetup.exe
C:\Program Files\Print to PDF\Uninstall\uninstall.xml
xml
MD5: 95436ffd8e25b0c8c9d265b7378286a4
SHA256: f7da0dfddbebc8d75c7a3600026f631fcd988896871b080144e95ffe029c5606
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\{643671FC-CF47-438D-9959-15C08EF76745}\PSCRIPT5.DLL
––
MD5:  ––
SHA256:  ––
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\{643671FC-CF47-438D-9959-15C08EF76745}\SETBA5A.tmp
––
MD5:  ––
SHA256:  ––
2636
irsetup.exe
C:\Program Files\Print to PDF\Uninstall\uninstall.dat
binary
MD5: f2d4e1513b3117817801c603688fb7bc
SHA256: d57515e685fe3ab411f8503dcc6731c7e130706852bce62d647e8aee0cea5a03
2636
irsetup.exe
C:\Program Files\Print to PDF\Uninstall\uni3891.tmp
––
MD5:  ––
SHA256:  ––
2636
irsetup.exe
C:\Users\admin\AppData\Local\Temp\Print to PDF Setup Log.txt
text
MD5: 293764ee00fdb9b315064b8d57d4e56e
SHA256: f021145a2f50dc0a35c82d95fc5d476cf9a050d2a93ead4d98cf0c4d6fb78166
2636
irsetup.exe
C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.JPG
image
MD5: 8da00a281dd2d7b7861e785eb5f6086e
SHA256: 52922ab69824570d12d004eb9281cf926f4d30dca53ae05aac52611f36db12a2
2636
irsetup.exe
C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.JPG
image
MD5: 5dc2d6c2cdb0bd1447dc42810344fa1e
SHA256: eca7064b09fa0b62582a795965b3d980e299293a4d5052d7925b40002ea9000b
2636
irsetup.exe
C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.dat
––
MD5:  ––
SHA256:  ––
1192
spoolsv.exe
C:\Windows\INF\setupapi.app.log
text
MD5: a347d35c19dced2dc5cb6c8b0a0548a8
SHA256: 2db1cc49edd484d12a7141d0640b9d99f5fdf7c94549e8e68f774fb695431eb9
1192
spoolsv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\{643671FC-CF47-438D-9959-15C08EF76745}\SETBA7E.tmp
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

No network activity.

Debug output strings

No debug info.