General Info

File name

37ca2e37e1dc26d6b66ba041ed653dc8ee43e1db71a705df4546449dd7591479

Full analysis
https://app.any.run/tasks/1f16939e-a500-4651-932a-c10528524ecc
Verdict
Malicious activity
Analysis date
11/8/2018, 18:48:12
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

installer

loader

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

a000fe90363517e0fc4c8d02f7830825

SHA1

bc82794ccc761c8dcf089ad27aa5df97e17b9118

SHA256

37ca2e37e1dc26d6b66ba041ed653dc8ee43e1db71a705df4546449dd7591479

SSDEEP

98304:r/lgQy1Nk2rrz+3t/NKTdy6BKU1ueKiB/3p1FmV7rbLslpC07VP5FAOfr4ygpDby:Gv+BNOv7BAOjuDMQzJE

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • ftusbsrv.exe (PID: 3468)
  • usbsrvcmd.exe (PID: 1140)
  • usbsrvcmd.exe (PID: 1988)
  • protecao.exe (PID: 4044)
Loads dropped or rewritten executable
  • ftusbsrv.exe (PID: 3468)
  • usbsrvcmd.exe (PID: 1140)
  • usbsrvcmd.exe (PID: 1988)
Downloads executable files from the Internet
  • protecao.exe (PID: 4044)
Creates files in the program directory
  • dw20.exe (PID: 3988)
  • ftusbsrv.exe (PID: 3468)
  • protecao.exe (PID: 4044)
Creates files in the Windows directory
  • MsiExec.exe (PID: 3840)
  • DrvInst.exe (PID: 1128)
  • msiexec.exe (PID: 3024)
Executable content was dropped or overwritten
  • DrvInst.exe (PID: 1128)
  • MsiExec.exe (PID: 3840)
  • 37ca2e37e1dc26d6b66ba041ed653dc8ee43e1db71a705df4546449dd7591479.exe (PID: 384)
  • msiexec.exe (PID: 3024)
Uses RUNDLL32.EXE to load library
  • DrvInst.exe (PID: 1128)
Searches for installed software
  • DrvInst.exe (PID: 1128)
Creates or modifies windows services
  • DrvInst.exe (PID: 1128)
  • ftusbsrv.exe (PID: 3468)
Creates files in the driver directory
  • DrvInst.exe (PID: 1128)
  • msiexec.exe (PID: 3024)
Creates files in the user directory
  • msiexec.exe (PID: 3024)
Removes files from Windows directory
  • DrvInst.exe (PID: 1128)
Starts CMD.EXE for commands execution
  • protecao.exe (PID: 4044)
Starts Microsoft Installer
  • cmd.exe (PID: 3452)
Reads Environment values
  • 37ca2e37e1dc26d6b66ba041ed653dc8ee43e1db71a705df4546449dd7591479.exe (PID: 384)
Changes settings of System certificates
  • chrome.exe (PID: 3820)
Creates a software uninstall entry
  • msiexec.exe (PID: 3024)
Creates or modifies windows services
  • msiexec.exe (PID: 3024)
  • MsiExec.exe (PID: 3840)
  • vssvc.exe (PID: 788)
Reads settings of System Certificates
  • chrome.exe (PID: 3820)
Application was crashed
  • protecao.exe (PID: 4044)
Adds / modifies Windows certificates
  • chrome.exe (PID: 3820)
Application launched itself
  • chrome.exe (PID: 3820)
  • msiexec.exe (PID: 3024)
Low-level read access rights to disk partition
  • vssvc.exe (PID: 788)
Creates files in the program directory
  • msiexec.exe (PID: 3024)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Inno Setup installer (67.7%)
.exe
|   Win32 EXE PECompact compressed (generic) (25.6%)
.exe
|   Win32 Executable (generic) (2.7%)
.exe
|   Win16/32 Executable Delphi generic (1.2%)
.exe
|   Generic Win/DOS Executable (1.2%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2018:08:07 14:28:38+02:00
PEType:
PE32
LinkerVersion:
2.25
CodeSize:
2078208
InitializedDataSize:
13549644
UninitializedDataSize:
null
EntryPoint:
0x1fc698
OSVersion:
5
ImageVersion:
null
SubsystemVersion:
5
Subsystem:
Windows GUI
FileVersionNumber:
15.3.0.1
ProductVersionNumber:
15.3.0.1
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Windows, Latin1
CompanyName:
Truster
FileDescription:
Atualizacao Modulo
FileVersion:
15.3.0.1
ProgramID:
com.embarcadero.Project1
ProductName:
Atualizacao Modulo
ProductVersion:
15.3.0.1
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
07-Aug-2018 12:28:38
Detected languages
English - United States
CompanyName:
Truster
FileDescription:
Atualizacao Modulo
FileVersion:
15.3.0.1
ProgramID:
com.embarcadero.Project1
ProductName:
Atualizacao Modulo
ProductVersion:
15.3.0.1
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0050
Pages in file:
0x0002
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x000F
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x001A
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000100
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
12
Time date stamp:
07-Aug-2018 12:28:38
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x001F9C5C 0x001F9E00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.48816
.itext 0x001FB000 0x0000175C 0x00001800 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.26764
.data 0x001FD000 0x00008B48 0x00008C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 6.14904
.bss 0x00206000 0x000065E0 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.idata 0x0020D000 0x000032E2 0x00003400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 5.22142
.didata 0x00211000 0x00000A6A 0x00000C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 3.81874
.edata 0x00212000 0x0000009A 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 1.90422
.tls 0x00213000 0x00000048 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rdata 0x00214000 0x0000005D 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 1.35469
.reloc 0x00215000 0x0002EC0C 0x0002EE00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 6.7044
.rsrc 0x00244000 0x000FDA00 0x000FDA00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 6.49183
.debug 0x00342000 0x00BB284C 0x00BB284C IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.15452
Resources
1

2

3

4

5

6

7

4073

4074

4075

4076

4077

4078

4079

4080

4081

4082

4083

4084

4085

4086

4087

4088

4089

4090

4091

4092

4093

4094

4095

4096

32761

32762

32763

32764

32765

32766

32767

DVCLAL

PACKAGEINFO

PLATFORMTARGETS

RESOURCE_1

RESOURCE_35

RESOURCE_4

RESOURCE_5

TFORM1

TFORM2

TFORM3

TFORM4

TFORM5

MAINICON

Imports
    winspool.drv

    comctl32.dll

    shell32.dll

    user32.dll

    version.dll

    oleaut32.dll

    advapi32.dll

    netapi32.dll

    msvcrt.dll

    kernel32.dll

    ole32.dll

    gdi32.dll

    kernel32.dll (delay-loaded)

Exports
    dbkFCallWrapperAddr

    __dbk_fcall_wrapper

    TMethodImplementationIntercept

Screenshots

Processes

Total processes
69
Monitored processes
24
Malicious processes
5
Suspicious processes
0

Behavior graph

+
drop and start start 37ca2e37e1dc26d6b66ba041ed653dc8ee43e1db71a705df4546449dd7591479.exe no specs 37ca2e37e1dc26d6b66ba041ed653dc8ee43e1db71a705df4546449dd7591479.exe protecao.exe cmd.exe no specs msiexec.exe no specs msiexec.exe msiexec.exe drvinst.exe rundll32.exe no specs vssvc.exe no specs drvinst.exe no specs ftusbsrv.exe rundll32.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs cmd.exe no specs usbsrvcmd.exe no specs cmd.exe no specs usbsrvcmd.exe no specs dw20.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3956
CMD
"C:\Users\admin\AppData\Local\Temp\37ca2e37e1dc26d6b66ba041ed653dc8ee43e1db71a705df4546449dd7591479.exe"
Path
C:\Users\admin\AppData\Local\Temp\37ca2e37e1dc26d6b66ba041ed653dc8ee43e1db71a705df4546449dd7591479.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Truster
Description
Atualizacao Modulo
Version
15.3.0.1
Modules
Image
c:\users\admin\appdata\local\temp\37ca2e37e1dc26d6b66ba041ed653dc8ee43e1db71a705df4546449dd7591479.exe
c:\systemroot\system32\ntdll.dll

PID
384
CMD
"C:\Users\admin\AppData\Local\Temp\37ca2e37e1dc26d6b66ba041ed653dc8ee43e1db71a705df4546449dd7591479.exe"
Path
C:\Users\admin\AppData\Local\Temp\37ca2e37e1dc26d6b66ba041ed653dc8ee43e1db71a705df4546449dd7591479.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Version:
Company
Truster
Description
Atualizacao Modulo
Version
15.3.0.1
Modules
Image
c:\users\admin\appdata\local\temp\37ca2e37e1dc26d6b66ba041ed653dc8ee43e1db71a705df4546449dd7591479.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\version.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\protecao.exe
c:\windows\system32\duser.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll

PID
4044
CMD
C:\Users\admin\AppData\Local\Temp\protecao.exe
Path
C:\Users\admin\AppData\Local\Temp\protecao.exe
Indicators
Parent process
37ca2e37e1dc26d6b66ba041ed653dc8ee43e1db71a705df4546449dd7591479.exe
User
admin
Integrity Level
HIGH
Exit code
3762507597
Version:
Company
Description
usbrmt
Version
1.0.0.0
Modules
Image
c:\users\admin\appdata\local\temp\protecao.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\bc09ad2d49d8535371845cd7532f9271\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\apphelp.dll
c:\windows\microsoft.net\framework\v2.0.50727\diasymreader.dll
c:\windows\microsoft.net\framework\v2.0.50727\dw20.exe
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll

PID
3452
CMD
"cmd.exe" /C msiexec /i "c:\programdata\m.msi" /qn ADDLOCAL=ALL REMOVE=Drivers_cln_f
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
protecao.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msiexec.exe

PID
2412
CMD
msiexec /i "c:\programdata\m.msi" /qn ADDLOCAL=ALL REMOVE=Drivers_cln_f
Path
C:\Windows\system32\msiexec.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rpcrtremote.dll

PID
3024
CMD
C:\Windows\system32\msiexec.exe /V
Path
C:\Windows\system32\msiexec.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msisip.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\propsys.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\usb over network\usbserver.exe
c:\program files\usb over network\usbclient.exe

PID
3840
CMD
c:\Windows\system32\MsiExec.exe -Embedding D0DC18A146A4DF124EF3178156159615
Path
c:\Windows\system32\MsiExec.exe
Indicators
Parent process
msiexec.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\jscript.dll
c:\windows\installer\msifa8b.tmp
c:\windows\system32\newdev.dll
c:\windows\system32\devrtl.dll
c:\windows\installer\msifada.tmp
c:\windows\installer\msifb19.tmp
c:\windows\system32\drvstore.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\spinf.dll
c:\windows\system32\wintrust.dll
c:\windows\installer\msi628f.tmp
c:\windows\system32\oleacc.dll
c:\windows\installer\msi62af.tmp
c:\windows\system32\firewallapi.dll
c:\windows\installer\msi635c.tmp

PID
1128
CMD
DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{076df1d1-1ec0-6294-ee3e-de4865e61f6a}\ftusb2.inf" "0" "601e1c31f" "000003EC" "WinSta0\Default" "000004B0" "208" "C:\Windows\system32"
Path
C:\Windows\system32\DrvInst.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Driver Installation Module
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\drvstore.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\spinf.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rundll32.exe
c:\windows\system32\ntmarta.dll
c:\windows\system32\srclient.dll
c:\windows\system32\spp.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\es.dll
c:\windows\system32\sxs.dll
c:\windows\system32\propsys.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll

PID
2984
CMD
rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{5e6992d6-6b44-3384-fd8c-4c1ab1b5990f} Global\{3360d655-cfb5-6013-18e1-4f44a5ffa04f} C:\Windows\System32\DriverStore\Temp\{08b349cf-aa44-19c7-b6a3-e916c1af324a}\ftusb2.inf C:\Windows\System32\DriverStore\Temp\{08b349cf-aa44-19c7-b6a3-e916c1af324a}\ftusb2.cat
Path
C:\Windows\system32\rundll32.exe
Indicators
No indicators
Parent process
DrvInst.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\pnpui.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dui70.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\spinf.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\duser.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\netutils.dll

PID
788
CMD
C:\Windows\system32\vssvc.exe
Path
C:\Windows\system32\vssvc.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\atl.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\xolehlp.dll
c:\windows\system32\version.dll
c:\windows\system32\resutils.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\authz.dll
c:\windows\system32\virtdisk.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\samlib.dll
c:\windows\system32\es.dll
c:\windows\system32\propsys.dll
c:\windows\system32\catsrvut.dll
c:\windows\system32\mfcsubs.dll
c:\windows\system32\sxs.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll

PID
3524
CMD
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot18" "" "" "6792c44eb" "00000000" "000005B8" "000005CC"
Path
C:\Windows\system32\DrvInst.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Driver Installation Module
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\spinf.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\spfileq.dll

PID
3468
CMD
c:\Windows\system32\ftusbsrv.exe
Path
c:\Windows\system32\ftusbsrv.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
FabulaTech
Description
USB over Network Server service
Version
5.2.2.3
Modules
Image
c:\windows\system32\ftusbsrv.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ftusbapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\oledlg.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll

PID
2704
CMD
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
Path
C:\Windows\System32\rundll32.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll

PID
3820
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://suporte.dispositivopj.com/empresas/
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
37ca2e37e1dc26d6b66ba041ed653dc8ee43e1db71a705df4546449dd7591479.exe
User
admin
Integrity Level
HIGH
Exit code
3221225547
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\credui.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wshqos.dll

PID
3924
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x6cf200b0,0x6cf200c0,0x6cf200cc
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
3928
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3716 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_watcher.dll

PID
3612
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=976,5861925904485641559,9853636061583749577,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=124027B3A7DA22D927635FD5A137F87A --mojo-platform-channel-handle=992 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
2900
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=976,5861925904485641559,9853636061583749577,131072 --enable-features=PasswordImport --service-pipe-token=C0EE6F8BAB1C7423B7217EE2553C82C5 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=C0EE6F8BAB1C7423B7217EE2553C82C5 --renderer-client-id=4 --mojo-platform-channel-handle=1892 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3936
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=976,5861925904485641559,9853636061583749577,131072 --enable-features=PasswordImport --service-pipe-token=A15133D2EDA78BD5CA1948FEC5D2B7A2 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=A15133D2EDA78BD5CA1948FEC5D2B7A2 --renderer-client-id=3 --mojo-platform-channel-handle=2052 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
760
CMD
"cmd.exe" /C "C:\Program Files\USB over Network\usbsrvcmd.exe" tcpport 3940
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
protecao.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\program files\usb over network\usbsrvcmd.exe

PID
1140
CMD
"C:\Program Files\USB over Network\usbsrvcmd.exe" tcpport 3940
Path
C:\Program Files\USB over Network\usbsrvcmd.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
FabulaTech
Description
USB over Network Server command line utility
Version
5.2.2.3
Modules
Image
c:\program files\usb over network\usbsrvcmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ftusbsrv.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll

PID
2120
CMD
"cmd.exe" /C "C:\Program Files\USB over Network\usbsrvcmd.exe" list
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
protecao.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
1988
CMD
"C:\Program Files\USB over Network\usbsrvcmd.exe" list
Path
C:\Program Files\USB over Network\usbsrvcmd.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
FabulaTech
Description
USB over Network Server command line utility
Version
5.2.2.3
Modules
Image
c:\program files\usb over network\usbsrvcmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ftusbsrv.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll

PID
3988
CMD
dw20.exe -x -s 812
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
Indicators
No indicators
Parent process
protecao.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Error Reporting Shim
Version
2.0.50727.4927 (NetFXspW7.050727-4900)
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\dw20.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wer.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\werui.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dui70.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\duser.dll
c:\windows\system32\riched20.dll
c:\windows\system32\shell32.dll
c:\users\admin\appdata\local\temp\protecao.exe
c:\windows\system32\uxtheme.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll

Registry activity

Total events
1053
Read events
598
Write events
449
Delete events
6

Modification events

PID
Process
Operation
Key
Name
Value
384
37ca2e37e1dc26d6b66ba041ed653dc8ee43e1db71a705df4546449dd7591479.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
384
37ca2e37e1dc26d6b66ba041ed653dc8ee43e1db71a705df4546449dd7591479.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
4044
protecao.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\protecao_RASAPI32
EnableFileTracing
0
4044
protecao.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\protecao_RASAPI32
EnableConsoleTracing
0
4044
protecao.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\protecao_RASAPI32
FileTracingMask
4294901760
4044
protecao.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\protecao_RASAPI32
ConsoleTracingMask
4294901760
4044
protecao.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\protecao_RASAPI32
MaxFileSize
1048576
4044
protecao.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\protecao_RASAPI32
FileDirectory
%windir%\tracing
4044
protecao.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\protecao_RASMANCS
EnableFileTracing
0
4044
protecao.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\protecao_RASMANCS
EnableConsoleTracing
0
4044
protecao.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\protecao_RASMANCS
FileTracingMask
4294901760
4044
protecao.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\protecao_RASMANCS
ConsoleTracingMask
4294901760
4044
protecao.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\protecao_RASMANCS
MaxFileSize
1048576
4044
protecao.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\protecao_RASMANCS
FileDirectory
%windir%\tracing
2412
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
52
3024
msiexec.exe
delete key
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\5F\52C64B7E
3024
msiexec.exe
delete key
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\5F
3024
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
3024
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback
3024
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
3024
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
c:\Windows\Installer\19f3be.ipi
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
c:\Config.Msi\19f3bf.rbs
30701451
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
c:\Config.Msi\19f3bf.rbsLow
2298373504
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
c:\Program Files\Common Files\FabulaTech\ftUpdate2.exe
1
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\82041CEE27D679F4589D4B9A123EB73D
D9322A0D7FB13814DB51BD9788B44A34
c?\Program Files\Common Files\FabulaTech\ftUpdate2.exe
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\71AA61E0B67F7214494765E5326C2E26
D9322A0D7FB13814DB51BD9788B44A34
02:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fabulatech\USBNET_Version
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
c:\Windows\system32\drivers\ftusbload2.sys
1
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\A7C6114BE1C554948BDAA9C9F8BC23B1
D9322A0D7FB13814DB51BD9788B44A34
c?\Windows\system32\drivers\ftusbload2.sys
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
c:\Windows\system32\drivers\ftusb2.sys
1
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\746C36F8C5A613241BF3B61496DC949A
D9322A0D7FB13814DB51BD9788B44A34
c?\Windows\system32\drivers\ftusb2.sys
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
c:\Windows\system32\ftusbsrv.dll
1
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\E6B7A7029C87A6341928C814708BD4AC
D9322A0D7FB13814DB51BD9788B44A34
c?\Windows\system32\ftusbsrv.dll
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
c:\Windows\system32\ftusb2.sys
1
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\0310A1DC8BAFF8A40B2FCD89D807FACF
D9322A0D7FB13814DB51BD9788B44A34
c?\Windows\system32\ftusb2.sys
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
c:\Windows\system32\ftusb2.inf
1
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\94A9A41122922AE409E856B879FF483F
D9322A0D7FB13814DB51BD9788B44A34
c?\Windows\system32\ftusb2.inf
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
c:\Windows\system32\ftusb2.cat
1
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\81AFE7B1269FFD34EAA98F901F7AD0F2
D9322A0D7FB13814DB51BD9788B44A34
c?\Windows\system32\ftusb2.cat
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
c:\Windows\system32\ftusbapi.dll
1
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\27F59E98FA95FFE478D4C02E138E5032
D9322A0D7FB13814DB51BD9788B44A34
c?\Windows\system32\ftusbapi.dll
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
c:\Windows\system32\ftusbsrv.exe
1
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\8D4A2BB6FEF89D84C8193FC2902D6667
D9322A0D7FB13814DB51BD9788B44A34
c?\Windows\system32\ftusbsrv.exe
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\5E3C7413FB275F64B8C4583E47AF1FEC
D9322A0D7FB13814DB51BD9788B44A34
c:\Program Files\USB over Network\License.rtf
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\1A03DE136EE3813439396135C30E82C3
D9322A0D7FB13814DB51BD9788B44A34
c:\Program Files\USB over Network\usbserver.exe
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\2DEB7D7A1E6752D45A1535B4845F165B
D9322A0D7FB13814DB51BD9788B44A34
c:\Program Files\USB over Network\usbsrvcmd.exe
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\34990F873C62B0C46BA69015625730B1
D9322A0D7FB13814DB51BD9788B44A34
c:\Program Files\USB over Network\usbserverhelp.chm
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\F83D13C860C1D4F4ABBB3021E83327E2
D9322A0D7FB13814DB51BD9788B44A34
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\6361E646B1EB9A243B88EE9B0906AA22
D9322A0D7FB13814DB51BD9788B44A34
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\131B6EEB781C38C408C37E16C756FDB6
D9322A0D7FB13814DB51BD9788B44A34
02:\SYSTEM\CurrentControlSet\Services\ftusbsrv\Troubleshooting\1136:3532:-1
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\790F9FE98EF12FB4F8989C233E3B29D3
D9322A0D7FB13814DB51BD9788B44A34
02:\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ftusbsrv\(Default)
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\85538E9DC8929074AB8FA652A3055F7D
D9322A0D7FB13814DB51BD9788B44A34
01:\SOFTWARE\FabulaTech\USBNET\ShortCutsSRV\
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\531F1D79F12FFA84A87E6A8B3BC5C1D7
D9322A0D7FB13814DB51BD9788B44A34
01:\SOFTWARE\FabulaTech\USBNET\ShortCutsS_desktop\
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\CA3084511A731754E9414D2DE7A13C8C
D9322A0D7FB13814DB51BD9788B44A34
c:\Program Files\USB over Network\License.rtf
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\D4A8B6D775116F64EB537517C6FED269
D9322A0D7FB13814DB51BD9788B44A34
c:\Program Files\USB over Network\usbclncmd.exe
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\8FE09902852430741BACAF56EBDFF419
D9322A0D7FB13814DB51BD9788B44A34
c:\Program Files\USB over Network\usbclient.exe
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\85C6518643CEC2C4283B2336EE05A4CE
D9322A0D7FB13814DB51BD9788B44A34
c:\Program Files\USB over Network\usbclienthelp.chm
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\14858CF7E8165044B944B41DA10A3B2D
D9322A0D7FB13814DB51BD9788B44A34
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\883C35888DFAF724190C6049F5A2621B
D9322A0D7FB13814DB51BD9788B44A34
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\A2DF6F24EE1576146A48CB8300F2B373
D9322A0D7FB13814DB51BD9788B44A34
01:\SOFTWARE\FabulaTech\USBNET\ShortCutsCLN\
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\054FC8ED9710A1B4FA43073FDF75CA67
D9322A0D7FB13814DB51BD9788B44A34
01:\SOFTWARE\FabulaTech\USBNET\ShortCutsCLN_desktop\
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
c:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\USB over Network\
1
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
c:\Program Files\USB over Network\
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
c:\Program Files\Common Files\FabulaTech\
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\CA3084511A731754E9414D2DE7A13C8C\D9322A0D7FB13814DB51BD9788B44A34
PatchGUID
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\CA3084511A731754E9414D2DE7A13C8C\D9322A0D7FB13814DB51BD9788B44A34
MediaCabinet
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\CA3084511A731754E9414D2DE7A13C8C\D9322A0D7FB13814DB51BD9788B44A34
File
License_rtf.20FF3041_0120_43C6_91AD_F64F0F250EF3
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\CA3084511A731754E9414D2DE7A13C8C\D9322A0D7FB13814DB51BD9788B44A34
ComponentVersion
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\CA3084511A731754E9414D2DE7A13C8C\D9322A0D7FB13814DB51BD9788B44A34
ProductVersion
5.2.2
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\CA3084511A731754E9414D2DE7A13C8C\D9322A0D7FB13814DB51BD9788B44A34
PatchSize
0
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\CA3084511A731754E9414D2DE7A13C8C\D9322A0D7FB13814DB51BD9788B44A34
PatchAttributes
0
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\CA3084511A731754E9414D2DE7A13C8C\D9322A0D7FB13814DB51BD9788B44A34
PatchSequence
0
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\CA3084511A731754E9414D2DE7A13C8C\D9322A0D7FB13814DB51BD9788B44A34
SharedComponent
1
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\CA3084511A731754E9414D2DE7A13C8C\D9322A0D7FB13814DB51BD9788B44A34
IsFullFile
0
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\5E3C7413FB275F64B8C4583E47AF1FEC\D9322A0D7FB13814DB51BD9788B44A34
PatchGUID
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\5E3C7413FB275F64B8C4583E47AF1FEC\D9322A0D7FB13814DB51BD9788B44A34
MediaCabinet
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\5E3C7413FB275F64B8C4583E47AF1FEC\D9322A0D7FB13814DB51BD9788B44A34
File
License_rtf.F21E2998_80D7_4FAF_B67A_42A1EDD7B179
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\5E3C7413FB275F64B8C4583E47AF1FEC\D9322A0D7FB13814DB51BD9788B44A34
ComponentVersion
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\5E3C7413FB275F64B8C4583E47AF1FEC\D9322A0D7FB13814DB51BD9788B44A34
ProductVersion
5.2.2
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\5E3C7413FB275F64B8C4583E47AF1FEC\D9322A0D7FB13814DB51BD9788B44A34
PatchSize
0
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\5E3C7413FB275F64B8C4583E47AF1FEC\D9322A0D7FB13814DB51BD9788B44A34
PatchAttributes
0
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\5E3C7413FB275F64B8C4583E47AF1FEC\D9322A0D7FB13814DB51BD9788B44A34
PatchSequence
0
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\5E3C7413FB275F64B8C4583E47AF1FEC\D9322A0D7FB13814DB51BD9788B44A34
SharedComponent
1
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\5E3C7413FB275F64B8C4583E47AF1FEC\D9322A0D7FB13814DB51BD9788B44A34
IsFullFile
0
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
c:\Users\admin\AppData\Roaming\Microsoft\Installer\{D0A2239D-1BF7-4183-BD15-DB79884BA443}\
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
c:\Users\admin\AppData\Roaming\Microsoft\Installer\
3024
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\FabulaTech\USBNET\ShortCutsSRV
1
3024
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\FabulaTech\USBNET\ShortCutsS_desktop
1
3024
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\FabulaTech\USBNET\ShortCutsCLN
1
3024
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\FabulaTech\USBNET\ShortCutsCLN_desktop
1
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fabulatech
USBNET_Version
5.2.2.3
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fabulatech
USBNET_Version_str
USB over Network 5.2.2
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fabulatech
USBNET_InstallType
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fabulatech
USBNET_InstallType_str
All_Users
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ftusbsrv\Troubleshooting
1136:3532:-1
1
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ftusbsrv\Troubleshooting
096E:0005:-1
1
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\ftusbsrv
(Default)
Service
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\ftusbload2.sys
(Default)
Driver
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\InstallProperties
LocalPackage
c:\Windows\Installer\19f3c0.msi
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\InstallProperties
AuthorizedCDFPrefix
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\InstallProperties
Comments
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\InstallProperties
Contact
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\InstallProperties
DisplayVersion
5.2.2.3
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\InstallProperties
HelpLink
http://www.usb-over-network.com/support.html?ver=5.2.2
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\InstallProperties
HelpTelephone
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\InstallProperties
InstallDate
20181108
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\InstallProperties
InstallLocation
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\InstallProperties
InstallSource
c:\programdata\
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\InstallProperties
ModifyPath
MsiExec.exe /I{D0A2239D-1BF7-4183-BD15-DB79884BA443}
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\InstallProperties
Publisher
FabulaTech
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\InstallProperties
Readme
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\InstallProperties
Size
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\InstallProperties
EstimatedSize
28799
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\InstallProperties
UninstallString
MsiExec.exe /I{D0A2239D-1BF7-4183-BD15-DB79884BA443}
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\InstallProperties
URLInfoAbout
http://www.usb-over-network.com/?rf=usbnetserver&ver=5.2.2
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\InstallProperties
URLUpdateInfo
http://www.usb-over-network.com/downloads.html?ver=5.2.2
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\InstallProperties
VersionMajor
5
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\InstallProperties
VersionMinor
2
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\InstallProperties
WindowsInstaller
1
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\InstallProperties
Version
84017154
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\InstallProperties
Language
1033
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0A2239D-1BF7-4183-BD15-DB79884BA443}
AuthorizedCDFPrefix
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0A2239D-1BF7-4183-BD15-DB79884BA443}
Comments
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0A2239D-1BF7-4183-BD15-DB79884BA443}
Contact
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0A2239D-1BF7-4183-BD15-DB79884BA443}
DisplayVersion
5.2.2.3
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0A2239D-1BF7-4183-BD15-DB79884BA443}
HelpLink
http://www.usb-over-network.com/support.html?ver=5.2.2
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0A2239D-1BF7-4183-BD15-DB79884BA443}
HelpTelephone
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0A2239D-1BF7-4183-BD15-DB79884BA443}
InstallDate
20181108
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0A2239D-1BF7-4183-BD15-DB79884BA443}
InstallLocation
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0A2239D-1BF7-4183-BD15-DB79884BA443}
InstallSource
c:\programdata\
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0A2239D-1BF7-4183-BD15-DB79884BA443}
ModifyPath
MsiExec.exe /I{D0A2239D-1BF7-4183-BD15-DB79884BA443}
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0A2239D-1BF7-4183-BD15-DB79884BA443}
Publisher
FabulaTech
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0A2239D-1BF7-4183-BD15-DB79884BA443}
Readme
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0A2239D-1BF7-4183-BD15-DB79884BA443}
Size
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0A2239D-1BF7-4183-BD15-DB79884BA443}
EstimatedSize
28799
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0A2239D-1BF7-4183-BD15-DB79884BA443}
UninstallString
MsiExec.exe /I{D0A2239D-1BF7-4183-BD15-DB79884BA443}
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0A2239D-1BF7-4183-BD15-DB79884BA443}
URLInfoAbout
http://www.usb-over-network.com/?rf=usbnetserver&ver=5.2.2
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0A2239D-1BF7-4183-BD15-DB79884BA443}
URLUpdateInfo
http://www.usb-over-network.com/downloads.html?ver=5.2.2
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0A2239D-1BF7-4183-BD15-DB79884BA443}
VersionMajor
5
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0A2239D-1BF7-4183-BD15-DB79884BA443}
VersionMinor
2
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0A2239D-1BF7-4183-BD15-DB79884BA443}
WindowsInstaller
1
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0A2239D-1BF7-4183-BD15-DB79884BA443}
Version
84017154
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0A2239D-1BF7-4183-BD15-DB79884BA443}
Language
1033
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\35ACD5B0FDFE68841B0288452C2334B9
D9322A0D7FB13814DB51BD9788B44A34
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\InstallProperties
DisplayName
USB over Network 5.2.2
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0A2239D-1BF7-4183-BD15-DB79884BA443}
DisplayName
USB over Network 5.2.2
3024
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Features\D9322A0D7FB13814DB51BD9788B44A34
Drivers_srv_f
ROOT_USBNET
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\Features
Drivers_srv_f
%.=sb,tbV?qY9DZ}[%h+$49*Vc7C?9qe2%9RFjJ_WI?M-nsfa9`Kf(9UHe$jA]0wjapzz?A?'.Y!**6zhRHW(e33?A4x1mT41c=w%_1p+Re=n9t{I5&SqM-3nHZCT%Q-IAAWH`[email protected]]Ju)3K?g!%N222['NROOT_USBNET
3024
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Features\D9322A0D7FB13814DB51BD9788B44A34
User_srv_f
ROOT_USBNET
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\Features
User_srv_f
[email protected]=j3]-rXiSSkobx&4S%zW9dYsdBT.RD75b?y^[email protected]@[email protected]!p&B37}b+Imz'U8nKQA_j.l([email protected]'%0.[[email protected])j[OGUezaJIt'+[[email protected],l7yA}%o)_]o=l76%0&{gJndDWlX-ZgF?ONQEd~St5PROOT_USBNET
3024
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Features\D9322A0D7FB13814DB51BD9788B44A34
User_cln_f
ROOT_USBNET
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\Features
User_cln_f
1NHp)c?*C=(~ZilMxZTi=fDBPyLYm=6&ELLHXg=X=hUP-c*~n=ZX{jHqyjdVkENNImU%[email protected]}sGI-4yt`gs(Qb$=r9{tb=ljZ.flP6BnSs5bG9kxvXW0zSxa0GJT9g)i$9Hx{76uaqh5)+pTp^[email protected]$0NROOT_USBNET
3024
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Features\D9322A0D7FB13814DB51BD9788B44A34
ROOT_USBNET
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\Features
ROOT_USBNET
3024
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Features\D9322A0D7FB13814DB51BD9788B44A34
Other_Files_f
ROOT_USBNET
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\Features
Other_Files_f
d(tT'IK~x8735CFWINkGROOT_USBNET
3024
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Features\D9322A0D7FB13814DB51BD9788B44A34
Update2_exe_f
ROOT_USBNET
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\Features
Update2_exe_f
A1TguDxEYA7F4V_~,S{lROOT_USBNET
3024
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Features\D9322A0D7FB13814DB51BD9788B44A34
Drivers_cln_f
ROOT_USBNET
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\Features
Drivers_cln_f
}sHEic8Ts=Sy'!1hlZh5AN%N3Y&ZRAdd0o6vEr8yWgZMT)[5KAgQRNylKdmpe.,g+zz-`@GPkES1V)QEdE!VeQFtz85O9aE,xa()j7_VsJFIM=V1wH4bm+]Oo]!Spov))As}mP9et4gMQ%95B_-kW9S+FpDS!fy5?[&VKuOP??aDx0Q`-,VB$,PJV8h-4=nZqiTJ=TuYqj*NGTl%R9XE`$uNL.m%m=KNWL=W,=V)8&_q]9F=CIGaXnSgi8m5dC+h%u$4GdU[([email protected]*xe?U_d(L1l.bB+M`YAzp((`!A^(C4120B8-n0=i)J(,dE1~7n.i}4){jf8WMKstnv*9nROOT_USBNET
3024
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\D9322A0D7FB13814DB51BD9788B44A34\Patches
AllPatches
3024
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\D9322A0D7FB13814DB51BD9788B44A34
ProductName
USB over Network 5.2.2
3024
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\D9322A0D7FB13814DB51BD9788B44A34
PackageCode
A7D52EE8043FFB34EBE830C224CD0F54
3024
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\D9322A0D7FB13814DB51BD9788B44A34
Language
1033
3024
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\D9322A0D7FB13814DB51BD9788B44A34
Version
84017154
3024
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\D9322A0D7FB13814DB51BD9788B44A34
Assignment
0
3024
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\D9322A0D7FB13814DB51BD9788B44A34
AdvertiseFlags
388
3024
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\D9322A0D7FB13814DB51BD9788B44A34
ProductIcon
%APPDATA%\Microsoft\Installer\{D0A2239D-1BF7-4183-BD15-DB79884BA443}\UsbNet.ico
3024
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\D9322A0D7FB13814DB51BD9788B44A34
InstanceType
0
3024
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\D9322A0D7FB13814DB51BD9788B44A34
AuthorizedLUAApp
0
3024
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\D9322A0D7FB13814DB51BD9788B44A34
DeploymentFlags
3
3024
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\UpgradeCodes\35ACD5B0FDFE68841B0288452C2334B9
D9322A0D7FB13814DB51BD9788B44A34
3024
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\D9322A0D7FB13814DB51BD9788B44A34\SourceList
PackageName
m.msi
3024
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\D9322A0D7FB13814DB51BD9788B44A34\SourceList\Net
1
c:\programdata\
3024
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\D9322A0D7FB13814DB51BD9788B44A34\SourceList\Media
DiskPrompt
[Manufacturer] [ProductName] Installation [1]
3024
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\D9322A0D7FB13814DB51BD9788B44A34\SourceList\Media
1
;Disk 1
3024
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\D9322A0D7FB13814DB51BD9788B44A34
Clients
:
3024
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\D9322A0D7FB13814DB51BD9788B44A34\SourceList
LastUsedSource
n;1;c:\programdata\
3840
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ftusb2
RefCounter
1
3840
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ftusbload2
RefCounter
1
3840
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupapiLogStatus
setupapi.dev.log
4096
3840
MsiExec.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3840
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupapiLogStatus
setupapi.app.log
4096
3840
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ftusbsrv
logFileName
ftusbsrv.log
1128
DrvInst.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
1128
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
SrCreateRp (Enter)
4000000000000000BC8FFB8E8B77D4016804000020010000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
1128
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppCreate (Enter)
4000000000000000BC8FFB8E8B77D4016804000020010000D0070000000000000000000000000000000000000000000000000000000000000000000000000000
1128
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
LastIndex
20
1128
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppGatherWriterMetadata (Enter)
40000000000000008ED9668F8B77D4016804000020010000D3070000000000000000000000000000000000000000000000000000000000000000000000000000
1128
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
IDENTIFY (Enter)
4000000000000000E83B698F8B77D401680400001C0C0000E803000001000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
1128
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
IDENTIFY (Leave)
4000000000000000D29263908B77D401680400001C0C0000E803000000000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
1128
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppGatherWriterMetadata (Leave)
40000000000000006E2BCF958B77D4016804000020010000D3070000010000000000000000000000000000000000000000000000000000000000000000000000
1128
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppAddInterestingComponents (Enter)
40000000000000006E2BCF958B77D4016804000020010000D4070000000000000000000000000000000000000000000000000000000000000000000000000000
1128
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppAddInterestingComponents (Leave)
40000000000000003E3EE2958B77D4016804000020010000D4070000010000000000000000000000000000000000000000000000000000000000000000000000
1128
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
PREPAREBACKUP (Enter)
400000000000000068B3F7958B77D40168040000A00E0000E903000001000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
1128
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
PREPAREBACKUP (Leave)
4000000000000000A04F14968B77D40168040000A00E0000E903000000000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
1128
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
GETSTATE (Enter)
4000000000000000A04F14968B77D40168040000500E0000F903000001000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
1128
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
GETSTATE (Leave)
4000000000000000541419968B77D40168040000500E0000F903000000000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
1128
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
DOSNAPSHOT (Enter)
400000000000000008D91D968B77D40168040000200100000A04000001000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
1128
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
DOSNAPSHOT (Leave)
4000000000000000DE9039978B77D40168040000740E00000A04000000000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
1128
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppCreate (Leave)
400000000000000038F33B978B77D4016804000020010000D0070000010000000000000000000000000000000000000000000000000000000000000000000000
1128
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
SrCreateRp (Leave)
400000000000000038F33B978B77D4016804000020010000D5070000010000000000000000000000000000000000000000000000000000000000000000000000
1128
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
FirstRun
0
1128
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
LastIndex
20
1128
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
NestingLevel
1
1128
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
StartNesting
BC8FFB8E8B77D401
1128
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
NestingLevel
0
2984
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Enter)
4000000000000000B84E7C8F8B77D40114030000C8070000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Enter)
4000000000000000B84E7C8F8B77D40114030000C80E0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Enter)
4000000000000000B84E7C8F8B77D40114030000B40C0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Enter)
4000000000000000B84E7C8F8B77D40114030000C0070000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Leave)
4000000000000000D49C8A8F8B77D40114030000C80E0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Leave)
40000000000000002EFF8C8F8B77D40114030000C8070000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Leave)
400000000000000088618F8F8B77D40114030000B40C0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Leave)
4000000000000000E2C3918F8B77D40114030000C0070000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_BEGINPREPARE (Enter)
40000000000000000E51F5958B77D40114030000C00700000104000001000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_BEGINPREPARE (Leave)
40000000000000000E51F5958B77D40114030000C00700000104000000000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPAREBACKUP (Enter)
400000000000000076DAFE958B77D40114030000C8070000E903000001000000010000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPAREBACKUP (Enter)
400000000000000076DAFE958B77D40114030000B40C0000E903000001000000010000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPAREBACKUP (Enter)
400000000000000076DAFE958B77D40114030000C0070000E903000001000000010000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPAREBACKUP (Leave)
40000000000000002A9F03968B77D40114030000C8070000E903000000000000010000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_STABLE (SetCurrentState)
40000000000000002A9F03968B77D40114030000C80700000100000001000000010000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPAREBACKUP (Leave)
40000000000000002A9F03968B77D40114030000C0070000E903000000000000010000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_STABLE (SetCurrentState)
40000000000000002A9F03968B77D40114030000C00700000100000001000000010000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPAREBACKUP (Leave)
40000000000000002A9F03968B77D40114030000B40C0000E903000000000000010000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_STABLE (SetCurrentState)
40000000000000002A9F03968B77D40114030000B40C00000100000001000000010000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
GETSTATE (Enter)
4000000000000000541419968B77D40114030000C8070000F903000001000000010000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
GETSTATE (Enter)
4000000000000000541419968B77D40114030000C0070000F903000001000000010000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
GETSTATE (Enter)
4000000000000000541419968B77D40114030000B40C0000F903000001000000010000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
GETSTATE (Leave)
4000000000000000541419968B77D40114030000C8070000F903000000000000010000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
GETSTATE (Leave)
4000000000000000541419968B77D40114030000C0070000F903000000000000010000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
GETSTATE (Leave)
4000000000000000541419968B77D40114030000B40C0000F903000000000000010000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_ENDPREPARE (Enter)
4000000000000000623B20968B77D40114030000A40E00000204000001000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_ENDPREPARE (Leave)
4000000000000000C683AA968B77D40114030000A40E00000204000000000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
PREPARESNAPSHOT (Enter)
4000000000000000C683AA968B77D40114030000A40E0000EA03000001000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPARESNAPSHOT (Enter)
40000000000000009696BD968B77D401140300004C0E0000EA03000001000000010000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPARESNAPSHOT (Enter)
40000000000000009696BD968B77D40114030000DC0D0000EA03000001000000010000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPARESNAPSHOT (Enter)
40000000000000009696BD968B77D4011403000058070000EA03000001000000010000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPARESNAPSHOT (Leave)
40000000000000000C47CE968B77D4011403000058070000EA03000000000000010000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
40000000000000000C47CE968B77D40114030000580700000200000001000000010000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPARESNAPSHOT (Leave)
400000000000000066A9D0968B77D401140300004C0E0000EA03000000000000010000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
400000000000000066A9D0968B77D401140300004C0E00000200000001000000010000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPARESNAPSHOT (Leave)
400000000000000066A9D0968B77D40114030000DC0D0000EA03000000000000010000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
400000000000000066A9D0968B77D40114030000DC0D00000200000001000000010000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
PREPARESNAPSHOT (Leave)
400000000000000006CFF6968B77D40114030000A40E0000EA03000000000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE (Enter)
400000000000000006CFF6968B77D40114030000A40E0000EB03000001000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_FRONT (Enter)
400000000000000006CFF6968B77D40114030000A40E0000EC03000001000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
FREEZE (Enter)
400000000000000014F6FD968B77D40114030000180C0000EB03000001000000020000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
FREEZE (Leave)
400000000000000014F6FD968B77D40114030000180C0000EB03000000000000020000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
400000000000000014F6FD968B77D40114030000180C00000300000001000000020000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BKGND_FREEZE_THREAD (Enter)
400000000000000014F6FD968B77D401140300008C030000FC03000001000000030000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_FRONT (Leave)
40000000000000006E5800978B77D40114030000A40E0000EC03000000000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_BACK (Enter)
40000000000000006E5800978B77D40114030000A40E0000ED03000001000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_BACK (Leave)
40000000000000007C7F07978B77D40114030000A40E0000ED03000000000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_SYSTEM (Enter)
40000000000000007C7F07978B77D40114030000A40E0000EE03000001000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
FREEZE (Enter)
4000000000000000E40811978B77D4011403000058070000EB03000001000000020000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
FREEZE (Leave)
4000000000000000E40811978B77D4011403000058070000EB03000000000000020000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
4000000000000000E40811978B77D40114030000580700000300000001000000020000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BKGND_FREEZE_THREAD (Enter)
4000000000000000E40811978B77D40114030000D40F0000FC03000001000000030000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_SYSTEM (Leave)
400000000000000098CD15978B77D40114030000A40E0000EE03000000000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_KTM (Enter)
400000000000000098CD15978B77D40114030000A40E0000F003000001000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_KTM (Leave)
400000000000000098CD15978B77D40114030000A40E0000F003000000000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_RM (Enter)
400000000000000098CD15978B77D40114030000A40E0000EF03000001000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
FREEZE (Enter)
4000000000000000A6F41C978B77D40114030000800E0000EB03000001000000020000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
FREEZE (Leave)
4000000000000000B41B24978B77D40114030000800E0000EB03000000000000020000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
4000000000000000B41B24978B77D40114030000800E00000300000001000000020000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BKGND_FREEZE_THREAD (Enter)
4000000000000000B41B24978B77D401140300006C070000FC03000001000000030000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_RM (Leave)
4000000000000000B41B24978B77D40114030000A40E0000EF03000000000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE (Leave)
4000000000000000B41B24978B77D40114030000A40E0000EB03000000000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PRECOMMIT (Enter)
4000000000000000B41B24978B77D40114030000A40E00000304000001000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PRECOMMIT (Leave)
4000000000000000B41B24978B77D40114030000A40E00000304000000000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
OPEN_VOLUME_HANDLE (Enter)
4000000000000000B41B24978B77D40114030000A40E0000FD03000001000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
OPEN_VOLUME_HANDLE (Enter)
4000000000000000B41B24978B77D40114030000F8080000FD03000001000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
OPEN_VOLUME_HANDLE (Leave)
4000000000000000D06932978B77D40114030000F8080000FD03000000000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
OPEN_VOLUME_HANDLE (Leave)
4000000000000000D06932978B77D40114030000A40E0000FD03000000000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_FLUSH_AND_HOLD (Enter)
4000000000000000D06932978B77D40114030000F8080000FE03000001000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_FLUSH_AND_HOLD (Leave)
4000000000000000842E37978B77D40114030000F8080000FE03000000000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_RELEASE (Enter)
4000000000000000842E37978B77D40114030000F8080000FF03000001000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_RELEASE (Leave)
4000000000000000842E37978B77D40114030000F8080000FF03000000000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_FLUSH_AND_HOLD (Enter)
4000000000000000D06932978B77D40114030000A40E0000FE03000001000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_FLUSH_AND_HOLD (Leave)
4000000000000000842E37978B77D40114030000A40E0000FE03000000000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_RELEASE (Enter)
4000000000000000842E37978B77D40114030000A40E0000FF030000010000000000000000000000000000000000000000000000000000000000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_RELEASE (Leave)
4000000000000000842E37978B77D40114030000A40E0000FF030000000000000000000000000000000000000000000000000000000000000000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_COMMIT (Enter)
4000000000000000842E37978B77D40114030000700200000404000001000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_COMMIT (Leave)
4000000000000000842E37978B77D40114030000700200000404000000000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTCOMMIT (Enter)
4000000000000000842E37978B77D40114030000A40E00000504000001000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTCOMMIT (Leave)
4000000000000000DE9039978B77D40114030000A40E00000504000000000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW_KTM (Enter)
4000000000000000DE9039978B77D40114030000A40E0000F403000001000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW_KTM (Leave)
4000000000000000DE9039978B77D40114030000A40E0000F403000000000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW (Enter)
4000000000000000DE9039978B77D40114030000A40E0000F203000001000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
THAW (Enter)
400000000000000054414A978B77D40114030000180C0000F203000001000000030000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BKGND_FREEZE_THREAD (Leave)
400000000000000054414A978B77D401140300006C070000FC03000000000000030000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
THAW (Enter)
400000000000000054414A978B77D401140300004C0E0000F203000001000000030000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
THAW (Enter)
400000000000000054414A978B77D40114030000DC0D0000F203000001000000030000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
THAW (Leave)
400000000000000054414A978B77D40114030000180C0000F203000000000000030000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BKGND_FREEZE_THREAD (Leave)
400000000000000054414A978B77D40114030000D40F0000FC03000000000000030000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BKGND_FREEZE_THREAD (Leave)
400000000000000054414A978B77D401140300008C030000FC03000000000000030000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
400000000000000054414A978B77D40114030000180C00000400000001000000030000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
THAW (Leave)
400000000000000054414A978B77D401140300004C0E0000F203000000000000030000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
THAW (Leave)
400000000000000054414A978B77D40114030000DC0D0000F203000000000000030000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
400000000000000054414A978B77D401140300004C0E00000400000001000000030000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
400000000000000054414A978B77D40114030000DC0D00000400000001000000030000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW (Leave)
400000000000000054414A978B77D40114030000A40E0000F203000000000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PREFINALCOMMIT (Enter)
400000000000000054414A978B77D40114030000A40E00000604000001000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PREFINALCOMMIT (Leave)
400000000000000010B57E978B77D40114030000A40E00000604000000000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
POSTSNAPSHOT (Enter)
400000000000000010B57E978B77D40114030000A40E0000F503000001000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
POSTSNAPSHOT (Enter)
4000000000000000A2B39D978B77D40114030000200C0000F503000001000000040000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
POSTSNAPSHOT (Enter)
4000000000000000A2B39D978B77D40114030000180C0000F503000001000000040000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
POSTSNAPSHOT (Enter)
4000000000000000A2B39D978B77D401140300004C0E0000F503000001000000040000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
POSTSNAPSHOT (Leave)
4000000000000000FC15A0978B77D40114030000180C0000F503000000000000040000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
4000000000000000FC15A0978B77D40114030000180C00000500000001000000040000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
POSTSNAPSHOT (Leave)
4000000000000000FC15A0978B77D40114030000200C0000F503000000000000040000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
4000000000000000FC15A0978B77D40114030000200C00000500000001000000040000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
POSTSNAPSHOT (Leave)
4000000000000000A2E0CE988B77D401140300004C0E0000F503000000000000040000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
4000000000000000A2E0CE988B77D401140300004C0E00000500000001000000040000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
POSTSNAPSHOT (Leave)
4000000000000000A2E0CE988B77D40114030000A40E0000F503000000000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTFINALCOMMIT (Enter)
4000000000000000A2E0CE988B77D40114030000A40E00000704000001000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTFINALCOMMIT (Leave)
400000000000000072F3E1988B77D40114030000A40E00000704000000000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
BACKUPSHUTDOWN (Enter)
400000000000000072F3E1988B77D40114030000A40E0000FB03000001000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BACKUPSHUTDOWN (Enter)
4000000000000000DA7CEB988B77D4011403000058070000FB03000001000000050000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BACKUPSHUTDOWN (Enter)
4000000000000000DA7CEB988B77D40114030000180C0000FB03000001000000050000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BACKUPSHUTDOWN (Enter)
4000000000000000DA7CEB988B77D40114030000800E0000FB03000001000000050000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BACKUPSHUTDOWN (Leave)
4000000000000000DA7CEB988B77D4011403000058070000FB03000000000000050000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BACKUPSHUTDOWN (Leave)
4000000000000000DA7CEB988B77D40114030000180C0000FB03000000000000050000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BACKUPSHUTDOWN (Leave)
4000000000000000DA7CEB988B77D40114030000800E0000FB03000000000000050000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
788
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
BACKUPSHUTDOWN (Leave)
4000000000000000DA7CEB988B77D40114030000A40E0000FB03000000000000000000000000000010713D0AD84E3E47B4D9577F0D5D0E900000000000000000
3524
DrvInst.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\FabulaTech\USB over Network Server
LogLevel
0
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\FabulaTech\Netlink 3
LogLevel
0
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\FABULATECH.COM
ftusbsrv
1687B8998B77D4011687B8998B77D40102020500C18A20BD28DF98CD03610243DFB7BF16
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ftusbsrv
UPnPFunctionsEnabled
0
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ftusbglobal\USB\VID_0627&PID_0001\42
Owner
FtUsbNet
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\VID_0627&PID_0001\42\FtBackup
Service
HidUsb
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\VID_0627&PID_0001\42\FtBackup
ClassGuid
{745a17a0-74d3-11d0-b6fe-00a0c90f57da}
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\VID_0627&PID_0001\42\FtBackup
Driver
{745a17a0-74d3-11d0-b6fe-00a0c90f57da}\0000
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\VID_0627&PID_0001\42\FtBackup
ConfigFlags
0
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{A6A0FA44-D7D5-4e21-B2A4-0AEF8A74A632}\0000
DriverDesc
Shared USB Device
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{A6A0FA44-D7D5-4e21-B2A4-0AEF8A74A632}\0000
DriverVersion
1.0.0.0
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{A6A0FA44-D7D5-4e21-B2A4-0AEF8A74A632}\0000
MatchingDeviceId
USB\FABDEV
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{A6A0FA44-D7D5-4e21-B2A4-0AEF8A74A632}\0000
ProviderName
FabulaTech
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\VID_0627&PID_0001\42\FtBackup
FtDriver
{A6A0FA44-D7D5-4e21-B2A4-0AEF8A74A632}\0001
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\VID_0627&PID_0001\42
FtSubst
1
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\VID_0627&PID_0001\42
Service
ftusb2
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\VID_0627&PID_0001\42
ClassGuid
{A6A0FA44-D7D5-4e21-B2A4-0AEF8A74A632}
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\VID_0627&PID_0001\42
Driver
{A6A0FA44-D7D5-4e21-B2A4-0AEF8A74A632}\0001
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\VID_0627&PID_0001\42
ConfigFlags
0
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ftusbsrv
NumOfDevices
01000000
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ftusbsrv\DevClasses\DevClass0
VID
27060000
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ftusbsrv\DevClasses\DevClass0
PID
01000000
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ftusbsrv\DevClasses\DevClass0
NumOfClasses
02000000
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ftusbsrv\DevClasses\DevClass0
Class0
030000000000
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ftusbsrv\DevClasses\DevClass0
Class1
000000000000
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ftusbsrv\DevClasses\DevClass0\Serials
42
42
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\VID_0627&PID_0001\42
FtSubst
0
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\VID_0627&PID_0001\42
Service
HidUsb
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\VID_0627&PID_0001\42
ClassGuid
{745a17a0-74d3-11d0-b6fe-00a0c90f57da}
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\VID_0627&PID_0001\42
Driver
{745a17a0-74d3-11d0-b6fe-00a0c90f57da}\0000
3468
ftusbsrv.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ftusbsrv
PortNumber
3940
3820
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3820
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
3820
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
3820
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
3820
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
3820
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
3820
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
3820
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
3820
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
3820
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
3820
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
3820
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
3820
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
3820
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
3820
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
3820
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13186173081373421
3820
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3820
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\p2pcollab.dll,-8042
Peer to Peer Trust
3820
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\qagentrt.dll,-10
System Health Authentication
3820
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\dnsapi.dll,-103
Domain Name System (DNS) Server Trust
3820
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\System32\fveui.dll,-843
BitLocker Drive Encryption
3820
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\System32\fveui.dll,-844
BitLocker Data Recovery Agent
3820
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFE
Blob
0400000001000000100000009414777E3E5EFD8F30BD41B0CFE7D0300F0000000100000014000000BF4D2C390BBF0AA3A2B7EA2DC751011BF5FD422E090000000100000068000000306606082B0601050507030106082B0601050507030206082B0601050507030306082B0601050507030406082B0601050507030806082B06010505070309060A2B0601040182370A030406082B0601050507030606082B0601050507030706082B060105050802020B000000010000005C00000047006F006F0067006C00650020005400720075007300740020005300650072007600690063006500730020002D00200047006C006F00620061006C005300690067006E00200052006F006F0074002000430041002D005200320000005300000001000000230000003021301F06092B06010401A032010130123010060A2B0601040182373C0101030200C0620000000100000020000000CA42DD41745FD0B81EB902362CF9D8BF719DA1BD1B1EFC946F5B4C99F42C1B9E1400000001000000140000009BE20757671C1EC06A06DE59B49A2DDFDC19862E1D000000010000001000000073621E116224668780B2D2BEE454E52E03000000010000001400000075E0ABB6138512271C04F85FDDDE38E4B7242EFE190000000100000010000000A8827A3CBD2D87D783B59B8062C87E9A2000000001000000BE030000308203BA308202A2A003020102020B0400000000010F8626E60D300D06092A864886F70D0101050500304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523231133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E301E170D3036313231353038303030305A170D3231313231353038303030305A304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523231133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E30820122300D06092A864886F70D01010105000382010F003082010A0282010100A6CF240EBE2E6F28994542C4AB3E21549B0BD37F8470FA12B3CBBF875FC67F86D3B2305CD6FDADF17BDCE5F86096099210F5D053DEFB7B7E7388AC52887B4AA6CA49A65EA8A78C5A11BC7A82EBBE8CE9B3AC962507974A992A072FB41E77BF8A0FB5027C1B96B8C5B93A2CBCD612B9EB597DE2D006865F5E496AB5395E8834ECBC780C0898846CA8CD4BB4A07D0C794DF0B82DCB21CAD56C5B7DE1A02984A1F9D39449CB24629120BCDD0BD5D9CCF9EA270A2B7391C69D1BACC8CBE8E0A0F42F908B4DFBB0361BF6197A85E06DF26113885C9FE0930A51978A5ACEAFABD5F7AA09AA60BDDCD95FDF72A960135E0001C94AFA3FA4EA070321028E82CA03C29B8F0203010001A3819C308199300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E041604149BE20757671C1EC06A06DE59B49A2DDFDC19862E30360603551D1F042F302D302BA029A0278625687474703A2F2F63726C2E676C6F62616C7369676E2E6E65742F726F6F742D72322E63726C301F0603551D230418301680149BE20757671C1EC06A06DE59B49A2DDFDC19862E300D06092A864886F70D01010505000382010100998153871C68978691ECE04AB8440BAB81AC274FD6C1B81C4378B30C9AFCEA2C3C6E611B4D4B29F59F051D26C1B8E983006245B6A90893B9A9334B189AC2F887884EDBDD71341AC154DA463FE0D32AAB6D5422F53A62CD206FBA2989D7DD91EED35CA23EA15B41F5DFE564432DE9D539ABD2A2DFB78BD0C080191C45C02D8CE8F82DA4745649C505B54F15DE6E44783987A87EBBF3791891BBF46F9DC1F08C358C5D01FBC36DB9EF446D7946317E0AFEA982C1FFEFAB6E20C450C95F9D4D9B178C0CE501C9A0416A7353FAA550B46E250FFB4C18F4FD52D98E69B1E8110FDE88D8FB1D49F7AADE95CF2078C26012DB25408C6AFC7E4238406412F79E81E1932E
3820
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
1
3928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3820-13186173080514046
259
3928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3820-13186173080514046
0

Files activity

Executable files
17
Suspicious files
36
Text files
247
Unknown types
12

Dropped files

PID
Process
Filename
Type
384
37ca2e37e1dc26d6b66ba041ed653dc8ee43e1db71a705df4546449dd7591479.exe
C:\Users\admin\AppData\Local\Temp\protecao.exe
executable
MD5: 3c5c0cc8d314308f9910a68ea9044bef
SHA256: 0af612461174eedec813ce670ba35e74a9433361eacb3ceab6d79232a6fe13c1
3024
msiexec.exe
C:\Windows\system32\ftusb2.sys
executable
MD5: 0f48787607fb56763140d42aa0bf7783
SHA256: 96fd2ba783bd266dc274c8236fdc93b85602f627f5baa47df213d18d1a16a8d7
3024
msiexec.exe
C:\Windows\system32\drivers\ftusb2.sys
executable
MD5: 0f48787607fb56763140d42aa0bf7783
SHA256: 96fd2ba783bd266dc274c8236fdc93b85602f627f5baa47df213d18d1a16a8d7
3024
msiexec.exe
C:\Program Files\Common Files\FabulaTech\ftUpdate2.exe
executable
MD5: a2acc19cd4f9a3c3521ad1157659954f
SHA256: 6f55d2e4e3a404641b2eb323db8187824592d80c1301d54de1b773e1682003ab
3024
msiexec.exe
C:\Windows\system32\drivers\ftusbload2.sys
executable
MD5: 9255e8b64fb278bc5ffe5b8f70d68af8
SHA256: b5e65de6ca5f714a770e7a9fe3196a8c885863334678b64c281d0c0b7040f0b8
3840
MsiExec.exe
C:\Users\admin\AppData\Local\Temp\{076df1d1-1ec0-6294-ee3e-de4865e61f6a}\ftusb2.sys
executable
MD5: 0f48787607fb56763140d42aa0bf7783
SHA256: 96fd2ba783bd266dc274c8236fdc93b85602f627f5baa47df213d18d1a16a8d7
3024
msiexec.exe
C:\Windows\system32\ftusbapi.dll
executable
MD5: 74ad38acf61178ab7b5ac662e64fdb38
SHA256: 84a503160e0dcb1a929408b0eec1d2d5e307b6b34fce14f493fe19046b47dc81
1128
DrvInst.exe
C:\Windows\System32\DriverStore\Temp\{08b349cf-aa44-19c7-b6a3-e916c1af324a}\ftusb2.sys
executable
MD5: 0f48787607fb56763140d42aa0bf7783
SHA256: 96fd2ba783bd266dc274c8236fdc93b85602f627f5baa47df213d18d1a16a8d7
3024
msiexec.exe
C:\Program Files\USB over Network\usbclncmd.exe
executable
MD5: 5811888d9b9b8e57c7fc054a4c9266da
SHA256: a413a881914dc225b23232bf1c0a8ad42421f7be87f7a1aedadf73810e5f858c
3024
msiexec.exe
C:\Windows\Installer\MSI62AF.tmp
executable
MD5: 73d5556931fe269506cefde2b77f4daa
SHA256: 8528906d9d13dbb0a6c4c6e27f2811ab6d94e99b1d601884e5d2b572884c089f
3024
msiexec.exe
C:\Windows\Installer\MSIFB19.tmp
executable
MD5: ebf110104b73f503c2eb7e3dc6414bb3
SHA256: a8e6d19b94c70b7b4370c39a337424536f5f19aabe1054a0b2d027ed3c026bda
384
37ca2e37e1dc26d6b66ba041ed653dc8ee43e1db71a705df4546449dd7591479.exe
C:\Users\admin\AppData\Local\Temp\Renci.SshNet.dll
executable
MD5: 90c9f9596fcefce1a4e87075d40b8bdd
SHA256: 3e3cd9e8d94fc45f811720f5e911b892a17ee00f971e498eaa8b5cae44a6a8d8
3024
msiexec.exe
C:\Windows\system32\ftusbsrv.exe
executable
MD5: 2d2d0a5c499493c2172e94ca93f288de
SHA256: 044af697f4c7dc2fc6e32afd7c31996629f883838a7755f0e5069cdae426ad34
3024
msiexec.exe
C:\Windows\system32\ftusbsrv.dll
executable
MD5: 3164643a9328e9a6aa4c2b7af41832a6
SHA256: 4161e0ff4c5f1baabac5c6c04a8a2a09c837b5561acac763bee08740c6758a09
3024
msiexec.exe
C:\Program Files\USB over Network\usbsrvcmd.exe
executable
MD5: 24d151b08e6f3f1bc10d48d8c5a7dc0f
SHA256: a7b7f855a3213e0db2521f6f40084738dbe54b8cea7d92754a3ef9e2ae825541
3024
msiexec.exe
C:\Program Files\USB over Network\usbserver.exe
executable
MD5: 56e6b636f9c3ed7daf90f014f127c7d6
SHA256: 0bd52a6af5432624bd7ad7ad61503284af7e3760da395bbc4a6a939a82b54c17
3024
msiexec.exe
C:\Program Files\USB over Network\usbclient.exe
executable
MD5: db036bb9a4fec0c6fbbf1eabcbe97960
SHA256: 6971590a729dd800561690d0a5b74ec7319d2ce0eca108dd2dfbb84283865694
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
binary
MD5: ed3d1c71e33729de7febf8fe5e6ec916
SHA256: 69c86a85adc870f4b414d529894f622580db21bbefb5e2c4da4ba14141c7b1fc
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\a4db9db6-e840-456d-b18b-a37b0e985ec0.tmp
––
MD5:  ––
SHA256:  ––
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
binary
MD5: 77dcafb9cc570ffa4471abb4311bd712
SHA256: 0092d42b467a78ac34262d73fd9086b7a40a22052abd45dd252fda09b98eb164
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
binary
MD5: 348e76f95ccca8d58e636a02daac26a9
SHA256: f8449659a609b913e9cd1928cda47028f0126c61cbd59ce77ef08a8037fd0a41
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
text
MD5: d3a48cdc41f44ace1300d566cb550308
SHA256: cf2ca0bab3e9adb13fb6ff86447bffe061c8fdc86ffeafcac721817e5676105e
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
binary
MD5: fc44c448fdbe871b5e4127b8cc01893a
SHA256: c62d7046a7ccbbe11ea8269f74d177b012e5264c1cc2efd551c9a936be782f98
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG
text
MD5: e29b50aff603c6cfba2fa97f79d2e624
SHA256: 8a2a5b664f61bd1c70399085de82746c28c4d76b73a472276a7b7d5928d3d7ce
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\0550656b-46d1-4af3-8382-568950b3b0cf.tmp
––
MD5:  ––
SHA256:  ––
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
binary
MD5: 9409bab446b7204c6235dfddd6066e89
SHA256: 68c1cb50ec24ac5a1dbdc7d9c845e94a1e9d60f312cf92a694f0791cd7ea105e
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
text
MD5: 39e882d5bb35f265f2fd5a6ce0a11cc6
SHA256: 331b092cf685d954e0023f6cbddcfab50f9f9c77bd3573a7c5965280d5159e44
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
text
MD5: 78cd14bd3c4a85081b49c1ed5f8decfc
SHA256: 4504684362c7363e7a6d0154882c94eccfb74a0270c6824243c8c253b0bfdf81
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG
text
MD5: 4a67a33044493142b360626c870a40df
SHA256: 326c0b6a019c9401ea5ead0dc427cb607ff70357cbadc9a78714cd74c36f18c4
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
text
MD5: 4dbc3b06666a2b84b57b0b40236b93aa
SHA256: df74dceedf3909cff842a08d8a429d3f9b6e65d25f5a92900a87c6e0cfe289a5
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
text
MD5: 0d5a176262f3048bf1a36527bacbb750
SHA256: 47c5c0de2e4b0156bab17d11ccd5a35c90fc08025dbfed61120374ccb6692f26
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000016
binary
MD5: cf286cb4fd0f3dcc234806e1b865987b
SHA256: 21dc23520bba7268b53957a39981c9a85d3658edc4f5455e98cac3378a440d76
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG
text
MD5: 72c885cb4d1c10f04b29f1960bf09009
SHA256: d90dd6a2c3551b2fdacd56774f22ed1ac5d7452330481d02317b71a33870cbe5
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\MANIFEST-000016
binary
MD5: cf286cb4fd0f3dcc234806e1b865987b
SHA256: 21dc23520bba7268b53957a39981c9a85d3658edc4f5455e98cac3378a440d76
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data
sqlite
MD5: 54ad1e10b6b57bc9b9eed994e581dd5f
SHA256: 24d2a7516de320c3e91b1513cad94ce5ce2b964bbb8a3d1f66e8083b3205b19c
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Session
binary
MD5: 0b5ce124ae5b52c4eefd405f4896fb83
SHA256: bea9d0d96977087b883de3085b0358e456f0cde4e154143ac8f9a23459e26979
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
binary
MD5: a9851aa4c3c8af2d1bd8834201b2ba51
SHA256: e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
––
MD5:  ––
SHA256:  ––
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Session
binary
MD5: 02536c23edc1e418a6fea313d20b2a39
SHA256: 8e8de8689482b477d0beebe0a4ac24b9cabcbfa84848f66b4c0f55cd96dc0fe9
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old~RF1acd34.TMP
––
MD5:  ––
SHA256:  ––
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
––
MD5:  ––
SHA256:  ––
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF1ac98b.TMP
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF1ac92d.TMP
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model
binary
MD5: cde61cc279009cf4db297d31adfe4bc8
SHA256: 6d2d2df05bf6fdd51c132b5ed5b17a7a0e7015754f21d38e35069e898b75f71e
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model~RF1ac8a0.TMP
binary
MD5: cde61cc279009cf4db297d31adfe4bc8
SHA256: 6d2d2df05bf6fdd51c132b5ed5b17a7a0e7015754f21d38e35069e898b75f71e
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\50862220-9cd7-43eb-8c80-fc4dc76bcdab.tmp
––
MD5:  ––
SHA256:  ––
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old~RF1ac66e.TMP
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF1ac601.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000016.dbtmp
––
MD5:  ––
SHA256:  ––
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT~RF1ac5e1.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\429af78c-f5c7-4e47-b95f-b5e4e7088daf.tmp
––
MD5:  ––
SHA256:  ––
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\000016.dbtmp
––
MD5:  ––
SHA256:  ––
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF1ac5b2.TMP
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old~RF1ac5b2.TMP
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF1ac593.TMP
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old~RF1ac593.TMP
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: c10ebd4db49249efc8d112b2920d5f73
SHA256: 90a1b994cafe902f22a88a22c0b6cc9cb5b974bf20f8964406dd7d6c9b8867d1
3924
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: 9543068b6751e1f3e11f91d72ee78d95
SHA256: d060ad21ae6e04cb58668caa52adfca573e018102cc07554d2ed3eae11ab7785
3468
ftusbsrv.exe
C:\ProgramData\FabulaTech\USB over Network Server\ftusbsrv-2018-11-08-175056.txt
binary
MD5: 8594e55588dc951ba39c5554abcf1785
SHA256: 21cda7223b3919140fe53f92610222dc21c123110c5ff13ab4c1d2682cd9963d
3024
msiexec.exe
C:\Windows\Installer\19f3be.ipi
––
MD5:  ––
SHA256:  ––
3024
msiexec.exe
C:\Users\admin\AppData\Local\Temp\~DF59A8DFDDE3AA1C82.TMP
––
MD5:  ––
SHA256:  ––
3024
msiexec.exe
C:\Config.Msi\19f3bf.rbs
––
MD5:  ––
SHA256:  ––
3468
ftusbsrv.exe
C:\ProgramData\FabulaTech\USB over Network Server\licstat.txt
binary
MD5: 3f4bddc4285cf448dd3f11e8d6054507
SHA256: fa42b5b134ccf7c5ac43673c9fd5df247ab211545716e03ed71272cedf92e864
3468
ftusbsrv.exe
C:\ProgramData\FabulaTech\USB over Network Server\licstat.txt
binary
MD5: 3dc32736bd24de3426ec049b2f5eb9df
SHA256: f394cf5eabdcdf257840978203292502dc72a3963be524e5514ac934d82ec869
3024
msiexec.exe
C:\Windows\Installer\19f3c0.msi
––
MD5:  ––
SHA256:  ––
3024
msiexec.exe
C:\Windows\Installer\MSI635C.tmp
––
MD5:  ––
SHA256:  ––
3988
dw20.exe
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_protecao.exe_f9a076d1d4a168032152c4baa01a82bd3ed312_0f8fb737\Report.wer
binary
MD5: 94848b7e0278bef54bf68b4f4c2535a2
SHA256: 568d1b47de4d8d6fc7978549444eedb103e4963da6d33867e9b7c0dd5ca1a071
3024
msiexec.exe
C:\Windows\Installer\MSI628F.tmp
––
MD5:  ––
SHA256:  ––
788
vssvc.exe
C:
––
MD5:  ––
SHA256:  ––
3840
MsiExec.exe
C:\Windows\INF\setupapi.app.log
text
MD5: bd470d51971afc97e52437830d2384c6
SHA256: bc3a41fe4c216ac64bcc41b8bc5ee6b855f1bc034893cdfe4312db1f6c9a5fb4
3840
MsiExec.exe
C:\Windows\INF\setupapi.app.log
ini
MD5: 9814b831b52b7d957719973aeda3d88f
SHA256: e8fb02bf9783ad23d749eede5b6bbf940cb670d1524b8ae652a764f761368a2d
3840
MsiExec.exe
C:\Windows\INF\setupapi.dev.log
text
MD5: 563a0d63e92da708e51fa9ffa15f6821
SHA256: 110b40ded6fcb626af5d2a4822d58604d7c0d8895c87716a93cd3597a7681d64
3840
MsiExec.exe
C:\Windows\System32\CatRoot2\dberr.txt
text
MD5: 459542cc996b2ad3c218d56c58b7a506
SHA256: 38a4ef086e06c0752c5825b7ee7f84c59ab56da04d50c7e73f457ee907f1b8c6
3840
MsiExec.exe
C:\Windows\System32\CatRoot2\dberr.txt
text
MD5: 7fe17493f314367df2ad964b7ba30ae6
SHA256: 332b9aafb64bcbb8bdcecb4a20e196f55d8f8a5a021b0199524d7ebf9901aa29
3840
MsiExec.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: cba0ff37b59e935670d44183f31a81fa
SHA256: fc53ef0b4402e15b4ef4e99844288e71f3a5ac605382d35d63fbeeab68dfe758
1128
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: cba0ff37b59e935670d44183f31a81fa
SHA256: fc53ef0b4402e15b4ef4e99844288e71f3a5ac605382d35d63fbeeab68dfe758
1128
DrvInst.exe
C:\Windows\System32\DriverStore\FileRepository\ftusb2.inf_x86_neutral_5d6183f3f95156d0\ftusb2.PNF
pnf
MD5: 9ef3e5e6fc113d1d324bfdaf400008d2
SHA256: 9273c1a8f598221739919c3a5f7d1cceab94624956abb06099fa1cd1cedcea28
1128
DrvInst.exe
C:\Windows\System32\DriverStore\INFCACHE.2
binary
MD5: c064b6a233ad0b3f440ce3573064e6bc
SHA256: 30484c3fcae293f6397b9e217f8918eeb661be3540d89ef0296eb971c4c4c1e3
1128
DrvInst.exe
C:\Windows\System32\DriverStore\INFCACHE.1
binary
MD5: c064b6a233ad0b3f440ce3573064e6bc
SHA256: 30484c3fcae293f6397b9e217f8918eeb661be3540d89ef0296eb971c4c4c1e3
1128
DrvInst.exe
C:\Windows\System32\DriverStore\OLDCACHE.000
––
MD5:  ––
SHA256:  ––
1128
DrvInst.exe
C:\Windows\System32\DriverStore\INFCACHE.0
––
MD5:  ––
SHA256:  ––
1128
DrvInst.exe
C:\Windows\System32\DriverStore\infpub.dat
binary
MD5: de40783127cdb0c0fa0a46ae5976e68f
SHA256: eda63eb9268dcd0aa19c48784f01253db2de10719ea3589911c78a37aedf5f3a
1128
DrvInst.exe
C:\Windows\System32\DriverStore\infstor.dat
binary
MD5: 798677c8e309572a2728300056cb5ddf
SHA256: 085ab230f81ecdadbbddf6cd14a258497f8c1bc6af1b5b8a0a085a6ad504a1f4
1128
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 532013f86c9add039ed7f37dccb7ffe2
SHA256: 9d020961a79df1e8969df3230653fe7b3619e084167ae914bfad4e8aa6ce2224
1128
DrvInst.exe
C:\Windows\System32\DriverStore\infstrng.dat
binary
MD5: 12f043d3cbe0fd5955d65e3bdbb9aec6
SHA256: 1faba76acc344072f2f86f176a78c05d66d6ddb53166621332cad497ba4b995e
1128
DrvInst.exe
C:\Windows\INF\oem4.inf
ini
MD5: 212b9deea0970878da7eb4997c7919ce
SHA256: 3964b10af8e029617070cee14520fc3a4854573a8fca3841f36987cd9e01a801
1128
DrvInst.exe
C:\Windows\System32\DriverStore\FileRepository\ftusb2.inf_x86_neutral_5d6183f3f95156d0\ftusb2.PNF
pnf
MD5: 8b3258a1f66eec78f1c044543c2809da
SHA256: b5584ef166122a066cb599c25e7376d98f6c41e9af8c78cdef8145d8b3297b09
3524
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: d8ac5170124f368ae6920df996d9939a
SHA256: 44d9bd3ccb7fab27abc8cf0261e27df0f318a1ef6e96951ae5c77cd5ecc98c1f
3524
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 2e71cbeccd2d08b6f202b880b486c3f0
SHA256: 7fda75228649da2a5a709c4e481b256e0a479c7bc912c8565d54805b7369f3b0
3524
DrvInst.exe
C:\Windows\INF\setupapi.ev1
binary
MD5: 8de5f579021615df083a1e5cd49c991d
SHA256: 746e9880c1890684b4c91ff32d17b0b75907096a3e85b190f2460416bd92a429
3524
DrvInst.exe
C:\Windows\INF\setupapi.ev3
binary
MD5: 80b77bd9ec39520e5f07b2bf31e363f3
SHA256: 5358ba868639d8703c840259dbc92e99ad90507c3525b0613a78f065070c16b5
1128
DrvInst.exe
C:\System Volume Information\SPP\metadata-2
––
MD5:  ––
SHA256:  ––
1128
DrvInst.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{0a3d7110-4ed8-473e-b4d9-577f0d5d0e90}_OnDiskSnapshotProp
binary
MD5: 552a89ac01aa9700682980d4dcd28583
SHA256: ec250ea01a9c4ebe9e8bad4fb99d552e763ede86915e77c71d1455a1e531f49d
1128
DrvInst.exe
C:\System Volume Information\SPP\snapshot-2
binary
MD5: 552a89ac01aa9700682980d4dcd28583
SHA256: ec250ea01a9c4ebe9e8bad4fb99d552e763ede86915e77c71d1455a1e531f49d
1128
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 5a16007b07769cd5ec5905bc15f3e5f8
SHA256: f7c527fdb331594ad5f1ff155d6842e78fde6004a7f10040447692ea55d3dc73
2984
rundll32.exe
C:\Users\admin\AppData\Local\Temp\CabAD.tmp
––
MD5:  ––
SHA256:  ––
2984
rundll32.exe
C:\Users\admin\AppData\Local\Temp\TarAE.tmp
––
MD5:  ––
SHA256:  ––
1128
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 9cf4f6d3a06ac3af574f9b47451b04b2
SHA256: 00d55e9296e5b94db92328f4dc855c3937f05cdb29d1335fbec586e0a9150ec7
1128
DrvInst.exe
C:\Windows\TEMP\TarFFCA.tmp
––
MD5:  ––
SHA256:  ––
1128
DrvInst.exe
C:\Windows\TEMP\CabFFC9.tmp
––
MD5:  ––
SHA256:  ––
1128
DrvInst.exe
C:\Windows\TEMP\TarFF4B.tmp
––
MD5:  ––
SHA256:  ––
1128
DrvInst.exe
C:\Windows\TEMP\CabFF4A.tmp
––
MD5:  ––
SHA256:  ––
1128
DrvInst.exe
C:\Windows\TEMP\CabFEAB.tmp
––
MD5:  ––
SHA256:  ––
1128
DrvInst.exe
C:\Windows\TEMP\TarFEBC.tmp
––
MD5:  ––
SHA256:  ––
1128
DrvInst.exe
C:\Windows\TEMP\TarFE9B.tmp
––
MD5:  ––
SHA256:  ––
1128
DrvInst.exe
C:\Windows\TEMP\CabFE9A.tmp
––
MD5:  ––
SHA256:  ––
4044
protecao.exe
C:\Users\admin\AppData\Local\Temp\PC-17-51-27.txt
text
MD5: 768264e3ffa061c6606e1fa6f93c0f08
SHA256: 17753a12f6901f1c275115df9786a0a49d92cb4ad21656f18c00dd2e553fdc90
1128
DrvInst.exe
C:\Windows\System32\DriverStore\Temp\{08b349cf-aa44-19c7-b6a3-e916c1af324a}\ftusb2.inf
ini
MD5: 212b9deea0970878da7eb4997c7919ce
SHA256: 3964b10af8e029617070cee14520fc3a4854573a8fca3841f36987cd9e01a801
1128
DrvInst.exe
C:\Windows\System32\DriverStore\Temp\{08b349cf-aa44-19c7-b6a3-e916c1af324a}\SETFD34.tmp
––
MD5:  ––
SHA256:  ––
1128
DrvInst.exe
C:\Windows\System32\DriverStore\Temp\{08b349cf-aa44-19c7-b6a3-e916c1af324a}\SETFD33.tmp
––
MD5:  ––
SHA256:  ––
1128
DrvInst.exe
C:\Windows\System32\DriverStore\Temp\{08b349cf-aa44-19c7-b6a3-e916c1af324a}\ftusb2.cat
cat
MD5: a30f165f561779306d383328465bd67f
SHA256: 791435f584edcb184cb63046af4eadbe5fc53581cba6d568c40ab1ef5b2a52f6
1128
DrvInst.exe
C:\Windows\System32\DriverStore\Temp\{08b349cf-aa44-19c7-b6a3-e916c1af324a}\SETFD23.tmp
––
MD5:  ––
SHA256:  ––
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
text
MD5: 0a4e8cae655cb3e74a91a5bd1807debc
SHA256: 91bf9ea9960de2282097fca4765700c143e0fe2dbd56497d7704837a108bd390
3840
MsiExec.exe
C:\Users\admin\AppData\Local\Temp\{076df1d1-1ec0-6294-ee3e-de4865e61f6a}\SETFB7F.tmp
––
MD5:  ––
SHA256:  ––
3840
MsiExec.exe
C:\Users\admin\AppData\Local\Temp\{076df1d1-1ec0-6294-ee3e-de4865e61f6a}\ftusb2.inf
ini
MD5: 212b9deea0970878da7eb4997c7919ce
SHA256: 3964b10af8e029617070cee14520fc3a4854573a8fca3841f36987cd9e01a801
3840
MsiExec.exe
C:\Users\admin\AppData\Local\Temp\{076df1d1-1ec0-6294-ee3e-de4865e61f6a}\ftusb2.cat
cat
MD5: a30f165f561779306d383328465bd67f
SHA256: 791435f584edcb184cb63046af4eadbe5fc53581cba6d568c40ab1ef5b2a52f6
3840
MsiExec.exe
C:\Users\admin\AppData\Local\Temp\{076df1d1-1ec0-6294-ee3e-de4865e61f6a}\SETFB6E.tmp
––
MD5:  ––
SHA256:  ––
3840
MsiExec.exe
C:\Users\admin\AppData\Local\Temp\{076df1d1-1ec0-6294-ee3e-de4865e61f6a}\SETFB5E.tmp
––
MD5:  ––
SHA256:  ––
3840
MsiExec.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: a537d2977edb8133008c373f6d02d1cc
SHA256: 4b3813468e29e3fbf66b0189d4e62e3ba840edf9e20bf435cebc95d4b0e89530
3840
MsiExec.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: a14afba85fa2bd97577213d444862037
SHA256: 9e8600718254f063d4a0eadce5735ec98bfc522a19aa6239e1eef52d007fd349
3820
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 963eddd6c87023cf3391aa29b7a43960
SHA256: 2e77b8cdcee26c8bdbc2c7f3a97fb1134a3495382d4449d6692e0f84bbb2478a
3024
msiexec.exe
C:\Windows\Installer\MSIFADA.tmp
––
MD5:  ––
SHA256:  ––
3024
msiexec.exe
C:\Windows\Installer\MSIFA8B.tmp
––
MD5:  ––
SHA256:  ––
3024
msiexec.exe
C:\Users\admin\Desktop\USB over Network (Client).lnk
lnk
MD5: 05057a753518bd56c876b55ade6cb91f
SHA256: 73f66551c1f48d949fdffb29c8befe1a6eb028fead7969d504511dbef9e6273e
3024
msiexec.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\USB over Network\USB over Network (Client).lnk
lnk
MD5: aff34b3d8788afb6d1efe3b47b34e67c
SHA256: 3032f08f184f1b86ac126b9ea9feb116f2ea1c51386a34960187a2ba6a99eb27
3024
msiexec.exe
C:\Users\admin\Desktop\USB over Network (Server).lnk
lnk
MD5: f11fad1dee45ca4cb4c51d9f296ea67f
SHA256: 929c96ff158dd82df33972d45f3c3bf90a8fc3adb73a6faf95519497269a6920
3024
msiexec.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\USB over Network\USB over Network (Server).lnk
lnk
MD5: bd60842dc600e0a05ecdc580d1491865
SHA256: d1a4e2