General Info

File name

nitro_pro13.exe

Full analysis
https://app.any.run/tasks/281dc34d-3d8b-4f05-bbdd-850db1597eea
Verdict
Malicious activity
Analysis date
11/8/2019, 15:36:04
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

207551b3ebed394da674015d5c6ca7cb

SHA1

32e823b21dd427f2d4959dfc3812b6ad932a225f

SHA256

589fa256e266b56909e9190e01f1587c752bcc5e4bf248c68508ae930c203ceb

SSDEEP

24576:tu/OfDlEUKWflmTP3vrqojIA3/3QQ6H+WtoKidt/2a+a/rXlqTl+SfRk:9fU4UjXIA3/gQTCoK4t/MYjSpk

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • nitro_pro13.exe (PID: 2752)
Changes the autorun value in the registry
  • nitro_pro13.exe (PID: 3672)
Executable content was dropped or overwritten
  • nitro_pro13.exe (PID: 2468)
  • nitro_pro13.exe (PID: 2752)
  • nitro_pro13.exe (PID: 3672)
Reads Internet Cache Settings
  • nitro_pro13.exe (PID: 2752)
Starts itself from another location
  • nitro_pro13.exe (PID: 2468)
  • nitro_pro13.exe (PID: 2752)
Creates files in the user directory
  • nitro_pro13.exe (PID: 2752)
Creates files in the program directory
  • nitro_pro13.exe (PID: 3672)
Searches for installed software
  • nitro_pro13.exe (PID: 3672)
Creates a software uninstall entry
  • nitro_pro13.exe (PID: 3672)
Reads Environment values
  • nitro_pro13.exe (PID: 2752)
Executed as Windows Service
  • vssvc.exe (PID: 1880)
Reads settings of System Certificates
  • nitro_pro13.exe (PID: 2752)
Low-level read access rights to disk partition
  • vssvc.exe (PID: 1880)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win64 Executable (generic) (64.6%)
.dll
|   Win32 Dynamic Link Library (generic) (15.4%)
.exe
|   Win32 Executable (generic) (10.5%)
.exe
|   Generic Win/DOS Executable (4.6%)
.exe
|   DOS Executable Generic (4.6%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2017:11:18 23:00:38+01:00
PEType:
PE32
LinkerVersion:
14.11
CodeSize:
301568
InitializedDataSize:
446464
UninitializedDataSize:
null
EntryPoint:
0x2e2a6
OSVersion:
5.1
ImageVersion:
null
SubsystemVersion:
5.1
Subsystem:
Windows GUI
FileVersionNumber:
13.2.6.26
ProductVersionNumber:
13.2.6.26
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Windows, Latin1
CompanyName:
Nitro
FileDescription:
Nitro Pro
FileVersion:
13.2.6.26
InternalName:
setup
LegalCopyright:
Copyright (c) Nitro. All rights reserved.
OriginalFileName:
nitro_pro13.exe
ProductName:
Nitro Pro
ProductVersion:
13.2.6.26
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
18-Nov-2017 22:00:38
Detected languages
English - United States
Debug artifacts
C:\agent\_work\8\s\build\ship\x86\burn.pdb
CompanyName:
Nitro
FileDescription:
Nitro Pro
FileVersion:
13.2.6.26
InternalName:
setup
LegalCopyright:
Copyright (c) Nitro. All rights reserved.
OriginalFilename:
nitro_pro13.exe
ProductName:
Nitro Pro
ProductVersion:
13.2.6.26
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000110
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
6
Time date stamp:
18-Nov-2017 22:00:38
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x00049937 0x00049A00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.57001
.rdata 0x0004B000 0x0001ED60 0x0001EE00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.11423
.data 0x0006A000 0x00001730 0x00000A00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 3.15266
.wixburn8 0x0006C000 0x00000038 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 0.516682
.rsrc 0x0006D000 0x000496D0 0x00049800 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 2.50279
.reloc 0x000B7000 0x00003DFC 0x00003E00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 6.79434
Resources
1

2

3

4

5

Imports
    ADVAPI32.dll

    USER32.dll

    OLEAUT32.dll

    GDI32.dll

    SHELL32.dll

    ole32.dll

    KERNEL32.dll

    RPCRT4.dll

    Cabinet.dll (delay-loaded)

Exports

    No exports.

Screenshots

Processes

Total processes
43
Monitored processes
4
Malicious processes
3
Suspicious processes
0

Behavior graph

+
drop and start start drop and start nitro_pro13.exe nitro_pro13.exe nitro_pro13.exe vssvc.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2468
CMD
"C:\Users\admin\AppData\Local\Temp\nitro_pro13.exe"
Path
C:\Users\admin\AppData\Local\Temp\nitro_pro13.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Nitro
Description
Nitro Pro
Version
13.2.6.26
Modules
Image
c:\users\admin\appdata\local\temp\nitro_pro13.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\msi.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\feclient.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\{a3a27c6e-d55d-48a6-a45d-ecd3db5d9622}\.cr\nitro_pro13.exe

PID
2752
CMD
"C:\Users\admin\AppData\Local\Temp\{A3A27C6E-D55D-48A6-A45D-ECD3DB5D9622}\.cr\nitro_pro13.exe" -burn.clean.room="C:\Users\admin\AppData\Local\Temp\nitro_pro13.exe" -burn.filehandle.attached=148 -burn.filehandle.self=156
Path
C:\Users\admin\AppData\Local\Temp\{A3A27C6E-D55D-48A6-A45D-ECD3DB5D9622}\.cr\nitro_pro13.exe
Indicators
Parent process
nitro_pro13.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Nitro
Description
Nitro Pro
Version
13.2.6.26
Modules
Image
c:\users\admin\appdata\local\temp\{a3a27c6e-d55d-48a6-a45d-ecd3db5d9622}\.cr\nitro_pro13.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msi.dll
c:\windows\system32\version.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\profapi.dll
c:\windows\system32\feclient.dll
c:\users\admin\appdata\local\temp\{4224d00f-07fb-41e5-a968-e0f4032c2b46}\.ba\mbahost.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\97e047cf68e9a7d90e196d072cd49cac\mscorlib.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\users\admin\appdata\local\temp\{4224d00f-07fb-41e5-a968-e0f4032c2b46}\.ba\bootstrappercore.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\e071297bb06faa961bef045ae5f25fdc\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\21a1606b6c00f9abe7db55c02e0f87c9\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\cd03f9386e02f56502e01a25ddd7e0a7\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\7c8f75f367134a030cba4a127dc62a2f\system.xml.ni.dll
c:\windows\system32\bcrypt.dll
c:\users\admin\appdata\local\temp\{4224d00f-07fb-41e5-a968-e0f4032c2b46}\.ba\nitroba.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\windowsbase\0d5a8e6f89227cc5d954e65856f9cf1a\windowsbase.ni.dll
c:\users\admin\appdata\local\temp\{4224d00f-07fb-41e5-a968-e0f4032c2b46}\.ba\galasoft.mvvmlight.wpf4.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentationcore\e7873d3bd71f6122c2a954be1bb5bb28\presentationcore.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio5ae0f00f#\b34cda03a984c515b31faf410e5b7e39\presentationframework.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xaml\4d290752f65a065fcde70178562c3383\system.xaml.ni.dll
c:\windows\system32\dwrite.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpfgfx_v0400.dll
c:\windows\system32\msvcp120_clr0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\presentationnative_v0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\diasymreader.dll
c:\users\admin\appdata\local\temp\{4224d00f-07fb-41e5-a968-e0f4032c2b46}\.ba\metrics.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\mfc140u.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\system32\api-ms-win-core-file-l1-2-0.dll
c:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\concrt140.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\mfc140enu.dll
c:\windows\system32\sspicli.dll
c:\users\admin\appdata\local\temp\{4224d00f-07fb-41e5-a968-e0f4032c2b46}\.ba\pagetransitions.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatiod51afaa5#\867cbe7462b04e2cf1ae39abb576ae2a\presentationframework.classic.ni.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\vga.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio49d6fefe#\f52bfe40c54917622ed3abb98db8f90a\presentationframework-systemxml.ni.dll
c:\windows\system32\msctfui.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\uiautomationtypes\1e1a1bd97e618bc4934ee967bea27ae8\uiautomationtypes.ni.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\winmm.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\mpr.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\61dfb69c9ad6ed96809170d54d80b8a6\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\2dc6cfd856864312d563098f9486361c\system.windows.forms.ni.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\credssp.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\normaliz.dll

PID
3672
CMD
"C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.be\nitro_pro13.exe" -q -burn.elevated BurnPipe.{544A9123-4DF4-4245-9543-1A7FCEC2DF33} {CF7B019C-F7C0-4312-91A6-9F27DA8BB626} 2752
Path
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.be\nitro_pro13.exe
Indicators
Parent process
nitro_pro13.exe
User
admin
Integrity Level
HIGH
Version:
Company
Nitro
Description
Nitro Pro
Version
13.2.6.26
Modules
Image
c:\users\admin\appdata\local\temp\{4224d00f-07fb-41e5-a968-e0f4032c2b46}\.be\nitro_pro13.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\msi.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\feclient.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\profapi.dll
c:\windows\system32\srclient.dll
c:\windows\system32\spp.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wuapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wups.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\es.dll
c:\windows\system32\sxs.dll
c:\windows\system32\propsys.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll

PID
1880
CMD
C:\Windows\system32\vssvc.exe
Path
C:\Windows\system32\vssvc.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\atl.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\xolehlp.dll
c:\windows\system32\version.dll
c:\windows\system32\resutils.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\authz.dll
c:\windows\system32\virtdisk.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\samlib.dll
c:\windows\system32\es.dll
c:\windows\system32\propsys.dll
c:\windows\system32\catsrvut.dll
c:\windows\system32\mfcsubs.dll
c:\windows\system32\sxs.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll

Registry activity

Total events
717
Read events
522
Write events
195
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
SrCreateRp (Enter)
400000000000000081ABA0E94196D501580E00002C0E0000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppCreate (Enter)
400000000000000081ABA0E94196D501580E00002C0E0000D0070000000000000000000000000000000000000000000000000000000000000000000000000000
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
LastIndex
33
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppGatherWriterMetadata (Enter)
400000000000000083E2F8E94196D501580E00002C0E0000D3070000000000000000000000000000000000000000000000000000000000000000000000000000
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
IDENTIFY (Enter)
4000000000000000DD44FBE94196D501580E0000EC020000E8030000010000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
IDENTIFY (Leave)
4000000000000000AB4DE7EA4196D501580E0000EC020000E8030000000000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppGatherWriterMetadata (Leave)
4000000000000000937BB0F24196D501580E00002C0E0000D3070000010000000000000000000000000000000000000000000000000000000000000000000000
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppAddInterestingComponents (Enter)
4000000000000000937BB0F24196D501580E00002C0E0000D4070000000000000000000000000000000000000000000000000000000000000000000000000000
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppAddInterestingComponents (Leave)
40000000000000001753C8F24196D501580E00002C0E0000D4070000010000000000000000000000000000000000000000000000000000000000000000000000
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
PREPAREBACKUP (Enter)
40000000000000009B2AE0F24196D501580E0000E40A0000E9030000010000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
PREPAREBACKUP (Leave)
4000000000000000D3C6FCF24196D501580E0000E40A0000E9030000000000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
GETSTATE (Enter)
4000000000000000D3C6FCF24196D501580E000004020000F9030000010000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
GETSTATE (Leave)
4000000000000000878B01F34196D501580E000004020000F9030000000000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
DOSNAPSHOT (Enter)
400000000000000095B208F34196D501580E00002C0E00000A040000010000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
DOSNAPSHOT (Leave)
40000000000000006FABA3F34196D501580E00007C0300000A040000000000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppCreate (Leave)
40000000000000006FABA3F34196D501580E00002C0E0000D0070000010000000000000000000000000000000000000000000000000000000000000000000000
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
SrCreateRp (Leave)
4000000000000000C90DA6F34196D501580E00002C0E0000D5070000010000000000000000000000000000000000000000000000000000000000000000000000
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
FirstRun
0
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
LastIndex
33
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
NestingLevel
0
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
StartNesting
0000000000000000
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}
BundleCachePath
C:\ProgramData\Package Cache\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}\nitro_pro13.exe
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}
BundleUpgradeCode
{709C6481-3F19-4EDD-A5FF-DDF7F755C563}
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}
BundleAddonCode
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}
BundleDetectCode
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}
BundlePatchCode
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}
BundleVersion
13.2.6.26
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}
VersionMajor
13
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}
VersionMinor
2
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}
BundleProviderKey
{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}
BundleTag
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}
EngineVersion
3.11.1.2318
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}
DisplayIcon
C:\ProgramData\Package Cache\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}\nitro_pro13.exe,0
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}
DisplayName
Nitro Pro
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}
DisplayVersion
13.2.6.26
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}
Publisher
Nitro
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}
ModifyPath
"C:\ProgramData\Package Cache\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}\nitro_pro13.exe" /modify
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}
NoElevateOnModify
1
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}
QuietUninstallString
"C:\ProgramData\Package Cache\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}\nitro_pro13.exe" /uninstall /quiet
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}
UninstallString
"C:\ProgramData\Package Cache\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}\nitro_pro13.exe" /uninstall
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}
EstimatedSize
673314
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}
{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}
Version
13.2.6.26
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}
DisplayName
Nitro Pro
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}
Resume
1
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}
"C:\ProgramData\Package Cache\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}\nitro_pro13.exe" /burn.runonce
3672
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}
BundleResumeCommandLine
/burn.log.append "C:\Users\admin\AppData\Local\Temp\Nitro_Pro_20191108143621.log"
2752
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\nitro_pro13_RASAPI32
EnableFileTracing
0
2752
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\nitro_pro13_RASAPI32
EnableConsoleTracing
0
2752
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\nitro_pro13_RASAPI32
FileTracingMask
4294901760
2752
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\nitro_pro13_RASAPI32
ConsoleTracingMask
4294901760
2752
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\nitro_pro13_RASAPI32
MaxFileSize
1048576
2752
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\nitro_pro13_RASAPI32
FileDirectory
%windir%\tracing
2752
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\nitro_pro13_RASMANCS
EnableFileTracing
0
2752
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\nitro_pro13_RASMANCS
EnableConsoleTracing
0
2752
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\nitro_pro13_RASMANCS
FileTracingMask
4294901760
2752
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\nitro_pro13_RASMANCS
ConsoleTracingMask
4294901760
2752
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\nitro_pro13_RASMANCS
MaxFileSize
1048576
2752
nitro_pro13.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\nitro_pro13_RASMANCS
FileDirectory
%windir%\tracing
2752
nitro_pro13.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2752
nitro_pro13.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2752
nitro_pro13.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2752
nitro_pro13.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2752
nitro_pro13.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
nitro_pro13.exe
2752
nitro_pro13.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Enter)
400000000000000015E117EA4196D50158070000BC090000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Enter)
400000000000000015E117EA4196D501580700003C090000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Enter)
40000000000000006F431AEA4196D50158070000F8090000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Enter)
400000000000000023081FEA4196D5015807000068080000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Leave)
4000000000000000D7CC23EA4196D50158070000F8090000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Leave)
4000000000000000D7CC23EA4196D50158070000BC090000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Leave)
4000000000000000E5F32AEA4196D5015807000068080000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Leave)
40000000000000003F562DEA4196D501580700003C090000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_BEGINPREPARE (Enter)
400000000000000041C8DDF24196D501580700003C09000001040000010000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_BEGINPREPARE (Leave)
40000000000000009B2AE0F24196D501580700003C09000001040000000000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPAREBACKUP (Enter)
4000000000000000F58CE2F24196D50158070000BC090000E9030000010000000100000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPAREBACKUP (Enter)
4000000000000000F58CE2F24196D5015807000068080000E9030000010000000100000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPAREBACKUP (Enter)
4000000000000000F58CE2F24196D50158070000F8090000E9030000010000000100000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPAREBACKUP (Leave)
4000000000000000A951E7F24196D50158070000F8090000E9030000000000000100000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_STABLE (SetCurrentState)
4000000000000000A951E7F24196D50158070000F809000001000000010000000100000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPAREBACKUP (Leave)
400000000000000003B4E9F24196D50158070000BC090000E9030000000000000100000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_STABLE (SetCurrentState)
400000000000000003B4E9F24196D50158070000BC09000001000000010000000100000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPAREBACKUP (Leave)
400000000000000003B4E9F24196D5015807000068080000E9030000000000000100000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_STABLE (SetCurrentState)
400000000000000003B4E9F24196D501580700006808000001000000010000000100000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
GETSTATE (Enter)
4000000000000000878B01F34196D50158070000F8090000F9030000010000000100000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
GETSTATE (Enter)
4000000000000000878B01F34196D5015807000068080000F9030000010000000100000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
GETSTATE (Enter)
4000000000000000878B01F34196D50158070000BC090000F9030000010000000100000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
GETSTATE (Leave)
4000000000000000878B01F34196D5015807000068080000F9030000000000000100000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
GETSTATE (Leave)
4000000000000000878B01F34196D50158070000F8090000F9030000000000000100000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
GETSTATE (Leave)
4000000000000000878B01F34196D50158070000BC090000F9030000000000000100000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_ENDPREPARE (Enter)
400000000000000095B208F34196D501580700001408000002040000010000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_ENDPREPARE (Leave)
4000000000000000DB752CF34196D501580700001408000002040000000000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
PREPARESNAPSHOT (Enter)
4000000000000000DB752CF34196D5015807000014080000EA030000010000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPARESNAPSHOT (Enter)
40000000000000008F3A31F34196D5015807000084080000EA030000010000000100000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPARESNAPSHOT (Enter)
40000000000000008F3A31F34196D50158070000BC0C0000EA030000010000000100000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPARESNAPSHOT (Enter)
40000000000000008F3A31F34196D5015807000088080000EA030000010000000100000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPARESNAPSHOT (Leave)
4000000000000000131249F34196D5015807000088080000EA030000000000000100000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
4000000000000000131249F34196D501580700008808000002000000010000000100000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPARESNAPSHOT (Leave)
40000000000000006D744BF34196D5015807000084080000EA030000000000000100000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
40000000000000006D744BF34196D501580700008408000002000000010000000100000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPARESNAPSHOT (Leave)
40000000000000006D744BF34196D50158070000BC0C0000EA030000000000000100000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
40000000000000006D744BF34196D50158070000BC0C000002000000010000000100000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
PREPARESNAPSHOT (Leave)
4000000000000000C15E76F34196D5015807000014080000EA030000000000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE (Enter)
4000000000000000C15E76F34196D5015807000014080000EB030000010000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_FRONT (Enter)
4000000000000000C15E76F34196D5015807000014080000EC030000010000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
FREEZE (Enter)
40000000000000001BC178F34196D5015807000088080000EB030000010000000200000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
FREEZE (Leave)
40000000000000001BC178F34196D5015807000088080000EB030000000000000200000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
40000000000000001BC178F34196D501580700008808000003000000010000000200000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BKGND_FREEZE_THREAD (Enter)
40000000000000001BC178F34196D501580700007C090000FC030000010000000300000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_FRONT (Leave)
40000000000000001BC178F34196D5015807000014080000EC030000000000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_BACK (Enter)
40000000000000001BC178F34196D5015807000014080000ED030000010000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_BACK (Leave)
4000000000000000CF857DF34196D5015807000014080000ED030000000000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_SYSTEM (Enter)
4000000000000000CF857DF34196D5015807000014080000EE030000010000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
FREEZE (Enter)
400000000000000029E87FF34196D5015807000088080000EB030000010000000200000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
FREEZE (Leave)
400000000000000029E87FF34196D5015807000088080000EB030000000000000200000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
400000000000000029E87FF34196D501580700008808000003000000010000000200000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BKGND_FREEZE_THREAD (Enter)
400000000000000029E87FF34196D50158070000FC080000FC030000010000000300000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_SYSTEM (Leave)
4000000000000000DDAC84F34196D5015807000014080000EE030000000000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_KTM (Enter)
4000000000000000DDAC84F34196D5015807000014080000F0030000010000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_KTM (Leave)
4000000000000000DDAC84F34196D5015807000014080000F0030000000000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_RM (Enter)
4000000000000000DDAC84F34196D5015807000014080000EF030000010000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
FREEZE (Enter)
4000000000000000370F87F34196D5015807000088080000EB030000010000000200000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
FREEZE (Leave)
4000000000000000917189F34196D5015807000088080000EB030000000000000200000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
4000000000000000917189F34196D501580700008808000003000000010000000200000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BKGND_FREEZE_THREAD (Enter)
4000000000000000917189F34196D501580700002C0C0000FC030000010000000300000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_RM (Leave)
4000000000000000917189F34196D5015807000014080000EF030000000000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE (Leave)
4000000000000000917189F34196D5015807000014080000EB030000000000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PRECOMMIT (Enter)
4000000000000000917189F34196D501580700001408000003040000010000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PRECOMMIT (Leave)
4000000000000000917189F34196D501580700001408000003040000000000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
OPEN_VOLUME_HANDLE (Enter)
4000000000000000917189F34196D5015807000014080000FD030000010000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
OPEN_VOLUME_HANDLE (Enter)
4000000000000000917189F34196D501580700001C090000FD030000010000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
OPEN_VOLUME_HANDLE (Leave)
4000000000000000ADBF97F34196D501580700001C090000FD030000000000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
OPEN_VOLUME_HANDLE (Leave)
4000000000000000ADBF97F34196D5015807000014080000FD030000000000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_FLUSH_AND_HOLD (Enter)
4000000000000000ADBF97F34196D501580700001C090000FE030000010000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_FLUSH_AND_HOLD (Leave)
40000000000000001549A1F34196D501580700001C090000FE030000000000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_RELEASE (Enter)
40000000000000001549A1F34196D501580700001C090000FF030000010000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_RELEASE (Leave)
40000000000000001549A1F34196D501580700001C090000FF030000000000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_FLUSH_AND_HOLD (Enter)
4000000000000000ADBF97F34196D5015807000014080000FE030000010000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_FLUSH_AND_HOLD (Leave)
40000000000000001549A1F34196D5015807000014080000FE030000000000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_RELEASE (Enter)
40000000000000001549A1F34196D5015807000014080000FF030000010000000000000000000000000000000000000000000000000000000000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_RELEASE (Leave)
40000000000000001549A1F34196D5015807000014080000FF030000000000000000000000000000000000000000000000000000000000000000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_COMMIT (Enter)
40000000000000001549A1F34196D50158070000BC0A000004040000010000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_COMMIT (Leave)
40000000000000001549A1F34196D50158070000BC0A000004040000000000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTCOMMIT (Enter)
40000000000000001549A1F34196D501580700001408000005040000010000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTCOMMIT (Leave)
40000000000000006FABA3F34196D501580700001408000005040000000000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW_KTM (Enter)
40000000000000006FABA3F34196D5015807000014080000F4030000010000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW_KTM (Leave)
40000000000000006FABA3F34196D5015807000014080000F4030000000000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW (Enter)
40000000000000006FABA3F34196D5015807000014080000F2030000010000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
THAW (Enter)
40000000000000007DD2AAF34196D5015807000088080000F2030000010000000300000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
THAW (Enter)
40000000000000007DD2AAF34196D50158070000E4040000F2030000010000000300000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BKGND_FREEZE_THREAD (Leave)
40000000000000007DD2AAF34196D501580700007C090000FC030000000000000300000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BKGND_FREEZE_THREAD (Leave)
40000000000000007DD2AAF34196D50158070000FC080000FC030000000000000300000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
THAW (Leave)
40000000000000007DD2AAF34196D5015807000088080000F2030000000000000300000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
THAW (Leave)
40000000000000007DD2AAF34196D50158070000E4040000F2030000000000000300000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
THAW (Enter)
40000000000000007DD2AAF34196D50158070000F8060000F2030000010000000300000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
40000000000000007DD2AAF34196D501580700008808000004000000010000000300000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
40000000000000007DD2AAF34196D50158070000E404000004000000010000000300000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BKGND_FREEZE_THREAD (Leave)
40000000000000007DD2AAF34196D501580700002C0C0000FC030000000000000300000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
THAW (Leave)
40000000000000007DD2AAF34196D50158070000F8060000F2030000000000000300000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
40000000000000007DD2AAF34196D50158070000F806000004000000010000000300000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW (Leave)
40000000000000007DD2AAF34196D5015807000014080000F2030000000000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PREFINALCOMMIT (Enter)
40000000000000007DD2AAF34196D501580700001408000006040000010000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PREFINALCOMMIT (Leave)
40000000000000007F0903F44196D501580700001408000006040000000000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
POSTSNAPSHOT (Enter)
40000000000000007F0903F44196D5015807000014080000F5030000010000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
POSTSNAPSHOT (Enter)
4000000000000000F5B913F44196D5015807000084080000F5030000010000000400000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
POSTSNAPSHOT (Enter)
4000000000000000F5B913F44196D50158070000F8060000F5030000010000000400000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
POSTSNAPSHOT (Enter)
4000000000000000F5B913F44196D5015807000088080000F5030000010000000400000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
POSTSNAPSHOT (Leave)
40000000000000004F1C16F44196D50158070000F8060000F5030000000000000400000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
POSTSNAPSHOT (Leave)
40000000000000004F1C16F44196D5015807000088080000F5030000000000000400000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
4000000000000000A97E18F44196D50158070000F806000005000000010000000400000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
4000000000000000A97E18F44196D501580700008808000005000000010000000400000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
POSTSNAPSHOT (Leave)
40000000000000000DC7A2F44196D5015807000084080000F5030000000000000400000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
40000000000000000DC7A2F44196D501580700008408000005000000010000000400000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
POSTSNAPSHOT (Leave)
40000000000000000DC7A2F44196D5015807000014080000F5030000000000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTFINALCOMMIT (Enter)
40000000000000000DC7A2F44196D501580700001408000007040000010000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTFINALCOMMIT (Leave)
40000000000000004563BFF44196D501580700001408000007040000000000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
BACKUPSHUTDOWN (Enter)
4000000000000000BB13D0F44196D5015807000014080000FB030000010000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BACKUPSHUTDOWN (Enter)
40000000000000006FD8D4F44196D5015807000088080000FB030000010000000500000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BACKUPSHUTDOWN (Leave)
40000000000000006FD8D4F44196D5015807000088080000FB030000000000000500000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BACKUPSHUTDOWN (Enter)
40000000000000006FD8D4F44196D50158070000BC0C0000FB030000010000000500000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BACKUPSHUTDOWN (Enter)
40000000000000006FD8D4F44196D5015807000084080000FB030000010000000500000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BACKUPSHUTDOWN (Leave)
40000000000000006FD8D4F44196D50158070000BC0C0000FB030000000000000500000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BACKUPSHUTDOWN (Leave)
40000000000000006FD8D4F44196D5015807000084080000FB030000000000000500000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000
1880
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
BACKUPSHUTDOWN (Leave)
40000000000000006FD8D4F44196D5015807000014080000FB030000000000000000000000000000732F3E7C30BBEA4DAF791EB5395FA4710000000000000000

Files activity

Executable files
11
Suspicious files
2
Text files
43
Unknown types
1

Dropped files

PID
Process
Filename
Type
2468
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{A3A27C6E-D55D-48A6-A45D-ECD3DB5D9622}\.cr\nitro_pro13.exe
executable
MD5: 207551b3ebed394da674015d5c6ca7cb
SHA256: 589fa256e266b56909e9190e01f1587c752bcc5e4bf248c68508ae930c203ceb
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\metrics.dll
executable
MD5: 5b29644206804cd159b0a5a4bc3a84fe
SHA256: 4b3b684aa51ab1690eff2a2cb682af5f3bdfaaa07c8576efb5abcb96800456b8
3672
nitro_pro13.exe
C:\ProgramData\Package Cache\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}\nitro_pro13.exe
executable
MD5: 207551b3ebed394da674015d5c6ca7cb
SHA256: 589fa256e266b56909e9190e01f1587c752bcc5e4bf248c68508ae930c203ceb
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\Microsoft.Deployment.WindowsInstaller.dll
executable
MD5: 4e04a4cb2cf220aecc23ea1884c74693
SHA256: cfed1841c76c9731035ebb61d5dc5656babf1beff6ed395e1c6b85bb9c74f85a
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\mbapreq.dll
executable
MD5: 8ca04519005ad03b4d9e062b97d7f79d
SHA256: 7b9f919a3d1974fd8fa35ad189edc8bf287f476bd377e713e616b26864a4b0d3
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\PageTransitions.dll
executable
MD5: 0e6bd8e478bf1a073ef4180f119cb406
SHA256: 9f49a4accd3b8a4c33a358c0d343d69b392ca882d0d63ead16800ff8801c9c02
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\NitroBA.dll
executable
MD5: 792943e5c492c701c3e8f270f666a9d6
SHA256: 7d41ba483789918168cebbea714f84cae24396a4e2685af12158167e99725099
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\mbahost.dll
executable
MD5: d7c697ceb6f40ce91dabfcbe8df08e22
SHA256: b925d9d3e1e2c49bf05a1b0713e2750ee6e0c43c7adc9d3c3a1b9fb8c557c3df
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\GalaSoft.MvvmLight.WPF4.dll
executable
MD5: 1e40431b501d55fe8ba59cabb3ce5c17
SHA256: 92ef1bdf8c8140e34e5ae1eb8d9b7afba9921e5ada6317c6cdd0da2712f7e000
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.be\nitro_pro13.exe
executable
MD5: 207551b3ebed394da674015d5c6ca7cb
SHA256: 589fa256e266b56909e9190e01f1587c752bcc5e4bf248c68508ae930c203ceb
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\BootstrapperCore.dll
executable
MD5: c4f7146ddc56763ccdb1cb3c09478708
SHA256: 886cb2a994461f091752fc7b21e3143c212efd8841c757909e74ac32761880da
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\1051\mbapreq.wxl
xml
MD5: 016c278e515f87f589ad22c856b201f7
SHA256: 4a7fdf4a9033fe05c31f565ed3ae5b8c67d324b7aeadb737ce95dbb416d46868
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\3082\mbapreq.wxl
xml
MD5: 1024aa88ae01bc7ba797193cc6023375
SHA256: b884c4abb8867553c1ffadd6721c2135ec5f9f1455c3f668d711ccea65363d1a
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\BootstrapperApplicationData.xml
xml
MD5: 8e9890347efa20a18cfce147731126c8
SHA256: 408d994cc825e48be80d20a6b74732b17ef9baf022043c1b6de8b61e12a7942c
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\1049\mbapreq.wxl
xml
MD5: daf167af4031ef47e562056a7d51aa73
SHA256: c91c9e87ab4a6db078f1991f4a2cdc726b58a40e47bce49d39168a8f8f151c3b
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\1053\mbapreq.wxl
xml
MD5: d95e81164c57b6fd75e7c3022454192e
SHA256: 6dd61cc6b87b53eaf28430068a2a459730fd4b2bcf876ccdf040212d04c4fe7d
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\2052\mbapreq.wxl
xml
MD5: a34dcf7771198c779648b89156483e83
SHA256: 89c559c6765f8d643469e3c8f4aa93023f09369b0395ea647fad5af3c2893eb6
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\2070\mbapreq.wxl
xml
MD5: 8a278e519ef81b2847490efb070219bc
SHA256: e2bfdb2cf3beae2e988827c52c58006d7eead4aba5312b5eae1f6ccf3863c385
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\1031\mbapreq.wxl
xml
MD5: c8e7e0b4e63b3076047b7f49c76d56e1
SHA256: 631d46cb048fb6cf0b9a1362f8e5a1854c46e9525a0260c7841a04b2316c8295
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\1046\mbapreq.wxl
xml
MD5: bd39adb6b872163fd2d570028e9f3213
SHA256: ecb5c22e6c2423caf07aebe69f4faf22450164eee9587b64ef45a2d7f658ca15
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\1038\mbapreq.wxl
xml
MD5: 17fb605a2f02da203df06f714d1cc6de
SHA256: 55cf62d54efb79801a9d94b24b3c9ba221c2465417a068950d40a67c52ba66ef
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\1030\mbapreq.wxl
xml
MD5: 7c6e4ce87870b3b5e71d3ef4555500f8
SHA256: cac263e0e90a4087446a290055257b1c39f17e11f065598cb2286df4332c7696
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\1028\mbapreq.wxl
xml
MD5: 1d4b831f77efec96ffbc70bc4b59b8b5
SHA256: 1b93556f07c35ac0564d57e0743ccba231950962c6506c8d4a74a31cd66fd04c
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\1043\mbapreq.wxl
xml
MD5: 67f28bcdb3ba6774cd66aa198b06ff38
SHA256: 226b778604236931b4ae45f6f272586c884a11517444a34bf45cd5cae49be62e
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\1044\mbapreq.wxl
xml
MD5: 5454f724c9cdab8172678a1cc7057220
SHA256: 41545ac1247b61c3c3e2a7e4659d9fad2bcca8347c69f2eb7b9d0cf5fc31e113
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\1042\mbapreq.wxl
xml
MD5: 442f8463ef5ca42b99b2efaca696bd01
SHA256: d22f6ada97dbffc1e7548e52163807f982b30b11a2a5109e71f42985102cccbd
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\1035\mbapreq.wxl
xml
MD5: e338408f1101499eb22507a3451f7b06
SHA256: b7d9528f29761c82c3d926efe5e0d5036a0e0d83eb4cca7282846c86a9d6f9f3
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\mbapreq.png
image
MD5: a356956fd269567b8f4612a33802637b
SHA256: a401a225addaf89110b4b0f6e8cf94779e7c0640bcdd2d670ffcf05aab0dad03
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\1036\mbapreq.wxl
xml
MD5: aa32a059aadd42431f7837cb1be7257f
SHA256: 88e7ddacd6b714d94d5322876bd50051479b7a0c686dc2e9eb06b3b7a0bc06c9
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\1040\mbapreq.wxl
xml
MD5: 50261379b89457b1980ff19cfabe6a08
SHA256: a40c94eb33f8841c79e9f6958433affd517f97b4570f731666af572e63178bb7
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\1029\mbapreq.wxl
xml
MD5: cc8c6d04dc707b38e0f0c08ba16fe49b
SHA256: dc445e2457ed31abf536871f90ff7cc96800a40b6bc033f37d45e3156a3b4fa9
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\1045\mbapreq.wxl
xml
MD5: 96acaaa5aef7798e9048baff4c3fa8d3
SHA256: f4aa983e39fb29c95e3306082f034b3a43e1d26489c997b8e6697b6a3b2f9f3c
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\1032\mbapreq.wxl
xml
MD5: 074d5921af07e6126049cb45814246ed
SHA256: b8e90e20edf110aaaaea54fbc8533872831777be5589e380cfdd17e1f93147b5
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\1041\mbapreq.wxl
xml
MD5: db0f5bab42403fd67c0a18e35e6880ec
SHA256: ccdcdb111efa152c5f9ff4930033698b843390a549699ae802098d87431f16fe
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\mbapreq.wxl
xml
MD5: 67dd7d8b096c5d0bbb1df7bd4f15f330
SHA256: 27bf9335ceb42bd8b4ca7a0652ab48d76c982be922703f0535583fdbbed3d299
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\mbapreq.thm
xml
MD5: 91543b04e0ebf979d12ea3f94b6c7d28
SHA256: 0b2b19205a49f295feb94b30d86ccb82b82350241dc08bd0a69f2c516c0a93a7
3672
nitro_pro13.exe
C:\ProgramData\Package Cache\{28cbc6c6-3f59-4a29-ab95-2848fa0e6ba5}\state.rsm
smt
MD5: d8591a29e2c811d1ec668bb6b64c7cc5
SHA256: cf410fcd231d13a7db70c07705c821a1993726b4630fdaad4a37c84b4e66777a
2752
nitro_pro13.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 14f4ce7ad09c22e62c4e0b99eddc17cd
SHA256: 797aee9263016479e1d98c575c781c25a31450a0a049d93b49de3a5757f62c3b
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\StringResources.nl-NL.xaml
text
MD5: 4c32afe1e3339feeee2a95942ec974b1
SHA256: 0b4dd6f590fa750e06bfa8fd69b4343b4ed4a0f8c0c84ec26ce0e64df2e079a1
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\Nitro.bmp
image
MD5: 45d8fbc38103bfb1bfc282667ceb5a18
SHA256: 45d1b9459f60cbde528093d29fe9e4ed553c06c644b0017a0176704b1476a3a0
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\ProgressBar.png
image
MD5: a07584b9a8cc8a7483fa394867d05c0a
SHA256: 03de7cbec2ed9a3c17e210f537f5a826fa7e43491556f8356b95f1a80dfa4cdc
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\StringResources.de-DE.xaml
text
MD5: fa4511a5b86e4ba8f1776f991be152ef
SHA256: fad8a4e495f2e216572b10f0a49173dade9ee7b809c6b4310ed0c1999fcd688c
3672
nitro_pro13.exe
C:\System Volume Information\SPP\metadata-2
––
MD5:  ––
SHA256:  ––
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\Background.png
image
MD5: 45ed44a4086556af0279b0845347941a
SHA256: 0253acaff4fe1ec6fb5e4f93a4fa6c6cf8dd42775f90e69da945326aa9072743
3672
nitro_pro13.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{7c3e2f73-bb30-4dea-af79-1eb5395fa471}_OnDiskSnapshotProp
binary
MD5: f3489f0229e73fc1371f8df3b08bbeec
SHA256: 9cd3dd449f79dccef4df75c82768207469ddd6fd06df6e6041191d52fc222ac3
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\CloseWindow.png
image
MD5: 70f5477cb81dbd0eaa48a73fd2440aa4
SHA256: 589cf70ed7996dcf5dfde3c4cf7866b262bb4a31f5955bd7b9a072def25c52c4
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\AcceptandInstall.png
image
MD5: c8b587df6bda0eb187b61ea58e8a4289
SHA256: 9aceba458711ca6c4039a518e033f99af8ca22a1cbae4901b6ea819f4fe01d02
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\Close.png
image
MD5: e211d859caeae68d3135db78d754a0ba
SHA256: cecdac9f2358d06e67c181e929454736fab231959de82b20057b627e871baf1b
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\StringResources.es-ES.xaml
text
MD5: 431acfbba56f4880c31f72534e36a83f
SHA256: 6f58041abed6243e7a49ebf92179bb98cef0ae91e0da463ad2966d09dc1d89cd
3672
nitro_pro13.exe
C:\System Volume Information\SPP\snapshot-2
binary
MD5: f3489f0229e73fc1371f8df3b08bbeec
SHA256: 9cd3dd449f79dccef4df75c82768207469ddd6fd06df6e6041191d52fc222ac3
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\Cancel.png
image
MD5: d400c5ed0015dc2b01583335d71d2b92
SHA256: 58fdb02764d28b307c689a7ccdc0e63a817a55fd0a681cdcdb53902092079ffc
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\StringResources.en-US.xaml
text
MD5: 0b9008fd40ad4cf9c0ce2c9abb2ea019
SHA256: 8109e209ce216ba7bc4849e9be888080d85f17b92df5527076816e597b2e16ab
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\StringResources.it-IT.xaml
text
MD5: 3165e6b9a6fff2f6707b3830387dab62
SHA256: 885babc1379d498f00ad132f3301529afbb09441e168caf081fc018b78f61fa1
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\StringResources.fr-FR.xaml
text
MD5: 406d8333066168d1cc801f3ce8bf8bcb
SHA256: ab3a361e974e38a3f0c7fcf6133f8c8748f4264e2f2e9d94dc97d0ee8c75917c
1880
vssvc.exe
C:
––
MD5:  ––
SHA256:  ––
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\1055\mbapreq.wxl
xml
MD5: 01b200e06ba600a4ef00c00f7aac5ce4
SHA256: 06bfb6dfbc38105c699dea226a029df3ef673c33e4b8928dc4ec7fb8f761487d
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\BootstrapperCore.config
xml
MD5: efe91fd0b4eb17cc897621c133c53ade
SHA256: 77d45ae9bda3349bbcbf2069503835c3bbb37fed0c1e2311b4c3e3bb26640940
2752
nitro_pro13.exe
C:\Users\admin\AppData\Local\Temp\{4224D00F-07FB-41E5-A968-E0F4032C2B46}\.ba\1060\mbapreq.wxl
xml
MD5: 5836f0c655bdd97093f68aaf69ab2bab
SHA256: c015247d022bdc108b4ffcae89cb55d1e313034d7e6eed18744c1bb55f108f8c
2752
nitro_pro13.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 39c7db13e1aa227b1b97a265f4ed3f84
SHA256: c94f7ea475ef6c203576cac926eb1bc3721f60299fa290c858781fe61e77cc6a

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
1
TCP/UDP connections
5
DNS requests
6
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2752 nitro_pro13.exe HEAD 200 104.16.194.72:80 http://install.nitropdf.com/professional_132626/en/retail/nitro_pro13_ba_x86.msi US
––
––
suspicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2752 nitro_pro13.exe 104.16.119.102:443 Cloudflare Inc US shared
2752 nitro_pro13.exe 216.58.207.36:80 Google Inc. US whitelisted
2752 nitro_pro13.exe 104.16.158.102:443 Cloudflare Inc US shared
2752 nitro_pro13.exe 104.16.194.72:80 Cloudflare Inc US shared

DNS requests

Domain IP Reputation
desktop.gonitro.com 104.16.119.102
104.16.158.102
unknown
dns.msftncsi.com 131.107.255.255
whitelisted
www.google.com 216.58.207.36
whitelisted
install.nitropdf.com 104.16.194.72
104.16.195.72
suspicious

Threats

No threats detected.

Debug output strings

No debug info.