General Info

File name

setup.exe

Full analysis
https://app.any.run/tasks/f64756a0-dd53-4e6d-9c5a-4512aa1544b0
Verdict
Malicious activity
Analysis date
11/8/2019, 15:25:00
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

1d5217c3a98b25d1e67ede33ba5981e5

SHA1

6ed6869a791e2c24b6c3e29fe14b8005fa601444

SHA256

66e886133dfec1626bf44e02bdb75980b143084da87f3e321b9a280d351d0ff2

SSDEEP

393216:r506cOXTIhkZwfqPBQYWgDF0b8TlLDipUQwNkJ27XA8Te+FKjP9WxnppEw5oOgoM:Nb9MeZqYWgDJTdFQPJ2MKzFKL9WpDEwm

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • OOLiveUpdate.exe (PID: 2808)
  • OOSE.EXE (PID: 2532)
  • SafeEraseAgent.exe (PID: 3200)
  • OOLiveUpdateWorker.exe (PID: 3468)
Changes settings of System certificates
  • OOLiveUpdate.exe (PID: 2808)
Loads dropped or rewritten executable
  • SafeEraseAgent.exe (PID: 3200)
  • OOSE.EXE (PID: 2532)
Executed as Windows Service
  • vds.exe (PID: 2248)
  • SafeEraseAgent.exe (PID: 3200)
  • vssvc.exe (PID: 3196)
Executed via COM
  • vdsldr.exe (PID: 3456)
Low-level read access rights to disk partition
  • vds.exe (PID: 2248)
Executable content was dropped or overwritten
  • OOLiveUpdate.exe (PID: 2808)
  • msiexec.exe (PID: 2440)
  • msiexec.exe (PID: 2752)
Creates files in the program directory
  • setup.exe (PID: 3432)
Starts Microsoft Installer
  • setup.exe (PID: 3432)
Creates COM task schedule object
  • msiexec.exe (PID: 2752)
Searches for installed software
  • OOSE.EXE (PID: 2532)
Loads dropped or rewritten executable
  • MsiExec.exe (PID: 492)
  • MsiExec.exe (PID: 3340)
  • MsiExec.exe (PID: 4032)
Searches for installed software
  • msiexec.exe (PID: 2752)
Low-level read access rights to disk partition
  • vssvc.exe (PID: 3196)
Creates a software uninstall entry
  • msiexec.exe (PID: 2752)
Dropped object may contain Bitcoin addresses
  • msiexec.exe (PID: 2752)
Application launched itself
  • msiexec.exe (PID: 2752)
Creates files in the program directory
  • msiexec.exe (PID: 2752)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (67.4%)
.dll
|   Win32 Dynamic Link Library (generic) (14.2%)
.exe
|   Win32 Executable (generic) (9.7%)
.exe
|   Generic Win/DOS Executable (4.3%)
.exe
|   DOS Executable Generic (4.3%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2017:10:11 18:48:18+02:00
PEType:
PE32
LinkerVersion:
10
CodeSize:
206336
InitializedDataSize:
429568
UninitializedDataSize:
null
EntryPoint:
0x1a7e3
OSVersion:
5.1
ImageVersion:
null
SubsystemVersion:
5.1
Subsystem:
Windows GUI
FileVersionNumber:
14.6.581.0
ProductVersionNumber:
14.6.581.0
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Windows NT 32-bit
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
German
CharacterSet:
Unicode
CompanyName:
null
Comments:
A:1000$L:1033$O:MsiLanguage
FileDescription:
O&O SafeErase Professional Setup
FileVersion:
14.6.581
InternalName:
Stub.exe
LegalCopyright:
O&O Software GmbH
OriginalFileName:
Stub.exe
ProductName:
O&O SafeErase Professional
ProductVersion:
14.6.581
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
11-Oct-2017 16:48:18
Detected languages
English - United States
German - Germany
Debug artifacts
e:\jenkins-slave\workspace\OOSDK_2013_1\oosdk\src\src\modules\oosetupstub\src\stub\vc10\Win32\Release\stub.pdb
CompanyName:
O&O Software GmbH
Comments:
A:1000$L:1031
FileDescription:
null
FileVersion:
6.0.242
InternalName:
Stub.exe
LegalCopyright:
Copyright (C) 2012
OriginalFilename:
Stub.exe
ProductName:
O&O SafeErase Professional
ProductVersion:
6.0.242
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000E8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
11-Oct-2017 16:48:18
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x0003256C 0x00032600 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.62254
.rdata 0x00034000 0x000095FE 0x00009600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.7308
.data 0x0003E000 0x00003C04 0x00001A00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 3.63209
.rsrc 0x00042000 0x0005ABF0 0x0005AC00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.52354
.reloc 0x0009D000 0x000031A8 0x00003200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 5.22348
Resources
1

2

3

4

5

6

7

8

101

103

104

Imports
    KERNEL32.dll

    USER32.dll

    ADVAPI32.dll

    SHELL32.dll

    WINTRUST.dll

    SHLWAPI.dll

    msi.dll (delay-loaded)

Exports

    No exports.

Screenshots

Processes

Total processes
59
Monitored processes
14
Malicious processes
3
Suspicious processes
2

Behavior graph

+
start drop and start setup.exe no specs setup.exe msiexec.exe msiexec.exe msiexec.exe no specs vssvc.exe no specs msiexec.exe no specs msiexec.exe no specs safeeraseagent.exe vdsldr.exe no specs vds.exe no specs oose.exe no specs ooliveupdate.exe ooliveupdateworker.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2816
CMD
"C:\Users\admin\Desktop\setup.exe"
Path
C:\Users\admin\Desktop\setup.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Description
O&O SafeErase Professional Setup
Version
14.6.581
Modules
Image
c:\users\admin\desktop\setup.exe
c:\systemroot\system32\ntdll.dll

PID
3432
CMD
"C:\Users\admin\Desktop\setup.exe"
Path
C:\Users\admin\Desktop\setup.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
O&O SafeErase Professional Setup
Version
14.6.581
Modules
Image
c:\users\admin\desktop\setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\msisip.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\msi.dll
c:\windows\system32\msiexec.exe

PID
2440
CMD
C:\Windows\system32\msiexec.exe /i "C:\ProgramData\OO Software\Installations\31DF14AB20762CA648AEAA44C9687DCD19AA3993.msi" AFFILIATE_ID=1000 SQUID=BEB690E8A288D9E4D9DD2D95C2323C6A MSIFILENAME=31DF14AB20762CA648AEAA44C9687DCD19AA3993.msi
Path
C:\Windows\system32\msiexec.exe
Indicators
Parent process
setup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msisip.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll
c:\windows\system32\msihnd.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\riched20.dll

PID
2752
CMD
C:\Windows\system32\msiexec.exe /V
Path
C:\Windows\system32\msiexec.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\srclient.dll
c:\windows\system32\spp.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\es.dll
c:\windows\system32\sxs.dll
c:\windows\system32\propsys.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msisip.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\oo software\safeerase\fileshredder.exe

PID
3340
CMD
C:\Windows\system32\MsiExec.exe -Embedding 0E0357DC4DA4D9B7276E5EA81B321289 C
Path
C:\Windows\system32\MsiExec.exe
Indicators
No indicators
Parent process
msiexec.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\users\admin\appdata\local\temp\msiff3a.tmp
c:\windows\system32\msimg32.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\users\admin\appdata\local\temp\msief19.tmp
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\oo software\safeerase\oose.exe

PID
3196
CMD
C:\Windows\system32\vssvc.exe
Path
C:\Windows\system32\vssvc.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\atl.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\xolehlp.dll
c:\windows\system32\version.dll
c:\windows\system32\resutils.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\authz.dll
c:\windows\system32\virtdisk.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\samlib.dll
c:\windows\system32\es.dll
c:\windows\system32\propsys.dll
c:\windows\system32\catsrvut.dll
c:\windows\system32\mfcsubs.dll
c:\windows\system32\sxs.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll

PID
4032
CMD
C:\Windows\system32\MsiExec.exe -Embedding 15D0812985470E3517CF52C086A7DCC9
Path
C:\Windows\system32\MsiExec.exe
Indicators
No indicators
Parent process
msiexec.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\installer\msi9467.tmp
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\installer\msi961d.tmp
c:\windows\system32\msimg32.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\installer\msi96da.tmp
c:\windows\installer\msi9748.tmp
c:\windows\installer\msic4b6.tmp

PID
492
CMD
C:\Windows\system32\MsiExec.exe -Embedding 71A7E10B01A3DB4DB1F5A059B2E9298C M Global\MSI0000
Path
C:\Windows\system32\MsiExec.exe
Indicators
No indicators
Parent process
msiexec.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\installer\msi996d.tmp
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\installer\msia43c.tmp

PID
3200
CMD
"C:\Program Files\OO Software\Shared\SafeEraseAgent\SafeEraseAgent.exe"
Path
C:\Program Files\OO Software\Shared\SafeEraseAgent\SafeEraseAgent.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
O&O Software GmbH
Description
SafeEraseAgentHost
Version
14.6.581
Modules
Image
c:\program files\oo software\shared\safeeraseagent\safeeraseagent.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\97e047cf68e9a7d90e196d072cd49cac\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\e071297bb06faa961bef045ae5f25fdc\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.serv759bfb78#\c37de755ec3ee73d604bc11f85599177\system.serviceprocess.ni.dll
c:\program files\oo software\shared\safeeraseagent\safeeraseagentbase.dll
c:\program files\oo software\shared\safeeraseagent\safeeraseagentloader.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\oo software\shared\safeeraseagent\oobpagt.dll
c:\program files\oo software\shared\safeeraseagent\safeeraseagent.dll
c:\program files\oo software\shared\safeeraseagent\oofeagt.dll
c:\program files\oo software\shared\safeeraseagent\oodeagt.dll
c:\program files\oo software\shared\safeeraseagent\ooseagt.dll
c:\windows\microsoft.net\assembly\gac_msil\system.serviceprocess\v4.0_4.0.0.0__b03f5f7f11d50a3a\system.serviceprocess.dll
c:\windows\microsoft.net\assembly\gac_msil\system\v4.0_4.0.0.0__b77a5c561934e089\system.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\21a1606b6c00f9abe7db55c02e0f87c9\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.servicemodel\e27ae693b6e71bb689ec66761a65901f\system.servicemodel.ni.dll
c:\windows\microsoft.net\assembly\gac_msil\system.servicemodel\v4.0_4.0.0.0__b77a5c561934e089\system.servicemodel.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\smdiagnostics\a7a48457faaea5fc8a1e59b4921ac4a3\smdiagnostics.ni.dll
c:\windows\microsoft.net\assembly\gac_msil\smdiagnostics\v4.0_4.0.0.0__b77a5c561934e089\smdiagnostics.dll
c:\program files\oo software\shared\safeeraseagent\functioncore.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.runteb92aa12#\62a6b39f4f68c25dfd2f6308d7541401\system.runtime.serialization.ni.dll
c:\windows\microsoft.net\assembly\gac_msil\system.runtime.serialization\v4.0_4.0.0.0__b77a5c561934e089\system.runtime.serialization.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.servd1dec626#\7a1dfc357f4135dbddcf38fd9279b2a7\system.servicemodel.internals.ni.dll
c:\windows\microsoft.net\assembly\gac_msil\system.servicemodel.internals\v4.0_4.0.0.0__31bf3856ad364e35\system.servicemodel.internals.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\7c8f75f367134a030cba4a127dc62a2f\system.xml.ni.dll
c:\windows\microsoft.net\assembly\gac_msil\system.xml\v4.0_4.0.0.0__b77a5c561934e089\system.xml.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\cd03f9386e02f56502e01a25ddd7e0a7\system.configuration.ni.dll
c:\windows\microsoft.net\assembly\gac_msil\system.configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\system.configuration.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.transactions\baa30f3e0869fa3e8885df044c880bbc\system.transactions.ni.dll
c:\windows\microsoft.net\assembly\gac_32\system.transactions\v4.0_4.0.0.0__b77a5c561934e089\system.transactions.dll
c:\windows\microsoft.net\assembly\gac_msil\system.core\v4.0_4.0.0.0__b77a5c561934e089\system.core.dll
c:\windows\system32\pcwum.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.identitymodel\710a5c9e16388ca7a722211f4d4867aa\system.identitymodel.ni.dll
c:\windows\microsoft.net\assembly\gac_msil\system.identitymodel\v4.0_4.0.0.0__b77a5c561934e089\system.identitymodel.dll
c:\program files\oo software\shared\safeeraseagent\ooseeal.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\uxtheme.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\winmm.dll
c:\windows\system32\oledlg.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\vds_ps.dll
c:\windows\system32\fmifs.dll
c:\windows\system32\ulib.dll
c:\windows\system32\ifsutil.dll

PID
3456
CMD
C:\Windows\System32\vdsldr.exe -Embedding
Path
C:\Windows\System32\vdsldr.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Virtual Disk Service Loader
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vdsldr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\atl.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\vdsutil.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\vds_ps.dll

PID
2248
CMD
C:\Windows\System32\vds.exe
Path
C:\Windows\System32\vds.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Virtual Disk Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vds.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\atl.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\osuninst.dll
c:\windows\system32\vdsutil.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uexfat.dll
c:\windows\system32\ulib.dll
c:\windows\system32\ifsutil.dll
c:\windows\system32\uudf.dll
c:\windows\system32\untfs.dll
c:\windows\system32\ufat.dll
c:\windows\system32\fmifs.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\vds_ps.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\vdsdyn.dll
c:\windows\system32\vdsbas.dll
c:\windows\system32\vdsvd.dll
c:\windows\system32\virtdisk.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\hbaapi.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\iscsidsc.dll
c:\windows\system32\iscsium.dll
c:\windows\system32\fveapi.dll
c:\windows\system32\tbs.dll
c:\windows\system32\fvecerts.dll
c:\windows\system32\logoncli.dll

PID
2532
CMD
"C:\Program Files\OO Software\SafeErase\OOSE.EXE"
Path
C:\Program Files\OO Software\SafeErase\OOSE.EXE
Indicators
No indicators
Parent process
MsiExec.exe
User
admin
Integrity Level
HIGH
Version:
Company
O&O Software GmbH
Description
O&O SafeErase Professional
Version
14.6.581
Modules
Image
c:\program files\oo software\safeerase\oose.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\97e047cf68e9a7d90e196d072cd49cac\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\e071297bb06faa961bef045ae5f25fdc\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\21a1606b6c00f9abe7db55c02e0f87c9\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\windowsbase\0d5a8e6f89227cc5d954e65856f9cf1a\windowsbase.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentationcore\e7873d3bd71f6122c2a954be1bb5bb28\presentationcore.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio5ae0f00f#\b34cda03a984c515b31faf410e5b7e39\presentationframework.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xaml\4d290752f65a065fcde70178562c3383\system.xaml.ni.dll
c:\windows\system32\dwrite.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpfgfx_v0400.dll
c:\windows\system32\msvcp120_clr0400.dll
c:\windows\system32\oleaut32.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\presentationnative_v0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\program files\oo software\safeerase\functioncore.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\oo software\safeerase\en\functioncore.resources.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\61dfb69c9ad6ed96809170d54d80b8a6\system.drawing.ni.dll
c:\program files\oo software\safeerase\oosefunction.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\cd03f9386e02f56502e01a25ddd7e0a7\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\7c8f75f367134a030cba4a127dc62a2f\system.xml.ni.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\bcrypt.dll
c:\program files\oo software\safeerase\en\oose.resources.dll
c:\windows\system32\uxtheme.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatiod51afaa5#\867cbe7462b04e2cf1ae39abb576ae2a\presentationframework.classic.ni.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wintrust.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscorsecimpl.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\riched20.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\fveui.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.servicemodel\e27ae693b6e71bb689ec66761a65901f\system.servicemodel.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.serv759bfb78#\c37de755ec3ee73d604bc11f85599177\system.serviceprocess.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.runteb92aa12#\62a6b39f4f68c25dfd2f6308d7541401\system.runtime.serialization.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\smdiagnostics\a7a48457faaea5fc8a1e59b4921ac4a3\smdiagnostics.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.servd1dec626#\7a1dfc357f4135dbddcf38fd9279b2a7\system.servicemodel.internals.ni.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\vga.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\msctfui.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\uiautomationtypes\1e1a1bd97e618bc4934ee967bea27ae8\uiautomationtypes.ni.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\mscms.dll
c:\windows\system32\windowscodecsext.dll
c:\windows\system32\icm32.dll
c:\program files\oo software\safeerase\en\oosefunction.resources.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\2dc6cfd856864312d563098f9486361c\system.windows.forms.ni.dll
c:\program files\oo software\safeerase\ooseexttl.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winspool.drv
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\winmm.dll
c:\windows\system32\oledlg.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\program files\oo software\safeerase\ooliveupdate.exe
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml.linq\f68563fb25af65c25de37130ebcd576c\system.xml.linq.ni.dll
c:\program files\oo software\safeerase\ooserwrs.dll
c:\windows\system32\ehstorshell.dll
c:\program files\oo software\safeerase\oorwiz4.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\program files\oo software\safeerase\oorwiz4r.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\program files\internet explorer\iexplore.exe
c:\program files\mozilla firefox\firefox.exe
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio49d6fefe#\f52bfe40c54917622ed3abb98db8f90a\presentationframework-systemxml.ni.dll
c:\windows\system32\sxs.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio4b37ff64#\b204998e0b878089f7fd625612a35dfa\presentationframework-systemxmllinq.ni.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll

PID
2808
CMD
"C:\Program Files\OO Software\SafeErase\OOLiveUpdate.exe" ProgramName "O&O SafeErase Professional" ProgramVersion "14.6.581" InstalledLocation "C:\Program Files\OO Software\SafeErase" Language "1033" WindowCaption "O&O LiveUpdate" AffiliateId "1000" UpdateCheckSilent UpdateIntervalInHours 72
Path
C:\Program Files\OO Software\SafeErase\OOLiveUpdate.exe
Indicators
Parent process
OOSE.EXE
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
O&O Software GmbH
Description
O&O LiveUpdate
Version
10.0.0.0
Modules
Image
c:\program files\oo software\safeerase\ooliveupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\uxtheme.dll
c:\windows\winhlp32.exe
c:\windows\system32\clbcatq.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\system32\sxs.dll
c:\windows\system32\propsys.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\oo software\oo liveupdate\oo safeerase professional 14\ooliveupdateworker.exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll

PID
3468
CMD
"C:\Users\admin\AppData\Local\Temp\OO Software\OO LiveUpdate\OO SafeErase Professional 14\OOLiveUpdateWorker.exe" UpdateCheckSilent -ProgramName "O&O SafeErase Professional" -DisplayName "O&O SafeErase Professional" -ProgramVersion 14.6.581 -InstallDate 20191108 -InstalledLocation "C:\Program Files\OO Software\SafeErase\\" -Language 1033 -AffiliateId "1000" -UpdateIntervalInHours 72 -WindowRec "367 184" -WindowCaption "O&O LiveUpdate"
Path
C:\Users\admin\AppData\Local\Temp\OO Software\OO LiveUpdate\OO SafeErase Professional 14\OOLiveUpdateWorker.exe
Indicators
Parent process
OOLiveUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
O&O Software GmbH
Description
O&O LiveUpdate
Version
10.0.0.0
Modules
Image
c:\users\admin\appdata\local\temp\oo software\oo liveupdate\oo safeerase professional 14\ooliveupdateworker.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winspool.drv
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\winhlp32.exe
c:\windows\system32\clbcatq.dll
c:\users\admin\appdata\local\temp\oo software\oo liveupdate\oo safeerase professional 14\ooadviewer.exe

Registry activity

Total events
6023
Read events
5609
Write events
409
Delete events
5

Modification events

PID
Process
Operation
Key
Name
Value
3432
setup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
2440
msiexec.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
2440
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
74
2752
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
2752
msiexec.exe
delete key
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\12B\52C64B7E
2752
msiexec.exe
delete key
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\12B
2752
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
2752
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
SrCreateRp (Enter)
400000000000000076DCED754096D501C00A00006C0A0000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppCreate (Enter)
400000000000000076DCED754096D501C00A00006C0A0000D0070000000000000000000000000000000000000000000000000000000000000000000000000000
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
LastIndex
33
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppGatherWriterMetadata (Enter)
4000000000000000D27548764096D501C00A00006C0A0000D3070000000000000000000000000000000000000000000000000000000000000000000000000000
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
IDENTIFY (Enter)
40000000000000002CD84A764096D501C00A000074030000E80300000100000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
IDENTIFY (Leave)
400000000000000092572D774096D501C00A000074030000E80300000000000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppGatherWriterMetadata (Leave)
4000000000000000C693C07D4096D501C00A00006C0A0000D3070000010000000000000000000000000000000000000000000000000000000000000000000000
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppAddInterestingComponents (Enter)
4000000000000000C693C07D4096D501C00A00006C0A0000D4070000000000000000000000000000000000000000000000000000000000000000000000000000
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppAddInterestingComponents (Leave)
40000000000000004A6BD87D4096D501C00A00006C0A0000D4070000010000000000000000000000000000000000000000000000000000000000000000000000
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
PREPAREBACKUP (Enter)
400000000000000028A5F27D4096D501C00A000098070000E90300000100000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
PREPAREBACKUP (Leave)
40000000000000001406147E4096D501C00A000098070000E90300000000000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
GETSTATE (Enter)
40000000000000001406147E4096D501C00A0000B8000000F90300000100000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
GETSTATE (Leave)
40000000000000007C8F1D7E4096D501C00A0000B8000000F90300000000000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
DOSNAPSHOT (Enter)
40000000000000003054227E4096D501C00A00006C0A00000A0400000100000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
DOSNAPSHOT (Leave)
4000000000000000BE11C27E4096D501C00A0000680700000A0400000000000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppCreate (Leave)
40000000000000001874C47E4096D501C00A00006C0A0000D0070000010000000000000000000000000000000000000000000000000000000000000000000000
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
SrCreateRp (Leave)
40000000000000001874C47E4096D501C00A00006C0A0000D5070000010000000000000000000000000000000000000000000000000000000000000000000000
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
FirstRun
0
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
LastIndex
33
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
NestingLevel
1
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
StartNesting
76DCED754096D501
2752
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
C:\Windows\Installer\3a8e7b.ipi
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Config.Msi\
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\3a8e7c.rbs
30774848
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\3a8e7c.rbsLow
2153988992
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A978726528DFF6040B691C8B231C30F3
BEB690E8A288D9E4D9DD2D95C2323C6A
02:\SOFTWARE\O&O\O&O SafeErase\14\
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F627060183AD481468FE987938E415D8
BEB690E8A288D9E4D9DD2D95C2323C6A
02:\SOFTWARE\O&O\O&O SafeErase\14\
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\473C6C34847AF7E438577CB9C02C9F5A
BEB690E8A288D9E4D9DD2D95C2323C6A
C:\Program Files\OO Software\SafeErase\oorwiz4.dll
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7464D8186B1178741A94D29CBB714D9E
BEB690E8A288D9E4D9DD2D95C2323C6A
C:\Program Files\OO Software\SafeErase\en\oosefunction.resources.dll
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B7A9649B0D0436D4AACC2C77CAC7C299
BEB690E8A288D9E4D9DD2D95C2323C6A
C:\Program Files\OO Software\Shared\SafeEraseAgent\SafeEraseAgent.exe
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5E4AE19C76F7B84585F63D4F34A336E
BEB690E8A288D9E4D9DD2D95C2323C6A
C:\Program Files\OO Software\SafeErase\Resources\96dpi\AnalysisIcon.png
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F9FE26617BC72774EA47165B9B904210
BEB690E8A288D9E4D9DD2D95C2323C6A
C:\Program Files\OO Software\SafeErase\Resources\144dpi\AnalysisIcon.png
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\175A80AAC8C33CD408F1591780CE186B
BEB690E8A288D9E4D9DD2D95C2323C6A
C:\Program Files\OO Software\SafeErase\OOSE3\x86\ooabout.dll
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8F0B00E2578FA1D4398D0424F145BB78
BEB690E8A288D9E4D9DD2D95C2323C6A
C:\Program Files\OO Software\SafeErase\OOSE3\x64\ooabout.dll
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\119B43F87A813C143A8D62E44070DC29
BEB690E8A288D9E4D9DD2D95C2323C6A
02:\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\SafeErase\
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F2B56D6D29D6334389CD19FBEEBB680
BEB690E8A288D9E4D9DD2D95C2323C6A
C:\Program Files\OO Software\SafeErase\FileShredder.exe
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B4D106DE4E7B9FB4596F8F6CAA36DA20
BEB690E8A288D9E4D9DD2D95C2323C6A
C:\Program Files\OO Software\SafeErase\en\oose.resources.dll
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B0E1FEBF78C2F7F4584A7DE4576EBC61
BEB690E8A288D9E4D9DD2D95C2323C6A
C:\Program Files\OO Software\SafeErase\OOSE.EXE
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CC7CD9BB3C71884084D22AD212A5A86
BEB690E8A288D9E4D9DD2D95C2323C6A
C:\Program Files\OO Software\SafeErase\ooliveupdate.exe
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\OO Software\SafeErase\Resources\144dpi\
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\OO Software\SafeErase\Resources\
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\OO Software\SafeErase\
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\OO Software\
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\OO Software\SafeErase\Resources\96dpi\
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\OO Software\Shared\SafeEraseAgent\
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\OO Software\Shared\
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\OO Software\SafeErase\en\
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\OO Software\SafeErase\OOSE3\x64\
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\OO Software\SafeErase\OOSE3\
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\OO Software\SafeErase\OOSE3\x86\
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Windows\Installer\{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}\
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software\O&O SafeErase\
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software\
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AC75AC33-B924-47B1-83A0-690862F36658}\100.0
SafeEraseShellExt 1.0 Type Library
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AC75AC33-B924-47B1-83A0-690862F36658}\100.0\0\win32
C:\Program Files\OO Software\SafeErase\oosesh.dll
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AC75AC33-B924-47B1-83A0-690862F36658}\100.0\FLAGS
0
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AC75AC33-B924-47B1-83A0-690862F36658}\100.0\HELPDIR
C:\
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SafeEraseShellExt.SafeEraseObj
SafeEraseObj Class
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SafeEraseShellExt.SafeEraseObj\CLSID
{E8D43C7E-EFA1-41A2-9AD9-0CFECD1678B7}
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8D43C7E-EFA1-41A2-9AD9-0CFECD1678B7}\VersionIndependentProgID
SafeEraseShellExt.SafeEraseObj
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SafeEraseShellExt.SafeEraseObj.1
SafeEraseObj Class
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SafeEraseShellExt.SafeEraseObj\CurVer
SafeEraseShellExt.SafeEraseObj.1
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SafeEraseShellExt.SafeEraseObj.1\CLSID
{E8D43C7E-EFA1-41A2-9AD9-0CFECD1678B7}
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8D43C7E-EFA1-41A2-9AD9-0CFECD1678B7}\ProgID
SafeEraseShellExt.SafeEraseObj.1
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8D43C7E-EFA1-41A2-9AD9-0CFECD1678B7}\InprocServer32
C:\Program Files\OO Software\SafeErase\oosesh.dll
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8D43C7E-EFA1-41A2-9AD9-0CFECD1678B7}
SafeEraseObj Class
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.oosedl
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\O&O\O&O SafeErase\14
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\O&O\O&O SafeErase\14
Language
en
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\O&O\O&O SafeErase\14
User
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\O&O\O&O SafeErase\14
Company
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\O&O\O&O SafeErase\14
SerialNo
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\O&O\O&O SafeErase\14
CustomWebID
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\O&O\O&O SafeErase\14
Version
14.6.581
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\O&O\O&O SafeErase
AffiliateID
1000
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\O&O\O&O LiveUpdate\O&O SafeErase Professional
PreviewChannel
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\O&O\O&O SafeErase\{9AB4E5B5-A01E-43C5-8233-0604E438ABBC}
InstalledProductEdition
Professional
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\O&O\O&O SafeErase\{9AB4E5B5-A01E-43C5-8233-0604E438ABBC}
InstalledProductLanguage
ENU
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\O&O\O&O SafeErase\{9AB4E5B5-A01E-43C5-8233-0604E438ABBC}
InstallLocation
C:\Program Files\OO Software\SafeErase\
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\SourceList
PackageName
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\SafeErase
Securely delete recycle bin
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\SafeErase\command
C:\Program Files\OO Software\SafeErase\oose.exe /SILENT /EMPTYREC
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\SafeErase
{E8D43C7E-EFA1-41A2-9AD9-0CFECD1678B7}
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8D43C7E-EFA1-41A2-9AD9-0CFECD1678B7}\TypeLib
{AC75AC33-B924-47B1-83A0-690862F36658}
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8D43C7E-EFA1-41A2-9AD9-0CFECD1678B7}\InprocServer32
ThreadingModel
Apartment
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\SafeErase
{E8D43C7E-EFA1-41A2-9AD9-0CFECD1678B7}
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SafeEraseShellExt.SafeEraseObj.1\Shellex\ContextMenuHandler
SafeEraseShellExt
{E8D43C7E-EFA1-41A2-9AD9-0CFECD1678B7}
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SafeErase
{E8D43C7E-EFA1-41A2-9AD9-0CFECD1678B7}
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\SafeErase
{E8D43C7E-EFA1-41A2-9AD9-0CFECD1678B7}
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{E8D43C7E-EFA1-41A2-9AD9-0CFECD1678B7}
SafeErase
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\InstallProperties
LocalPackage
C:\Windows\Installer\3a8e7e.msi
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
NestingLevel
0
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\InstallProperties
AuthorizedCDFPrefix
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\InstallProperties
Comments
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\InstallProperties
Contact
Technical support
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\InstallProperties
DisplayVersion
14.6.581
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\InstallProperties
HelpLink
http://www.oo-software.com
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\InstallProperties
HelpTelephone
++49 (0)30 991 9162-00
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\InstallProperties
InstallDate
20191108
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\InstallProperties
InstallLocation
C:\Program Files\OO Software\SafeErase\
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\InstallProperties
InstallSource
C:\ProgramData\OO Software\Installations\
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\InstallProperties
ModifyPath
MsiExec.exe /I{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\InstallProperties
Publisher
O&O Software GmbH
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\InstallProperties
Readme
C:\Program Files\OO Software\SafeErase\readme.txt
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\InstallProperties
Size
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\InstallProperties
EstimatedSize
99072
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\InstallProperties
UninstallString
MsiExec.exe /I{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\InstallProperties
URLInfoAbout
http://www.oo-software.com
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\InstallProperties
URLUpdateInfo
http://www.oo-software.com
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\InstallProperties
VersionMajor
14
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\InstallProperties
VersionMinor
6
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\InstallProperties
WindowsInstaller
1
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\InstallProperties
Version
235274821
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\InstallProperties
Language
1033
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}
AuthorizedCDFPrefix
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}
Comments
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}
Contact
Technical support
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}
DisplayVersion
14.6.581
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}
HelpLink
http://www.oo-software.com
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}
HelpTelephone
++49 (0)30 991 9162-00
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}
InstallDate
20191108
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}
InstallLocation
C:\Program Files\OO Software\SafeErase\
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}
InstallSource
C:\ProgramData\OO Software\Installations\
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}
ModifyPath
MsiExec.exe /I{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}
Publisher
O&O Software GmbH
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}
Readme
C:\Program Files\OO Software\SafeErase\readme.txt
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}
Size
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}
EstimatedSize
99072
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}
UninstallString
MsiExec.exe /I{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}
URLInfoAbout
http://www.oo-software.com
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}
URLUpdateInfo
http://www.oo-software.com
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}
VersionMajor
14
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}
VersionMinor
6
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}
WindowsInstaller
1
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}
Version
235274821
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}
Language
1033
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\13B084350C6E9E041AA8705B60CB03FA
BEB690E8A288D9E4D9DD2D95C2323C6A
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\InstallProperties
DisplayName
O&O SafeErase Professional
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}
DisplayName
O&O SafeErase Professional
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\BEB690E8A288D9E4D9DD2D95C2323C6A
ShellExtention
SafeEraseGui
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\Features
ShellExtention
bI7%VBWV.9o^$-A=7M3WSafeEraseGui
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\BEB690E8A288D9E4D9DD2D95C2323C6A
SafeEraseGui
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\Features
SafeEraseGui
sb_cCX]Fe8?RDHd_gQ98{UI=(Vzu'9k3sdX)O_KUk%Yk973R7A*be(ZA}=E^p.6_Qjd'~=`+x`ieUx0t=&[email protected]*[email protected]}mq}r+iX4*l!rz=c3-Acf~1G!GN.`[email protected]^yRLUku`[email protected]{@90T&^[email protected]`)[email protected]=eyh7}.r!9YW{yUxiVAyAtDAgqjC*XZTgdT1kA?{&8,[email protected]^I
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\BEB690E8A288D9E4D9DD2D95C2323C6A
FileShredder
SafeEraseGui
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\Features
FileShredder
J&]1KS]6[93ZY(yF3'e%SafeEraseGui
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\BEB690E8A288D9E4D9DD2D95C2323C6A
SafeEraseConsole

2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\Features
SafeEraseConsole
sb_cCX]Fe8?RDHd_gQ98{UI=(Vzu'9k3sdX)O_KUk%Yk973R7A*be(ZA}=E^p.6_Qjd'~=`+x`ieUx0t=&[email protected]*ZgQNmhU7YY8n~IELIh?ca_U7)p4vfr,f}gE_)[email protected][piqXZTgdT1kA?{&8,[email protected]^[email protected]_%sbe2Au(qh3f62HtpO'[email protected]'V[VqeV?fJ[7'H?Q~PAYa$-TR,SwJ
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\Patches
AllPatches
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BEB690E8A288D9E4D9DD2D95C2323C6A
ProductName
O&O SafeErase Professional
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BEB690E8A288D9E4D9DD2D95C2323C6A
PackageCode
3305C23F0D7E82C4B86393F5AA7F26DB
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BEB690E8A288D9E4D9DD2D95C2323C6A
Language
1033
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BEB690E8A288D9E4D9DD2D95C2323C6A
Version
235274821
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BEB690E8A288D9E4D9DD2D95C2323C6A
Assignment
1
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BEB690E8A288D9E4D9DD2D95C2323C6A
AdvertiseFlags
388
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BEB690E8A288D9E4D9DD2D95C2323C6A
ProductIcon
C:\Windows\Installer\{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}\SafeEraseIcon.exe
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BEB690E8A288D9E4D9DD2D95C2323C6A
InstanceType
0
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BEB690E8A288D9E4D9DD2D95C2323C6A
AuthorizedLUAApp
0
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BEB690E8A288D9E4D9DD2D95C2323C6A
DeploymentFlags
3
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\13B084350C6E9E041AA8705B60CB03FA
BEB690E8A288D9E4D9DD2D95C2323C6A
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\SourceList
PackageName
31DF14AB20762CA648AEAA44C9687DCD19AA3993.msi
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\SourceList\Net
1
C:\ProgramData\OO Software\Installations\
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\SourceList\Media
1
;
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BEB690E8A288D9E4D9DD2D95C2323C6A
Clients
:
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BEB690E8A288D9E4D9DD2D95C2323C6A\SourceList
LastUsedSource
n;1;C:\ProgramData\OO Software\Installations\
2752
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
StringCacheGeneration
300
3340
MsiExec.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3340
MsiExec.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Enter)
4000000000000000A2885B764096D5017C0C0000A80A0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Enter)
4000000000000000A2885B764096D5017C0C0000F4030000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Enter)
4000000000000000A2885B764096D5017C0C0000B8090000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Enter)
4000000000000000A2885B764096D5017C0C000040010000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Leave)
4000000000000000B0AF62764096D5017C0C000040010000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Leave)
40000000000000000A1265764096D5017C0C0000F4030000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Leave)
400000000000000018396C764096D5017C0C0000A80A0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Leave)
4000000000000000CCFD70764096D5017C0C0000B8090000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_BEGINPREPARE (Enter)
4000000000000000CE42F07D4096D5017C0C0000B8090000010400000100000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_BEGINPREPARE (Leave)
400000000000000028A5F27D4096D5017C0C0000B8090000010400000000000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPAREBACKUP (Enter)
4000000000000000902EFC7D4096D5017C0C0000A80A0000E90300000100000001000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPAREBACKUP (Enter)
4000000000000000902EFC7D4096D5017C0C0000F4030000E90300000100000001000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPAREBACKUP (Enter)
4000000000000000902EFC7D4096D5017C0C0000B8090000E90300000100000001000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPAREBACKUP (Leave)
400000000000000044F3007E4096D5017C0C0000B8090000E90300000000000001000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_STABLE (SetCurrentState)
400000000000000044F3007E4096D5017C0C0000B8090000010000000100000001000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPAREBACKUP (Leave)
400000000000000044F3007E4096D5017C0C0000F4030000E90300000000000001000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_STABLE (SetCurrentState)
400000000000000044F3007E4096D5017C0C0000F4030000010000000100000001000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPAREBACKUP (Leave)
400000000000000044F3007E4096D5017C0C0000A80A0000E90300000000000001000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_STABLE (SetCurrentState)
400000000000000044F3007E4096D5017C0C0000A80A0000010000000100000001000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
GETSTATE (Enter)
4000000000000000222D1B7E4096D5017C0C0000F4030000F90300000100000001000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
GETSTATE (Enter)
4000000000000000222D1B7E4096D5017C0C0000B8090000F90300000100000001000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
GETSTATE (Enter)
4000000000000000222D1B7E4096D5017C0C0000A80A0000F90300000100000001000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
GETSTATE (Leave)
4000000000000000222D1B7E4096D5017C0C0000F4030000F90300000000000001000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
GETSTATE (Leave)
4000000000000000222D1B7E4096D5017C0C0000B8090000F90300000000000001000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
GETSTATE (Leave)
4000000000000000222D1B7E4096D5017C0C0000A80A0000F90300000000000001000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_ENDPREPARE (Enter)
40000000000000003054227E4096D5017C0C0000BC040000020400000100000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_ENDPREPARE (Leave)
40000000000000001CB5437E4096D5017C0C0000BC040000020400000000000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
PREPARESNAPSHOT (Enter)
40000000000000001CB5437E4096D5017C0C0000BC040000EA0300000100000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPARESNAPSHOT (Enter)
4000000000000000D079487E4096D5017C0C0000F8060000EA0300000100000001000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPARESNAPSHOT (Enter)
4000000000000000D079487E4096D5017C0C000044010000EA0300000100000001000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPARESNAPSHOT (Enter)
4000000000000000D079487E4096D5017C0C000020080000EA0300000100000001000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPARESNAPSHOT (Leave)
4000000000000000FAEE5D7E4096D5017C0C000044010000EA0300000000000001000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
4000000000000000FAEE5D7E4096D5017C0C000044010000020000000100000001000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPARESNAPSHOT (Leave)
4000000000000000FAEE5D7E4096D5017C0C0000F8060000EA0300000000000001000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
4000000000000000FAEE5D7E4096D5017C0C0000F8060000020000000100000001000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPARESNAPSHOT (Leave)
40000000000000005451607E4096D5017C0C000020080000EA0300000000000001000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
40000000000000005451607E4096D5017C0C000020080000020000000100000001000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
PREPARESNAPSHOT (Leave)
4000000000000000F476867E4096D5017C0C0000BC040000EA0300000000000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE (Enter)
4000000000000000F476867E4096D5017C0C0000BC040000EB0300000100000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_FRONT (Enter)
4000000000000000F476867E4096D5017C0C0000BC040000EC0300000100000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
FREEZE (Enter)
40000000000000004ED9887E4096D5017C0C000088080000EB0300000100000002000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
FREEZE (Leave)
40000000000000004ED9887E4096D5017C0C000088080000EB0300000000000002000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
40000000000000004ED9887E4096D5017C0C000088080000030000000100000002000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BKGND_FREEZE_THREAD (Enter)
40000000000000004ED9887E4096D5017C0C0000DC090000FC0300000100000003000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_FRONT (Leave)
40000000000000004ED9887E4096D5017C0C0000BC040000EC0300000000000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_BACK (Enter)
40000000000000004ED9887E4096D5017C0C0000BC040000ED0300000100000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_BACK (Leave)
4000000000000000029E8D7E4096D5017C0C0000BC040000ED0300000000000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_SYSTEM (Enter)
4000000000000000029E8D7E4096D5017C0C0000BC040000EE0300000100000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
FREEZE (Enter)
40000000000000005C00907E4096D5017C0C000088080000EB0300000100000002000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
FREEZE (Leave)
40000000000000005C00907E4096D5017C0C000088080000EB0300000000000002000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
40000000000000005C00907E4096D5017C0C000088080000030000000100000002000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BKGND_FREEZE_THREAD (Enter)
40000000000000005C00907E4096D5017C0C00007C0E0000FC0300000100000003000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_SYSTEM (Leave)
400000000000000010C5947E4096D5017C0C0000BC040000EE0300000000000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_KTM (Enter)
400000000000000010C5947E4096D5017C0C0000BC040000F00300000100000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_KTM (Leave)
400000000000000010C5947E4096D5017C0C0000BC040000F00300000000000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_RM (Enter)
400000000000000010C5947E4096D5017C0C0000BC040000EF0300000100000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
FREEZE (Enter)
4000000000000000C489997E4096D5017C0C000058030000EB0300000100000002000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
FREEZE (Leave)
40000000000000001EEC9B7E4096D5017C0C000058030000EB0300000000000002000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
40000000000000001EEC9B7E4096D5017C0C000058030000030000000100000002000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BKGND_FREEZE_THREAD (Enter)
40000000000000001EEC9B7E4096D5017C0C00008C0A0000FC0300000100000003000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_RM (Leave)
40000000000000001EEC9B7E4096D5017C0C0000BC040000EF0300000000000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE (Leave)
40000000000000001EEC9B7E4096D5017C0C0000BC040000EB0300000000000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PRECOMMIT (Enter)
40000000000000001EEC9B7E4096D5017C0C0000BC040000030400000100000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PRECOMMIT (Leave)
40000000000000001EEC9B7E4096D5017C0C0000BC040000030400000000000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
OPEN_VOLUME_HANDLE (Enter)
40000000000000001EEC9B7E4096D5017C0C0000BC040000FD0300000100000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
OPEN_VOLUME_HANDLE (Enter)
40000000000000001EEC9B7E4096D5017C0C0000DC0B0000FD0300000100000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
OPEN_VOLUME_HANDLE (Leave)
4000000000000000EEFEAE7E4096D5017C0C0000DC0B0000FD0300000000000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
OPEN_VOLUME_HANDLE (Leave)
4000000000000000EEFEAE7E4096D5017C0C0000BC040000FD0300000000000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_FLUSH_AND_HOLD (Enter)
4000000000000000EEFEAE7E4096D5017C0C0000DC0B0000FE0300000100000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_FLUSH_AND_HOLD (Leave)
4000000000000000B0EABA7E4096D5017C0C0000DC0B0000FE0300000000000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_RELEASE (Enter)
4000000000000000B0EABA7E4096D5017C0C0000DC0B0000FF0300000100000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_RELEASE (Leave)
4000000000000000B0EABA7E4096D5017C0C0000DC0B0000FF0300000000000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_FLUSH_AND_HOLD (Enter)
4000000000000000EEFEAE7E4096D5017C0C0000BC040000FE0300000100000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_FLUSH_AND_HOLD (Leave)
4000000000000000B0EABA7E4096D5017C0C0000BC040000FE0300000000000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_RELEASE (Enter)
4000000000000000B0EABA7E4096D5017C0C0000BC040000FF030000010000000000000000000000000000000000000000000000000000000000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_RELEASE (Leave)
4000000000000000B0EABA7E4096D5017C0C0000BC040000FF030000000000000000000000000000000000000000000000000000000000000000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_COMMIT (Enter)
4000000000000000B0EABA7E4096D5017C0C00001C0C0000040400000100000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_COMMIT (Leave)
4000000000000000B0EABA7E4096D5017C0C00001C0C0000040400000000000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTCOMMIT (Enter)
4000000000000000B0EABA7E4096D5017C0C0000BC040000050400000100000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTCOMMIT (Leave)
4000000000000000BE11C27E4096D5017C0C0000BC040000050400000000000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW_KTM (Enter)
4000000000000000BE11C27E4096D5017C0C0000BC040000F40300000100000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW_KTM (Leave)
4000000000000000BE11C27E4096D5017C0C0000BC040000F40300000000000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW (Enter)
4000000000000000BE11C27E4096D5017C0C0000BC040000F20300000100000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
THAW (Enter)
4000000000000000CC38C97E4096D5017C0C000058030000F20300000100000003000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
THAW (Enter)
4000000000000000CC38C97E4096D5017C0C000088080000F20300000100000003000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BKGND_FREEZE_THREAD (Leave)
4000000000000000CC38C97E4096D5017C0C00007C0E0000FC0300000000000003000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
THAW (Enter)
4000000000000000CC38C97E4096D5017C0C000044010000F20300000100000003000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BKGND_FREEZE_THREAD (Leave)
4000000000000000CC38C97E4096D5017C0C0000DC090000FC0300000000000003000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
THAW (Leave)
4000000000000000CC38C97E4096D5017C0C000058030000F20300000000000003000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
THAW (Leave)
4000000000000000CC38C97E4096D5017C0C000088080000F20300000000000003000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BKGND_FREEZE_THREAD (Leave)
4000000000000000CC38C97E4096D5017C0C00008C0A0000FC0300000000000003000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
4000000000000000CC38C97E4096D5017C0C000058030000040000000100000003000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
4000000000000000CC38C97E4096D5017C0C000088080000040000000100000003000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
THAW (Leave)
4000000000000000CC38C97E4096D5017C0C000044010000F20300000000000003000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
4000000000000000CC38C97E4096D5017C0C000044010000040000000100000003000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW (Leave)
4000000000000000CC38C97E4096D5017C0C0000BC040000F20300000000000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PREFINALCOMMIT (Enter)
4000000000000000CC38C97E4096D5017C0C0000BC040000060400000100000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PREFINALCOMMIT (Leave)
400000000000000028D2237F4096D5017C0C0000BC040000060400000000000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
POSTSNAPSHOT (Enter)
400000000000000028D2237F4096D5017C0C0000BC040000F50300000100000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
POSTSNAPSHOT (Enter)
40000000000000005247397F4096D5017C0C0000C0060000F50300000100000004000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
POSTSNAPSHOT (Enter)
40000000000000005247397F4096D5017C0C000044010000F50300000100000004000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
POSTSNAPSHOT (Enter)
40000000000000005247397F4096D5017C0C000058030000F50300000100000004000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
POSTSNAPSHOT (Leave)
40000000000000005247397F4096D5017C0C000044010000F50300000000000004000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
40000000000000005247397F4096D5017C0C000044010000050000000100000004000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
POSTSNAPSHOT (Leave)
40000000000000005247397F4096D5017C0C0000C0060000F50300000000000004000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
40000000000000005247397F4096D5017C0C0000C0060000050000000100000004000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
POSTSNAPSHOT (Leave)
4000000000000000B017EC7F4096D5017C0C000058030000F50300000000000004000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
4000000000000000B017EC7F4096D5017C0C000058030000050000000100000004000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
POSTSNAPSHOT (Leave)
4000000000000000B017EC7F4096D5017C0C0000BC040000F50300000000000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTFINALCOMMIT (Enter)
4000000000000000B017EC7F4096D5017C0C0000BC040000070400000100000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTFINALCOMMIT (Leave)
4000000000000000F6DA0F804096D5017C0C0000BC040000070400000000000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
BACKUPSHUTDOWN (Enter)
400000000000000012291E804096D5017C0C0000BC040000FB0300000100000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BACKUPSHUTDOWN (Enter)
4000000000000000C6ED22804096D5017C0C000058030000FB0300000100000005000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BACKUPSHUTDOWN (Enter)
4000000000000000C6ED22804096D5017C0C000020080000FB0300000100000005000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BACKUPSHUTDOWN (Enter)
4000000000000000C6ED22804096D5017C0C0000C0060000FB0300000100000005000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BACKUPSHUTDOWN (Leave)
4000000000000000C6ED22804096D5017C0C000058030000FB0300000000000005000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BACKUPSHUTDOWN (Leave)
4000000000000000C6ED22804096D5017C0C000020080000FB0300000000000005000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BACKUPSHUTDOWN (Leave)
4000000000000000C6ED22804096D5017C0C0000C0060000FB0300000000000005000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
3196
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
BACKUPSHUTDOWN (Leave)
4000000000000000C6ED22804096D5017C0C0000BC040000FB0300000000000000000000000000009D88330AFB06154FA549F5AB629FC2C40000000000000000
4032
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System
OOSE14.00.00.01PRO
032F1EB646B1E364081B4C0FCCB05F685B3351AF29F2577E76CA5696F3FB525386B3EA9E77CAB60C2EECD9033BBCA59FD5B011A21AB76D97924D962474AE088B92C792606274A6F8245BE09A055751E8C93FB894DC92976154BE67E435924CAC9FA012A59F02D3EC4E628D71FDAA867F9F3EC7AE1C259934CE06362D5BDCA24E8949E8916CDDA25AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6171C11EC38DE3DA6A0AC4980AC7933A2D97226D213B555A2D97226D213B55532C2A8BFADD42D9EF07D2CCD2D0EBE8C3715CF9D04BC0CC1CDA55E01BC40FB7922E9947B1E50BB31BDE229ABE84ECCF43F51690E1D63A586797D5682D976DC56094FE3AC43636840903AB8210196ED2376EF88DC4465234BB96D7A196942351ACFD19D6119B94D1A2007708509C81E467A3AF74F48F87F34B524E41711CFA20BC822CB1A3E144A42829F6BA7BBD91C3ACB4A02219866FD20F6A032451DDD0A2025C57E4977C5826EB62D4B477553EB94519078004C0FA39EECB8855DFBC10F097C18C7572DB7DD881CB0B31B35D1579CD250B18D9E62B774E914038EBFDF1CA7CBC4BD206A668730F57C4A4BA2086A4D7EA204DE6B68481B24B1D57C2035600FF04FFAF4DF626C38EDB63CF3853974D6E5F14CFE36BA283EB5DF2B3D78D04D0B308C9E98604F422790DAB8A7CA40899C7E006CEAA38769BE9DC4345CC656191830A5CB4365E4FEB5CDB7F36A03880335215E4796FD1268AFBCD827D72E7C3DE8FC9A28A089F0DD54F96E25356316FB6E0C74C7E7B32F3FDBDB69BC25758D7A60853B5FD10CD2DEA44D7787F4447CD345DF805936564AD1BDA2953429086A4F9B9D2E20E9537E43FC659DDA0CA3E4306EA1906C529B61C308A2D44D40F30605657CEC9B7265FC14E841FE634EA10DF8D13C0A76FC5D85FD9DCB6DCEB7ECE724C03EC409E5EEE91C26450EE80603C6D90AFBA2EE6D1A5F2E17F5FC0255CAAA7A626059A3343F766A283A13366DB1F6436792E6534CF22746425A75354D85FC9B33C79DAAC14AE55193CD279B383A95E86C953625B7AE2C7A9E171A3A4C3EA45DD23CDDDEE7291168C40EB9EB8B4C3144D1FD46E6C136D0C360308365F038F55891E7B6097016640BC9F10E80FDBE6B8F82299CA271180BDFEF0C9F91CD58DDECF35B1A729D71DE5964CFBAB39E88F84C9ED81665BF86E3CF6BF3AE1BEAAB5B3BB5894D69213F17340C64A965EE48A3BEF8B2623E1BD67C592216C5654260012BC2C8EB42A4A8B3456A519A79613E476E193F85C3668384041885CD5443C7F6E4BC5661D1C4F6F075DF99A0D6614E56A73A6DD58CF529439D083902D2505B79D879D0F0740F1D2075FCA6A0E9CA03D5F94D8C81B7940B93B85C8AF5CE42B4D538033B2F07892CA33788
3200
SafeEraseAgent.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application
AutoBackupLogFiles
0
3200
SafeEraseAgent.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Service1
EventMessageFile
C:\Windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll
2532
OOSE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2532
OOSE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2532
OOSE.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12D\52C64B7E
LanguageList
en-US
2532
OOSE.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12D\52C64B7E
@%SystemRoot%\system32\p2pcollab.dll,-8042
Peer to Peer Trust
2532
OOSE.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12D\52C64B7E
@%SystemRoot%\system32\qagentrt.dll,-10
System Health Authentication
2532
OOSE.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12D\52C64B7E
@%SystemRoot%\system32\dnsapi.dll,-103
Domain Name System (DNS) Server Trust
2532
OOSE.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12D\52C64B7E
@%SystemRoot%\System32\fveui.dll,-843
BitLocker Drive Encryption
2532
OOSE.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12D\52C64B7E
@%SystemRoot%\System32\fveui.dll,-844
BitLocker Data Recovery Agent
2532
OOSE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
OOSE.EXE
2532
OOSE.EXE
write
HKEY_CURRENT_USER\Software\O&O\O&O RegWizard\2.0\O&O SafeErase Professional Edition 14.6.581
CheckForUpdate
0
2808
OOLiveUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OOLiveUpdate_RASAPI32
EnableFileTracing
0
2808
OOLiveUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OOLiveUpdate_RASAPI32
EnableConsoleTracing
0
2808
OOLiveUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OOLiveUpdate_RASAPI32
FileTracingMask
4294901760
2808
OOLiveUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OOLiveUpdate_RASAPI32
ConsoleTracingMask
4294901760
2808
OOLiveUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OOLiveUpdate_RASAPI32
MaxFileSize
1048576
2808
OOLiveUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OOLiveUpdate_RASAPI32
FileDirectory
%windir%\tracing
2808
OOLiveUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OOLiveUpdate_RASMANCS
EnableFileTracing
0
2808
OOLiveUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OOLiveUpdate_RASMANCS
EnableConsoleTracing
0
2808
OOLiveUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OOLiveUpdate_RASMANCS
FileTracingMask
4294901760
2808
OOLiveUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OOLiveUpdate_RASMANCS
ConsoleTracingMask
4294901760
2808
OOLiveUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OOLiveUpdate_RASMANCS
MaxFileSize
1048576
2808
OOLiveUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OOLiveUpdate_RASMANCS
FileDirectory
%windir%\tracing
2808
OOLiveUpdate.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2808
OOLiveUpdate.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2808
OOLiveUpdate.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2808
OOLiveUpdate.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2808
OOLiveUpdate.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12D\52C64B7E
LanguageList
en-US
2808
OOLiveUpdate.exe
write
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\33E4E80807204C2B6182A3A14B591ACD25B5F0DB
Blob
03000000010000001400000033E4E80807204C2B6182A3A14B591ACD25B5F0DB1400000001000000140000008D8C5EC454AD8AE177E99BF99B05E1B8018D61E1040000000100000010000000ADAB5C4DF031FB9299F71ADA7E18F6130F00000001000000300000008B612B2190A95B28B866B9BE5D0B95F368C17534AB1DA61A42DFB32766F9AE2908FE6BFD1669BE140EDDAF0D33E95235190000000100000010000000FC741B3B78CFB31E075744FE5D0EEB96180000000100000010000000EA6089055218053DD01E37E1D806EEDF20000000010000001706000030820613308203FBA00302010202107D5B5126B476BA11DB74160BBC530DA7300D06092A864886F70D01010C0500308188310B3009060355040613025553311330110603550408130A4E6577204A6572736579311430120603550407130B4A65727365792043697479311E301C060355040A131554686520555345525452555354204E6574776F726B312E302C06035504031325555345525472757374205253412043657274696669636174696F6E20417574686F72697479301E170D3138313130323030303030305A170D3330313233313233353935395A30818F310B3009060355040613024742311B30190603550408131247726561746572204D616E636865737465723110300E0603550407130753616C666F726431183016060355040A130F5365637469676F204C696D69746564313730350603550403132E5365637469676F2052534120446F6D61696E2056616C69646174696F6E205365637572652053657276657220434130820122300D06092A864886F70D01010105000382010F003082010A0282010100D67333D6D73C20D000D21745B8D63E07A23FC741EE3230C9B06CFDF49FCB12980F2D3F8D4D010C820F177F622EE9B84879FB16834EADD7322593B707BFB9503FA94CC3402AE939FFD981CA1F163241DA8026B9237A87201EE3FF209A3C95446F8775069040B4329316091008233ED2DD870F6F5D51146A0A69C54F017269CFD3934C6D04A0A31B827EB19AB9EDC59EC537789F9A0834FB562E58C4090E06645BBC37DCF19F2868A856B092A35C9FBB8898081B241DAB3085AEAFB02E9E7A9DC1C0421CE202F0EAE04AD2EF900EB4C14016F06F85424A64F7A430A0FEBF2EA3275A8E8B58B8ADC319178463ED6F56FD83CB6034C474BEE69DDBE1E4E5CA0C5F150203010001A382016E3082016A301F0603551D230418301680145379BF5AAA2B4ACF5480E1D89BC09DF2B20366CB301D0603551D0E041604148D8C5EC454AD8AE177E99BF99B05E1B8018D61E1300E0603551D0F0101FF04040302018630120603551D130101FF040830060101FF020100301D0603551D250416301406082B0601050507030106082B06010505070302301B0603551D200414301230060604551D20003008060667810C01020130500603551D1F044930473045A043A041863F687474703A2F2F63726C2E7573657274727573742E636F6D2F55534552547275737452534143657274696669636174696F6E417574686F726974792E63726C307606082B06010505070101046A3068303F06082B060105050730028633687474703A2F2F6372742E7573657274727573742E636F6D2F555345525472757374525341416464547275737443412E637274302506082B060105050730018619687474703A2F2F6F6373702E7573657274727573742E636F6D300D06092A864886F70D01010C0500038202010032BF61BD0E48C34FC7BA474DF89C781901DC131D806FFCC370B4529A31339A5752FB319E6BA4EF54AA898D401768F811107CD2CAB1F15586C7EEB3369186F63951BF46BF0FA0BAB4F77E49C42A36179EE468397AAF944E566FB27B3BBF0A86BDCDC5771C03B838B1A21F5F7EDB8ADC4648B6680ACFB2B5B4E234E467A93866095ED2B8FC9D283A174027C2724E29FD213C7CCF13FB962CC53144FD13EDD59BA96968777CEEE1FFA4F93638085339A284349C19F3BE0EACD52437EB23A878D0D3E7EF924764623922EFC6F711BE2285C6664424268E10328DC893AE079E833E2FD9F9F5468E63BEC1E6B4DCA6CD21A8860A95D92E85261AFDFCB1B657426D95D133F6391406824138F58F58DC805BA4D57D9578FDA79BFFFDC5A869AB26E7A7A405875BA9B7B8A3200B97A94585DDB38BE589378E290DFC0617F638400E42E41206FB7BF3C6116862DFE398F413D8154F8BB169D91060BC642AEA31B7E4B5A33A149B26E30B7BFD028EB699C138975936F6A874A286B65EEBC664EACFA0A3F96E9EBA2D11B6869808582DC9AC2564F25E75B438C1AE7F5A4683EA51CAB6F19911356BA56A7BC600B0E7F8BE64B2ADC8C2F1ACE351EAA493E079C8E18140C90A5BE1123CC1602AE397C08942CA94CF46981269BB98D0C2D30D724B476EE593C43228638743E4B0323E0AD34BBF239B1429412B9A041F932DF1C739483CAD5A127F
2808
OOLiveUpdate.exe
write
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\EAB040689A0D805B5D6FD654FC168CFF00B78BE3
Blob
030000000100000014000000EAB040689A0D805B5D6FD654FC168CFF00B78BE31400000001000000140000005379BF5AAA2B4ACF5480E1D89BC09DF2B20366CB040000000100000010000000DB78CBD190952735D940BC80AC2432C00F0000000100000030000000435FE6564241D6B3828352EF9BE443D511C21F0AFB325C4038A5820F00D87774A8EF2193DDAAE065B2572FAF2BF0EE63190000000100000010000000EA6089055218053DD01E37E1D806EEDF18000000010000001000000045ED9BBC5E43D3B9ECD63C060DB78E5C20000000010000007B050000308205773082045FA003020102021013EA28705BF4ECED0C36630980614336300D06092A864886F70D01010C0500306F310B300906035504061302534531143012060355040A130B416464547275737420414231263024060355040B131D41646454727573742045787465726E616C20545450204E6574776F726B312230200603550403131941646454727573742045787465726E616C20434120526F6F74301E170D3030303533303130343833385A170D3230303533303130343833385A308188310B3009060355040613025553311330110603550408130A4E6577204A6572736579311430120603550407130B4A65727365792043697479311E301C060355040A131554686520555345525452555354204E6574776F726B312E302C06035504031325555345525472757374205253412043657274696669636174696F6E20417574686F7269747930820222300D06092A864886F70D01010105000382020F003082020A028202010080126517360EC3DB08B3D0AC570D76EDCD27D34CAD508361E2AA204D092D6409DCCE899FCC3DA9ECF6CFC1DCF1D3B1D67B3728112B47DA39C6BC3A19B45FA6BD7D9DA36342B676F2A93B2B91F8E26FD0EC162090093EE2E874C918B491D46264DB7FA306F188186A90223CBCFE13F087147BF6E41F8ED4E451C61167460851CB8614543FBC33FE7E6C9CFF169D18BD518E35A6A766C87267DB2166B1D49B7803C0503AE8CCF0DCBC9E4CFEAF0596351F575AB7FFCEF93DB72CB6F654DDC8E7123A4DAE4C8AB75C9AB4B7203DCA7F2234AE7E3B68660144E7014E46539B3360F794BE5337907343F332C353EFDBAAFE744E69C76B8C6093DEC4C70CDFE132AECC933B517895678BEE3D56FE0CD0690F1B0FF325266B336DF76E47FA7343E57E0EA566B1297C3284635589C40DC19354301913ACD37D37A7EB5D3A6C355CDB41D712DAA9490BDFD8808A0993628EB566CF2588CD84B8B13FA4390FD9029EEB124C957CF36B05A95E1683CCB867E2E8139DCC5B82D34CB3ED5BFFDEE573AC233B2D00BF3555740949D849581A7F9236E651920EF3267D1C4D17BCC9EC4326D0BF415F40A94444F499E757879E501F5754A83EFD74632FB1506509E658422E431A4CB4F0254759FA041E93D426464A5081B2DEBE78B7FC6715E1C957841E0F63D6E962BAD65F552EEA5CC62808042539B80E2BA9F24C971C073F0D52F5EDEF2F820F0203010001A381F43081F1301F0603551D23041830168014ADBD987A34B426F7FAC42654EF03BDE024CB541A301D0603551D0E041604145379BF5AAA2B4ACF5480E1D89BC09DF2B20366CB300E0603551D0F0101FF040403020186300F0603551D130101FF040530030101FF30110603551D20040A300830060604551D200030440603551D1F043D303B3039A037A0358633687474703A2F2F63726C2E7573657274727573742E636F6D2F416464547275737445787465726E616C4341526F6F742E63726C303506082B0601050507010104293027302506082B060105050730018619687474703A2F2F6F6373702E7573657274727573742E636F6D300D06092A864886F70D01010C050003820101009365F63783950F5EC3821C1FD677E73C8AC0AA09F0E90B26F1E0C26A75A1C779C9B95260C829120EF0AD03D609C476DFE5A68195A746DA8257A99592C5B68F03226C3377C17B32176E07CE5A14413A05241BF614063BA825240EBBCC2A75DDB970413F7CD0633621071F46FF60A491E167BCDE1F7E1914C9636791EA67076BB48F8BC06E437DC3A1806CB21EBC53857DDC90A1A4BC2DEF4672573505BFBB46BB6E6D3799B6FF239291C66E40F88F2956EA5FD55F1453ACF04F61EAF722CCA7560BE2B8341F26D97B1905683FBA3CD43806A2D3E68F0EE3B4716D4042C584B440952BF465A04879F61D8163969D4F75E0F87CE48EA9D1F2AD8AB38CC721CDC2EF
2808
OOLiveUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\O&O\O&O LiveUpdate\O&O SafeErase Professional\14.6.581
LastUpdateCheck
0
3468
OOLiveUpdateWorker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OOLiveUpdateWorker_RASAPI32
EnableFileTracing
0
3468
OOLiveUpdateWorker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OOLiveUpdateWorker_RASAPI32
EnableConsoleTracing
0
3468
OOLiveUpdateWorker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OOLiveUpdateWorker_RASAPI32
FileTracingMask
4294901760
3468
OOLiveUpdateWorker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OOLiveUpdateWorker_RASAPI32
ConsoleTracingMask
4294901760
3468
OOLiveUpdateWorker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OOLiveUpdateWorker_RASAPI32
MaxFileSize
1048576
3468
OOLiveUpdateWorker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OOLiveUpdateWorker_RASAPI32
FileDirectory
%windir%\tracing
3468
OOLiveUpdateWorker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OOLiveUpdateWorker_RASMANCS
EnableFileTracing
0
3468
OOLiveUpdateWorker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OOLiveUpdateWorker_RASMANCS
EnableConsoleTracing
0
3468
OOLiveUpdateWorker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OOLiveUpdateWorker_RASMANCS
FileTracingMask
4294901760
3468
OOLiveUpdateWorker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OOLiveUpdateWorker_RASMANCS
ConsoleTracingMask
4294901760
3468
OOLiveUpdateWorker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OOLiveUpdateWorker_RASMANCS
MaxFileSize
1048576
3468
OOLiveUpdateWorker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OOLiveUpdateWorker_RASMANCS
FileDirectory
%windir%\tracing
3468
OOLiveUpdateWorker.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3468
OOLiveUpdateWorker.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000093000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3468
OOLiveUpdateWorker.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3468
OOLiveUpdateWorker.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3468
OOLiveUpdateWorker.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12D\52C64B7E
LanguageList
en-US
3468
OOLiveUpdateWorker.exe
write
HKEY_CURRENT_USER\Software\O&O\O&O LiveUpdate\O&O SafeErase Professional
ActivePID
3468
3468
OOLiveUpdateWorker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\O&O\O&O LiveUpdate\O&O SafeErase Professional\14.6.581
LastUpdateCheck
1573223217

Files activity

Executable files
70
Suspicious files
8
Text files
96
Unknown types
6

Dropped files

PID
Process
Filename
Type
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\OOSE3\x86\oosesurs.dll
executable
MD5: 2069ee3d387b6d128f6afa0dea2110de
SHA256: 4d1fc7a89ce772c317751957079920303259b36e74fbcacd13b2ef7431e55677
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\OOSE3\x86\ooabout.dll
executable
MD5: 07fbddd6f8121385af0b345fc7315c5e
SHA256: 92337d923761eb480669422b5a1e31fadfd3171a6f81debd25dc6bb1f28c0108
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\OOSE3\x86\oosewzrs.dll
executable
MD5: 6c8ad57a0e0a644e5bbe2de15013ae7d
SHA256: c7e9bb6a97f8d8f4e91a2a07348b4ec6e4fe6f6abde7ee1f4e89f9a282c66500
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\OOSE3\x64\ooabout.dll
executable
MD5: ff234fc845a056ea4f13bdef5c8d98c4
SHA256: 20e6df24afbe2d94c6017ae377474dee0457423bc9fb4d7ea70e019fef18b3dc
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\OOSE3\x64\oosu.dll
executable
MD5: 796189d0193d67967d6ea8e214c63fff
SHA256: 4d626d1da33608b8de71a75b6dbff690f0e69a27a887dbaa77128d202ca57ce2
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\OOSE3\x86\oosewiz.exe
executable
MD5: e457b60cb1eaec300d8ea549477cb3bd
SHA256: d85a3fea60b7d152a167d020c26db96b502c3e44913110fc40e9950c5edeb81e
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\ootmapi.dll
executable
MD5: ab4ed3b86bd049173a00c4df82cf94c8
SHA256: d3d3406bbf8cd48cb8bce9e006d412334f9fac723fd9d975bcfedf8ebfa56f7b
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Microsoft.WindowsAPICodePack.dll
executable
MD5: 014360fd1010de4b882613f195b0c765
SHA256: 023733ceae8c8f5620b63d1a6bec9484dab10012dd13caa8d810d1dda9247ee2
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\OOSE3\x86\oosu.dll
executable
MD5: 1050d70f7835e2e4a1576655a261c5b7
SHA256: 1b40c9673baa09a904e6805342580cf7de153fdfd55636822b3d773af04c397f
2752
msiexec.exe
C:\Program Files\OO Software\Shared\SafeEraseAgent\Microsoft.Win32.TaskScheduler.dll
executable
MD5: 6dee5cce3b8a07f655a91f7c7624c66a
SHA256: 6a8ce59c48cc555649d46b814deb8abfddce0956d68540f810c1ed137650711f
2752
msiexec.exe
C:\Program Files\OO Software\Shared\SafeEraseAgent\SafeEraseAgent.dll
executable
MD5: 9038a1525624e776098940f33249513f
SHA256: 0ef605b57b40754bf517d93a09de235fe080a338be2e55c4abeda9600c9de4eb
2752
msiexec.exe
C:\Program Files\OO Software\Shared\SafeEraseAgent\OOBPAGT.DLL
executable
MD5: 9038a1525624e776098940f33249513f
SHA256: 0ef605b57b40754bf517d93a09de235fe080a338be2e55c4abeda9600c9de4eb
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Microsoft.Win32.TaskScheduler.dll
executable
MD5: 6dee5cce3b8a07f655a91f7c7624c66a
SHA256: 6a8ce59c48cc555649d46b814deb8abfddce0956d68540f810c1ed137650711f
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\OOSE3\x64\oosewzrs.dll
executable
MD5: cde3ba2e2674e6c3a52ba6a52089a9b1
SHA256: cac55e9221b13cb2cd34d40e63d9937c840c1133eb4a625a994718eccf27db4b
2752
msiexec.exe
C:\Program Files\OO Software\Shared\SafeEraseAgent\SafeEraseAgent.exe
executable
MD5: 88b2d85813817c795e9074f75fc6816b
SHA256: 53ea911ba73cb4215a052de297d614dd8e1f19803e6d6f8bf64a159a6e4086d2
2752
msiexec.exe
C:\Program Files\OO Software\Shared\SafeEraseAgent\OODEAGT.DLL
executable
MD5: 9038a1525624e776098940f33249513f
SHA256: 0ef605b57b40754bf517d93a09de235fe080a338be2e55c4abeda9600c9de4eb
2752
msiexec.exe
C:\Program Files\OO Software\Shared\SafeEraseAgent\FunctionCore.dll
executable
MD5: 53635d525fafcb6c03d28c2ad0a5a797
SHA256: 542b8e83e1f5f7c52af611394f34e5e5ab1b9029ea1d1fa94096009fcbefddc9
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\OOSE3\x64\oosewiz.exe
executable
MD5: 1682da6e5169246cb58390a6d0d48ed8
SHA256: 1eeab14f8be5bdfe7db7332e3a5861e808c92ad039143a3d470807020649fc8a
2752
msiexec.exe
C:\Program Files\OO Software\Shared\SafeEraseAgent\SafeEraseAgentBase.dll
executable
MD5: fdcef4e8ca5d233cf0b31f374356d6f9
SHA256: 3319bacc87569e97c6923a6243eaff979385f1790893f49f0cb4809a62ab3f14
2752
msiexec.exe
C:\Program Files\OO Software\Shared\SafeEraseAgent\OOFEAGT.DLL
executable
MD5: 9038a1525624e776098940f33249513f
SHA256: 0ef605b57b40754bf517d93a09de235fe080a338be2e55c4abeda9600c9de4eb
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\en\FunctionCore.resources.dll
executable
MD5: 50116ecf8e20647b78da6585e817a62b
SHA256: 6f09917a1435c8a63fc5463786cd076ce297b9d4b2cf1d2f5b74021f93c27298
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\OOSE3\x64\oosesurs.dll
executable
MD5: b72d44556fe45b8490a0c94a5d00a9a7
SHA256: 311479fd516dd3f4a33d603d05b9aadcbe4a6d49d9d3d4ae27b2ef74f34deb4d
2752
msiexec.exe
C:\Program Files\OO Software\Shared\SafeEraseAgent\SafeEraseAgentLoader.dll
executable
MD5: 7c613900d928a8fb7865c693d2388851
SHA256: 87ba3ff4046ca98c687f2f865d73e790b526145c3b85c77ae132bdf4e8473d48
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\ooliveupdate.exe
executable
MD5: 7704cef9e01c37673be72567d3b42fff
SHA256: 7720a8aee1fcbbcac759d49ffc6689b32412741a21ab33a87b1af31f8a8eabc4
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\FunctionCore.dll
executable
MD5: 53635d525fafcb6c03d28c2ad0a5a797
SHA256: 542b8e83e1f5f7c52af611394f34e5e5ab1b9029ea1d1fa94096009fcbefddc9
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\ooseshrs.dll
executable
MD5: 7b6b9d175a2865a4e0a715fa116154b1
SHA256: 422d0cd8fe7755858da63be99f3d62f4712ddc3ac99b26fd4a837569ce4cab2b
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\SQLite.Interop.dll
executable
MD5: a5ea97722f0aa03efa10f4eb13004e3d
SHA256: 517fac228d91e433b64ae66ea6976ff2a2360bb7d5896bd1b038786db57d00fd
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\OOSE3\x64\oorwiz.dll
executable
MD5: 99a393779cd3fc7ee9bb8d7ed9a59e05
SHA256: 3b119bef1da7dfb85357301149b5083201ed3d359fc0c1f57f69653e70b27b15
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\FastMember.Signed.dll
executable
MD5: 95716fb26fac63fe90084d6fa404d9d8
SHA256: 77d97b3a458616ce916ebd98b5ad3f15def3c01c3d363031a4b741ea7cc621ab
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\oosesh.dll
executable
MD5: 27f45629b1b9cbce1701e7c1ce4d1cbe
SHA256: 0f1bed0f02b4b5b0ed7e5191bcd485b0da82a2fbfe9f0aeb27c6ab3ddb4d1bdd
2752
msiexec.exe
C:\Program Files\OO Software\Shared\SafeEraseAgent\SxsExp64.exe
executable
MD5: 04104f579035160913bda98ef98a940e
SHA256: 18983e2409e10e617f765287257b6441c88a6cd11c6cf87ae5b0a0e4b5196d14
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\OOSE3\x86\oorwiz.dll
executable
MD5: d0db52b20098ca70e7b43679c84529b4
SHA256: 88bcda0784d9d4d4189193800b7edadc57c4585d6bb42c6f93a7796e161c4df6
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\FileShredder.exe
executable
MD5: 7aa92a86a39427ed367e4717cad9ffbf
SHA256: 1878ce635bf5c30b800873564728f34e8a9c4de986ff343e76c62d62ec10e7a8
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\OOSE3\x86\ooserwrs.dll
executable
MD5: d7662d5e822d3bd275a71f30ba572e27
SHA256: 806641b670c329a9b32340b2d4cb02204663be2b25086d3aec848f79215b71b8
2752
msiexec.exe
C:\Program Files\OO Software\Shared\SafeEraseAgent\SxsExp32.exe
executable
MD5: e1d45b71ebd28924432e06909e14733a
SHA256: 075fb5644fe0e4f17731566b58777aba647c5008dae0b79d6cbcf1bee8c5aedf
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\oorwiz4.dll
executable
MD5: 2d30c116c5f1bbfac1fa589d862aabdb
SHA256: 357ccbda1beeb6c2a51cd3c623ca999864b0ebce690d8a1ee940771e408a99d3
2752
msiexec.exe
C:\Program Files\OO Software\Shared\SafeEraseAgent\Esent.Interop.dll
executable
MD5: ae0d31e1b089026f6f85ac1b6b26bad5
SHA256: cf6a05cd8eaeb0aa90f05bb90dc81598daef6fd79ff2cb833f477b7c941c11cd
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\OOSE3\x64\ooserwrs.dll
executable
MD5: 741a964e08b1acbb6b04e5a5dbdfce26
SHA256: a1c710c5556f2f7943a216d08e45ed64c758147986d74ed7e495d3c5c68195c1
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\System.Data.SQLite.dll
executable
MD5: 2e8c7450f149b0a7d52faa3f981d6a12
SHA256: 2c142c6988af9a7354ad22f1bc28a0e2090cd86022a90bce05e6adc5ce992726
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\oorwiz4r.dll
executable
MD5: 5fc910217ab034f6f6c85856c3fbc8bb
SHA256: 884a3257f9d93c43b5f22fa45899c7a609f42a6382805f978cfc9f34b4d4a9b1
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Esent.Interop.dll
executable
MD5: ae0d31e1b089026f6f85ac1b6b26bad5
SHA256: cf6a05cd8eaeb0aa90f05bb90dc81598daef6fd79ff2cb833f477b7c941c11cd
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\ooserwrs.dll
executable
MD5: 0d3ffd514229b69d6e9032adc3ae0a3b
SHA256: e35291299dc5337d80fe831da2720c270bd575e9af056c06bd607968b9c7af51
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\System.Linq.Dynamic.Core.dll
executable
MD5: ebc9ef587d949dd8c57ec4ba71df02b0
SHA256: 1dc5d5b9953275126f39b1d14b2b0eebe4fcfe9d7af26019882a9c54748b4ff5
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\OOSE.EXE
executable
MD5: 9f14ca75625fd406e9ec0c8f78ffcb5a
SHA256: bb9602d61ed5e842d29789d9f6c54093bd2b08c2ab34db0f9798d2a0f2d07581
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\DocumentFormat.OpenXML.dll
executable
MD5: 8cff1e1c85ed8cc534554ff96286f968
SHA256: c64ebc75e25af2e3d215a8b74ec434aa60d4c93e98cbea6e184d0ffb4825c869
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\OOSE3\x86\oosers.dll
executable
MD5: 046e2dd6e51af9256648c90d4fe5f0ad
SHA256: 335e7a5142223c54ff34190e296edb178fbf6b7b38a66ff554fcd6025bbb486c
2440
msiexec.exe
C:\Users\admin\AppData\Local\Temp\MSIEF19.tmp
executable
MD5: ba84dd4e0c1408828ccc1de09f585eda
SHA256: 3cff4ac91288a0ff0c13278e73b282a64e83d089c5a61a45d483194ab336b852
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\en\oose.resources.dll
executable
MD5: af707d81773ff80614f1316ebad2f16d
SHA256: cce2c5e2b694f69407c09463cd66659695b5ebbc190833a50b44a7d1a6137605
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\ClosedXML.Report.dll
executable
MD5: 3b57eea1d4ad4be4f1a77b989cc54b85
SHA256: a3c929bac0d4842956107ffdd2aecabd9938da004b9edd819be9661749536136
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\OOSE3\x64\oosers.dll
executable
MD5: 96468f1b193ddef9279096742db85910
SHA256: 7c86015c50008a5ce1a781b04dd1221a5c106099868f3e363d6c4bb901cb7fa5
2808
OOLiveUpdate.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\OOAdViewer[1].exe
executable
MD5: b7daa63cd0e2a2a51c0cf49a5f9a5fca
SHA256: 29070297b0ed58e9f74b64b309fcd83b1a78dcb064b54d4e8e477a0fb803b18b
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\OOSEA.exe
executable
MD5: 7154459679d5916b72d4b2d2e3b70682
SHA256: a2fbe9f2ae19220da8c34c2f149a5475c9dc2a86952e1a1ffce4960856a6a76d
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\ClosedXML.dll
executable
MD5: b4b795a53bcf3480b2634397b0f18ad8
SHA256: 6db4b53756978d2d12435af08081b4e7acdb7118a944a3a887d5d0eed4cb7a1c
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\OOSE3\x64\ooseabrs.dll
executable
MD5: 74a1ebe185a5ab8befcbb6ada37dfb97
SHA256: 946053a90d48a75f0e44c2d66848ab9befe9403b68e539210baa710cf1e5357c
2808
OOLiveUpdate.exe
C:\Users\admin\AppData\Local\Temp\OO Software\OO LiveUpdate\OO SafeErase Professional 14\OOAdViewer.exe
executable
MD5: b7daa63cd0e2a2a51c0cf49a5f9a5fca
SHA256: 29070297b0ed58e9f74b64b309fcd83b1a78dcb064b54d4e8e477a0fb803b18b
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\OOSE3\x86\ooseabrs.dll
executable
MD5: fda48f195b3044c04bc2f497839a3b7d
SHA256: dca17bbc1e85fc2538e1b0cf63aa0eb039c1276f1fbeeb57a4a6e46e1b7bf58c
2752
msiexec.exe
C:\Windows\Installer\MSI996D.tmp
executable
MD5: ba84dd4e0c1408828ccc1de09f585eda
SHA256: 3cff4ac91288a0ff0c13278e73b282a64e83d089c5a61a45d483194ab336b852
2752
msiexec.exe
C:\Program Files\OO Software\Shared\SafeEraseAgent\OOSEAGT.DLL
executable
MD5: 9038a1525624e776098940f33249513f
SHA256: 0ef605b57b40754bf517d93a09de235fe080a338be2e55c4abeda9600c9de4eb
2808
OOLiveUpdate.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\OOLiveUpdateWorker[1].exe
executable
MD5: e4cccd46dad58a50e7f4672dfc4b6d9a
SHA256: 6f7d23e6da24d3306da4c23c8eea92685c00d3e90eca3eb79e8fc6a3c277b9b4
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\OOSE3\x64\oosebase.dll
executable
MD5: 1492d2699bb90642349976aa981c67a8
SHA256: 95111689064b30f2f96085d1522c7ddd354af4270b9816f00c85140c30c290b7
2752
msiexec.exe
C:\Windows\Installer\MSI9748.tmp
executable
MD5: ba84dd4e0c1408828ccc1de09f585eda
SHA256: 3cff4ac91288a0ff0c13278e73b282a64e83d089c5a61a45d483194ab336b852
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\en\oosefunction.resources.dll
executable
MD5: b2ef8aecc1e5ddd027ecbd3bcf9bc56c
SHA256: b56e4b3d24f616fc1d71f292c7eec011b8962e3dace2bca57a07cb84e0d14fe6
2808
OOLiveUpdate.exe
C:\Users\admin\AppData\Local\Temp\OO Software\OO LiveUpdate\OO SafeErase Professional 14\OOLiveUpdateWorker.exe
executable
MD5: e4cccd46dad58a50e7f4672dfc4b6d9a
SHA256: 6f7d23e6da24d3306da4c23c8eea92685c00d3e90eca3eb79e8fc6a3c277b9b4
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\ooseeal.dll
executable
MD5: 9409d53a289aad7556f62361a1c8e1f9
SHA256: 250f4b2a3d572eec5cc9f9c7e311102cd57f29f6c93cbfbe8840c1c9ad2ddb9d
2440
msiexec.exe
C:\Users\admin\AppData\Local\Temp\MSIFF3A.tmp
executable
MD5: e2b8dd27b9778cc2863183e53806af11
SHA256: a8450366e43038f3ad006a3ec6a1969b71dc2c5216bb574acf3e40cd039e2120
2752
msiexec.exe
C:\Program Files\OO Software\Shared\SafeEraseAgent\ooseeal.dll
executable
MD5: 9409d53a289aad7556f62361a1c8e1f9
SHA256: 250f4b2a3d572eec5cc9f9c7e311102cd57f29f6c93cbfbe8840c1c9ad2ddb9d
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\OOSE3\x86\oosebase.dll
executable
MD5: daa930a5c43a1cc09720cd9f3c16b713
SHA256: 26983dd5864c78aec2e91d154094f11d4270fdeb8eecc845e31444d3e8863e7e
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\ooseexttl.dll
executable
MD5: b6b96ff062d87b019cf5d5b9f9a01093
SHA256: 90934f563b69fd68d5e9151427ab65791ef8ed7440dab2df3c4878137b9a3d35
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\oosefunction.dll
executable
MD5: cc15bca540f9e4ae94a62701e7341beb
SHA256: 46b145899885086373fcc35495b7b45cbd41e13fcca4eec4bd4aeb7bdd529614
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Microsoft.WindowsAPICodePack.Shell.dll
executable
MD5: bd23c6f5c25f610fab1141adcd84edf2
SHA256: 14d80300040333905d39da71c3284aa82140a75b7140627fa5cc3fd55b5c6a6c
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\96dpi\SolidEraseIcon.png
image
MD5: 24729b528be828a8b113a627710652e3
SHA256: cfdb6d466922243ffd1ab1c7075a5b9bd77566c3f8904d356ba88f084a0bb095
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\144dpi\SolidEraseIcon.png
image
MD5: f2f128f1af63c703164d1126038fc751
SHA256: ff9d70e62aa44deb008ae1c7834c2c6c79081c300327f528ca54b0ae2034fc47
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\96dpi\SettingsIcon.png
image
MD5: 1b0fa22dac8965121b463f47a92b8c5b
SHA256: fee9ba57b096f70b4162547b48cde727982031b601abc940df67e3d731de116d
3468
OOLiveUpdateWorker.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\GetClientUpdate[1].txt
xml
MD5: 0f4e9e73f2fd92a365db74811dca755e
SHA256: 21e5c24ccf6caed0ae403f9cb9773ddfa8befc0eae60d21b93487e972be3ce2a
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\144dpi\SettingsIcon.png
image
MD5: e1c5c1e21cd1bfbd1a47b7d9afa52477
SHA256: c610f096ada25c3af07898c1340f0230624d120fa0c3f2274afb82888831a581
2808
OOLiveUpdate.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\QuickCheck[1].txt
xml
MD5: b7d1daa7bdfe1094d5b44f4b0b7adc09
SHA256: b92991d74d282f9fea9d41685a1324e6a78935f5f5dccab0301daf9b2483228e
2808
OOLiveUpdate.exe
C:\Users\admin\AppData\Local\Temp\OO Software\OO LiveUpdate\20191108142650_OOLiveUpdate.log
text
MD5: 8555528fcf5a2b8f8d1242daf05ab2ad
SHA256: 602b132ef8ebc68fef0fab1e8d2eb397c1226a84cce80257ae3b9b90180b83ab
2752
msiexec.exe
C:\Program Files\OO Software\Shared\SafeEraseAgent\SafeEraseAgent.exe.config
xml
MD5: 2884aa204310616a6b30873cbbc413e8
SHA256: 139a5ed4ca21dd2560abeedce8f2019fae3452490fd825ca6c4ece87232888db
2752
msiexec.exe
C:\Program Files\OO Software\Shared\SafeEraseAgent\SafeEraseAgent.dll.config
xml
MD5: 2884aa204310616a6b30873cbbc413e8
SHA256: 139a5ed4ca21dd2560abeedce8f2019fae3452490fd825ca6c4ece87232888db
2808
OOLiveUpdate.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\GetRuleForAnalyzer[1].txt
xml
MD5: 310f37d57e7986f68bb70952392b4742
SHA256: 61ef735de220cd9a2b574c2d9eb9e91dae36ce1b85bd06cd053b7ba45684359b
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\144dpi\ReportImage.png
image
MD5: 5471c22a4183a02b285f3c6fc2ea95c8
SHA256: 4006c89d717a8395a81bcd55347d96b03f524aeea5b307e6898c7b9847ac5d04
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\96dpi\ReportImage.png
image
MD5: 5471c22a4183a02b285f3c6fc2ea95c8
SHA256: 4006c89d717a8395a81bcd55347d96b03f524aeea5b307e6898c7b9847ac5d04
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\ReportTemplate.xlsx
document
MD5: 08957b126a63d6b3e3cece90eb34b410
SHA256: 452d662f1aff0404fed8efe8bddcaf9bfdcc86c5600159d23857261de9cf2b09
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\96dpi\ReportIcon.png
image
MD5: 08176bb34a44cea819ceb020d8ae687a
SHA256: cace3f910ba039339d2b09c7b8f196ac3612efb9515aec0cd7f90ea302fa7746
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\144dpi\ReportIcon.png
image
MD5: 318f452d05579a7085420d89d421c846
SHA256: 46638a23e1c2f037be11d7681dd67cfe3f09cb44c07a194c2024d9dd91c66537
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\144dpi\RefreshIcon.png
image
MD5: e1b36d71da74d1efba0f93dbc72c8816
SHA256: 48c06ef055faa5e1754b00d277393923f2560cadbf0d64fd1efd634d89265a3d
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\96dpi\RefreshIcon.png
image
MD5: 99c4bab52b969d03063c287fb28d167d
SHA256: 30303a88abda15b6a604da224310aa9cc58ec52e2b2b38c5f84200c54d1bb134
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\96dpi\ProgressSpriteSheet.png
image
MD5: 293352ac1b757821005d8beaa468f2ca
SHA256: 9caa85ed9eaf139da52e5662fdf85a581d73a4b9fd643923b0e6dd8e37ff05ae
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Readme.txt
text
MD5: 8f516868474730370134b72223b32bbd
SHA256: dbaf72b269ad768b0b36e3078dc1cbd45102c0ef0592dfa311a3aefa8b4c86b1
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\144dpi\ProgressSpriteSheet.png
image
MD5: ec3df33529ab0d4d12508cce6ae86d8a
SHA256: 49c43f0caa52f259e57fb8eedd5aec65b138e8eb24f69bfdb50874745c5e6c29
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\96dpi\PartitionIcon.png
image
MD5: eede13d8d41439b363541d0c98e18cf4
SHA256: f12ec0b67f3ff4fd02a2fd102ab1b17525b0c8e88b95eafa3c32c9db4fc6fecb
2808
OOLiveUpdate.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0968A1E3A40D2582E7FD463BAEB59CD
binary
MD5: 9b26f49033a1d865d6596c5f8b02f744
SHA256: 11113ea92db68ae11701f038dd1b7bf123f4def444ea976f03d100d9800cb9b4
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\144dpi\PartitionIcon.png
image
MD5: cdcdd44035efd95226f4bf021b403deb
SHA256: 659e26013ebfe03929a22d6e14c408149ad7138750d35b1d994b0103dc0d2214
2808
OOLiveUpdate.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CD
der
MD5: db78cbd190952735d940bc80ac2432c0
SHA256: 1a5174980a294a528a110726d5855650266c48d9883bea692b67b6d726da98c5
2808
OOLiveUpdate.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\30D802E0E248FEE17AAF4A62594CC75A
der
MD5: adab5c4df031fb9299f71ada7e18f613
SHA256: 7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676
2808
OOLiveUpdate.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\30D802E0E248FEE17AAF4A62594CC75A
binary
MD5: c2f529c5b9bac7623bb9904005a58d0b
SHA256: f5f98327530c7a53a5df2524430653936ad924a0b55d65b55d658ebf66154d1b
2532
OOSE.EXE
C:\Users\admin\AppData\Local\O&O_Software_GmbH\OOSE.EXE_Url_onjuwq2xzbw12vmftc0qe1nx4lric2zv\14.6.581.0\user.config
xml
MD5: a281a9a024372e125a09273a4549208b
SHA256: 2bdea419bf414f4d2b260b406181de374a455615a1f0048e2f319b4c68b0ebed
2532
OOSE.EXE
C:\Users\admin\AppData\Local\O&O_Software_GmbH\OOSE.EXE_Url_onjuwq2xzbw12vmftc0qe1nx4lric2zv\14.6.581.0\jmfc41b1.newcfg
––
MD5:  ––
SHA256:  ––
2532
OOSE.EXE
C:\Users\admin\AppData\Local\O&O_Software_GmbH\OOSE.EXE_Url_onjuwq2xzbw12vmftc0qe1nx4lric2zv\14.6.581.0\user.config
xml
MD5: aeee7c6c22154e49f1de06e471981180
SHA256: 9ce01b61f876d4ed0b9e843bdc41a9ae14cc575cb729de7b8583794147afa346
3432
setup.exe
C:\Users\admin\AppData\Local\Temp\OO Software\OO SetupStub\OOSTUB15732231433432\setup.MSI
––
MD5:  ––
SHA256:  ––
2532
OOSE.EXE
C:\Users\admin\AppData\Local\O&O_Software_GmbH\OOSE.EXE_Url_onjuwq2xzbw12vmftc0qe1nx4lric2zv\14.6.581.0\dpqs0zrj.newcfg
––
MD5:  ––
SHA256:  ––
3432
setup.exe
C:\Users\admin\AppData\Local\Temp\OO Software\OO SetupStub\OOSTUB15732231433432\oostub-2019-11-08_142543.log
text
MD5: ea8978fb3da7b696e8d791ccecb2f7f0
SHA256: e32ebe6e874a23964620427cd238ac74ad36625332ecc718f402cdb14b2f80d0
2440
msiexec.exe
C:\Users\admin\AppData\Local\Temp\MSI9fcc9.LOG
text
MD5: a5c742d6c535d9527d0d45c989c8f1d5
SHA256: 0707d51a2dd1834b7ec72dcbc16f6c44b7897a7a27a5400870295d4c0b7cba16
3468
OOLiveUpdateWorker.exe
C:\Users\admin\AppData\Local\Temp\OO Software\OO LiveUpdate\20191108142656_OOLiveUpdate.log
text
MD5: 1d3c2f463e8828ae2fb683eb7a3157fd
SHA256: b27fd4286c5218f2310afc57d790f1525f29c843d1ede81a7aa0043213a3f659
2752
msiexec.exe
C:\Users\admin\AppData\Local\Temp\MSI9fcc9.LOG
text
MD5: a3387f721ce4a8ea3dd891ec90f0e4a6
SHA256: 34b1217d5e79ed1dbca01ef27b1c7e283ce87dcc87e238eb9e10e67ac2db5298
2752
msiexec.exe
C:\Windows\Installer\3a8e7b.ipi
binary
MD5: 025b256970645c706897b98adb462808
SHA256: a481da3f735693d5b1f962d0304350eb40349b905aa2e534086f03a8bee195ed
2752
msiexec.exe
C:\Windows\Installer\MSIC4B6.tmp
––
MD5:  ––
SHA256:  ––
2752
msiexec.exe
C:\Users\admin\AppData\Local\Temp\~DF706A9C4A23BBE867.TMP
––
MD5:  ––
SHA256:  ––
2752
msiexec.exe
C:\Config.Msi\3a8e7c.rbs
––
MD5:  ––
SHA256:  ––
2752
msiexec.exe
C:\Windows\Installer\3a8e7e.msi
––
MD5:  ––
SHA256:  ––
2752
msiexec.exe
C:\Windows\Installer\MSIA43C.tmp
––
MD5:  ––
SHA256:  ––
2752
msiexec.exe
C:\Users\Public\Desktop\Shredder.lnk
lnk
MD5: 754450de1a9cd367f43f5bc4026217ae
SHA256: abefb281737bcd33c260f88857c026c1d7eb55ef0f98cf7ff88d86a1f275a9ba
2752
msiexec.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software\O&O SafeErase\O&O SafeErase.lnk
lnk
MD5: f33b03887e4cca2ef6108f9e9953f2cc
SHA256: 7b278b62036d614300042e703ce3f5e252136b1ca6a5f842e438d6d29cc21c56
2752
msiexec.exe
C:\Config.Msi\3a8e7d.rbf
lnk
MD5: 9e2ee3d70ad3a32b0d0c2610fedd827b
SHA256: c006fa80fa2b4eec05962ddd744b34c60c1390b9256ebdacee84c2aad6eac0b8
2752
msiexec.exe
C:\Users\Public\Desktop\O&O SafeErase.lnk
lnk
MD5: 25f1d643e335fead9e1e4ec5c9a75383
SHA256: 32aaf789cd603c4cb39b4ad2201e51352bb8a721d9eaea1767ada8caa9540a35
2752
msiexec.exe
C:\Program Files\OO Software\Shared\SafeEraseAgent\OOSEAGT.DLL.config
xml
MD5: 2884aa204310616a6b30873cbbc413e8
SHA256: 139a5ed4ca21dd2560abeedce8f2019fae3452490fd825ca6c4ece87232888db
2752
msiexec.exe
C:\Windows\Installer\{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}\SafeEraseIcon.7A5DA94B_6F1D_4767_BB64_4AE745F78CB0.exe
image
MD5: 348f6cf0eb36aee5eefa5c50201b7bd6
SHA256: c6656c9e9c9578fb4cdf9d87d1a3c33e87ffa3fc00363719c0be72f15bfb6936
2752
msiexec.exe
C:\Windows\Installer\{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}\FileShredderIcon.exe
image
MD5: b47ab2a3cf35b96ff9994414ea3b0e15
SHA256: a1f6860dd092c793d244d4e55ceac28169a4a088606967ff3721a97bd0df0b93
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\oosea.exe.config
xml
MD5: 273da8e62a79a85fb7df5d018cf7dc4a
SHA256: 09220a3a3d82d01d4eaa2a67a182782060d27addaf03e7044c2a3b3492b56e9e
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\OOSEA.exe.manifest
xml
MD5: 37bf9afd9b6445ccf40f6233311d9912
SHA256: 54909e67d47794efefdbf3cf348e99f8494cf6527bcc5eddf813865e450e43cf
2752
msiexec.exe
C:\Windows\Installer\{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}\FileShredderIcon.54F04CAE_68A2_4198_B1F4_CDFD267A763B.exe
image
MD5: b47ab2a3cf35b96ff9994414ea3b0e15
SHA256: a1f6860dd092c793d244d4e55ceac28169a4a088606967ff3721a97bd0df0b93
2752
msiexec.exe
C:\Windows\Installer\{8E096BEB-882A-4E9D-9DDD-D2592C23C3A6}\SafeEraseIcon.exe
image
MD5: 348f6cf0eb36aee5eefa5c50201b7bd6
SHA256: c6656c9e9c9578fb4cdf9d87d1a3c33e87ffa3fc00363719c0be72f15bfb6936
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\96dpi\WarningIconDrives.png
image
MD5: 9c20328b9033f673b89695178dc7a9a8
SHA256: 7fbfd40de0a70e9f0c18837519b23d4503d23015badc314466f9e5319f2fd28a
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\oose3.reg
text
MD5: 961cdb01a9bdec0c079fdea4f8bc8bdf
SHA256: aeba170fda1124dea43c83f202d72c00f7187879ab1df1546b1eb16b3bfefb9e
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\OOSE.EXE.config
xml
MD5: dac98bc507dc342625d07d2472d1a59f
SHA256: ebc712a6ef0a9ab25248f211de796259753bf650985ade5c23cd02055484f394
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\oose.exe.manifest
xml
MD5: ffd4648719f70d3bebd9867e3240d14a
SHA256: 0e2646b5fe68803b7a7395626cebe704e1572929b600c5af7e740f93782563fd
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\144dpi\WindowSprite.png
image
MD5: 8eb4945ff3af98bbd1110be6f13d4f7e
SHA256: d2e260dd555762ef097fcb8e4b3ecf2257d4f5bdc935fafc5d373d3126bca7de
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\96dpi\WindowSprite.png
image
MD5: aadb4e0f0cc03362da15571e9aaa08da
SHA256: aaac70bac6fcf3e4f9f9a36c20e917ea00961f988428e8378094da7b435a5f8a
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\144dpi\WarningIconDrives.png
image
MD5: 0f01cce5d0ae1690176395dd7b91c2bc
SHA256: 04b6b4bf65300692b739ea87cc8f60c61794f7dedbf566b9d71efeb98b668d93
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\144dpi\USBIcon.png
image
MD5: 3992620136028fabbedc467ee1cadb98
SHA256: c84a1dc196f6d895476d10f487fb76e673bffd8434af1abb11c8d321842be682
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\96dpi\USBIcon.png
image
MD5: c5002cff9283ed8dd5fa30369bd6af9f
SHA256: b8f4c16fa7205668d4324de113a2d205ac54e4ebf9603c4e3485069a519db8cc
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\96dpi\UpdateAboutIcon.png
image
MD5: 2cab070153fd6c46771a79e4616adf0b
SHA256: a6d73b8195fe1d2fd079d3827ebcb37d6f0d7333c0aa0a7fbe9dcd51a0fa77e6
2752
msiexec.exe
C:\Program Files\OO Software\Shared\SafeEraseAgent\OOFEAGT.DLL.config
xml
MD5: 2884aa204310616a6b30873cbbc413e8
SHA256: 139a5ed4ca21dd2560abeedce8f2019fae3452490fd825ca6c4ece87232888db
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\144dpi\UpdateAboutIcon.png
image
MD5: a68b19b63d40021a3bd418f11fa45b15
SHA256: c9441668846f8446cf94840647de0e3bb53c1cec7da39065a87b33e5dbd951cd
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\System.Linq.Dynamic.Core.xml
xml
MD5: 2568ba4374530a5ab4aad71859d7da31
SHA256: ff2697c0618746ae2a30b95b06129f9d954534cd1c97f38135338de92e5ccb93
3468
OOLiveUpdateWorker.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\GetRuleForAnalyzer[1].txt
xml
MD5: 310f37d57e7986f68bb70952392b4742
SHA256: 61ef735de220cd9a2b574c2d9eb9e91dae36ce1b85bd06cd053b7ba45684359b
2752
msiexec.exe
C:\Program Files\OO Software\Shared\SafeEraseAgent\OODEAGT.DLL.config
xml
MD5: 2884aa204310616a6b30873cbbc413e8
SHA256: 139a5ed4ca21dd2560abeedce8f2019fae3452490fd825ca6c4ece87232888db
2752
msiexec.exe
C:\Program Files\OO Software\Shared\SafeEraseAgent\OOBPAGT.DLL.config
xml
MD5: 2884aa204310616a6b30873cbbc413e8
SHA256: 139a5ed4ca21dd2560abeedce8f2019fae3452490fd825ca6c4ece87232888db
2808
OOLiveUpdate.exe
C:\Users\admin\AppData\Local\Temp\OO Software\OO LiveUpdate\20191108142651_O&O SafeErase Professional.log
text
MD5: d8522390c4b0bd29e510e5c7357e2cd4
SHA256: 07ea851e6f1b18d31059ad8afe5e71ee7dc72012e60d4083786bca5a3451ba3e
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\System.Data.SQLite.xml
xml
MD5: 84d7f8c70036b7fc44a8b5b7fd29af31
SHA256: 3267cc66d27d143a909a62add9128b3f167f8fe4dcf3551679264276936d833b
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Microsoft.WindowsAPICodePack.xml
xml
MD5: 058cea046effc699abf930db94a18f43
SHA256: 9bf82cb0bd5f5eef137ec797cec9e596ab4adcaf3edcd6d4c8ca8e5af71d0243
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Microsoft.WindowsAPICodePack.Shell.xml
xml
MD5: 415ddf2c2825ab18d0e8439a957264b1
SHA256: b1f27f69925abf4f8483720c630c42aa09bb83f41a7b956f5f37d362bbcd5f54
2532
OOSE.EXE
C:\Users\admin\AppData\Local\O&O_Software_GmbH\OOSE.EXE_Url_onjuwq2xzbw12vmftc0qe1nx4lric2zv\14.6.581.0\user.config
xml
MD5: dcbfa62cc5b605e5130b757a0e2df77c
SHA256: f9b0ae03484e270da1d53d3b95786550420de9eac3f9eff85603ca16f25e00e0
2752
msiexec.exe
C:\Program Files\OO Software\Shared\SafeEraseAgent\Microsoft.Win32.TaskScheduler.xml
xml
MD5: 9b8221b8af98e8575f31ed6e0e53d92e
SHA256: ebabfaa25f2e18aa325407cd3804ff1a916e615c6ba946af715bc51d9c69f33e
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\96dpi\StatusSpriteBig.png
image
MD5: 1cb6459c6ffb47b89166c2ac4bac8fe0
SHA256: 52989f69c453eb6997b71c238dd6c5d9b4d6ff10c0a88d856d84bfd5944382a5
2532
OOSE.EXE
C:\Users\admin\AppData\Local\O&O_Software_GmbH\OOSE.EXE_Url_onjuwq2xzbw12vmftc0qe1nx4lric2zv\14.6.581.0\carkkdgk.newcfg
––
MD5:  ––
SHA256:  ––
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Microsoft.Win32.TaskScheduler.xml
xml
MD5: 9b8221b8af98e8575f31ed6e0e53d92e
SHA256: ebabfaa25f2e18aa325407cd3804ff1a916e615c6ba946af715bc51d9c69f33e
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\96dpi\MenuSprite.png
image
MD5: 7c89185f9ea4d4e7e5f2e395e76b7652
SHA256: 28cd60664d1a1c7d507fb8e7eec7f2cffaa2c686eefaeb85615facaffea46560
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\96dpi\StatusSprite.png
image
MD5: 8b9b056ebbece1b9645b6b17623e9de7
SHA256: 9fb59148ad3709bf22e990f52a2a5fdf8bda0f98e98ad8129cad8150a628757c
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\96dpi\HDDIcon.png
image
MD5: 55f1e3f2c99a7ef157b8b38403f6283a
SHA256: d38664c2b6919e5cff0593ae9df63be7507823d58275d50907dfce47553e322f
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\144dpi\MenuSprite.png
image
MD5: 1fa111fff7134e908ac0e56cdea0b5ad
SHA256: 462a7701fe70ff8f37f4199c87725a92d591bdeb706b09038936973102faf761
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\144dpi\HDDIcon.png
image
MD5: 4dfe7a57b28dc4842e08abf1b3285261
SHA256: d5545b6c7262df3692ffd51885979e90b8d086dec28bd250c26b34f223b93356
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\144dpi\StatusSprite.png
image
MD5: 670d2d94a3a0413fe7c7a5af6af7b163
SHA256: a7790e499c0ad2dbc55142bc617039bd84482be4467232b23ac9eebb8bf3635a
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\144dpi\StatusSpriteBig.png
image
MD5: db246a351d888d64cf2f44d95ac105ce
SHA256: ed00e23f2bc8b400090882ed4bb52c970dfb9eac847b110f81fbe9b6e3c085ac
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\96dpi\FloppyIcon.png
image
MD5: 657f3b6c59f1147f8d502836ce12cc75
SHA256: 45a7323a72aa82d43319e81c38ba264784bc7088e7842064d35dcd02182f0088
3468
OOLiveUpdateWorker.exe
C:\Users\admin\AppData\Local\Temp\OO Software\OO LiveUpdate\20191108142657_O&O SafeErase Professional.log
text
MD5: 95ee42745741277029b937045b39c979
SHA256: 6da5c2e38eda91e9d2a4c181bb9efea52f9fa6c1eb85cabc964e128f77f6e93c
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\144dpi\FloppyIcon.png
image
MD5: a80d244378bef8c30574dc5cb9f454c9
SHA256: f4137ca84e7871c0de5d1791472c476a651600c93c9615087f697926b7c298d7
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\144dpi\SSDIcon.png
image
MD5: 9e40afe8b508de9876e55f893291b967
SHA256: c8208b6cb0d5b563aa0a2fb776610dbf508d58d59c5059728278618c7d5b68c3
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\96dpi\SSDIcon.png
image
MD5: 15b548bab5646440ccb23cbc4dde2c4e
SHA256: fe7f865d7453352d07f0fc28e6ab485b14467c8c7830973a6c10d5e9c227b790
2752
msiexec.exe
C:\Program Files\OO Software\Shared\SafeEraseAgent\Esent.Interop.xml
xml
MD5: 0d3ab3c8204492a45531e596a2b2de83
SHA256: 29a9ddfb82052eec61b3771ff82071c77bff23375fcf0964ad2d6929df075366
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Esent.Interop.xml
xml
MD5: 0d3ab3c8204492a45531e596a2b2de83
SHA256: 29a9ddfb82052eec61b3771ff82071c77bff23375fcf0964ad2d6929df075366
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\96dpi\SplashOOFE.png
image
MD5: eccae58eafe87d2b222d3ccd32b3dfd5
SHA256: c89bdee06b0589d6eaf6f693fff07db3b5dfc86a5dcce9e44fba792eaf1942e7
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\144dpi\SplashOOFE.png
image
MD5: 75dca684680af39f528756ef2f723b83
SHA256: 3b202d0dd6a3d23704104456eec3690c37ed43cb4fcf442a5dd86f59e79b0414
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\DocumentFormat.OpenXML.xml
––
MD5:  ––
SHA256:  ––
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\96dpi\SplashOODE.png
image
MD5: 4988f769180df8c10d595aac7bd36821
SHA256: 9ae10aeade081fc4d71ea7f60d91de007d4f929f2ff1e545c81615e4226b7e1e
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\96dpi\DelWinProgDataIcon.png
image
MD5: dfd006eeb7c3ee367fba92ea36830cce
SHA256: 880baf01d29519fca7640bc0d76863d9640599368cc80cf22cb873af37355165
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\96dpi\DelFreeSpaceIcon.png
image
MD5: 23d23ab1109d1799cddc899543f9d885
SHA256: 903385ccfb5cbb0a0c747c0efdbc4ad2857e9fb162f3d2b4a4c306a0d3f9f1a7
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\144dpi\DelFreeSpaceIcon.png
image
MD5: dd5a42a453fc8509770079b85a4521b1
SHA256: 9b4ca3e137ce2326bf0ef43479ff2836f942c75d13b30f9e030157ea5a595104
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\144dpi\DelWinProgDataIcon.png
image
MD5: 9499522b347a0a0345b1552d8f17f6c4
SHA256: 84f79b5318ba28c3b8a68a3da672fbec5ce5a7d1612da046eb745da5a2bd1d1c
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\96dpi\DelFilesIcon.png
image
MD5: 3019acefb6518f20532f8cdff0302528
SHA256: a68647c280f7791a24f8fdc47752f8304b8ce8ae969a8ef54f1e2422fd7caaf1
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\96dpi\DelDrivesIcon.png
image
MD5: b858b78d64575e9d3a0375fcc4ad94d9
SHA256: 408edcde1e20b4134b019fd59f168844ec3b4ef549767dec90bc8fb90c9b2671
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\144dpi\DelFilesIcon.png
image
MD5: 8c00ec7da31da7f9804e838a999f8e07
SHA256: f434d4b6a5d790e269f93f781505739c3f4345b6fbcd851b0ca62bd1aafd356d
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\144dpi\DelDrivesIcon.png
image
MD5: 6d77ba9120b22b785ef41b7bb3699294
SHA256: 5f6ebe8dfd8bf861440a2d4b7658b273ff634e805985d4561e930419174cdebd
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\144dpi\DelBrowserDataIcon.png
image
MD5: b5a250dc68b32126183719602143389d
SHA256: d3df17565d014b838bc30656192d9f5c77870be67c420f41bc2c1c1255d7c10a
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\96dpi\DelBrowserDataIcon.png
image
MD5: 459695c06d3b424fb86929b1e5671fab
SHA256: 2ae0f6fdf8483b54241a79b7ed8d29334e086d5712dfde9564af11e6c6930b38
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\96dpi\SplashOOBP.png
image
MD5: 1160ffaf16c346875f5f37d8cbdc740f
SHA256: 55b56175c11dc6735d25d8ff100793617a874331002e2cb3a30d276d405b33b5
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\ClosedXML.xml
xml
MD5: 29cdf156fb171adcb789274a1003b64b
SHA256: 0c5b1360199925f506886924aa8051d43834ee46f9505e2c076bb8cc473263f7
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\144dpi\SplashOODE.png
image
MD5: a987db870fbf328fcb332ca565270930
SHA256: b3b3f5a298c9be02202f8ebc4cc67bd7fb7abf7bc12362f16866e2342f796bad
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\96dpi\CDIcon.png
image
MD5: badc1a6f8cb934e50028f437b08d728c
SHA256: ada78b9d0665d41c0e852a94f1c7abced1286032f491f3cd8279d8dba7cc2d70
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\144dpi\CDIcon.png
image
MD5: 34b0862d393b25ecda9770103ff9ba12
SHA256: 61d31b4b53bada9fa2846f47e89bdfb213ba987157c169efd786374e6d25285e
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\96dpi\AnalysisIcon.png
image
MD5: 5585859f8004beb7adf8d3c9da08ab89
SHA256: c79bb6bf87d52704ebb17e54a0b69d00021db249cbe9971788eefe679d1019a2
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\144dpi\AnalysisIcon.png
image
MD5: 43931c2b516c2e958600f9b07dee4eb9
SHA256: 7148cce3d5277374256b1d13a6eb8db1d1e8870a05025006f22a3d74cc12b911
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\96dpi\Splash.png
image
MD5: 62f0d2cf5a1c19ac41451db627f510ac
SHA256: fdeb494c81fe07c7e0e68b469e91635f904ccfcd8ca3a2100135b18792061dee
2752
msiexec.exe
C:\Windows\Installer\MSI9427.tmp
binary
MD5: ccae99c09e7a8ea3f1d191d3aed2db19
SHA256: 813a52343f12729e1a8962413951a20722f425590d17a1e43ab04f46aa0cee7b
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\144dpi\SplashOOBP.png
image
MD5: 874049f9832da22aa3f9c9697a375d82
SHA256: 6493cc43a6951c33be1254d8ed4afa26691ff2049a1e8c2505aa565cd11b0c14
3196
vssvc.exe
C:
––
MD5:  ––
SHA256:  ––
2752
msiexec.exe
C:\Windows\Installer\MSI96DA.tmp
––
MD5:  ––
SHA256:  ––
2752
msiexec.exe
C:\Windows\Installer\MSI961D.tmp
––
MD5:  ––
SHA256:  ––
2752
msiexec.exe
C:\Windows\Installer\MSI9467.tmp
––
MD5:  ––
SHA256:  ––
2752
msiexec.exe
C:\Windows\Installer\3a8e7b.ipi
binary
MD5: 2b2d33edeba2df846164a9d26bfa7228
SHA256: dc70d3f549c49b14c547ccac69f0e5edd931868b43320c6d49aa77987cedda97
2752
msiexec.exe
C:\Users\admin\AppData\Local\Temp\~DFA60BE2CBE5B07E88.TMP
––
MD5:  ––
SHA256:  ––
2752
msiexec.exe
C:\Windows\Installer\3a8e7a.msi
––
MD5:  ––
SHA256:  ––
2752
msiexec.exe
C:\System Volume Information\SPP\metadata-2
––
MD5:  ––
SHA256:  ––
2752
msiexec.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{0a33889d-06fb-4f15-a549-f5ab629fc2c4}_OnDiskSnapshotProp
binary
MD5: cf37d5d358f0da2cd7796904c394ea15
SHA256: bcd9d588f67946b974444b3036bfa49cee50eac1fc6a5d47dcae441c2adde639
2752
msiexec.exe
C:\System Volume Information\SPP\snapshot-2
binary
MD5: cf37d5d358f0da2cd7796904c394ea15
SHA256: bcd9d588f67946b974444b3036bfa49cee50eac1fc6a5d47dcae441c2adde639
2752
msiexec.exe
C:\Program Files\OO Software\SafeErase\Resources\144dpi\Splash.png
image
MD5: 0dc76c2584f0e661480ebb6999b9954b
SHA256: 64cbff133b6cfb5a6b4a5e4d9d57d8410e3857103f264bd1fc9537637f8a129a
3432
setup.exe
C:\ProgramData\OO Software\Installations\31DF14AB20762CA648AEAA44C9687DCD19AA3993.msi
––
MD5:  ––
SHA256:  ––
3432
setup.exe
C:\Users\admin\AppData\Local\Temp\OO Software\OO SetupStub\OOSTUB15732231433432\setup.dat
––
MD5:  ––
SHA256:  ––
2532
OOSE.EXE
C:\Users\admin\AppData\Local\O&O_Software_GmbH\OOSE.EXE_Url_onjuwq2xzbw12vmftc0qe1nx4lric2zv\14.6.581.0\5jfe4pnq.newcfg
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
4
TCP/UDP connections
7
DNS requests
4
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2808 OOLiveUpdate.exe GET 200 91.199.212.52:80 http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt GB
der
whitelisted
2808 OOLiveUpdate.exe GET 200 91.199.212.52:80 http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt GB
der
whitelisted
2808 OOLiveUpdate.exe GET 404 46.16.74.95:80 http://update10.oo-software.com/LiveUpdate//Banner/Banner_OO_SafeErase_Professional_14.bmp DE
html
unknown
3468 OOLiveUpdateWorker.exe GET 404 46.16.74.95:80 http://update10.oo-software.com/LiveUpdate//Banner/Banner_OO_SafeErase_Professional_14.bmp DE
html
unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2808 OOLiveUpdate.exe 46.16.74.95:443 Profitbricks GmbH DE unknown
2808 OOLiveUpdate.exe 91.199.212.52:80 Comodo CA Ltd GB unknown
2808 OOLiveUpdate.exe 46.16.74.95:80 Profitbricks GmbH DE unknown
2808 OOLiveUpdate.exe 85.214.26.221:443 Strato AG DE suspicious
3468 OOLiveUpdateWorker.exe 46.16.74.95:443 Profitbricks GmbH DE unknown
3468 OOLiveUpdateWorker.exe 46.16.74.95:80 Profitbricks GmbH DE unknown

DNS requests

Domain IP Reputation
update10.oo-software.com 46.16.74.95
unknown
crt.sectigo.com 91.199.212.52
unknown
crt.usertrust.com 91.199.212.52
whitelisted
dl6.oo-software.com 85.214.26.221
suspicious

Threats

No threats detected.

Debug output strings

Process Message
SafeEraseAgent.exe invalid image engine parameter