General Info

File name

RechnungswesenStartcenterMachine.msi

Full analysis
https://app.any.run/tasks/b7d5572a-e124-49ac-a2b1-d41d9a68dbeb
Verdict
Malicious activity
Analysis date
7/18/2019, 16:06:41
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

generated-doc

Indicators:

MIME:
application/x-msi
File info:
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Installs the Accounting Startcenter, Author: Diamant Software GmbH, Keywords: Installer, Comments: (c) 2019 Diamant Software GmbH, Create Time/Date: Mon May 27 10:45:48 2019, Name of Creating Application: Windows Installer XML Toolset (3.10.2.2516), Security: 2, Template: Intel;1031,1033, Last Saved By: Intel;1031,1033, Revision Number: {16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}1.0.0.0;{16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}1.0.0.0;{16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}, Number of Pages: 200, Number of Characters: 0
MD5

8fb4e4de55878baf0febdfd84f2d5f52

SHA1

702c45272a56ef5b71c2c635bfe3bf53f403fcec

SHA256

61febabe0d2f25ec653e4d29914535488b09cc095f104e5c0fdd208b9160894f

SSDEEP

12288:EFSnpIlPTLIRTRWNKnnUbSDw6+L3xv5yfXA7S44QnopObHrT+nZnYOHmDpeVgEEU:EFtLI3EK5Pe/sSbzL0xdV9E8jf6i

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
240 seconds
Additional time used
180 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 67.0.4 (x86 en-US) (67.0.4)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • Diamant.Launcher.Core.exe (PID: 1660)
  • Diamant.Launcher.Core.exe (PID: 3620)
Loads dropped or rewritten executable
  • msiexec.exe (PID: 3348)
  • Diamant.Launcher.Core.exe (PID: 1660)
  • rundll32.exe (PID: 3356)
  • Diamant.Launcher.Core.exe (PID: 3620)
  • rundll32.exe (PID: 2220)
Creates files in the program directory
  • Diamant.Launcher.Core.exe (PID: 3620)
  • Diamant.Launcher.Core.exe (PID: 1660)
Application launched itself
  • Diamant.Launcher.Core.exe (PID: 3620)
Executable content was dropped or overwritten
  • rundll32.exe (PID: 3356)
  • msiexec.exe (PID: 3068)
  • msiexec.exe (PID: 3348)
  • rundll32.exe (PID: 2220)
Reads Environment values
  • Diamant.Launcher.Core.exe (PID: 1660)
Uses RUNDLL32.EXE to load library
  • MsiExec.exe (PID: 1488)
  • MsiExec.exe (PID: 3376)
Executed via COM
  • DrvInst.exe (PID: 3400)
Modifies the open verb of a shell class
  • msiexec.exe (PID: 3068)
Executed as Windows Service
  • vssvc.exe (PID: 1672)
Creates a software uninstall entry
  • msiexec.exe (PID: 3068)
Loads dropped or rewritten executable
  • MsiExec.exe (PID: 1488)
  • MsiExec.exe (PID: 3376)
Low-level read access rights to disk partition
  • vssvc.exe (PID: 1672)
Application launched itself
  • msiexec.exe (PID: 3068)
Searches for installed software
  • msiexec.exe (PID: 3068)
Creates files in the program directory
  • msiexec.exe (PID: 3068)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.msi
|   Microsoft Windows Installer (98.5%)
.msi
|   Microsoft Installer (100%)
EXIF
FlashPix
CodePage:
Windows Latin 1 (Western European)
Title:
Installation Database
Subject:
Installs the Accounting Startcenter
Author:
Diamant Software GmbH
Keywords:
Installer
Comments:
(c) 2019 Diamant Software GmbH
Template:
Intel;1031,1033
CreateDate:
2019:05:27 09:45:48
ModifyDate:
2019:05:27 09:45:48
Pages:
200
Words:
2
Software:
Windows Installer XML Toolset (3.10.2.2516)
Security:
Read-only recommended
RevisionNumber:
{B1C74919-880E-4351-8013-D8D3307893D4}
LastModifiedBy:
Intel;1031,1033
Characters:
null

Screenshots

Processes

Total processes
47
Monitored processes
10
Malicious processes
5
Suspicious processes
3

Behavior graph

+
start drop and start msiexec.exe msiexec.exe msiexec.exe no specs rundll32.exe vssvc.exe no specs drvinst.exe no specs msiexec.exe no specs rundll32.exe diamant.launcher.core.exe no specs diamant.launcher.core.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3348
CMD
"C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\RechnungswesenStartcenterMachine.msi"
Path
C:\Windows\System32\msiexec.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msisip.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll
c:\windows\system32\msihnd.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\riched20.dll
c:\program files\rechnungswesen\startcenter\(default)\certmgr.exe
c:\program files\rechnungswesen\startcenter\(default)\diamant.launcher.core.exe
c:\program files\rechnungswesen\startcenter\(default)\diamant.launcher.controller.dll
c:\program files\rechnungswesen\startcenter\(default)\diamant.launcher.gui.dll
c:\program files\rechnungswesen\startcenter\(default)\diamant.launcher.servercom.dll
c:\program files\rechnungswesen\startcenter\(default)\diamant.launcher.updater.dll
c:\program files\rechnungswesen\startcenter\(default)\diamant.launcher.interfaces.dll
c:\program files\rechnungswesen\startcenter\(default)\common.login.core.logondia3.dll
c:\program files\rechnungswesen\startcenter\(default)\common.login.wpf.logondialog.dll
c:\program files\rechnungswesen\startcenter\(default)\common.tools.core.tools.dll
c:\program files\rechnungswesen\startcenter\(default)\common.webservice.references.dll
c:\program files\rechnungswesen\startcenter\(default)\langde\diamant.launcher.interfaces.resources.dll
c:\program files\rechnungswesen\startcenter\diamant.launcher.drilldowndispatcher.exe

PID
3068
CMD
C:\Windows\system32\msiexec.exe /V
Path
C:\Windows\system32\msiexec.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\srclient.dll
c:\windows\system32\spp.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\es.dll
c:\windows\system32\sxs.dll
c:\windows\system32\propsys.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msisip.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\cabinet.dll
c:\program files\rechnungswesen\startcenter\(default)\diamant.launcher.core.exe

PID
3376
CMD
C:\Windows\system32\MsiExec.exe -Embedding 74D985058C3422158529F1C1FCCFD9F3 C
Path
C:\Windows\system32\MsiExec.exe
Indicators
No indicators
Parent process
msiexec.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\users\admin\appdata\local\temp\msif349.tmp
c:\windows\system32\cabinet.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\rundll32.exe

PID
2220
CMD
rundll32.exe "C:\Users\admin\AppData\Local\Temp\MSIF349.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_1569734 1 Installer.Actions!Installer.Actions.CustomActions.CheckForValidInstallDir
Path
C:\Windows\system32\rundll32.exe
Indicators
Parent process
MsiExec.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\users\admin\appdata\local\temp\msif349.tmp
c:\windows\system32\msi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\97e047cf68e9a7d90e196d072cd49cac\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\users\admin\appdata\local\temp\msif349.tmp-\microsoft.deployment.windowsinstaller.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\e071297bb06faa961bef045ae5f25fdc\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\21a1606b6c00f9abe7db55c02e0f87c9\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\cd03f9386e02f56502e01a25ddd7e0a7\system.configuration.ni.dll
c:\users\admin\appdata\local\temp\msif349.tmp-\installer.actions.dll

PID
1672
CMD
C:\Windows\system32\vssvc.exe
Path
C:\Windows\system32\vssvc.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\atl.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\xolehlp.dll
c:\windows\system32\version.dll
c:\windows\system32\resutils.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\authz.dll
c:\windows\system32\virtdisk.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\samlib.dll
c:\windows\system32\es.dll
c:\windows\system32\propsys.dll
c:\windows\system32\catsrvut.dll
c:\windows\system32\mfcsubs.dll
c:\windows\system32\sxs.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll

PID
3400
CMD
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot21" "" "" "6f9bf5bcb" "00000000" "00000544" "000005C8"
Path
C:\Windows\system32\DrvInst.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Driver Installation Module
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\spinf.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\spfileq.dll

PID
1488
CMD
C:\Windows\system32\MsiExec.exe -Embedding A0471581BAD07D8691A83EC23143A781 M Global\MSI0000
Path
C:\Windows\system32\MsiExec.exe
Indicators
No indicators
Parent process
msiexec.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\installer\msi437e.tmp
c:\windows\system32\cabinet.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\rundll32.exe

PID
3356
CMD
rundll32.exe "C:\Windows\Installer\MSI437E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_1590734 1 Installer.Actions!Installer.Actions.CustomActions.WriteApplicationConfig
Path
C:\Windows\system32\rundll32.exe
Indicators
Parent process
MsiExec.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\installer\msi437e.tmp
c:\windows\system32\msi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\97e047cf68e9a7d90e196d072cd49cac\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\installer\msi437e.tmp-\microsoft.deployment.windowsinstaller.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\e071297bb06faa961bef045ae5f25fdc\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\21a1606b6c00f9abe7db55c02e0f87c9\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\cd03f9386e02f56502e01a25ddd7e0a7\system.configuration.ni.dll
c:\windows\installer\msi437e.tmp-\installer.actions.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll

PID
3620
CMD
"C:\Program Files\Rechnungswesen\Startcenter\(Default)\Diamant.Launcher.Core.exe" /createStartMenu "(Default)" /serverurl=http://INDIBAC02DE.SW.SHERWIN.COM/Produktiv/Rechnungswesen /partner=0020 /productname="dibac.finanz3"
Path
C:\Program Files\Rechnungswesen\Startcenter\(Default)\Diamant.Launcher.Core.exe
Indicators
No indicators
Parent process
msiexec.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Diamant Software
Description
Rechnungswesen Startcenter
Version
3.11.2.2400
Modules
Image
c:\program files\rechnungswesen\startcenter\(default)\diamant.launcher.core.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\97e047cf68e9a7d90e196d072cd49cac\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\e071297bb06faa961bef045ae5f25fdc\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\21a1606b6c00f9abe7db55c02e0f87c9\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\cd03f9386e02f56502e01a25ddd7e0a7\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\61dfb69c9ad6ed96809170d54d80b8a6\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\2dc6cfd856864312d563098f9486361c\system.windows.forms.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\7c8f75f367134a030cba4a127dc62a2f\system.xml.ni.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\rechnungswesen\startcenter\(default)\diamant.launcher.interfaces.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\program files\rechnungswesen\startcenter\(default)\diamant.launcher.controller.dll
c:\program files\rechnungswesen\startcenter\(default)\diamant.launcher.servercom.dll
c:\program files\rechnungswesen\startcenter\(default)\diamant.launcher.updater.dll
c:\program files\rechnungswesen\startcenter\(default)\diamant.launcher.gui.dll
c:\program files\rechnungswesen\startcenter\(default)\common.login.core.logondia3.dll
c:\program files\rechnungswesen\startcenter\(default)\common.login.wpf.logondialog.dll
c:\program files\rechnungswesen\startcenter\(default)\common.tools.core.tools.dll
c:\program files\rechnungswesen\startcenter\(default)\common.webservice.references.dll
c:\windows\system32\psapi.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll

PID
1660
CMD
"C:\Program Files\Rechnungswesen\Startcenter\(Default)\Diamant.Launcher.Core.exe" "C:\Program Files\Rechnungswesen\Startcenter\(Default)\Diamant.Launcher.Core.exe" /createStartMenu "(Default)" /serverurl=http://INDIBAC02DE.SW.SHERWIN.COM/Produktiv/Rechnungswesen /partner=0020 /productname="dibac.finanz3"
Path
C:\Program Files\Rechnungswesen\Startcenter\(Default)\Diamant.Launcher.Core.exe
Indicators
Parent process
Diamant.Launcher.Core.exe
User
admin
Integrity Level
HIGH
Version:
Company
Diamant Software
Description
Rechnungswesen Startcenter
Version
3.11.2.2400
Modules
Image
c:\program files\rechnungswesen\startcenter\(default)\diamant.launcher.core.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\97e047cf68e9a7d90e196d072cd49cac\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\e071297bb06faa961bef045ae5f25fdc\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\21a1606b6c00f9abe7db55c02e0f87c9\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\cd03f9386e02f56502e01a25ddd7e0a7\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\61dfb69c9ad6ed96809170d54d80b8a6\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\2dc6cfd856864312d563098f9486361c\system.windows.forms.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\7c8f75f367134a030cba4a127dc62a2f\system.xml.ni.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\rechnungswesen\startcenter\(default)\diamant.launcher.interfaces.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\program files\rechnungswesen\startcenter\(default)\diamant.launcher.controller.dll
c:\program files\rechnungswesen\startcenter\(default)\diamant.launcher.servercom.dll
c:\program files\rechnungswesen\startcenter\(default)\diamant.launcher.updater.dll
c:\program files\rechnungswesen\startcenter\(default)\diamant.launcher.gui.dll
c:\program files\rechnungswesen\startcenter\(default)\common.login.core.logondia3.dll
c:\program files\rechnungswesen\startcenter\(default)\common.login.wpf.logondialog.dll
c:\program files\rechnungswesen\startcenter\(default)\common.tools.core.tools.dll
c:\program files\rechnungswesen\startcenter\(default)\common.webservice.references.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\assembly\nativeimages_v4.0.30319_32\system.net.http\62765bb26133f581e10bb7c866f35c83\system.net.http.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.servicemodel\e27ae693b6e71bb689ec66761a65901f\system.servicemodel.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.runteb92aa12#\62a6b39f4f68c25dfd2f6308d7541401\system.runtime.serialization.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\smdiagnostics\a7a48457faaea5fc8a1e59b4921ac4a3\smdiagnostics.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.servd1dec626#\7a1dfc357f4135dbddcf38fd9279b2a7\system.servicemodel.internals.ni.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.identitymodel\710a5c9e16388ca7a722211f4d4867aa\system.identitymodel.ni.dll
c:\windows\system32\psapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.security\8391072310ccd84eecefe797cfd4a4a5\system.security.ni.dll
c:\windows\system32\rasadhlp.dll
c:\windows\microsoft.net\framework\v4.0.30319\diasymreader.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\windowsbase\0d5a8e6f89227cc5d954e65856f9cf1a\windowsbase.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentationcore\e7873d3bd71f6122c2a954be1bb5bb28\presentationcore.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio5ae0f00f#\b34cda03a984c515b31faf410e5b7e39\presentationframework.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xaml\4d290752f65a065fcde70178562c3383\system.xaml.ni.dll
c:\windows\system32\dwrite.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpfgfx_v0400.dll
c:\windows\system32\msvcp120_clr0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\presentationnative_v0400.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\vga.dll
c:\windows\system32\uxtheme.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatiod51afaa5#\867cbe7462b04e2cf1ae39abb576ae2a\presentationframework.classic.ni.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msctfui.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\uiautomationtypes\1e1a1bd97e618bc4934ee967bea27ae8\uiautomationtypes.ni.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\oleacc.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio49d6fefe#\f52bfe40c54917622ed3abb98db8f90a\presentationframework-systemxml.ni.dll
c:\windows\system32\winmm.dll

Registry activity

Total events
905
Read events
577
Write events
322
Delete events
6

Modification events

PID
Process
Operation
Key
Name
Value
3348
msiexec.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
3068
msiexec.exe
delete key
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\70\52C64B7E
3068
msiexec.exe
delete key
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\70
3068
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
3068
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback
3068
msiexec.exe
delete key
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
3068
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
SrCreateRp (Enter)
400000000000000098391D17723DD501FC0B000030070000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppCreate (Enter)
400000000000000098391D17723DD501FC0B000030070000D0070000000000000000000000000000000000000000000000000000000000000000000000000000
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
LastIndex
23
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppGatherWriterMetadata (Enter)
4000000000000000E6AB7017723DD501FC0B000030070000D3070000000000000000000000000000000000000000000000000000000000000000000000000000
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
IDENTIFY (Enter)
4000000000000000400E7317723DD501FC0B000024050000E8030000010000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
IDENTIFY (Leave)
4000000000000000A68D5518723DD501FC0B000024050000E8030000000000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppGatherWriterMetadata (Leave)
4000000000000000208D0C1F723DD501FC0B000030070000D3070000010000000000000000000000000000000000000000000000000000000000000000000000
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppAddInterestingComponents (Enter)
4000000000000000208D0C1F723DD501FC0B000030070000D4070000000000000000000000000000000000000000000000000000000000000000000000000000
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppAddInterestingComponents (Leave)
4000000000000000F09F1F1F723DD501FC0B000030070000D4070000010000000000000000000000000000000000000000000000000000000000000000000000
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
PREPAREBACKUP (Enter)
4000000000000000CED9391F723DD501FC0B0000700B0000E9030000010000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
PREPAREBACKUP (Leave)
40000000000000000676561F723DD501FC0B0000700B0000E9030000000000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
GETSTATE (Enter)
40000000000000000676561F723DD501FC0B000018080000F9030000010000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
GETSTATE (Leave)
4000000000000000C861621F723DD501FC0B000018080000F9030000000000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
DOSNAPSHOT (Enter)
40000000000000007C26671F723DD501FC0B0000300700000A040000010000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
DOSNAPSHOT (Leave)
4000000000000000C0DF6320723DD501FC0B0000D80C00000A040000000000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppCreate (Leave)
40000000000000001A426620723DD501FC0B000030070000D0070000010000000000000000000000000000000000000000000000000000000000000000000000
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
SrCreateRp (Leave)
40000000000000001A426620723DD501FC0B000030070000D5070000010000000000000000000000000000000000000000000000000000000000000000000000
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
FirstRun
0
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
LastIndex
23
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
NestingLevel
1
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
StartNesting
98391D17723DD501
3068
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
3068
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Owner
FC0B0000C096E410723DD501
3068
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
SessionHash
EBB1654392D9CB0F62A2468CD33DD8234A77250EE184F04AAA0C5B891195F616
3068
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Sequence
1
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
C:\Windows\Installer\1837c5.ipi
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\1837c6.rbs
30752122
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\1837c6.rbsLow
2200237888
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\41284073CE78BFD45BA63611FC4AA4F2
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\Addins.cer
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DF7FBD239F13D254A8FBB4E1696E7DAF
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\Diamant.Launcher.Core.exe
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C728CE51202244C83EBF0D64F052C0
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\Diamant.Launcher.Core.exe.config
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A00378996DC89E438E5CA8B5E8092A3
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\Diamant.Launcher.Controller.dll
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6646288E3E1476A4A88A9839F84A454C
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\Diamant.Launcher.Gui.dll
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F77FD8F077A356C48A69C21DE08ED688
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\Diamant.Launcher.ServerCom.dll
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\54D37FE2639B7F8408C096BA87A13CF0
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\Diamant.Launcher.Updater.dll
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B12BC78BA89148648AA759950D8191BB
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\Diamant.Launcher.Interfaces.dll
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9DB3FC14423CF334EA7505C69B1A1757
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\Common.Login.Core.LogonDia3.dll
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A0B310DF937C82848A9EF74420EB692F
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\Common.Login.WPF.LogonDialog.dll
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B48E5721D45318C419EA8FDEE61DA534
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\Common.Tools.Core.Tools.dll
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\436F1E8486C5A664B932F3BD64592C8E
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\Common.WebService.References.dll
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6CBA3E73E20CDE429EF9006A82BD67C
DB203E61F0624DA4EBF1E978489D1EFA
02:\Software\Diamant Software\Launcher\ProductCode
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F89C870BB74518042A807FC9C05851F9
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\langde\Diamant.Launcher.Interfaces.resources.dll
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
C:\Program Files\Rechnungswesen\Startcenter\Diamant.Launcher.DrilldownDispatcher.exe
1
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F44C9308BBAB14B408E674D67CA04C51
DB203E61F0624DA4EBF1E978489D1EFA
C?\Program Files\Rechnungswesen\Startcenter\Diamant.Launcher.DrilldownDispatcher.exe
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C4CE24509C3E1F94DAFC41C5D9E0BE39
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2F42F261A7E98204299737C2A798D664
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65C75EF7E255A314EA49D97CFF2C3E5A
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F97863056A4055A42BB2519FB78A371B
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E87FCC0C808D99A4495729A3EEBC968A
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0964575A7F5AE4249BD5217FAEAC8F42
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FF4C993CEB2ECC499FFDB7AE7ADC6B0
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E892D391C935759458EF0A1F3C20B16B
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C386730E421F1F240920AA3222F46EBB
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22F8659FF1E8B044F839201C44CB08CC
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DE656EAE07305AA4EB799E4A466FD0B5
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C0B56010D337EEC49A73C6A077E3A594
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B332F4D8FFD2B8645849460D5D698162
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB88425E7331A8A4B9D204A5CBF7FC8E
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C1DB92B45628094FB3946EF08E37F32
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2AEE1E0362FC7534A8D216388EC844A2
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CA1E2E044A9F0C49BBBDFE84CBAF2DB
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E18AD0E74BE0D584EBEC2EFB1F7F83AE
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDEDD1BE666C4214D8E23075E02ADA35
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D451A294A15F8D443BC2322895B27CF7
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\803A6C7EAD8B0FC43B0836CFCD63304F
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\16BF6A097967FB44086DBC9DF1BE3A05
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\84E3927D7154B9D44969AE991AD60EFC
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B99C5949111380641B26243BFBBB53CE
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B99C5949711380641B26243BFBBB53CE
DB203E61F0624DA4EBF1E978489D1EFA
C:\Program Files\Rechnungswesen\Startcenter\(Default)\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\242168FFAFCE4E243ABB8A655B5C704C
DB203E61F0624DA4EBF1E978489D1EFA
02:\Software\Classes\diamant\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E75F569B462754A47A32B3319DDA154B
DB203E61F0624DA4EBF1E978489D1EFA
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\Rechnungswesen\Startcenter\(Default)\
1
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\Rechnungswesen\Startcenter\
1
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\Rechnungswesen\
1
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\Rechnungswesen\Startcenter\(Default)\langde\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Diamant Software\Launcher
ProductCode
{16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\diamant
URL: DIAMANT Display Protocol
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\diamant
Browserflags
8
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\diamant
Editflags
0
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\diamant
URL Protocol
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\diamant\DefaultIcon
C:\Program Files\Rechnungswesen\Startcenter\Diamant.Launcher.DrilldownDispatcher.exe,0
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\diamant\shell\open\command
C:\Program Files\Rechnungswesen\Startcenter\Diamant.Launcher.DrilldownDispatcher.exe /drilldown %1
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DB203E61F0624DA4EBF1E978489D1EFA\InstallProperties
LocalPackage
C:\Windows\Installer\1837c7.msi
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DB203E61F0624DA4EBF1E978489D1EFA\InstallProperties
AuthorizedCDFPrefix
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DB203E61F0624DA4EBF1E978489D1EFA\InstallProperties
Comments
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DB203E61F0624DA4EBF1E978489D1EFA\InstallProperties
Contact
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DB203E61F0624DA4EBF1E978489D1EFA\InstallProperties
DisplayVersion
1.0.0.0
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DB203E61F0624DA4EBF1E978489D1EFA\InstallProperties
HelpLink
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DB203E61F0624DA4EBF1E978489D1EFA\InstallProperties
HelpTelephone
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DB203E61F0624DA4EBF1E978489D1EFA\InstallProperties
InstallDate
20190718
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DB203E61F0624DA4EBF1E978489D1EFA\InstallProperties
InstallLocation
C:\Program Files\Rechnungswesen\Startcenter\(Default)
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DB203E61F0624DA4EBF1E978489D1EFA\InstallProperties
InstallSource
C:\Users\admin\AppData\Local\Temp\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DB203E61F0624DA4EBF1E978489D1EFA\InstallProperties
ModifyPath
MsiExec.exe /I{16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DB203E61F0624DA4EBF1E978489D1EFA\InstallProperties
Publisher
Diamant Software GmbH
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DB203E61F0624DA4EBF1E978489D1EFA\InstallProperties
Readme
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DB203E61F0624DA4EBF1E978489D1EFA\InstallProperties
Size
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DB203E61F0624DA4EBF1E978489D1EFA\InstallProperties
EstimatedSize
1110
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DB203E61F0624DA4EBF1E978489D1EFA\InstallProperties
UninstallString
MsiExec.exe /I{16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DB203E61F0624DA4EBF1E978489D1EFA\InstallProperties
URLInfoAbout
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DB203E61F0624DA4EBF1E978489D1EFA\InstallProperties
URLUpdateInfo
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DB203E61F0624DA4EBF1E978489D1EFA\InstallProperties
VersionMajor
1
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DB203E61F0624DA4EBF1E978489D1EFA\InstallProperties
VersionMinor
0
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DB203E61F0624DA4EBF1E978489D1EFA\InstallProperties
WindowsInstaller
1
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DB203E61F0624DA4EBF1E978489D1EFA\InstallProperties
Version
16777216
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DB203E61F0624DA4EBF1E978489D1EFA\InstallProperties
Language
1033
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}
AuthorizedCDFPrefix
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}
Comments
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}
Contact
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}
DisplayVersion
1.0.0.0
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}
HelpLink
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}
HelpTelephone
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}
InstallDate
20190718
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}
InstallLocation
C:\Program Files\Rechnungswesen\Startcenter\(Default)
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}
InstallSource
C:\Users\admin\AppData\Local\Temp\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}
ModifyPath
MsiExec.exe /I{16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}
Publisher
Diamant Software GmbH
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}
Readme
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}
Size
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}
EstimatedSize
1110
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}
UninstallString
MsiExec.exe /I{16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}
URLInfoAbout
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}
URLUpdateInfo
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}
VersionMajor
1
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}
VersionMinor
0
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}
WindowsInstaller
1
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}
Version
16777216
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}
Language
1033
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\DB203E61F0624DA4EBF1E978489D1EFA
DB203E61F0624DA4EBF1E978489D1EFA
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DB203E61F0624DA4EBF1E978489D1EFA\InstallProperties
DisplayName
Accounting Startcenter (Maschine)
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16E302BD-260F-4AD4-BE1F-9E8784D9E1AF}
DisplayName
Accounting Startcenter (Maschine)
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\DB203E61F0624DA4EBF1E978489D1EFA
ProductFeature
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DB203E61F0624DA4EBF1E978489D1EFA\Features
ProductFeature
Of$c57gI(AhY%Z(l'z43'YKE4q=o7=,?`g,ysi]y4^3$uPcBu9fr52lYLku&&?h~XFA3=Ap$)FdzFsc6_EufsTO]v?y8XKWvVU+h8Dx~'2?&[email protected][J7lkE+qS}S'+3XaIN?u~g*`4C[((&Z}@dAaKa=6CDlD7PB.eN`p099P2][email protected]$nJk-MhMm}mBzDTB4?$PD$=s~9{v5KCx(y(%[email protected],Qu[t'`9!?)L?H4b^=WxXOoZ[hms^[email protected]$faeu5g8hB,NZo'!.[KW}5Q&[email protected]$P]~)SXgc$gq*j?lTWZESfzUW*{&.*T7h]8$,[email protected]!$_=a(~+Q~!zz8}O?1iuNwB^&,DkAs$bt?kLa'yrrk%b8W+{fBC$}?T_-o6JOr-_p=.3^VIMB9IkfJxPV%t.DvqS6[[email protected]~-Uv^NV-b&2MR,+dqZX??t%avkAwTc6DE(qsYrS9.oAO.8u5Ie%W_.y{$wr9eon%gwElfj=15Rt2_5~?c87!^AAS=EAi~C!j{[email protected]%bgE&'CvX?dkJKU~s2b=xH(}k!)[email protected]?2cV!Esi-osd=IJbIa0P?08gizWIVW.wNKe3dZg_9pF07Rb9eY1BcHW'[email protected]%[FzU+NFme{7_SP7gt9?XW,bf1Wd?tCr-XtfO`x8=**{C*k~tBSOjS?U2p-=Xp5oQI)i(Q([email protected]?},z.%1LwhvgQV6w,+={[email protected](,oOY9bzmkcG3iWdf4S=-02]bqK~vtcG3iWjf4S=-02]bqK~vtX1^-{3TPR9,`LqCp?D!hgNsYd5k!s?ANG3)a{,zb
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DB203E61F0624DA4EBF1E978489D1EFA\Patches
AllPatches
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\DB203E61F0624DA4EBF1E978489D1EFA
ProductName
Accounting Startcenter (Maschine)
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\DB203E61F0624DA4EBF1E978489D1EFA
PackageCode
91947C1BE088153408318D3D0387394D
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\DB203E61F0624DA4EBF1E978489D1EFA
Language
1033
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\DB203E61F0624DA4EBF1E978489D1EFA
Version
16777216
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\DB203E61F0624DA4EBF1E978489D1EFA
Assignment
1
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\DB203E61F0624DA4EBF1E978489D1EFA
AdvertiseFlags
388
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\DB203E61F0624DA4EBF1E978489D1EFA
InstanceType
0
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\DB203E61F0624DA4EBF1E978489D1EFA
AuthorizedLUAApp
0
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\DB203E61F0624DA4EBF1E978489D1EFA
DeploymentFlags
2
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\DB203E61F0624DA4EBF1E978489D1EFA
DB203E61F0624DA4EBF1E978489D1EFA
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\DB203E61F0624DA4EBF1E978489D1EFA\SourceList
PackageName
RechnungswesenStartcenterMachine.msi
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\DB203E61F0624DA4EBF1E978489D1EFA\SourceList\Net
1
C:\Users\admin\AppData\Local\Temp\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\DB203E61F0624DA4EBF1E978489D1EFA\SourceList\Media
1
;
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\DB203E61F0624DA4EBF1E978489D1EFA
Clients
:
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\DB203E61F0624DA4EBF1E978489D1EFA\SourceList
LastUsedSource
n;1;C:\Users\admin\AppData\Local\Temp\
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
StringCacheGeneration
113
3068
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
NestingLevel
0
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Enter)
4000000000000000A8977C17723DD501880600002C010000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Enter)
4000000000000000A8977C17723DD501880600001C0F0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Enter)
4000000000000000A8977C17723DD50188060000740E0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Enter)
4000000000000000A8977C17723DD50188060000A00B0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Leave)
4000000000000000B6BE8317723DD50188060000740E0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Leave)
400000000000000010218617723DD501880600001C0F0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Leave)
40000000000000006A838817723DD50188060000A00B0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Leave)
40000000000000001E488D17723DD501880600002C010000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_BEGINPREPARE (Enter)
40000000000000007477371F723DD501880600002C01000001040000010000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_BEGINPREPARE (Leave)
40000000000000007477371F723DD501880600002C01000001040000000000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPAREBACKUP (Enter)
4000000000000000829E3E1F723DD50188060000A00B0000E9030000010000000100000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPAREBACKUP (Enter)
4000000000000000829E3E1F723DD50188060000740E0000E9030000010000000100000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPAREBACKUP (Enter)
4000000000000000829E3E1F723DD501880600001C0F0000E9030000010000000100000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPAREBACKUP (Leave)
4000000000000000DC00411F723DD50188060000A00B0000E9030000000000000100000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_STABLE (SetCurrentState)
4000000000000000DC00411F723DD50188060000A00B000001000000010000000100000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPAREBACKUP (Leave)
40000000000000003663431F723DD50188060000740E0000E9030000000000000100000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_STABLE (SetCurrentState)
40000000000000003663431F723DD50188060000740E000001000000010000000100000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPAREBACKUP (Leave)
40000000000000003663431F723DD501880600001C0F0000E9030000000000000100000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_STABLE (SetCurrentState)
40000000000000003663431F723DD501880600001C0F000001000000010000000100000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
GETSTATE (Enter)
40000000000000006EFF5F1F723DD501880600001C0F0000F9030000010000000100000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
GETSTATE (Enter)
40000000000000006EFF5F1F723DD50188060000740E0000F9030000010000000100000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
GETSTATE (Enter)
40000000000000006EFF5F1F723DD50188060000A00B0000F9030000010000000100000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
GETSTATE (Leave)
40000000000000006EFF5F1F723DD50188060000740E0000F9030000000000000100000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
GETSTATE (Leave)
40000000000000006EFF5F1F723DD501880600001C0F0000F9030000000000000100000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
GETSTATE (Leave)
40000000000000006EFF5F1F723DD50188060000A00B0000F9030000000000000100000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_ENDPREPARE (Enter)
40000000000000007C26671F723DD501880600008C0C000002040000010000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_ENDPREPARE (Leave)
40000000000000006ABEE01F723DD501880600008C0C000002040000000000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
PREPARESNAPSHOT (Enter)
40000000000000006ABEE01F723DD501880600008C0C0000EA030000010000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPARESNAPSHOT (Enter)
40000000000000002CAAEC1F723DD50188060000BC0B0000EA030000010000000100000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPARESNAPSHOT (Enter)
40000000000000002CAAEC1F723DD50188060000640B0000EA030000010000000100000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPARESNAPSHOT (Enter)
40000000000000002CAAEC1F723DD50188060000080B0000EA030000010000000100000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPARESNAPSHOT (Leave)
400000000000000048F8FA1F723DD50188060000080B0000EA030000000000000100000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
400000000000000048F8FA1F723DD50188060000080B000002000000010000000100000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPARESNAPSHOT (Leave)
4000000000000000A25AFD1F723DD50188060000640B0000EA030000000000000100000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
4000000000000000A25AFD1F723DD50188060000640B000002000000010000000100000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPARESNAPSHOT (Leave)
4000000000000000FCBCFF1F723DD50188060000BC0B0000EA030000000000000100000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
4000000000000000FCBCFF1F723DD50188060000BC0B000002000000010000000100000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
PREPARESNAPSHOT (Leave)
400000000000000050A72A20723DD501880600008C0C0000EA030000000000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE (Enter)
400000000000000050A72A20723DD501880600008C0C0000EB030000010000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_FRONT (Enter)
400000000000000050A72A20723DD501880600008C0C0000EC030000010000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
FREEZE (Enter)
4000000000000000046C2F20723DD50188060000BC0B0000EB030000010000000200000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
FREEZE (Leave)
4000000000000000046C2F20723DD50188060000BC0B0000EB030000000000000200000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
4000000000000000046C2F20723DD50188060000BC0B000003000000010000000200000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BKGND_FREEZE_THREAD (Enter)
4000000000000000046C2F20723DD50188060000580D0000FC030000010000000300000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_FRONT (Leave)
4000000000000000046C2F20723DD501880600008C0C0000EC030000000000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_BACK (Enter)
4000000000000000046C2F20723DD501880600008C0C0000ED030000010000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_BACK (Leave)
4000000000000000B8303420723DD501880600008C0C0000ED030000000000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_SYSTEM (Enter)
4000000000000000B8303420723DD501880600008C0C0000EE030000010000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
FREEZE (Enter)
40000000000000006CF53820723DD50188060000BC0B0000EB030000010000000200000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
FREEZE (Leave)
40000000000000006CF53820723DD50188060000BC0B0000EB030000000000000200000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
40000000000000006CF53820723DD50188060000BC0B000003000000010000000200000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BKGND_FREEZE_THREAD (Enter)
40000000000000006CF53820723DD50188060000400D0000FC030000010000000300000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_SYSTEM (Leave)
4000000000000000C6573B20723DD501880600008C0C0000EE030000000000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_KTM (Enter)
4000000000000000C6573B20723DD501880600008C0C0000F0030000010000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_KTM (Leave)
4000000000000000C6573B20723DD501880600008C0C0000F0030000000000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_RM (Enter)
4000000000000000C6573B20723DD501880600008C0C0000EF030000010000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
FREEZE (Enter)
4000000000000000D47E4220723DD50188060000740B0000EB030000010000000200000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
FREEZE (Leave)
40000000000000003C084C20723DD50188060000740B0000EB030000000000000200000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
40000000000000003C084C20723DD50188060000740B000003000000010000000200000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BKGND_FREEZE_THREAD (Enter)
40000000000000003C084C20723DD50188060000040F0000FC030000010000000300000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_RM (Leave)
40000000000000003C084C20723DD501880600008C0C0000EF030000000000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE (Leave)
40000000000000003C084C20723DD501880600008C0C0000EB030000000000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PRECOMMIT (Enter)
40000000000000003C084C20723DD501880600008C0C000003040000010000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PRECOMMIT (Leave)
40000000000000003C084C20723DD501880600008C0C000003040000000000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
OPEN_VOLUME_HANDLE (Enter)
40000000000000003C084C20723DD501880600008C0C0000FD030000010000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
OPEN_VOLUME_HANDLE (Enter)
40000000000000003C084C20723DD50188060000D00E0000FD030000010000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
OPEN_VOLUME_HANDLE (Leave)
4000000000000000FEF35720723DD50188060000D00E0000FD030000000000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
OPEN_VOLUME_HANDLE (Leave)
4000000000000000FEF35720723DD501880600008C0C0000FD030000000000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_FLUSH_AND_HOLD (Enter)
4000000000000000FEF35720723DD50188060000D00E0000FE030000010000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_FLUSH_AND_HOLD (Leave)
4000000000000000C0DF6320723DD50188060000D00E0000FE030000000000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_RELEASE (Enter)
4000000000000000C0DF6320723DD50188060000D00E0000FF030000010000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_RELEASE (Leave)
4000000000000000C0DF6320723DD50188060000D00E0000FF030000000000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_FLUSH_AND_HOLD (Enter)
4000000000000000FEF35720723DD501880600008C0C0000FE030000010000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_FLUSH_AND_HOLD (Leave)
4000000000000000C0DF6320723DD501880600008C0C0000FE030000000000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_RELEASE (Enter)
4000000000000000C0DF6320723DD501880600008C0C0000FF030000010000000000000000000000000000000000000000000000000000000000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_RELEASE (Leave)
4000000000000000C0DF6320723DD501880600008C0C0000FF030000000000000000000000000000000000000000000000000000000000000000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_COMMIT (Enter)
4000000000000000C0DF6320723DD50188060000D80E000004040000010000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_COMMIT (Leave)
4000000000000000C0DF6320723DD50188060000D80E000004040000000000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTCOMMIT (Enter)
4000000000000000C0DF6320723DD501880600008C0C000005040000010000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTCOMMIT (Leave)
4000000000000000C0DF6320723DD501880600008C0C000005040000000000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW_KTM (Enter)
4000000000000000C0DF6320723DD501880600008C0C0000F4030000010000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW_KTM (Leave)
4000000000000000C0DF6320723DD501880600008C0C0000F4030000000000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW (Enter)
4000000000000000C0DF6320723DD501880600008C0C0000F2030000010000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
THAW (Enter)
400000000000000090F27620723DD50188060000840B0000F2030000010000000300000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
THAW (Enter)
400000000000000090F27620723DD50188060000640B0000F2030000010000000300000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BKGND_FREEZE_THREAD (Leave)
400000000000000090F27620723DD50188060000580D0000FC030000000000000300000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BKGND_FREEZE_THREAD (Leave)
400000000000000090F27620723DD50188060000400D0000FC030000000000000300000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
THAW (Leave)
400000000000000090F27620723DD50188060000840B0000F2030000000000000300000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
THAW (Enter)
400000000000000090F27620723DD50188060000BC0B0000F2030000010000000300000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
THAW (Leave)
400000000000000090F27620723DD50188060000640B0000F2030000000000000300000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
400000000000000090F27620723DD50188060000840B000004000000010000000300000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BKGND_FREEZE_THREAD (Leave)
400000000000000090F27620723DD50188060000040F0000FC030000000000000300000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
400000000000000090F27620723DD50188060000640B000004000000010000000300000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
THAW (Leave)
400000000000000090F27620723DD50188060000BC0B0000F2030000000000000300000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
400000000000000090F27620723DD50188060000BC0B000004000000010000000300000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW (Leave)
400000000000000090F27620723DD501880600008C0C0000F2030000000000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PREFINALCOMMIT (Enter)
400000000000000090F27620723DD501880600008C0C000006040000010000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PREFINALCOMMIT (Leave)
40000000000000003E3FA420723DD501880600008C0C000006040000000000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
POSTSNAPSHOT (Enter)
400000000000000098A1A620723DD501880600008C0C0000F5030000010000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
POSTSNAPSHOT (Enter)
4000000000000000EC8BD120723DD50188060000080B0000F5030000010000000400000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
POSTSNAPSHOT (Enter)
4000000000000000EC8BD120723DD50188060000BC0B0000F5030000010000000400000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
POSTSNAPSHOT (Enter)
4000000000000000EC8BD120723DD50188060000EC0B0000F5030000010000000400000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
POSTSNAPSHOT (Leave)
4000000000000000EC8BD120723DD50188060000080B0000F5030000000000000400000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
4000000000000000EC8BD120723DD50188060000080B000005000000010000000400000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
POSTSNAPSHOT (Leave)
4000000000000000EC8BD120723DD50188060000BC0B0000F5030000000000000400000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
4000000000000000EC8BD120723DD50188060000BC0B000005000000010000000400000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
POSTSNAPSHOT (Leave)
4000000000000000F8A8B121723DD50188060000EC0B0000F5030000000000000400000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
4000000000000000F8A8B121723DD50188060000EC0B000005000000010000000400000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
POSTSNAPSHOT (Leave)
4000000000000000F8A8B121723DD501880600008C0C0000F5030000000000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTFINALCOMMIT (Enter)
4000000000000000F8A8B121723DD501880600008C0C000007040000010000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTFINALCOMMIT (Leave)
4000000000000000A6F5DE21723DD501880600008C0C000007040000000000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
BACKUPSHUTDOWN (Enter)
400000000000000092560022723DD501880600008C0C0000FB030000010000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BACKUPSHUTDOWN (Enter)
4000000000000000AEA40E22723DD50188060000640B0000FB030000010000000500000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BACKUPSHUTDOWN (Leave)
4000000000000000AEA40E22723DD50188060000640B0000FB030000000000000500000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BACKUPSHUTDOWN (Enter)
4000000000000000AEA40E22723DD50188060000BC0B0000FB030000010000000500000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BACKUPSHUTDOWN (Enter)
4000000000000000AEA40E22723DD50188060000080B0000FB030000010000000500000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BACKUPSHUTDOWN (Leave)
4000000000000000AEA40E22723DD50188060000BC0B0000FB030000000000000500000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BACKUPSHUTDOWN (Leave)
4000000000000000AEA40E22723DD50188060000080B0000FB030000000000000500000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
1672
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
BACKUPSHUTDOWN (Leave)
4000000000000000AEA40E22723DD501880600008C0C0000FB030000000000000000000000000000C23A5AF96D567D40BC54BFC379BE2FE00000000000000000
3400
DrvInst.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
3620
Diamant.Launcher.Core.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3620
Diamant.Launcher.Core.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1660
Diamant.Launcher.Core.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1660
Diamant.Launcher.Core.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1660
Diamant.Launcher.Core.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Diamant_RASAPI32
EnableFileTracing
0
1660
Diamant.Launcher.Core.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Diamant_RASAPI32
EnableConsoleTracing
0
1660
Diamant.Launcher.Core.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Diamant_RASAPI32
FileTracingMask
4294901760
1660
Diamant.Launcher.Core.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Diamant_RASAPI32
ConsoleTracingMask
4294901760
1660
Diamant.Launcher.Core.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Diamant_RASAPI32
MaxFileSize
1048576
1660
Diamant.Launcher.Core.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Diamant_RASAPI32
FileDirectory
%windir%\tracing
1660
Diamant.Launcher.Core.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Diamant_RASMANCS
EnableFileTracing
0
1660
Diamant.Launcher.Core.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Diamant_RASMANCS
EnableConsoleTracing
0
1660
Diamant.Launcher.Core.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Diamant_RASMANCS
FileTracingMask
4294901760
1660
Diamant.Launcher.Core.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Diamant_RASMANCS
ConsoleTracingMask
4294901760
1660
Diamant.Launcher.Core.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Diamant_RASMANCS
MaxFileSize
1048576
1660
Diamant.Launcher.Core.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Diamant_RASMANCS
FileDirectory
%windir%\tracing
1660
Diamant.Launcher.Core.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
Diamant.Launcher.Core.exe

Files activity

Executable files
21
Suspicious files
6
Text files
148
Unknown types
3

Dropped files

PID
Process
Filename
Type
3348
msiexec.exe
C:\Users\admin\AppData\Local\Temp\MSIF349.tmp
executable
MD5: 46fd6fdb1a4b50993f3d133e4080fb02
SHA256: 550a51b279616936e9562b0d464c705f188a07bc388a10c5a95a87d5545841d5
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\Common.Tools.Core.Tools.dll
executable
MD5: 50d42c1f2dd624a57c9be6d8dfded09b
SHA256: af6cbc76fa5a3e6ab64c179c209a9b6d739b57d03d78caac8741d1993bc324a8
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\Common.Login.WPF.LogonDialog.dll
executable
MD5: 11c19d12771875634611f11722aec72e
SHA256: 616ac6e73046227e0a63c87f08067dba961fd54b4cc312f742d29a96863ff02b
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\Diamant.Launcher.Updater.dll
executable
MD5: a502ab0d1294191bdf0bb7b870262ac5
SHA256: 64c670c8e9ef16489d3ae77544b33aac034abd5d6dc8a81f91c92172656fe336
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\Common.WebService.References.dll
executable
MD5: 51b0d6fa9761041f06fe0857e411a96e
SHA256: d4dd31a2e912327ff53c0774c938236d6b03fdc0a31a2d4d52c9165a0e3fee01
3068
msiexec.exe
C:\Windows\Installer\1837c7.msi
executable
MD5: 8fb4e4de55878baf0febdfd84f2d5f52
SHA256: 61febabe0d2f25ec653e4d29914535488b09cc095f104e5c0fdd208b9160894f
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\Common.Login.Core.LogonDia3.dll
executable
MD5: d2effde9f83ed1780718dcf2174aa9bc
SHA256: 5b14e6a681446eeac6b1ff86ac65631ec55f1c527939a91ab9c1a46004ec9155
3068
msiexec.exe
C:\Windows\Installer\MSI437E.tmp
executable
MD5: 46fd6fdb1a4b50993f3d133e4080fb02
SHA256: 550a51b279616936e9562b0d464c705f188a07bc388a10c5a95a87d5545841d5
3068
msiexec.exe
C:\Windows\Installer\1837c4.msi
executable
MD5: 8fb4e4de55878baf0febdfd84f2d5f52
SHA256: 61febabe0d2f25ec653e4d29914535488b09cc095f104e5c0fdd208b9160894f
3356
rundll32.exe
C:\Windows\Installer\MSI437E.tmp-\Installer.Actions.dll
executable
MD5: 0a04fff958473ccfb165adfeae69431a
SHA256: 7d2857a7bc79c92ecceb53cddcd4fc5037bc23d6aab5e767be4fdf7d7bc0d5ca
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\Diamant.Launcher.Core.exe
executable
MD5: 4a866ef7c6e5c97e0009976236dbaa4d
SHA256: ba7f5279fa57eda133ac5fdda1b0812c4680c5b6279f822bd82ed518a16938fe
2220
rundll32.exe
C:\Users\admin\AppData\Local\Temp\MSIF349.tmp-\Installer.Actions.dll
executable
MD5: 0a04fff958473ccfb165adfeae69431a
SHA256: 7d2857a7bc79c92ecceb53cddcd4fc5037bc23d6aab5e767be4fdf7d7bc0d5ca
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\Diamant.Launcher.Controller.dll
executable
MD5: a3e0396d774f91794430ae08718b95ca
SHA256: 803af60cd7d4f263b84c3d46c46721d463cd0723d6a3c50b09365165408648b3
3356
rundll32.exe
C:\Windows\Installer\MSI437E.tmp-\Microsoft.Deployment.WindowsInstaller.dll
executable
MD5: 9cc443b70ea68fb136dd54d6daaeca0e
SHA256: a1da28cb626cb52661d2d6e0a6fb14b97dca16d88ff755a967b7507d38998c44
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\langde\Diamant.Launcher.Interfaces.resources.dll
executable
MD5: 171c5c3beef5ee75560c71c94b40286b
SHA256: 90a85b90010a78462ca49154e78bd844eb16b59346ddb57c52378cb397e7f57a
2220
rundll32.exe
C:\Users\admin\AppData\Local\Temp\MSIF349.tmp-\Microsoft.Deployment.WindowsInstaller.dll
executable
MD5: 9cc443b70ea68fb136dd54d6daaeca0e
SHA256: a1da28cb626cb52661d2d6e0a6fb14b97dca16d88ff755a967b7507d38998c44
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\Diamant.Launcher.DrilldownDispatcher.exe
executable
MD5: c5ff8a7d2dbc4b2c5ab6295d164f7c38
SHA256: 4ba10736ff48be1285ef81b30fb491559df49d81319b931e52f33b727af7ccb9
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\Diamant.Launcher.Gui.dll
executable
MD5: fa1a30e3cfdeb0a6e30a9ea382b3e18f
SHA256: deb08b7b7d213b156d1d38a38f0dc56aaf0792e8b0f8876de302329164dfce88
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\Diamant.Launcher.Interfaces.dll
executable
MD5: 31b01e500d69baeb6ef418613a1298e0
SHA256: ffdaae3f95c2031fa232ba5e1dda9b488d1d3b5d0026c825bfe83d18332338cc
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\Diamant.Launcher.ServerCom.dll
executable
MD5: 316736acaaf95f0b150e53ba07a3fb27
SHA256: 1e2d1719c4cc25e99e1fdc4c21d623f6b4e2f3c2287a27103f84308abab2980f
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\certmgr.exe
executable
MD5: e9d769c9116ca9ac2ce8f402b0d829a7
SHA256: 28b3e23b9d68d3d40d4f790c792cf359a321e33e1cb1d13a067c2065e8aa8ff8
3620
Diamant.Launcher.Core.exe
C:\ProgramData\Rechnungswesen\Launcher\44a1971aeca652f53ef7241a505182f2\Log\Startcenter_2019-07-18.log
text
MD5: 364898b4674fc65e95ad3ccf1b467a3c
SHA256: 784cc7fc138d340f5d4e6c28d61dec793ad6d547931c062ae9782df8566f7846
3068
msiexec.exe
C:\Users\admin\AppData\Local\Temp\~DFBEDB5AD1E7AE314C.TMP
––
MD5:  ––
SHA256:  ––
3068
msiexec.exe
C:\Windows\Installer\1837c5.ipi
––
MD5:  ––
SHA256:  ––
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\Diamant.Launcher.Core.exe.config
xml
MD5: 4916a059bf58eaaf15c573abac77d12d
SHA256: fdaaba1b76116e3260e06c5cffb48a47d47ed2d23941dbc22aa051cc738d1b0a
3068
msiexec.exe
C:\Config.Msi\1837c6.rbs
––
MD5:  ––
SHA256:  ––
3356
rundll32.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\Diamant.Launcher.Core.exe.config
xml
MD5: 0c57f6138bc978557a953d57fa893219
SHA256: c08dda5259c4fa7a589d8762ea41af3c41d18926f26423ddd9ee01ca366d145f
1660
Diamant.Launcher.Core.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\StartMenu.reminder
text
MD5: 84849d59597594fd12293f1acce71344
SHA256: 821689b20ec7dc791c7070f88315297cc51319147ae4d447df1c43a8c7d5cf88
3356
rundll32.exe
C:\Windows\Installer\MSI437E.tmp-\CustomAction.config
xml
MD5: 52a6e68c421636373b58b0ab462af0cb
SHA256: b129b22b6189efbd3390d46e92f4eba92242a1e7b788cb6529836b70030e2694
1660
Diamant.Launcher.Core.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dibac.finanz3\Web Client.lnk
lnk
MD5: 32bd01ba793553af8d0f766892d18d74
SHA256: 2407e9b617da69f1336127e31bf0c9a61eab3065271bc2878917dd08595e3062
1660
Diamant.Launcher.Core.exe
C:\ProgramData\Rechnungswesen\Launcher\44a1971aeca652f53ef7241a505182f2\app.ico
image
MD5: af1a15862b1a100f37849c77f77fa90e
SHA256: 5b7bc605a6d17453cc013d84f79e67be3059d6efe0d3454363258ba60992b052
1660
Diamant.Launcher.Core.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dibac.finanz3\Accounting Startcenter.lnk
lnk
MD5: 95aa111a558697ff91486385f35b1704
SHA256: 0a6b61dcd98dd54d20c2d9adcbb49d1520a17d82ec28a756d5d3067f6d8e3ca3
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\P.0011
image
MD5: 8a194814d2796d04ccd3aa2078cc937e
SHA256: d0d9ff6a43bbd4bba3daa7168baff2756eb2fc5e00c4f3ea2ef70ec1bc058bae
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\Addins.cer
der
MD5: fcc59e134454060e3a3f4783f9452644
SHA256: 0ed875a78ca3caa08bf415263459509d20aeef50684da013929865ea3a125d4e
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\P.0009
image
MD5: e638f5f92ab16b0cbbaf7a0171120779
SHA256: 78cb85b3ca4a85fd54dcfe093def3b83c55dde4fce8347b9d67967ad06452bff
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\P.0008
image
MD5: d88cd57df4903e661c70847ed51ae9f0
SHA256: 28b02fc39d204ab953e75fc2cabbebaa5709b731688aeee8e46ce663b25e7ea8
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\P.0007
image
MD5: 72a6e3066c5f6f4d173a2702dca726ef
SHA256: 7010f878bec087729e0575d352c23636afb9d1541d1020b858126ab34ce2b81b
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\P.0006
image
MD5: 0097e4fa31e23895c589edc6f395e84a
SHA256: b2bd2051a5c2deb01b1435affc0993e135af6614e784dbaac47dc76faf94d89b
1672
vssvc.exe
C:
––
MD5:  ––
SHA256:  ––
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\P.0005
image
MD5: cac9a7d28870f17e8289e43009ae9dd5
SHA256: 85d218bef60e9374b4db4256543dff3b38858003babda825bde3fca7054016c2
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\P.0004
image
MD5: 1af09218b552cfe39dea73d7cb972433
SHA256: 7581d953dd42c47e55bab8304b1e1908d01e653ce33f8549e96ed6516a0c1b2b
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\P.0000
image
MD5: e451373a097bc565337bbe513f84eace
SHA256: 3b9f2807c1a87058287025daa3ff0e17da92f9159258c739a333e46977b96832
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\P.5403
image
MD5: 227430b01bb0cf6d39d8a95d9628d6e1
SHA256: c6f641653929cb9ae9477c63413d23ef64fd75ae037cfa3d960c3923cc25d2b5
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\P.0025
image
MD5: 939f35d91315b423d885a35dd2c8915f
SHA256: 69ec9490f990b34507fd9722a39e267a77d0d74a98e96298fa416f962002ac97
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\P.0024
image
MD5: cc1d76020b5745df8aa5cc44bf7ca247
SHA256: 25c609e6c007b40d114592f81dd0db1e9546570f188c44ec22bbccfbb7f76df4
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\P.0023
image
MD5: bf984e37a3e5410fc1b40b3e903951e9
SHA256: c563d99770dbb7e325bb4e5bf60bb4aa7969e094bb0d599111e0f68675810e03
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\P.0022
image
MD5: a5faac8e121145ebd558a466940a15c2
SHA256: a8656ff3065dff4fed2a2a63fcfd4191e7633f8dc0d95e7076db6eb70294d473
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\P.0003
image
MD5: 9389b037eb470c63a924b7021a999648
SHA256: e3c1ae1a8117b28d9b7263cfde9ddbb80ff4f86d9306f94f2cec6f0529e2919e
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\P.0021
image
MD5: 1f91cfad2dbf4e191aad6207bc8f4392
SHA256: b63fe71ce490a88dd7a2de150bdfee5e302194ad7ce6ef5f4c7416a752a8a788
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\P.0020
image
MD5: af1a15862b1a100f37849c77f77fa90e
SHA256: 5b7bc605a6d17453cc013d84f79e67be3059d6efe0d3454363258ba60992b052
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\P.0019
image
MD5: 227430b01bb0cf6d39d8a95d9628d6e1
SHA256: c6f641653929cb9ae9477c63413d23ef64fd75ae037cfa3d960c3923cc25d2b5
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\P.0017
image
MD5: 5f491ccecc55a09733f93d5a09eab641
SHA256: 3856fd142dc3735d1af0dda4426531c80a5fc9e48e99374d1b3ade9e1a72a631
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\P.0016
image
MD5: c990bc6140ef5deb5f740ad3a02ac8a5
SHA256: 1ebd14c2447a3716903ad92fc3701dc34cb466d46fa25031caa9fa082a2d4130
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\P.0015
image
MD5: 63dbf00d7e4de562a5c0cefa766d1a44
SHA256: 220e284d94847bf04a0ec2fc4e0d0f05e5828759d89cc963b836ffcb77334930
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\P.0014
image
MD5: e730b861210e399984a3b6c842ccafe0
SHA256: a52efd913cce7a77d3285c04fe02802a55dc5c79f7d39fc9d999d298f75a0d7f
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\P.0012
image
MD5: 26fffb69e43cdf919ffd51d6ab1afacb
SHA256: 2d8b1adb1778bc86362b2b980c4349e2cd32ba63b831398e8cb124464b6d48b5
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\P.0013
image
MD5: 87bb6debabc2a6e85c573b5c1128c549
SHA256: 114d0a11bbf31064f2ad11fb683f3ec3a8fc5113f4b461b165ef802ad5a7a894
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\P.0002
image
MD5: 53558ebb7d0b00b9a84a5f7fa117845e
SHA256: 20466d995f4d7d546afb30bb6ebc916182584d85e13d6040fffa190fc6a7891d
3068
msiexec.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\P.0001
image
MD5: c52a3eb006b402e71fa8f51ba0a224e8
SHA256: 8842f0380db0a2ad09d2e2350f162d13ab4f6497783dedcda0c51f14902e73de
3068
msiexec.exe
C:\Windows\Installer\MSI3D62.tmp
binary
MD5: 300e18946926f5ccdfc9370a266c17e0
SHA256: a6284668b29ab24be49846a85ec3f0a78868eafb8323d5f88e841dc6a53ac294
3068
msiexec.exe
C:\Windows\Installer\1837c5.ipi
binary
MD5: 9cff0bc5bfe4a31c050d65eb522dbd23
SHA256: 89e0748fb620a75a9d597c111da282f168ae5d69f6deec1688cf98c8835f118e
3068
msiexec.exe
C:\Users\admin\AppData\Local\Temp\~DF7D28D8FE7A1445F4.TMP
––
MD5:  ––
SHA256:  ––
1660
Diamant.Launcher.Core.exe
C:\ProgramData\Rechnungswesen\Launcher\44a1971aeca652f53ef7241a505182f2\Log\Startcenter_2019-07-18.log
text
MD5: 28a3fb81e348e848d9147a83c60d5dff
SHA256: 86fd09d1d95105f55cd0e977570ef8c32220f5eca277503ffb6ceea3835caddc
3400
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
text
MD5: 1202daf56e6e52d489548f5e54508330
SHA256: b0788c662f35ff1373ae7b2389c98a754e6734a9941b0ed3f723140b673eb690
3400
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: b34690967257b1cb54b9d9229ed9fb08
SHA256: 3c222ef0d1e4da68a83bd350603871eeb23dc67dc04e7083785e95a748cc311e
3400
DrvInst.exe
C:\Windows\INF\setupapi.ev1
binary
MD5: a3f2e9198b0b25f19f6be16845bf6da3
SHA256: 56eb17a328e25b8802e70f38b5dabaab76aafa92ab2b0d0963ab22805b5fa387
3400
DrvInst.exe
C:\Windows\INF\setupapi.ev3
binary
MD5: 627fe7edb33ba7093fea154ede035a2f
SHA256: 6c3c45c455dbd7e39e89a855fe508f236982bcc8243add10b4fda5781a159c53
3068
msiexec.exe
C:\System Volume Information\SPP\metadata-2
––
MD5:  ––
SHA256:  ––
3068
msiexec.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{f95a3ac2-566d-407d-bc54-bfc379be2fe0}_OnDiskSnapshotProp
binary
MD5: 545be833ccfdee1b539655a36af469a2
SHA256: 404f61fe622137571df549116d908d48b2873d4034c51046b2096919519fc942
3068
msiexec.exe
C:\System Volume Information\SPP\snapshot-2
binary
MD5: 545be833ccfdee1b539655a36af469a2
SHA256: 404f61fe622137571df549116d908d48b2873d4034c51046b2096919519fc942
1660
Diamant.Launcher.Core.exe
C:\Program Files\Rechnungswesen\Startcenter\(Default)\Productname.txt
text
MD5: 1775d919a3df17f358ca8ad4e618a953
SHA256: 2795e98743a11f82a7c4718de21ec743d068c4aaf92b4d7aba445f318b8efdb4
2220
rundll32.exe
C:\Users\admin\AppData\Local\Temp\MSIF349.tmp-\CustomAction.config
xml
MD5: 52a6e68c421636373b58b0ab462af0cb
SHA256: b129b22b6189efbd3390d46e92f4eba92242a1e7b788cb6529836b70030e2694
1660
Diamant.Launcher.Core.exe
C:\ProgramData\Rechnungswesen\Launcher\44a1971aeca652f53ef7241a505182f2\Log\Startcenter_2019-07-18.log
text
MD5: 76843846a00b9bbb621162a8f1f85fd0
SHA256: fa1e8fe52ea705a0ce3d0972fb2423d312f0ff11cdd53c80cf06088c4f7c6eb9
1660
Diamant.Launcher.Core.exe
C:\ProgramData\Rechnungswesen\Launcher\44a1971aeca652f53ef7241a505182f2\Log\Startcenter_2019-07-18.log
text
MD5: ff37fe8a88ad243c6909ce9ff9871398
SHA256: faf4afc49b28f7bcfe7f40ed75e850e408262a927be416b5bedbd47ee37908cf

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
1
Threats
0

HTTP requests

No HTTP requests.

Connections

No connections.

DNS requests

Domain IP Reputation
indibac02de.sw.sherwin.com No response unknown

Threats

No threats detected.

Debug output strings

No debug info.